So after setting my Cubieboard for my liking, another thing I want is to be able to access it anywhere and anytime. The trouble is, the ISP I am with right now is blocking all incoming ports, needs a work around.
After some browsing and also from past experiences, I feel PPTP is my best bet. Incredibly easy to implement from a client/server perspective. The challenge is to keep the tunnel open at all times.
I’m using Digital Ocean to host the PPTP server and it so happens they already have a tutorial in their blog right here. I’m just customizing based on that blog post.
The VM is using Ubuntu 13.04 Server image.
PPTP Server Side
This is what I did on the server end.
$ apt-get update && apt-get upgrade -y # Optional $ apt-get install -y pptpd
Server & Client IP Allocations
Now let’s setup the IP Range we’re gonna allocate to connecting clients. Add the lines below to /etc/pptpd.conf.
localip 10.0.0.1 remoteip 10.0.0.100-200
The localip part is for the server and the remoteip part is for connecting clients.
Defining Valid Users
Next up we’re gonna setup valid clients and allocate IP Addresses based on the user they are connecting as. Edit /etc/ppp/chap-secrets to reflect the followings.
cubie pptpd cubie_secret 10.0.0.23
We can add as many users we want. If you don’t want to assign static IPs, you can use the template below.
john pptpd john_secret *
DNS for Clients
The lines below is using Google’s DNS servers, if you have local DNS Servers, it will shorten round trips.
Go ahead and edit /etc/ppp/pptpd-options.
ms-dns 8.8.8.8 ms-dns 8.8.4.4
PPTPD Configuration Done
Restart the daemon.
service pptpd restart
Setting Up Forwarding & NAT
First of all, we need to enable IP Forwarding. Go ahead and edit /etc/sysctl.conf.
net.ipv4.ip_forward = 1
Let’s setup forwarding with iptables and let clients communicate with each other.
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save $ iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT iptables --append FORWARD --in-interface eth0 -j ACCEPT
Setting Up Cubieboard As a Client
My Cubieboard has a GUI set using LXDE but I want to do this from the CLI. I’ve also setup a small Python script to keep monitoring the VPN Tunnel.
Installing The PPTP Client
$ apt-get install network-manager-pptp $ modprobe ppp_mppe
Configuring The PPTP Client
This is the easy part. Fire up an editor and create a new file: /etc/ppp/peers/pptpserver.
pty "pptp x.x.x.x --nolaunchpppd" name cubie password cubie_password remotename pptpserver require-mppe-128
Replace the x.x.x.x line with the IP Address of your PPTPD Server. You can rename that particular pptpserver name to something more descriptive.
Connecting To The Server
Let’s connect now!
$ pppd call pptpserver
Now it won’t show any logging, you can tail the log at /var/log/syslog.
$ tail -f /var/log/syslog
Or you can just check if ppp0 is already available by doing a ifconfig -s ppp0. A successful connection will output something like below.
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg ppp0 1496 0 7 0 0 0 7 0 0 0 MOPRU
IP Routes
Let’s add some more routes like so.
$ ip route add 10.0.0.0/8 dev ppp0
Making The VPN Tunnel Persistent
We need the tunnel to always be available at all times so we’re gonna need a monitoring solution to reconnect when the tunnel is broken. I made a small Python script available below.
Save the file as /root/bin/checkapp.py, adjust permission and let’s add this to our crontab.
$ curl https://gist.github.com/tistaharahap/8059219/raw/e3e8ac07308cc06e24694c182b09428901f36f9b/checkppp.py > /root/bin/checkapp.py $ chmod +x /root/bin/checkapp.py $ crontab -e
Add the following line below for a 5 minute check interval.
*/5 * * * * /root/bin/checkapp.py
Done
Now I have a persistent tunnel and available anytime I need it.