This document shows how to install encrypted pptp so Microsoft Computers can securely connect in.
Author  Larry Apolonio
Date    June 26, 2002
Updated June 26, 2002
Contact pptpinstallATminihowto.com

Base Install
Here are the selections made during the initial install
Selected the Custom Install and had the Installer Automatically Partition
My machine had a Static IP address
And I used NO firewall. (Manually Firewalling this server is another Doc)
Used whaterever default Authentication Red Hat Comes with

Things I selected

Classic X Window System
X Window System
GNOME
Network Support
Dialup Support (Even if I have no modem)
SMB File Server (Don't need this but I use it to transfer files)
WWW Web Server (Don't need this either but use it for cool stuff later)
Router/Firewall
Network Managed Workstation
Utilities
Software Development
Kernel Development

Total Size 1.164 GB

Other Files to Get (place it all in /usr/src)
linux-2.4.18.tar.gz
linux-2.5.10-openssl-0.9.6b-mppe.patch.gz
ppp-2.4.1-MSCHAPv2-fix.patch.gz
ppp-2.4.1.tar.gz
ppp-2.4.1-openssl-0.9.6-mppe-patch.gz
pptpd-1.1.2.tar.gz

Steps To Setting this up
1. Patch and Compile the Kernel (See below on how to do it quickly)
2. Patch, Compile and install ppp
3. Patch, Compile and install pptpd
4. Create the supporting files (see below)

1.0 Patch and Compile the Kernel
1.1 patch the kernel
    cd /usr/src/linux
    zcat ../linux-2.5.10-openssl-0.9.6b-mppe.patch.gz | patch -p1
1.2 Quick Guide to Compiling the Kernel
   Note: This is for people that want to compile but will learn about compiling the kernel later.
   As root download the source (linux-2.4.18.tar.gz) to your home directory
   Uncompress it
      tar zxvf /root/linux-2.4.18.tar.gz -C /usr/src
   Change to the directory
   cd /usr/src/linux
   under /usr/src/linux-2.4/configs/ are these files
   kernel-2.4.7-athlon.config
   kernel-2.4.7-athlon-smp.config
   kernel-2.4.7-i386-BOOT.config
   kernel-2.4.7-i386.config
   kernel-2.4.7-i386-smp.config
   kernel-2.4.7-i586.config
   kernel-2.4.7-i586-smp.config
   kernel-2.4.7-i686.config
   kernel-2.4.7-i686-debug.config
   kernel-2.4.7-i686-enterprise.config
   kernel-2.4.7-i686-smp.config

   Select your appropriate architecture and copy the file to the linux source directory
   In our example we have a single processor Pentium III
      cp /usr/src/linux-2.4/configs/kernel-2.4.7-i686.config /usr/src/linux/.config

   Run the config tool You have three choices
      make config
      make menuconfig <--- Recommended
      make xconfig

   This is where you would normally tweak your system.  
   For this excercise the only tweak we will compile Ext3 journalling file system in 
   the kernel.  It is located under File Systems.  Look for Ext3 journalling file 
   system and select Y. Also go to network device support, 
   make sure that all the PPP devices have a <M> at it this means that you are 
   compiling as a module not statically into the kernel.  If you don't compile as a
   module you can cause Segmentation Faults when you run pptpd.
   <M> PPP (point-to-point protocol) support  
   [*]   PPP multilink support (EXPERIMENTAL) 
   [*]   PPP filtering                        
   <M>   PPP support for async serial ports   
   <M>   PPP support for sync tty ports       
   <M>   PPP Deflate compression              
   <M>   PPP BSD-Compress compression         
   <M>   PPP over Ethernet (EXPERIMENTAL)     

   save and exit this config tool

   in order run these commands
      make dep
      make clean
      make bzImage
      make modules
      make modules_install
   or
      date > /root/start; make dep; make clean; make bzImage; make modules; make modules_install; date > /root/end


1.3 Install the new kernel
   copy the file bzImage to boot and edit /boot/grub/menu.lst
   cp /usr/src/linux/arch/i386/boot/bzImage /boot
      vi /boot/grub/menu.lst

   On our system the boot directory is on /dev/hda2 so we added the following
   in /boot/grub/menu.lst
   title Red Hat Linux (2.4.18)
           root (hd0,0)
           kernel /bzImage ro root=/dev/hda2

1.4 Reboot to new Kernel
    shutdown -r now

2.0 Patch, Compile and install ppp

2.1 Untar the main ppp source files
   cd /usr/src
   tar zxvf ppp-2.4.1.tar.gz
   cd ppp-2.4.1

2.2 Apply the 2 patches to the source
   zcat ../ppp-2.4.1-openssl-0.9.6-mppe-patch.gz | patch -p1
   zcat ../ppp-2.4.1-MSCHAPv2-fix.patch.gz | patch -p1

2.3 Compile and install
   ./configure
   make
   make install

3.0 Patch, Compile and install pptpd

3.1 Untar the main pptpd source files
   cd /usr/src
   tar zxvf pptpd-1.1.2.tar.gz
   cd /usr/src/pptpd-1.1.2

3.2 Compile and install
   ./configure
   make
   make install

4.0 Create the supporting files  

4.1 Add Kernel Modules 
   Add the following lines to /etc/modules.conf
      alias char-major-108 ppp_generic
      alias tty-ldisc-3 ppp_async
      alias tty-ldisc-14 ppp_synctty
      alias ppp-compress-18 ppp_mppe
      alias ppp-compress-21 bsd_comp
      alias ppp-compress-24 ppp_deflate
      alias ppp-compress-26 ppp_deflate

4.2 pptpd daemon config file
   Create a file /etc/pptpd.conf with the following contents
      option /etc/ppp/options.pptpd
      localip 10.0.0.40 <------------- Change this value
      remoteip 10.0.0.230-239 <------------- Change this value
      listen 10.0.0.40 <------------- Change this value
      pidfile /var/run/pptpd.pid

   option points to the config file ppp uses upon connection
   localip and listen is the same as your ethernet card
   remoteip is the range of ip addresses to assign people connecting in
   pidfile is a text file of the process ID pptpd is running as
    

4.3 ppp config file
   Create a file /etc/ppp/options.pptpd with the following contents
      name *
      lock
      mtu 1490
      mru 1490
      proxyarp
      auth
      +chap
      +chapms-v2
      ipcp-accept-local
      ipcp-accept-remote
      lcp-echo-failure 3
      lcp-echo-interval 5
      deflate 0
      mppe-128
      mppe-40
      mppe-stateless

4.4 Turn on forwarding
   Edit the /etc/sysctl.conf file
   change the following value   
   net.ipv4.ip_forward = 1

4.5 Setup a shell script
   Create a file called /etc/rc.d/init.d/pptpd with the following contents
      #!/bin/sh
      #
      # Startup script for pptpd 
      #
      # chkconfig: 345 85 15
      # description: PPTP server
      # processname: pptpd
      # config: /etc/pptpd.conf
      
      
      # Source function library.
      . /etc/rc.d/init.d/functions
      # See how we were called.
      case "$1" in
        start)
              echo -n "Starting pptpd: "
              if [ -f /var/lock/subsys/pptpd ] ; then
                      echo
                      exit 1
              fi
      
              daemon /usr/local/sbin/pptpd
              echo
              touch /var/lock/subsys/pptpd
              ;;
        stop)
              echo -n "Shutting down pptpd: "
              killproc pptpd
              echo
              rm -f /var/lock/subsys/pptpd
              ;;
        status)
              status pptpd
              ;;
        restart)
              $0 stop
              $0 start
              ;;
        *)
              echo "Usage: $0 {start|stop|restart|status}"
              exit 1
      esac
      
      exit 0

4.6 Create the password file
(Needs to be done, but easy to figure out through the sample they have)

Note: When compiling PPP make sure they are modules NOT static