I’ve had quite a bit of fun over the last couple of nights configuring a VPN connection using Gentoo Linux and the following simplified set-up:

   Home PC  <=> Ethernet ADSL Router <=> Internet <=>   VPN Server
192.168.1.x <=>      192.168.1.1     <=>          <=> xxx.xxx.xxx.xxx

Firstly ensure your kernel has ppp support (2.6.30 kernel configuration options):

# cd /usr/src/linux ; make menuconfig
Device Drivers ->
    Network device support ->
    [*]   PPP (point-to-point protocol) support
    <*>     PPP support for async serial ports
    <*>     PPP support for sync tty ports
    <*>     PPP Deflate compression
    <*>     PPP BSD-Compress compression
    <*>     PPP MPPE compression (encryption)
    <*>     PPP over Ethernet

Next emerge the ppp and pptpclient packages:

echo "net-dialup/ppp mppe-mppc" >> /etc/portage/package.use

emerge --ask --verbose ppp pptpclient

Once you have both ppp and pptpclient successfully installed upon your system edit the /etc/ppp/options.pptp file so that it resembles the one located below (only a few changes are required to this file):

Example options.pptp file for IPREDator

Next edit the /etc/ppp/chap-secrets file so that it resembles the one located below, be sure to add your IPREDator User name and Password to this file replacing the place holders contained within the example file):

Example chap-secrets file for IPREDator

Next create the /etc/ppp/peers/Ipredator file so that it resembles the one located below, again be sure to add your IPREDator User name to this file replacing the place holder contained within the example file):

Example Ipredator file for IPREDator

Now essentially all that is required is getting the routing set up correctly so that traffic flows to the correct place on the network. What I have below are some modified ip-up and ip-down scripts that may be used, some minor modifications maybe required to tailor the scripts to your specific network settings. These scripts are based upon those from the All Traffic Through Tunnel section of the PPTP Client website (many thanks to the original author as it pointed me in the right direction). I believe that both of these scripts should be set as being executable (chmod +x /etc/ppp/ip-up.d/60-ip-up-tunnel.sh).

ip-up script (/etc/ppp/ip-up.d/60-ip-up-tunnel.sh):

#!/bin/bash
# pppd ip-up script for all-to-tunnel routing

# name of primary network interface (before tunnel)
PRIMARY=eth0

# address of tunnel server
SERVER=$5

# gateway ip address (before tunnel - adsl router ip address)
GATEWAY="192.168.1.1"

# provided by pppd: string to identify connection aka ipparam option
CONNECTION=$6
if [ "${CONNECTION}" = "" ]; then CONNECTION=${PPP_IPPARAM}; fi

# provided by pppd: interface name
TUNNEL=$1
if [ "${TUNNEL}" = "" ]; then TUNNEL=${PPP_IFACE}; fi

# if we are being called as part of the tunnel startup
if [ "${CONNECTION}" = "Ipredator" ] ; then

 # direct tunneled packets to the tunnel server
 route del ${SERVER} dev ${TUNNEL}
 if [ "${GATEWAY}" = "" ] ; then
   route add -host ${SERVER} dev ${PRIMARY}
 else
   route add -host ${SERVER} gw ${GATEWAY} dev ${PRIMARY}
 fi

 # direct all other packets into the tunnel
 route del default ${PRIMARY}
 route add default dev ${TUNNEL}
fi

ip-down script (/etc/ppp/ip-down.d/60-ip-down-tunnel.sh):

#!/bin/bash
# pppd ip-down script for all-to-tunnel routing

# name of primary network interface (before tunnel)
PRIMARY=eth0

# server ip address (for tunnel)
SERVER=$5

# gateway ip address (before tunnel - adsl router ip address)
GATEWAY="192.168.1.1"

# provided by pppd: string to identify connection aka ipparam option
CONNECTION=$6
if [ "${CONNECTION}" = "" ]; then CONNECTION=${PPP_IPPARAM}; fi

# provided by pppd: interface name
TUNNEL=$1
if [ "${TUNNEL}" = "" ]; then TUNNEL=${PPP_IFACE}; fi

# if we are being called as part of the tunnel shutdown
if [ "${CONNECTION}" = "Ipredator" ] ; then

 # direct packets back to the original interface
 route del default ${TUNNEL}
 route del ${SERVER} dev eth0
 if [ "${GATEWAY}" = "" ] ; then
   route add default dev ${PRIMARY}
 else
   route add default gw ${GATEWAY} dev ${PRIMARY}
 fi
fi

Here is what the original routing table looks like, you will notice that all traffic is routed to the ADSL Gateway (in this case 192.168.1.1):

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
loopback        127.0.0.1       255.0.0.0       UG    0      0        0 lo
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

Here is what the routing table looks like when the tunnel is running, you will now notice that traffic to the VPN Server is routed to the ADSL Gateway (192.168.1.1), all local network traffic (192.168.1.xxx) is routed to the associated network interface (eth0), and that all other traffic is routed to the VPN interface (ppp0):

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
xxx.xxx.xxx.xxx 192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
loopback        127.0.0.1       255.0.0.0       UG    0      0        0 lo
default         *               0.0.0.0         U     0      0        0 ppp0

To start the connection open a terminal window and enter the following command:

pon Ipredator

To enable debug inorder to diagnose connection issues use the following command:

pon Ipredator debug dump logfd 2 nodetach

I hope this has been of some use to you, not only for configuring IPREDator but for other VPN connections that use the PPTP protocol..

—