HAMNET VPN Anleitung für Mikrotik-Router als VPN-Client

This description describes how to setup a Linux running computer for permanent HAMNET VPN connection via PPTP.

1. Install PPTP Client sudo apt-get install pptp-linux

2. Create config file sudo nano /etc/ppp/peers/hamnetdb0sda

   ### HAMNET VPN Server
   pty "pptp vpn.afu.rwth-aachen.de --nolaunchpppd --nobuffer --timeout 10"
   ### FOR SPECIAL FIXED IP accounts use hamnet.afu.rwth-aachen.de instead of vpn.afu.rwth-aachen.de
   ### PPTP - Loginname
   name YOURLOGINNAME
   ### Restart after loosing the connection
   persist
   ### MTU has to be smaller than 1500, as PPTP is increasing the TCP packet
   mtu 1400
   # Terminate after n consecutive failed connection attempts.
   # A value of 0 means no limit. The default value is 10.
   maxfail 0
   ### Misc.
   remotename PPTP
   lock
   noauth
   refuse-eap
   nobsdcomp
   nodeflate
   #end
   

3. Make or edit the password storage file

   sudo nano /etc/ppp/chap-secrets
   

   Add a line like

    # Secrets for authentication using CHAP
    # client server secret IP addresses
    YOURPPTPNAME PPTP THISISYOURPW *
   

   Then make sure only root can read your password:

    chmod 600 /etc/ppp/chap-secrets
   

4. Try the VPN-Tunnel Start with:

    sudo pon hamnetdb0sda
   

   You should see a ppp0 device in sudo ifconfig now.

   ping 44.148.186.1 should also work. For SPECIAL FIXED IP account the IP is 44.149.166.1 .

   Stop the tunnel with

    sudo poff hamnetdb0sda
   

5. Make scripts to add the route to 44.128.0.0/10 via the VPN tunnel Add a skript to /etc/ppp/ip-up.d named hamnetdb0sda . It’s important you keep this filename, so the pptp programm can identify it to run it with your configuration.

   sudo nano /etc/ppp/ip-up.d/hamnetdb0sda
   

   #!/bin/bash
   #
   # Help - Text:
   # ---------------------------------------------------------------
   # This script is called with the following arguments:
   # Arg Name Example
   # $1 Interface name ppp0
   # $2 The tty ttyS1
   # $3 The link speed 38400
   # $4 Local IP number 12.34.56.78
   # $5 Peer IP number 12.34.56.99
   # $6 Optional ''ipparam'' value foo
   # ---------------------------------------------------------------
   
   # don't bother to restart postfix when lo is configured.
   if [ "$1" = "lo" ]; then
   exit 0
   fi
   
   if [ "$1" = "ppp0" ]; then
   #if [ "$6" = "hamnetdb0sda" ]; then
   
   echo "'date +%b" "%e" "%H":"%M":"%S' HAMNET VPN: PPTP - ipparam: $6 Interface goeas up ($1). "\
   "Now adding routing..." >> /var/log/messages
   route add -net 44.128.0.0/10 gw 44.148.186.1 $1
   #FOR SPECIAL FIXED IP ACCOUNTS USE route add -net 44.128.0.0/10 gw 44.149.166.1 $1
   fi
   
   exit 0
   

   Add a skript to /etc/ppp/ip-down.d named hamnetdb0sda . It’s important you keep this filename, so the pptp programm can identify it to run it with your configuration.

   sudo nano /etc/ppp/ip-down.d/hamnetdb0sda
   

   #!/bin/bash
   #
   # Help - Text:
   # ---------------------------------------------------------------
   # This script is called with the following arguments:
   # Arg Name Example
   # $1 Interface name ppp0
   # $2 The tty ttyS1
   # $3 The link speed 38400
   # $4 Local IP number 12.34.56.78
   # $5 Peer IP number 12.34.56.99
   # $6 Optional ''ipparam'' value foo
   # ---------------------------------------------------------------
   
   # don't bother to restart postfix when lo is configured.
   if [ "$1" = "lo" ]; then
   exit 0
   fi
   
   if [ "$1" = "ppp0" ]; then
   #if [ "$6" = "hamnetdb0sda" ]; then
   
   echo "'date +%b" "%e" "%H":"%M":"%S' HAMNET VPN: PPTP - ipparam: $6 Interface goes down ($1). "\
   "Now removing routing..." >> /var/log/messages
   route del -net 44.0.0.0/8 gw 44.148.186.1 $1
   #FOR SPECIAL FIXED IP ACCOUNTS USE route del -net 44.0.0.0/8 gw 44.225.166.1 $1
   fi
   
   exit 0
   

   Make both scruipts executable:

   sudo chmod 750 /etc/ppp/ip-up.d/hamnetdb0sda
   sudo chmod 750 /etc/ppp/ip-down.d/hamnetdb0sda
   

6. Try the tunnel with activated routing. Start with:

   sudo pon hamnetdb0sda
   

   Type sudo route -n and check that there is a route for 44.128.0.0 with subnet mask 255.192.0.0 to 44.148.186.1 on device ppp0.

   FOR SPECIAL FIXED IP ACCOUNTS the Gateway is 44.149.166.1.

   Stop the tunnel with:

   sudo poff hamnetdb0sda
   

7. Make the systemd service files to enable easy job controlling and auto-start on boot

   sudo nano /etc/systemd/system/hamnetvpn.service
   

   [Unit]
   Description=PPTP HAMNET link to DB0SDA
   Requires=multi-user.target
   After=network-online.target
   
   [Service]
   Type=forking
   ExecStart=/usr/bin/pon hamnetdb0sda
   ExecStop=/usr/bin/poff hamnetdb0sda
   ExecReload=/usr/bin/poff -r hamnetdb0sda
   
   [Install]
   WantedBy=network-online.target
   

   Reload the systemd environment with

   sudo systemctl daemon-reload
   

   Now you can use

   • sudo systemctl status hamnetvpn.service to check the status
   • sudo systemctl start hamnetvpn.service to start the tunnel
   • sudo systemctl stop hamnetvpn.service to stop the tunnel
   • sudo systemctl enable hamnetvpn.service to start the tunnel automatically at boot time
   • sudo systemctl disable hamnetvpn.service to not start the tunnel automatically at boot time
8. Reboot and feel happy