4548 Linux as a PPTP-router - Telecomix Crypto Munitions Bureau

Linux as a PPTP-router

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

Micro-tutorial for how to use IPREDATOR together with Debian or Ubuntu Linux.

[edit] Using IPREDATOR with linux

  • Open a terminal.
  • Become root. "sudo -i".
  • Install pptp-linux. You can type "aptitude install pptp-linux".
  • Start pptp-linux. "pptpsetup --create ipredator --server vpn.ipredator.se --username USERNAME --password PASSWORD --start --encrypt", USERNAME and PASSWORD should be replaced with your own accounts details.
  • You now have a new network interface on your computer. If you have not done anything strange, the new interface should be named "ppp0". You can view information about your network interfaces by typing "ifconfig".
  • To send all of your traffic via IPREDATOR, you need to make a few changes to your routing table. Type "ip route show" and write down which router your "default route" uses. For example, after issuing the command, it could say something such as "default via 10.0.0.7 dev eth0" on a row by itself. In that case, 10.0.0.7 would be your default gateway.
  • Type "dig vpn.ipredator.se" to see which IP-addresses that vpn.ipredator.se uses. Write down any one of the about 20 IP addresses that appears. It does not matter which one you choose.
  • Type "ip route add 5.6.7.8 via 1.2.3.4" (Replace 5.6.7.8 with one of the ip-addresserna that vpn.ipredator.se uses. Exchange 1.2.3.4 with your default gateway.)
  • Type "ip route delete default; ip route add default via 9.10.11.12" (Exchange the IP-address 9.10.11.12 with your assigned IP-address from IPREDATOR. You can see which IP address was assigned to you with "ifconfig")
  • The following firewall script will firewall any connections that are not made locally (LAN etc) or to/via IPREDATOR. It's great for when you get disconnected from IPREDATOR and until you get connected again (because it prevents data leak). I've put it in /etc/ppp/ip-up.d/9999_whitelist_ipredator so that it gets run when the first IPREDATOR connection is made. IPREDATOR "better offline than sorry" firewall script (The script is also mirrored here at teh wiki)
  • When you have downloaded it and put it in the right position, you need to chmod it:
    sudo chmod a+rx /etc/ppp/ip-up.d/9999_whitelist_ipredator
  • for good measure (it doesn't support IPv6, but as IPREDATOR doesn't use IPv6 at the time of writing, it doesn't matter except for providing some forward compatibility safety):
    sudo ln -s /etc/ppp/ip-up.d/9999_whitelist_ipredator /etc/ppp/ipv6-up.d/9999_whitelist_ipredator
  • The script to turn off the firewall (when you're done using IPREDATOR for your session) can downloaded here: The "Done with IPREDATOR"-script
  • MTU seems to be an important thing. I had to lower MTU (default is 1500) on the underlying network device otherwise I got a lot of disconnects. This works for me:
 ifconfig eth0 mtu 1200
  • DONE - Check if it works by accessing whatismyip.org, or any other similiar service. If you want, you can type "echo "GET /" | nc whatismyip.org 80" in the terminal and comparing the output with your normal IP address.


[edit] Setting up an IPREDATOR router

If you want to you can give everyone access to your IPREDATOR account. If you want more than just your own computer to access the internet via IPREDATOR you just need to type two more commands:

  • "iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE --random" (This will tell your computer to replace all source addresses of outgoing packets that passes through IPREDATOR with the IP address that was assigned to your connection (aka NAT). Your router will remember which sessions belongs to which computers in your network, and forward incoming packets to them. MASQUERADE is a form of NAT that is designed with dynamic IPs in mind.)
  • "sysctl -w sysctl net.ipv4.conf.all.forwarding=1" (This tells your computer to behave as a router, thus letting other computers use your machine to access the internets.

Also, please note:

  • Note that absolutly no security at all has been configured for you connection to internets via IPREDATOR. It is highly recommended that you set up a firewall!
  • After issuing the two commands to make your computer behave as an anonymizing router, you obviously need to change the default gateway of all computers in your network that you want to have anonymized with the LAN IP address of your IPREDIA router. (You can give free access to anyone you linke by using OpenVPN and let the users have their traffic routed over OpenVPN via your IPREDATOR account, to the internets.)
Personal tools
< 7 /html> 0