1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 2"http://www.w3.org/TR/html4/loose.dtd"> 3<html> 4<head> 5<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 6<title>Poptop MSCHAP2 ADS Howto</title> 7</head> 8 9<body> 10<p><strong>15. pptp Client Installation</strong></p> 11<p>I will only describe the Windows XP pptp client installation. For other operating system, please see the documents in <a href="http://poptop.sourceforge.net/dox/">here</a>. </p> 12<ul> 13 <li>Start -> Settings -> Control Panels -> Network Connections.</li> 14 <li>Click on "Create a new connection" on the left pane. </li> 15 <li>A Winzard starts. Click on Next.</li> 16 <li>Choose "Connect to the network at my workplace". Next.</li> 17 <li> Choose "Virtual Private Network Connection". Next.</li> 18 <li>Key in the company name. Next.</li> 19 <li>Choose "Do not dial the initial connection". Next</li> 20 <li>Type in the external IP address of Hostname of the pptpd gateway. Next.</li> 21 <li>Choose "Anyone's use". Next</li> 22 <li>Check the "Add a shortcut to this connection to my desktop". Finish.</li> 23 <li>A new icon appears on the Network Connections under the header Virtual Private Network. Right click on it and choose Properties.</li> 24 <li>Click on the Security tab. Check "Advanced (custom settings)" and then click the Settings button.</li> 25 <li> Choose "Maximum strength encryption (disconnect if server declines)" on Data Encryption.</li> 26 <li>In the same tab, choose "Allow these protocols" and undo all except "Microsoft CHAP Version 2 (MS-CHAP v2)". Click OK and click OK again to close the window.</li> 27</ul> 28<p>That's all for a standard configuration. All traffic from the PC will pipe through the pptp tunnel except those for the local attached network segment. This is the recommended way of implementing VPN for security reasons.</p> 29<hr> 30<strong><a name="splittunnel"></a>15.1 Split Tunneling</strong> 31<p>Split Tunneling allows you to configure the network so that only selected traffic is directed to the VPN tunnel. For instance, you want browsing traffic to go to the Internet directly but corporate traffic goes via the VPN, then you will need split tunneling. It is also important if your ISP requires a heatbeat from your machine to keep the connection alive. </p> 32<p>While split tunneling provides convenience, it causes security problems because <span name="intelliTxt" id="intelliTxt">it essentially renders the VPN vulnerable to attack as it is accessible through the public, non-secure network. Check your company security policy before inplementing split tunneling. </span></p> 33<p>To set up split tunneling:</p> 34<ul> 35 <li>Right click on the icon which you created in section 15 and choose Properties.</li> 36 <li>Choose the Networking tab. Highligth the Internet Protocol (TCP/IP) and click on the Properties button.</li> 37 <li>Click on the Advanced Button and then deselect "Use default gateway on remote network". Click OK. Click OK and then click OK.</li> 38</ul> 39<p>If you have a simple private network which has only one single segment, you have finished the configuration. Take a break and enjoy you day.</p> 40<p>If you have multiple subnets in the private network, there are still works to do. By not using the PPP as the default gateway, we introduce another problem. The PPP client will set up routing only to the subnet that is directly attached to the pptp gateway. Traffic will not route to the other subnets. In our test environment, you can only access 10.0.0.0 but not 172.16.0.0. To resolve this problem, I created a VBScript to add the extra routes. </p> 41<p>The VBScript is listed here: </p> 42<blockquote> 43 <pre>Option Explicit<br>Dim IP_Address<br>Dim TmpFile : TmpFile = "c:\ip.txt"<br>Dim route1 44 45<strong>route1 = "route add 172.16.0.0 mask 255.255.255.0 "</strong> 46 47SaveIP<br>IP_Address = GetIP()<br>route1 = route1 & IP_Address<br>AddRoute 48 49Sub SaveIP<br> Dim ws : Set ws = CreateObject("WScript.Shell")<br> ws.run "%comspec% /c ipconfig > " & TmpFile, 0, True<br> Set ws = Nothing<br>End Sub 50 51Function GetIP()<br> Dim fso : Set fso = CreateObject("Scripting.FileSystemObject")<br> Dim re : Set re = New RegExp<br> re.Global = TRUE 52 53 Dim file, fileline, matches<br> Dim pppsection : pppsection = FALSE 54 55 If fso.FileExists(TmpFile) Then<br> Set file = fso.OpenTextFile(TmpFile)<br> 56 Do While Not file.AtEndOfStream<br> fileline = file.ReadLine 57 58 If Not pppsection Then 59 If left(fileline,3) = "PPP" Then 60 pppsection = TRUE 61 End If 62 Else 63 re.Pattern = "IP Address[\. ]+: " 64 If re.Test(fileline) Then 65 matches = split(fileline,":") 66 GetIP = right(matches(1),len(matches(1))-1) 67 End If 68 End If 69 70 Loop<br> file.Close<br> End If 71 72 Set re = Nothing<br> Set fso = Nothing<br>End Function 73 74Sub AddRoute<br> Dim ws : Set ws = CreateObject("WScript.Shell")<br> ws.run "%comspec% /c " & route1, 0, True<br> Set ws = Nothing<br>End Sub 75</pre> 76</blockquote> 77<p>Create the VBScript file somewhere in your PC and create a shortcut on the desktop. When the PPP connects, double click on the shortcut will add the route accordingly.</p> 78<p><strong>Note</strong>: you will need to modify the line in bold for your environment. </p> 79<hr> 80<a href="poptop_ads_howto_12.htm">Next</a> <a href="poptop_ads_howto_10.htm">Previous</a> <a href="poptop_ads_howto_1.htm#toc">Content</a><p> </p> 81<p> </p> 82</body> 83</html> 84