1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-27 02:09:06 +02:00
dockerfiles/pptpd/README.md
2018-03-15 22:01:36 +08:00

1.9 KiB

pptpd

The Point-to-Point Tunneling Protocol is a method for implementing virtual private networks.

PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.

Directory Tree

~/fig/pptpd/
├── docker-compose.yml
└── data/
    ├── pptpd.conf
    ├── pptpd-options
    └── chap-secrets

file: docker-compose.yml

pptpd:
  image: vimagick/pptpd
  volumes:
    - ./data/pptpd.conf:/etc/pptpd.conf
    - ./data/pptpd-options:/etc/ppp/pptpd-options
    - ./data/chap-secrets:/etc/ppp/chap-secrets
  privileged: true
  restart: always

file: pptpd.conf

option /etc/ppp/pptpd-options
pidfile /var/run/pptpd.pid
localip 192.168.127.1
remoteip 192.168.127.100-199

file: pptpd-options

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
ms-dns 8.8.4.4

file: chap-secrets

# Secrets for authentication using CHAP
# client    server  secret          IP addresses
username    *       password        *

Please use strong password in chap-secrets file to protect your server.

Server Setup

# edit /etc/default/ufw (for ubuntu)
$ modprobe nf_conntrack_pptp nf_nat_pptp
$ cd ~/fig/pptpd/
$ docker-compose up -d
$ docker-compose logs -f

You need to config firewall:

  • To let PPTP tunnel maintenance traffic, allow port 1723/tcp.
  • To let PPTP tunneled data to pass through router, allow proto gre.
  • Set DEFAULT_FORWARD_POLICY=ACCEPT
  • Set net.ipv4.ip_forward=1 (sysctl)

Client Setup

Connect PPTP server using username:password with mschap-v2/mppe-128 encyption.

References