Portal Home > Knowledgebase > Tutorials / Guides > OpenBSD > PPTP (VPN) for OpenBSD

PPTP (VPN) for OpenBSD

Setting up a route to proxh.sh PPTP tunnels on OpenBSD can be achieved following the below guidelines.

After having configured the environment variable PKG_PATH to contain your nearest OpenBSD package mirror, just add the pptp-Package via command line.

# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/`uname -r`/packages/`machine -a`/
# pkg_add -i pptp

The configuration file for pptp is the one from the userland pppd located at /etc/ppp/ppp.conf.
/etc/ppp/ppp.conf

proxysh:
set device "!/usr/local/sbin/pptp --nolaunchpppd IP_ADDR"
set authname YOUR_AUTH_NAME
set authkey YOUR_AUTH_PASSWORD
set mppe 128 stateless
disable ipv6cp
disable ipv6

Note to replace IP_ADDR by the proxy.sh PPTP IP given in your welcome email or panel's product details.

To keep the default route correctly set, especially on systems getting their IP address supplied via DHCP, the /etc/ppp/ppp.linkup and /etc/ppp/ppp.linkdown scripts need to be adapted.
/etc/ppp/ppp.linkup

proxysh:
! sh /etc/ppp/vpn-default-route.sh
add default HISADDR

/etc/ppp/ppp.linkdown

proxysh:
delete IP_ADDR

Note to replace IP_ADDR by the proxy.sh PPTP IP given in your welcome email or panel's product details.

Also note, that /etc/ppp/ppp.linkup invokes another script, namely /etc/ppp/vpn-default-route.sh, that is not available by default. This script and the mechanism to save a previously set default route was taken from the pptp manual page.
/etc/ppp/vpn-default-route.sh

#!/bin/sh

gw=`netstat -rn -f inet | grep ^default | awk '{print $2};'`
/sbin/route add -host IP_ADDR ${gw}

Note to replace IP_ADDR by the proxy.sh PPTP IP given in your welcome email or panel's product details.

You can now make a test run with the following command.

# ppp -ddial proxysh


To initialize the PPTP-Connection during system start-up, create /etc/hostname.tun0 with the following content:
/etc/hostname.tun0

up
!ppp -unit0 -ddial proxysh

The -unit0 parameter here tells ppp to use tun0 as a tunnel interface. This makes it easier to manage different tunnels and to create filtering rules applied to specific tunnel interfaces. After a reboot, your proxy.sh tunnel should now come up automatically.

NB: If you encounter difficulties to connect with PPTP, please try to switch to OpenVPN. OpenVPN is more reliable, more secure and more flexible. OpenVPN also allows you to try various ports, including 'discreet' ones such as TCP 443. Below, you will find an aggregate of useful guides and articles that will help you troubleshoot your problems, should you have any.

Guide for setting up OpenVPN with default client on OpenBSD.
I cannot find the .ovpn and .crt files necessary for OpenVPN. Where are they?
No matter how hard I try, I cannot succesfully connect to OpenVPN.
I can't access any website through my browser while connected to VPN.
I am connected to the VPN but my IP is not yet hidden. Help!
I am having some kind of other problem. Where can I find some help?
How can I find the local log files of my VPN client?

If you still cannot connect successfully, please open a support ticket and include either a copy of your logs or a screenshot of your configuration and encountered errors. Logs can usually be found in software menus or settings, as well as their directories of installation (.log or .txt files). If you do not include a log or a screenshot, it will be hard for us to help you resolve the issues you have with connecting to our network.
Related Knowledgebase Articles
OpenVPN for OpenBSD (Views: 1626)