NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
kraney
Sep 11, 2009Aspirant
HOWTO: PPtP VPN
This howto will list the steps necessary to set up a pptp server on a ReadyNAS Duo. PPtP makes a nice choice, because OSX natively supports connecting to PPtP VPNs. I think windows does also, but don't have personal experience with it.
This howto guide was developed against RAIDiator 4.1.6. It may work with older versions, possibly with minor modifications.
First, set up a dev environment using the instructions at http://www.readynas.com/?p=145
Next, you'll need to install and set up the necessary software
This howto guide was developed against RAIDiator 4.1.6. It may work with older versions, possibly with minor modifications.
First, set up a dev environment using the instructions at http://www.readynas.com/?p=145
Next, you'll need to install and set up the necessary software
- In FrontView, create a new group named "dip" (this is needed by the ppp package that pptpd relies on.)
- execute
apt-get install pptpd
- edit /etc/pptpd.conf, and set up definitions for localip and remoteip. These will need to have appropriate values for your network. There are examples in the default config file. You basically want to pick IP addresses that are within your subnet, but not used by DHCP or by computers in your network. If your local net is 192.168.0.0, you might choose something like
localip 192.168.0.2
remoteip 192.168.0.3-50 - optionally, turn on bcrelay in pptpd.conf
- edit /etc/ppp/chap-secrets, and add a username and password for a VPN user
- edit /etc/sysctl.conf and add
net.ipv4.ip_forward 1
This will tell the ReadyNAS to route your VPN client's traffic out to the rest of your network. This change will take effect on your next boot. You can go ahead and turn on routing without needing to reboot by runningecho 1 >> /proc/sys/net/ipv4/ip_forward
- Download the Linux kernel posted at http://www.readynas.com/gpl
- run
apt-get install libncurses5-dev
(needed to run menuconfig when setting up the kernel) - cd to the linux kernel directory, and run
cp arch/padre/defconfig .config
- There is a hardcoded cross-compile setup in the kernel build, which needs to be fixed. Edit arch/padre/Makefile, and replace the line that starts with "CROSS_COMPILE" with one like this
CROSS_COMPILE ?=
- run
make menuconfig
- Navigate to the "Network Device Support -> PPP (point-to-point protocol support)" page
- enable "PPP" by pressing "M" to mark it as a module
- also enable MPPE compression and async serial support.
- enable ppp filtering by pressing the space bar (it isn't a module, so 'M' doesn't work.)
- save the configuration and run
make modules
cp drivers/net/{ppp_async,ppp_mppe,ppp_generic,slhc}.ko /lib/modules/2.6.17.8ReadyNAS/kernel/drivers/net/
mkdir /lib/modules/2.6.17.8ReadyNAS/kernel/crypto
cp crypto/{sha1,arc4}.ko /lib/modules/2.6.17.8ReadyNAS/kernel/crypto/
depmod -a
Finally, you'll need to build the PPP kernel modules. This howto assumes you'll be building the kernel modules directly on the NAS device. You can also cross-compile on a different box, but I'll leave that explanation to other guides.
At this point, you should be able to connect from your VPN client, using the username and password you added to /etc/ppp/chap-secrets. The kernel will automatically load the new modules when they're needed.
If you run into trouble, check /var/log/syslog on the ReadyNAS for error messages.
60 Replies
Replies have been turned off for this discussion
- dreyAspirant
kraney wrote:
Finally, you'll need to build the PPP kernel modules. This howto assumes you'll be building the kernel modules directly on the NAS device. You can also cross-compile on a different box, but I'll leave that explanation to other guides.- Download the Linux kernel posted at http://www.readynas.com/gpl
- run
apt-get install libncurses5-dev
(needed to run menuconfig when setting up the kernel) - cd to the linux kernel directory, and run
cp arch/padre/defconfig .config
- There is a hardcoded cross-compile setup in the kernel build, which needs to be fixed. Edit arch/padre/Makefile, and replace the line that starts with "CROSS_COMPILE" with one like this
CROSS_COMPILE ?=
- run
make menuconfig
- Navigate to the "Network Device Support -> PPP (point-to-point protocol support)" page
- enable "PPP" by pressing "M" to mark it as a module
- also enable MPPE compression and async serial support.
- enable ppp filtering by pressing the space bar (it isn't a module, so 'M' doesn't work.)
- save the configuration and run
make modules
cp drivers/net/{ppp_async,ppp_mppe,ppp_generic,slhc}.ko /lib/modules/2.6.17.8ReadyNAS/kernel/drivers/net/
mkdir /lib/modules/2.6.17.8ReadyNAS/kernel/crypto
cp crypto/{sha1,arc4}.ko /lib/modules/2.6.17.8ReadyNAS/kernel/crypto/
depmod -a
At this point, you should be able to connect from your VPN client, using the username and password you added to /etc/ppp/chap-secrets. The kernel will automatically load the new modules when they're needed.
If you run into trouble, check /var/log/syslog on the ReadyNAS for error messages.
You lost me there on Step 3. Where is arch/padre/Makefile? - sesamAspirantAny chance of getting the ppp.o binary from someone who has it already?
- kraneyAspirant
You lost me there on Step 3. Where is arch/padre/Makefile?
It's a subdirectory inside the linux kernel source. It's the linux-2.6.17 directory within the source distribution. - kraneyAspirant
sesam wrote: Any chance of getting the ppp.o binary from someone who has it already?
There is no ppp.o binary. There are a total of 6 kernel modules that are built. In drivers/net, there are:- ppp_async.ko
- ppp_mppe.ko
- ppp_generic.ko
- slhc.ko
and in drivers/crypto, there are:- sha1.ko
- arc4.ko
I could potentially upload them here, but I don't see any way to add attachments. I don't want to get in the business of mailing out files one user at a time. - sesamAspirantNo attachments here, no. I can take the emailing of files to people, if you send them to me. I'm simon.bohlin and I'm a user of gmail.
(Actually I've just contacted readynasfreeware.org admin (user "Who Cares?" on this forum) to try to get the files there, but I guess that'll take a while before anything happens.) - sesamAspirantOk, I've got the files that should go in /lib/modules/2.6.17.8ReadyNAS/kernel/ in folder drivers/net and crypto.
I've done installation (apt-get install pptpd) and edited files /etc/pptpd.conf /etc/ppp/chat-secrets
Doing modprobe ppp gives error: can't find module ppp
I'm temporarily solving this with (below is typed from memory, exact ordering or correct spelling is not guaranteed):
cd /lib/modules/2.6.17.8ReadyNAS/kernel/crypto && insmod sha1.ko && insmod arc4.ko
cd /lib/modules/2.6.17.8ReadyNAS/kernel/drivers/net && insmod slhc.ko && insmod ppp_generic.ko && insmod ppp_mppe.ko && insmod ppp_async.ko
Aftet that a test connection WORKS! I did a connection from a win XP computer running outside the firewall and using a different ip net (otherwise XP complains of loopback).
Though by unchecking use default gateway in IPv4 advanced settings on the XP box, the tunneling stops as well.
Next step now is to figure out how to get XP and pptp to tunnel only the stuff I want tunneled.
So basically working, but not done yet.
And if anyone needs the ppp*.ko files etc, look here (attachments, near the bottom): http://sites.google.com/site/chromiumdev/pptp - kraneyAspirant
sesam wrote:
Doing modprobe ppp gives error: can't find module ppp
I'm temporarily solving this with (below is typed from memory, exact ordering or correct spelling is not guaranteed):
cd /lib/modules/2.6.17.8ReadyNAS/kernel/crypto && insmod sha1.ko && insmod arc4.ko
cd /lib/modules/2.6.17.8ReadyNAS/kernel/drivers/net && insmod slhc.ko && insmod ppp_generic.ko && insmod ppp_mppe.ko && insmod ppp_async.ko
There's no module named literally ppp. I believe the correct way to force load the modules would be with
modprobe -v ppp_generic
although I didn't find that to be necessary at all. The modules just load automatically when you try to connect via pptp.
If you're finding it necessary to use insmod directly, my guess is maybe you forgot to run
depmod -a - efalskenAspirantBefore commenting on the ppp module compilation above, please indicate which firmware revision and processor (Sparc or x86) you are using.
I can't figure out how to compile the ppp module. I realize that we have to download the kernel from Netgear's GPL page, but it has to be the one specific to our model and firmware revision. This is a lot of trouble. And it appears that the x86 version 4.2.9 (latest stable) is corrupted. (unable to extract fully on my ReadyNAS or Windows machines) Are there any other solutions?
When I type "apt-get install ppp", it says it is already installed. But when I try to connect via pptp, this appears in my syslog:
May 4 23:22:50 BigBoy pppd[3357]: This system lacks kernel support for PPP. This could be because the PPP kernel module could not be loaded, or because PPP was not included in the kernel configuration. If PPP was included as a module, try `/sbin/modprobe -v ppp'. If that fails, check that ppp.o exists in /lib/modules/`uname -r`/net. See README.linux file in the ppp distribution for more details.
May 4 23:22:50 BigBoy pptpd[3355]: GRE: read(fd=6,buffer=8058640,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
May 4 23:22:50 BigBoy pptpd[3355]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
May 4 23:22:50 BigBoy pptpd[3355]: CTRL: Reaping child PPP[3357] - kraneyAspirantAn earlier post provides a link to a place where you can download precompiled kernel modules. These were compiled from 2.6.17.8, for a ReadyNAS duo.
And if anyone needs the ppp*.ko files etc, look here (attachments, near the bottom): http://sites.google.com/site/chromiumdev/pptp
I'm sympathetic, you're right it's a lot of trouble to download and compile the kernel. I'd like to create a prepackaged add-on, but haven't had time to learn how yet. - efalskenAspirantEdit 9/9/2012: Updated so all the instructions are up-to-date and in one place.
Be sure to download the GPL code and extract it onto your /c/ filesystem. There's not enough space to extract everything into the root filesystem, and its a good way to kill your ReadyNAS.mkdir /c/devel
cd /c/devel
wget http://.......
mkdir (downloaded filename without zip)
unzip (downloaded file) -d (dir you just created)
after downloading the firmware run these command:apt-get update
apt-get install build-essential
apt-get install lzma
apt-get install libncurses5-dev
apt-get install nano <- because I'm no good with vi to edit files.
then pre-compile the current kernelcd (unzip dir)/kernel/(kernel version)
cp defconfig.smp linux-(kernel version)/.config <--For x86_64 systems only!
cp defconfig.up linux-(kernel version)/.config <--For all others?
cd linux-(kernel version)
make clean
Then this is where you run the 'make menuconfig' command. (Note that you do not need to fix the "Cross Compile" configuration or copy any config files when doing this on an x86-based ReadyNAS.) The PPP options will be under Device Drivers -> Network Device Support -> PPP Support. Be sure to select
Device Drivers
Network device support
<M> PPP Support
[*] PPP Filtering
<M> PPP Support for async serial ports
<M> PPP Support for tty ports
<M> PPP Deflate compression
<M> PPP BSD-Compress compression
<M> PPP MPPE compression
<M> PPP over Ethernet
Cryptographic API
<M> Deflate compression algorithm <- It's at the very bottom
<M> Zlib compression algorithm
<M> LZO compression algorithm
Press 'esc, esc' a few times to exit out until it prompts you to save. (yes) Then:make modules
make modules_install
That should install the modules. If it doesn't, then you can install them manually:cp drivers/net/*.ko /lib/modules/(kernel folder x86_64)/kernel/drivers/net/
depmod -a <- no output indicates a success
modprobe ppp_generic <- no output means everything worked!
Now follow the instructions, as above, to install the PPP service: viewtopic.php?f=35&t=33132&p=232929#p182215
Once you've done all that and used to start it up, if it still isn't working or doesn't work as expected, here're some extra commands to figure out exactly what might be going wrong.tail -n30 /var/log/syslog
dmesg
If you see a problem in the logfile "unable to open /dev/ppp", then this command will help you:mknod /dev/ppp c 108 0
If, every time after rebooting, you still have a problem with the /dev/ppp not existing, then you can add this to your /etc/init.d/pptpd file:case "$1" in
start)
echo -n "Starting PPTP Daemon: "
if [ ! -c /dev/ppp ]; then mknod /dev/ppp c 108 0; fi
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
-- < /dev/null > /dev/null
echo "pptpd."
;;
And once you get a user CONNECTED to the VPN, here's a WONDERFUL troubleshooting guide to getting traffic flowing correctly over your new VPN: http://poptop.sourceforge.net/dox/diagn ... ding.phtml
As I sit here, my iPhone is able to browse everything on my local ReadyNAS via the cellular connection.
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!