How to make pptp VPN connection to use IPMI port
(IPKVM / Web KVM) on Debian Linux
If you have used KVM, before you certainly have faced the
requirement asked by many Dedicated Server Provider, for
establishment of a PPTP (mppe / mppoe) or the so called Microsoft
VPN tunnel to be able to later access via the tunnel through a
Private IP address the web based Java Applet giving control to the
Physical screen, monitor and mouse on the server.
This is pretty handy as sometimes the server is not booting and one
needs a further direct access to the server physical Monitor.
Establishing the
Microsoft VPN connection on Windows is a
pretty trivial task and is easily achieved by navigating to:
Properties > Networking (tab) > Select IPv4 >
Properties > Advanced > Uncheck "Use default gateway on
remote network".
However achiving the same task on Linux seemed to be not such a
trivial, task and it seems I cannot find anywhere information or
precise procedure how to establish the necessery VPN (ptpt) ms
encrypted tunnel.
Thanksfully I was able to find a way to do the same tunnel on my
Debian Linux, after a bunch of experimentation with the
ppp
linux command.
To be able to establish the IPMI VPN tunnel, first I had to install
a couple of software packages, e.g.:
root@linux:~# apt-get install ppp pppconfig pppoeconf
pptp-linux
Further on it was necessery to
load up two kernel modules to
enable the pptp mppe support:
root@linux:~# modprobe ppp_mppe
root@linux:~# modprobe ppp-deflate
I've also enabled the modules to be loading up during my next Linux
boot with
/etc/modules to not be bother to load up the same
modules after reboot manually:
root@linux:~# echo ppp_mppe >> /etc/modules
root@linux:~# echo ppp-deflate >>
/etc/modules
Another thing I had to do is to enable the
require-mppe-128
option in
/etc/ppp/options.pptp.
Here is how:
root@linux:~# sed -e 's$#require-mppe-128$require-mppe-128$g'
/etc/ppp/options.pptp >> /tmp/options.pptp
root@linux:~# mv /tmp/options.pptp
/etc/ppp/options.pptp
In order to enable debug log for the
ppp tunnel I also
edited
/etc/syslog.conf and included the following
configuration inside:
root@linux:~# vim /etc/syslog.conf
*.=debug;\
news.none;mail.none -/var/log/debug
*.=debug;*.=info;\
*.=debug;*.=info;\
root@linux:~# killall -HUP rsyslogd
The most important part of course is the command line with
ppp command to connect to the remote IP via the VPN tunnel
;), here is how I achieved that:
root@linux:~# pppd debug require-mppe pty "pptp ipmiuk2.net
--nolaunchpppd" file /etc/ppp/options.pptp user
My_Dedi_Isp_Given_Username password
The_Isp_Given_Password
This command, brings up the
ppp interface and makes the
tunnel between my IP and the remote VPN target host.
Info about the tunnel could be observed with command:
ifconfig -a ppp
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.20.254.32 P-t-P:10.20.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:70 (70.0 B) TX bytes:672 (672.0 B)
One more thing before I could finally access the IPMI's web
interface via the private IP was to add routing to the private IP
address via the tunnel other side IP address:
# 10.20.0.1 P-t-P IP address
ip route add 10.20.1.124 via 10.20.0.1;
And tadam! It's done now IPKVM is accessible via
http://10.20.1.124 or
https://10.20.1.124 web
interface. Horay ! :)