About the Site

This weblog is edited and run by members of reallyenglish, a company offering a total English learning solution based in London, Beijing, Shanghai and Tokyo. Visit our corporate site to know more about what we do.

Notes are posted by members from various cultural and geographical backgrounds, and the topics range from education, business and international communication to software development, the internet culture, and more.

Staff

Masatomo Nakano http://twitter.com/masatomon simonl davida jeremyw Go Kameda gavin b No name tomoyukis

 

Recent Comments

  • illouca: thank you for the patch !! read more

Making VPN connection to OpenBSD with iPhone 4

| 1 Comment

iPhone 4 is able to make VPN connection and send all traffic through it, which is useful when you use public WiFi and/or need intranet resources.

Installing OpenBSD 4.9

See the FAQ. You need to install the kernel and userland sources as well to build npppd and PIPEX kernel.

Building PIPEX kernel and installing npppd

At the time of this writing, npppd is not installed by default. npppd requires "option PIPEX" in kernel config file, which is not enabled by default. Follow the instruction in /usr/src/usr.sbin/npppd/HOWTO_PIPEX_NPPPD.txt after you extract the source code. Note that amd64 users need to patch npppd at the moment. The patch below was from the author. Patch at your own risk.

> cd && fetch http://journal.reallyenglish.com/2011/05/13/privsep.diff.txt
> cd /usr/src/usr.sbin/npppd/npppd
> sudo patch < ~/privsep.diff.txt

npppd.conf

Networking

interface_list: tun1
interface.tun1.ip4addr: $ip.add.re.ss
pool.dyna_pool: $ip.add.re.ss/$subnet
lcp.mru: 1400
ipcp.dns_primary: $dns.add.re.ss

Authentication

Choose authentication method. CSV file is good for testing.

auth.method: mschapv2 chap
auth.local.realm_list: local
auth.local.realm.acctlist: /etc/npppd/npppd-users.csv
realm.local.concentrate: tun1

Create a CSV file, /etc/npppd/npppd-users.csv which looks like:

Username,Password,Framed-IP-Address,Framed-IP-Netmask,Description,Calling-Id
user,secret,$ip.add.re.ss,,memo for user

If you have working RADIUS server,

auth.radius.realm_list: radius
auth.radius.realm.server.address: 127.0.0.1
auth.radius.realm.server.secret: $radius_secret
realm.radius.concentrate: tun1

Note that you need clear text password or NT password in the RADIUS backend when mschapv2 is used.

VPN protocol

Choose VPN protocol.

pptpd.enabled: true
pptpd.ip4_allow: 0.0.0.0/0

Connecting to npppd

Run npppd in debug mode.

# npppd -d
2011-05-21 17:54:03:NOTICE: Starting npppd pid=30068 version=5.0.0                                               
2011-05-21 17:54:03:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully.
2011-05-21 17:54:03:WARNING: write() failed in in_route0 on RTM_ADD : File exists
2011-05-21 17:54:03:INFO: tun1 Started ip4addr=10.103.0.1
2011-05-21 17:54:03:INFO: pool name=default dyn_pool=[10.103.0.0/25] 
2011-05-21 17:54:03:INFO: Added 1 routes for new pool addresses
2011-05-21 17:54:03:INFO: Loading pool config successfully.
2011-05-21 17:54:03:INFO: realm name=radius(radius) Loaded configuration timeout=9 nserver=1
2011-05-21 17:54:03:INFO: Listening /var/run/npppd_ctl (npppd_ctl)
2011-05-21 17:54:03:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP]
2011-05-21 17:54:03:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP]
2011-05-21 17:54:03:INFO: pptpd Listening 0.0.0.0:1723/tcp (PPTP PAC) [PPTP]
2011-05-21 17:54:03:INFO: pptpd Listening 0.0.0.0:gre (PPTP PAC)
2011-05-21 17:54:03:INFO: tun1 is using ipcp=default(1 pools).

When everything works, you will see:

2011-05-21 17:58:00:NOTICE: ppp id=1 layer=base logtype=TUNNELSTART user="user" duration=3sec layer2=PPTP layer2from=211.19.48.10:16749 auth=MS-CHAP-V2  ip=10.103.0.9 iface=tun1
2011-05-21 17:58:00:NOTICE: ppp id=1 layer=base Using pipex=yes

1 Comment

thank you for the patch !!

Leave a comment