For some reason I've found getting VPN servers working under linux remarkably complex. My main reason for doing so was so that I could get my HP iPaq 4150 to remotely ActiveSync. I've tried FreeS/WAN and using it for IPSEC but it never wanted to work. I just gave up. (note: seriously people it's one of the things we've got to fix to compete with Windows).

So, I decided to try PopTop. Unfortunately PopTop and the iPaq don't get along. More to the point, PocketPC2003 is broken and won't negotiate crypto - it initially claims it can't do ANY crypto (contrary to what's meant to happen) and so PPPD kicks it off!

If you work for Microsoft's PocketPC2003 group then "MAKE YOUR VPN CLIENT BEHAVE PROPERLY PLEASE!!!".

Anyway, despite it not working I did learn a few useful tips:

Tip #1

Make sure you use the latest versions of pppd and poptop and your kernel. I'm using 2.4.2-b3 of pppd and 1.1.4b4 of poptop. Ensure that the kernel modules you need exist and are loaded.

Tip #2

Know that the PPP options file you're using makes sense to PPPD:

# pppd dryrun file /etc/ppp/options.pptpd

Here's my options.pptpd file that works with WinXP options.pptpd.

Tip #3

Understanding what is going wrong with PPPD when PPTPD starts it up (the pppd errors are NOT carried through to /var/log/messages). Add the following lines to /etc/ppp/options.pptpd

debug
logfile /tmp/pptp.log

Then when something doesn't work have a look at the end of pptp.log and it'll make sense. Read it inconjunction with the website in Tip #4

Tip #4

The most useful website for understanding pptp under linux is NOT the Poptop website. It's actually the website for the pptp client. Specfically the diagnosis page: http://pptpclient.sourceforge.net/howto-diagnosis.phtml.