Shared Know How

I was looking into getting an vpn connection from my iphone to my server because I wouldn't want to send my email passwords and webpasswords clear over any public WIFI. Setting up an open source vpn connection from the Iphone is fairly simple but there is not much choiche of software. To my knowledge OpenVPN and Openswan are not supported so my choiche came down to: Poptop which is probably not the most secure solution because it's uses the Microsoft protocol which has a few flaws but I figured it would be much safer then nothing and if there is an evil WIFI I would guess the will just go for the easy targets.

My install is a CentOS 5.2 installation but it should work under any fairly recent Linux distribution

Setting Poptop VPN for Iphone is done in just four steps:

1 Installing Poptop on your linux server

Some distributions already have pptpd, if not you can install it from source with the following steps.

Download the latest pptpd from Sourceforge.

Unpack pptpd, configure and run make install:

tar -zxvf pptpd-1.3.4.tar.gz
cd pptpd-1.3.4
./configure
make
make install

2 Configuring pptpd (poptop)

Now we need to configure the different files used by pptpd to setup up for the vpn:

/etc/pptpd.conf

option /etc/ppp/options.pptpd
localip 192.168.8.1
remoteip 192.168.8.234-238

/etc/ppp/options.pptpd

 name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
 
#opendns dns services, you can replace this by your dns provider
ms-dns 208.67.222.222
ms-dns 208.67.220.220
lock
nobsdcomp
nologfd

/etc/ppp/chap-secrets

# Secrets for authentication using CHAP
#set one or more username and passwords to use with the pptp VPN
# username    pptpd   password         IP addresses
username       pptpd   password        *

3 Setup the server for Masquerading/NAT

Because we want to share the internet connection of the server with the Iphone we need to do NAT. The following couple of lines enable this. I am assuming eth0 is the network interface conneted to the internet. Just first try this out by copy and pasting this into bash but to keep it working even after a reboot you can copy the following lines into /etc/rc.local

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
 
#and start pptpd
/usr/local/sbin/pptpd

4 Configuring the Iphone

On your iphone click settings > network >VPN > Add VPN Configuration

Click PPTP and fill in a description
the hostname of the server
account = the username filled in in /etc/ppp/chap-secrets
RSA SecurID: OFF
password, as filled in in /etc/ppp/chap-secrets
Encryption Level = Auto
Send All Trafic: ON

Now press save and when Turning VPN to ON it should connect to the server.

If you have any problems don't hesistate to ask in the comments.