Add VPN service, allow VPN connections to Dexter

[JamesNewton]

Since Windows 10 up no longer reliably allows connection to SAMBA shares, #58 setting up a VPN server on Dexter to re-enable access to that may be a more attractive option than SFTP.

There are many options. "The wonderful thing about Standards is that there are so many from which to choose."

OpenVPN is the obvious choice. It is open source, and older versions work on 16.04 but it does NOT work with the existing VPN built into Windows, so users would have to be able to install OpenVPN client on their PCs. While that may be possible, avoiding the requirement seems worthwhile. If Windows users will have to install something, they might as well install an SFTP client.

The Windows built-in VPN client supports only IKEv2, L2TP, PPTP and SSTP tunneling protocols.

IKEv2 was developed by M$ and Cisco and isn't bad, it's difficult to setup on Ubuntu 16.04. While most OS's support connecting to an IKEv2 VPN, the setup is again difficult on non M$ OSs.

L2TP/IPSec can probably be supported via Openswan and xl2tpd. Most tutorials assume that the Ubuntu server is public facing or will be accessed through a firewall. Some changes may be necessary for local access.

PPTP is old, often disabled by routers, and inherently insecure, but since we are doing this on a local network with a client that is totally insecure anyway, who cares? It's very easy to setup, fast, and still supported by every client. This is probably the best bet for an initial setup.

SSTP is M$ proprietary and while there are services available for Ubuntu, it is not well support by clients other than Windows.

[JamesNewton]

Tried the very easy setup from https://bobcares.com/blog/install-pptp-server-ubuntu/

Note: This requires that Dexter be connected to the internet

After SSHing into Dexter:

1. apt-get install pptpd

2. Setup the local IP to use and the IP range to assign to clients when they connect. nano /etc/pptpd.conf then at the bottom of the file, set the IP addresses to match your network. Because I'm no a 192.168.0.x net, I used

   # (Recommended)
   localip 192.168.0.141
   remoteip 192.168.0.234-238,192.168.0.245

   But if you are on a 192.168.1.x network, just change the IP addresses to match.

3. Next, nano /etc/ppp/pptpd-options and set the ms_dns settings to use google:

   
   # Network and Routing

If pppd is acting as a server for Microsoft Windows clients, this

option allows pppd to supply one or two DNS (Domain Name Server)

addresses to the clients. The first instance of this option

specifies the primary DNS address; the second instance (if given)

specifies the secondary DNS address.

Attention! This information may not be taken into account by a Windows

client. See KB311218 in Microsoft's knowledge base for more information.

ms-dns 8.8.8.8 ms-dns 8.8.4.4

4. Next, setup the user name and password. To avoid confusion, I just used the standard defaults for Dexter, but notice that if you want to specify a domain, you need to include that in front of the username. E.g. instead of "root" use "DEXTER\\root" if you tell windows you are connecting to a domain called "DEXTER"
`nano /etc/ppp/chap-secrets`

Secrets for authentication using CHAP

client server secret IP addresses

root pptpd klg *

5. Enable forwarding between the internal and external IP addresses
`nano /etc/sysctl.conf` find the ip_forward line and uncomment it (remove the leading #)

Uncomment the next line to enable packet forwarding for IPv4

net.ipv4.ip_forward=1

6. Link the vpn clients out to the internet
`iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE`
On this step I got this error:
`libkmod: ERROR ../libkmod/libkmod-config.c:635 kmod_config_parse: /etc/modprobe.d/pptpd.conf line 1: ignoring bad line starting with 'nf_nat_pptp'`
It may not be important:
https://bugs.launchpad.net/ubuntu/+source/pptpd/+bug/1571295
or can be worked around. 
7. start it
`/etc/init.d/pptpd restart`

`systemctl status pptpd` on Dexter shows any error messages. 

If you make any changes, do a 
`service pptpd restart`
to ensure they are incorporated. 

Next, setup your VPN connection from your PC. Be sure to specify "Point to Point Tunneling Protocal (PPTP)" as the type, but other than that, it's just the standard stuff. Here are instructions for [Windows 10](https://my.ibvpn.com/knowledgebase/267/Set-up-the-PPTP-on-Windows-10.html), [8](https://my.ibvpn.com/knowledgebase/73/Set-up-the-PPTP-VPN-on-Windows-8.html) [7](https://my.ibvpn.com/knowledgebase/42/set-up-the-pptp-vpn-connection-on-windows-7.html), 

When I first tried to connect from windows, after the status message "Registering your computer on the network" I was initially getting
`Error 734: The PPP link control protocol was terminated`

`systemctl status pptpd` on Dexter showed:

No CHAP secret found for authenticating Peer DEXTER\root failed CHAP authentication

I realized I had setup the VPN on windows to connect to a domain of "DEXTER" and a user of "root". That can be fixed by changing the chap-secrets file on Dexter:
`nano /etc/ppp/chap-secrets`

Secrets for authentication using CHAP

client server secret IP addresses

DEXTER\root pptpd klg *

or by specifying an empty domain on the Windows side. 

Once connected, you should have access to everything on Dexter via the SAMBA share, but this needs to be tested on a Windows 10 machine.

[JamesNewton]

Seems to work, closing until someone tells me otherwise.