This document will quickly sum up how to connect a Debian GNU/Linux box to a Windows VPN server using plain PPTP together with CHAP or a derivate for authentication. It will not explain how to secure the connection using encryption or strong authentication schemes.
For demonstration purposes we will assume we want to connect to the VPN server at "vpn.example.com" using "johndoe" as our username and "secret" as our password.
First thing we have to do is install the PPTP helper utility for pppd. Debian provides it as package "pptp-linux" so we will run
apt-get install pptp-linux
Next thing we'll do is add login information for server "vpn.example.com" to the file containing username/servername/password/address tuples:
johndoe vpn.example.com "secret"
Next step is creating a peer configuration file, so we will not have to type every configuration option over and over again but can instead use "pon vpn.example.com" to bring up the tunnel
pty "pptp vpn.example.com --nolaunchpppd"
While starting the tunnel for the first time you may want to leave the last four lines uncommented to debug the connection and make sure everying works alright up to here.
So far, so good. Our tunnel should be working just fine now, but how do we go about routing packets through the tunnel? We will place a script in /etc/ppp/ip-up.d so it gets run every time a tunnel is created. This script will set up routes so all packets but (the now tunneled) packets to vpn.example.com, the external interface of the tunnel endpoint, will get sent to the tunnel startpoint, represented by the tunnel interface, then routed via the internal interface (say vpnintern.example.com) of the tunnel endpoint to their destination. You can download and install 99tunnel, a sample script I wrote, to do this for you. It uses the iproute utilities to manipulate routes, so you'll have to install the iproute package first:
apt-get install iproute
chmod a+x 99tunnel
When everything is in place you should be able to simply run
to bring up the tunnel and set up the routing. Running
should close the tunnel and revert routing back to normal.
Keep in mind that this setup will only allow you to participate in an unencrypted PPTP/CHAP VPN, so make sure not to transmit sensitive information through the tunnel.