vpn + wireless

[Gabriel Eduard Mititica]

I want to make sure that the way I'm setting up my wireless, vpn works
properly and it's secure (i.e., I'm not connecting only through wlan0)

If someone experienced can have a look will be appreciated.

Although the password is in the chap-secrets file, when firing up the
internet I'm still asked by the passord by the server.

Both ways I'm calling the tunnel (see below) showed ppp0 in ifconfig
output.

Another concern is iptables. Do I have to set up specific rules? I.e.
accept only from tcp 1723 and gre 47? If yes, how?

Here are the steps I'm doing:

# down interface eth0
ifdown eth0

# load interface wlan0
modprobe ndiswrapper
ifup wlan0

# call vpn
pppd pty 'pptp $SERVER --nolaunchpppd' call vpn

# alternate call for debug
pppd call vpn logfd 2 nodetach debug dump

# unload interface wlan0
kill -9 `pgrep pppd`
kill -9 `pgrep pptp`
modprobe -r ppp_mppe
modprobe -r ppp_async
modprobe -r ppp_generic
modprobe -r slhc
rm -f /var/run/{ppp0.pid,pppd.tdb,ppp-vpn.pid}
ifdown wlan0
modprobe -r ndiswrapper

# load again interface eth0
ifup eth0

=========================

This is the output of the tunnel set:

cat /etc/ppp/peers/vpn
# name of tunnel, used to select lines in secrets files
remotename vpn

# name of tunnel, used to name /var/run pid file
linkname vpn

# name of tunnel, passed to ip-up scripts
ipparam vpn

# data stream for pppd to use
pty "pptp $SERVER --nolaunchpppd"

# username used to select lines in secrets files
name $USERNAME

# ppp 2.4.2 style options
usepeerdns
require-mppe-128
refuse-pap
refuse-chap
refuse-mschap
refuse-eap

# enable debugging
debug dump

# do not require the server to authenticate to client
noauth

# adopt defaults from the pptp-linux package
file /etc/ppp/options.pptp

=========================

This is the output of the secrets:

cat  /etc/ppp/chap-secrets
# added for tunnel vpn
$USERNAME vpn $PASSWORD *

Thanks,
Gabriel