In case anyone is interested:
I just followed the Feisty 32-bit instructions at the top of this thread on Gutsy (7.10) AMD64 and they worked flawlessly; I was connected to my office VPN in a few clicks.
Thanks!
I had a lot of trouble trying to figure it out on Gutsy Gibbon but it's working now. yay! In the end what worked for me is the following:
Before connecting
configuring the network-manager -> vpn connections-> configure vpn ->(select connection) -> edit
Authentication Tab: 'Refuse EAP' checked. Everything else unchecked.
Compression & Encryption Tab: 'Require MPPE encryption' and 'Require 128 bit MPPE encryption' checked. Everything else unchecked.
PPP Options Tab: 'Use Peer DNS' and 'Exclusive device access (UUCP-style lock)' checked. Everything else unchecked.
Routing: Peer DNS through tunnel checked. Everything else blank.
After connecting to VPN:
Adding the line
"nameserver 192.168.1.4"
to my resolv.conf file AFTER successfully connecting to VPN. 192.168.1.4 is the IP of my VPN server.
Hope this helps someone. Or possibly me, in the future.
I install and reinstall network-manager-pptp and still don't have vpn connection in nm-applet...
How can i have this please...
Thanks
ok everyone needs to read thru entire threads before asking questions - codedmin, that question has been answered.
now to address the static issue - someone suggested wiping out everything except the loopback interface from the /etc/interfaces file - this works... however, there's a much easier way.
i found that the ethernet card has to be set to 'roaming mode' to get the vpn options to appear when you click on the network manager icon. switching to anything but 'roaming mode' on eth0 seems to break it, and re-enable roaming mode and vpn settings are back.
so onto why i'm posting...
i have tried to configure a PPTP VPN so many different ways i can't even remember where this all started. but i am definitely closer than i have ever been before - the vpn connects and ppp0 has an ip address. now my issue is, routing! it seems the default routes that the vpn sets up are not good - i have no internet whatsoever when the vpn is connected - i can't access local intranet pages or anything on the internet. i can, however, ping the ip address for the ppp and eth connection. i'm pretty sure i need to configure routing, but configuring it manually via CLI every time i connect? that is ridiculous. i would think that the vpn would set all the appropriate routing for me, but it doesn't. is there an easy way to configure routing? all my attempts have failed miserably. thanks!
What I have found is seems to be related to WEB encrypted networks. First, given these "roaming mode" settings, you have to be able to have a regular, non-VPN, connection. With manual connections and no Network-Manager installed I was able to connect on 6.06.
Under 7.04 NetworkManager auto configuration, I cannot connect on my WEP encrypted network. I can connect if I go with manual configuration.
Second, under 7.04 there are many reports that pptpconfig will not work. It also has been deprecated in favor of NetworkManager. If you are using NetworkManager for VPN, you first have to be able to have a non-VPN connection work.
So far, I cannot have a non-VPN NetworkManager connection on my wep-encrypted network. I still have to go with manual configuartion. And, no NetworkManager means no NetworkManager VPN, at least in my case.
cmn
Worked great on my 7.10 install. Although I did have a small brain fart when configuring it. I coudlnt figure for the life of me what "gateway" was talking about.. I was thinking.. default gateway??? that doesn't make any sense at all. Then the brain fart subdued and all was good in the world .
It would be nice if this was included by default though.
I finally got this to work on a LiveCD of Gutsy Gibbon (Xubuntu 7.10) and it's really not that bad even if
- you have a DSL router on the client side
- your subnet is the same as the one behind the VPN
As long as on the client side your machine has its IP address assigned by DHCP, you can do this all using Gnome Network Manager and its plugin for PPTP VPN as described in previous posts.
Here's what worked for me.
The setup:
- Xubuntu 7.10 (LiveCD)
- client has ethernet and wireless, ethernet works out of the box
- client behind DSL router which assigns IP address via DHCP in the 192.168.1.0 subnet -- 192.168.1.97 in this example
- gateway for VPN at work 200.100.20.10 (let's pretend)
- PPTP VPN assigns addresses via DHCP in the 192.168.1.0 subnet
What I did:
To keep things simple, I wanted to make sure the wireless was happily disabled so it couldn't complicate things. (You can probably make it work with just wireless, or with them both enabled.) So I used the Restricted drivers manager to get the driver for my wireless card, and then I used Gnome Network Manager to disable wireless.
Next I installed the PPTP plugin for Gnome Network Manager. (E.g. System -> Add/Remove, search for 'vpn', select "VPN Connection Manager (PPP generic)".)
In theory now Network Manager should have an entry for VPN Connections. If not try restarting network manager.
Now you can create a new VPN connection. Go to Network Manager and choose VPN Connections -> Configure VPN ...
In the VPN Connections window that opens, choose Add. Click Forward, choose "PPTP tunnel" and click Forward.
Now you're at the Connection tab. Give the connection a name. The Type should be Windows VPN (PPTP) and the Gateway 200.100.20.10 (in this example).
On the Authentication tab, make sure "Refuse EAP" is checked.
On the Compression & Encryption tab, verify that "Require 128 bit MPPE encryption" and "Enable stateful MPPE" are checked.
On the PPP Options tab, in addition to the other IP options already checked (Use Peer DNS and Exclusive device access), check the Debug Output box so you'll have debug info if there's a problem. I also changed the Packet parameters settings for MTU and MRU to 1500, but I don't know if that's essential.
Finally on the Routing tab, "Peer DNS through tunnel" should be checked. Also check the "Only use VPN connection for these addresses" box and then type "192.168.1.0/24". This means that anytime you want to access an address that starts with 192.168.1 it will use the VPN, and otherwise it won't. That way when you're trying to browse the internet it doesn't use the VPN connection. Alternatively you could figure out exactly which addresses on the 192.168.1 network you need, and only list those. This could be advantageous if your home network, like mine, uses the same subnet as work (192.168.1). However listing the whole subnet does even work if you're in that situation - the only thing you can't do while the VPN is connected is access a home machine that has the same address as a machine at work.
Click Apply.
At this point you should bring up a Terminal and type
in order to see debug messages.Code:sudo tail -f /var/log/syslog
In theory if you go back to the Gnome Network Manager VPN Connections it should show the connection you just made. But it probably won't. So as mentioned in earlier posts you want to go to another terminal and type
Now watch the first terminal that is tailing the log and wait until messages in the terminal window completely stop. Once they're finished, in the other terminal you just typed in you can now typeCode:sudo /etc/dbus-1/event.d/25NetworkManager restart
Now you can use Network Manager to try out the connection you've just created. It should work.Code:sudo /etc/dbus-1/event.d/26NetworkManagerDispatcher restart
In order to access both the internet and the intranet at the same time, you need to edit your routing table. Execute the following command in another Terminal window:
Each time you connect to the VPN you need to update the routing table, so you may want to put it in a script to execute.Code:route add -net 192.168.1.0 netmask 255.255.255.0 dev ppp0
After connecting to the VPN but before adding the route, in my case if you do
in a terminal looks like:Code:ip route show
200.100.20.10 via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.97
default via 192.168.1.1 dev eth0
Then once you add your route it adds
192.168.1.0/24 dev ppp0 scope link
after the first entry.
It would be very useful if someone could explain which connection settings in Windows map to which connection settings in the Linux VPN Network Manager. I have a working Windows configuration, but I don't know replicate those settings in Linux.
Here is my working configuration in Windows:
- Go to 'Start > Control Panel > Network Connections > Virtual Private Network'
- The connection icon displays the connection name, the connection status, the text 'WAN Miniport (PPTP)'
- Right click on the connection icon and select Properties
- General > Host name: 192.168.201.1
- General > Dial another connection first: Not Checked
- General > Show icon in notofiction area: Checked
- Options > Display progress while connecting: Checked
- Options > Prompt for name and password, certificate, etc.: Checked
- Options > Include Windows logon domain: Not Checked
- Options > Redial attempts: 3
- Options > Time between redial attempts: 1 minute
- Options > Idle time before hanging up: Never
- Options > Redial if the line is dropped: Not checked
- Security > Security options: Typical
- Security > Validate my identity as follows: Require secured password
- Security > Automatically use my Windows user name and password (and domain if any): Not Checked
- Security > Require data encryption (disconnect if none): Not Checked
- Networking > Type of VPN: Automatic
- Networking > Type of VPN > Settings > Enable LCP extentions: Not Checked
- Networking > Type of VPN > Settings > Enable software compression: Checked
- Networking > Type of VPN > Settings > Negotiate multi-link for single link connections: Not Checked
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP): Checked
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Obtain an IP Address Automatically: Selected
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Obtain DNS Server Address Automatically: Selected
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > General > Use default gateway on remote network: Checked
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > DNS > DNS Server Addresses: Empty
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > DNS > Append primary and connection specific DNS Suffixes: Selected
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > DNS > Register this connection's addresses in DNS: Not Checked
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > DNS > Append parent suffixes of the primary DNS suffix: Checked
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > WINS > WINS addresses: Empty
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > WINS > Enable LMHOSTS lookup: Checked
- Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > WINS > Enable NetBIOS over TCP/IP: Selected
- Networking > This connection uses the following settings > QoS Packet Scheduler: Checked
- Networking > This connection uses the following settings > File and Printer Sharing for Microsoft Networks: Checked
- Networking > This connection uses the following settings > Client for Microsoft Networks: Checked
- Networking > This connection uses the following settings > Client for Microsoft Networks > Properties > RPC Service > Name service provider: Windows Locator
- Advanced > Windows Firewall > Settings > Let me know if you need to know these settings
- Advanced > Allow other network users to connect through this computer's Internet connection: Not Checked
Now here are my VPN Connection settings in Ununtu 7.10:
- Connection > Name: DefaultSettingsWithDebugOutput
- Connection > Type: Windows VPN (PPTP)
- Connection > Gateway: 192.168.201.1
- Authentication > Athenticate Peer: Not Checked
- Authentication > Refuse EAP: Checked
- Authentication > Refuse CHAP: Not Checked
- Authentication > Refuse MS CHAP: Not Checked
- Compression & Encryption > Require MPPC Compression: Not Checked
- Compression & Encryption > Allow Deflate compression: Not Checked
- Compression & Encryption > Allow BSD Compression: Not Checked
- Compression & Encryption > Require MPPE encryption: Not Checked
- Compression & Encryption > Require 128 bit MPPE encryption: Checked
- Compression & Encryption > Enable stateful MPPE: Checked
- PPP Options > Custom PPP Options: Blank
- PPP Options > Use Peer DNS: Checked
- PPP Options > Require Explicit IP Addr: Disabled
- PPP Options > Exclusive divice access (UUCP-style lock): Checked
- PPP Options > Debug Output: Checked
- PPP Options > MTU: 1416
- PPP Options > MRU: 1416
- PPP Options > connect-delay: Disabled
- PPP Options > lcp-echo-failure: 10
- PPP Options > lcp-echo-interval: 10
- Routing > Peer DNS through tunnel: Checked
- Routing > Only use VPN connection for these addresses: Not Checked
I just noticed some other settings on the Windows box which may be relavent:
- Go to 'Start > Control Panel > Network Connections > LAN or High Speed Internet > Local Area Connection > Right Click > Properties > Internet Protocol (TCP/IP) > Properties > Alternate Configuration'
- User Configured: Selected
- IP address: 192.168.202.187
- Subnet mask: 255.255.248.0
- Default gateway: 192.168.201.1
- Preferred DNS server: 192.168.201.1
- Alternate DNS server: 192.168.201.1
- Preferred WINS server: 192.168.201.1
- Alternate WINS server: 192.168.201.1
I discovered these settings when I realized that I was not able to ping 192.168.201.1 from my Ubuntu machine. I then manually set my IP settings in Ubuntu to what they are in Windows and I could then ping 192.168.201.1 however, I think that having a manual IP address makes it so that Ubuntu no longer even tries to connect over VPN because I'm no longer getting messages logged to /var/log/ppp-connect-errors and the network icon no longer shows the conncting animation when I try to connect to the VPN. I don't have the Windows machine and the Ubuntu machine plugged in to the network at the same time. I imagine I'll probably need to have a different manual IP address to have them both on the network at the same time, but I'll worry about that after I can get my connection working.
So what settings should I change to get my VPN working?
>>I finally got this to work on a LiveCD of Gutsy Gibbon (Xubuntu 7.10) and it's really not that bad even if
>>you have a DSL router on the client side
>>your subnet is the same as the one behind the VPN
Are you saying that if the subnet behind my employer's firewall is 10.100.0, my client side subnet also has to be 10.100.0, and not, say, 192.168.1?
Last edited by cmnorton; November 19th, 2007 at 11:54 PM. Reason: fix non-quoting
cmn
Bookmarks