HOWTO: Connect to a Microsoft PPTP VPN

[mb01915]

This is a bug that has not been resolved yet. I'll look for a link to the network-manager bug so we can track it from here as well. I don't have it readily available since reloading feisty seemed to fix the problem...doing a dist-upgrade was not clean and the source of my initial problems

Thanks for all your help. Interesting that the problem went away with a fresh install. I did the upgrage to 7.10 beta. Maybe I will do a fresh install after the 18th on a different old eMachine box and see what happens.

[hollymcr]

In case anyone is interested:

I just followed the Feisty 32-bit instructions at the top of this thread on Gutsy (7.10) AMD64 and they worked flawlessly; I was connected to my office VPN in a few clicks.

Thanks!

[psiklotron]

I had a lot of trouble trying to figure it out on Gutsy Gibbon but it's working now. yay! In the end what worked for me is the following:

Before connecting
configuring the network-manager -> vpn connections-> configure vpn ->(select connection) -> edit

Authentication Tab: 'Refuse EAP' checked. Everything else unchecked.
Compression & Encryption Tab: 'Require MPPE encryption' and 'Require 128 bit MPPE encryption' checked. Everything else unchecked.
PPP Options Tab: 'Use Peer DNS' and 'Exclusive device access (UUCP-style lock)' checked. Everything else unchecked.
Routing: Peer DNS through tunnel checked. Everything else blank.


After connecting to VPN:
Adding the line
"nameserver 192.168.1.4"
to my resolv.conf file AFTER successfully connecting to VPN. 192.168.1.4 is the IP of my VPN server.

Hope this helps someone. Or possibly me, in the future.

[codedmin]

I install and reinstall network-manager-pptp and still don't have vpn connection in nm-applet...


How can i have this please...

Thanks

[arrrghhh]

ok everyone needs to read thru entire threads before asking questions - codedmin, that question has been answered.

now to address the static issue - someone suggested wiping out everything except the loopback interface from the /etc/interfaces file - this works... however, there's a much easier way.

i found that the ethernet card has to be set to 'roaming mode' to get the vpn options to appear when you click on the network manager icon. switching to anything but 'roaming mode' on eth0 seems to break it, and re-enable roaming mode and vpn settings are back.

so onto why i'm posting...

i have tried to configure a PPTP VPN so many different ways i can't even remember where this all started. but i am definitely closer than i have ever been before - the vpn connects and ppp0 has an ip address. now my issue is, routing! it seems the default routes that the vpn sets up are not good - i have no internet whatsoever when the vpn is connected - i can't access local intranet pages or anything on the internet. i can, however, ping the ip address for the ppp and eth connection. i'm pretty sure i need to configure routing, but configuring it manually via CLI every time i connect? that is ridiculous. i would think that the vpn would set all the appropriate routing for me, but it doesn't. is there an easy way to configure routing? all my attempts have failed miserably. thanks!

[cmnorton]

What I have found is seems to be related to WEB encrypted networks. First, given these "roaming mode" settings, you have to be able to have a regular, non-VPN, connection. With manual connections and no Network-Manager installed I was able to connect on 6.06.

Under 7.04 NetworkManager auto configuration, I cannot connect on my WEP encrypted network. I can connect if I go with manual configuration.

Second, under 7.04 there are many reports that pptpconfig will not work. It also has been deprecated in favor of NetworkManager. If you are using NetworkManager for VPN, you first have to be able to have a non-VPN connection work.

So far, I cannot have a non-VPN NetworkManager connection on my wep-encrypted network. I still have to go with manual configuartion. And, no NetworkManager means no NetworkManager VPN, at least in my case.

[Scotty562]

Worked great on my 7.10 install. Although I did have a small brain fart when configuring it. I coudlnt figure for the life of me what "gateway" was talking about.. I was thinking.. default gateway??? that doesn't make any sense at all. Then the brain fart subdued and all was good in the world .

It would be nice if this was included by default though.

[jen3]

I finally got this to work on a LiveCD of Gutsy Gibbon (Xubuntu 7.10) and it's really not that bad even if

• you have a DSL router on the client side
• your subnet is the same as the one behind the VPN

As long as on the client side your machine has its IP address assigned by DHCP, you can do this all using Gnome Network Manager and its plugin for PPTP VPN as described in previous posts.

Here's what worked for me.

The setup:

• Xubuntu 7.10 (LiveCD)
• client has ethernet and wireless, ethernet works out of the box
• client behind DSL router which assigns IP address via DHCP in the 192.168.1.0 subnet -- 192.168.1.97 in this example
• gateway for VPN at work 200.100.20.10 (let's pretend)
• PPTP VPN assigns addresses via DHCP in the 192.168.1.0 subnet

What I did:

To keep things simple, I wanted to make sure the wireless was happily disabled so it couldn't complicate things. (You can probably make it work with just wireless, or with them both enabled.) So I used the Restricted drivers manager to get the driver for my wireless card, and then I used Gnome Network Manager to disable wireless.

Next I installed the PPTP plugin for Gnome Network Manager. (E.g. System -> Add/Remove, search for 'vpn', select "VPN Connection Manager (PPP generic)".)

In theory now Network Manager should have an entry for VPN Connections. If not try restarting network manager.

Now you can create a new VPN connection. Go to Network Manager and choose VPN Connections -> Configure VPN ...

In the VPN Connections window that opens, choose Add. Click Forward, choose "PPTP tunnel" and click Forward.

Now you're at the Connection tab. Give the connection a name. The Type should be Windows VPN (PPTP) and the Gateway 200.100.20.10 (in this example).

On the Authentication tab, make sure "Refuse EAP" is checked.

On the Compression & Encryption tab, verify that "Require 128 bit MPPE encryption" and "Enable stateful MPPE" are checked.

On the PPP Options tab, in addition to the other IP options already checked (Use Peer DNS and Exclusive device access), check the Debug Output box so you'll have debug info if there's a problem. I also changed the Packet parameters settings for MTU and MRU to 1500, but I don't know if that's essential.

Finally on the Routing tab, "Peer DNS through tunnel" should be checked. Also check the "Only use VPN connection for these addresses" box and then type "192.168.1.0/24". This means that anytime you want to access an address that starts with 192.168.1 it will use the VPN, and otherwise it won't. That way when you're trying to browse the internet it doesn't use the VPN connection. Alternatively you could figure out exactly which addresses on the 192.168.1 network you need, and only list those. This could be advantageous if your home network, like mine, uses the same subnet as work (192.168.1). However listing the whole subnet does even work if you're in that situation - the only thing you can't do while the VPN is connected is access a home machine that has the same address as a machine at work.

Click Apply.

At this point you should bring up a Terminal and type

Code:

sudo tail -f /var/log/syslog

in order to see debug messages.

In theory if you go back to the Gnome Network Manager VPN Connections it should show the connection you just made. But it probably won't. So as mentioned in earlier posts you want to go to another terminal and type

Code:

sudo /etc/dbus-1/event.d/25NetworkManager restart

Now watch the first terminal that is tailing the log and wait until messages in the terminal window completely stop. Once they're finished, in the other terminal you just typed in you can now type

Code:

sudo /etc/dbus-1/event.d/26NetworkManagerDispatcher restart

Now you can use Network Manager to try out the connection you've just created. It should work.

In order to access both the internet and the intranet at the same time, you need to edit your routing table. Execute the following command in another Terminal window:

Code:

route add -net 192.168.1.0 netmask 255.255.255.0 dev ppp0

Each time you connect to the VPN you need to update the routing table, so you may want to put it in a script to execute.

After connecting to the VPN but before adding the route, in my case if you do

Code:

ip route show

in a terminal looks like:

200.100.20.10 via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.97
default via 192.168.1.1 dev eth0

Then once you add your route it adds

192.168.1.0/24 dev ppp0 scope link

after the first entry.

[AlexEagar]

It would be very useful if someone could explain which connection settings in Windows map to which connection settings in the Linux VPN Network Manager. I have a working Windows configuration, but I don't know replicate those settings in Linux.

Here is my working configuration in Windows:

1. Go to 'Start > Control Panel > Network Connections > Virtual Private Network'
2. The connection icon displays the connection name, the connection status, the text 'WAN Miniport (PPTP)'
3. Right click on the connection icon and select Properties
4. General > Host name: 192.168.201.1
5. General > Dial another connection first: Not Checked
6. General > Show icon in notofiction area: Checked
7. Options > Display progress while connecting: Checked
8. Options > Prompt for name and password, certificate, etc.: Checked
9. Options > Include Windows logon domain: Not Checked
10. Options > Redial attempts: 3
11. Options > Time between redial attempts: 1 minute
12. Options > Idle time before hanging up: Never
13. Options > Redial if the line is dropped: Not checked
14. Security > Security options: Typical
15. Security > Validate my identity as follows: Require secured password
16. Security > Automatically use my Windows user name and password (and domain if any): Not Checked
17. Security > Require data encryption (disconnect if none): Not Checked
18. Networking > Type of VPN: Automatic
19. Networking > Type of VPN > Settings > Enable LCP extentions: Not Checked
20. Networking > Type of VPN > Settings > Enable software compression: Checked
21. Networking > Type of VPN > Settings > Negotiate multi-link for single link connections: Not Checked
22. Networking > This connection uses the following settings > Internet Protocol (TCP/IP): Checked
23. Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Obtain an IP Address Automatically: Selected
24. Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Obtain DNS Server Address Automatically: Selected
25. Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > General > Use default gateway on remote network: Checked
26. Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > DNS > DNS Server Addresses: Empty
27. Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > DNS > Append primary and connection specific DNS Suffixes: Selected
28. Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > DNS > Register this connection's addresses in DNS: Not Checked
29. Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > DNS > Append parent suffixes of the primary DNS suffix: Checked
30. Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > WINS > WINS addresses: Empty
31. Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > WINS > Enable LMHOSTS lookup: Checked
32. Networking > This connection uses the following settings > Internet Protocol (TCP/IP) > Properties > General > Advanced > WINS > Enable NetBIOS over TCP/IP: Selected
33. Networking > This connection uses the following settings > QoS Packet Scheduler: Checked
34. Networking > This connection uses the following settings > File and Printer Sharing for Microsoft Networks: Checked
35. Networking > This connection uses the following settings > Client for Microsoft Networks: Checked
36. Networking > This connection uses the following settings > Client for Microsoft Networks > Properties > RPC Service > Name service provider: Windows Locator
37. Advanced > Windows Firewall > Settings > Let me know if you need to know these settings
38. Advanced > Allow other network users to connect through this computer's Internet connection: Not Checked

Now here are my VPN Connection settings in Ununtu 7.10:

1. Connection > Name: DefaultSettingsWithDebugOutput
2. Connection > Type: Windows VPN (PPTP)
3. Connection > Gateway: 192.168.201.1
4. Authentication > Athenticate Peer: Not Checked
5. Authentication > Refuse EAP: Checked
6. Authentication > Refuse CHAP: Not Checked
7. Authentication > Refuse MS CHAP: Not Checked
8. Compression & Encryption > Require MPPC Compression: Not Checked
9. Compression & Encryption > Allow Deflate compression: Not Checked
10. Compression & Encryption > Allow BSD Compression: Not Checked
11. Compression & Encryption > Require MPPE encryption: Not Checked
12. Compression & Encryption > Require 128 bit MPPE encryption: Checked
13. Compression & Encryption > Enable stateful MPPE: Checked
14. PPP Options > Custom PPP Options: Blank
15. PPP Options > Use Peer DNS: Checked
16. PPP Options > Require Explicit IP Addr: Disabled
17. PPP Options > Exclusive divice access (UUCP-style lock): Checked
18. PPP Options > Debug Output: Checked
19. PPP Options > MTU: 1416
20. PPP Options > MRU: 1416
21. PPP Options > connect-delay: Disabled
22. PPP Options > lcp-echo-failure: 10
23. PPP Options > lcp-echo-interval: 10
24. Routing > Peer DNS through tunnel: Checked
25. Routing > Only use VPN connection for these addresses: Not Checked

I just noticed some other settings on the Windows box which may be relavent:

1. Go to 'Start > Control Panel > Network Connections > LAN or High Speed Internet > Local Area Connection > Right Click > Properties > Internet Protocol (TCP/IP) > Properties > Alternate Configuration'
2. User Configured: Selected
3. IP address: 192.168.202.187
4. Subnet mask: 255.255.248.0
5. Default gateway: 192.168.201.1
6. Preferred DNS server: 192.168.201.1
7. Alternate DNS server: 192.168.201.1
8. Preferred WINS server: 192.168.201.1
9. Alternate WINS server: 192.168.201.1

I discovered these settings when I realized that I was not able to ping 192.168.201.1 from my Ubuntu machine. I then manually set my IP settings in Ubuntu to what they are in Windows and I could then ping 192.168.201.1 however, I think that having a manual IP address makes it so that Ubuntu no longer even tries to connect over VPN because I'm no longer getting messages logged to /var/log/ppp-connect-errors and the network icon no longer shows the conncting animation when I try to connect to the VPN. I don't have the Windows machine and the Ubuntu machine plugged in to the network at the same time. I imagine I'll probably need to have a different manual IP address to have them both on the network at the same time, but I'll worry about that after I can get my connection working.

So what settings should I change to get my VPN working?

[cmnorton]

>>I finally got this to work on a LiveCD of Gutsy Gibbon (Xubuntu 7.10) and it's really not that bad even if
>>you have a DSL router on the client side
>>your subnet is the same as the one behind the VPN

Are you saying that if the subnet behind my employer's firewall is 10.100.0, my client side subnet also has to be 10.100.0, and not, say, 192.168.1?