Sunday, November 23, 2008

How To Configure A Ubuntu PPTP VPN Client

As a Linux user and an telecommuting employee one of my biggest challenges was configuring the VPN Client to connecct to my employer's VPN server so I had access to the Knowledge Base as well as all other Internet services:

Linux, unlike Windows, requires additional routing configurations. Fortunately this is an easy step once you understand what it is Linux is looking for.

This how to uses KVPNC as the VPN manager. The Network-Manager in both KDE and Gnome has a known issue with VPN and therefore is unusable. Ideally it would be best to use it instead of adding another network managemet tool into the mix. However, KVPNC works well in both KDE and Gnome and I assume other GUI interfaces as well.

I am using Ubuntu 8.10 (Intrepid Ibex) in this example.

Start by getting the needed packages:

sudo apt-get install kvpnc pptp

NOTE: pptp-linux which is another pptp client program did not work for my VPN. This may only be a Ubuntu flavored issue. It is recommended to use pptp only.

Once you have installed KVPNC in Ubuntu it can be found in the Internet section of the menu.

Start KVPNC and run the wizard. Plug in your base information. You will not to be able input all information but at this point all we are interested in is getting the profile created. We will use the configuration editor in KVPNC to properly setup Linux to connect to the VPN.




This is the General options window. Gnome users should uncheck “Use KWallet” KDE users will most likely want to leave it checked. Leave “Do not quit by clicking close button” checked. Otherwise KVPNC will not minimize to the system tray.

You may select “Hide on startup” If you choose.

Click “Apply”

Now select General under the Profiles section.



The Profile name should be the one you gave it when you ran the Wizard.

The description is optional.

The connection type should be PPTP

The Gateway address should be the actual IP address of the VPN gateway on the Internet.

Click “Apply” if you made any changes.

Now go to Routes under the Network section



Okay here is where we have to set things up so that everything works like its supposed to. Linux unlike Windows does not automatically setup PPTP routing. This is where we run into issues. It is important you setup the VPN routing exactly as I show you otherwise your access to the Internet can be severely hampered if not outright broken. Linux's default settings will set the VPN tunnel as your only access route to and from the Internet. Most VPN servers are not designed to handle this. So we have to set a route that sends only traffic that is targeted for the VPN to go there while all other traffic uses the default system route.

First thing is tell KVPNC to “Keep default route” otherwise it will use the VPN tunnel for all traffic. The default is “Replace default route” Simply click the drop down arrow and change to “Keep default route” to get the desired behavior.

Next we need to set the VPN route for all traffic associated to the VPN. I will use 192.168.1.0 as the example. To do this click the “Add route” button. This will bring up the settings dialog box.



Set the remote network to 192.168.1.0 with a netmask (matrix) of 24 (default) leave “Use gateway” unchecked and check “Use interface” and then from the drop down select ppp0 for the device.

Click “OK” then click “Apply” in the Network Routing Window.

Now go to PPTP under Connection specific.



Okay this is the final step to get Linux to communicate with our VPN. Make sure that “Require MPPE” is unchecked if you do not use encryption. MPPE is the encryption method for PPTP so this must be off or you will not connect if your VPN doesn't use it. Ensure the “Authorization Method” is set to chap (in most cases) and not pap.

Once you have made these settings click the “Apply” button and close the settings dialog.

Click the “Connect” button and Linux should make the connection to your VPN. You should now be able to access your VPN services and the Internet without restrictions.

27 comments:

Nedim said...

My previous OS was Ubuntu 8.10 and I configured my vpn pptp easily.
(I have installed pptp-linux and network-manager-pptp packages).
Now I have installed Kubuntu 8.10 and I don't know how to setup vpn pptp connection.
Kubuntu 8.10 have a pptp bug (https://bugs.launchpad.net/ubuntu/+source/network-manager-pptp/+bug/123696).My question is how to install vpn pptp on Kubuntu 8.10?
sorry for my English :)

technoshaun said...

Add this line to your /etc/apt/sources.list file:

deb http://quozl.netrek.org/pptp/pptpconfig ./

Replace pptp-linux with pptp. This will also remove network-manager-pptp but its broken anyway.

use the following command "sudo apt-get install pptp kvpnc"

Then follow the instructions in this post. I use my VPN connection almost daily and have had few problems with it.

Nedim said...

Thanks now working.

Adam said...

When I try this command, it says
E: couldn't find package pptp
What can I do from here?

technoshaun said...

Add this to you /etc/apt/sources.list file

deb http://quozl.netrek.org/pptp/pptpconfig ./

m41k0.c3z4r said...

Hi man,

How can I discovery my IP route ?

My gateway IP is 200.186.184.12


any idea?

technoshaun said...

The gateway is the connection to the VPN. A VPN like any other internal network requires the use of the class A, B or C IP addressing schemes set aside for that purpose.

The class A range is 10.0.0.0 - 10.255.255.255, 16,777,216 possible IP addresses.

The class B range is 172.16.0.0 – 172.31.255.255, 1,048,576 possible IP addresses.

The class C range is 192.168.0.0 - 192.168.255.255, 65,536 possible IP addresses.

Most VPNs use the class A address scheme but not all.

The best and most accurate way to obtain this information is to ask the network adminitrator of your VPN.

Anonymous said...

Hello

simply GREAT! I wished I had
known these instructions a while ago.

I had to use windows XP in order to
connect to the pptp server.


I got the pptp client to work but
the routing never worked.


The only solution I found finally was
sudo route add -net 147.96.1.0 netmask 255.255.255.0 gw 147.96.68.129 dev ppp0

where 147.96.1.0 is the remote network
and 147.96.68.129 the gateway, I even tried this setting in kvpnc and it DID not work.

your solution specifying the network but letting the gateway
unspecified *worked*

although I don't understand why.

thanks again

Uwe Brauer

Anonymous said...

Hello

Bad news and a question.
While I got kvpnc to work, when using
the wirless connection via eth1, I just discovered that I can't connect to the pptp server, when I use my analog modem (which uses the pp0 port). The odd thing is, when I switch to Windows XP, I can use the modem and connect to the pptp server.

Is there anything I could do?

thanks

Uwe Brauer

Tim said...

This works perfectly...thanks very much for the post.

technoshaun said...

The problem is that the modem when activated will be PP0 which is direct conflict with the VPN connection which is also pp0. In your case hard set the VPN as PP1m and no matter whether you use a Network or Modem connection the VPN will use PP1. This will require some settings changes of course but where pp0 is used in my example use pp1 instead. There may be other locations where you will have to make device identity changes as well.

Diccon said...

Excellent guide. Clear and had all the little booby traps pointed out.

Not to plague you with tech problems, but any idea why KVPNC might refuse to disconnect? It seems to be acting sluggish when connected and just ignores the various clicks and keypresses. I can kill it, and then have to clean up various routes it's created. PITA though.

Thanks and well done!

technoshaun said...

I have had the same problem and best I could determine was its the Windows side not Linux. When you send the disconnect request it doesn't seem to be honored. Its not until the remote mode hangs up do you get cut loose.

Dan said...

Thanks for this blog. It's been VERY helpful to a newcomer like me.

This looks like the solution my (common, it seems) problem. However, like another commenter, when I try to install pptp I get the same response: "couldn't find package pptp".

i have the line: "deb http://quozl.netrek.org/pptp/pptpconfig ./" in the sources.list file, but that doesn't seem to make a difference. Any other place I might be able to find the pptp file?

oub said...

The modem problem ppp0 vs ppp1.

If I understand you correctly I have to set that manually, that is I can't use a client, for in any of the VPN clients I am aware, the port for the connection is always ppp0 never ppp1, Kvpnc does not offer me to use ppp1. Is this correct or do I oversee something? thanks

Uwe Brauer

oub said...

Another problem: send ALL traffic through tunnel.

Hi if I understand you correctly --I quote--
"Linux's default settings will set the VPN tunnel as your only access route to and from the Internet."

That is the behaviour I desire!
Here is why:

in my university we have access to certain service of certain journals. Since this service is not free, it is restricted to users who connect from a PC which has an IP (usually static) within a certain (say 147.96.X.X) range. So far so good. When I connect to a say wireless network, or via a modem outside my university, I therefore have a different IP, I can not use these services. However I open a VPN tunnel to my university in MS XP, and start then a browser, I can use this service. Now when I try to do the same in Linux, with your setting: -it seems that the VPN connection works, -I open the browser and I cannot use these service
what could be the problem. Any help is very much appropriate, since even our administrators who are basically MS guys have no idea why it does not work.

Uwe Brauer

karl.rosenqvist said...

Oh, thank you! Finally I can use it. You wouldn't believe (or would you) how hard it is to find this info.

technoshaun said...

Which is exactly why I posted this How To on my blog.

Anonymous said...

thank you thank you thank you

Anonymous said...

I have Ubuntu 10.04 and my VPN server is a PFSENSE (linux too), Hard to say but I'm using PPTP instead of IPSEC, but (decision apart) I follow your guide and ever my connection refuse to connect.

The message is:

error: Remote modem has hung up. Connection was terminated.
debug: There is a reason to stop connecting, terminating "pppd" process.
debug: Disconnect requested
debug: Disconnect requested, status connecting
debug: Killing process while connecting.
debug: pppd secrets file: /etc/ppp/chap-secrets
success: Successful connect try canceled.
debug: Disconnected.

I have a MAC and I have no problems connecting to the VPN, that confirm (I believe) the VPN works well.

Any idea?

JM

technoshaun said...

Since your MAC connects take a look at the settings for it and match them in kvpnc as closely as possible. You will most likely need to do a bit of digging into the settings interface but paying close attention to what the MAC is set should help you. You may just simply need to use security. It really depends on the the other end and how its set up but since your MAC works all that information should be in there.

Anonymous said...

Shaun

Me again, I try to re-check my MAC connection (sorry about the delay to answer but I change country in the mid-time....actually continent). My MAC continue to connect to the VPN, I test the connection with an IPAD and worked too, with a WXP machine on a VirtualBox and work too.
To CLEAN all other possibility I re-install my Ubuntu from scratch, upgrading to 10.04, install KVPNC, I cannot instal pptp package (not available), at the end, the VPN again didn't work, same message same everything.
Any kind of help should be very helpful.
JM

technoshaun said...

Use the following to install pptp: http://poptop.sourceforge.net/dox/debian-howto.phtml

Unfortunately pptp is no longer being developed and Canonical has their own pptp (network-manager-pptp) though I haven't tested it you may want to give that a try now.

technoshaun said...
This comment has been removed by the author.
Anonymous said...

Thank's man!

Bradley White said...

Thank you.Good configuration.
top10-bestvpn.com

Richard B. McCall said...

Thanks a lot for your job.Good solution for Ubuntu.
Nice configuration for VPN client.
It works excellent.
10webhostingservice