Configure a VPN under Linux

Although NetworkManager on Ubuntu supports VPN’s, it doesn’t always work so this article describes how to setup a PPTP VPN under linux. Although it’s Ubuntu specific (this works with 9.10 and 10.04), this should work for most distributions.

What you need

You need to know:

  • The remote IP address of the vpn server
  • The remote network address range
  • A remote name to give to this connection
  • remote username and password

What we’ll use for this article:

  • remote Server Ip – 192.168.2.100
  • remote network address range – 192.168.3.0/24
  • remote Name – myvpn
  • name – peter
  • password – password

Installation

First you need to install pptpd:

peter@kira:~$ sudo apt-get install pptp-linux ppp pptpd

Configuration

Now as root create/etc/ppp/peers/myvpn with the following content – replace the example values listed above with your ones:

peter@kira:~$ sudo vi /etc/ppp/peers/myvpn
pty "pptp 192.168.2.100 --nolaunchpppd"
#debug
#nodetach
#logfd 2
noproxyarp
ipparam myvpn
remotename myvpn
name peter
require-mppe-128
nobsdcomp
nodeflate
lock
noauth
refuse-eap

Next edit /etc/ppp/chap-secrets and add the following line:

peter@kira:~$ sudo vi /etc/ppp/chap-secrets
peter  myvpn  password *

Now edit (create if missing) /etc/ppp/ip-up.d/add-subnet with the following:

peter@kira:~$ sudo vi /etc/ppp/ip-up.d/add-subnet
#!/bin/bash
if [ "$PPP_IPPARAM" = "myvpn" ]
then
    route add -net 192.168.3.0/24 dev $PPP_IFACE
fi

If you created the add-subnet script then:

peter@kira:~$ chmod +x /etc/ppp/ip-up.d/add-subnet

Running the VPN Connection

Now if you have configured everything correctly you’ll be able to start the vpn with

peter@kira:~$ sudo pon myvpn

To stop the vpn:

peter@kira:~$ sudo poff myvpn

If it does not work first time you can uncomment the three lines of /etc/ppp/peers/myvpn. When you do the pon command will not return but it will log what it’s doing.

You may also have to tweek the other parameters in that file so it’s specific to your vpn.

Name resolution

The above will get you up and running with the actual connection but does nothing with configuring dns.

What you can do is either:

  • Manually edit /etc/resolv.conf each time with the remote dns
  • Edit /etc/ppp/ip-up.d/add-subnet to edit resolv.conf when it connects
  • Add hosts directly into your local /etc/hosts file
  • Use a local bind nameserver to use the remote dns server

I actually use the latter with a local bind nameserver.

Advertisements

3 Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s