Difference between revisions of "Vpn connections"

Configuring Software - VPN Connections

You may need to connect to a VPN at your workplace or otherwise. Some of these VPNs use all software (such as Microsoft's pptp VPN connections) or a hardware device with a software client (such as nortel or cisco).

To connect to a Microsoft pptp vpn, you will need to ensure you have enabled the proper networking support in your kernel. Once you've got those requirements sorted out, you'll need to emerge the pptp client.

$ sudo emerge -av pptpclient

Once the emerge completes, there are a few files you will need to configure in order to get your VPN connection working properly. On this example, we'll use myVPN as the name of the vpn connection. Be sure to substitute that with your desired name. The first file we'll set up is the peers file.

$ sudo nano -w /etc/ppp/peers/myVPN

/etc/ppp/peers/myVPN

Make sure the file has the following directives. Be sure to change vpn.domain.com to the address of your vpn and user@domain.com with your username and domain.

pty "pptp vpn.domain.com --nolaunchpppd"
name user@domain.com
file /etc/ppp/options.myVPN
require-mppe-128
usepeerdns

Now that the master peers file is configured, we can configure the options file.

$ sudo nano -w /etc/ppp/options.myVPN

/etc/ppp/options.myVPN

The following file contains most of the options you will need. The following configuration should work, but if your VPN is configured differently, you may have to experiment with the options in this file to establish a successful connection.

#pptp options for myVPN
#lock the port
lock
# tunnel originates here so authorization not needed
noauth
# refuse eap - always results in auth failure without this
refuse-eap
#use this space to turn off unused protocols
#nobsdcomp
#nodeflate
#mppe for kernel >= 2.6.15
#require-mppe-128
#mtu settings comment out if broken
#mtu 1000
#mru 1000
#timeout
#lcp-echo-failure 10
#lcp-echo-interval 1

Last but not least, we'll need to configure the chap-secrets file. This is where the connection information such as the password are stored.

$ sudo nano -w /etc/ppp/chap-secrets

/etc/ppp/chap-secrets

Set up your secrets file in the following way. Be sure to substitute username@domain.com with your username and domain, password with your password, and SERVER with your server.

# Secrets for authentication using CHAP
# client              server                secret         IP addresses
username@domain.com   SERVER                password       *
SERVER                username@domain.com   password       *

Once you have connected, you may have to add routes in order to tell your networking infrastructure how to handle requests to destinations on the other side of the ppp connection. This is done in the ip-up file.

$ sudo nano -w /etc/ppp/ip-up

/etc/ppp/ip-up

Use the following example for your configuration. The following adds a route to the 10.10.0.0/24 network on the other side of the pptp connection.

...
route add -net 10.10.0.0 netmask 255.255.0.0 dev ppp0

You should now be able to connect to your VPN. To establish a connection

$ sudo pon myVPN

After a few moments, you should be able to see your connection in ifconfig.

$ sudo ifconfig

Your connection should appear something like this:

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.10.3.126  P-t-P:10.10.3.131  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:392 (392.0 B)  TX bytes:116 (116.0 B)

To disconnect, enter the following:

$ sudo poff myVPN