Vpn connections

From gr0x0rd
Revision as of 08:05, 21 April 2017 by Gr0x0rd (talk | contribs) (→‎Configuring Software - VPN Connections)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Configuring Software - VPN Connections

pptp client

You may need to connect to a VPN at your workplace or otherwise. Some of these VPNs use all software (such as Microsoft's pptp VPN connections) or a hardware device with a software client (such as nortel or cisco).

To connect to a Microsoft pptp vpn, you will need to ensure you have enabled the proper networking support in your kernel. Once you've got those requirements sorted out, you'll need to emerge the pptp client. 

$ sudo emerge -av pptpclient

Once the emerge completes, there are a few files you will need to configure in order to get your VPN connection working properly. On this example, we'll use myVPN as the name of the vpn connection. Be sure to substitute that with your desired name. The first file we'll set up is the peers file. 

$ sudo nano -w /etc/ppp/peers/myVPN

/etc/ppp/peers/myVPN

Make sure the file has the following directives. Be sure to change vpn.domain.com to the address of your vpn and user@domain.com with your username and domain. 

pty "pptp vpn.domain.com --nolaunchpppd"
name user@domain.com
file /etc/ppp/options.myVPN
require-mppe-128
usepeerdns

Now that the master peers file is configured, we can configure the options file. 

$ sudo nano -w /etc/ppp/options.myVPN

/etc/ppp/options.myVPN

The following file contains most of the options you will need. The following configuration should work, but if your VPN is configured differently, you may have to experiment with the options in this file to establish a successful connection. 

#pptp options for myVPN
#lock the port
lock
# tunnel originates here so authorization not needed
noauth
# refuse eap - always results in auth failure without this
refuse-eap
#use this space to turn off unused protocols
#nobsdcomp
#nodeflate
#mppe for kernel >= 2.6.15
#require-mppe-128
#mtu settings comment out if broken
#mtu 1000
#mru 1000
#timeout
#lcp-echo-failure 10
#lcp-echo-interval 1

Last but not least, we'll need to configure the chap-secrets file. This is where the connection information such as the password are stored. 

$ sudo nano -w /etc/ppp/chap-secrets

/etc/ppp/chap-secrets

Set up your secrets file in the following way. Be sure to substitute username@domain.com with your username and domain, password with your password, and SERVER with your server. 

# Secrets for authentication using CHAP
# client              server                secret         IP addresses
username@domain.com   SERVER                password       *
SERVER                username@domain.com   password       *

Once you have connected, you may have to add routes in order to tell your networking infrastructure how to handle requests to destinations on the other side of the ppp connection. This is done in the ip-up file. 

$ sudo nano -w /etc/ppp/ip-up

/etc/ppp/ip-up

Use the following example for your configuration. The following adds a route to the 10.10.0.0/16 network on the other side of the pptp connection. 

...
route add -net 10.10.0.0 netmask 255.255.0.0 dev ppp0

You should now be able to connect to your VPN. To establish a connection 

$ sudo pon myVPN

After a few moments, you should be able to see your connection in ifconfig. 

$ sudo ifconfig

Your connection should appear something like this: 

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.10.3.126  P-t-P:10.10.3.131  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:392 (392.0 B)  TX bytes:116 (116.0 B)

To disconnect, enter the following: 

$ sudo poff myVPN

It's not working!!

Fear not. You can add a few parameters to your tunnel activation command to get verbose debugging messages to find out what's wrong. 

$ sudo pon myVPN debug dump logfd 2 nodetach

Cisco AnyConnect client

You will need to download and extract the AnyConnect client from whatever source makes it available. Navigate into the extracted folder, then enter the vpn folder. 

$ cd vpn

Install the client using the bash script provided. 

$ sudo bash vpn_install.sh

The client files will be installed to /opt/cisco/. In the anyconnect folder is where you'll find the client binaries, of importance are vpnui (used to start the GTK-based vpn client GUI) and vpnagentd (the UI and client will not run without this service running in the background).

The service doesn't integrate nicely into Gentoo's startup. After rebooting, you'll need to run it again before the UI will start, or simply reinstall the agent.

There is also a dependency for the GUI. If the client doesn't work from the desktop manager's shortcut, try running vpnui from the command line and note the missing library. This can be installed from portage, but I forget which one it is specifically...

L2TP client

Retrieved from "http:///index.php?title=Vpn_connections&oldid=787"