Howto setup Microsoft VPN with gpptp (4.12 - 4.31) + (5.xx)

How to do things, solutions, recipes, tutorials
Message
Author
jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

Howto setup Microsoft VPN with gpptp (4.12 - 4.31) + (5.xx)

#1 Post by jafadmin »

*** [ Updated 5-7-2014] *** New Gpptp v2.0 Pets in this thread:
http://murga-linux.com/puppy/viewtopic.php?t=93384

***[ Updated 10-20-2011] *** New version compiled for lupu 5.xx

*** [ Updated 5/25/2009 ] *** new versions of gpptp and the script posted below ....
***************

How to connect puppy to your M$ VPN corporate network.

(assumes you have a working internet connection and functional DNS)

1. in /etc/ppp, copy "ip-up-EXAMPLE" to just "ip-up" (if you haven't done it already.. the defaults work ok ) *SEE NOTE BELOW
2. in the /etc/options.pptp file, uncomment the: "require-mppe-128" line, and save the file.
3. Start gpptp and enter the authentication info. (i.e: vpn.mycorp.com (or ip addr), mycorp-domainname\myusername, mysupersekritpassword)
4. press "connect". Wait for "VPN pppX - (pid XXXXXX) created..."

Technically interesting:
at this point you won't be able to ping anything on your corp network except the vpn server itself. If you open a console and type the "route" command you will find an entry with the lanside ip of your corp's vpn server.

If you type "ip addr" you'll find you have a new ip address (supplied by your corp's dhcp server) matching your corp's lan subnet and the address of the vpn peer.

So:
5. in a console window type:

route add -net 172.16.1.0 netmask 255.255.255.0 gw 172.16.1.142

where 172.16.1.0 represents your corp subnet and 172.16.1.142 is the theoretical "peer" ip from the "ip addr" command.
Once this command executes you'll have total access to your corporate network.

To simplify things I created an executable script in my-applications/bin for each connection, that reads a variation of:

Code: Select all

gpptp
route add -net 172.16.1.0 netmask 255.255.255.0 gw 172.16.1.142
[Edit] * THIS IS PROBABLY THE BEST APPROACH TO THE ROUTING ISSUE:
Adding the following to the end of the "/etc/ppp/ip-up" file will solve the default gateway issue

Code: Select all


#  The following figures out our most current "ppp" number
#   and sets default route to it.
MYPPP="ppp"

ppp_count=$(ifconfig |grep -c ppp) 		# Find highest ppp* number which is the one we want.

if [ $ppp_count -gt "0" ]   						 # It MUST find a ppp* before we set routes
then
  	ppp_count=`expr $ppp_count - 1` 	# Decrement the count by one to match dev number
  	MYPPP="$MYPPP$ppp_count"			  # Append dev number to the ppp variable		
  	route add default  $MYPPP					# Set the default route
fi
*****

I do exactly this from a 4.12 LiveCD and it works. The changes to files, etc will be permanent on your other installs. I make a symlink to the script and put it on my desktop.

good luck, and post any questions ...

search tags: ppp, pptp, vpn, msvpn, ms vpn

This is the most recent compile of Gpptp (as of Oct 20, 2011):
Attachments
gpptp-lupu-vpn.tar.gz
gpptp for the lupu 5.xx versions. (compiled on lupu 5.28)
(9.41 KiB) Downloaded 1120 times
gpptp-mod.zip
gpptp for the 4.12 - 4.3x versions (compiled on puppy 4.21)
(10.28 KiB) Downloaded 1361 times
Last edited by jafadmin on Thu 08 May 2014, 07:22, edited 51 times in total.

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#2 Post by jafadmin »

BTW, for the trivia buffs; Yes, you can run your thumbdrive thru the laundry and it still works like new.

... don't ask :roll:

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#3 Post by disciple »

if you type "ip addr" you'll find you have a new ip address (supplied by your corp's dhcp server) matching your corp's lan subnet and the address of the vpn peer.
... and 192.168.1.142 is the theoretical "peer" ip from the "ip addr" command.
Ah - now I see this post, after spending all that time trying to figure it out :)

I can do this instead

Code: Select all

route add -net 192.168.1.0 netmask 255.255.255.0 dev ppp0
Wait for "exited with 0". (0=success!)
Are you sure that is right? There is a "disconnect" button, which is greyed out, and I would have thought it is supposed so you can disconnect when you are finished, after which I would expect it to exit with 0. Otherwise what is the disconnect button for?... maybe I should look at the source some time.

At the moment, I seem to have to run

Code: Select all

killall pppd
to disconnect.

BTW presumably the drop-down arrows in gpptp are meant to actually work... does anyone know where to save the information so your connections show up in here?
Yes, you can run your thumbdrive thru the laundry and it still works like new.
Yes, mine has been through a number of times :)
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

tempestuous
Posts: 5464
Joined: Fri 10 Jun 2005, 05:12
Location: Australia

#4 Post by tempestuous »

If anyone's interested in seeing what commands and configuration files are involved with connection to a M$ VPN server, have a look at the process we followed back in the days of Puppy 1.09 (early 2006) -
http://www.murga-linux.com/puppy/viewto ... 2140#42140

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#5 Post by jafadmin »

A bonus tip:

I usually use my Thinkpad X60 running 4.2x to connect via verizon broadband wireless because the hardware is built-in.

Since I'm connecting from a routable IP address, I create a script to route all non-routable (RFC-1918) networks using my "ppp? - inet addr" address as the gateway. What this does is make available to me all RFC-1918 networks that route back to the vpn server I connected to.

So for customers whose systems I administer, one short script gives me access to all their subnets.

short example ..

Code: Select all

route add -net 10.0.0.0 netmask 255.0.0.0 gw $1
route add -net 192.168.0.0 netmask 255.255.0.0 gw $1
Where $1 is the ip address assigned to me by the VPN server.

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#6 Post by jafadmin »

Here is a mod I did of gpptp so you can populate the dropdown lists and automate the connection process. Read the readme file for details.

jafadmin

[ updated 5-22-2009 ]

I've spent a little time re-working aspects of the Gpptp client. It will now:

1. Retrieve usernames and servernames/ipaddrs of servers from
user-editable files in the /etc/ppp directory.

2. Fixed the buttons so you can disconnect and reconnect using
different servers or userid's without exiting the app.

3. Fixed it so that it knows the pid of the spawned pppd process
so it will kill properly.
.......

Stuff I'm working on:

It would be nice to integrate the route handling into the app instead of using scripts.

maybe a "single file" structure to handle "profiles" that contain all the particular settings details for each particular vpn environment we need to connect to.
Last edited by jafadmin on Sat 23 May 2009, 18:04, edited 1 time in total.

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#7 Post by jafadmin »

disciple wrote:
At the moment, I seem to have to run

Code: Select all

killall pppd
to disconnect.

BTW presumably the drop-down arrows in gpptp are meant to actually work... does anyone know where to save the information so your connections show up in here?
These are now semi-fixed .. 8)

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#8 Post by jafadmin »

As of today, the following mods have been done.

Gpptp will now remember your VPN sessions after you close the window so you can connect, close the vpn window, then re-open Gpptp later and disconnect the active VPN session if it still exists.

You can use an editor to put entries in the "/etc/ppp/vpn_servers" and the "/etc/ppp/vpn_userids" files and the entries will show up in the drop-down lists in the app.

I added a "Close window" button that will kill the app but leave the connection in place. The "Disconnect" button now works as one would expect; .. if there is an active connection it will be disconnected.

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#9 Post by disciple »

Thanks.
That's weird. It's a lot better, except after I disconnect the vpn my normal network connection doesn't work until I reboot :?

Ideally it would be good if the route command was added to the main program... although it may be easier to rewrite as a gtkdialog program instead :)

BTW can we have the source please? Or at least when you've finished, if you're still working on it.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#10 Post by jafadmin »

disciple wrote:Thanks.
That's weird. It's a lot better, except after I disconnect the vpn my normal network connection doesn't work until I reboot :?

Ideally it would be good if the route command was added to the main program... although it may be easier to rewrite as a gtkdialog program instead :)

BTW can we have the source please? Or at least when you've finished, if you're still working on it.
What happens is that your DNS gets reset by the VPN dhcp function where you connect. When you disconnect, the DNS servers can't be reached so dns resolution fails. You shouldn't need to reboot, just have the network connection wizard re-aquire dhcp after you disconnect..

I'm still working on it. The plan is to incorporate the routes into the app and have it fix the dns when we disconnect the VPN connection (I can do this by caching /etc/resolve.conf then restoring it when user disconnects) . Let me clean up the source and I'll send it to you.

Eventually I want it to be able to have multiple connection choices like the remote desktop app has so you can just load the connection by a saved name and it will automatically set everything for that VPN site.

Drive it like you stole it and let me know what's breaking ...

jafa

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#11 Post by disciple »

When I tried it before though, my network still worked after I killed pppd :?
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#12 Post by jafadmin »

disciple wrote:When I tried it before though, my network still worked after I killed pppd :?
[Edit]

Ok, I added the functionality to backup and restore the "/etc/resolv.conf" when it connects to and disconnects from a VPN server. This means your DNS should return to it's previous state after you click the "Disconnect" button.

I Have a New Puppy
Posts: 7
Joined: Fri 05 Jun 2009, 17:11

almost there, but am snagged on which subnet to enter

#13 Post by I Have a New Puppy »

Thanks for the great forum and this post in particular!

I am very new to PL (since only Jan 09), and GPPTP
has been my biggest snag so far. I know little about
Linux and networking issues, but am a quick learner.
I figured out the wifi driver (my biggest PL street cred so far).

I've done jafadmin'd steps 1-4, and GPPTP "exited with 0".
Some ping activity on the ppp0 blinky, too.

However, my traffic is not yet going through the VPN.
I've tried many permutations of the route add command,
but am clearly not entering the correct IPs.

Please advise me with a completed route command containing
the right subnet, genmask, and peer IP. I'm clearly confused
between subnet, placeholder, peer, etc.

The VPN manual mentions setting DNS to 208.67.222.222 (which shows
up in resolv.conf) and 208.67.220.220 (which doesn't). Should I use
them instead of the 192.168.x.xx?
I've not yet tried either one in the "route add" command.

Do I change the ppp0's assigned genmask from 255.255.255.255 to 255.255.255.0, or was 255.255.255.0 merely an example?

Finally, how do I permanently install the new/improved GPPTP client to my boot CD or pup_save? There must be link about this kind of thing.
Remember, I'm a total PL and Linux newbie.

Many thanks for your help.
I suspect that I'm very nearly there, but am tapped out of ideas.

Ken



WHAT I GOT FROM ROUTE :
Destination Gateway Genmask Flags Iface
192.168.2.1 * 255.255.255.255 UH ppp0
192.168.0.0 * 255.255.255.0 U wlan0
169.254.0.0 * 255.255.0.0 U wlan0
default 192.168.0.1 0.0.0.0 UG wlan0



WHAT I GOT FROM IP ADDR:
inet 192.168.0.12/24 brd 192.168.0.255 scope global wlan0
inet 192.168.2.54 peer 192.168.2.1/32 scope global ppp0


WHAT I GOT FROM resolv.conf:
nameserver 192.168.2.1
nameserver 208.67.222.222 (this IP is mentioned in my VPN provider's manual, but it didn't show up in "route" or "ip addr")


PINGING:
192.168.2.54 pingback, but only wlan0 blinky
192.168.2.1 no pingback, but wlan0 and ppp0 blinky active
192.168.1.0 no pingback, but wlan0 and ppp0 blinky active
192.168.0.1 pingback, but only wlan0 blinky



ANOTHER DAY, WHAT I GOT FROM WINDOWS IPCONFIG/ALL:
802.11b/g
IP Address 192.168.0.11
Subnet Mask 255.255.255.0
Default Gateway 192.168.0.1
DHCP Server 192.168.0.1
DNS Servers <private>

WAN (PPP/SLIP)
IP Address 192.168.2.41
Subnet Mask 255.255.255.255
Default Gateway 192.168.2.41
DNS Servers 192.168.2.1
208.67.222.222




HISTORY/RESULTS OF MY ROUTE COMMAND ATTEMPTS
(I ENTERED THESE SEQUENTIALLY, NOT DELETING PREVIOUS
ONES AS I WENT. DID THAT PREVENT A SOLUTION?)

route add -net 192.168.2.54 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute (still my local IP)

route add -net 192.168.2.54 netmask 255.255.255.255 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

route add -net 192.168.0.1 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1
(no response)
no ppp0 blinky, and no IP reroute

route add -net 192.168.1.0 netmask 255.255.255.0 dev ppp0
(no response)
no ppp0 blinky, and no IP reroute

route add -net 192.168.2.54 netmask 255.255.255.0 dev ppp0
netmask and route address conflict

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

route add -net 192.168.2.1 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

route add -net 192.168.0.12 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#14 Post by jafadmin »

First of all before working with the routing, make sure you can ping the peer address listed in the "ip addr" command after the vpn connects. If it pings and If I'm understanding your post above, ...

route add -net 192.168.2.0/24 ppp0

should route the 192.168.2.1 thru 192.168.2.254 subnet traffic over the vpn ppp.

(It would help to know what ip address ranges you're trying to route over the vpn.)

I Have a New Puppy
Posts: 7
Joined: Fri 05 Jun 2009, 17:11

#15 Post by I Have a New Puppy »

jafadmin, thanks so much for the prompt reply.
I'll now exit Windoze and try PL.

BASED ON ROUTE:
inet 192.168.2.54 peer 192.168.2.1/32 scope global ppp0


. . . peer VPN is 192.168.2.1/32 and that is what I should first ping?

192.168.2.1 did not ping before, although the ppp0 blinky was active.


What about renaming the genmask to 255.255.255.0 -- necessary?

AAR, I'll try your 192.168.2.0/24 and reply here shortly from PL.

Ken

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#16 Post by jafadmin »

If you can't ping the peer you probably won't be able to set a route. Disregard the blinky thing. It is misleading.

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#17 Post by PaulBx1 »

Ken, you must be connecting to a particular VPN server. Are they no help in setting up this thing? Shouldn't they have instructions, just as if you were doing an ordinary connection to an ISP?

I too find these instructions confusing. I don't know if the 192.168.1.0/24 network is supposed to be entirely on the VPN server, or maybe has something to do with the local router, or what. I don't know if 192.168.1.142 is the gateway on the local router, or something on the server. It's not clear what devices and lans we are talking about. Most local router lans are 192.168.1.0/24 by default...

Maybe jafadmin could make a picture, an example setup showing the lan(s) and what addresses are where?

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#18 Post by jafadmin »

Ok guys, it's beyond the scope of this topic to explain networking to people.

If you don't understand that 192.168.1.0 (or 192.168.168.0 for that matter) are class C subnets with 254 addresses in the range 192.168.1.1 to 192.168.1.254 for instance, then you need the people whose network you're trying to connect to help you with the routing.

You guys need to at least know the address range of the network you're trying to connect to for me to be of help with routing. I'm just making assumptions based on the addresses that you are posting.

jafa

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#19 Post by PaulBx1 »

Well, I don't think you need to go back that far. :)

I'd suggest you assume people interested in this have managed to get their ordinary networks going, and do understand about the basics of subnets and whatnot. Also assume this is the first time they have ever tried to get VPN going, so that what they are shaky on is not network basics, but the additional increment of knowledge for getting VPN working.

For example, there are apparently 3 kinds of VPN setups, from what I have read about them. Does your procedure cover all 3, or is there just one that it is for? What is the big picture; is this as if we are (for example) home trying to connect to our corporate network? What does "lanside" mean? What does "vpn peer" mean? Where do we find the "peer ip" in the output of the "ip addr" command? Can we see an example of the output of your "ip addr" command, both before and after you did those steps? What, generally speaking, was being accomplished by the first 4 steps of your procedure? If you don't mean any of this to have anything to do with the user's local router, why use an address like 192.168.1.0 as the target of your "route add" command, when such an address is almost certainly used by default for the router's local net? (I understand this private address - address range - may legally be used in both lans, but for the purposes of illustration different addresses should be used on the different subnets.) Why not show the "route add" command you actually used on your system? What kinds of information are the service providers expected to supply? Wouldn't it normally be a public address? If so, why does the route add command not have a public address?

These are questions that occur to me about this setup. I'm not looking for the basics of networking. I've just never set up VPN before, and don't quite have the big picture.

jafadmin
Posts: 1249
Joined: Thu 19 Mar 2009, 15:10

#20 Post by jafadmin »

As the title of this thread subtly suggests, this thread is about connecting to a MS VPN Server.

If users have never set up a VPN connection before using puppy I suggest they have a talk with the IT people who run the VPN server and the network that they're trying to connect to first. If they have any questions that can't be answered by their own IT people (i.e. puppy specific questions), I'm glad to help.

Post Reply