Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 23 Jul 2014, 12:25
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
Howto setup Microsoft VPN with gpptp (4.12 - 4.31) + (5.xx)
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 3 [38 Posts]   Goto page: 1, 2, 3 Next
Author Message
jafadmin

Joined: 19 Mar 2009
Posts: 412

PostPosted: Sat 02 May 2009, 23:46    Post subject:  Howto setup Microsoft VPN with gpptp (4.12 - 4.31) + (5.xx)  

*** [ Updated 5-7-2014] *** New Gpptp v2.0 Pets in this thread:
http://murga-linux.com/puppy/viewtopic.php?t=93384

***[ Updated 10-20-2011] *** New version compiled for lupu 5.xx

*** [ Updated 5/25/2009 ] *** new versions of gpptp and the script posted below ....
***************

How to connect puppy to your M$ VPN corporate network.

(assumes you have a working internet connection and functional DNS)

1. in /etc/ppp, copy "ip-up-EXAMPLE" to just "ip-up" (if you haven't done it already.. the defaults work ok ) *SEE NOTE BELOW
2. in the /etc/options.pptp file, uncomment the: "require-mppe-128" line, and save the file.
3. Start gpptp and enter the authentication info. (i.e: vpn.mycorp.com (or ip addr), mycorp-domainname\myusername, mysupersekritpassword)
4. press "connect". Wait for "VPN pppX - (pid XXXXXX) created..."

Technically interesting:
at this point you won't be able to ping anything on your corp network except the vpn server itself. If you open a console and type the "route" command you will find an entry with the lanside ip of your corp's vpn server.

If you type "ip addr" you'll find you have a new ip address (supplied by your corp's dhcp server) matching your corp's lan subnet and the address of the vpn peer.

So:
5. in a console window type:

route add -net 172.16.1.0 netmask 255.255.255.0 gw 172.16.1.142

where 172.16.1.0 represents your corp subnet and 172.16.1.142 is the theoretical "peer" ip from the "ip addr" command.
Once this command executes you'll have total access to your corporate network.

To simplify things I created an executable script in my-applications/bin for each connection, that reads a variation of:
Code:

gpptp
route add -net 172.16.1.0 netmask 255.255.255.0 gw 172.16.1.142


[Edit] * THIS IS PROBABLY THE BEST APPROACH TO THE ROUTING ISSUE:
Adding the following to the end of the "/etc/ppp/ip-up" file will solve the default gateway issue
Code:


#  The following figures out our most current "ppp" number
#   and sets default route to it.
MYPPP="ppp"

ppp_count=$(ifconfig |grep -c ppp)       # Find highest ppp* number which is the one we want.

if [ $ppp_count -gt "0" ]                      # It MUST find a ppp* before we set routes
then
     ppp_count=`expr $ppp_count - 1`    # Decrement the count by one to match dev number
     MYPPP="$MYPPP$ppp_count"           # Append dev number to the ppp variable      
     route add default  $MYPPP               # Set the default route
fi

*****

I do exactly this from a 4.12 LiveCD and it works. The changes to files, etc will be permanent on your other installs. I make a symlink to the script and put it on my desktop.

good luck, and post any questions ...

search tags: ppp, pptp, vpn, msvpn, ms vpn

This is the most recent compile of Gpptp (as of Oct 20, 2011):
gpptp-lupu-vpn.tar.gz
Description  gpptp for the lupu 5.xx versions. (compiled on lupu 5.28)
gz

 Download 
Filename  gpptp-lupu-vpn.tar.gz 
Filesize  9.41 KB 
Downloaded  536 Time(s) 
gpptp-mod.zip
Description  gpptp for the 4.12 - 4.3x versions (compiled on puppy 4.21)
zip

 Download 
Filename  gpptp-mod.zip 
Filesize  10.28 KB 
Downloaded  926 Time(s) 

Last edited by jafadmin on Thu 08 May 2014, 03:22; edited 51 times in total
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 412

PostPosted: Sun 03 May 2009, 00:22    Post subject:  

BTW, for the trivia buffs; Yes, you can run your thumbdrive thru the laundry and it still works like new.

... don't ask Rolling Eyes
Back to top
View user's profile Send private message 
disciple

Joined: 20 May 2006
Posts: 6424
Location: Auckland, New Zealand

PostPosted: Tue 12 May 2009, 06:50    Post subject:  

Quote:
if you type "ip addr" you'll find you have a new ip address (supplied by your corp's dhcp server) matching your corp's lan subnet and the address of the vpn peer.
... and 192.168.1.142 is the theoretical "peer" ip from the "ip addr" command.

Ah - now I see this post, after spending all that time trying to figure it out Smile

I can do this instead
Code:
route add -net 192.168.1.0 netmask 255.255.255.0 dev ppp0


Quote:
Wait for "exited with 0". (0=success!)

Are you sure that is right? There is a "disconnect" button, which is greyed out, and I would have thought it is supposed so you can disconnect when you are finished, after which I would expect it to exit with 0. Otherwise what is the disconnect button for?... maybe I should look at the source some time.

At the moment, I seem to have to run
Code:
killall pppd
to disconnect.

BTW presumably the drop-down arrows in gpptp are meant to actually work... does anyone know where to save the information so your connections show up in here?

Quote:
Yes, you can run your thumbdrive thru the laundry and it still works like new.

Yes, mine has been through a number of times Smile

_________________
DEATH TO SPREADSHEETS
- - -
Classic Puppy quotes
- - -
Beware the demented serfers!
Back to top
View user's profile Send private message 
tempestuous

Joined: 10 Jun 2005
Posts: 5216
Location: Australia

PostPosted: Tue 12 May 2009, 10:10    Post subject:  

If anyone's interested in seeing what commands and configuration files are involved with connection to a M$ VPN server, have a look at the process we followed back in the days of Puppy 1.09 (early 2006) -
http://www.murga-linux.com/puppy/viewtopic.php?p=42140#42140
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 412

PostPosted: Sun 17 May 2009, 20:00    Post subject:  

A bonus tip:

I usually use my Thinkpad X60 running 4.2x to connect via verizon broadband wireless because the hardware is built-in.

Since I'm connecting from a routable IP address, I create a script to route all non-routable (RFC-1918) networks using my "ppp? - inet addr" address as the gateway. What this does is make available to me all RFC-1918 networks that route back to the vpn server I connected to.

So for customers whose systems I administer, one short script gives me access to all their subnets.

short example ..

Code:

route add -net 10.0.0.0 netmask 255.0.0.0 gw $1
route add -net 192.168.0.0 netmask 255.255.0.0 gw $1


Where $1 is the ip address assigned to me by the VPN server.
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 412

PostPosted: Thu 21 May 2009, 00:10    Post subject:  

Here is a mod I did of gpptp so you can populate the dropdown lists and automate the connection process. Read the readme file for details.

jafadmin

[ updated 5-22-2009 ]

I've spent a little time re-working aspects of the Gpptp client. It will now:

1. Retrieve usernames and servernames/ipaddrs of servers from
user-editable files in the /etc/ppp directory.

2. Fixed the buttons so you can disconnect and reconnect using
different servers or userid's without exiting the app.

3. Fixed it so that it knows the pid of the spawned pppd process
so it will kill properly.
.......

Stuff I'm working on:

It would be nice to integrate the route handling into the app instead of using scripts.

maybe a "single file" structure to handle "profiles" that contain all the particular settings details for each particular vpn environment we need to connect to.

Last edited by jafadmin on Sat 23 May 2009, 14:04; edited 1 time in total
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 412

PostPosted: Fri 22 May 2009, 17:41    Post subject:  

disciple wrote:


At the moment, I seem to have to run
Code:
killall pppd
to disconnect.

BTW presumably the drop-down arrows in gpptp are meant to actually work... does anyone know where to save the information so your connections show up in here?



These are now semi-fixed .. Cool
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 412

PostPosted: Mon 25 May 2009, 14:58    Post subject:  

As of today, the following mods have been done.

Gpptp will now remember your VPN sessions after you close the window so you can connect, close the vpn window, then re-open Gpptp later and disconnect the active VPN session if it still exists.

You can use an editor to put entries in the "/etc/ppp/vpn_servers" and the "/etc/ppp/vpn_userids" files and the entries will show up in the drop-down lists in the app.

I added a "Close window" button that will kill the app but leave the connection in place. The "Disconnect" button now works as one would expect; .. if there is an active connection it will be disconnected.
Back to top
View user's profile Send private message 
disciple

Joined: 20 May 2006
Posts: 6424
Location: Auckland, New Zealand

PostPosted: Tue 26 May 2009, 04:33    Post subject:  

Thanks.
That's weird. It's a lot better, except after I disconnect the vpn my normal network connection doesn't work until I reboot Confused

Ideally it would be good if the route command was added to the main program... although it may be easier to rewrite as a gtkdialog program instead Smile

BTW can we have the source please? Or at least when you've finished, if you're still working on it.

_________________
DEATH TO SPREADSHEETS
- - -
Classic Puppy quotes
- - -
Beware the demented serfers!
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 412

PostPosted: Tue 26 May 2009, 14:31    Post subject:  

disciple wrote:
Thanks.
That's weird. It's a lot better, except after I disconnect the vpn my normal network connection doesn't work until I reboot Confused

Ideally it would be good if the route command was added to the main program... although it may be easier to rewrite as a gtkdialog program instead Smile

BTW can we have the source please? Or at least when you've finished, if you're still working on it.


What happens is that your DNS gets reset by the VPN dhcp function where you connect. When you disconnect, the DNS servers can't be reached so dns resolution fails. You shouldn't need to reboot, just have the network connection wizard re-aquire dhcp after you disconnect..

I'm still working on it. The plan is to incorporate the routes into the app and have it fix the dns when we disconnect the VPN connection (I can do this by caching /etc/resolve.conf then restoring it when user disconnects) . Let me clean up the source and I'll send it to you.

Eventually I want it to be able to have multiple connection choices like the remote desktop app has so you can just load the connection by a saved name and it will automatically set everything for that VPN site.

Drive it like you stole it and let me know what's breaking ...

jafa
Back to top
View user's profile Send private message 
disciple

Joined: 20 May 2006
Posts: 6424
Location: Auckland, New Zealand

PostPosted: Tue 26 May 2009, 16:46    Post subject:  

When I tried it before though, my network still worked after I killed pppd Confused
_________________
DEATH TO SPREADSHEETS
- - -
Classic Puppy quotes
- - -
Beware the demented serfers!
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 412

PostPosted: Tue 26 May 2009, 23:38    Post subject:  

disciple wrote:
When I tried it before though, my network still worked after I killed pppd Confused


[Edit]

Ok, I added the functionality to backup and restore the "/etc/resolv.conf" when it connects to and disconnects from a VPN server. This means your DNS should return to it's previous state after you click the "Disconnect" button.
Back to top
View user's profile Send private message 
I Have a New Puppy

Joined: 05 Jun 2009
Posts: 7

PostPosted: Fri 05 Jun 2009, 13:45    Post subject: almost there, but am snagged on which subnet to enter  

Thanks for the great forum and this post in particular!

I am very new to PL (since only Jan 09), and GPPTP
has been my biggest snag so far. I know little about
Linux and networking issues, but am a quick learner.
I figured out the wifi driver (my biggest PL street cred so far).

I've done jafadmin'd steps 1-4, and GPPTP "exited with 0".
Some ping activity on the ppp0 blinky, too.

However, my traffic is not yet going through the VPN.
I've tried many permutations of the route add command,
but am clearly not entering the correct IPs.

Please advise me with a completed route command containing
the right subnet, genmask, and peer IP. I'm clearly confused
between subnet, placeholder, peer, etc.

The VPN manual mentions setting DNS to 208.67.222.222 (which shows
up in resolv.conf) and 208.67.220.220 (which doesn't). Should I use
them instead of the 192.168.x.xx?
I've not yet tried either one in the "route add" command.

Do I change the ppp0's assigned genmask from 255.255.255.255 to 255.255.255.0, or was 255.255.255.0 merely an example?

Finally, how do I permanently install the new/improved GPPTP client to my boot CD or pup_save? There must be link about this kind of thing.
Remember, I'm a total PL and Linux newbie.

Many thanks for your help.
I suspect that I'm very nearly there, but am tapped out of ideas.

Ken



WHAT I GOT FROM ROUTE :
Destination Gateway Genmask Flags Iface
192.168.2.1 * 255.255.255.255 UH ppp0
192.168.0.0 * 255.255.255.0 U wlan0
169.254.0.0 * 255.255.0.0 U wlan0
default 192.168.0.1 0.0.0.0 UG wlan0



WHAT I GOT FROM IP ADDR:
inet 192.168.0.12/24 brd 192.168.0.255 scope global wlan0
inet 192.168.2.54 peer 192.168.2.1/32 scope global ppp0


WHAT I GOT FROM resolv.conf:
nameserver 192.168.2.1
nameserver 208.67.222.222 (this IP is mentioned in my VPN provider's manual, but it didn't show up in "route" or "ip addr")


PINGING:
192.168.2.54 pingback, but only wlan0 blinky
192.168.2.1 no pingback, but wlan0 and ppp0 blinky active
192.168.1.0 no pingback, but wlan0 and ppp0 blinky active
192.168.0.1 pingback, but only wlan0 blinky



ANOTHER DAY, WHAT I GOT FROM WINDOWS IPCONFIG/ALL:
802.11b/g
IP Address 192.168.0.11
Subnet Mask 255.255.255.0
Default Gateway 192.168.0.1
DHCP Server 192.168.0.1
DNS Servers <private>

WAN (PPP/SLIP)
IP Address 192.168.2.41
Subnet Mask 255.255.255.255
Default Gateway 192.168.2.41
DNS Servers 192.168.2.1
208.67.222.222




HISTORY/RESULTS OF MY ROUTE COMMAND ATTEMPTS
(I ENTERED THESE SEQUENTIALLY, NOT DELETING PREVIOUS
ONES AS I WENT. DID THAT PREVENT A SOLUTION?)

route add -net 192.168.2.54 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute (still my local IP)

route add -net 192.168.2.54 netmask 255.255.255.255 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

route add -net 192.168.0.1 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1
(no response)
no ppp0 blinky, and no IP reroute

route add -net 192.168.1.0 netmask 255.255.255.0 dev ppp0
(no response)
no ppp0 blinky, and no IP reroute

route add -net 192.168.2.54 netmask 255.255.255.0 dev ppp0
netmask and route address conflict

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

route add -net 192.168.2.1 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute

route add -net 192.168.0.12 netmask 255.255.255.0 gw 192.168.2.1/32
resolving 192.168.2.1/32
no ppp0 blinky, and no IP reroute
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 412

PostPosted: Fri 05 Jun 2009, 14:59    Post subject:  

First of all before working with the routing, make sure you can ping the peer address listed in the "ip addr" command after the vpn connects. If it pings and If I'm understanding your post above, ...

route add -net 192.168.2.0/24 ppp0

should route the 192.168.2.1 thru 192.168.2.254 subnet traffic over the vpn ppp.

(It would help to know what ip address ranges you're trying to route over the vpn.)
Back to top
View user's profile Send private message 
I Have a New Puppy

Joined: 05 Jun 2009
Posts: 7

PostPosted: Fri 05 Jun 2009, 17:39    Post subject:  

jafadmin, thanks so much for the prompt reply.
I'll now exit Windoze and try PL.

BASED ON ROUTE:
inet 192.168.2.54 peer 192.168.2.1/32 scope global ppp0


. . . peer VPN is 192.168.2.1/32 and that is what I should first ping?

192.168.2.1 did not ping before, although the ppp0 blinky was active.


What about renaming the genmask to 255.255.255.0 -- necessary?

AAR, I'll try your 192.168.2.0/24 and reply here shortly from PL.

Ken
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 3 [38 Posts]   Goto page: 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1040s ][ Queries: 12 (0.0040s) ][ GZIP on ]