Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 18 Nov 2019, 10:07
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
Gpptp enhancements for doing PIA VPN - [ New version ]
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 3 [42 Posts]   Goto page: 1, 2, 3 Next
Author Message
jafadmin

Joined: 19 Mar 2009
Posts: 996

PostPosted: Thu 24 Apr 2014, 02:03    Post subject:  Gpptp enhancements for doing PIA VPN - [ New version ]  

I finally got a PIA account so I can test Gpptp VPN with it. Some info:

1) in order to set the default path through the VPN tunnel you'll need to be using the versions listed below. This is not a Gpptp problem. This is a problem with the pppd/ppp/pptp, and "route" compiled components within the kernel forks. Gpptp is just a GTK2 front-end for those utilities.

***** [ UPDATE NOV 9, 2014 ] *****

Tested OK versions of puppy:
All Lucid and Precise versions, Quirky Tahr, and Quirky Unicorn.
These versions of puppy will work right with PIA type (anonymous) VPNs. In other words, these are the only versions of puppy that support setting the default route to the VPN ppp0.

[Update]
We have found the problem in the pptp binary in Slacko and Wary versions of puppy AND Quirky 6.1. Below are patch pets for all puppy versions with the routing problem that fix this issue. I have not had the opportunity to test on all puppies with the problem, but feel free to try it.


However, Gpptp v2.0 will install and run on these versions for all other VPN connections that don't need the default route set to the VPN. A company VPN server, for instance, will work fine just routing the RFC 1918 networks through it.

The Gpptp-v2.0.pet below will install correctly on all the 32 bit puppy versions. For FatDog64 go here and check the 5th post down on the page.


2) VPN disconnections!!! Shocked Wow. These VPN's disconnect and leave your normal IP exposed and connected. Huge problem. Almost defeats the purpose. So here's a workaround:

Gpptp v2.0 .. search tags: ppp, pptp, vpn, msvpn, ms vpn

I've updated this version of Gpptp to enable the user to set their routing choices from the gpptp gui using radio buttons.

There is a full explanation in the readme file in /etc/ppp/gpptp after installing v2.0

Good luck and safe surfing ...
Gpptp-pptp-patch.pet
Description  Patches pptp on all puppies that need it
pet

 Download 
Filename  Gpptp-pptp-patch.pet 
Filesize  25.85 KB 
Downloaded  1231 Time(s) 
Gpptp-v2-Slacko-patch.pet
Description  Patches pptp and routing scripts on Slacko
pet

 Download 
Filename  Gpptp-v2-Slacko-patch.pet 
Filesize  27.47 KB 
Downloaded  935 Time(s) 
Gpptp-v2.0.pet
Description  Gpptp v2.0 for all puppy versions
pet

 Download 
Filename  Gpptp-v2.0.pet 
Filesize  45.51 KB 
Downloaded  2445 Time(s) 

Last edited by jafadmin on Tue 25 Oct 2016, 08:28; edited 46 times in total
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 996

PostPosted: Fri 25 Apr 2014, 20:21    Post subject:  

Carolina needs the pptp patch as well as the v2.0 pet

So far, all puppies tested will work. Some need the pptp patch. If you can't set the default route to the VPN connection, install the pptp patch.

Slacko needs the pptp patch and patched routing scripts due to the fact that Slacko doesn't have yaf-splash.


I will use this space to let everyone know when I do minor fixes to the v2.0 pet

The most current update is on 11-8-2014. Added icons, a ".desktop" file and updated documentation.


.

Last edited by jafadmin on Mon 10 Nov 2014, 18:40; edited 5 times in total
Back to top
View user's profile Send private message 
bark_bark_bark

Joined: 05 Jun 2012
Posts: 1935
Location: Wisconsin USA

PostPosted: Sun 27 Apr 2014, 19:43    Post subject:  

I don't think pptp is very secure, but I wish I knew where to find information to back it up. Also what settings should when using qbittorrent with it.
_________________
....
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 996

PostPosted: Tue 29 Apr 2014, 20:40    Post subject:  

It has been requested that I make a .pet package to make it easier to set up Gpptp for PIA type VPN. So here it is.

*** THIS HAS ONLY BEEN TESTED ON Precise 5.7.1 & Lucid 5.28 ***

Here's what it does:
1) Installs a new gpptp binary that allows you to load a cached key/password without typing it in the open
2) A command line utility called mk-vpn-key that creates an encrypted cache for your key/password.
3) installs the vpn-watch utility to work with Gpptp.
4) installs symlinks, etc to make everything work right.

Here's what you do:
1) Install the .pet
2) Edit the /etc/ppp/vpn_servers file to add your PIA servers (I just added all the servers for N America in mine - from their web site ..)
3) Edit the /etc/ppp/vpn_userids file to add your PIA usernames.
4) Run the mk-vpn-key utility from the console and put in your PIA key/password. (This step isn't necessary, just useful.) Wink

If you have done the above and have a live network connection, start Gpptp from the "Network" menu,

The drop-down lists should have your server and user names. Type in your password in the password field, OR, just type the word "mykey".

If you type in "mykey", Gpptp will load your encrypted password created with the mk-vpn-key tool. Why do this? PIA generates your passwords for you. You can go to your control panel and have it generate a new one every day if you wish. When you generate a new one, cache it with the mk-vpn-key tool and you don't have to keep trying to memorize new passwords. Just type "mykey" into the password field. Depending on the frequency of disconnects, this can be really handy.

Last edited by jafadmin on Tue 13 May 2014, 18:16; edited 2 times in total
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 996

PostPosted: Tue 29 Apr 2014, 23:01    Post subject:  

How I test.

I boot puppy in pfix=ram mode, set up networking, install the .pet package, and see if I can connect VPN by entering server, userid, and password information manually when I run Gpptp from the network menu.

If all connects ok, I then edit the vpn_userids and vpn_servers files in /etc/ppp, and run the mk-vpn-key utility to help with automation.

I figure that if it works like that from pfix=ram mode, all should be good.
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 996

PostPosted: Thu 08 May 2014, 15:11    Post subject:  

bark_bark_bark wrote:
I don't think pptp is very secure, but I wish I knew where to find information to back it up. Also what settings should when using qbittorrent with it.


For doing PIA/Anon Proxy type VPN you only tunnel to that service provider. They anonymize your session then it is unencrypted to the rest of the WWW, just like normal.

So you are only worried about the security between your session and PIA, not the rest of the web. For anon browsing it should work fine.
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 996

PostPosted: Wed 21 May 2014, 01:28    Post subject:  

here is a screen shot of a sanitized "vpn_servers" file in /etc/ppp/Gpptp that has all my PIA servers organised so I can open it in geany and see the extra info I copied off the PIA website regarding their server clusters.

Always make sure to put the comment '#' delimiter right after the server name or weird stuff happens with the drop down list width. This only applies if you're adding comments in the file like I have. You may choose to just have the server names.

(I just copied and pasted their server list from here: https://www.privateinternetaccess.com/pages/network/
servers.png
 Description   
 Filesize   82.69 KB
 Viewed   7530 Time(s)

servers.png

Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 996

PostPosted: Fri 23 May 2014, 23:01    Post subject: Doggie Bone: a cool Custom.route script  

Here is a cool script that you can paste into /etc/ppp/gpptp/Custom.route
that will calculate and set a /24 route to the subnet your VPN IP address is on.

This doesn't care whether the ip address is a private or public address.

Code:

#!/bin/sh
#
#  This Custom.route will automatically create a route to the subnet of the IP
#      address we are assigned by the server.  It assumes a 24 bit subnet.
#   
#    So if we are assigned: 172.18.21.101 as an IP address by the server, it will
#       set a route to:
#              route add -net 172.18.21.0 netmask 255.255.255.0 gw 172.18.21.101
#
MYPPP="ppp"

ppp_count=$(ifconfig |grep -c ppp)       # Find highest ppp* number which is the one we want.

if [ $ppp_count -gt "0" ]                     # It MUST find a ppp* before we set routes
then
    ppp_count=`expr $ppp_count - 1`    # Decrement the count by one to match dev number

     MYPPP="$MYPPP$ppp_count"         # Append dev number to the ppp variable   

    # Retrieve the ip address of the connection.
     MYVPNIPADDR=$(ifconfig $MYPPP | grep inet|awk {'print $2'} |cut -d":" -f2)

     # Get subnet address. Assume 24 bit
     MYVPNSUBNET=$(ifconfig $MYPPP | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | cut -d. -f1,2,3 | awk '{ print $1}')
     MYVPNSUBNET=$MYVPNSUBNET.0

     # Set a route for that subnet to the VPN address.
     route add -net $MYVPNSUBNET netmask 255.255.255.0 gw $MYVPNIPADDR   
     
fi


Back to top
View user's profile Send private message 
pelican

Joined: 09 Jun 2014
Posts: 15

PostPosted: Mon 23 Jun 2014, 09:08    Post subject:  

Thank you for this. I started to try puppy a couple of years ago but gave up because I couldn't get a standard PPTP VPN to work.

Even now, I can't get your Gpptp v2.0 to work in Lucid 5.2.8 but it's fine in Precise 5.7.1 and Precise 5.7.1 retro so that should probably cover any of the XP laptops that my family want to use with Linux.

In Lucid, the VPN connects OK but then there's no internet access; however I've only tried with eth0 but I assume it would be no different with wlan0 wifi.

What is a little strange to me is that the original Gpptp would be included as standard in, say, slacko when it appears it's difficult to make it work in that version. As a beginner, I'd started off assuming that anything included as standard should have a reasonable chance of working OK if the hardware is reasonable.
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 996

PostPosted: Mon 23 Jun 2014, 22:15    Post subject:  

It works ok in all my Lucid 5.28 installs. Perhaps we can determine why it doesn't work in yours. When you run gpptp in 5.28 does it say v2.0 in the title bar?

Also, please understand Gpptp is just a GTK front end for the pppd utility. In the Slacko versions of puppy things break when the DEFAULT ROUTE is set to the ppp0 device created for the VPN session. You can set STATIC ROUTES to ppp0 and they work ok.

So with Gpptp v2.0, the first radio button will break it, the other 2 will work. Read the readme in /etc/ppp/gpptp for a detailed explaination.
Back to top
View user's profile Send private message 
pelican

Joined: 09 Jun 2014
Posts: 15

PostPosted: Tue 24 Jun 2014, 03:52    Post subject:  

I regret my knowledge is very limited and my use of terminology may not be correct but I'll try to make it as clear as I can in my non-tech way.

In my previous post I originally tried using Gpptp v2.0 with wired eth0 for Precise 5.7.1 and the new revitalized Lucid 5.2.8.6; I've now added in the older Lucid 5.2.8.005 in further trials. For all 3 versions I've now tried Gpptp v2.0 using both wired eth0 and wifi wlan0.

I confirm I've definitely used Gpptp v2.0 and the first radio button "Default".

For all three versions and with using both eth0 and wlan0 connections, Gpptp v2.0 connected to the VPN properly in every case i.e. VPN "created" and the VPN monitoring box showing green. This applied to 2 VPN services, PrivateInternetAccess and Boxpn. I checked the IP address and internet performance before and after connection (internet performance before the VPN connection was good in every case).

What surprised me were the results ...

Precise 5.7.1 ..... with both eth0 and wlan0, the new VPN IP showed up immediately with the myip command. Internet performance, although obviously slower than before, was still reasonable using the VPN.

Lucid 5.2.8.6 ..... with both eth0 and wlan0, although GPPTP showed a proper VPN connection, there was no response to the myip command in the terminal i.e. before connecting to the VPN, the myip command showed the original IP address immediately; after connecting there was no response to the myip command. Looking at a browser it seemed a connection had been made but it was very, very, very, very slow. After disconnecting from the VPN the performance went back to normal.

Lucid 5.2.8.005 ..... using eth0 was similar to Lucid 5.2.8.6 i.e. a VPN connection was indicated by Gpptp but it seemed to me the connection was working but was very, very, very, very slow with no IP address being indicated etc. Using wlan0 was better; the VPN IP address could be found with the myip command but internet performance was very variable with it being very slow most of the time.

This was using an Asus eee box, Atom N270, 2GB and with booting puppy from USB sticks. Precise and the two Lucids appear to function properly ootb except the Lucids need a small amout of effort to get wlan0 to work. Although I've heard that checking internet speed is probably not that reliable, it seems to me that the speed I get (without using VPN) from the installed XP is about 50% faster than I get from any of the 3 puppy versions booting from USB sticks.

Not sure whether any of the above helps. I use one of the commercial VPN services when I'm travelling and up to now it's been good on my XP laptops; also I prefer PPTP; the encryption is enough for me and usually it's faster than Openvpn. Therefore, to replace XP, I was hoping I'd find a puppy that had a reliable method of making PPTP connections.
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 996

PostPosted: Tue 24 Jun 2014, 14:24    Post subject:  

Wow. Yes, this helps very much. Thank you for all your help with testing. I'm going to download and test 5.28.005 and above to figure it out.

[Edit]

I downloaded the 5.2.8.6 iso and booted it clean. I set up my network and checked my ip address with ifconfig. I then installed the Gpptp v2.0 pet.

Everything worked. I connected to my PIA VPN, ran myip again and had the new IP address. Cruised to some websites.

ifconfig showed my ppp0 connector, and the route command showed default route set to ppp0.

was able to ping 8.8.8.8, and google.com with no problems.

I encourage you to try this same experiment and tell me your results.

Regards,

jafa
Back to top
View user's profile Send private message 
pelican

Joined: 09 Jun 2014
Posts: 15

PostPosted: Wed 25 Jun 2014, 04:17    Post subject:  

I still get get similar results as before. However a few more tests ...

I set up a fresh clean copy of Lucid 5.2.8.6. Booted it in 3 different PCs; an Asus eee box as before; an Asus 901 netbook; a 12 year old Samsung laptop. All with 2GB and using wifi connections.

In all 3, tested using Seamonkey; whatismyipaddress.com; speedof.me; ping 8.8.8.8; general browsing.

Using Lucid, without connecting to a PPTP VPN, in all 3 PCs, the ip address displayed properly and the internet worked well.

Using Lucid, connecting to a PPTP VPN, in all 3 PCs, the VPN pppo was created successfully with Gpptp v2.0; ping 8.8.8.8 worked OK with (I think - remember my knowledge is limited) minimal increase in latency; myip command gave no result. When trying to browse, Seamonkey definitely indicated that it was trying to connect (small blue icon showing movement) and there was no "internet connection not available" type of message.

If I left Seamonkey working at downloading the whatismyipaddress.com site for about 20 minutes it finally displayed the correct ip address and location for the pptp vpn server I had expected to connect to. Therefore I assume that, from the ping result and the very long delayed display from whatismyipaddress, the vpn connection is definitely being made. However in my case with my 3 PCs it appears that something in Lucid 5.2.8 is slowing internet speed to a very slow crawl when connected to pptp vpn.

I don't get this problem at all with Precise 5.7.1 or with XP.

I don't understand any of the stuff I get from ifconfig.
Without the VPN connection I get a wlan0 section and a lo section. With vpn I get those 2 sections plus a ppp0 section. As far as I can see there's no difference between the wlan0 and lo sections with or without vpn running.

However when I run Lucid, either with or without vpn, ifconfig shows an extra line at the bottom of the eth0 or wlan0 section which says "Interrupt:n *****" e.g. "Interrupt:5 Memory:d0200000-d0200fff" or "Interrupt:29 Memory:fbfc0000-fc000000" or "Interrupt:19". Precise ifconfig does not have this extra Interrupt line. If that makes any sense to you.

For me, Precise works OK with or without pptp vpn ... Lucid works OK without vpn but the internet slows to a very, very slow crawl with pptp vpn. Presumably this "Interrupt" showing up in Lucid ifconfig wlan0 and eth0 may be the difference but that is way, way beyond any knowledge that I have.
Back to top
View user's profile Send private message 
pelican

Joined: 09 Jun 2014
Posts: 15

PostPosted: Wed 25 Jun 2014, 09:56    Post subject:  

Incidentally, what I find quite amazing is that it appears no linux organization has taken advantage of the current climate of XP being no longer supported and government snooping on private internet stuff. Where is the linux distro that promises the ease of use of XP plus security and privacy? Various versions of Linux may attempt to provide a full equivalent XP experience and claim improved security etc but I have yet to find any Linux distro that gives me confidence that it provides an efficient, easily managed privacy environment with vpn etc. As far as I'm concerned, forget pretty desktops, forget a massive range of available software etc etc etc ..... I, and I think many others, want an OS which provides an easily managed, stable, secure, efficient and private online environment. Regrettably, so far, it seems I've yet to find a linux distro that complies ..... sorry, rant over.
Back to top
View user's profile Send private message 
jafadmin

Joined: 19 Mar 2009
Posts: 996

PostPosted: Wed 25 Jun 2014, 17:04    Post subject:  

It's very important to test the way I say so we can find the problem.

If you boot a LiveCD and just connect to the network and install the v2.0 pet, does it work for you?

If you can ping 8.8.8.8 after the VPN connects, but cannot ping google.com, that means you are connecting via VPN, but DNS is not working right.

If this is the case we need to figure out what is breaking DNS.

ps: The "Interrupt:xx" line can be ignored. That version of ifconfig outputs that info and is irrelevant to our issue.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 3 [42 Posts]   Goto page: 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1777s ][ Queries: 12 (0.0114s) ][ GZIP on ]