Gpptp enhancements for doing PIA VPN - [ New version ]

[pelican]

Thank you for your pateince. I now understand a little bit more and I've managed to get the Lucid vpn working but only under a particular circumstance. Sorry this is long winded but one of my old PCs does better with Lucid rather than Precise so I'm hoping to get Lucid vpn working.

As I say, my knowledge is very limited. I knew that I could ping the google IP address 8.8.8.8 to check an internet connection and that's what I thought you meant previously. From your last post I now understand I should also ping the domain name google.com.

In the last couple of days, I'm very sure that Lucid has created a vpn connection using Gpptp v2.0. The Lucid readout from Gpptp and from ifconfig has been similar to the readout I get for creating a vpn connection in Precise. The difference has been that Lucid internet either doesn't function or slows to a crawl but Precise works OK.

However I now know I can check by pinging a domain name therefore .....

Test No 1
With a Lucid vpn connection, "ping 8.8.8.8" works OK; "ping google.com" produces a message "ping: bad address google.com". I searched for that problem (ping IP works OK; ping domain name doesn't work) and found it may be something to do with DNS and my router. I disconnected Lucid vpn from Gpptp v2.0; switched off my wifi router; switched it back on again; connected to vpn with Gpptp; and, voila, the vpn connection in Lucid worked i.e. ping domain name works, myip works, browsing works.

Test No 2
However when I powered off the PC; rebooted Lucid; connected to vpn with Gpptp v2.0; I was back to where I was before i.e. ping google.com gave the 'bad address' message. With Lucid still running, as Test 1, when I disconnected vpn and turned the wifi router off/on and then reconnected to vpn it worked OK i.e. ping google.com was OK.

Test No 3
Powered off the PC; turned wifi router off/on; then rebooted Lucid; connected to vpn; ping google.com gave 'bad address' message. As Test 2, with Lucid running, disconnected vpn; turned router off/on; connected vpn; ping google.com was OK.

Conclusion
Lucid without vpn is OK with my router. Lucid with vpn has a problem with my router. However if I turn the router off/on with Lucid running then Lucid with vpn works OK. Precise with or without vpn has no problems at all with my router.

I have no idea what it is that Lucid, when connected to vpn, doesn't like about my router and why it is that the problem can be solved by turning the router off/on after Lucid has booted. Precise, win XP, 7, 8 all work OK with vpn and current router.

[jafadmin]

Ok, I understand. However I need you to test with a LiveCD to determine if it's a hardware problem, or something is wrong with your frugal installs.

Could you please repeat the test you just did, but with a LiveCD?

It sounds like something is breaking your DNS. I need to know if it happens with a LiveCD

Also, when it can not ping google.com, type the command: "cat /etc/resolv.conf" (without quotes) and report what happens or copy the output for us.

[pelican]

I've always used a liveusb stick but I've now burnt a LiveCD and used that. Installed Gpptp v2.0 and confirmed the connection to vpn was made.

Ping google.com produced the following

# ping google.com
ping: bad address 'google.com'
# cat /etc/resolv.conf
# Generated by dhcpcd from ra0
# /etc/resolv.conf.head can replace this line
nameserver 203.198.23.208
nameserver 218.102.32.208
# /etc/resolv.conf.tail can replace this line
#

ifconfig produced

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:40 errors:0 dropped:0 overruns:0 frame:0
TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2960 (2.8 KiB) TX bytes:2960 (2.8 KiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:10.0.1.1 P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1486 Metric:1
RX packets:278 errors:0 dropped:0 overruns:0 frame:0
TX packets:563 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:120161 (117.3 KiB) TX bytes:62313 (60.8 KiB)

ra0 Link encap:Ethernet HWaddr 00:22:43:13:37:78
inet addr:192.168.1.105 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:50777 errors:0 dropped:0 overruns:0 frame:0
TX packets:25224 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:52983147 (50.5 MiB) TX bytes:2537101 (2.4 MiB)
Interrupt:17

[pelican]

With Lucid running; switch router off/on and reconnect to vpn.
VPN worked OK as follows ........

# ping google.com
PING google.com (173.194.127.230): 56 data bytes
64 bytes from 173.194.127.230: seq=0 ttl=55 time=18.958 ms
64 bytes from 173.194.127.230: seq=1 ttl=55 time=19.440 ms
64 bytes from 173.194.127.230: seq=2 ttl=55 time=245.509 ms
64 bytes from 173.194.127.230: seq=3 ttl=55 time=148.254 ms
64 bytes from 173.194.127.230: seq=4 ttl=55 time=18.106 ms
# cat /etc/resolv.conf
# Generated by dhcpcd from ra0
# /etc/resolv.conf.head can replace this line
nameserver 192.168.1.1
# /etc/resolv.conf.tail can replace this line

[pelican]

To complete the information I have.

Using Precise 5.7.1 on the same PC and router as Lucid 5.2.8.6. Gpptp v2.0 connects to vpn. Ping google.com works OK immediately and the following applies ......

# cat /etc/resolv.conf
nameserver 208.67.222.222
nameserver 208.67.220.220

Therefore vpn immediately works OK with Precise. I think I'll give up on Lucid and use Precise (or perhaps Precise retro)

[jafadmin]

Thank you very much for all your efforts with testing. This is very valuable and posting it here creates a record for future reference. I realize you just want to get on with enjoying puppy and wish you the best.

Hopefully, if this issue comes up with other users we can refer back to your issue and use it as breadcrumbs for finding the cause/solution in the future.

I have found 5.7.1 retro to be very robust. I am putting my dev efforts behind it.

Warmest regards,

jafa

[pelican]

jafa, I'm the one who needs to thank you for producing Gpptp v2.0 and for your guidance on setting it up. I need PPTP VPN. As a newcomer to puppy I would have probably tried slacko; spent hours trying to get pptp working; when it didn't work then given up on puppy and moved on to try pptp on another linux distro.

As it is, I'm very happy with Precise 571 retro and Gpptp v2.0 on all four of my family's XP laptops/netbooks whether non-PAE or PAE.

Later on, I may try setting up openvpn but as I only prefer that level of encryption infrequently then I'm not concerned whether openvpn works or not in puppy. I can wait until I have access to a win 7 or 8 PC to use it.

Thanks again,
ken

[TheYoungOne]

hey jafadmin

i followed your instructions and i'm using precise 5.7.1. i am also using PIA.
but i get this error when i try to connect

Connecting to VPN server...
pptp process (7946) exited with 0
ppp process was NOT created!

am i doing something wrong ?
i couldn't figure it out for myself

the numbers change too. the ones in brackets and the 'exited with' number. when i try to connect again.

thanks
theyoungone

[jafadmin]

@TheYoungOne,

Assuming you are properly connected to the internet before starting Gpptp, it usually means there is something amiss with the server/username/password login information.

doublecheck the login info, and type it in manually if necessary or copy/paste it. If it works that way you may need to fix the vpn_servers or vpn_userids files, or redo the mk-vpn-key cache.

Let us know if that fixes it.

[TheYoungOne]

I have an ipod touch 4g which can use VPN's. It works on this. So my login details/server are good. PIA give two different login details depending on the protocol. Neither work.

I still get the same error code.

sorry for the late reply.

[jafadmin]

We're going to need some specific information to solve this.

1) Makes sure your puppy 5.7.1 can browse the web, then run the "ifconfig" command in a console and post the output here.

2) make a screenshot of Gpptp V2.0 right before pressing the "Connect" button and post that here as well.

Thanks

[jafadmin]

Here is a useful utility I use to manually check on whether the VPN tunnel is up or not. I mapped Ctrl+Alt+V keypress to the script.

vpn-check

Code: Select all

#!/bin/sh
if [  -e  "/var/run/ppp0.pid"  ]  
then
	gxmessage -bg green -center -timeout 3 " VPN is up! " 
else 
	gxmessage -bg red -center -timeout 3 " VPN is down! " 
fi

[rerwin]

With Lucid running; switch router off/on and reconnect to vpn.
VPN worked OK as follows ........

# ping google.com
PING google.com (173.194.127.230): 56 data bytes
64 bytes from 173.194.127.230: seq=0 ttl=55 time=18.958 ms
64 bytes from 173.194.127.230: seq=1 ttl=55 time=19.440 ms
64 bytes from 173.194.127.230: seq=2 ttl=55 time=245.509 ms
64 bytes from 173.194.127.230: seq=3 ttl=55 time=148.254 ms
64 bytes from 173.194.127.230: seq=4 ttl=55 time=18.106 ms
# cat /etc/resolv.conf
# Generated by dhcpcd from ra0
# /etc/resolv.conf.head can replace this line
nameserver 192.168.1.1
# /etc/resolv.conf.tail can replace this line

I infer from his previous postings that he was running Lucid pup 5.2.8.6, the 20140321 version. I think I can explain what he is encountering.

Both the Network Wizard and Frisbee allow the user to specify static IP and DNS addresses for ethernet and wifi connections. However, in all puppies but that version of lupu the /etc/ppp/options file includes "usepeerdns" which causes any static DNS address to be overwritten in resolv.conf by the peer-provided address, thereby crippling the support for static IP DNS names. The other PPP applicatons -- wvdial, pgprs, pppoe -- set that option in their own ways, not relying on the "options" usepeerdns entry.

In lupu 5.2.8.6-20140321 I commented out the entry in the "options" file, to activate support for static DNS addresses. It appears that initially gpptp did not cause the ethernet DNS address to be replaced by the peer address necessary for the pptp connection. On the reboot, the received address was apparently used, although I don't know how that is done.

To be consistent with other PPP applications and ensure that usepeerdns is always in effect for gpptp, I recommend that you include a "usepeerdns" line in options.pptp, to protect gpptp from cases where users comment out or remove that line from /etc/ppp/options. Since the template for the options file does not mention "usepeerdns", I consider it to have been a mistake to place it in that file, at all. At some point, I hope (when I can get around to submitting my set of lupu fixes to woof-CE) to advocate for its removal from "options" in the official (woof-built) puppies, to fix that bug. I made that change to options.pptp in 5.2.8.6-20140321, so hope you will do so, too, in your official version so that users will not see a regression if they install it into lupu and, possibly, eventually some other puppies.

Thanks for considering this.
Richard

[jafadmin]

Hi Richard,

The "/etc/ppp/options" file is not used by pptp, and is not part of the Gpptp install.

usepeerdns is set to true by default in the puppy compiles.

Gpptp handles the resolve.conf (DNS) issue by caching the original "/etc/resolv.conf" file upon a pptp connection, and then restoring it once the pptp session is closed.

In the case of the 1918s route setting, the "/etc/ppp/gpptp/1918s.route" script will append the contents of the original resolve.conf to the new one in case the "Company" VPN server only resolves internal addresses.

jafa

[BarryK]

jafadmin,
just to let you know, I have updated to your latest:

http://bkhome.org/news/?viewDetailed=00104

Thanks for sending me the source.

[rerwin]

jafa,
Thanks for the info. If "usepeerdns is set to true by default in the puppy compiles", then the 'usepeerdns' in 'options' is not needed, so can be deleted from there. Right? Then I am out of ideas for pelican's problem with lupu 5.2.8.6.

However, I also suspected that my modified if-up file, that tests for pptp running, before changing resolv.conf, might be the culprit. But I see that gpptp does not use it, just saves and restores it so as to use its own versions of if-up. So, my if-up does not appear to be a factor.

I found, though, a possible hazard. If there is no prior if-up file present, gpptp's if-up then remains as the existing if-up. That could seemingly impact other ppp applications that do not expect one to be there. Maybe all applications do as gpptp does and always create their own if-up file. I guess I will assume that and not worry about if-up files in lupu.

Bottom line: I will only remove (EDIT: comment out) usepeerdns from /etc/ppp/options, so that static IP and DNS addresses will work. I have no way to test this, so rely on users for feedback with lupu. Could you try removing it in a test in any puppy, to verify that no harm to gpptp is done without it?

I am pleased to see Barry's endorsement of gpptp v2. Congratulations.
Richard

[jafadmin]

jafadmin,
just to let you know, I have updated to your latest:

http://bkhome.org/news/?viewDetailed=00104

Thanks for sending me the source.

So good to hear from you, friend. I hope all is well. We have all missed you.

[jafadmin]

Bottom line: I will only remove usepeerdns from /etc/ppp/options, so that static IP and DNS addresses will work. I have no way to test this, so rely on users for feedback with lupu. Could you try removing it in a test in any puppy, to verify that no harm to gpptp is done without it?

Yes, Richard, I have tested this. In fact, I renamed "options", "options.ORIGINAL" and it tested fine.

Since I'm not sure which apps use the "options" file, it might be prudent to just comment out that line, but leave it as a breadcrumb if someone needs to do some testing?

The native "ip-up" file is just a copy of the "ip-up-EXAMPLE" file.

[Edit]

Also, the "ip-up" file in /etc/ppp gets archived, replaced, then restored to original when the pptp session is concluded.

[TJK]

This is the most recent thread that I could find on setting up PIA in puppy... and I've used the tutorial in msg#1 to try and get PIA working. I first tried installing Gpptp v2 on TahrPup32, but could not get it working. Since it had a lot of additional packages I tried installing by starting TP in RAM, but it still didn't work. Now I've installed lucid puppy 5.2 on a different machine, but still cannot get it working. (I had 5.2.8 working with the old version of Gpptp until recently.)

The details are: that I can start/run Gpptp and it states that a "VPN ppp0 - (pid xxxx) created. But when I test the connection the changes have not been made. Another check shows that "ip addr" is the same when Gpptp is connected or not.

[jafadmin]

Hi TJK,

I just saw this. I'll download Tahr 6.0.5 and try it. I'll get back to you as soon as I have an answer.