How to connect to your ISP with VPN (using mppe)
I had posted a thread at http://ubuntuforums.org/showthread.php?t=71860 on this subject, but it always seemed overly complex and I have since had some time to refine things a little. What I present here is a bash script that should help you connect by VPN to your ISP or WISP.
mppe stands for MS (you know who) point to point encryption. All I know is that my WISP uses this and I have to use it if I want to connect. I suspect that the steps in this wiki will work for other kinds of VPN's, but you will have to make the appropriate changes in the script to come.
I really wish that VPN would be an option during the initial installation setup of ubuntu...
- Ubuntu/Kubuntu/Edubuntu has been installed okay.
- You should have an IP address by hook or by crook. (dhclient eth0, static setting, whatever.)
You need the pptp-linux package, thankfully it's on the CD already (otherwise you would be in a nice little catch-22), so open a terminal and type: sudo apt-get install pptp-linux
proviso I have not the capacity to grok the meaning of the nebulous incantations uttered in the files created by this script. I know they control pppd (The point to point protocol daemon), but how and what and why are all beyond me. If things don't work for you, then I fear you are facing a man page. My very best wishes to you
WARNING: This script is not very smart. Please don't run it more than once... Get it right the first time. If you do, then you must edit certain files to fix the damage each time before you run it. Don't worry, this is not difficult to do. See troubleshooting at the end.
Copy this script into a file called 'vpn'.
if [ $# -lt 4 ]; then echo "You are short some args:" echo "$0 tunnel user password ip" exit fi tun=$1 nam=$2 pw=$3 ip=$4 #First the tunnel file in /etc/ppp/peers echo "Creating the tunnel file." cd /etc/ppp/peers rm -f $tun 2>/dev/null #Kill prev tunnel and hide errors ( cat <<EOF # name of tunnel, used to select lines in secrets files remotename $tun # name of tunnel, used to name /var/run pid file linkname $tun # name of tunnel, passed to ip-up scripts ipparam $tun # data stream for pppd to use pty "pptp $ip --nolaunchpppd " # domain and username, used to select lines in secrets files name $nam usepeerdns require-mppe refuse-eap persist debug dump # do not require the server to authenticate to our client noauth # adopt defaults from the pptp-linux package file /etc/ppp/options.pptp # end of tunnel file EOF ) > $tun #Now the options.pptp file echo "Creating options.pptp file." cd /etc/ppp rm -f options.pptp 2>/dev/null ( cat <<EOF lock noauth refuse-eap refuse-chap refuse-mschap nobsdcomp nodeflate require-mppe-128 EOF ) > options.pptp #Now chap-secrets echo "Creating the chap-secrets file." rm -f chap-secrets 2>/dev/null ( cat <<EOF $nam $tun $pw * EOF ) > chap-secrets #Now patch the ip-up script to add the route echo "Patching the ip-up script." echo "ip route add default dev \$1" >> ip-up #And now add a line to /etc/inittab echo "Adding a line to inittab and restarting it." cd /etc ( cat <<EOF #Recon the VPN S1:2345:respawn:/usr/sbin/pppd call $tun nodetach EOF ) >> inittab init q #Now start it manually echo "starting the link." pppd call $tun echo "All should be done now."
It takes four arguments, all simply plonked one after the other. If you sh vpn you should see the instructions.
The first argument is the name of your tunnel. No this is not rude! Ya gotta call your VPN-link something!
- The second argument is your username and the third is your password.
- The last is the IP address of the target server (Your ISP).
You must run the script via sudo An example of it's use is: sudo sh vpn MyVPN bruce soopersecret 22.214.171.124
After this, you should be connected. To test this, try typing sudo ifconfig and you should see a ppp0 entry. After this type route and you should see a bunch of stuff with default and ppp0 on the last row. All this is good news. If you don't see this stuff, then you have problems.
As a final test, try ping www.randi.org and you should see activity.
The script adds a line to your inittab file which causes it to re-connect should the link fail. It will also run the link on bootup (when exactly, I don't know), so you should never have to actually do anything to get online from now on.
Files to reset if you want to re-run the script:
/etc/inittab look for the S1:2345:respawn:/usr/sbin/pppd ... etc line and delete it.
/etc/ppp/ip-up go to the end and kill the ip route add ... etc line.
Now you can re-run the script.
ifconfig shows ppp0 as well as ppp1: This is a strange thing that has happened to me. I don't know what it means, but you can do a sudo killall pppd and then wait a few seconds for pppd to respawn and check again. This should nail it.
If you find that you cannot ping or surf this means (usually) thay you have no 'default' route to the Internet. You probably have the mysterious ppp1 gremlin. killall pppd should cure you.
If you want to manually connect (i.e. inittab has died or is not working, or you don't want the respawn bit in there anymore - p.s. if you remove it, remember to do an 'init q' to reset it.) then sudo pppd call NAMEOFYOURTUNNEL and make the obvious edit, should do it.
I tried the script today on a fresh Kubuntu 5.10 install and the results were mixed. There was a connection (ppp0 was there), but I could not get the default route to work at all. In the end I used pptpconfig (which I had installed from debs downloaded on another machine) and now the machine has Internet connection.
So, there is something missing in the picture. If anyone reading this has the knowledge, please take five minutes to enlighten us!
Well, that's it. I hope it works for you.