How to connect to your ISP with VPN (using mppe)

I had posted a thread at http://ubuntuforums.org/showthread.php?t=71860 on this subject, but it always seemed overly complex and I have since had some time to refine things a little. What I present here is a bash script that should help you connect by VPN to your ISP or WISP.

mppe stands for MS (you know who) point to point encryption. All I know is that my WISP uses this and I have to use it if I want to connect. I suspect that the steps in this wiki will work for other kinds of VPN's, but you will have to make the appropriate changes in the script to come.

Moan

I really wish that VPN would be an option during the initial installation setup of ubuntu...

Situation

• Ubuntu/Kubuntu/Edubuntu has been installed okay.
• You should have an IP address by hook or by crook. (dhclient eth0, static setting, whatever.)

apt-get time

You need the pptp-linux package, thankfully it's on the CD already (otherwise you would be in a nice little catch-22), so open a terminal and type: sudo apt-get install pptp-linux

The script

proviso I have not the capacity to grok the meaning of the nebulous incantations uttered in the files created by this script. I know they control pppd (The point to point protocol daemon), but how and what and why are all beyond me. If things don't work for you, then I fear you are facing a man page. My very best wishes to you

WARNING: This script is not very smart. Please don't run it more than once... Get it right the first time. If you do, then you must edit certain files to fix the damage each time before you run it. Don't worry, this is not difficult to do. See troubleshooting at the end.

Copy this script into a file called 'vpn'.

if [ $# -lt 4 ]; then
  echo "You are short some args:"
  echo "$0 tunnel user password ip"
  exit
fi

tun=$1
nam=$2
pw=$3
ip=$4

#First the tunnel file in /etc/ppp/peers
echo "Creating the tunnel file."
cd /etc/ppp/peers
rm -f $tun 2>/dev/null #Kill prev tunnel and hide errors
(
cat <<EOF
# name of tunnel, used to select lines in secrets files
remotename $tun
# name of tunnel, used to name /var/run pid file
linkname $tun
# name of tunnel, passed to ip-up scripts
ipparam $tun
# data stream for pppd to use
pty "pptp $ip --nolaunchpppd "
# domain and username, used to select lines in secrets files
name $nam
usepeerdns
require-mppe
refuse-eap
persist
debug dump
# do not require the server to authenticate to our client
noauth
# adopt defaults from the pptp-linux package
file /etc/ppp/options.pptp
# end of tunnel file
EOF
) > $tun

#Now the options.pptp file
echo "Creating options.pptp file."
cd /etc/ppp
rm -f options.pptp 2>/dev/null

(
cat <<EOF
lock
noauth
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
require-mppe-128
EOF
) > options.pptp

#Now chap-secrets
echo "Creating the chap-secrets file."
rm -f chap-secrets 2>/dev/null
(
cat <<EOF
$nam $tun $pw *
EOF
) > chap-secrets

#Now patch the ip-up script to add the route
echo "Patching the ip-up script."
echo "ip route add default dev \$1" >> ip-up

#And now add a line to /etc/inittab
echo "Adding a line to inittab and restarting it."
cd /etc
(
cat <<EOF
#Recon the VPN
S1:2345:respawn:/usr/sbin/pppd call $tun nodetach

EOF
) >> inittab

init q

#Now start it manually
echo "starting the link."
pppd call $tun
echo "All should be done now."

It takes four arguments, all simply plonked one after the other. If you sh vpn you should see the instructions.

• The first argument is the name of your tunnel. No this is not rude! Ya gotta call your VPN-link something!

• The second argument is your username and the third is your password.
• The last is the IP address of the target server (Your ISP).

You must run the script via sudo An example of it's use is: sudo sh vpn MyVPN bruce soopersecret 172.0.1.0

After this, you should be connected. To test this, try typing sudo ifconfig and you should see a ppp0 entry. After this type route and you should see a bunch of stuff with default and ppp0 on the last row. All this is good news. If you don't see this stuff, then you have problems.

As a final test, try ping www.randi.org and you should see activity.

The script adds a line to your inittab file which causes it to re-connect should the link fail. It will also run the link on bootup (when exactly, I don't know), so you should never have to actually do anything to get online from now on.

Troubleshooting

Files to reset if you want to re-run the script:

• /etc/inittab look for the S1:2345:respawn:/usr/sbin/pppd ... etc line and delete it.

• /etc/ppp/ip-up go to the end and kill the ip route add ... etc line.

Now you can re-run the script.

ifconfig shows ppp0 as well as ppp1: This is a strange thing that has happened to me. I don't know what it means, but you can do a sudo killall pppd and then wait a few seconds for pppd to respawn and check again. This should nail it.

If you find that you cannot ping or surf this means (usually) thay you have no 'default' route to the Internet. You probably have the mysterious ppp1 gremlin. killall pppd should cure you.

If you want to manually connect (i.e. inittab has died or is not working, or you don't want the respawn bit in there anymore - p.s. if you remove it, remember to do an 'init q' to reset it.) then sudo pppd call NAMEOFYOURTUNNEL and make the obvious edit, should do it.

Problems

I tried the script today on a fresh Kubuntu 5.10 install and the results were mixed. There was a connection (ppp0 was there), but I could not get the default route to work at all. In the end I used pptpconfig (which I had installed from debs downloaded on another machine) and now the machine has Internet connection.

So, there is something missing in the picture. If anyone reading this has the knowledge, please take five minutes to enlighten us!

The End

Well, that's it. I hope it works for you.

CategoryCleanup