Vpn pptp клиент linux

Подключение через VPN (pptp клиент) в GNU/Linux

При подключении к новому провайдеру столкнулся с проблемой настройки подключения к интернету через VPN. Все рекомендации, найденные в интернете (в т.ч. и на сайте провайдера), желаемого результата не дали. Везде направление описывается правильное, но за кадром остаются некоторые «моментики», которые приводили к отсутствию интернета у меня. По этому опишу свою последовательность действий с необходимыми комментариями.

Все описанное проверено на дистрибутива Debain Squeeze. Впрочем наверняка будет работать и в прочих дистрибутивах GNU/Linux. Мне не очень нравятся графические утилиты для настройки сети и по этому описываю, как все настроить в консоли. Все команды, приведенные ниже, необходимо выполнять с привилегиями пользователя root, т.е. вы должны либо зайти в терминал под root’ом или воспользоваться в терминале командой «su» или перед каждой командой вводить «sudo». Конфигурационные файлы редактировать надо так же от root.

Открываем в редакторе файл /etc/network/interfaces. И редактируем секцию интерфейса, к которому подключен провайдер (в качестве примера eth1).

Теперь необходимо задать адрес серверов DNS. Для этого открываем файл /etc/resolv.conf и добавляем следующие строки:

Теперь при перезагрузке сети (при перезагрузке системы или по команде /etc/init.d/networking restart вам будет доступна локальная сеть провайдера. И вы можете узнать IP-адрес VPN-сервера при помощи команды ping

Теперь необходимо настроить VPN соединение.

В систем должен быть установлен пакет pptp-linux. Для установки воспользуйтесь вашим пакетным менеджером или введите команду:

Приступаем к настройке. Создаем файл в каталоге /etc/ppp/peers/ с именем . Настройки в данном файле прописаны по рекомендации моего провайдера. Однако с небольшим исправлением: на сайте провайдера указано, что имя пользователя необходимо вводить в кавычках. У меня работает и так и так. Кроме того, добавил строку noauth.

Далее редактируем файл /etc/ppp/chap-secrets. В отличии от примера на сайте провайдера добавлена звездочка в конце строки.

Теперь можно пробовать установить соединение командой. Если вы отключили автоматическое подключение, то именно данной командой вы можете его устанавливать в дальнейшем.

Если все пройдет без ошибок, то ни каких сообщений не будет выведено. Наличие подключения можно проверить командой

В выводе этой команды должен появиться интерфейс «ppp0». Впрочем на конце может быть другая цифра, если у вас уже существует иное ppp-подключение.

Если у вас есть необходимость отключить используйте команду

Источник

Linux configure point to point tunneling PPTP VPN client for Microsoft PPTP vpn server

With this tip you will be able to work from home using VPN and that too from Linux / FreeBSD system for the proprietary Microsoft Point-to-Point vpn server.

Different organization uses different VPN connection options such as SSL, PPTP or IPSEC. When you need to access corporate network and its services, you need to login using VPN.

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. It works on Data link layer (#2 layer) on TCP/IP model. Personally I prefer IPSEC. PPTP Client is a Linux, FreeBSD, NetBSD and OpenBSD client for the proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP. Allows connection to a PPTP based Virtual Private Network (VPN) as used by employers and some cable and ADSL internet service providers.

But many originations use PPTP because it is easy to use and works with Windows, Mac OS X, Linux/*BSD and other handled devices.

Compatibility note

I’ve tested instructions and pptp on:
[a] CentOS / RHEL / Fedora Core Linux running 2.6.15+ kernel
[b] Ubuntu and Debian Linux running 2.6.15+ kernel
[c] FreeBSD etc

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

I’ve found that pptp client is 100% compatible with the following servers/products:
[a] Microsoft Windows VPN Server
[b] Linux PPTP Server
[c] Cisco PIX etc

How do I install PPTP client under Linux?

By default most distro installs PPTP client called PPTP-linux which is the client for the proprietary Microsoft Point-to-Point Tunneling. Use apt-get or yum command to install pptp client:
$ sudo apt-get install pptp-linux network-manager-pptp
Fedora Core user can install client using rpm command:
# rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
# yum —enablerepo=pptp-stable install pptpconfig

[a] network-manager-pptp or pptpconfig – A gui network management framework (PPTP plugin) for network-admin tool (frontend)
[b] pptp-linux – Point-to-Point Tunneling Protocol (PPTP) command line client

How do I configure client using command line (cli)?

You need to edit / create following configuration files

• /etc/ppp/chap-secrets – Add your login name / password for authentication using CHAP. Pppd stores secrets for use in authentication in secrets files.
• /etc/ppp/peers/myvpn-name – A dialup connection authenticated with PAP / CHAP configuration file. You need to add your dialup server name and other information in this file.

Sample configuration data

1. PPTP server name: pptp.vpn.nixcraft.com
2. VPN User Name : vivek
3. VPN Password: VpnPassword
4. Connection name: delhi-idc-01

Open /etc/ppp/chap-secrets file:
# vi /etc/ppp/chap-secrets
OR
$ sudo vi /etc/ppp/chap-secrets
Append line as follows:
vivek PPTP VpnPassword *

Save and close the file.

Create a connection file called /etc/ppp/peers/delhi-idc-01 (replace delhi-idc-01 with your connection name such as office or vpn):
# vi /etc/ppp/peers/delhi-idc-01
Append configuration data as follows:
pty «pptp pptp.vpn.nixcraft.com —nolaunchpppd»
name vivek
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam delhi-idc-01

Close and save the file. Where,

• pty “pptp pptp.vpn.nixcraft.com –nolaunchpppd”: Specifies that the command script is to be used to communicate rather than a specific terminal device. Pppd will allocate itself a pseudo-tty master/slave pair and use the slave as its terminal device. The script will be run in a child process with the pseudo-tty master as its standard input and output. An explicit device name may not be given if this option is used. (Note: if the record option is used in conjunction with the pty option, the child process will have pipes on its standard input and output.). In this case we are using pptp client to establishes the client side of a Virtual Private Network (VPN) using the Point-to-Point Tunneling Protocol (PPTP). pptp.vpn.nixcraft.com is my host name (or IP address) for the PPTP server. –nolaunchpppd option means do not launch pppd but use stdin as the network connection. Use this flag when including pptp as a pppd connection process using the pty option.
• name vivek: VPN username
• remotename PPTP: Set the assumed name of the remote system for authentication purposes to name. If you don’t know name ask to network administrator
• require-mppe-128: Require the use of MPPE, with 128-bit encryption. You must encrypt traffic using encryption.
• file /etc/ppp/options.pptp: Read and apply all pppd options from options.pptp file. Options used by PPP when a connection is made by a PPTP client.
• ipparam delhi-idc-01 : Provides an extra parameter to the ip-up, ip-pre-up and ip-down scripts (optional).

Route traffic via ppp0

To route traffic via PPP0 interface add following route command to /etc/ppp/ip-up.d/route-traffic
# vi /etc/ppp/ip-up.d/route-traffic
Append following sample code (modify NET an IFACE as per your requirments):
#!/bin/bash
NET=»10.0.0.0/8″ # set me
IFACE=»ppp0″ # set me
#IFACE=$1
route add -net $ dev $
Save and close the file:
# chmod +x /etc/ppp/ip-up.d/route-traffic

Task: connect to PPTP server

Now you need to dial out to your office VPN server. This is the most common use of pppd. This can be done with a command such as:
# pppd call delhi-idc-01
If everything is went correctly you should be online and ppp0 should be up. Remote server will assign IP address and other routing information. Here is the message from my /var/log/messages file:
# tail -f /var/log/messages
Output:

Task: Disconnect PPTP server vpn connection

Simply kill pppd service, enter:
# killall pppd
OR
# kill

How do I configure PPTP client using GUI tools?

If you are using Debian / Ubuntu, just click on Network configuration Icon on taskbar > VPN Connection > Configure VPN > Add:

Save and close the dialog box. To connect via VPN click on Network Icon > Select VPN Connection > Connection name (Mumbai VSNL IDC) > Enter your VPN username and password and click on Ok

If you are using Fedora core Linux, run pptpconfig as root and just follow on screen instructions:
# pptconfig &

Troubleshooting hints

If the connection fails, you might need to gather more information and try out following troubleshooting tips.

Q. I’m authenticated successfully but cannot route traffic..

A. Use route command to add route manually:
# ip route add dev ppp0
# ip route add 10.0.0.0/8 dev ppp0
Or use route command:
# route add -net 10.0.0.0 netmask 255.0.0.0 dev ppp0

Q. I’m authenticated successfully, I can ping to remote gateway but cannot access host by name…

A. Setup correct DNS server names in /etc/resolv.conf file:
# cat /etc/resolv.conf
Output:
search nixcraft.com
nameserver 10.0.6.1
nameserver 10.0.6.2
nameserver 208.67.222.222

Q. How do I open my local network (laptop, desktop and other system) to talk with any computer behind VPN server via this local Linux ppp0 interface (i.e. act this computer as router)…?

A. Append following two rules in your existing iptables rules to turn on routing (adjust IP address range as per your setup):
iptables —table nat —append POSTROUTING —out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
iptables —append FORWARD —in-interface eth0 -j ACCEPT

Q. Point-to-Point Encryption is not working and I’m not able to connect to remote PPTP server…

A. Make sure you are using 2.6.15 or above kernel. If you are using old kernel version upgrade to latest version and compile support for ppp_mppe kernel module. If you are using latest version, load driver using modprobe:
# modprobe ppp_mppe
# pppd call myoffice

Note: You can always get more information by reading pptp diagnosis howto here.

A note to readers

As I said earlier I prefer to use open source solution such as OpenVPN or IPsec as they are more secure. The PPTP is not secure enough for some information security policies. Next time I will write about OpenVPN and IPsec.

Источник

Ubuntu Documentation

Needs Updating
This article needs updating to include the latest versions of Ubuntu. More info.

Connecting to a VPN in Ubuntu

This document was originally written for Ubuntu 6.10 (Edgy Eft), running the GNOME desktop, by freeatlast. It describes connecting to a VPN as a client. There is also information available on how to set up a VPN server.

QuickStart

If you are lucky, you will be able to get connected using the instructions in this section. If not, the remainder of this document will walk you through the process in more detail, and hopefully will help you get sorted!

Obtain your connection type (currently available are Microsoft PPTP, Cisco, or OpenVPN) and authentication details from your VPN administrator.

Install Network Manager Applet through the Add/Remove in the Ubuntu menu.

Install the plug-in for your connection type — either network-manager-pptp, network-manager-vpnc (Cisco) or network-manager-openvpn (use Synaptic Package Manager or apt-get).

Left click the network manager applet (two monitor screens one behind the other probably in the bottom right of your screen) and select VPN Connections->Configure VPN->Add, then enter your connection details. There may be another icon that looks similar to this, which will bring up a dialog ‘Connection Properties’ if you left click it — this is not the one you want. Reboot if the applet is not visible.

Left click the network manager applet and select VPN Connections then click on your connection to connect.

If your new connection is greyed out and unselectable, or all you see is Manual Configuration. :

Backup /etc/network/interfaces to /etc/network/interfaces.original.

Delete all lines from /etc/network/interfaces not including the string «lo» (leaving two lines, probably the first two, beginning auto and iface).

Reboot.

If the above step leaves you with no internet connection at all, replace the original file and reboot.

Introduction to VPN

If you are familiar with VPN connections under Microsoft Windows, you might still benefit from reading this section. If you are familiar with VPN and the vagaries of how things work on modern computers (and particularly on Linux) you can skip it. Certainly, if you want to cut to the chase, head for part 2!

What is a VPN?

This section is very introductory, and if you know what a VPN is, you can skip it.

Many companies and universities (and some home users) run a ‘local area network’ (LAN) in their buildings, where many computers are connected together so that employees or students can share resources (printers, shared files, etc.). The people running these networks do not want the public (that is, the rest of the internet) to have access to their local network — considered private — so they secure it. The outside world can then not ‘see in’ (though the people on the local network can generally see out!).

It is often the case, however, that the organization will want its personnel to be able to ‘see in’ when they are out and about in the world — they may, for instance, need access to files they keep in their office. This is a textbook example of when the VPN comes in handy. VPN — ‘virtual private network’ — is a technology that allows a user physically outside the private network to bring themselves virtually inside it, thus gaining access to all of the resources that would be available were the user physically inside the network.

The organization will run a server which listens on a particular address for personnel to call in and request access. The user (i.e., you) will run a VPN client on their own computer, which will call up the VPN server and ask to be allowed to connect. Assuming the user can provide a recognized username and password when challenged by the server, the server and client machines will then negotiate a secure (i.e. encrypted) channel between them. Once this channel is established, the two machines can talk to each other without fear of anyone overhearing what they are saying, and your company boss will then think it’s ok for you to upload/download sensitive company data over this channel.

Typically, once this channel is established, all communications from and to your computer will go over it.

What are the parts of a VPN?

VPN Servers

The VPN Server is run by your organization. You can run a VPNServer on Ubuntu, of course, but that is completely the other end of the system from what we’re talking about here.

There is more than one way to VPN — any system that can establish a secure channel between you and your workplace, and then route all your communications over that channel, constitutes a VPN. Naturally, several groups have designed VPN ‘protocols’. The one you will want to use will depend on the type that your organization uses, and to find that out you will have to ask your administrator. If you don’t know offhand, but you do have your connection details, you might be able to ascertain the type of VPN protocol your organization uses because the different types require different connection details. This page covers the following types:

Microsoft’s Point to Point Tunneling Protocol (PPTP), common with small business networks and Windows servers, requires host, username and password.

Cisco’s VPN (VPNC) requires host, group username and group password, as well as username and password.

OpenVPN and IPSEC are not currently covered here.

VPN Clients

Once you have ascertained the VPN protocol you need to use, you’ll need a client program to handle your end of the secure connection. For each protocol, there’s a separate client program. They are not included with a default Ubuntu install. but they are easy to install (instructions below).

The VPN client will run invisibly in the background, maintaining your end of the VPN connection — that is, it doesn’t have any windows or anything helpful like that for you to communicate with it. However, you’re going to have to interact with it to tell it your connection details, and to tell it when to connect and disconnect.

Under Windows (XP, at least), you could do this by using the ‘Add New Connection’ wizard, and choosing ‘connect to my workplace (VPN)’. Under Ubuntu, automatic set-up of this sort is developing fast, but you may have problems. If you do, this page should help you to solve them. Currently, things are somewhat in flux, and one of several different approaches may suit your particular situation. We will review them all below, and they are listed in the order that you should try them.

Summary

Let’s just take a breath and summarize this introduction — to get your VPN connection up and running, you’re going to need (a) your connection details, supplied to you by Bob in IT, (b) a VPN client that matches the protocol your organization uses, and (c) some way of managing that client. In the next part, we’ll go through installing the bits you need, and configuring that connection. It can be tricky, so be ready to cry.

Installing and managing a VPN connection

For general information on how to install software in Ubuntu, look at InstallingSoftware. All packages listed in the following are available through the usual routes for package management — those marked AM can be reached through the ‘Add/Remove applet’; those marked SPM must be installed using ‘Synaptic Package Manager’ (‘Adept Manager’ on Kubuntu or aptitude, apt-get). You must first enable the Universe software repository.

Configuring a connection (VPN Management)

Using NetworkManager

(NetworkManager) is a project to simplify Linux networking for desktop and laptop users. It supports VPN connections, and plugins are currently available for PPTP, VPNC and OpenVPN. It is packaged as Network Manager (AM) or nm-applet (SPM), and is installed by default as of Ubuntu 7.04.

By default, NetworkManager does not include any VPN plugins. You can choose to install:

the PPTP plugin, network-manager-pptp (SPM).

the Cisco VPNC plugin, network-manager-vpnc (SPM).

the OpenVPN plugin, network-manager-openvpn (SPM).

On Kubuntu Feisty you also need network-manager-gnome (SPM), due to bug 113505

NetworkManager appears in your notification area (normally next to the clock, in the top right hand corner of your screen) as an icon — either two monitors, one behind the other, or, if connected to wireless, a series of bars like a set of stairs. To configure a VPN connection, left click this icon and select VPN connections, Configure VPN and Add. You will be offered a choice of protocols on the second page of the wizard that pops up, but you will be offered only the protocols for which you’ve installed the appropriate plugin.

NetworkManager only allows VPN connections if it is currently managing a connection. If your network interface is manually configured (in the Network Administration Tool under System/Administration) or in /etc/network/interfaces), it is not managed by NetworkManager. If the option for VPN connections is greyed out, NetworkManager is not managing a connection. Remove the connections from the Network Administration Tool, or manually edit /etc/network/interfaces. For a general case, it is safe to backup the interfaces file, and reduce its to only contain

NetworkManager connections are only available once a user has logged in. System-wide networking is planned for the next major version of NetworkManager, 0.7.0.

Debugging a connection

VPN plugins work by collecting the required information, and then passing it through to a program which runs the connection. The information for each connection is stored in the gconf preferences database, on a per-user basis. If you need to edit this manually, run Applications/System Tools/Configuration editor (or gconf-editor from a terminal). Connections are stored under system/networking/vpn_connections.

It should not be possible to have two connections with the same name. If you find a connection will not start, it is possible you have two connections with the same name, and you should delete them manually using gconf-editor.

NetworkManager plugins log to syslog. Each plugin may have the option to enable debugging, so please enable it if you are submitting a bug report or trying to figure out why your connection does not establish.

Automatically starting your VPN connection on log-in

You can easily make the network manager applet start on log-in by adding the command nm-applet to your sessions. (Under System->Preferences->Session by default) However, this doesn’t mean your configured connection fires up too. To make this happen you can add another command to your session startup programs:

/usr/lib/network-manager-vpnc/nm-vpnc-auth-dialog -s -n

Connection name is the name of your connection and service_name can be one of the following:

the PPTP plugin, ‘org.freedesktop.NetworkManager.pptp’

the Cisco VPNC plugin, ‘org.freedesktop.NetworkManager.vpnc’

the OpenVPN plugin, ‘org.freedesktop.NetworkManager.openvpn’

If you are not sure what values are correct, then follow the steps described in Debugging a connection.

Note that you will be asked for your password and username when you have not stored those in the default gnome keyring and installed and configured libpam-keyring correctly.

Using KVpnc

This third-party tool is designed for KDE, but will run fine under GNOME too. It is packaged as KVpnc (AM). Once installed, you may find that when you run it it complains «cannot find su-to-root» or something like it — if so, it wants to be root, so run it with sudo or gksudo, e.g. open a terminal and enter sudo kvpnc.

REFERENCE INFORMATION Configuration files are stored in /etc/ppp/peers and prefixed kvpnc. I think they are copied from existing VPN connection files in that folder (if present). In other words, you are managing the same thing that PPTPconfig and Manual manage.

Manually configuring your connection

You should only attempt this if you are familiar with Linux administration and networking, or the above methods have failed.

PPTP support is available in the pptp-linux package. pptp is an extension to the PPP program, commonly used for dial-up modems. It uses a configuration file in the /etc/ppp/peers directory. Instructions on installing a program to configure PPTP connections are available from the pptpclient website.

To manually create a connection, you can create a file such as /etc/ppp/peers/myvpn:

You will also need an entry in the file /etc/ppp/chap-secrets to specify your password. It should be added at the bottom, and look like this:

You can then start the connection using the command pon myvpn nodetach, and stop it using Ctrl+C. In fact, that command line is a great command line to stick in a launcher on the toolbar (must be «Application in Terminal» type launcher).

Scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d are run on connection and disconnection, which gives you a chance to do routing using route or just log the state of things. Really, if you get as far as a script in /etc/ppp/ip-up.d actually triggering, you’re probably basically there in any case so stop crying now. You might also be interested in /etc/resolv.conf where your current DNS is specified, and the commands ip and ss.

The Cisco VPNC client is available in the vpnc package (SPM).

Configuration files are stored in /etc/vpnc, which was protected to root on my installation so you might need to use sudo for all commands here. Copy example.conf to myvpn.conf

and edit the new file to look like this:

Note that you can leave out

if you want, and you will be prompted. Now, run vpnc-connect myvpn to start the connection — your output should look something like this:

You can then connect/disconnect with the commands vpnc-connect myvpn and vpnc-disconnect myvpn.

If you have a .pcf configuration file from a Windows® installation of the Cisco VPN client, it is easiest to convert this file. Ubuntu Geek has a tutorial on how to set up a Cisco VPN on Ubuntu 9.04 Jaunty. The steps are descriptive, even though there is some compiling involved.

OpenVPN

The OpenVPN client is part of the openvpn package (SPM).

Installing OpenVPN is outside the scope of this document, but it is well documented at the OpenVPN website.

Extra credit: how VPN works

A little knowledge of what goes on «under the hood» can be the difference between connection and confusion. These examples assume a PPTP VPN connection.

Bringing up the ‘tunnel’

Your client calls over your normal connection (e.g. your wired/wireless link, e.g. eth0, eth1) to the VPN server. They negotiate authentication so they both believe each other are who they say they are. They exchange encryption information, and can now talk to each other on a narrow channel (a ‘tunnel’) without anyone else overhearing by sending what they want to say to each other in encrypted packets. This is very interesting, but is useless until some other application wants to send data over this encrypted line. This works as follows.

Rerouting communications

When an application on your box asks linux to send a packet to some destination host (e.g. ubuntu.com), the following occurs:

ubuntu.com is resolved to 82.211.81.166 by your DNS server, which is specified in /etc/resolv.conf

Linux decides where to send that packet first by looking up in the routing table — type route into a terminal to see the table

typically, it is routed to your primary interface (NIC) first. that interface will then route it to probably your router. the router will then probably send it your modem, which will pass it up to your ISP. from there, it’s anybody’s guess, but the game continues, route by route by route, until it (hopefully) reaches the server at ubuntu.com.

Note, you can test name resolution (ubuntu.com -> 82.211.81.166) by typing ping ubuntu.com at the terminal prompt. You can test packet routing by executing tracepath ubuntu.com (your mileage may vary).

Once a VPN tunnel has been established, the above process will carry on unaffected, unless packets are re-routed over the new tunnel. This is done by adding an entry to your routing table, pointing (often all) packets at your tunnel, your point-to-point interface, ppp0 probably. Now, when an application asks linux to send a packet to 82.211.81.166, linux routes it to ppp0. ppp0 encrypts it and readdresses it, so it now gets sent to the VPN server (via the usual non-tunnel route, eth1 or whatever). when the VPN server receives it, it unencrypts it to extract the original packet, and sends it off into its private network (do you see how we just went over the tunnel there?). Hence, if you now ask for ubuntu.com in your browser, the request goes.

• ppp0 (your end of the VPN tunnel), encryption into a container packet, and readdress to your VPN server.
• eth0/1, off into the internet as usual.
• reaches the VPN server, unencryption, and back to its original address, ubuntu.com.
• off into the private network.
• out into the internet again, to ubuntu.com.

Notes

• Your VPN can connect/disconnect successfully, and have no effect on how the rest of your communications function, unless traffic is routed over the VPN (tunnel).
• Bringing up the VPN, thus, involves both establishing that secure link, and doing the appropriate re-routing.

You can add/remove routes in script using route add and route del.
You can have scripts run automatically as a connection (e.g. VPN) is brought up and down by placing them in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d

You can check the current route table by typing route in a terminal.

The connection client may re-route automatically unless you tell it not to (pon has an option nodefaultroute i think).

(this happened to me) If you route all traffic over the tunnel once the VPN connection is up, even your encrypted packets will get routed over the tunnel. Thus, your original packet A will get encrypted into A*, and sent over the tunnel, encrypted into A**, sent over the tunnel, etc. (see below under ‘Packet recursion’).

Thus, a typical route table after connection of the VPN will have traffic sent over the tunnel by default, unless it’s headed for your VPN server, in which case it’s routed straight to your interface card (e.g. eth1).

More advanced routing is possible, with some traffic going over the tunnel, and some going out as usual, but this is not covered here.

Let’s face it, we’ve barely covered routing at all, but I just wanted to give some hints.

Troubleshooting

The PPTP-client website has some great troubleshooting tips. Start there, even if you’re using NetworkManager’s PPTP support.

VPN stops working after

• Make sure that the IP subnets on your client machine and the VPN network you want to connect to are different, i.e. Client 192.168.1.x VPN network 192.168.2.x

MPPE required, but MS-CHAP[v2] auth not performed in debug log messages from pon

• Your authentication data is missing from the file /etc/ppp/chap-secrets
  • Use pptpconfig to correct this, by trying to connect to the connection and entering your data and asking it to store it
  • Enter a new line in /etc/ppp/chap-secrets reading «username connname password-plaintext *»

Packet recursion

• Symptoms — client appears to connect, but VPN does not work (you can’t access private resources), and it probably disconnects shortly after connection (30-120 seconds).
• Test for packet recursion — open a terminal, and while the connection is ‘up’, type ‘ip -s link’ 3 or 4 times. If you are suffering packet recursion, one of your listed interfaces (probably ppp0) will show ‘TX bytes’ increasing rapidly on each call to ip (megabytes per second).
• Cause — packets are being routed back on themselves, and so a single packet is looping round and round through the same interface.

See http://pptpclient.sourceforge.net/howto-diagnosis.phtml#lots_of_data.

This is caused because VPN traffic (which should go raw to the VPN server, rather than going over the tunnel) starts going through the tunnel once it is established. This is stupid, since it this traffic that represents the tunnel, so it can’t actually go through the tunnel — see ‘how it works’.

Cannot determine ethernet address for proxy ARP

• This message occurs during PPTP connection but does not indicate a problem — do not worry about it.

VPNClient (последним исправлял пользователь raliski 2015-03-26 17:46:06)

The material on this wiki is available under a free license, see Copyright / License for details
You can contribute to this wiki, see Wiki Guide for details

Источник