dimitris kalamaras

mathematics, social network analysis, free software…

How to connect to PPTP-based VPN from Linux

Do you need to connect to a Windows VPN from Linux command line? It’s simple even though the Point-to-Point Tunneling Protocol (PPTP) is proprietary. First, install the pptp client for the linux command line:

sudo apt-get install pptp-linux

Then create a new file called chap-secrets, inside /etc/ppp:

sudo vim /etc/ppp/chap-secrets

This file is where your VPN username and password will be kept. Add this line to it:

your_username      PPTP    your_password        *

Apparently, you need to change ‘your_username’ and ‘your_password’ to your own. The ‘PPTP’ is just a name you give to remote server. You might want to change it to something else. It doesn’t really matter.

Next, create the basic configuration file for pptp-linux. This file must be kept inside /etc/ppp/peers but you can name it anyway you want. Let’s say, you name it ‘cnc’:

sudo vim /etc/ppp/peers/cnc

Inside the new file, add the following lines:

pty "pptp REMOTE_SERVER_IP --nolaunchpppd" 
name your_username    #use the same name you used in chap-secrets
remotename PPTP       #use the same remote name you used in chap-secrets
ipparam cnc           #use the same name you used in naming this file
require-mppe-128      #encrypt all traffic using 128-bit encryption
file /etc/ppp/options.pptp #use standard PPP options when connecting

Apparently, you need to change REMOTE_SERVER_IP to the IP address of your VPN server.

Finally, create a new script inside /etc/ppp/ip-up.d to route traffic through the new ppp0 device. This script will be running every time ppp is up. Use any filename you like. I used ‘my_traffic’.

sudo vim /etc/ppp/ip-up.d/my_traffic

As you see in this example, I use 10.172.16.0/24 to force the kernel to route all packets directed to the IP range 10.172.16.0 – 10.172.16.254 to go through PPTP:

#!/bin/bash
route add -net 10.172.16.0/24 dev ppp0

Apparently, you need to change the ‘10.172.16.0’ part with the IP range of your remote network.

That’s all! Connect with this simple command:

sudo pon cnc

In parallel, you can watch for PPTP messages with

tail -f /var/log/syslog

You need to see something like that:

Sep 14 02:09:30 vaio pppd[4516]: local IP address 10.172.16.249
Sep 14 02:09:30 vaio pppd[4516]: remote IP address 10.49.217.

This means that you have acquired a VPN IP and you are probably OK. Check ifconfig to be sure.

If you manage to connect to your VPN, you will be able to ping to the above IP range, ssh to them, etc, just like as you were in office.

When you are done, disconnect with this command:

sudo poff cnc

Previous

SocNetV on Maemo-N900?

Next

Linux Inside #1 – Καλή μας αρχή!

2 Comments

  1. Apart from the fact that it’s proprietary, PPTP2 has serious security flaws. I would go for OpenVPN for it’s simplicity and it’s increased security. It’s multiplatform too, I use it to connect 4 macs, a Linux server and a windows desktop.

  2. Για όσους έχουν Linux με το Network Manager μπορούν να κάνουν τη διαδικασία αυτή εύκολα από το γραφικό περιβάλλλον. Τουλάχιστον σε Ubuntu 10.04 είναι όλα έτοιμα για να γίνει η σύνδεση και δε χρειάζεται να μπει κάποιος στην κονσόλα για επιπλέον εντολές.

    Στο νέο NetworkManager υπάρχει τώρα (μάλλον με Ubuntu 10.10 ή νεότερο) υπάρχει CLI λογισμικό για να κάνεις την ίδια δουλειά από τη γραμμή εντολής. Δηλαδή το NetworkManager θα μπορεί να λειτουργήσει και δίχως GUI.

Leave a Reply

Creative Commons License
Licensed under a Creative Commons Attribution-ShareAlike 4.0 International License - Powered by Linux