Do you need to connect to a Windows VPN from Linux command line? It’s simple even though the Point-to-Point Tunneling Protocol (PPTP) is proprietary. First, install the pptp client for the linux command line:
sudo apt-get install pptp-linux |
Then create a new file called chap-secrets, inside /etc/ppp:
sudo vim /etc/ppp/chap-secrets |
This file is where your VPN username and password will be kept. Add this line to it:
your_username PPTP your_password * |
Apparently, you need to change ‘your_username’ and ‘your_password’ to your own. The ‘PPTP’ is just a name you give to remote server. You might want to change it to something else. It doesn’t really matter.
Next, create the basic configuration file for pptp-linux. This file must be kept inside /etc/ppp/peers but you can name it anyway you want. Let’s say, you name it ‘cnc’:
sudo vim /etc/ppp/peers/cnc |
Inside the new file, add the following lines:
pty "pptp REMOTE_SERVER_IP --nolaunchpppd" name your_username #use the same name you used in chap-secrets remotename PPTP #use the same remote name you used in chap-secrets ipparam cnc #use the same name you used in naming this file require-mppe-128 #encrypt all traffic using 128-bit encryption file /etc/ppp/options.pptp #use standard PPP options when connecting |
Apparently, you need to change REMOTE_SERVER_IP to the IP address of your VPN server.
Finally, create a new script inside /etc/ppp/ip-up.d to route traffic through the new ppp0 device. This script will be running every time ppp is up. Use any filename you like. I used ‘my_traffic’.
sudo vim /etc/ppp/ip-up.d/my_traffic |
As you see in this example, I use 10.172.16.0/24 to force the kernel to route all packets directed to the IP range 10.172.16.0 – 10.172.16.254 to go through PPTP:
#!/bin/bash route add -net 10.172.16.0/24 dev ppp0 |
Apparently, you need to change the ‘10.172.16.0’ part with the IP range of your remote network.
That’s all! Connect with this simple command:
sudo pon cnc |
In parallel, you can watch for PPTP messages with
tail -f /var/log/syslog |
You need to see something like that:
Sep 14 02:09:30 vaio pppd[4516]: local IP address 10.172.16.249 Sep 14 02:09:30 vaio pppd[4516]: remote IP address 10.49.217. |
This means that you have acquired a VPN IP and you are probably OK. Check ifconfig to be sure.
If you manage to connect to your VPN, you will be able to ping to the above IP range, ssh to them, etc, just like as you were in office.
When you are done, disconnect with this command:
sudo poff cnc |
atma
Apart from the fact that it’s proprietary, PPTP2 has serious security flaws. I would go for OpenVPN for it’s simplicity and it’s increased security. It’s multiplatform too, I use it to connect 4 macs, a Linux server and a windows desktop.
Simos
Για όσους έχουν Linux με το Network Manager μπορούν να κάνουν τη διαδικασία αυτή εύκολα από το γραφικό περιβάλλλον. Τουλάχιστον σε Ubuntu 10.04 είναι όλα έτοιμα για να γίνει η σύνδεση και δε χρειάζεται να μπει κάποιος στην κονσόλα για επιπλέον εντολές.
Στο νέο NetworkManager υπάρχει τώρα (μάλλον με Ubuntu 10.10 ή νεότερο) υπάρχει CLI λογισμικό για να κάνεις την ίδια δουλειά από τη γραμμή εντολής. Δηλαδή το NetworkManager θα μπορεί να λειτουργήσει και δίχως GUI.