Network Manager, PPTP : technovelty

After this post by Stephen Thorne I was inspired to get PPTP tunneling working with network manager so I can easily get online at LCA2007, and you all can't see what I'm surfing. The plan is to tunnel back through my house. Here is a terse overview of what I did

Install network-manager package.
Remove entries from /etc/network/interfaces. That pretty much gets network manager working.
Restart network manager with sudo /etc/dbus-1/event.d/25NetworkManager restart. Generally do this after you fiddle with anything behind network-managers back.
Look for network-manager-pptp package, realise it is only on Ubuntu. Rebuild for debian. Install and restart
On my home router, forward port 1723 to my server.
Install pptpd package on server.
# modprobe ppp_mppe on server and laptop
# echo "ianw pptpd password *" > /etc/ppp/chap-secrets on server
Modify the IP paramters in /etc/pptpd.conf on server to be sane.
Modify /etc/ppp/pptpd-options on server to send a local DNS server.
Enable IP forwarding in /etc/sysctl.conf on server

Now, back to my laptop, I add a new VPN connection with network-manager. You can put the following in a file and "import" it, and it may work.

 [main]
 Description=wienand
 Connection-Type=pptp
 PPTP-Server=my.home.server
 Use-Peer-DNS=yes
 Encrypt-MPPE=no
 Encrypt-MPPE-128=yes
 Compress-MPPC=no
 Compress-Deflate=no
 Compress-BSD=no
 PPP-Lock=yes
 Auth-Peer=no
 Refuse-EAP=no
 Refuse-CHAP=no
 Refuse-MSCHAP=no
 MTU=1416
 MRU=1416
 LCP-Echo-Failure=10
 LCP-Echo-Interval=10
 PPP-Custom-Options=
 Peer-DNS-Over-Tunnel=yes
 X-NM-Routes=
 Use-Routes=no

The big trick for me was having Auth-Peer turned off Restart network-manager after this.

Attempt to connect to your new VPN via network-manager. If you are very lucky, it will "just work". If you are unlucky, you will spend the next few hours staring at the syslogs on both server and client, after turning up the level of debugging for both.

My only problem now is how do I get a domain suffix to my laptop so I can easily get to my home network resources, which all live at server.wienand.home, without editing /etc/resolv.conf by hand? Any suggestions welcome!

posted at: Fri, 12 Jan 2007 15:50 | in /linux | permalink | add comment (3 others)

Posted by John Clarke at Sat Jan 13 12:06:00 2007

Run a script after the tunnel comes up which does a zone transfer from your home dns server and populates /etc/hosts, and another script when the tunnel is brought down which removes them.

I do this with openvpn which can run scripts when the vpn is started or stopped. Email me if you want a copy of my scripts.

If you can't do the same with the pptp client, you can do it via Network Manager's dispatcher mechanism, which I also use to configure my laptop for work/home/elsewhere.

Posted by Alex van Niel at Sun Apr 29 16:33:09 2007

Would these scripts of yours also fix the problem I am having: I can connect but for me it doesn't just work :( I can't ping anywhere ... when I ping to the VPN server (either it's VPN address or it's original server address used in the network at work) I get "ping: sendmsg: Operation not permitted" and I can't use the network at work... no browsing, no terminal server clients connect, no VNC clients can connect...
Would this be solved with your scripts?? If so I would be VERY interested in them!

If you wish to send an e-mail to me, you can use this form:
http://members.chello.nl/a.vanniel/weblog/html/email_form3.html

Since I am struggling with this for quite some time now and I need it to work, I would appreciate ANY help.

Posted by Andrew Maclean at Fri Aug 24 10:47:50 2007

Worked perfectly for me.
It would be nice if you supplied some instructions for rebuilding network-manager-pptp for Debian.

Add a comment
*Name
*Email (not shown)
Website
*Comment:
Anti-spam:

	* denotes required field

technovelty

weblog of Ian Wienand

Categories

Archives

Feedback

Network Manager, PPTP