Re: pptp-based vpn

To: debian-user@lists.debian.org
Subject: Re: pptp-based vpn
From: David Wright <deblis@lionunicorn.co.uk>
Date: Fri, 7 Aug 2015 23:48:43 -0500
Message-id: <[🔎] 20150808044843.GA17395@alum>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20150806005503.JWMQ8837.txofep01.suddenlink.net@localhost>
References: <[🔎] 20150806005503.JWMQ8837.txofep01.suddenlink.net@localhost>

Quoting martin McCormick (martin.m@suddenlink.net):
> David Wright <deblis@lionunicorn.co.uk> writes:
> > I think there's a fourth field missing there.
> 
> Correct! Please read on.
> 
> > 
> > Anyway, what I just did is: install pptp-linux (which pulls in ppp)
> > and typed:
> > # pptpsetup --create work --server ukvpn.ufreevpn.com --username 
> > ufreevpn.com --password free --encrypt --start
> 
> Thank you! Thanks to your answer, I was able to duplicate what
> you did.
> 
> 	This system does not run a GUI desktop. It has enough RAM
> but it runs a 600-MHZ Pentium and I suspect that gnome would be a
> little slow. I also remember reading that ppptpsetup was a GUI
> application so I just figured it wouldn't run, here.
> 
> 	I do have a gnome system but it runs rather hot so I only
> fire it up when needed and turn it off later as it makes a pretty
> good heater in Winter and an even better one in Summer.
> 
> 	I was going to run ppptpsetup there and see what it
> generated, but I then discovered that ppptpsetup is actually on
> this system that has no gnome so I just ran it from root and
> figured the worst thing that would happen would be a message
> about no X display but it ran, producing a message that it had
> succeeded and was using the same two DNS's your running of the
> script printed.
> 
> 	In less than a second, it configured everything and I
> appear to have a working VPN.
> 
> 	Many thanks. It looks like my chap-secrets file was
> totally wrong or at least it was missing that 4TH field where
> there is now a * but the new vpn file named "work" it created
> looks like I had gotten that part right.

I would be interested to know if I've missed any tricks, but I have
had to do the following after pptpsetup -create...

# ip route change default dev ppp0
so that all the traffic goes to ppp0 (instead of wlan0 as normally).

...and the following after pptpsetup --delete closes it down:

# ip route change default via 192.168.1.1 dev wlan0
# for j in "$(ip -o route | grep ppp0 | cut -d\  -f 1)" ; do ip route delete "$j" ; done
# for j in "$(ip -o route | grep 'via 192.168.1.1' | grep -v default | cut -d\  -f 1)" ; do ip route delete "$j" ; done

The other wrinkle I've found is that it's worth always running
# pptpsetup --delete foo
(ignoring any error message) before
# pptpsetup -create foo
because that makes sure that /etc/ppp/chap-secrets is clean with
respect to foo. It might not matter for VPNs where the password never
changes, but I think chap-secrets is scanned only as far as the first
match, so a stale password will hide the new one that pptpsetup -create
adds to the end of the file.

One other thing: it would be nice to be able to run get-iplayer
through the tunnel, but I haven't managed it. It gets connected
but no bytes are ever delivered to the local file.

Cheers,
David.

Reply to:

Follow-Ups:
- Re: pptp-based vpn
  - From: Lisi Reisz <lisi.reisz@gmail.com>

References:
- Re: pptp-based vpn
  - From: "martin McCormick" <martin.m@suddenlink.net>

Prev by Date: Re: Wheezy firmware netinstall CDs
Next by Date: After full-upgrade, `Meta' key not working within Emacs
Previous by thread: Re: pptp-based vpn
Next by thread: Re: pptp-based vpn
Index(es):
- Date
- Thread