VPN access on Linux

The instructions below are geared towards Ubuntu, although since it uses the standard nm-applet, there shouldn't be too much difference between the distros.

https://help.ubuntu.com/community/VPNClient#Using_NetworkManager

Linux General settings

  • Our vpn server is called vpn.physics.ox.ac.uk
  • You will need to disable CHAP and EAP authentication methods while enabling MSCHAP and MSCHAP 2
  • You will need to enable point-to-point encryption

Ubuntu 16.04 (Xenial)

Use the PPA described at https://github.com/enaess/network-manager-sstp (be sure that ppa:whoopie79/ppa is not installed-- install and use "ppa-purge" to remove it if necessary).

The content of /etc/NetworkManager/system-connections/PhysicsVPN that has been tested is:

[connection] id=PhysicsVPN uuid=42ce9e8d-09d3-4953-aa4c-d86365ef7be3 type=vpn autoconnect=false permissions=user:us:; secondaries=

[vpn] password-flags=2 require-mppe=yes user=yourusername refuse-eap=yes refuse-chap=yes gateway=vpn.physics.ox.ac.uk domain=PHYSICS refuse-pap=yes service-type=org.freedesktop.NetworkManager.sstp

[ipv4] dns-search= method=auto

[ipv6] addr-gen-mode=stable-privacy dns-search= method=auto

Ubuntu 14.04 (Trusty)

For some ISPs, the default timeouts and settings on the VPN are too short. When you create the VPN connection on Ubuntu 14.04, and call it for example "PhysicsVPN", a file will be created containing the configuration at the location /etc/NetworkManager/system-connections/PhysicsVPN. Make sure that the [vpn] section contains the following data, replacing yourusername with your physics user name.

[vpn] service-type=org.freedesktop.NetworkManager.pptp lcp-echo-interval=30 password-flags=3 require-mppe-128=yes require-mppe=yes mppe-stateful=yes user=yourusername refuse-eap=yes refuse-chap=yes lcp-echo-failure=5 gateway=vpn.physics.ox.ac.uk domain=PHYSICS refuse-mschap=yes refuse-pap=yes

My entire config file looks like this:

[connection] id=PhysicsVPN uuid=f86d70d0-49a0-4ecc-a446-87c36a6e52f7 type=vpn autoconnect=false timestamp=1424562204

[vpn] service-type=org.freedesktop.NetworkManager.pptp lcp-echo-interval=30 password-flags=3 require-mppe-128=yes require-mppe=yes mppe-stateful=yes user=brisbane refuse-eap=yes refuse-chap=yes lcp-echo-failure=5 gateway=vpn.physics.ox.ac.uk domain=PHYSICS refuse-mschap=yes refuse-pap=yes

[ipv4] method=auto

SSTP

Some ISPs block "GRE" which is required for the Ubuntu default, integrated protocol "PPTP". If this is the case for you, you can try the sstp client.

I have had a very mixed experience with this, it seems to work well then crashes. The latest version may be more stable:
http://sourceforge.net/projects/sstp-client/?source=typ_redirect

On Ubuntu trusty, there is a ppa available. Run the following commands to add the ppa and install network-manager-sstp.

echo -e "deb http://ppa.launchpad.net/whoopie79/trusty/ubuntu trusty main\ndeb-src http://ppa.launchpad.net/whoopie79/trusty/ubuntu trusty main" | sudo tee /etc/apt/sources.list.d/whoopsie79-trusty.list sudo /usr/bin/apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E1ECDBB2 sudo /usr/bin/apt-get update sudo apt-get install network-manager-sstp

The settings you need are:

Gateway: vpn.physics.ox.ac.uk User name: {your physics user name} NT Dmain: PHYSICS CA Certificate (None) Ignore Certificate Warnings is checked.

In the advanced tab Unckeck PAP, CHAP and EAP Check MSCHAP, MSCHAPv2 Check Allow BSD data compression, Allow Deflate Data compression, Use TCP header Compression, Send PPP Echo Packets. For best security, check Use Point-to-point encryption, Security All Available You can also allow Stateful Encryption, though this seems to slow the connection down a little.

I have a (posibly older) version I compiled available here for use on ubuntu precise:

http://pplxconfig2.physics.ox.ac.uk/mirror/ubuntu/oxford-local/sstp/

Categories: Linux | Remote Access | VPN