VPN access on Linux

This is a deprecated service and we would recommend using the Fortigate VPN service. This uses our 10G uplink improving performance and reliability. The PhysicsVPN uses the older 1G link and will be slower and less reliable.

All devices connecting to the Physics network this way MUST be running a supported OS and have all application and operating system updates applied, running a Firewall, running Antivirus Software - with uptodate virus definitions and running Spyware detection.
The terms and conditions specified in the Department of Physics Rules for Computer Use apply.

The instructions below are geared towards Ubuntu, although since it uses the standard nm-applet, there shouldn't be too much difference between the distros.

https://help.ubuntu.com/community/VPNClient#Using_NetworkManager

Linux General settings

  • Our vpn server is called vpn2.physics.ox.ac.uk
  • You will need to disable CHAP and EAP authentication methods while enabling MSCHAP and MSCHAP 2
  • You will need to enable point-to-point encryption

VPN settings for Ubuntu 18.04 and 20.04

On Ubuntu Trusty and newer, there is a PPA available. Run the following commands to add the PPA and install network-manager-sstp.

sudo apt-add-repository ppa:eivnaes/network-manager-sstp sudo apt update sudo apt install network-manager-sstp

A quick summary of the settings you need:

Gateway: vpn2.physics.ox.ac.uk User name: {your physics user name} NT Domain: PHYSICS CA Certificate: See the attachment on this page
In the advanced tab Uncheck PAP, CHAP and EAP Check MSCHAP, MSCHAPv2

Check Allow BSD data compression, Allow Deflate Data compression, Use TCP header Compression, Send PPP Echo Packets.

For best security, check Use Point-to-point encryption, Security All Available
You can also allow Stateful Encryption, though this seems to slow the connection down a little.

Step-by-step instructions:

1. Click on the power symbol ⏻, then the Settings Icon (depicting crossed tools on 18.04), and then Network.
Click on + on top right-hand side of the VPN panel.

vpn1.png

2. Click on "Point-to-Point Tunnelling Protocol (SSTP)"
(if it is missing, follow the PPA steps above)

vpn2.png

3. Fill in:
Name: Oxford Physics
Gateway: vpn2.physics.ox.ac.uk
User name: your physics login

Click on Advanced… button

vpn3.png

4. Authentication:

Only tick MSCHAP and MSCHAPv2
Untick others.

Click on OK button

vpn4.png

5. Click on Add button to save.

vpn5.png

6. Slide the VPN button to connect

You will be asked to enter your Physics password to connect.

vpn6.png

FileSize
Certificate chain for use with SSTP VPN on Ubuntu2.04 KB

Categories: Linux | Remote Access | VPN