VPN setup in Ubuntu – General introduction
VPN (Virtual Private Network) lets you establish a secure connection over the non-secure Internet, e.g. from a notebook to an office server.
Getting a VPN to work requires general knowledge on networks, and it may require some specific knowledge on routers, firewalls and VPN protocols.
In order to use VPN on Ubuntu, you need to make sure that support for the required VPN protocol is installed. Several VPN protocols exist:
PPTP (Microsoft VPN)
sudo apt-get install network-manager-pptp
Cisco VPN
sudo apt-get install network-manager-vpnc
OpenVPN
sudo apt-get install network-manager-openvpn
IPSec VPN
Not covered on this page, so far
Usage
- Click on the network-manager in the system tray
- Choose VPN Connections -> Configure VPN
- Click Add
- You might have to restart the network-manager to get the added VPN connection on the list (killall nm-applet; nm-applet &)
- Now the VPN connection should be shown in the network-manager
VPN setup in Kubuntu Feisty (7.04)
You have to install the additional package
network-manager-gnome
Please refer to WifiDocs/NetworkManager under VPN support for more information.
VPN setup using the command line
Run the following:
sudo apt-get install pptp-linux
Create file /etc/ppp/peers/YOUR_COMPANY with this content:
pty "pptp YOUR_VPN_GATEWAY --nolaunchpppd" debug nodetach logfd 2 noproxyarp ipparam YOUR_COMPANY remotename YOUR_COMPANY name YOUR_DOMAIN_OR_SERVER_NAME\\YOUR_VPN_LOGIN require-mppe-128 nobsdcomp nodeflate lock noauth refuse-eap refuse-chap refuse-mschap
Add to /etc/ppp/chap-secrets:
YOUR_DOMAIN_OR_SERVER_NAME\\YOUR_VPN_LOGIN * YOUR_VPN_PASSWORD *
Create file /etc/ppp/ip-up.d/add-subnet with content similar to:
[ "$PPP_IPPARAM" = "YOUR_COMPANY" ] || exit 0 route add -net 192.168.100.0/24 dev $PPP_IFACE
In the above line, adjust subnet values (192.168.100.0/24) if needed
Then run:
sudo chmod a+x /etc/ppp/ip-up.d/add-subnet
- Connect to VPN: sudo pon YOUR_COMPANY To disconnect, press Ctrl+C or close the terminal.
- If you do not want to see VPN connection debug output, in file /etc/ppp/peers/YOUR_COMPANY delete 3 lines: debug nodetach logfd 2
In this case, “pon YOUR_COMPANY” will run as a background process. Use “poff YOUR_COMPANY” to disconnect.
VPN setup in Ubuntu 8.10
I stole these instructions written by mgmiller from http://ubuntuforums.org/showpost.php?p=7089396&postcount=196. This is for connecting to a Microsoft VPN.
- You need to install 2 packages:
- network-manager-pptp
- pptp-linux
- input the IP address of the target computer.
- input your user name. Leave all else blank, unless you are tunneling to a domain, then enter the domain name where indicated.
- hit Advanced button.
- UNcheck PAP (because PAP means to allow unsecured passage - this is the source of "no shared shared secrets")
- Check CHAP, MSCHAP and MSCHAPv2.
- Check Use Point-to-point encryption (MPPE)
- Select 128-bit (most secure).
- Check Allow stateful encryption.
VPN setup in Ubuntu 9.04
I could not get any VPN working on 9.04. There appears to be some bugs in the configuration tools, you may be able to get things to work via the command line.
VPN setup in Ubuntu 9.10
The following instructions were originally written by sweisler at http://ubuntuforums.org/showpost.php?p=8261958&postcount=6. They have been additionally tested for PPTP to an MS VPN:
- Here's a synopsis of my VPN setups. I have proven this to work on both x86 and x64 for all 3 VPN types. Important note/disclaimer: I tested these configurations on VMware Workstation 7 VM's and a Dell Vostro 220. All installations were fresh installs, not upgrades. Also, please notice that I detail what type of firewall/VPN I am connecting to for each VPN type. There are so many variations on these VPN implementations that it is extremely difficult to generalize a known-good configuration for each.
- Install various VPN components
- PPTP
- pptp-linux
- network-manager-pptp
- vpnc
- network-manager-vpnc
c. OpenConnect- openconnect
- network-manager-openconnect
- PPTP
- Reboot
- PPTP VPN Configuration - This setup works for connecting to ISA 2004/2006 PPTP VPNs. It should work for connecting to MS PPTP VPN implementations in general. I can't speak for other PPTP VPN implementations.
- Create new PPTP connection
- VPN Tab Settings
- Set Connection name
- Set Gateway
- Set username (for domain-based user accounts, use domain\username)
- DO NOT SET PASSWORD
- DO NOT SET NT DOMAIN
- PPTP Advanced Options (Advanced button)
- uncheck all auth methods EXCEPT MSCHAPv2
- check "Use Point-to-Point encryption (MPPE)"
- leave Security set at "All Available (Default)"
- trying to force encryption level causes this option to become unset
- check "Allow stateful inspection"
- uncheck "Allow BSD Data Compression"
- uncheck "Allow Deflate Data Compression"
- uncheck "Use TCP Header Compression"
- uncheck "Send PPP Echo Packets" (although connection works either checked or unchecked)
- save configuration
- enter password in login box
- DO NOT check either password save box at this time
- once connection establishes, verify remote connectivity - ping, rdp, ssh, etc.
- disconnect VPN session
- enter password in login box
- check both password save option boxes
- once again verify remote connectivity
- disconnect VPN session
- VPN session should automatically connect using saved auth credentials
- Create new PPTP connection
- VPNC VPN Configuration - This setup works connecting to an ASA5510 - software version 8.2(1). I didn't have any other Cisco devices to test against.
- Create new VPNC connection
- set connection name
- set Gateway
- set Group Name
- set User Password to "Saved" and enter password
- set Group Password to "Saved" and enter password
- set username
- set domain (if applicable)
- leave Encryption Method at "Secure (Default)"
- set NAT traversal to "NAT-T"
- save configuration
- open VPNC connection
- if prompted, select "Always Allow" if you want connection to be automatic
- verify remote connectivity - ping, rdp, ssh, etc.
- disconnect VPN session
- open VPNC connection - session should automatically connect
- Create new VPNC connection
- OpenConnect VPN Configuration - This setup works connecting to an ASA5510 - software version 8.2(1). I didn't have any other Cisco devices to test against.
- Create new OpenConnect connection
- set connection name
- set Gateway
- set Authentication type to "Password/SecurID"
- no need to set username, OpenConnect won't store it yet
- save configuration
- open VPN connection
- check "Automatically start connecting next time"
- click Close
- you will get the "No Valid VPN Secrets" VPN failure message
- open VPN connection
- accept certificate (if prompted)
- change Group (if necessary)
- enter username (may need to be domain\username)
- enter password
- click Login
- if VPN connection fails, see note below
- verify remote connectivity - ping, rdp, ssh, etc.
- disconnect session
- open VPN connection
- enter password
- session should connect
Note: If you get the "Login Failed" message, cancel and wait 15-30 minutes before attempting to connect again. Also, I ended up having to use the NT style domain\username pair for authentication, even though a Cisco AnyConnect client connecting to the same ASA only requires username.More Detail: OpenConnect has been brutal to get connected. I got failed attempt after failed attempt. When I checked the NPS (IAS) log and the Security Event log on the W2K8 domain controller, I could see my user account authenticating properly via RADIUS from the ASA. Yet theOpenConnect client came back with a "Login Failed" message. I'm not an ASA expert, so I have no idea what to check in the ASA configuration to troubleshoot this problem, other than the basic AAA configuration. But I believe the problem lies in the ASA configuration because when I get theOpenConnect "Login Failed" message, the AnyConnect client from my Windows laptop fails as well. I think it may be a ridiculously short timeout or max failure setting. Whatever the issue is, I have to wait for some length of time (~15-30 minutes) for whatever the problem is to reset.However, once I finally get the OpenConnect client to successfully connect, it worked from then on. (Just don't mess with the connection configuration, or you will get to go thru this whole process again.)
VPN setup in Ubuntu 10.04
Ubuntu 10.04 comes preinstalled with VPN support.
This features is available under the networks connections tab.
列印本頁
旅遊資訊
今日搭乘豪華客機飛往歐洲大陸,帶您造訪這世界上唯一一個能讓您瘋狂迷戀的國度-法國。法國人的浪漫與追求個人生活主義的美名舉世皆知,而來到她的懷抱裡,只要您把心交給她,您將感受到莫名的溫柔、浪漫!就在航行的夜晚班機上,闔上您的雙眼,期待與她的相遇。
期待呀期待,我們終於抵達法國尼斯囉!
早餐後自行搭乘地鐵前往尼斯火車站(Nice Ville ),搭乘時速300公里的★TGV子彈列車前往普羅旺斯的首府─ 亞維儂(Avignon) ,抵達出站後自行前往旅館,安頓好行李便可展開歡樂的自主活動。下午您可逛逛這美麗的古城,教皇宮、聖母院、 和聖貝內澤橋都是不可錯過的景點喔。
早餐後自行前往火車站搭乘搭乘時速300公里的★TGV子彈列車回到巴黎;建議-回到巴黎,還等什麼?雙手空空,帶張信用卡,去香榭麗舍大道,去老佛爺百貨公司,去希佛利大街,去凡登廣場,去亞勒地下商場......。或者您可以像巴黎人一樣,靜靜的在蒙馬特山上喻有全世界最美麗的階梯俯瞰巴黎市區;探巴黎的都景,凝巴黎的思緒,望巴黎的天空,聞巴黎的香氣。因為巴黎真的太美了。
花都巴黎,我們都如此稱呼她。從羅馬人建設至今,已兩千多年的歷史,經年累月蘊積的文化、市容建設、市民素質,造就她成為時尚流行、文明、藝術、知識殿堂的代名詞,使巴黎「花都」之名當之無愧。今天帶著對梵谷的思念、對拿鐵咖啡的意猶未盡、對香榭大道的濃濃浪漫、對無數動人畫作的驚嘆,就讓我們在依依不捨中揮別這位浪漫的姑娘,但請記得--她還有祥和的綠地、美麗的酒鄉、薰衣草的普羅旺斯、蔚藍的海岸,她的懷抱這麼大,歡迎您再回來。因為這裡有吃不完的美食、飲不盡的美酒、看不完的古蹟與教堂、逛不累的街、聽不完的故事。今早整理行裝,帶著一袋袋的回憶及滿滿沉重的行李,自行前往機場搭機返回台北。
班機於今日抵達桃園機場,在家人親友歡迎簇擁下,結束此次歐洲之行。
單位:新台幣 / 元
訂購諮詢 412-8001 ( 手機請加02 ) 
