- Ubuntu Wiki
- PPTP (Microsoft VPN)
- Cisco VPN
- OpenVPN
- IPSec VPN
- Usage
- VPN setup in Kubuntu Feisty (7.04)
- VPN setup using the command line
- VPN setup in Ubuntu 8.10
- VPN setup in Ubuntu 9.04
- VPN setup in Ubuntu 9.10
- VPN setup in Ubuntu 10.04
- Настройка и использование OpenVPN на Ubuntu
- Подготовка Ubuntu
- Установка, настройка и запуск VPN-сервера
- Установка OpenVPN
- Создание сертификатов
Ubuntu Wiki
VPN (Virtual Private Network) lets you establish a secure connection over the non-secure Internet, e.g. from a notebook to an office server.
Getting a VPN to work requires general knowledge on networks, and it may require some specific knowledge on routers, firewalls and VPN protocols.
In order to use VPN on Ubuntu, you need to make sure that support for the required VPN protocol is installed. Several VPN protocols exist:
PPTP (Microsoft VPN)
sudo apt-get install network-manager-pptp
Cisco VPN
sudo apt-get install network-manager-vpnc
OpenVPN
sudo apt-get install network-manager-openvpn
IPSec VPN
Not covered on this page, so far
Usage
- Click on the network-manager in the system tray
- Choose VPN Connections -> Configure VPN
- Click Add
- You might have to restart the network-manager to get the added VPN connection on the list (killall nm-applet; nm-applet &)
- Now the VPN connection should be shown in the network-manager
VPN setup in Kubuntu Feisty (7.04)
You have to install the additional package
Please refer to WifiDocs/NetworkManager under VPN support for more information.
VPN setup using the command line
sudo apt-get install pptp-linux
Create file /etc/ppp/peers/YOUR_COMPANY with this content:
pty "pptp YOUR_VPN_GATEWAY --nolaunchpppd" debug nodetach logfd 2 noproxyarp ipparam YOUR_COMPANY remotename YOUR_COMPANY name YOUR_DOMAIN_OR_SERVER_NAME\\YOUR_VPN_LOGIN require-mppe-128 nobsdcomp nodeflate lock noauth refuse-eap refuse-chap refuse-mschap
YOUR_DOMAIN_OR_SERVER_NAME\\YOUR_VPN_LOGIN * YOUR_VPN_PASSWORD *
Create file /etc/ppp/ip-up.d/add-subnet with content similar to:
#!/bin/bash [ "$PPP_IPPARAM" = "YOUR_COMPANY" ] || exit 0 route add -net 192.168.100.0/24 dev $PPP_IFACE
In the above line, adjust subnet values (192.168.100.0/24) if needed
sudo chmod a+x /etc/ppp/ip-up.d/add-subnet
— Connect to VPN: sudo pon YOUR_COMPANY To disconnect, press Ctrl+C or close the terminal.
— If you do not want to see VPN connection debug output, in file /etc/ppp/peers/YOUR_COMPANY delete 3 lines: debug nodetach logfd 2
In this case, “pon YOUR_COMPANY” will run as a background process. Use “poff YOUR_COMPANY” to disconnect.
VPN setup in Ubuntu 8.10
- You need to install 2 packages:
- network-manager-pptp
- pptp-linux
- input the IP address of the target computer.
- input your user name. Leave all else blank, unless you are tunneling to a domain, then enter the domain name where indicated.
- hit Advanced button.
- UNcheck PAP (because PAP means to allow unsecured passage — this is the source of «no shared shared secrets»)
- Check CHAP, MSCHAP and MSCHAPv2.
- Check Use Point-to-point encryption (MPPE)
- Select 128-bit (most secure).
- Check Allow stateful encryption.
VPN setup in Ubuntu 9.04
I could not get any VPN working on 9.04. There appears to be some bugs in the configuration tools, you may be able to get things to work via the command line.
VPN setup in Ubuntu 9.10
- Here’s a synopsis of my VPN setups. I have proven this to work on both x86 and x64 for all 3 VPN types. Important note/disclaimer: I tested these configurations on VMware Workstation 7 VM’s and a Dell Vostro 220. All installations were fresh installs, not upgrades. Also, please notice that I detail what type of firewall/VPN I am connecting to for each VPN type. There are so many variations on these VPN implementations that it is extremely difficult to generalize a known-good configuration for each.
- Install various VPN components
- PPTP
- pptp-linux
- network-manager-pptp
- vpnc
- network-manager-vpnc
- openconnect
- network-manager-openconnect
- Create new PPTP connection
- VPN Tab Settings
- Set Connection name
- Set Gateway
- Set username (for domain-based user accounts, use domain\username)
- DO NOT SET PASSWORD
- DO NOT SET NT DOMAIN
- PPTP Advanced Options (Advanced button)
- uncheck all auth methods EXCEPT MSCHAPv2
- check «Use Point-to-Point encryption (MPPE)»
- leave Security set at «All Available (Default)»
- trying to force encryption level causes this option to become unset
- check «Allow stateful inspection»
- uncheck «Allow BSD Data Compression»
- uncheck «Allow Deflate Data Compression»
- uncheck «Use TCP Header Compression»
- uncheck «Send PPP Echo Packets» (although connection works either checked or unchecked)
- save configuration
b. Initial Connection attempt
- enter password in login box
- DO NOT check either password save box at this time
- once connection establishes, verify remote connectivity — ping, rdp, ssh, etc.
- disconnect VPN session
c. 2nd connection attempt
- enter password in login box
- check both password save option boxes
- once again verify remote connectivity
- disconnect VPN session
d. Subsequent connection attempts
- VPN session should automatically connect using saved auth credentials
- Create new VPNC connection
- set connection name
- set Gateway
- set Group Name
- set User Password to «Saved» and enter password
- set Group Password to «Saved» and enter password
- set username
- set domain (if applicable)
- leave Encryption Method at «Secure (Default)»
- set NAT traversal to «NAT-T»
- save configuration
b. Initial Connection attempt
- open VPNC connection
- if prompted, select «Always Allow» if you want connection to be automatic
- verify remote connectivity — ping, rdp, ssh, etc.
- disconnect VPN session
c. Subsequent connection attempts
- open VPNC connection — session should automatically connect
- Create new OpenConnect connection
- set connection name
- set Gateway
- set Authentication type to «Password/SecurID»
- no need to set username, OpenConnect won’t store it yet
- save configuration
b. Initial connection attempt
- open VPN connection
- check «Automatically start connecting next time»
- click Close
- you will get the «No Valid VPN Secrets» VPN failure message
c. 2nd connection attempt
- open VPN connection
- accept certificate (if prompted)
- change Group (if necessary)
- enter username (may need to be domain\username)
- enter password
- click Login
- if VPN connection fails, see note below
- verify remote connectivity — ping, rdp, ssh, etc.
- disconnect session
d. Subsequent connection attempts
- open VPN connection
- enter password
- session should connect
Note: If you get the «Login Failed» message, cancel and wait 15-30 minutes before attempting to connect again. Also, I ended up having to use the NT style domain\username pair for authentication, even though a Cisco AnyConnect client connecting to the same ASA only requires username.
More Detail: OpenConnect has been brutal to get connected. I got failed attempt after failed attempt. When I checked the NPS (IAS) log and the Security Event log on the W2K8 domain controller, I could see my user account authenticating properly via RADIUS from the ASA. Yet the OpenConnect client came back with a «Login Failed» message. I’m not an ASA expert, so I have no idea what to check in the ASA configuration to troubleshoot this problem, other than the basic AAA configuration. But I believe the problem lies in the ASA configuration because when I get the OpenConnect «Login Failed» message, the AnyConnect client from my Windows laptop fails as well. I think it may be a ridiculously short timeout or max failure setting. Whatever the issue is, I have to wait for some length of time (~15-30 minutes) for whatever the problem is to reset.
VPN setup in Ubuntu 10.04
Ubuntu 10.04 comes preinstalled with VPN support.
This features is available under the networks connections tab.
VPN (последним исправлял пользователь gwlabcg 2015-05-21 10:52:58)
Настройка и использование OpenVPN на Ubuntu
Обновлено: 05.03.2023 Опубликовано: 23.01.2019
Тематические термины: VPN, Ubuntu, OpenVPN. В инструкции рассмотрим процесс установки и настройки VPN сервера OpenVPN на Linux Ubuntu.
Подготовка Ubuntu
* в данном примере московское время. Если в нашей системе используется брандмауэр, открываем порт, на котором будет слушать OpenVPN:
* в данной инструкции предполагается, что мы настроим VPN-сервер на UDP-порту 443, однако, по-умолчанию, OpenVPN работает на порту 1194. Для сохранения правила используем iptables-persistent:
Установка, настройка и запуск VPN-сервера
Обязательные шаги для развертывания сервиса — установка программного обеспечения, генерация сертификатов, настройка OpenVPN. Рассмотрим эти процессы по шагам.
Установка OpenVPN
Создание сертификатов
export KEY_COUNTRY=»RU»
export KEY_PROVINCE=»Sankt-Petersburg»
export KEY_CITY=»Sankt-Petersburg»
export KEY_ORG=»DMOSK COMPANY»
export KEY_EMAIL=»master@dmosk.ru»
export KEY_CN=»DMOSK»
export KEY_OU=»DMOSK»
export KEY_NAME=»name-openvpn-server.dmosk.ru»
export KEY_ALTNAMES=»name-openvpn-server»* где KEY_CN и KEY_OU: рабочие подразделения (например, можно указать название отдела); KEY_NAME: адрес, по которому будет выполняться подключение (можно указать полное наименование сервера); KEY_ALTNAMES — альтернативный адрес. Следующие действия будут записеть от версии OpenVPN. Более новая позволяет создавать сертификаты на основе Easy RSA 3, старая работает на базе 2-й версии. Понять, какой вариант наш можно посмотрев на содержимое каталога easy-rsa:
Либо мы увидим в нем утилиту easyrsa (новая версия), либо набор утилит, начинающихся на build. Рассмотрим процесс формирования сертификата с использованием как RSA3, так и RSA2. а) Если используется новая версия (утилита easyrsa) 1. Инициализируем PKI:
* после вводим дважды пароль, который хотим использовать для ключа центра сертификации. На запрос «Common Name» можно просто нажать Enter:
* nopass можно упустить, если хотим повысить безопасность с помощью пароля на сертификат. На запрос «Common Name» можно просто нажать Enter:
