the Internet Windows Android
Expand
the main

Configuring a VPN connection in Linux. Configuring a VPN connection in the Linux connection VPN on a separate interface in Ubuntu

Want to have a secure and protected Internet access from your smartphone or laptop when connecting to an unprotected network via WiFi hotel or cafe? Virtual private network (Virtual Private Network, VPN) allows you to use unprotected networks in such a way as if you worked on a private network. All your traffic in this case passes through the VPN server.

In combination using HTTPS connections, the settings described below will allow you to secure your private information, such as logins and passwords, as well as your purchases. Moreover, you can bypass regional restrictions and censorship, as well as hide your location and unencrypted HTTP traffic from an unprotected network.

You can connect a profile from a computer to the phone Android device To computer via USB and copying the file. You can also move the profile file using an SD card by copying the profile to the card and inserting the card in the Android device.

Run the OpenVPN application and click on the menu to import the profile.

Compound

To set the connection, click Connect.. You will be asked if you trust the OpenVPN app. Answer OK. To install the connection. To stop the connection, go to the OpenVPN application and select Disconnect..

Step 13. Testing VPN Connections

After everything is installed and configured, make sure everything works correctly. Without installing a connection with a VPN, open the browser and go to DnsleakTest.

This site will return the IP address assigned to you by your Internet provider. In order to check which DNS servers are used, click on Extended Test.

Now install the connection using your VPN client and update the page in the browser. The IP address given to you should be completely different. Now for all on the Internet you use this new IP address. Click Extended Test Once again to check your DNS settings and make sure that you are currently using your VPN server DNS.

Step 14. Reviewed by client certificates

From time to time, you may need to withdraw a client certificate to prevent access to the VPN & Server

To do this, go to your certification authority directory and enter commands:

  • cD ~ / OpenVPN-CA
  • source Vars.
  • ./revoke-full Client3.

The output of the operation of this command will end with error 23. This is normal. As a result of work, the CRL.PEM file will be created in the Keys directory with the information required for the certificate.

Move this file to the / etc / openvpn directory:

  • sudo CP ~ / OpenVPN-CA / KEYS / CRL.PEM / ETC / OpenVPN
  • sudo Nano /etc/OpenVPN/Server.conf.

Add the CRL-Verify string to the end of the file. The OpenVPN server will check the list of recalculated certificates each time someone establishes a connection to the server.

/etc/openvpn/server.conf.

CRL-VERIFY CRL.PEM

Save and close the file.

Restart OpenVPN to complete the certificate revocation process:

Now the client will not be able to connect to the OpenVPN server using an old certificate.

For recalling additional certificates, follow these steps:

    Generate a new list of recalculated certificates using the Source VARS command in the ~ / OpenVPN-CA directory and executes the Revoke-Full command with the customer name.

    Copy the new list of recalculated certificates to the / etc / openvpn directory overwriting the same old list.

    Restart the OpenVPN service.

This procedure can be used to revoke any certificate you have created.

Conclusion

Congratulations! Now you can safely go online, all your traffic is protected from censors and attackers.

For the configuration of additional clients, repeat steps 6 and 11-13 For each new device. To review the access of a client, use a step 14 .

IN recent versions Ubuntu, the ability to configure the VPN connection using the graphical interface. Consider the VPN setting.

We will need 2 packages. These are PPTP-Linux and Network-Manager-PPTP packets. You can download them by links:

Remember, packages need to download for your architecture (32- or 64-bit).

After downloading, install packages in the appropriate order. First put PPTP-Linux, later nETWORK-MANAGER-PPTP.

After installation nETWORK-MANAGER-PPTP We produce a reboot of the system.

After rebooting, we find the icon depicting two monitors in the upper right corner, and click on it with the left mouse button.

We find Puntk "Set up VPN ..." And click on it.

After that, another window will appear.

In a new window, specify the connection name and the address of the VPN server. In my case the name - "AIST",and the address of the server (Gateway) - server.avtograd.ru.

(Click on the picture to enlarge)

After the data is entered, go on tabs "Authentication", "COMPRESSION & ENCRYPTION" etc. and fill out the data. While without clicking the "Next" button.

As regards to me personally, I did not change anything on these tabs, and left everything as it is. What to change, and what is not, depends on your provider.

After all settings are made pressed "Further".

The next window appears.

Press the button "Apply". Setting the parameters of the VPN connection is completed.

Now connect to the Internet. Back with the left mouse button along the same icon with two monitors and select the connection you created. In my case it is "AIST".

In the window that appears, we enter our username and password to connect to the network and click "OK".

All is ready. You have a stable Internet connections \u003d).

The material is specially prepared for myubuntu.ru.

VPN Setup in Ubuntu.

I did not think to write this article, but as in Ubuntu 8.04, so normal and did not make Network Manager when working on a network with static IP addresses, all the same I will describe how I manually configure the connection to the VPN.

Setup using Network Manager "A

Whatever it was, but still describe the setting of the VPN with Network-Manager "a. This setting is quite suitable for those who have an automatic receipt of an IP address using DHCP in connection to the network.
1. Install the two packages you need:

Since these packets are not default on the disk with Ubunta, and the VPN often has to be configured by a car, which has no other access to the Internet, then we advise you in advance with these packages from the official repository. To do this, we go to the site http://packages.ubuntu.com/, there are two of these packages, we download them and in the future we set the car on the machine you need.
2. If the "VPN connection" appears in the Network Manager applet (VPN Connections) or it will not open, then you need to rebuild or even better - to reboot.
3. Press the left mouse button (on the right button is called another menu) on the Network Manager icon "A and in the drop-down menu select" VPN connections "-" Configure VPN ". Add a new connection and set all the options for this connection. .
4. After that, your connection must appear in the "VPN connection" menu, if it suddenly did not appear - rebuild or reboot (well, I can do, so much, still, raw this Network-Manager :().
5. Everyone can now connect to the DVN created you created (as well as disconnected by selecting the menu item in Network Manager "E).

Manual setting

Further, I describe the setting for your connection, your setting must differ in the data input, and may also differ in the parameters.
1. Install the package pPTP-Linux:

As I have already described above in the Installation section using Network-Manager "A, the VPN often has to be configured by a car that has no other Internet access, so I advise you in advance with this package from the official repository http://packages.ubuntu.com /.
2. Edit File options.pptp.:

nano /etc/ppp/options.pptp.



lock
Noauth.
nobsdcomp
Nodeflate.
Persist.

I will not describe each of the parameters, I will describe only some:
persist. - This parmeter is trying to open a connection when it closes;
nodeflate. - Do not use Deflate compression (although they say it works faster, I do not know - I have not checked).
Also, if you have encryption in the connection, add one of the rows, depending on the type of encryption - require-Mschap-v2, Require-MPPE-40, Require-MPPE-128, Require-MPPE.
3. Create a connection file / etc / ppp / peers / vpn (name vPN. You can replace any other, but if you replace, do not forget to change it further in this article)

nANO / ETC / PPP / Peers / VPN


Insert the following lines there:

maxFail 0.
LCP-ECHO-INTERVAL 60
LCP-ECHO-FAILURE 4
DefaultRoute.
Pty "pptp vpn.ava.net.ua --nolaunchpppd"
Name Sukochev
RemoteName PPTP.
+ Chap
File /etc/ppp/options.pptp.
IPParam VPN.

Attention!!! Be sure to replace the following options for your:
Instead vpn.ava.net.ua. Enter the address of your VPN server (you can use the IP server). Instead sukochev Insert your connection login.
I will describe some parameters:
maxFail 0. - always try to connect in the absence of communication;
lCP-ECHO-Interval - the time interval, after which, a remote side survey occurs;
lCP-ECHO-FAILURE - the number of not respondents remote side requests, after which the system believes that we are turned off;
defaultRoute. - Install the default route;
+ Chap - Type of authentication. In addition to + Chap can be used type + Pap.
file - to read additional settings due to this file.
You can also add if necessary, the following parameters:
deflate 15,15 - use deflate compression (in the Options.pptp file there should be no Nodeflate parameter);
mTU. - maximum size transmitted packet (change this parameter usually when the connection is often turned off or some sites do not open);
mRU - Maximum size of the received package.
4. Edit file / etc / ppp / chap-secrets (If the PAP authentication type is used, then / etc / ppp / pap-secrets, respectively)

nANO / ETC / PPP / CHAP-SECRETS


We insert a string there, like:

sukochev PPTP Password *

Attention!!! Replace sukochev on your login, and password. On your password for connecting.
5. If necessary, we are prescribed to the file / etc / network / interfaces Rosty needs. For example, I have routes spelled out so that when you enabled, I could use local local Network. Here is an example of my routes (those that start at Up Route), you will naturally differ from you:

aUTO ETH1.
IFACE ETH1 INET DHCP
Up Route Add -net 10.1.0.0 Netmask 255.255.0.0 GW 10.1.45.1 DeV ETH1
Up Route Add -net 10.3.0.0 NetMask 255.255.0.0 GW 10.1.45.1 DeV ETH1

Do not forget after changing the file / etc / network / interfaces restart network connections:

/etc/init.d/networking Restart.


6. Now you can turn on and disable VPN connection using the following commands:
Turning on

Shutdown

Automatic connected VPN when loading the system

To do this, edit the file / etc / network / interfaces

nano / etc / Network / Interfaces


And insert the following lines at the end of the fila:

aUTO PPP0.
IFACE PPP0 INET PPP
Provider VPN.
Pre-Up IP Link Set Eth1 Up
Up Route Del Default
Up Route Add Default DeV PPP0

Where eth1 - This is an interface network devicethrough which the VPN connection is connected, and vPN. - The name of the VPN connections you created in the / etc / ppp / peers / folder.

Sometimes you need to get remote access To the network of the enterprise, create a tunnel between servers or provide access to the Internet to a good neighbor which is disconnected from the network for debt A, maybe - just be able to access your network from any corner of the world where there is an Internet.

For these purposes, you can use virtual private networks (VIRTUAL Private Network - VPN). In our case, it will be the most common protocol in the CIS countries, namely POPTP (Point-to-Point Tunneling Protocol). Many Internet Cable Providers use it to provide access services.

Raise your server on Linux Ubuntu Server LTS is not so difficult. To do this, we need access to the Internet and real IP (if you need to connect from the Internet).

Go to the server using account root and install the necessary packages with the APT-Get Install PPTPD command. We will also be offered to install the BCrelay package, it allows you to duplicate the broadcast packets taken on the incoming interface to virtual (PPP client tunnels).

Click ENTER and our server is installed. We begin configuration. Open the nano /etc/pptpd.conf file and see the following lines at the bottom

#Localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
# OR
#Localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245

These are the settings of the IP addresses of customers. We unconsume the first two lines (delete the symbol #) and send them a little.

The Localip line 192.168.0.1 means that our VPN Server There will be IP 192.168.0.1. You can specify our IP in one of the directly connected networks. For example, I have in home network The server is the IP address - 172.30.2.1. In order not to load the server, I also used it to be unnecessary.

The second line - Remoteip 192.168.0.234-238,192.168.0.245 indicates the range of IP addresses that will be assigned to customers. As can be seen from these rows, the network address can be any (in the second group of strings). For convenience, we will choose it from the same range as the IP of our server.

I use houses such an IP issue logic: 1y - router, 2-19 - computers, 20-49 - static VPN (when connected the same address is issued), 50-100 - VPN clients, 101-199 - Wi-Fi Customers , 200-254 - for various devices (for example, IP router, TV, etc.). We specify this range of remoteip 172.30.2.50-100 and save the configuration.

We turn to the CD / ETS / PPP Catalog / here all PPTPD settings (server) and PPPD (client) are stored here.

Rename the PPTPD-OPTIONS file with the MV PPTPD-Options PPTPD-Options.bak command and create it on the new Nano PPTPD-Options. This is done in order to make it easier to insert several lines in new file.than to look for parameters among tens of rows with comments. Insert to this new file such contents:

name PPTPD.
Refuse-Pap
Refuse-chap
Refuse-mschap
Require-mschap-v2
# REQUIRE-MPPE-128
MS-DNS 172.30.2.1
NodeFaultRoute.
lock
nobsdcomp
auth
logfile /var/log/pptpd.log.

What does all of this mean? Let's in order:

  • Use PPTPD name to search for logins in CHAP-Secrets
  • When specifying this option, PPTPD will not agree to authenticate by the Refuse-Pap, Refuse-Chap, Refuse-Mschap protocol
  • Require authentication partner with MS-CHAPV2
  • Require the use of MPPE with 128-bit encryption Require-MPPE-128 i.e. encrypt all traffic. It increases the load on the server and not all "weak" devices support it ( Wi-Fi Routers etc.).
  • Suggest using a DNS server from IP 172.30.2.1
  • nodeFaultRoute - Do not install the default gateway from the server to the client, otherwise, the entire traffic will be sent through the connected client, the Internet will also turn off due to the route loss to the provider.
  • Lock - block sessions, i.e. From one login can only be connected
  • nobsDcomp - Do not compress traffic. When turned on, increases the load on our server
  • auth - require authorization (login and password)
  • logfile /var/log/pptpd.log - write logs to this file.

Save and close this configuration file.

Now you need to add users who will connect to our server. Open the Nano Chap-Secrets file (it is used to store PPP accounts).

To work correctly, you need to follow this format: the columns must be divided by at least one space or tab (Tab), it is not allowed to use spaces in the names (otherwise the space is considered as the next column), the login must begin with the letter. For example:

The first column is the user login, the second is the name of the service. In our case, it is PPTPD. Next - a user password, the last - IP address that will be issued. Moreover, if it is worth *, the IP address will be issued from the previously set range automatically. Also as IP, you can specify the address that may be outside the range.

Before using the server, you need to restart it. To do this, perform /etc/init.d/PPTPD Restart If there are no errors in the configuration, the server will be started.

rO [Email Protected]: / ETS / PPP # / sets/init.d/PPTPD Restart
Restarting PPTP:
Stopping PPTP: PPTPD.
Starting PPTP Daemon: PPTPD.

If you use) you need to add such lines to it:

# VPN - PPTPD
IPTABLES -A INPUT -P TCP -M TCP --DPORT 1723 -J Accept
IPTABLES -A INPUT -P GRE -M STATE --State Related, Established -J Accept

To provide Internet access VPN customers Through our server you need to add such a rule in iptables:

iPTABLES -T NAT -A POSTROUTING -O ETH1 -J MASQUERADE

Where ETH1 is the interface towards the Internet.

To check, you can create a VPN test connection with a disconnected encryption (optional) and using any specified login to connect to the server.

Frequent errors when connected

To create a PPTP client connection from Windows XP, perform the following items: Click "Start" - "Control Panel" - "Network and Internet Connections" - "Network Connections".


We click on the "Creating a New Connection" - it will start the "Wizard of New Connections".







Now enter the connection name. Here you can write anything, it will simply be the name of the connection, for example, we will write "PPTP" (by type of compound).



Maybe the following question "Use customized Internet connections?" (If you are already configured pPPOE connection), in it, click "Do not dial the number".



If such a message has not appeared, read further.

Now you will be asked to enter the server address, specify the IP of your server or its name.




In the window shown in the photo above, select "Properties". A window appears in which you select the Safety tab. We find in it item "Requires data encryption" and remove a tick. Otherwise, we will not be able to connect, Errors 741 or 742 will appear - "The required encryption type is not supported by the server."


After that, press the "OK" button, return to the previous window, enter the login, password and connect to our remote server over a secure VPN channel!

Setup using Network Manager "A

Whatever it was, but still describe the setting of the VPN with Network-Manager "a. This setting is quite suitable for those who have an automatic receipt of an IP address using DHCP in connection to the network.

1. Install the two packages you need:
# APT-Get Install PPTP-Linux Network-Manager-PPTP
Since these packets are not default on the disk with Ubunta, and the VPN often has to be configured by a car, which has no other access to the Internet, then we advise you in advance with these packages from the official repository. To do this, go to the site packages.ubuntu.com/, we are looking for two packages there, we download them and in the future we set the car on the machine you need.
2. If a "VPN connection" appears in the Network Manager applet (VPN Connections) or it will not be opened, then you need to rebuild or even better - to reboot.
3. Press the left mouse button (on the right button is called another menu) on the Network Manager icon "A and in the drop-down menu select" VPN connections "-" Configure VPN). Add a new connection and set all the options for this connection. .
4. After that, your connection must appear in the "VPN connection" menu, if it suddenly did not appear - rebuild or reboot (well, I can do, so much, still, raw this Network-Manager).
5. Everyone can now connect to the DVN created you created (as well as disconnected by selecting the menu item in Network Manager "E).

# APT-Get Install PPTP-Linux

As I have already described above in the Installation section using Network-Manager, "A, the VPN often has to be configured by a machine that has no other Internet access, so I advise you in advance with this package from the official Packages.ubuntu.com/ repository.

2. Edit the Options.pptp file:
#nano /etc/ppp/options.pptp.


Lock Noauth Nobsdcomp Nodeflate Persist

I will not describe each of the parameters, I will describe only some:
Persist - This parmeter is trying to open a connection when it closes;
Nodeflate - Do not use Deflate compression (although they say it works faster, I do not know - I have not checked).
Also, if you use encryption in the connection, add one of the rows, depending on the type of encryption - require-mschap-v2, Require-MPPE-40, REQUIRE-MPPE-128, Require-MPPE.

3. Create a connection file / etc / ppp / peers / vpn (VPN name can be replaced by any other, but if you replace, do not forget to change it further in this article)

#Nano / etc / PPP / PEERS / VPN

Insert the following lines there:
MaxFail 0 LCP-ECHO-Interval 60 LCP-ECHO-FAILURE 4 DEFAULTROUTE PTY "PPTP VPN.AVA.NE.UA --NOLAUNCHPPPD" NAME SUKOCHEV REMOTENAME PPTP + CHAP File /etc/ppp/options.pptp ipparam vpn

Attention!!! Be sure to replace the following options for your:
Instead of vpn.ava.net.ua, enter the address of your VPN server (you can use the IP server). Instead of Sukochev insert your connection login.
I will describe some parameters:
MaxFail 0 - always try to connect in the absence of communication;
LCP-ECHO-INTERVAL - time interval, after which, a remote side survey occurs;
LCP-ECHO-FAILURE - the number of not respondents of remote side requests, after which the system believes that we are turned off;
DefaultRoute - Install the default route;
+ CHAP - type of authentication. In addition to + CHAP, type + PAP can be used.
File - read Additional settings from a specified file.
You can also add if necessary, the following parameters:
Deflate 15,15 - Use Deflate Compression (in the options.pptp file there should be no NodeFlate parameter);
MTU - the maximum size of the transmitted package (change this parameter usually when the connection is often turned off or some sites do not open);
MRU - the maximum size of the received package.

4. Edit the / ETC / PPP / CHAP-SECRETS file (if the PAP authentication type is used, then / etc / ppp / pap-secrets, respectively)

#Nano / etc / ppp / chap-secrets

We insert a string there, type:

Sukochev PPTP Password *

Attention!!! Replace Sukochev on your username, and Password to your password for connecting.
5. If necessary, you are prescribed to file / etc / network / interfaces the necessary routes. For example, my routes are registered in order to enable the local local network when the VPN connection is enabled. Here is an example of my routes (those that start at Up Route), you will naturally differ from you:

AUTO ETH1 IFACE ETH1 INET DHCP UP ROUTE ADD -NET 10.1.0.0 NETMASK 255.255.0.0 GW 10.1.45.1 DeV ETH1 Up Route Add -net 10.3.0.0 Netmask 255.255.0.0 GW 10.1.45.1 DeV ETH1

Do not forget after changing the file / etc / network / interfaces restart network connections:

# / etc / init.d / Networking Restart

6. Now you can turn on and disable VPN connection using the following commands:
Turning on

Shutdown

Automatic connected VPN when loading the system

To do this, edit the file / etc / network / interfaces
#Nano / etc / Network / Interfaces

And insert the following lines at the end of the fila:
AUTO PPP0 IFACE PPP0 INET PPP PROVIDER VPN PRE-UP IP LINK SET ETH1 UP UP ROUTE DEL DEFAULT UP ROUTE ADD DEFAULT DEV PPP0

Where Eth1 is an interface of a network device through which the VPN connection is connected, and the VPN is the name of the VPN connection you created in the / etc / ppp / peers / folder.

Instruction

Check if the PPP protocol support exists in your kernel operating system. The easiest way to do, viewing the options for the config_ppp prefix in the current kernel configuration file. It is usually installed in the / boot directory and has a name starting with Config. Learn the name of this file using the command.
lS / BOOT.
or
lS / BOOT | Grep Conf.
Display the desired strings with the CAT command, exercising filtering using Grep. For example:
cat /Boot/config-2.6.30-std-def-alt15 | Grep PPP.
Analyze the strings containing the options config_ppp, config_ppp_async, config_ppp_sync_tty. If there is no symbol #, the support of the corresponding functional is available (with the values \u200b\u200bM - as an external module, at the values \u200b\u200bof Y - is included in the kernel).

Check if the client software is installed in the system to establish VPN connections. The required package usually carries a name starting with PPTP. Use APT-Cache with the Search option to search for the desired package in the available repositories and RPM with the -QA option in order to check if the package is installed. When working in a graphical environment, it may make sense to take advantage of programs such as Synaptic.

Implement the lack of installation software. Use suitable package managers (APT-GET, RPM in the console, Synaptic in the graphics environment, etc.). If the PPP package has been installed with the kernel modules to support the corresponding protocol, restart the computer.

Try to configure VPN using configuration scripts, such as PPTP-COMMAND or PPTPSetup. Often they are part of packages with client software to install VPN connections. To receive references by parameters command line Data utilities Use them to start with the --help option. For example:
pptsetup --help.
If the configuration scripts were not set, proceed to the next step for implementation manual setting VPN.

Create a Catalog / ETC / PPP, and in it - a file named CHAP-SECRETS. Open File B. text editor. Add a string to it:
Login Server Password *
Login and Password values \u200b\u200b- username and password. They should be provided by the provider of access to VPN. Instead of Server, specify an arbitrary connection name or *.

Create a directory / etc / ppp / peers. Create a file that has a name that coincides with the Server value from the previous step (or an arbitrary name, if the value is indicated *). Edit this file by adding information to it:
pTY "PPTP Server --nolaunchPPPD"
name Login.
iPParam Server
remoteName Server
lock
noauth.
nodeflate.
nobsdcomp
Login and Server values \u200b\u200bhere are the same as in step 5. On this, the VPN setting in Linux can be considered complete.

Did not find an answer to your question? Look at here
Extension to work with files in the web clientExtension to work with files in the web client
Error correctionFixing the error "Server refused access via POP3" when connecting Gmail mail!
1 does not start on windows 101 does not start on windows 10