X10VPN Configuration with Linux using networkmanager

Discussion in 'VPN' started by garrettroyce, Jun 13, 2012.

  1. garrettroyce

    garrettroyce Generally Helpful Member Community Support

    Messages:
    4,082
    Likes Received:
    132
    Trophy Points:
    63
    Preface
    NetworkManager is an aptly-named tool for the GNOME desktop environment that allows users to manage network connections. It is automatically installed on most distributions that use GNOME.

    Distribution Notes
    [table]
    [tr]
    [td]Distribution[/td]
    [td]Notes[/td]
    [/tr]
    [/tr]
    [tr]
    [td]Fedora 16[/td]
    [td]No additional configuration required. Credit goes to SylvanOgre for the original thread here.[/td]
    [/tr]
    [tr]
    [td]Mageia 2[/td]
    [td]PPP is required, but Mageia's current PPP package does not support MPPE encryption. See https://bugs.mageia.org/show_bug.cgi?id=5741. Use your favorite package installer to install networkmanager-pptp and either restart or use modprobe to load ppp_mppe.[/td]
    [/tr]
    [tr]
    [td]Source[/td]
    [td]Required software:
    PPP ftp://ftp.samba.org/pub/ppp/
    PPTP Client http://sourceforge.net/projects/pptpclient/files/pptp/
    NetworkManager http://ftp.gnome.org/pub/GNOME/sources/NetworkManager/
    NetworkManager-pptp http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-pptp/
    [/td]
    [/tr]
    [/table]

    networkmanager Setup
    Use networkmanager to add a new VPN.

    Here are the settings you will need:

    General Settings:
    [table]
    [tr]
    [td]Connect Automatically[/td]
    [td]{Up to you. When networkmanager starts, the VPN will start as well}[/td]
    [/tr]
    [tr]
    [td]Available to All Users[/td]
    [td]{Up to you. If more than one person uses your computer and they should not have access to network resources, do not check this option. You must use your root password for this option}[/td]
    [/tr]
    [/table]

    IPv4 Settings:
    [table]
    [tr]
    [td]Method[/td]
    [td]Automatic (VPN)[/td]
    [/tr]
    [tr]
    [td]Addresses[/td]
    [td]{Leave blank}[/td]
    [/tr]
    [tr]
    [td]DNS Servers[/td]
    [td]{Leave blank}[/td]
    [/tr]
    [tr]
    [td]Search Domains[/td]
    [td]{Leave blank}[/td]
    [/tr]
    [tr]
    [td]Routes...[/td]
    [td]{Don't modify}[/td]
    [/tr]
    [/table]

    VPN Settings:
    [table]
    [tr]
    [td="colspan: 3"]Gateway[/td]
    [td]{currently server1.x10vpn.com; see https://x10vpn.com/howto for details}[/td]
    [/tr]
    [tr]
    [td="colspan: 3"]User Name[/td]
    [td]{same as your X10VPN login user name}[/td]
    [/tr]
    [tr]
    [td="colspan: 3"]Password[/td]
    [td]{same as your X10VPN login password}[/td]
    [/tr]
    [tr]
    [td="colspan: 3"]Password Saving[/td]
    [td]{Up to you. It must be either "Saved" or "Always Ask" because a password is required}[/td]
    [/tr]
    [tr]
    [td="colspan: 3"]Show Password[/td]
    [td]{Up to you. There's no confirmation password box, so it might be good to double check by viewing your password}[/td]
    [/tr]
    [tr]
    [td="colspan: 3"]NT Domain[/td]
    [td]{Up to you. Since you're not on Windows, domains aren't especially useful. If you're on a VPN with Windows users, set this to the same value as the Windows computers so they can access related features}[/td]
    [/tr]
    [tr]
    [td="colspan: 4"]Advanced...[/td]
    [/tr]
    [tr]
    [td][/td]
    [td="colspan: 2"]Allow the following authentication methods[/td]
    [td]{If the MS-CHAP protocol(s) are unchecked, they must be checked to use MPPE. All other protocols will be unused regardless of being selected. In the future, X10VPN may allow other protocols.}[/td]
    [/tr]
    [tr]
    [td][/td]
    [td="colspan: 2"]Use point-to-point encryption (MPPE)[/td]
    [td]{Check this currently. In the future, X10VPN may not require this}[/td]
    [/tr]
    [tr]
    [td][/td]
    [td][/td]
    [td]Security[/td]
    [td]{All Available or 128-bit; 128 is what is used anyway}[/td]
    [/tr]
    [tr]
    [td][/td]
    [td][/td]
    [td]Allow stateful encryption[/td]
    [td]{Check}[/td]
    [/tr]
    [tr]
    [td][/td]
    [td="colspan: 2"]Allow BSD encryption[/td]
    [td]{Check}[/td]
    [/tr]
    [tr]
    [td][/td]
    [td="colspan: 2"]Allow deflate compression option[/td]
    [td]{Check}[/td]
    [/tr]
    [tr]
    [td][/td]
    [td="colspan: 2"]Use TCP header compression[/td]
    [td]{Check}[/td]
    [/tr]
    [tr]
    [td][/td]
    [td="colspan: 2"]Send PPP echo packets[/td]
    [td]{Check}[/td]
    [/tr]
    [/table]

    Firewall Setup
    Finally, allow TCP port 1723 through your firewall. See this thread for details: http://x10hosting.com/forums/vpn/179832-troubleshooting-connection-issues.html

    Starting and Checking
    You may now enable your VPN by using networkmanager.

    An easy way to check if it is working correctly is to go to http://whatismyip.com and see if it reports an IP address identical to the one for your X10VPN account. From the terminal, you can run these tests:

    [root@hostname /]# ifconfig
    [table]
    [tr]
    [td]XXX#[/td]
    [td][/td]
    [/tr]
    [tr]
    [td][/td]
    [td]{This will vary based on your system configuration.
    There can be various eth#, wlan#, and ppp# interfaces here.
    Check with your system documentation}[/td]
    [/tr]
    [tr]
    [td]ppp0[/td]
    [td][/td]
    [/tr]
    [tr]
    [td][/td]
    [td]Link encap:point-to-Point Protocol
    inet addr:10.0.0.### P-t-P:10.0.0.1 Mask:255.255.255.255
    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
    RX packets:9737 errors:0 dropped:0 overruns:0 frame:0
    TX packets:8941 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:3
    RX bytes:8104718 (7.7 MiB) TX bytes:1350933 (1.2 MiB)[/td]
    [/tr]
    [/table]

    This is just an example from my system. It may look different on yours. The key is that there is a ppp# interface. Disabling all other VPN connections will make it easy to spot your X10VPN connection. Different distributions could name the interface something other than ppp, so check your distro's documentation.

    Another check is to make sure that your system is routing traffic through the VPN:

    [root@hostname /]#route -n
    Kernel IP routing table
    [table]
    [tr]
    [td]Destination[/td]
    [td]Gateway[/td]
    [td]Genmask[/td]
    [td]Flags[/td]
    [td]Metric[/td]
    [td]Ref[/td]
    [td]Use[/td]
    [td]Iface[/td]
    [/tr]
    [tr]
    [td]0.0.0.0[/td]
    [td]0.0.0.0[/td]
    [td]0.0.0.0[/td]
    [td]U[/td]
    [td]0[/td]
    [td]0[/td]
    [td]0[/td]
    [td]ppp0[/td]
    [/tr]
    [tr]
    [td]10.0.0.1[/td]
    [td]0.0.0.0[/td]
    [td]255.255.255.255[/td]
    [td]UH[/td]
    [td]0[/td]
    [td]0[/td]
    [td]0[/td]
    [td]ppp0[/td]
    [/tr]
    [/table]

    There will be some other routes for other interfaces, but as long as you have these, you're in good shape. Basically, the first entry routes all connections to all IP addresses through the interface ppp0. The next entry overwrites the first, but only for the IP address 10.0.0.1, which is X10VPN's server. It also has the "H" flag, meaning that 10.0.0.1 is a host.

    *Warning* if there are other entries (which there will be) they will route traffic so that it will NOT go trough the VPN if the interface is not ppp#. This is good for entries like 192.168.*.*, 10.*.*.*, and for the IP address your ISP gives to you. If you see another "Genmask" of 0.0.0.0, that may mean your traffic is not routed through the VPN! A "Genmask" should be 255.###.###.### for a "Destination" of 10.###.###.### or 255.255.###.### for 192.168.###.### and it should be 255.255.255.255 for any other "Destination". There may be multiple host "H" flags and some "G" flags as well; they're all fine.

    TLDR; make sure all IP addresses are routed through ppp0 or else your traffic will not go through your VPN.

    Troubleshooting
    The networkmanager GUI should pop up any errors it encounters. You can also do a quick
    [root@hostname /]# tail /var/log/syslog
    or
    [root@hostname /]# dmesg | tail
    or etc. and see if anything is mentioned.

    Authentication failed {or something like that} message:
    Make sure that your version of PPP supports MPPE. It's not obvious whether it does or not without an lsmod:

    [root@hostname /]# lsmod | grep ppp
    [table]
    [tr]
    [td]ppp_mppe[/td]
    [td]13035[/td]
    [td]2[/td]
    [td][/td]
    [/tr]
    [tr]
    [td]ppp_async[/td]
    [td]17413[/td]
    [td]1[/td]
    [td][/td]
    [/tr]
    [tr]
    [td]crc_ccitt[/td]
    [td]12667[/td]
    [td]1[/td]
    [td]ppp_async[/td]
    [/tr]
    [tr]
    [td]ppp_generic[/td]
    [td]33064[/td]
    [td]6[/td]
    [td]ppp_async,ppp_mppe[/td]
    [/tr]
    [tr]
    [td]slhc[/td]
    [td]13465[/td]
    [td]1[/td]
    [td]ppp_generic[/td]
    [/tr]
    [/table]

    That's my output. Yours may differ, just make sure ppp_mpe is somewhere in the leftmost column.

    Cannot find host {or something like that} message:
    This message will come from a browser or any program that uses the internet. Check your firewall settings. Port 1723 TCP must be open.

    Final Thoughts
    Keep in mind that X10VPN (at this time) is in beta.

    I've tried to be as verbose as possible here, but if you reply with a question, I will try my best.

    TODO: Alternatives to networkmanager
     
    Last edited: Jun 21, 2012
    • Like Like x 1

Share This Page