Instructions

Check if PPP support exists in your operating system kernel. The easiest way to do this is by looking at the values ​​of the options with the CONFIG_PPP prefix in the current kernel configuration file. It is usually installed in the / boot directory and has a name starting with config. Find out the name of this file using the command
ls / boot
or
ls / boot | grep conf
Print the lines you want with cat, filtering with grep. For instance:
cat /boot/config-2.6.30-std-def-alt15 | grep PPP
Parse the lines containing the CONFIG_PPP, CONFIG_PPP_ASYNC, CONFIG_PPP_SYNC_TTY options. If there is no # symbol in front of them, the corresponding functionality is supported (for values ​​of m - in the form of an external module, for values ​​of y - it is included in the kernel).

Check if the client software for establishing VPN connections is installed on the system. The required package usually has a name starting with pptp. Use apt-cache with the search option to find the required package in the available repositories and rpm with the -qa option to check if the package is installed. When working in a graphical environment, it may make sense to use programs such as synaptic.

Install the missing software. Use the appropriate package managers (apt-get, rpm in the console, synaptic in the graphical environment, etc.). If you installed the ppp package with kernel modules to support the appropriate protocol, restart your computer.

Try configuring the VPN using configuration scripts such as pptp-command or pptpsetup. They are often included in VPN client software packages. For help on the command line parameters of these utilities, use their launch with the --help option. For instance:
pptpsetup --help
If no configuration scripts have been installed, proceed to the next step to manually configure the VPN.

Create a directory / etc / ppp with a file named chap-secrets. Open the file in a text editor. Add a line like this to it:
LOGIN SERVER PASSWORD *
The LOGIN and PASSWORD values ​​are username and password. They must be provided by your VPN service provider. Replace SERVER with an arbitrary connection name or *.

Create directory / etc / ppp / peers. Create a file in it that has the same name as the SERVER value from the previous step (or an arbitrary name if * was specified). Edit this file to add information like:
pty "pptp SERVER --nolaunchpppd"
name LOGIN
ipparam SERVER
remotename SERVER
lock
noauth
nodeflate
nobsdcomp
The LOGIN and SERVER values ​​here are the same as in step 5. This completes the VPN configuration on Linux.

A true virtual private network (VPN) is an encrypted, interconnected tunnel between two networks that connects two trusted points. It is not the web protocol HTTPS, which is considered trusted by all clients. Only those clients with special access keys can connect to the VPN.

VPNs have become very sprawling these days with the advent of virtual private networks that trust everyone and the proliferation of HTTPS. Many VPNs are commercial solutions with minimal configuration to provide remote employee access. But not everyone trusts these solutions. A private virtual network connects two networks into one, for example, an office network and an employee's home network. The VPN server is required so that the server and client can authenticate with each other.

Configuring server and client authentication requires a lot of work, and therefore commercial solutions with a minimum of settings fail in this regard. But it really isn't that hard to set up an OpenVPN server. You will need two nodes on different networks to set up a test environment, for example, you can use multiple virtual machines or real servers. As you already understood, this article will walk you through setting up OpenVPN in Ubuntu to create a full-fledged private virtual network.

Both machines must have OpenVPN installed, it is a fairly popular program, so you can install it from the official repositories. We also need Easy-RSA to work with private keys. To install software on Ubuntu use the following command:

sudo apt install openvpn easy-rsa

Both packages must be installed on both server and client. You will need them to configure the program. The first stage of the article, installing and configuring openvpn is complete.

Setting up a certification authority

The first thing to do is create the correct public key infrastructure on the server. We consider the server to be the machine to which users will connect. There are several advantages to having your own CA. You will have your own CA that makes it easy to distribute and manage keys. For example, you can revoke client certificates on a server. Also, now you do not need to store all client certificates, the certification authority will only need to know that the certificate is signed by a CA. In addition to a complex key system, you can use static keys if you only need to grant access to a few users.

Please note that all private keys must be kept in a safe place. In OpenVPN, a public key is called a certificate and has the .crt extension, and a private key is called a key, its extension is .key.

First, create a folder to store Easy-RSA certificates. In fact, OpenVPN configuration is done manually, so the folder can be placed anywhere:

sudo mkdir / etc / openvpn / easy-rsa

Then copy all the necessary easy-rsa scripts to this folder:

cd / etc / openvpn / easy-rsa /

sudo -i
# source ./vars
# ./clear-all
# ./build-ca

With the first command, we switch to the console on behalf of the superuser, with the second, load the environment variables from the. / Vars file. The. / Clear-all command creates the keys folder if it does not exist and clears its contents. And the last command will initialize our certification authority. Now all the necessary keys have appeared in the .keys folder:

Configuring client certificates

sudo cp -R / usr / share / easy-rsa / etc / openvpn /

Now we need to copy the certificate, the file with the .crt extension to the / etc / openvpn folder on all clients. For example, let's download this file for our client using scp:

sudo scp user @ host: /etc/openvpn/easy-rsa/keys/ca.crt / etc / openvpn / easy-rsa / keys

Only now you can create your own private key based on the CA certificate:

cd / etc / openvpn / easy-rsa /

sudo -i
# source ./vars
# build-req Sergiy

Please note that ca.crt must be in the keys folder, otherwise nothing will work. Now the utility will create a key, based on which you can connect to the OpenVPN server, but you still have to sign it on the server. Send the resulting .csr file to the server using the same scp:

scp /etc/openvpn/easy-rsa/keys/Sergiy.csr user @ host: ~ /

Then, on the server, in the / etc / openvpn / easy-rsa folder, you need to execute the certificate signing command:

./sign-req ~ / Sergiy

The signature of the certificate must be confirmed. Then the program will report that it has been signed and added to the database. The .crt file will appear in the folder with the csr certificate, which must be returned back to the client machine:

sudo scp user @ host: /home/Sergiy.crt / etc / openvpn / easy-rsa / keys

Only after that the server and client have all the necessary keys to connect and establish communication. There are still a few settings left. If you plan to use TLS encryption, then you need to create a Diffie-Huffman dataset on the server, for this use the command:

OpenVPN setup

Now setting up the OpenVPN server. By default, there is nothing in the OpenVPN config files folder. You need to create them yourself, depending on what you plan to configure, a server or a client. The required OpenVPN configuration file can be found at / usr / share / doc / openvpn / examples / sample-config-files /. First, let's create a config file for the server:

zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf

There are a few parameters you need to tweak here:

port and proto- port and protocol used by the program;

port 1194
proto udp

All created keys must be registered in the configuration file. Our keys are stored at / etc / openvpn / easy-rsa / keys:

cert /etc/openvpn/easy-rsa/keys/ca.crt
key /etc/openvpn/easy-rsa/keys/ca.key
dh /etc/openvpn/easy-rsa/keys/dh.pem

We configure the range of addresses for the virtual network, our server will be available on the first of them - 10.8.0.1:

server 10.8.0.0 255.255.255.0

After completing the configuration, save the changes to the file, you can either paste all this configuration yourself or edit the example file. Ready working server settings:

port 1194
proto udp
comp-lzo
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/ca.crt
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client.conf

You can create multiple client config files to connect to different servers. Open the configuration file and change the following parameters in it:

remote- this is your OpenVPN server address, the address and port must match those configured on the server, for example:

remote 194.67.215.125 1194

ca- the key that you received from the certification authority, we placed it in the / etc / openvpn / folder.

cert and key- these are the public and private keys of the client, with the help of which you will connect to the server. As you remember, we saved them in the / etc / openvpn / easy-rsa / keys / folder.

ca /etc/openvpn/easy-rsa/keys/ca.crt

The rest of the settings can be left as they are. Here is the complete configuration file that you can copy:

client
dev tun
proto udp
remote 194.67.215.125 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Sergiy.crt
key /etc/openvpn/easy-rsa/keys/Sergiy.key
tls-auth ta.key 1
comp-lzo
verb 3

Save the settings, the client is now ready to connect. Please note that the configuration files must match as much as possible, the absence of certain options in one of the files can lead to errors. This does not mean that the files will be identical, but the basic parameters of openvpn should be the same. You just need to run OpenVPN on this machine using this config file:

openvpn /etc/openvpn/client.conf

Done, now everything works, if you run ifconfig, you will see that the tun0 interface has been added:

You can also try to ping 10.8.0.1 addresses, this is the address we configured for our OpenVPN server, ping packets will be sent normally. If the packets are not coming, or something else is not working, pay attention to the output of both programs, there may be some errors or warnings, also make sure that the server's firewall allows external access via udp for port 1194. You can also start the server or the client, setting the level of detail in the config to a maximum of verb 9. Very often this helps to understand why something does not work. But you cannot route traffic through the tunnel yet. To do this, you need to enable forwarding and add some iptables rules. First, we allow the transit of packets on the server:

sysctl -w net.ipv4.ip_forward = 1

Then add rules like this. We allow everyone to connect to our server:

iptables -A INPUT -p udp --dport 1194 -j ACCEPT

We allow OpenVPN users to access the Internet:

iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT
# iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

conclusions

In this article, we looked at how to install and configure OpenVPN Ubuntu, as well as how to configure openvpn to work with key authentication. The organization of private virtual networks can be very useful not only in organizations, but also, say, for exchanging data between two of your computers or for increasing network security.

In the latest versions of ubuntu, it is possible to configure a VPN connection using a graphical interface. Consider setting up a VPN.

We need 2 packages. These are pptp-linux and network-manager-pptp packages. You can download them using the links:

Remember, you need to download packages for your architecture (32- or 64-bit).

After downloading, install the packages in the appropriate order. First, we put pptp-linux, Then network-manager-pptp.

After installation network-manager-pptp we reboot the system.

After rebooting, we find in the upper right corner the icon representing two monitors, and click on it with the left mouse button.

Find puntk "Configure VPN ..." and click on it.

After that, another window will appear.

In a new window, specify the connection name and the address of the vpn server. In my case, the name is "Aist", and the server address (gateway) is server.avtograd.ru

(Click on the picture to enlarge)

After the data is entered, go through the tabs "Authentication", Compression & Encryption etc. and fill in the data. Not yet clicking the "Next" button.

As for me personally, I did not change anything on these tabs, and left everything as it is. What to change and what not depends on your provider.

After all the settings are made, click "Further".

Another window appears.

Push the button Apply... Configuring VPN connection parameters is now complete.

Now we connect to the Internet. Left-click again on the same dual-monitor icon and select the connection you created. In my case it is "Aist".

In the window that appears, enter our username and password to connect to the network and click "OK".

Everything is ready. Stable internet connection =).

Material specially prepared for myubuntu.ru.

VPN setup on Ubuntu

I did not think to write this article, but since in Ubuntu 8.04, Network Manager was not done so normally when working on a network with static IP addresses, I will still describe how I manually configure my VPN connection.

Configuring with Network Manager "a

Whatever it was, but still describe the vpn setting using network-manager "a. This setting is quite suitable for those who use automatic obtaining of an IP address using DHCP in their connection to the network.
1. Install the two packages we need:

Since these packages are not on the ubuntu disk by default, and vpn often has to be configured on a machine that no longer has another Internet connection, I advise you to stock up on these packages from the official repository in advance. To do this, go to the site http://packages.ubuntu.com/, there we look for these two packages, download them and then install them on the machine we need.
2. If the "VPN Connections" item does not appear in the Network Manager applet or it will not open, then you need to re-login or even better - reboot.
3. Press the left mouse button (the right button brings up another menu) on the Network Manager icon "and in the drop-down menu select" VPN connections "-" Configure VPN ". Add a new connection and set all the necessary options for this connection ...
4. After that, your connection should appear in the "VPN connections" menu, if it suddenly did not appear - re-login or reboot (well, what can I do, so much, still, this crude network-manager :().
5. Everyone can now connect to the VPN connection you created (as well as disconnect by selecting the menu item in the Network Manager "e).

Manual setting

Further I describe the setting for my connection, your setting should differ in the input data, and may also differ in the input parameters.
1. Install the package pptp-linux:

As I described above in the installation section using network-manager "and, vpn often needs to be configured on a machine that no longer has another Internet connection, so I advise you to stock up on this package in advance from the official repository http://packages.ubuntu.com /.
2. Editing the file options.pptp:

nano /etc/ppp/options.pptp

lock
noauth
nobsdcomp
nodeflate
persist

I will not describe each of the parameters, I will describe only a few:
persist- this parameter tries to reopen the connection when it is closed;
nodeflate- do not use deflate compression (although they say it works faster with it, I don’t know - I haven’t tested it).
Also, if your connection uses encryption, then add one of the lines, depending on the type of encryption - require-mschap-v2, require-mppe-40, require-mppe-128, require-mppe.
3. Create a connection file / etc / ppp / peers / vpn(title vpn you can replace it with any other, but if you replace, do not forget to change it further in this article)

nano / etc / ppp / peers / vpn

We insert the following lines there:

maxfail 0
lcp-echo-interval 60
lcp-echo-failure 4
defaultroute
pty "pptp vpn.ava.net.ua --nolaunchpppd"
name sukochev
remotename PPTP
+ chap
file /etc/ppp/options.pptp
ipparam vpn

Attention!!! Be sure to replace the following options with yours:
Instead of vpn.ava.net.ua enter the address of your vpn server (you can use the IP of the server). Instead of sukochev insert your connection login.
I will describe some parameters:
maxfail 0- always try to connect if there is no connection;
lcp-echo-interval- the time interval after which the remote side is polled;
lcp-echo-failure- the number of unanswered requests from the remote side, after which the system considers that we have been disconnected;
defaultroute- set the default route;
+ chap- type of authentication. In addition to + chap, the type + pap.
file- read additional settings from the specified file.
You can also add the following parameters if needed:
deflate 15.15- use deflate compression (there should not be a nodeflate parameter in the options.pptp file);
mtu- the maximum size of the transmitted packet (this parameter is usually changed when the connection is often disconnected or some sites do not open);
mru- the maximum size of the received packet.
4. Editing the file / etc / ppp / chap-secrets(if the authentication type is PAP, then / etc / ppp / pap-secrets, respectively)

nano / etc / ppp / chap-secrets

We insert a line there, like:

sukochev PPTP password *

Attention!!! Replace sukochev to your username, and password to your password to connect.
5. If necessary, write to the file / etc / network / interfaces the necessary routes. For example, my routes are registered so that when the vpn connection is turned on, I can use the local local network. Here is an example of my routes (those that start with up route), they will naturally differ for you:

auto eth1
iface eth1 inet dhcp
up route add -net 10.1.0.0 netmask 255.255.0.0 gw 10.1.45.1 dev eth1
up route add -net 10.3.0.0 netmask 255.255.0.0 gw 10.1.45.1 dev eth1

Do not forget to restart network connections after changing the / etc / network / interfaces file:

/etc/init.d/networking restart

6. Now you can enable and disable VPN connection using the following commands:
Turning on

Shutdown

Automatic VPN connection at system boot

To do this, edit the file / etc / network / interfaces

nano / etc / network / interfaces

And insert the following lines at the end of the file:

auto ppp0
iface ppp0 inet ppp
provider vpn
pre-up ip link set eth1 up
up route del default
up route add default dev ppp0

Where eth1 is the interface of the network device through which the vpn connection is connected, and vpn- the name of the vpn connection that you created in the / etc / ppp / peers / folder.

If ($ answer_counter == 1):?> Endif; ?>

UPDATE... As for Sierra, macOS no longer supports PPTP vpn. This answer is not valid for macOS Sierra clients and others.

PPTP over PoPToP easy

1. apt-get install pptpd
2. edit /etc/pptpd.conf and set the remoteip parameter to a value on your network that is NOT served by your DHCP server.
3. edit / etc / ppp / chap-secrets and add username and password

For example.

Vpnuser pptpd vpnpassword *

That's all it takes to install pptp. Now test it with your OS X client.

Jay _silly_evarlast_ Wren

WARNING: PPTP IS AN INSECURE PROTOCOL! Not only has the encryption been breached, but it sends your authentication in clear text and is easily intercepted. It has been estimated that the amount of time required to brute-force the password is roughly equivalent to the time required to brute-force a single DES key. Consider using OpenVPN or another VPN architecture instead of PPTP!

Qasim

The other answers on this thread were only partial answers in my case. Here is what worked for me on Ubuntu 12.04.3

Sudo apt-get install pptpd

Add the following to /etc/pptpd.conf: (The IP address does not matter, these are only the IP addresses for your ppp0 interface.)

Localip 10.0.0.1 remoteip 10.0.0.100-200

Add DNS servers to / etc / ppp / pptpd-options

Ms-dns 8.8.8.8 ms-dns 8.8.4.4

Enable IP forwarding

sudo vim /etc/sysctl.conf

Uncomment this line

Sudo sysctl -p /etc/sysctl.conf

Modify / etc / ppp / chap-secrets add VPN user in this format:

# Secrets for authentication using CHAP # client server secret IP addresses username pptpd supersecretpassword *

Restart PPTP

Service pptpd restart

Run ifconfig and find your default interface, in my case it was br0(I changed it to allow VMs on my physical machine to share the interface. It will probably be en0)

Iptables backup

Iptables-save> ~ / iptables.save

Now make the changes to iptables use their default interface as shown by ifconfig.

From time to time, some active Internet users are faced with the need to organize a secure encrypted anonymous connection, often with the obligatory replacement of the IP address with a host of a certain country. A technology called VPN helps in the implementation of such a task. The user is only required to install all the necessary components on the PC and make the connection. After that, access to the network with the already changed network address will be available.

The developers of their own servers and VPN-connection programs provide services for the owners of computers running the Ubuntu distribution based on the Linux kernel. The installation does not take much time, and there are also a large number of free or cheap solutions on the network to accomplish the task. Today we would like to touch upon three working methods of organizing a private secure connection in the mentioned OS.

Method 1: Astrill

Astrill is one of the free GUI programs that installs on a PC and automatically replaces the network address with a random or user-specified one. The developers promise a choice of more than 113 servers, security and anonymity. The download and installation procedure is quite simple:

1. Go to Astrill's official website and select the Linux version.



2. Please select a suitable assembly. For owners of one of the latest versions of Ubuntu, the 64-bit DEB package is perfect. Once selected, click on "Download Astrll VPN".



3. Save the file to a convenient location or open it directly through the standard application for installing DEB packages.



4. Click on the button "Install".



5. Confirm the authenticity of the account with a password and await the completion of the procedure. For alternative options for adding DEB packages to Ubuntu, see our other article at the link below.



6. The program has now been added to your computer. It remains only to launch it by clicking on the corresponding icon in the menu.



7. During the download, you should have created a new account for yourself, in the Astrill window that opens, enter your data to log in.



8. Specify the optimal server for the connection. If you need to select a specific country, use the search bar.



9. This software can work with various tools that allow you to establish a VPN connection in Ubuntu. If you are unsure which option to choose, leave the default.



10. Start the server by moving the slider to the position "ON", and go to work in the browser.



11. Notice that there is now a new icon on the taskbar. Clicking on it opens the Astrill control menu. Here you can not only change the server, but also configure additional parameters.

The considered method will be the most optimal for novice users who have not yet figured out the intricacies of setting and working in "Terminal" operating system. For the purposes of this article, Astrill's solution has been presented as an example only. On the Internet, you can find many more similar programs that provide more stable and faster servers, but are often paid.

In addition, it should be noted the periodic workload of popular servers. We recommend reconnecting to other sources that are located as close as possible to your country. Then the ping will be less, and the speed of transferring and receiving files can significantly increase.

Method 2: System Tool

Ubuntu has built-in VPN connectivity. However, to do this, you still have to find one of the publicly available working servers, or buy space through any convenient web service that provides such services. The whole connection procedure looks like this:

1. Click on the button on the taskbar "Connection" and select the item "Settings".



2. Move to section "Net" using the menu on the left.



3. Find the VPN section and click on the plus button to proceed to creating a new connection.



4. If your service provider has provided you with a file, you can import the configuration through it. Otherwise, all data will have to be entered manually.



5. In chapter "Identification" all required fields are present. In field "Are common" — "Gateway" enter the provided IP address, and in "Additional"- received username and password.



6. In addition, there are additional parameters, but they should only be changed on the recommendation of the server owner.



7. In the picture below you can see examples of free servers that are freely available. Of course, they are often unstable, loaded or slow, but this is the best option for those who do not want to pay money for a VPN.



8. After creating a connection, all that remains is to activate it by moving the corresponding slider.



9. For authentication, you need to enter the password from the server in the window that appears.



10. You can also manage the secure connection through the taskbar by clicking on the corresponding icon with the left mouse button.

The method using a standard tool is good in that it does not require the user to install additional components, but you still have to find a free server. In addition, no one forbids you to create several connections and switch between them only at the right moment. If you are interested in this method, we advise you to take a closer look at paid solutions. They are often quite profitable, because for a small amount you will receive not only a stable server, but also technical support in case of various kinds of problems.

Method 3: Own server via OpenVPN

Some companies that provide encrypted connection services use OpenVPN technology and their clients install the appropriate software on their computer to successfully organize a secure tunnel. Nothing prevents you from creating a server yourself on one PC and configuring the client part on others to get the same result. Of course, the setup procedure is quite complicated and takes a long time, but in some cases it will be the best solution. We invite you to read the Ubuntu Server and Client Installation Guide by clicking on the following link.

You are now familiar with three options for using a VPN on an Ubuntu PC. Each option has its own advantages and disadvantages and will be optimal in some situations. We advise you to familiarize yourself with all of them, decide on the purpose of using such a tool and already proceed to following the instructions.