| View previous topic :: View next topic |
| Author |
Message |
g4m3cub3
n00b
Joined: 30 Sep 2006
Posts: 17
|
 Posted: Mon Feb 05, 2007 7:39 am Post subject: Connect To SecureIX VPN |
 |
|
| I've tried myself to go over docs and examples for connecting to VPNs but I can't seem to get it to work. SecureIX offers free ~1Mbit VPN service and I need to know how to connect to it using *nix, specifically Gentoo for the most part. So if anyone figures it out, please reply and let me and others know. |
|
| Back to top |
|
 |
jerkface
n00b
Joined: 19 Apr 2004
Posts: 65
Location: Tacoma, Wa
|
| Posted: Mon Feb 05, 2007 9:24 pm Post subject: |
|
|
I'm also trying to connect to SecureIX. I followed this howto up until the part about installing pptpconfig, but had to stop there because I don't have an ebuild for it.
http://pptpclient.sourceforge.net/howto-gentoo.phtml
_________________
Most Linux users don't know this, but the man pages are named after Chuck Norris. Chuck Norris fscking hates noobs! |
|
| Back to top |
|
|
g4m3cub3
n00b
Joined: 30 Sep 2006
Posts: 17
|
| Posted: Tue Feb 06, 2007 11:28 am Post subject: |
|
|
| Well, jerkface, I think I have the configs right now. I'm left with the issue of the MPPE encryption issue. For some reason I get 'Unrecognized option: require mppe-128'. That's not verbatim by the way, but the general idea of what was said. I have the kernel supprt in my kernel and built the ppp package with the mppc-mppe use flag. It must be a pain in the ass because Microsoft created it. I haven't tried manually patching the kernel yet as the tutorials say because I thought I didn't have to since there was supposed support already. I guess we'll find out? I'll let you know what happens. If you need me to post my configs for you I will. |
|
| Back to top |
|
|
jerkface
n00b
Joined: 19 Apr 2004
Posts: 65
Location: Tacoma, Wa
|
| Posted: Tue Feb 06, 2007 8:03 pm Post subject: |
|
|
I believe the kernel is already patched for gentoo-sources but not vanilla-sources. Here is a copy of my config and error message I posted at the secureix forums. | Quote: | Ok, here is my current configuration. It seems to work, but I get a modem hangup at 2.0 minutes. | Code: | | # pon secureix.com debug dump logfd 2 nodetach |
| Code: | local IP address 66.150.98.77
remote IP address 66.150.105.15
Script /etc/ppp/ip-up started (pid 9708)
Script /etc/ppp/ip-up finished (pid 9708), status = 0x1
Script pptp vpn.secureix.com --nolaunchpppd finished (pid 9694), status = 0x0
Modem hangup
Connect time 2.0 minutes.
Sent 1527121620 bytes, received 0 bytes.
Script /etc/ppp/ip-down started (pid 9779)
MPPE disabled
sent [LCP TermReq id=0x2 "MPPE disabled"]
Connection terminated.
Script /etc/ppp/ip-down finished (pid 9779), status = 0x1
|
chap-secrets | Code: | # Secrets for authentication using CHAP
# client server secret IP addresses
jerkface@secureix.com PPTP secretpassword *
|
peers/secureix.com | Code: | pty "pptp vpn.secureix.com --nolaunchpppd"
name jerkface@secureix.com
remotename PPTP
file /etc/ppp/options.pptp
ipparam secureix.com |
and options.pptp | Code: | lock
noauth
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
mppe required,stateless |
|
_________________
Most Linux users don't know this, but the man pages are named after Chuck Norris. Chuck Norris fscking hates noobs! |
|
| Back to top |
|
|
g4m3cub3
n00b
Joined: 30 Sep 2006
Posts: 17
|
| Posted: Wed Feb 07, 2007 10:28 am Post subject: |
|
|
Well, that MPPE is disabled might be the problem. I don't see why it is as long as you have the current config with the mppe required,stateless and kernel support. I can't even use the mppe required,stateless option or when I use pon it complains about it being an unrecognized option. Anyhow, I've gotten passed the require-mppe-128 option by not using the mppe-mppc use flag when emerging ppp. Now I get this...
| Code: |
rcvd [Compressed data] 95 a1 02 3d 84 05 f6 a3 ...
Discarded non-LCP packet when LCP not open
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa671d4cb> <pcomp> <accomp>]
rcvd [Compressed data] 95 a2 f0 74 36 3f 2e 32 ...
Discarded non-LCP packet when LCP not open
rcvd [Compressed data] 95 a3 ac 11 97 79 58 b7 ...
Discarded non-LCP packet when LCP not open
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa671d4cb> <pcomp> <accomp>]
rcvd [Compressed data] 95 a4 e7 43 25 ba 53 e3 ...
Discarded non-LCP packet when LCP not open
rcvd [Compressed data] 95 a5 bb df ba 5a fc 73 ...
Discarded non-LCP packet when LCP not open
rcvd [Compressed data] 95 a6 d5 82 65 aa de 52 ...
Discarded non-LCP packet when LCP not open
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa671d4cb> <pcomp> <accomp>]
rcvd [Compressed data] 95 a7 3a c8 31 a9 f2 fb ...
Discarded non-LCP packet when LCP not open
rcvd [Compressed data] 95 a8 44 e9 ba f7 f4 2a ...
Discarded non-LCP packet when LCP not open
Terminating on signal 2
Script pptp vpn.secureix.com --nolaunchpppd finished (pid 29236), status = 0x0
Modem hangup
Connection terminated.
|
|
|
| Back to top |
|
|
dolch
n00b
Joined: 06 May 2007
Posts: 2
|
| Posted: Sun May 06, 2007 10:12 pm Post subject: Connecting to SecureIX |
|
|
With my setup I redirect a local user's tcp traffic to a free SecureIX server. Here's a VERY quick explanation of how I did it.
Kernel:
Rebuild your kernel with the PPP modules (ppp_mppe, ppp_async, ppp_generic), advanced routing and iptables support (xt_MARK, iptable_mangle, etc)
Emerge:
Emerge the latest net-dialup/ppp, sys-apps/iproute2
Config:
Create the /etc/init.d/net.ppp0 symlink, and add the VPN config to /etc/conf.d/net.
| Code: | # VPN
config_ppp0=( "ppp" )
username_ppp0=('<username>@secureix.com')
password_ppp0=('<password>')
pppd_ppp0=(
"persist"
"nodefaultroute"
"lock"
"maxfail 1"
"require-mppe-128"
"silent"
)
link_ppp0=("pty \"pptp <secureix server> --nolaunchpppd\"")
|
You'll need your current default gateway x.x.x.1 (ip ro | grep default), and a SecureIX server address ( 66.150.105.18 ) Start up the
tunnel using:
| Code: | ip route add 66.150.105.18 via <gateway> dev eth0;
/etc/init.d/net.ppp0 start; |
Watch /var/log/messages to see if the ppp0 interface was started. If it worked and you got an ip setup the tunnel routing.
| Code: | Marked through the tunnel:
ip route add default via 66.150.105.18 dev ppp0 table 2;
ip ru add pref 20 fwmark 0x1 lookup 2;
ip ro fl cache;
OR
Everything through the tunnel (easy way):
ip route del default;
ip route add default via 66.150.105.18 dev ppp0;
ip ro fl cache; |
You'll need to turn on masquerading and turn off the reverse path filter for ppp0.
| Code: | iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE;
echo 0 > /proc/sys/net/ipv4/conf/ppp0/rp_filter; |
Finally I created a separate user account (local) and used iptables to mark all the traffic.
| Code: | | iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner local -j MARK --set-mark 1; |
At this point you should be able to test everything by going to a site like http://myip.dk to check your ip. Depending on what you're
using the tunnel for you could run into varying stability. I use mine for bittorrent and as long as I limit the upload/download speeds
the link will hold. I'm positive my method isn't perfect but it does work. |
|
| Back to top |
|
|
g4m3cub3
n00b
Joined: 30 Sep 2006
Posts: 17
|
| Posted: Fri May 18, 2007 5:25 pm Post subject: Thank you |
|
|
| I haven't tested it yet but thank you. It's been a long time since I posted and really appreciate your detailed help. |
|
| Back to top |
|
|
|
Networking & Security
