A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle




Getting Ubuntu Linux to connect to a PPTP Cisco VPN 3000 Concentrator

Getting Ubuntu Linux to connect to a PPTP Cisco VPN 3000 Concentrator

        Setting up a connection to a PPTP VPN under Ubuntu 7.10 or Ubuntu 8.04 is normally pretty easy. I'm creating this quick notes page for folks that may encounter the same problems I did, especial connecting to a Cisco VPN 3000 Concentrator. In most cases all you have to do to get a PPTP VPN working in Ubuntu Linux is install the network-manager-pptp package and its dependences. After installing network-manager-pptp, either reboot or restart the Network Manager app with the following commands:

sudo /etc/dbus-1/event.d/25NetworkManager restart
sudo /etc/dbus-1/event.d/26NetworkManagerDispatcher restart

        Once the Network Manager app is restarted setting up a PPTP VPN connection is pretty straight forward and obvious:

However, you may get weird errors when you try to connect to certain odd PPTP VPNs like the Cisco 3000, and the connection will fail. The GUI error message may read:

VPN Connect Failure
Could not start the VPN connection 'Work VPN' due to a connection error.
VPN Connection failed

Not real helpful huh? If you look in your syslog and messages files you may get errors logged like the following:

adrian@hastor:~$ tail /var/log/syslog
Apr 7 19:23:29 hastor NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.ppp_starter' signaled state change 3 -> 5.
Apr 7 19:23:29 hastor pppd[5853]: Terminating on signal 15
Apr 7 19:23:29 hastor NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.ppp_starter' signaled state change 5 -> 6.
Apr 7 19:23:29 hastor pppd[5853]: Child process /usr/sbin/pptp 192.168.1.2 --nolaunchpppd (pid 5855) terminated with signal 15
Apr 7 19:23:29 hastor NetworkManager: <WARN> nm_vpn_service_stop_connection(): (VPN Service org.freedesktop.NetworkManager.ppp_starter): could not stop connection 'Work VPN' because service was 6.
Apr 7 19:23:29 hastor pppd[5853]: Modem hangup
Apr 7 19:23:29 hastor pppd[5853]: Connection terminated.
Apr 7 19:23:29 hastor pppd[5853]: Exit.
Apr 7 19:23:29 hastor NetworkManager: <debug> [1207610609.265758] nm_dbus_signal_filter(): NetworkManagerInfo triggered update of VPN connection 'Work VPN'
Apr 7 19:23:38 hastor kernel: [ 131.090874] ACPI: EC: non-query interrupt received, switching to interrupt mode
adrian@hastor:~$

adrian@hastor:~$ tail /var/log/messages
Apr 7 19:23:18 hastor pppd[5853]: pppd 2.4.4 started by root, uid 0
Apr 7 19:23:18 hastor pppd[5853]: Using interface ppp0
Apr 7 19:23:18 hastor pppd[5853]: Connect: ppp0 <--> /dev/pts/0
Apr 7 19:23:19 hastor pppd[5853]: nm-pppd-plugin: CHAP check hook.
Apr 7 19:23:29 hastor pppd[5853]: Terminating on signal 15
Apr 7 19:23:29 hastor pppd[5853]: Child process /usr/sbin/pptp 192.168.1.2 --nolaunchpppd (pid 5855) terminated with signal 15
Apr 7 19:23:29 hastor pppd[5853]: Modem hangup
Apr 7 19:23:29 hastor pppd[5853]: Connection terminated.
Apr 7 19:23:29 hastor pppd[5853]: Exit.
Apr 7 19:23:38 hastor kernel: [ 131.090874] ACPI: EC: non-query interrupt received, switching to interrupt mode
adrian@hastor:~$ 

        Luckily, my online buddy Papa Joe figured out the piece we were missing, you have to set the MRU (Maximum Receive Unit) to 1500 (it's under the PPP options tab when you create the connection). Also, it's a good idea to require MPPE for security reasons.





        After that was done, we had no problems connecting to a Cisco VPN 3000 Concentrator. Hope these notes help someone.

 

 

 

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast