Skip to main content

Howto: VPN connection setup on ubuntu 9.10 karmic koala

I took this from http://ubuntuforums.org/showpost.php?p=8261958&postcount=6 

There are so many variations on these VPN implementations that it is extremely difficult to generalize a known-good configuration for each.

  • Install from the various VPN components

    1. PPTP (Microsoft VPN)

      • pptp-linux
      • network-manager-pptp
      b. VPNC (Cisco VPN)

      • vpnc
      • network-manager-vpnc
      c. OpenConnect 
      • openconnect
      • network-manager-openconnect




  • Reboot




  • PPTP VPN Configuration - This setup works for connecting to ISA 2004/2006 PPTP VPNs. It should work for connecting to MS PPTP VPN implementations in general. I can't speak for other PPTP VPN implementations.

    1. Create new PPTP connection

      • VPN Tab Settings
      • Set Connection name
      • Set Gateway
      • Set username (for domain-based user accounts, use domain\username)
      • DO NOT SET PASSWORD
      • DO NOT SET NT DOMAIN
      • PPTP Advanced Options (Advanced button)
      • uncheck all auth methods EXCEPT MSCHAPv2
      • check "Use Point-to-Point encryption (MPPE)"

        • leave Security set at "All Available (Default)"
        • trying to force encryption level causes this option to become unset
      • check "Allow stateful inspection"
      • uncheck "Allow BSD Data Compression"
      • uncheck "Allow Deflate Data Compression"
      • uncheck "Use TCP Header Compression"
      • uncheck "Send PPP Echo Packets" (although connection works either checked or unchecked)
      • save configuration
      b. Initial Connection attempt

      • enter password in login box
      • DO NOT check either password save box at this time
      • once connection establishes, verify remote connectivity - ping, rdp, ssh, etc.
      • disconnect VPN session
      c. 2nd connection attempt

      • enter password in login box
      • check both password save option boxes
      • once again verify remote connectivity
      • disconnect VPN session
      d. Subsequent connection attempts

      • VPN session should automatically connect using saved auth credentials




  • VPNC VPN Configuration - This setup works connecting to an ASA5510 - software version 8.2(1). I didn't have any other Cisco devices to test against.

    1. Create new VPNC connection

      • set connection name
      • set Gateway
      • set Group Name
      • set User Password to "Saved" and enter password
      • set Group Password to "Saved" and enter password
      • set username
      • set domain (if applicable)
      • leave Encryption Method at "Secure (Default)"
      • set NAT traversal to "NAT-T"
      • save configuration
      b. Initial Connection attempt

      • open VPNC connection
      • if prompted, select "Always Allow" if you want connection to be automatic
      • verify remote connectivity - ping, rdp, ssh, etc.
      • disconnect VPN session
      c. Subsequent connection attempts

      • open VPNC connection - session should automatically connect






  • OpenConnect VPN Configuration - This setup works connecting to an ASA5510 - software version 8.2(1). I didn't have any other Cisco devices to test against.


    1. Create new OpenConnect connection
      • set connection name
      • set Gateway
      • set Authentication type to "Password/SecurID"


      • no need to set username, OpenConnect won't store it yet
      • save configuration
      b. Initial connection attempt

      • open VPN connection
      • check "Automatically start connecting next time"
      • click Close
      • you will get the "No Valid VPN Secrets" VPN failure message
      c. 2nd connection attempt

      • open VPN connection
      • accept certificate (if prompted)
      • change Group (if necessary)
      • enter username (may need to be domain\username)
      • enter password
      • click Login
      • if VPN connection fails, see note below
      • verify remote connectivity - ping, rdp, ssh, etc.
      • disconnect session
      d. Subsequent connection attempts

      • open VPN connection
      • enter password
      • session should connect
    Note: If you get the "Login Failed" message, cancel and wait 15-30 minutes before attempting to connect again. Also, I ended up having to use the NT style domain\username pair for authentication, even though a Cisco AnyConnect client connecting to the same ASA only requires username.
    More Detail: OpenConnect has been brutal to get connected. I got failed attempt after failed attempt. When I checked the NPS (IAS) log and the Security Event log on the W2K8 domain controller, I could see my user account authenticating properly via RADIUS from the ASA. Yet the OpenConnect client came back with a "Login Failed" message. I'm not an ASA expert, so I have no idea what to check in the ASA configuration to troubleshoot this problem, other than the basic AAA configuration. But I believe the problem lies in the ASA configuration because when I get the OpenConnect "Login Failed" message, the AnyConnect client from my Windows laptop fails as well. I think it may be a ridiculously short timeout or max failure setting. Whatever the issue is, I have to wait for some length of time (~15-30 minutes) for whatever the problem is to reset.
    However, once I finally get the OpenConnect client to successfully connect, it worked from then on. (Just don't mess with the connection configuration, or you will get to go thru this whole process again.)
  • Comments

    AJ said…
    THANK YOU SIR!!! Wow...a few dozen posts and several tries, and yours worked flawlessly for my 9.10 install. Our company uses Win2k3 standard VPN setup, and this was the correct setup. I will be making lots of notes, and linking to your site.
    Cheers.

    Popular posts from this blog

    How to install Skype on Ubuntu 10.04 Lucid Lynx

    UPDATE: Skype has now been uploaded to the "partner" official Ubuntu 10.04 Lucid Lynx repository. See Install Skype in Ubuntu 10.04 Lucid Lynx from official partner repository Command Line way Get the package: For 32-bit $ wget http://www.skype.com/go/getskype-linux-beta-ubuntu-32 For 64-bit $ wget http://www.skype.com/go/getskype-linux-beta-ubuntu-64 You will need to install the following libraries. $ sudo apt-get install libqt4-dbus libqt4-network libqt4-xml libasound2 Now install skype(the file u just downloaded, may be named intrepid-ibex) $ sudo dpkg -i skype-XXXXXXXXXXXX.deb If you still get some dependency error then just type the command below $ sudo apt-get -f install this will install the dependencies and the skype. Non - Terminal Download the setup 32 -bit 64 -bit You will these packages: libqt4-dbus libqt4-network libqt4-xml . Goto Synaptic manager and install them. Now Launch the Skype install .deb file (just double click it) and follow the on screen prompts....

    gtalx: Howto Gtalk in ubuntu ( google talk )

    Did you fail to use " gtalk in ubuntu " ... Now you can chat and talk to your gmail buddies in ubuntu... 1. check for gtk2.0 and qt4 $ sudo apt-get install libgtk2.0-dev $ sudo apt-get install libqt4-dev libogg-dev libtheora-dev $ sudo apt-get install libsdl-dev libavcodec-dev libswscale-dev $ sudo apt-get install libexpat-dev libraw1394-dev libvorbis-dev $ sudo apt-get install libgsm1-dev  libspeexdsp-dev libmediastreamer0-dev libortp-dev 2. Remove 'pulse audio sound server' Open synaptic package manager and remove pulse audio 3. "Download gtalx" from here Dowload it here 4. Extract the file.... $ tar -zxvf 0.0.4.tar.gz 5. Get into the directory.... $ cd 0.0.4 and then... $ sudo chmod u+x make $ ./make $ sudo ./make install 6. Enjoy..... Please comment about your installation(whether it was a success or not....) Take gtalx from Applications > Internet > gtalx Enter your gmail login information..and click connect... ...

    How to install Skype on Ubuntu 9.10 Karmic Koala

    The two methods  below doesn't work now. Please see http://blog.dipinkrishna.info/2009/11/how-to-download-and-install-skype-for_3060.html for a successfull installation of skype on ubuntu. I have provided two methods. Please do comment which one is successful. Follow these steps to install skype in ubuntu 9.10 (64 bit).         First add:             deb http://packages.medibuntu.org/ karmic free non-free         to your source.list Now open a terminal and type: $ sudo wget http://www.medibuntu.org/sources.list.d/hardy.list -O /etc/apt/sources.list.d/medibuntu.list Then do an update: $ sudo apt-get update $ sudo apt-get --yes -q --allow-unauthenticated install medibuntu-keyring $ sudo apt-get -q update And finally install Skype. $ sudo apt-get install skype Ready ... now start skype with $ skype OR Download the setup 32 -bit 64 -bit Launch the Skype i...