# VPN out of the box... someday, sometime?

## cobnet

Hi,

I managed to get (Microsoft) VPN working on my gentoo box (don't know if "microsoft vpn" is the correct term to use), but I don't think I could do it right away again  :Sad: .

This caused me problems on other circumstances too, like going on the internet with GameCD's like Unreal Tournament and America's Army (for AA, you seem to actually need the internet before being able to play)   :Crying or Very sad:  .

Here, at our university (of Ghent, Belgium), some of the students need a (microsoft) vpn to have an internet connection, we don't have any other option  :Sad: . As I never saw any Linux distribution to have such an internet connection out of the box, it could be good to promote Gentoo here  :Wink: .

So my question is: will Gentoo include software for a (Microsoft) vpn connection out of the box (on the LiveCD) when Gentoo reaches version 1.4 (and to include it on future versions of GameCDs)?

I sure hope so B-)

Regards,

cobnet

BTW Our university tries to help us with the following information: http://www.ugent.be/nl/personeel/dienstfacil/informaticadiensten/aansluiten/dialvpn/vpn/vpn-Linux-installatie.html (in Dutch). I never made it in 1 run to the end  :Sad: 

----------

## steveb

hmmm... dutch? with my german knowledge, reading dutch is not easy, but i can somehow understand it (not everything, but it is very technical and therefore it is not such a big thing).

anyway... it looks like the only thing you need is the PPTP Client and a linux kernel and of course some configuration.

so i think it is no big deal to write an ebuild for the PPTP Client. i could do it, but since you need it, i think it is the best if you start to read the Ebuild HOWTO and start to write a ebuild for it.

and if you post your result (no matter how far you are and no matter if it is working 100% or not) in this forum and ask your open questions, i think any one will help you as much they can.

what do you think?

cheers

SteveB

----------

## El_Presidente_Pufferfish

I wish you great luck

I gave up trying to set up a cisco vpn client so i could get on the internet at my school

----------

## raid517

I also am affected by this problem. The only way I can connect is though PPPT VPN. Is there likely to be any progess on this? If so when and how can it be done?

https://forums.gentoo.org/viewtopic.php?t=56102&highlight=vpn

----------

## cobnet

 *steveb wrote:*   

> 
> 
> so i think it is no big deal to write an ebuild for the PPTP Client. i could do it, but since you need it, i think it is the best if you start to read the Ebuild HOWTO and start to write a ebuild for it. 

 

I really love open source, but then it's more from the "end user point of view"  :Wink: . I might give it a try, but that will be when I have more time and a little bit more knowledge too I think  :Sad: ...

 *El_Presidente_Pufferfish wrote:*   

> I wish you great luck
> 
> I gave up trying to set up a cisco vpn client so i could get on the internet at my school

 

I think lots of people are suffering from "need-to-have-a-working-vpn-client-out-of-the-box", it would be great to have good support for this. Because, to actually install Gentoo, I needed a friends computer to play router for me, as the LiveCD didn't include a vpn client.

It's not that I need this right here, right now (otherwise you'd probably say "so f*ckin' do it yourself"), it would be just great to have  :Very Happy: 

Is it possible to set up a poll or sth for this? To see if other people are also interested in this kinda support?

----------

## raid517

Well unfortunately I do need it right now. It is the ONLY way I would be able to set up Gentoo. Indeed Gentoo is the reason I got DSL. You can imagine my frustration then to realise that even after paying £250 and singing up with a DSL provider, when I find out I still can't use Gentoo. I don't think anyone can doubt my commitment to Gentoo though, not a lot of people would go to the lengths I have gone just to try it. As for someone telling me to "go do it my fkn' self", that's not on the cards I'm afraid. I am simply a Linux end user (a new breed perhaps?) I don't think I have ever written a line of code in my life. In my various dabblings with Gentoo, I would say that I found the overall process fairly easy, providing you followed instructions. But that is all I have done, which is follow the instructions - and on the whole this has largely suited me. Of course there is the satisfaction of learning how to do new things and a sense of achievement at having gone though a long process and having finally suceeded in something you may never have thought possible, but the real heros (at least to my eyes) are still the coders). And I guess that's what I need now, I need someone to be a hero and help me to get this working. 

All I can do is live in hope...

Q

----------

## bernd

 *cobnet wrote:*   

> Hi,
> 
> I managed to get (Microsoft) VPN working on my gentoo box (don't know if "microsoft vpn" is the correct term to use), but I don't think I could do it right away again .
> 
> This caused me problems on other circumstances too, like going on the internet with GameCD's like Unreal Tournament and America's Army (for AA, you seem to actually need the internet before being able to play)   .
> ...

 

Hi!!

I had the same problem on my University (Bonn, Germany).

I used Knoppix3.1 for my Installation of Gentoo because the 

LiveCD(1.4rc4)-Kernel has no ip_gre modul which i can load. With Knoppix it was no Problem to establish a VPN-Connection.

Maybe you can try it the next time you want to install gentoo.

Oh, maybe it is important?? Knoppix has no mppe support. So it is the best way to disable it in your connection script (if you have one) or in pptp.options.

If you really need these "feature". Sorry Knoppix will not help you.

Greetings,

Bernd

----------

## raid517

Hi, if you don't mind me saying so, that is a bit of a brain wave!  :Smile:  If I put a slight twist on it, could you advise me as to the exact process involved if for example I have two CD rom drives and I use the first to load Knoppix and the second to hold the Gentoo live CD? What is the script I use to begin the installation process?

Q

PS

Having said that, it still sucks that Gentoo, which is almost wholly a network based ditribution has only limited support for certain kinds of networking. It simply makes no sense.

----------

## bernd

 *raid517 wrote:*   

> Hi, if you don't mind me saying so, that is a bit of a brain wave!  If I put a slight twist on it, could you advise me as to the exact process involved if for example I have two CD rom drives and I use the first to load Knoppix and the second to hold the Gentoo live CD? What is the script I use to begin the installation process?
> 
> Q
> 
> PS
> ...

 

These helped me a lot 

https://forums.gentoo.org/viewtopic.php?t=39998&highlight=knoppix+installation

For the kernel:

CONFIG_PPP=y

CONFIG_PPP_MULTILINK=y

CONFIG_PPP_ASYNC=y

CONFIG_PPP_SYNC_TTY=y

# CONFIG_PPP_DEFLATE is not set

# CONFIG_PPP_BSDCOMP is not set

# CONFIG_PPPOE is not set

and you need also ip_gre as module!!!

After that(important before you boot your new system at Nr. 16 of the Installation-Instructions):

emerge ppp

emerge pptpclient

and here is the script (as you can see, for me mppe is deactivated) 

-->edited 15.07.2003: Since Kernel 2.4.21 it is not longer necessary to disable mppe. Just uncomment the lines

```

#!/bin/bash

#################################################################

### VPN StudNet Linux generic startup script by T. Szczepanek ###

#################################################################

################################################################

### change this to your username and password and VPN target ###

################################################################

USERNAME="XXXX"

NETPASSWORD="XXXX"

VPN_TARGET_ADDRESS="vpn.xxx.xxxx.de"

VERSION="V0.05a"

### CHANGES

### Changes V0.05a to V0.05

# added a chmod 600 to /tmp/chap-secrets.new

### Changes V0.05 to V0.04

# forced loading of ip_gre Module

### Changes V0.04 to V0.03

# added recognition for isdn ippp+ devices

### Changes V0.03 to V0.02

# fixed a small bug concerning default route (esp. Suse 8.0)

### Changes V0.02a to V0.02

# fixed a small bug

### Changes V0.02 to V0.01

# minor modification to a echo in status function

### V0.01 initial release

###########################################################

### Please report bugs/problems to XXXXXXXXXXXXXXXXXXXXXX ###

###########################################################

OPTIONS_FILE="/etc/ppp/options.studnet-vpn"

echo "VPN StudNet Linux generic startup script $VERSION"

### checking existence of route

ROUTE=`which route`

if test -z $ROUTE ; then

  ROUTE="/sbin/route"

  if ! test -f $ROUTE ; then

    echo Cannot find program route. Bailing out

    exit 1

  fi

fi 

### checking existence of pptp

PPTP_BIN=`which pptp`

if test -z $PPTP_BIN; then

  PPTP_BIN="/usr/local/sbin/pptp"

  if ! test -f $PPTP_BIN ; then

    echo Cannot find pptp VPN client program. Please install pptp!

    exit 1

  fi

fi

### checking existence of ppp

PPP_BIN=`which pppd`

if test -z $PPP_BIN; then

  PPP_BIN="/usr/sbin/pppd"

  if ! test -f $PPP_BIN ; then

    echo Cannot find pppd. Please install ppp!

    exit 1

  fi

fi

echo "### StudNet VPN

name $USERNAME

remotename $USERNAME

lock

noauth

nodeflate

nobsdcomp

#mppe-40

#mppe-128

#mppe-stateless

mtu 1490

mru 1490

lcp-echo-failure 5

lcp-echo-interval 120

idle 86400

defaultroute

" > $OPTIONS_FILE

case "$1" in

  start)

    /sbin/modprobe ip_gre

    VPN_STATUS=`$0 status|grep "Cannot find any"`

    if test -z "$VPN_STATUS" ; then

      echo There is already a VPN connection running

      exit 1

    fi

    ### Creating chap-secrets file with correct permissions

    touch /tmp/chap-secrets

    chmod 600 /tmp/chap-secrets

    touch /tmp/chap-secrets.new

    chmod 600 /tmp/chap-secrets.new

    cat /etc/ppp/chap-secrets |grep -v "$USERNAME " > /tmp/chap-secrets.new

    echo "$USERNAME * $NETPASSWORD *" >> /tmp/chap-secrets.new

    cp /tmp/chap-secrets.new /etc/ppp/chap-secrets

    chmod 600 /etc/ppp/chap-secrets

    ### getting gateway and nameservers

    GATEWAY=`${ROUTE} -n |grep UG|tail -1|awk ' { print $2}'`

    

    if test -z "$GATEWAY" ; then

      echo Cannot find any default gateway!

      exit 1

    fi 

    echo Found Gateway $GATEWAY

    echo $GATEWAY > /etc/ppp/vpn-gateway.backup

    NAMESERVERS=`cat /etc/resolv.conf|grep nameserver|sed "s/nameserver //g"|grep -v "#"`

    echo Found nameservers: $NAMESERVERS

    if test -z "$NAMESERVERS" ; then

      echo Cannot find any nameservers in /etc/resolv.conf

      echo Please make sure that /etc/resolv.conf is set up correctly

      exit 1

    fi

    ### set routing tables if they do not exist right now

    INTERNAL_NET_ROUTE=`${ROUTE} -n|grep 192.168.0.0|grep $GATEWAY|grep 255.255.0.0`

    if test -z "$INTERNAL_NET_ROUTE" ; then

      ${ROUTE} add -net 192.168.0.0 netmask 255.255.0.0 gw $GATEWAY

    fi

    for NAMESERVER in $NAMESERVERS; do

      NAMESERVER_ROUTE=`${ROUTE} -n|grep $NAMESERVER|grep UGH|grep $GATEWAY`

      if test -z "$NAMESERVER_ROUTE" ; then

        ${ROUTE} add -host $NAMESERVER gw $GATEWAY

      fi

    done

    echo Starting pptp connection to VPN StudNet gateway

    ${PPTP_BIN} $VPN_TARGET_ADDRESS file $OPTIONS_FILE &

    sleep 8

    PPP_DEVICE=`ifconfig|grep -v ippp0|grep ppp|awk ' { print $1}'`

    if test -z "$PPP_DEVICE" ; then

      echo Could not start pptp connection to vpn server

      echo Please take a look at /var/log/messages for log output

      exit 1

    fi

    ### set default route to VPN connection

    ${ROUTE} del default

    ${ROUTE} add default dev $PPP_DEVICE

  ;;

  stop)

    if test -f /etc/ppp/vpn-gateway.backup ; then

      GATEWAY=`cat /etc/ppp/vpn-gateway.backup`

    fi

    GATEWAY_VIA_ROUTE=`${ROUTE} -n |grep UG|tail -1|awk ' { print $2}'`

    if test "$GATEWAY" != "$GATEWAY_VIA_ROUTE" ; then

      echo Warning: found two different gateways!!!

      if test -z "$GATEWAY" ; then

        ${ROUTE} del default

        ${ROUTE} add default gw $GATEWAY_VIA_ROUTE

      fi

      if test -z "$GATEWAY_VIA_ROUTE" ; then

        ${ROUTE} del default

        ${ROUTE} add default gw $GATEWAY

      fi

    else

      if ! test -z "$GATEWAY" ; then

        ${ROUTE} del default

        ${ROUTE} add default gw $GATEWAY

      fi

    fi

    rm -f /etc/ppp/vpn-gateway.backup  

    PPPD_PID=`ps auxww|grep pppd |grep $OPTIONS_FILE|grep -v grep|awk ' { print $2}'`

    if test -z $PPPD_PID ; then

       echo Cannot find any running VPN connection to terminate

    else

       for i in $PPPD_PID ; do

         kill $i

       done

       sleep 2

       echo "VPN connection(s) closed"

    fi

  ;;

  status)

    PPPD_PID=`ps auxww|grep pppd |grep $OPTIONS_FILE|grep -v grep|awk ' {print $2}'`

 

    if test -z $PPPD_PID ; then

       echo "Cannot find any VPN connection(s) started by this startup script"

    else

       echo "VPN connection seems to be running"

    fi

 

  ;;

  restart)

   $0 stop && $0 start

  ;;

  *)

  echo "Usage: $0 {start|stop|restart|status}"

  exit 1

  ;;

esac

```

Last edited by bernd on Tue Jul 15, 2003 5:36 pm; edited 1 time in total

----------

## cato`

This script is really great!

I modified your script to work with the higher education (UiB, HiB and NHH) VPN net in Bergen, Norway.

I hope it was ok...?

```

#!/bin/bash 

################################################################ 

### change this to your username and password and VPN target ### 

################################################################ 

USERNAME="brukernavn@server"

NETPASSWORD="passord" 

VPN_TARGET_ADDRESS="vpn-gw" 

###############################################################

OPTIONS_FILE="/etc/ppp/options" 

PAPSECRETS_FILE="/etc/ppp/pap-secrets"

echo "VPN for UiB Linux startup script" 

### checking existence of route 

ROUTE=`which route` 

if test -z $ROUTE ; then 

  ROUTE="/sbin/route" 

  if ! test -f $ROUTE ; then 

    echo Cannot find program route. Bailing out 

    exit 1 

  fi 

fi 

### checking existence of pptp 

PPTP_BIN=`which pptp` 

if test -z $PPTP_BIN; then 

  PPTP_BIN="/usr/local/sbin/pptp" 

  if ! test -f $PPTP_BIN ; then 

    echo Cannot find pptp VPN client program. Please install pptp! 

    exit 1 

  fi 

fi 

### checking existence of ppp 

PPP_BIN=`which pppd` 

if test -z $PPP_BIN; then 

  PPP_BIN="/usr/sbin/pppd" 

  if ! test -f $PPP_BIN ; then 

    echo Cannot find pppd. Please install ppp! 

    exit 1 

  fi 

fi 

echo "### UiB VPN 

lock

name $USERNAME 

noauth 

defaultroute 

" > $OPTIONS_FILE 

echo "### UiB VPN

$USERNAME   vpn-gw   $NETPASSWORD   *

" > $PAPSECRETS_FILE

case "$1" in 

  start) 

    /sbin/modprobe ip_gre 

    VPN_STATUS=`$0 status|grep "Cannot find any"` 

    if test -z "$VPN_STATUS" ; then 

      echo There is already a VPN connection running 

      exit 1 

    fi 

    ### getting gateway and nameservers 

    GATEWAY=`${ROUTE} -n |grep UG|tail -1|awk ' { print $2}'` 

    

    if test -z "$GATEWAY" ; then 

      echo Cannot find any default gateway! 

      exit 1 

    fi 

    echo Found Gateway $GATEWAY 

    echo $GATEWAY > /etc/ppp/vpn-gateway.backup 

    NAMESERVERS=`cat /etc/resolv.conf|grep nameserver|sed "s/nameserver //g"|grep -v "#"` 

    echo Found nameservers: $NAMESERVERS 

    if test -z "$NAMESERVERS" ; then 

      echo Cannot find any nameservers in /etc/resolv.conf 

      echo Please make sure that /etc/resolv.conf is set up correctly 

      exit 1 

    fi 

    ### set routing tables if they do not exist right now 

    INTERNAL_NET_ROUTE=`${ROUTE} -n|grep 192.168.0.0|grep $GATEWAY|grep 255.255.0.0` 

    if test -z "$INTERNAL_NET_ROUTE" ; then 

      ${ROUTE} add -net 192.168.0.0 netmask 255.255.0.0 gw $GATEWAY 

    fi 

    for NAMESERVER in $NAMESERVERS; do 

      NAMESERVER_ROUTE=`${ROUTE} -n|grep $NAMESERVER|grep UGH|grep $GATEWAY` 

      if test -z "$NAMESERVER_ROUTE" ; then 

        ${ROUTE} add -host $NAMESERVER gw $GATEWAY 

      fi 

    done 

    echo Starting pptp connection to VPN UiB gateway 

    ${PPTP_BIN} $VPN_TARGET_ADDRESS file $OPTIONS_FILE & 

    sleep 8 

    PPP_DEVICE=`ifconfig|grep -v ippp0|grep ppp|awk ' { print $1}'` 

    if test -z "$PPP_DEVICE" ; then 

      echo Could not start pptp connection to vpn server 

      echo Please take a look at /var/log/messages for log output 

      exit 1 

    fi 

    ### set default route to VPN connection 

    ${ROUTE} del default 

    ${ROUTE} add default dev $PPP_DEVICE 

  ;; 

  stop) 

    if test -f /etc/ppp/vpn-gateway.backup ; then 

      GATEWAY=`cat /etc/ppp/vpn-gateway.backup` 

    fi 

    GATEWAY_VIA_ROUTE=`${ROUTE} -n |grep UG|tail -1|awk ' { print $2}'` 

    if test "$GATEWAY" != "$GATEWAY_VIA_ROUTE" ; then 

      echo Warning: found two different gateways!!! 

      if test -z "$GATEWAY" ; then 

        ${ROUTE} del default 

        ${ROUTE} add default gw $GATEWAY_VIA_ROUTE 

      fi 

      if test -z "$GATEWAY_VIA_ROUTE" ; then 

        ${ROUTE} del default 

        ${ROUTE} add default gw $GATEWAY 

      fi 

    else 

      if ! test -z "$GATEWAY" ; then 

        ${ROUTE} del default 

        ${ROUTE} add default gw $GATEWAY 

      fi 

    fi 

    rm -f /etc/ppp/vpn-gateway.backup  

    PPPD_PID=`ps auxww|grep pppd |grep $OPTIONS_FILE|grep -v grep|awk ' { print $2}'` 

    if test -z $PPPD_PID ; then 

       echo Cannot find any running VPN connection to terminate 

    else 

       for i in $PPPD_PID ; do 

         kill $i 

       done 

       sleep 2 

       echo "VPN connection(s) closed" 

    fi 

  ;; 

  status) 

    PPPD_PID=`ps auxww|grep pppd |grep $OPTIONS_FILE|grep -v grep|awk ' {print $2}'` 

    if test -z $PPPD_PID ; then 

       echo "Cannot find any VPN connection(s) started by this startup script" 

    else 

       echo "VPN connection seems to be running" 

    fi 

  ;; 

  restart) 

   $0 stop && $0 start 

  ;; 

  *) 

  echo "Usage: $0 {start|stop|restart|status}" 

  exit 1 

  ;; 

esac

### Orginal script by T. Szczepanek

### Edited to work on UiB by Hans Cats

```

You can also download it HERE.

----------

## bernd

 *cato` wrote:*   

> 
> 
> I hope it was ok...?
> 
> 

 

Hi cato,

no problem. Feel free to use it. These is what Open Source means. Use an modify it as you need it. 

Greetings an happy surfing   :Very Happy: 

Bernd

----------

