# Connect To SecureIX VPN

## g4m3cub3

I've tried myself to go over docs and examples for connecting to VPNs but I can't seem to get it to work. SecureIX offers free ~1Mbit VPN service and I need to know how to connect to it using *nix, specifically Gentoo for the most part. So if anyone figures it out, please reply and let me and others know.

----------

## jerkface

I'm also trying to connect to SecureIX. I followed this howto up until the part about installing pptpconfig, but had to stop there because I don't have an ebuild for it.

http://pptpclient.sourceforge.net/howto-gentoo.phtml

----------

## g4m3cub3

Well, jerkface, I think I have the configs right now. I'm left with the issue of the MPPE encryption issue. For some reason I get 'Unrecognized option: require mppe-128'. That's not verbatim by the way, but the general idea of what was said. I have the kernel supprt in my kernel and built the ppp package with the mppc-mppe use flag. It must be a pain in the ass because Microsoft created it. I haven't tried manually patching the kernel yet as the tutorials say because I thought I didn't have to since there was supposed support already. I guess we'll find out? I'll let you know what happens. If you need me to post my configs for you I will.

----------

## jerkface

I believe the kernel is already patched for gentoo-sources but not vanilla-sources. Here is a copy of my config and error message I posted at the secureix forums.  *Quote:*   

> Ok, here is my current configuration. It seems to work, but I get a modem hangup at 2.0 minutes.
> 
> ```
> # pon secureix.com debug dump logfd 2 nodetach
> ```
> ...

  :Twisted Evil: 

----------

## g4m3cub3

Well, that MPPE is disabled might be the problem. I don't see why it is as long as you have the current config with the mppe required,stateless and kernel support. I can't even use the mppe required,stateless option or when I use pon it complains about it being an unrecognized option. Anyhow, I've gotten passed the require-mppe-128 option by not using the mppe-mppc use flag when emerging ppp. Now I get this...

```

rcvd [Compressed data] 95 a1 02 3d 84 05 f6 a3 ...

Discarded non-LCP packet when LCP not open

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa671d4cb> <pcomp> <accomp>]

rcvd [Compressed data] 95 a2 f0 74 36 3f 2e 32 ...

Discarded non-LCP packet when LCP not open

rcvd [Compressed data] 95 a3 ac 11 97 79 58 b7 ...

Discarded non-LCP packet when LCP not open

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa671d4cb> <pcomp> <accomp>]

rcvd [Compressed data] 95 a4 e7 43 25 ba 53 e3 ...

Discarded non-LCP packet when LCP not open

rcvd [Compressed data] 95 a5 bb df ba 5a fc 73 ...

Discarded non-LCP packet when LCP not open

rcvd [Compressed data] 95 a6 d5 82 65 aa de 52 ...

Discarded non-LCP packet when LCP not open

sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xa671d4cb> <pcomp> <accomp>]

rcvd [Compressed data] 95 a7 3a c8 31 a9 f2 fb ...

Discarded non-LCP packet when LCP not open

rcvd [Compressed data] 95 a8 44 e9 ba f7 f4 2a ...

Discarded non-LCP packet when LCP not open

Terminating on signal 2

Script pptp vpn.secureix.com --nolaunchpppd finished (pid 29236), status = 0x0

Modem hangup

Connection terminated.

```

----------

## dolch

With my setup I redirect a local user's tcp traffic to a free SecureIX server. Here's a VERY quick explanation of how I did it.

Kernel: 

Rebuild your kernel with the PPP modules (ppp_mppe, ppp_async, ppp_generic), advanced routing and iptables support (xt_MARK, iptable_mangle, etc)

Emerge: 

Emerge the latest net-dialup/ppp, sys-apps/iproute2

Config: 

Create the /etc/init.d/net.ppp0 symlink, and add the VPN config to /etc/conf.d/net.

```
# VPN

config_ppp0=( "ppp" )

username_ppp0=('<username>@secureix.com')

password_ppp0=('<password>')

pppd_ppp0=(

   "persist"

   "nodefaultroute"

   "lock"

   "maxfail 1"

   "require-mppe-128"

   "silent"

)

link_ppp0=("pty \"pptp <secureix server> --nolaunchpppd\"")

```

You'll need your current default gateway x.x.x.1 (ip ro | grep default), and a SecureIX server address ( 66.150.105.18 ) Start up the 

tunnel using:

```
ip route add 66.150.105.18 via <gateway> dev eth0;

/etc/init.d/net.ppp0 start;
```

Watch /var/log/messages to see if the ppp0 interface was started. If it worked and you got an ip setup the tunnel routing.

```
Marked through the tunnel:

ip route add default via 66.150.105.18 dev ppp0 table 2;

ip ru add pref 20 fwmark 0x1 lookup 2;

ip ro fl cache;

OR

Everything through the tunnel (easy way):

ip route del default;

ip route add default via 66.150.105.18 dev ppp0;

ip ro fl cache;
```

You'll need to turn on masquerading and turn off the reverse path filter for ppp0.

```
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE;

echo 0 > /proc/sys/net/ipv4/conf/ppp0/rp_filter;
```

Finally I created a separate user account (local) and used iptables to mark all the traffic.

```
iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner local -j MARK --set-mark 1;
```

At this point you should be able to test everything by going to a site like http://myip.dk to check your ip. Depending on what you're 

using the tunnel for you could run into varying stability. I use mine for bittorrent and as long as I limit the upload/download speeds

the link will hold.  I'm positive my method isn't perfect but it does work.

----------

## g4m3cub3

I haven't tested it yet but thank you. It's been a long time since I posted and really appreciate your detailed help.

----------

