Wednesday, 19. November 2008
Connection to a Microsoft VPN from Linux is normally a no-brainer but Ubuntu 8.10 Intrepid Ibix has some “out of the box” issues with connecting to a Microsoft VPN. Before fixing those issues we need to go through the motions and cover all the basics. First, you will need to install NetworkManager for Gnome and the PPTP plugin.
sudo apt-get install network-manager-gnome network-manager-pptp
sudo NetworkManager restart
You can launch NetworkManager from either the Gnome menu under
System | Preferences | Network Configuration or by clicking on the network icon on the Gnome panel and selecting
VPN Connections | Configure VPN. Select the
VPN tab and click the
Add button. When asked to choose a VPN connection type select PPTP and click the
Create button. PPTP will be the default unless you have other NetworkManager plugins installed.
Now you should have a dialog to enter the VPN information. There are only a couple of pieces of information that you need to enter on this form.
- Connection name: Name you VPN connection or keep the default name. Your choice.
- Connect automatically: Leave unchecked for now. You can change this later if you want.
- System setting: Leave unchecked.
- Gateway: Enter the host name or IP address of the VPN gateway.
- User name: Enter the NT domain, a backslash and the user name, e.g.
EXAMPLE\bill. This is the first of the 8.10 issues – you must enter the NT domain with the user name here or it won't work.
- Password: Leave this blank. This is another 8.10 issue – either accessing or storing the password from NetworkManager is broken and if you enter the password here it won't work. Don't worry, there is a workaround.
- Show password: Don't check it, check it, it matters not.
- NT Domain: Leave this blank. And another 8.10 issue – the NT domain should be entered with the user name instead of here and if you do put the NT domain here it won't work.
The form should look something like this when you are done:
Advanced button and when the dialog appears check
Use Point-to-Point encryption (MPPE). Don't change any of the other setting on this form.
OK button on the advanced settings form and then click the
OK button on the VPN information form to save the settings for your new VPN. You can close the NetworkManager window now.
Fixing the NetworkManager Configuration
If you try to connect to the VPN now it will fail. By default it is trying to negotiate EAP authentication. There is no was to disable EAP from NetworkManager so you will need to disable it with gconf-editor. Launch gconf-editor from the command line.
When the editor starts browse to
System | Networking | Connections. Under Connections you should see one or more numbered connection folders. You will need to find the one that has your VPN configuration in it – open each one and look for another folder named
vpn. Click on the
vpn folder to see the settings to verify that it is the one you need to change. On my system this was connection number 3. Right-click on the configuration list and select
Name the new key
eap, set its type to
String and its value to
yes. Then click the OK button.
Connecting to the VPN
You are finally ready to connect to the VPN. Clink the network icon on the panel and select
VPN Connections | <connection name>. Enter your password in the authentication dialog. If you want your password stored in the keyring you can check that option here – that is the workaround for not being able to enter the password in NetworkManager. Click the OK button and if all goes well you will connect to your VPN.
The Bad News
Now that you've got your VPN working there's some really bad news you need to know about. Anytime you launch NetworkManager it is probably going to hork the VPN settings and your VPN will stop working once again. So don't start NetworkManager. But if you do the two things you will most likely need to fix are:
- Edit the VPN and delete the password from the configuration form. You can re-enter it and save it again the next time you need to connect.
- Check the
refuse-eapsetting on your VPN and re-add it with
gconf-editorif it is missing.
In the comments Craig points out that the NT Domain issue has been fixed. I fired up Update Manager and installed all the latest updates which included an update to NetworkManager. After installing I verified that with the latest version of NetworkManager the NT Domain can be configured normally again. There was also an update to the Gnome Keyring which spurred me to try configuring the VPN password in NetworkManager too and that works now also. (However I do not know if the password storing problem was in NetworkManager or Gnome Keyring.) With these updates you can set up your VPN configuration in NetworkManager as follows:
These latest updates resolve half of the issues I described in the original post. You will still need to enable
MPPE and add the
refuse-eap key to successfully connect to a Microsoft VPN.