Ubuntu 8.10: How To Connect To a Microsoft VPN

Wednesday, 19. November 2008

December 3, 2008 Update: Some of these problems have been corrected in the latest updates to Ubuntu 8.10. (See below.)


Connection to a Microsoft VPN from Linux is normally a no-brainer but Ubuntu 8.10 Intrepid Ibix has some “out of the box” issues with connecting to a Microsoft VPN. Before fixing those issues we need to go through the motions and cover all the basics. First, you will need to install NetworkManager for Gnome and the PPTP plugin.

    sudo apt-get install network-manager-gnome network-manager-pptp

    sudo NetworkManager restart

NetworkManager Configuration

You can launch NetworkManager from either the Gnome menu under System | Preferences | Network Configuration or by clicking on the network icon on the Gnome panel and selecting VPN Connections | Configure VPN. Select the VPN tab and click the Add button. When asked to choose a VPN connection type select PPTP and click the Create button. PPTP will be the default unless you have other NetworkManager plugins installed.

Now you should have a dialog to enter the VPN information. There are only a couple of pieces of information that you need to enter on this form.

  • Connection name: Name you VPN connection or keep the default name. Your choice.
  • Connect automatically: Leave unchecked for now. You can change this later if you want.
  • System setting: Leave unchecked.
  • Gateway: Enter the host name or IP address of the VPN gateway.
  • User name: Enter the NT domain, a backslash and the user name, e.g. EXAMPLE\bill. This is the first of the 8.10 issues – you must enter the NT domain with the user name here or it won't work.
  • Password: Leave this blank. This is another 8.10 issue – either accessing or storing the password from NetworkManager is broken and if you enter the password here it won't work. Don't worry, there is a workaround.
  • Show password: Don't check it, check it, it matters not.
  • NT Domain: Leave this blank. And another 8.10 issue – the NT domain should be entered with the user name instead of here and if you do put the NT domain here it won't work.

The form should look something like this when you are done:

Screenshot-Editing Example Corporate VPN

Click the Advanced button and when the dialog appears check Use Point-to-Point encryption (MPPE). Don't change any of the other setting on this form.

Screenshot-nm-connection-editor

Click the OK button on the advanced settings form and then click the OK button on the VPN information form to save the settings for your new VPN. You can close the NetworkManager window now.

Fixing the NetworkManager Configuration

If you try to connect to the VPN now it will fail. By default it is trying to negotiate EAP authentication. There is no was to disable EAP from NetworkManager so you will need to disable it with gconf-editor. Launch gconf-editor from the command line.

    gconf-editor

When the editor starts browse to System | Networking | Connections. Under Connections you should see one or more numbered connection folders. You will need to find the one that has your VPN configuration in it – open each one and look for another folder named vpn. Click on the vpn folder to see the settings to verify that it is the one you need to change. On my system this was connection number 3. Right-click on the configuration list and select New key.

Screenshot-Configuration Editor

Name the new key refuse-eap, set its type to String and its value to yes. Then click the OK button.

Screenshot-New Key

Connecting to the VPN

You are finally ready to connect to the VPN. Clink the network icon on the panel and select VPN Connections | <connection name>. Enter your password in the authentication dialog. If you want your password stored in the keyring you can check that option here – that is the workaround for not being able to enter the password in NetworkManager. Click the OK button and if all goes well you will connect to your VPN.

Screenshot-Editing Example Corporate VPN

The Bad News

Now that you've got your VPN working there's some really bad news you need to know about. Anytime you launch NetworkManager it is probably going to hork the VPN settings and your VPN will stop working once again. So don't start NetworkManager. But if you do the two things you will most likely need to fix are:

  1. Edit the VPN and delete the password from the configuration form. You can re-enter it and save it again the next time you need to connect.
  2. Check the refuse-eap setting on your VPN and re-add it with gconf-editor if it is missing.

Good luck!


December 3, 2008 Update:

In the comments Craig points out that the NT Domain issue has been fixed. I fired up Update Manager and installed all the latest updates which included an update to NetworkManager. After installing I verified that with the latest version of NetworkManager the NT Domain can be configured normally again. There was also an update to the Gnome Keyring which spurred me to try configuring the VPN password in NetworkManager too and that works now also. (However I do not know if the password storing problem was in NetworkManager or Gnome Keyring.) With these updates you can set up your VPN configuration in NetworkManager as follows:

Screenshot-Editing Example Corporate VPN Update

These latest updates resolve half of the issues I described in the original post. You will still need to enable MPPE and add the refuse-eap key to successfully connect to a Microsoft VPN.

Share 'Ubuntu 8.10: How To Connect To a Microsoft VPN' on Delicious Share 'Ubuntu 8.10: How To Connect To a Microsoft VPN' on Facebook Share 'Ubuntu 8.10: How To Connect To a Microsoft VPN' on Google Buzz Share 'Ubuntu 8.10: How To Connect To a Microsoft VPN' on Google Reader Share 'Ubuntu 8.10: How To Connect To a Microsoft VPN' on LinkedIn Share 'Ubuntu 8.10: How To Connect To a Microsoft VPN' on Email

8 Responses to “Ubuntu 8.10: How To Connect To a Microsoft VPN”

  1. Michele says:

    THank you thak you thank you!!!!!!Finally vpn works!!
    I spent month surfing on google searching for something…I tried almost everything..delete NM, add hamachi, openvpn, gopenvpn…now it works. Thank you very much!

  2. [...] been getting a lot of comments on this post and I needed a better way to be notified of comments that I need to respond to than by repeatedly [...]

  3. vitorgatti says:

    VPN finally working… thanks A LOT!!!! I wish I was rich to give you lots of money :)

  4. dean says:

    @vitorgatti – I’m just happy to hear that this helped. Thanks.

  5. SmileyChris says:

    Don’t know if it’s new in Karmic, but you can just un-check the EAP authentication method, rather than need to use gconf-editor.

  6. dean says:

    @SmileyChris – EAP wasn’t listed in the authentication methods on the PPTP Advanced Options dialog in Intrepid. Thanks for pointing out that it’s there in Karmic.

  7. PN says:

    @SmileyChris
    Thanks for that information! Solved my problem.

  8. [...] 主要的问题可以看出来,出在No VPN secrets,也就是说nm没有保存密码。 参照这里 [...]

 
 

Switch to our mobile site