Connection to a Microsoft VPN from Linux is normally a no-brainer but Ubuntu 8.10 has some "out of the box" issues with connecting to a Microsoft VPN. Before fixing those issues we need to go through the motions and cover all the basics. First, you will need to install NetworkManager for Gnome and the PPTP plugin.
sudo apt-get install network-manager-gnome network-manager-pptp
sudo NetworkManager restart
NetworkManager Configuration
You can launch NetworkManager from either the Gnome menu under System | Preferences | Network Configuration or by clicking on the network icon on the Gnome panel and selecting VPN Connections | Configure VPN. Select the VPN tab and click the Add button. When asked to choose a VPN connection type select PPTP and click the Create button. PPTP will be the default unless you have other NetworkManager plugins installed.
Now you should have a dialog to enter the VPN information. There are only a couple of pieces of information that you need to enter on this form.
- Connections name: Name you VPN connection or keep the default name. Your choice.
- Connect automatically: Leave unchecked for now. You can change this later if you want.
- System setting: Leave unchecked.
- Gateway: Enter the host name or IP address of the VPN gateway.
- User name: Enter the NT domain, a backslash and the user name, e.g.
EXAMPLE\bill. This is the first of the 8.10 issues - you must enter the NT domain with the user name here or it won't work. - Password: Leave this blank. This is another 8.10 issue - either accessing or storing the password from NetworkManager is broken and if you enter the password here it won't work. Don't worry, there is a workaround.
- Show password: Don't check it, check it, it matters not.
- NT Domain: Leave this blank. And another 8.10 issue - the NT domain should be entered with the user name instead of here and if you do put the NT domain here it won't work.
The form should look something like this when you are done:
Click the Advanced button and when the dialog appears check Use Point-to-Point encryption (MPPE). Don't change any of the other setting on this form.
Click the OK button on the advanced settings form and then click the OK button on the VPN information form to save the settings for your new VPN. You can close the NetworkManager window now.
Fixing the NetworkManager Configuration
If you try to connect to the VPN now it will fail. By default it is trying to negotiate EAP authentication. There is no was to disable EAP from NetworkManager so you will need to disable it with gconf-editor. Launch gconf-editor from the command line.
gconf-editor
When the editor starts browse to System | Networking | Connections. Under Connections you should see one or more numbered connection folders. You will need to find the one that has your VPN configuration in it - open each one and look for another folder named vpn. Click on the vpn folder to see the settings to verify that it is the one you need to change. On my system this was connection number 3. Right-click on the configuration list and select New key.
Name the new key refuse-, set its type to eapString and its value to yes. Then click the OK button.
Connecting to the VPN
You are finally ready to connect to the VPN. Clink the network icon on the panel and select VPN Connections | <connection name>. Enter your password in the authentication dialog. If you want your password stored in the keyring you can check that option here - that is the workaround for not being able to enter the password in NetworkManager. Click the OK button and if all goes well you will connect to your VPN.
The Bad News
Now that you've got your VPN working there's some really bad news you need to know about. Anytime you launch NetworkManager it is probably going to hork the VPN settings and your VPN will stop working once again. So don't start NetworkManager. But if you do the two things you will most likely need to fix are:
- Edit the VPN and delete the password from the configuration form. You can re-enter it and save it again the next time you need to connect.
- Check the
refuse-eapsetting on your VPN and re-add it withgconf-editorif it is missing.
Good luck!
In the comments Craig points out that the NT Domain issue has been fixed. I fired up Update Manager and installed all the latest updates which included an update to NetworkManager. After installing I verified that with the latest version of NetworkManager the NT Domain can be configured normally again. There was also an update to the Gnome Keyring which spurred me to try configuring the VPN password in NetworkManager too and that works now also. (However I do not know if the password storing problem was in NetworkManager or Gnome Keyring.) With these updates you can set up your VPN configuration in NetworkManager as follows:
These latest updates resolve half of the issues I described in the original post. You will still need to enable MPPE and add the refuse-eap key to successfully connect to a Microsoft VPN.
Problem w/gcong -editor
gconf -editor step. I get the following error message and am unable to see any structure or network info tool. Here's the error message but I have yet to figure out how to correct it, any ideas?
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)
RE: Problem w/gcong -editor
Sorry, I haven't seen that error before. Searching Google for it turned up a few leads. You might try that.
Really helpful
Thanks for posting this. Worked like a champ.
!!!!!!! I can't using
!!!!!!!
I can't using VPN!!!!!
because if I don't connect VPN then I can't suffer the internet!!!!
So ,is there any solution.
I think it's very chaos for Ubuntu.!!
HOW?????????????
I have found interesting
I have found interesting sourc and would like to give the benefit of my experience to you.
I am tuning my pc by the best software for free, with the file search engine
[Editor: SPAM FAIL redacted]
May be you have your own experience and could give some useful sites too. Because this social site help me much.
Thank You
The only step I needed to successfully connect to StrongVPN was "refuse-eap: yes". Thank you so much for posting this information!
What's NT Domain?
What is NT Domain? Is it compulsory to be filled?
How can I know the VPN is connected properly? Does it appear a lock icon on the Network Manager icon? If that so, why can't I connect to Internet?
I've follow your steps, but I still can't connect to internet via VPN. Help me...
RE: What's NT Domain?
I can't tell you what your NT domain is. You will have to find that out from whomever manages your Microsoft server and VPN. NT domain is not always required (see some of the other comment threads). But I don't know under what conditions it is required or optional. Again, you Microsoft admin should be able to tell you that.
While the VPN is trying to connect the network icon on the panel will change to an animated icon with a gold "swoosh" flying across the icon in to a small gold padlock in the bottom right hand corner. If the connection fails the icon will revert to normal - the swoosh and padlock dissapear - and an error message should display. If the connection succeeds the swoosh will dissapear but the gold padlock will remain on the icon.
Thanks
Thank you, I was looking for this solution till the time I updated to 8.10, and it was really annoying, but now it's working!!!! :)
Thanks again! great post!
I'm still facing the issue
hi dean, you've explained the solution very well but even after trying these steps, the VPN connection fails on my system.
Version details:
network-manager-gnome 0.7~~svn20081020t000444-0
network-manager-pptp 0.7~~svn20081015t024626-0
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.10
DISTRIB_CODENAME=intrepid
DISTRIB_DESCRIPTION="Ubuntu 8.10"
$ uname -a
Linux vivek-laptop 2.6.27-9-generic #1 SMP Thu Nov 20 21:57:00 UTC 2008 i686 GNU/Linux
Are you using the same setup?
RE: I'm still facing the issue
Exactly the same setup. What happens when you try to connect? Have you checked for messages in syslog?
No NT Domain
My VPN connection in windows vista doesnt have a NT Domain specified yet works very well.
HOw does it affect in Intrepid Ibex where, as u say we have to write the username as NTDomain\Username?
RE: No NT Domain
I don't have Vista to check with but in the Vista docs I found online it does show NT Domain to be optional when configuring a VPN. Try setting it up in Ubuntu with only the user name (leave off the domain and the backslash) and see if it works. I would be interested to hear about your results.
Hi dean, I am able to connect
Hi dean,
I am able to connect without the NT Domain.
The vpn is connected up and running. The settings on my desktop are perfectly fine.
BUt my laptop tends to lose the refuse-eap string everytime i restart the computer.
RE: Hi dean, I am able to connect
You might try Véio's tip from the comments. You could add that command to insert the EAP setting to your .bashrc so that it gets re-added every time you log in. Make sure to change the connection number in the command from Véio's tip to match your configuration.
Launchpad bugs
bad NT-Domain escaping https://bugs.launchpad.net/ubuntu/+source/network-manager-pptp/+bug/259168 Fixed.
network-manager-pptp lacks refuse-eap option in advanced ... dialog https://bugs.launchpad.net/ubuntu/intrepid/+source/network-manager-pptp/... Open as of right now.
RE: Launchpad bugs
Thanks for the information Craig. I verified that the NT Domain bug is fixed. The NetworkManager/Gnome Keyring bug seems to be fixed as well so that you can enter and store the VPN password in NetworkManager again. I'm glad the EAP bug is on their radar too.
This fixed my problem!
Holy cow! Thanks a ton! Since I upgraded to 8.10 I could not get this buggy release connecting to my work VPN. Do you know if this work-around has been reported on the Ubuntu issue tracker?
Thanks again, you are a life saver!
RE: This fixed my problem!
Craig tracked down two of the issues and they have been reported. One of them has even been fixed already.
Great post. We can do it on command line too
We can include the key via command line too, using conftool-2. Here is an example:
gconftool-2 --set "/system/networking/connections/3/vpn/refuse-eap" --type string "yes"
We can include it as an panel launcher and made our life easier.
Thanks for the post. I hope the developers fix this soon.
Véio
RE: Great post. We can do it on command line too
Thanks for the great tip Véio. You can also use the command line tool to turn on MPPE instead of using NetworkManager.
gconftool-2 --set "/system/networking/connections/3/vpn/require-mppe" --type string "yes"But be sure you have the right connection number when you do this because gconftool will happily create that config entry if you have the wrong connection number - even if that connection did not already exist,
Vpn connection dialog box is not displayed
I follow your guide and it worked fine till I click the VPN Connection popup menu, the connection dialog never appeared, do you have any idea about it?
RE: Vpn connection dialog box is not displayed
When you select your VPN from the popup menu do you get any error messages or visual indicators that something is happening? Are there any error or debug messages related to NetworkManager in syslog?
I'd love a howto for people
I'd love a howto for people who don't use gnome..
RE: I'd love a howto for people
Maybe one of these days I'll get around to writing a pure CLI guide. But in the meantime all of the GTK/Gnome apps referenced here should work in KDE or Fluxbox or whatever window manager you may prefer.
nice work
hi, thank you very much, i have tried so many times, finally i found some thing useful.
Good post.It was very
Good post.It was very useful.
Thank you
Post new comment