X10VPN Configuration with Linux using networkmanager

garrettroyce

Community Support
Community Support
Messages
5,604
Reaction score
245
Points
63
Preface
NetworkManager is an aptly-named tool for the GNOME desktop environment that allows users to manage network connections. It is automatically installed on most distributions that use GNOME.

Distribution Notes
DistributionNotes
Fedora 16No additional configuration required. Credit goes to SylvanOgre for the original thread here.
Mageia 2PPP is required, but Mageia's current PPP package does not support MPPE encryption. See https://bugs.mageia.org/show_bug.cgi?id=5741. Use your favorite package installer to install networkmanager-pptp and either restart or use modprobe to load ppp_mppe.
SourceRequired software:
PPP ftp://ftp.samba.org/pub/ppp/
PPTP Client http://sourceforge.net/projects/pptpclient/files/pptp/
NetworkManager http://ftp.gnome.org/pub/GNOME/sources/NetworkManager/
NetworkManager-pptp http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-pptp/

[/tr]

networkmanager Setup
Use networkmanager to add a new VPN.

Here are the settings you will need:

General Settings:
Connect Automatically{Up to you. When networkmanager starts, the VPN will start as well}
Available to All Users{Up to you. If more than one person uses your computer and they should not have access to network resources, do not check this option. You must use your root password for this option}

IPv4 Settings:
MethodAutomatic (VPN)
Addresses{Leave blank}
DNS Servers{Leave blank}
Search Domains{Leave blank}
Routes...{Don't modify}

VPN Settings:
Gateway{currently server1.x10vpn.com; see https://x10vpn.com/howto for details}
User Name{same as your X10VPN login user name}
Password{same as your X10VPN login password}
Password Saving{Up to you. It must be either "Saved" or "Always Ask" because a password is required}
Show Password{Up to you. There's no confirmation password box, so it might be good to double check by viewing your password}
NT Domain{Up to you. Since you're not on Windows, domains aren't especially useful. If you're on a VPN with Windows users, set this to the same value as the Windows computers so they can access related features}
Advanced...
Allow the following authentication methods{If the MS-CHAP protocol(s) are unchecked, they must be checked to use MPPE. All other protocols will be unused regardless of being selected. In the future, X10VPN may allow other protocols.}
Use point-to-point encryption (MPPE){Check this currently. In the future, X10VPN may not require this}
Security{All Available or 128-bit; 128 is what is used anyway}
Allow stateful encryption{Check}
Allow BSD encryption{Check}
Allow deflate compression option{Check}
Use TCP header compression{Check}
Send PPP echo packets{Check}

Firewall Setup
Finally, allow TCP port 1723 through your firewall. See this thread for details: http://x10hosting.com/forums/vpn/179832-troubleshooting-connection-issues.html

Starting and Checking
You may now enable your VPN by using networkmanager.

An easy way to check if it is working correctly is to go to http://whatismyip.com and see if it reports an IP address identical to the one for your X10VPN account. From the terminal, you can run these tests:

[root@hostname /]# ifconfig
XXX#
{This will vary based on your system configuration.
There can be various eth#, wlan#, and ppp# interfaces here.
Check with your system documentation}
ppp0
Link encap:point-to-Point Protocol
inet addr:10.0.0.### P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:9737 errors:0 dropped:0 overruns:0 frame:0
TX packets:8941 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:8104718 (7.7 MiB) TX bytes:1350933 (1.2 MiB)
This is just an example from my system. It may look different on yours. The key is that there is a ppp# interface. Disabling all other VPN connections will make it easy to spot your X10VPN connection. Different distributions could name the interface something other than ppp, so check your distro's documentation.

Another check is to make sure that your system is routing traffic through the VPN:

[root@hostname /]#route -n
Kernel IP routing table
DestinationGatewayGenmaskFlagsMetricRefUseIface
0.0.0.00.0.0.00.0.0.0U000ppp0
10.0.0.10.0.0.0255.255.255.255UH000ppp0
There will be some other routes for other interfaces, but as long as you have these, you're in good shape. Basically, the first entry routes all connections to all IP addresses through the interface ppp0. The next entry overwrites the first, but only for the IP address 10.0.0.1, which is X10VPN's server. It also has the "H" flag, meaning that 10.0.0.1 is a host.

*Warning* if there are other entries (which there will be) they will route traffic so that it will NOT go trough the VPN if the interface is not ppp#. This is good for entries like 192.168.*.*, 10.*.*.*, and for the IP address your ISP gives to you. If you see another "Genmask" of 0.0.0.0, that may mean your traffic is not routed through the VPN! A "Genmask" should be 255.###.###.### for a "Destination" of 10.###.###.### or 255.255.###.### for 192.168.###.### and it should be 255.255.255.255 for any other "Destination". There may be multiple host "H" flags and some "G" flags as well; they're all fine.

TLDR; make sure all IP addresses are routed through ppp0 or else your traffic will not go through your VPN.

Troubleshooting
The networkmanager GUI should pop up any errors it encounters. You can also do a quick
[root@hostname /]# tail /var/log/syslog
or
[root@hostname /]# dmesg | tail
or etc. and see if anything is mentioned.

Authentication failed {or something like that} message:
Make sure that your version of PPP supports MPPE. It's not obvious whether it does or not without an lsmod:

[root@hostname /]# lsmod | grep ppp
ppp_mppe130352
ppp_async174131
crc_ccitt126671ppp_async
ppp_generic330646ppp_async,ppp_mppe
slhc134651ppp_generic
That's my output. Yours may differ, just make sure ppp_mpe is somewhere in the leftmost column.

Cannot find host {or something like that} message:
This message will come from a browser or any program that uses the internet. Check your firewall settings. Port 1723 TCP must be open.

Final Thoughts
Keep in mind that X10VPN (at this time) is in beta.

I've tried to be as verbose as possible here, but if you reply with a question, I will try my best.

TODO: Alternatives to networkmanager
 
Last edited:
Top