LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   VPN Connection - Not able to browse other sites when connecting to VPN (http://www.linuxquestions.org/questions/linux-networking-3/vpn-connection-not-able-to-browse-other-sites-when-connecting-to-vpn-877996/)

arindom 04-30-2011 08:00 AM

VPN Connection - Not able to browse other sites when connecting to VPN
 
The problem that I have been struggling with is while connecting to VPN server, I can't connect to other sites.

I am on 11.04, but this have been happening on 10.10 as well.

On Win7, I was able to browse the VPN and the other sites at the same time without any issue.

I also tried by checking ON the "Use this connection only for resources on its network" option (under IPv4 settings tab) but doing that is allowing me to browse all sites except the VPN site. The method that I am using is "Automatic (VPN)".

Need your help to solve this issue.

jschiwal 05-01-2011 01:24 AM

What do you mean by sites? Do you mean hosts, on the remote LAN, or web sites browsed from a remote desktop?

What do you mean by browsing, and what are you using? The phrase "browsing for sites" implies browsing web sites in a web browser, but maybe you mean something else.

T3RM1NVT0R 05-01-2011 01:44 AM

@ Reply
 
Hi arindom,

As I can understand you when you connect to VPN on Ubuntu 10.10 and Ubuntu 11.04 you are able to browse the VPN resources but you are unable to browse any public sites at the same time.

However, when you connect to VPN using Windows7 you are able to access VPN resources as well as public sites.

Let us know how you are trying to connect to VPN on Windows7 and Ubuntu

Also you would like to check VPN settings under Network settings.

arindom 05-02-2011 01:16 AM

Quote:

Originally Posted by jschiwal (Post 4342476)
What do you mean by sites? Do you mean hosts, on the remote LAN, or web sites browsed from a remote desktop?

What do you mean by browsing, and what are you using? The phrase "browsing for sites" implies browsing web sites in a web browser, but maybe you mean something else.

By sites I mean Public website browsing like this LinuxQuestions.org site.


Quote:

Originally Posted by T3RM1NVT0R (Post 4342487)
Hi arindom,

As I can understand you when you connect to VPN on Ubuntu 10.10 and Ubuntu 11.04 you are able to browse the VPN resources but you are unable to browse any public sites at the same time.

However, when you connect to VPN using Windows7 you are able to access VPN resources as well as public sites.

Let us know how you are trying to connect to VPN on Windows7 and Ubuntu

Also you would like to check VPN settings under Network settings.

Hi T3RM1NVT0R,

Yes, you are correct.

With the present settings, it's actually working like "either/or" state. So either I am able to browse the VPN resources or I am able to browse the public resources. As you have correctly noted, in Windows 7, I am able to access both the resources at the same time, without any issues.

Here is how I am connecting to the VPN resources :

a) Ubuntu 11.04
1. Clicked on the Network applet icon on panel and selected Edit connections...
2. Chose the VPN tab and then clicked on Add.
3. By default there is PPTP selected as the only option. I selected on "Create..."
4. Entered only the Gateway (some IP address), username and password.
5. Clicked on Advanced and deselected all but MSCHAP2 authentication method.
6. Also selected the "use point to point encryption .." option. The other three options were left as selected by default.
7. Now under IPV4 settings only clicked Routes.
8. "Use this connection only ..." option is not selected. I have to keep this unselected if I want to access VPN resources else it's all public sites can be accessed except the VPN resources.

b) Windows 7
1. On Windows under Network and sharing center, chose Set up a new connection.
2. Connect to a workplace > General tab.
3. Entered the destination IP. Rest remained as default.
4. Under security tab chose PPTP option and MSCHAP2 only (rest of them will remain as unchecked) as authentication protocol.
5. Under Networking tab, chose the properties of IPV4. Obtain IP address automatically and obtain DNS automatically is selected.
6. "Use Default gateway on remote network" is turned off.

Those were the settings.

I will be grateful if you can help me to get this issue resolved.

T3RM1NVT0R 05-02-2011 04:00 AM

@ Reply
 
Quote:

a) Ubuntu 11.04
1. Clicked on the Network applet icon on panel and selected Edit connections...
2. Chose the VPN tab and then clicked on Add.
3. By default there is PPTP selected as the only option. I selected on "Create..."
4. Entered only the Gateway (some IP address), username and password.
5. Clicked on Advanced and deselected all but MSCHAP2 authentication method.
6. Also selected the "use point to point encryption .." option. The other three options were left as selected by default.
7. Now under IPV4 settings only clicked Routes.
8. "Use this connection only ..." option is not selected. I have to keep this unselected if I want to access VPN resources else it's all public sites can be accessed except the VPN resources.
Step 1: Ok
Step 2: Ok
Step 3: Ok
Step 4: Ok
Step 5: Ok
Step 6: Select MPPE Encryption and Use stateful encryption. Uncheck Allow BSD Data Compression, uncheck Allow Deflate Data Compression, uncheck Use TCP Header Compression.
Step 7: Leave rest as it is and save the connection.
Step 8: Now try to connect to VPN and see if you are able to browse public sites as well.

arindom 05-02-2011 04:27 AM

Quote:

Originally Posted by T3RM1NVT0R (Post 4343587)
Step 1: Ok
Step 2: Ok
Step 3: Ok
Step 4: Ok
Step 5: Ok
Step 6: Select MPPE Encryption and Use stateful encryption. Uncheck Allow BSD Data Compression, uncheck Allow Deflate Data Compression, uncheck Use TCP Header Compression.
Step 7: Leave rest as it is and save the connection.
Step 8: Now try to connect to VPN and see if you are able to browse public sites as well.

Thanks T3RM1NVT0R for the suggestion.

No, it didn't work.

Also noted that if I uncheck the BSD option, that will not allow me to even browse the VPN resources. So I have to keep the BSD option as checked.

Larry James 01-20-2012 05:35 PM

Quote:

Originally Posted by arindom (Post 4343612)
Thanks T3RM1NVT0R for the suggestion.

No, it didn't work.

Also noted that if I uncheck the BSD option, that will not allow me to even browse the VPN resources. So I have to keep the BSD option as checked.

Hi, Arindom. I have searched the web and find this topic reoccuring numerous time. However, none of them are solved. Most of them end with someone responding as the first reply in this post, not understanding the question.

I'm going to clarify the question.

Before connecting to a Linux VPN server I can click on my LinuxQuestions.org bookmark and participate in this community. After connecting to a VPN server I can't bring up LinuxQuestions.org, google.com, apollo3.com or any other website (in firefox, lynx, or chrome).

I have tried various options none are working.

Setting up the client end appears to be very simple using the network-manager-pptp.

This is the steps with images that I have followed:
http://geekyprojects.com/ubuntu/ubuntu-vpn-connection/

It is basically this:

nm-connection-editor -> (Click on) Add -> (Select PPTP) -> (Click) Create -> (Type in Name for VPN) TestVPN -> (Type in host name or IP address of VPN server) -> (Type in Username and password) -> (Click on) Advance -> (Uncheck PAP) -> (Check) MPPE -> (Click) OK -> (Click) Save -> (Click) Close -> [That's it! It'll connect with no other changes]

Now when I click on the new VPN connection I can browse the resources, mount the shares, do everything on the VPN as if it were on my local network. However, I'm now locked away from Linuxquestions.org, Google.com, Apollo3.com and all the other resources on the Internet.

This would happen the same when connecting to VPN servers from a Windows machine. However, the Windows machines have an option to uncheck use default gateway. I believe the answer to this lies in that option somewhere.

Does anyone have any idea how to resolve this issue?

Thanks in advance for any comments on this issue. Also, if the OP found some resolution, please share.

Edit:
Actually while still testing on other Linux servers on my network I notice this flaw doesn't happen. So it appears it's something on the server end that can resolve this.

I'm checking the VPN server configurations on the two machines to try to learn the culprit. I'll post an update if I get it narrowed down. In the meantime I'd appreciate input from others who might already know the answer.

Thanks again!


– L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames

arindom 01-21-2012 03:23 AM

Quote:

Originally Posted by Larry James (Post 4580201)
Edit:
Actually while still testing on other Linux servers on my network I notice this flaw doesn't happen. So it appears it's something on the server end that can resolve this.

I'm checking the VPN server configurations on the two machines to try to learn the culprit. I'll post an update if I get it narrowed down. In the meantime I'd appreciate input from others who might already know the answer.

Thanks Larry for such a detail explanation of the actual issue.

While these days I am using a different form of VPN, where this issue is no longer happening, but as per last I remember this issue was yet to be resolved. But during my last attempt to resolve this I recall that somewhere I found that the issue might be at the server end, as already mentioned by you.

Thanks again for this detail post. I hope that you can narrow down to the point where it can be known what is actually causing the problem.

Larry James 01-21-2012 07:59 AM

Quote:

Originally Posted by arindom (Post 4580458)
Thanks Larry for such a detail explanation of the actual issue.

While these days I am using a different form of VPN, where this issue is no longer happening, but as per last I remember this issue was yet to be resolved. But during my last attempt to resolve this I recall that somewhere I found that the issue might be at the server end, as already mentioned by you.

Thanks again for this detail post. I hope that you can narrow down to the point where it can be known what is actually causing the problem.

Thanks for coming back with an update. I'm surprised that this falls into one of the few baffling categories that no one can scope. As I mentioned the question is recurring. Someone replies in such that it's clear they didn't understand the issue. The author clarifies the issue. Then someone else replies with something that doesn't work. The author specifies that it doesn't work. Then the thread stops unresolved.

Since it's so common it appears there should be some type of official fix or some type of admissing that it just doesn't work.

As far as I can see from the instructions for setting up the server it's as simple as ( http://poptop.sourceforge.net/dox/debian-howto.phtml ):

Install pptpd, configure for files (/etc/pptpd.conf, /etc/ppp/pptpd-options, /etc/ppp/options and /etc/chat-secrets).

On both computers at present I have those files set as:

/etc/pptpd.conf:
Code:

option /etc/ppp/pptpd-options
logwtmp
localip 192.168.23.20
remoteip 192.168.23.30-39

/etc/ppp/pptpd-options:
Code:

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp
noipx ## you don’t need IPX
mtu 1490 ## may help your linux client from disconnecting
mru 1490 ## may help your linux client from disconnecting

/etc/ppp/options:
Code:

lock
/etc/ppp/chap-secets:
Code:

# Secrets for authentication using CHAP
# client        server        secret                        IP addresses

[username]        pptpd [userpass] *

I don't know whatelse to change or what else to test. But my next step is to completely uninstall pptpd and ppp from the server that fails and see if it'll work on a second installation.

By the way the both servers are running distro/versions Ubuntu 11.10. Neither have any apts that weren't installed from the default repository via apt-get or synaptic. So I don't understand why they are behaving differently.

-- L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames

Larry James 01-21-2012 11:56 AM

Hi, arindom.

I have resolved the issue where I'm now connected to my Linux VPN at the same time that I'm browsing the web and participating in LinuxQuestions.org.

First I'll mention that my previous attempt to insure I had the exact same files and installation failed. That's the one where I completely removed (uninstalled) ppp and pptp and used the same configuration from the Linux server that worked.

When that failed, I then used the cli route command to add a default gateway after connecting to the VPN. That worked. I thought that would be a bit cumbersome to have to do every time I mouse clicked the VPN connection and looked for a method to do that in the netmanage gui.

Under the Routes button I put check marks in the two options. This also worked.

Hopefully for the community you will test this and mark the topic solved if it works for you. This way others having the same problem will have a quick easily found solution.

If it doesn't solve your problem, I'd gladly work with you to get it resolved. Like many issues I've had with Linux, you get less support when the issue is extremely simple. It might be this is the case why this issue is asked so many times on the Internet but never resolved definitively. The gurus probably thinks the user has already tested those two check marks.

Hope this helpped!

-- L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames

arindom 01-24-2012 11:27 PM

Quote:

Originally Posted by Larry James (Post 4580718)
Hi, arindom.

I have resolved the issue where I'm now connected to my Linux VPN at the same time that I'm browsing the web and participating in LinuxQuestions.org.

First I'll mention that my previous attempt to insure I had the exact same files and installation failed. That's the one where I completely removed (uninstalled) ppp and pptp and used the same configuration from the Linux server that worked.

When that failed, I then used the cli route command to add a default gateway after connecting to the VPN. That worked. I thought that would be a bit cumbersome to have to do every time I mouse clicked the VPN connection and looked for a method to do that in the netmanage gui.

Under the Routes button I put check marks in the two options. This also worked.

Hopefully for the community you will test this and mark the topic solved if it works for you. This way others having the same problem will have a quick easily found solution.

If it doesn't solve your problem, I'd gladly work with you to get it resolved. Like many issues I've had with Linux, you get less support when the issue is extremely simple. It might be this is the case why this issue is asked so many times on the Internet but never resolved definitively. The gurus probably thinks the user has already tested those two check marks.

Hope this helpped!

-- L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames

Hi Larry,

Thanks for your help on the VPN connectivity issue. Also thanks to you for looking into this issue thoroughly.

Now coming to the specific problem that I am facing, when I tried to connect again today, it didn't work for me. About clicking both the checkboxes, I had tried that already earlier.

But although it didn't work for me, that doesn't mean it will not work for other users. What you have suggested is most probably the right idea and correct thing to do.

I am of the strong feeling that there must be some server side issues for this typical problem that I am facing. Unfortunately it is not possible for me to continue checking this issue because we have already moved on to a new VPN setup, where this issue doesn't happen any longer on Ubuntu/ Kubuntu.

I would also like to add here that when I tried to connect to the same VPN (where the problem is happening on Ubuntu - for me) from either Mac or Win, it works normally. That means I had no issues in browsing the VPN and Public sites at the same time.

Thanks Larry again for your kind help and research on this issue.

Regards,
Arindom

Larry James 01-25-2012 04:25 AM

Quote:

Originally Posted by arindom (Post 4583695)
Hi Larry,

Thanks for your help on the VPN connectivity issue. Also thanks to you for looking into this issue thoroughly.

Now coming to the specific problem that I am facing, when I tried to connect again today, it didn't work for me. About clicking both the checkboxes, I had tried that already earlier.

But although it didn't work for me, that doesn't mean it will not work for other users. What you have suggested is most probably the right idea and correct thing to do.

I am of the strong feeling that there must be some server side issues for this typical problem that I am facing. Unfortunately it is not possible for me to continue checking this issue because we have already moved on to a new VPN setup, where this issue doesn't happen any longer on Ubuntu/ Kubuntu.

I would also like to add here that when I tried to connect to the same VPN (where the problem is happening on Ubuntu - for me) from either Mac or Win, it works normally. That means I had no issues in browsing the VPN and Public sites at the same time.

Thanks Larry again for your kind help and research on this issue.

Regards,
Arindom


You're welcome, Arindom. I don't blame you for not having the time to participate in test to get the Ubuntu repo version to work after all the time you most likely put into it in the past without any definitive support that worked, and having to find an alternate application.

You have done a great contribution to the community by coming back with updates and to verify that it still doesn't work in your environment. After publishing that it worked for the machine in question, I had tested it on a different machine in my network and that solution failed on the other machine, even when using the exact configuration files and rebooting.

I did, however continue to work with the problem and solution for that machine, of which I found something that is so far working with all the machines.

It appears that the problem lies in the GUI application of network-manager-pptp. I performed the connection using only command line and script commands and that is working on all the machines.

Again, I understand that you have moved on and may not have time to digress and apply more time and frustration in something that wouldn't work on your machine and didn't have support. But I'm updating the topic for anyone else that might stumble on this topic while trying to get VPN working with Ubuntu.

The resolution is to create/edit three files ( /etc/ppp/peers/myvpn, /etc/ppp/options.pptp, /etc/ppp/chap-secrets ).

/etc/ppp/peers/myvpn (you can name this file any unique name to represent the machine or the specific VPN network you want to work with):
Code:

# replace the bracket paramters with the host name of the VPN server and VPN user
remotename myvpn
linkname myvpn
ipparam myvpn
pty "pptp [vpn server] --nolaunchpppd "
name [username]
usepeerdns
require-mppe
refuse-eap
noauth

# adopt defaults from the pptp-linux package
file /etc/ppp/options.pptp

/etc/ppp/options.pptp:
Code:

lock
noauth
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate

/etc/ppp/chap-secrets:
Code:

# Secrets for authentication using CHAP
# client        server        secret                        IP addresses
username myvpn password *

Start the VPN connection with:
Code:

pon myvpn nodetach
End the VPN connection with “cntrl-C”.

The advantage of using the cli is that you can connect to multiple VPN servers at the same time (link with Windows). Using the network-manager-pptp GUI you can only connect to one VPN server at a time.

Again, Arindom, you've already done a great service to the community with your input on the thread. I'm the one that violated by typing in a dead thread where the OP had moved on. The board's software advised me of this in red letters before I updated the thread. But as far as I can see, currently this is the only hope for the Ubuntu community with a thread that actually answers that reoccurring question. I, like you and possibly many others, couldn't find anything else that worked.

-- L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames

arindom 01-26-2012 01:28 AM

Thanks Larry for helping us all with the new steps. I am sure going to try this on weekend and will update you about the result.

About :

Quote:

Originally Posted by Larry James (Post 4583872)
Again, Arindom, you've already done a great service to the community with your input on the thread. I'm the one that violated by typing in a dead thread where the OP had moved on. The board's software advised me of this in red letters before I updated the thread. But as far as I can see, currently this is the only hope for the Ubuntu community with a thread that actually answers that reoccurring question. I, like you and possibly many others, couldn't find anything else that worked.

I feel I'm lucky enough because you chose this thread to share your valuable findings here because there are probably many discussion over the net on this issue. Although I had to move on because I couldn't have afforded continued testing on this issue because it was my work related also honestly speaking I had not much idea to go to the deep level where you have already reached.

So thanks to you, I came to know more about the issue and I am looking forward to see a final solution to it.

Thanks,
Arindom

Larry James 01-26-2012 05:11 AM

Quote:

Originally Posted by arindom (Post 4584716)
Thanks Larry for helping us all with the new steps. I am sure going to try this on weekend and will update you about the result.

About :



I feel I'm lucky enough because you chose this thread to share your valuable findings here because there are probably many discussion over the net on this issue. Although I had to move on because I couldn't have afforded continued testing on this issue because it was my work related also honestly speaking I had not much idea to go to the deep level where you have already reached.

So thanks to you, I came to know more about the issue and I am looking forward to see a final solution to it.

Thanks,
Arindom

Thanks for offering closure and a possible [Solved] to this thread.

By the way, there is one step that must be included to allow complete browsing of the VPN network. It's the routing command:

Code:

sudo route add -net 192.168.23.0/24 ppp0
The solution is spanned across three messages. Look at the solution consolidated in one message at:
http://faq.apollo3.com/ljames/ubuntu/vpn/

Currently the link is crude, but I'll update and finetune the link ensure the completeness and ease of following.

Of course, I'm sure this thread is also complete and will consistently work.

Again, as I mentioned before, the solution appears to be very easy and straight forward, that might be why the gurus never respond to the many reocurring question. But none of the configurations that I've seen anywhere else has worked every time on all of my computers. Also, all of them destroys my normal routing table and when the connection is cancelled my normal routing table remains corrupted. None of the problems happen with the command line (cli) solution.

-- L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames

Larry James 01-26-2012 11:03 AM

Hi, Arindom. You might notice by the link I mentioned above that I eliminated the need to type in the "route" command and leave the "pon" terminal opened with the "nodetach" parameter. This way it can easily be called and linked at bootup.

At present I believe I have everything covered.

Looking forward to your test and feedback!

-- L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames


All times are GMT -5. The time now is 03:54 AM.