LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-28-2016, 02:38 AM   #1
hally8000
LQ Newbie
 
Registered: Mar 2016
Posts: 6

Rep: Reputation: Disabled
VPN PPTP load on start and route all traffic DEBIAN 8


Need some serious help for a very urgent situation involving PPTP protocol VPN in Debian 8 Jessie stable.
I recently became a paid VPN subscriber.
Using PPTP;
Is there a way to automatically route all traffic through ppp0? Im getting the vpn service killed (ip address goes back to normal unmasked state) whenever there is a power outage (modem reset) and there are alot of those where I live, Im going to get astabilizer and I need a software solution for the situation as well. Theres gotta be a way to route all traffic through the VPN route ppp0 . I tried adding persist and maxfail 0 to the pptp config file but it did not do what i wanted.
Heres my peer configuration file :

pty "pptp blabla.net --nolaunchpppd"
name blablabla
password blablabla
remotename PPTP
file /etc/ppp/options.pptp
require-mppe-128
refuse-eap noauth
persist
maxfail 0

On a second note, its clear to add that I basically need a way to also auto load the line
pppd call blabla.net
and
route add default dev ppp0
on system startup by default so the computer does not use "Wired" connection ^at all^ when not through ppp0. Any other suggestion in the idea of not losing VPN anonymity ever due to hardware malfunction is greatly appreciated.

Is there a way to do this? Ive looked on the net and everything seems like its either from the nineties or can fry my pc , Im no debian expert, less than a year at linux

Any suggestions? Need it to use wired only if ppp0 is being used so if its no vpn, no connection at all period,



heres some more data

root@debian:/home/blabla# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default * 0.0.0.0 U 0 0 0 ppp0
default bla.bla.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.0.0.0 U 0 0 0 ppp0
eb02.ebhost9.co bla.bla.0.1 255.255.255.255 UGH 0 0 0 eth0
pool-100-1-2-2. * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0

maybe it helps also ifconfig
root@debian:/home/# ifconfig
eth0 Link encap:Ethernet HWaddr bc:5f:f4:15:94:ae
inet addr:192.168.0.6 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:38813 errors:0 dropped:0 overruns:0 frame:0
TX packets:39960 errors:0 dropped:0 overruns:0 carrier:5
collisions:0 txqueuelen:1000
RX bytes:27993054 (26.6 MiB) TX bytes:6884048 (6.5 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4743 (4.6 KiB) TX bytes:4743 (4.6 KiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr: bla.bla.bla.bla P-t-P:100.1.2.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1
RX packets:31563 errors:0 dropped:0 overruns:0 frame:0
TX packets:30233 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3root@debian:/home/blabla# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default * 0.0.0.0 U 0 0 0 ppp0
default bla.bla.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.0.0.0 U 0 0 0 ppp0
eb02.ebhost9.co bla.bla.0.1 255.255.255.255 UGH 0 0 0 eth0
pool-100-1-2-2. * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0

maybe it helps also ifconfig
root@debian:/home/# ifconfig
eth0 Link encap:Ethernet HWaddr bc:5f:f4:15:94:ae
inet addr:192.168.0.6 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:38813 errors:0 dropped:0 overruns:0 frame:0
TX packets:39960 errors:0 dropped:0 overruns:0 carrier:5
collisions:0 txqueuelen:1000
RX bytes:27993054 (26.6 MiB) TX bytes:6884048 (6.5 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4743 (4.6 KiB) TX bytes:4743 (4.6 KiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr: bla.bla.bla.bla P-t-P:100.1.2.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1
RX packets:31563 errors:0 dropped:0 overruns:0 frame:0
TX packets:30233 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:22408627 (21.3 MiB) TX bytes:4464043 (4.2 MiB)
RX bytes:22408627 (21.3 MiB) TX bytes:4464043 (4.2 MiB)
 
Old 03-28-2016, 02:58 AM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,870

Rep: Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152
Sorry to diverge a little. If, I was in this situation, and assuming VPN connectivity (for secure communication) is all I was wanting, I think I'd be wanting to handle this VPN connectivity via a router eg using DD-WRT. Just an idea...

https://www.dd-wrt.com/wiki/index.ph...PTP_VPN_Client
http://www.instructables.com/id/Conf...uter-for-Priv/
 
1 members found this post helpful.
Old 03-28-2016, 06:46 PM   #3
hally8000
LQ Newbie
 
Registered: Mar 2016
Posts: 6

Original Poster
Rep: Reputation: Disabled
thx however its not feasable

Quote:
Originally Posted by ferrari View Post
Sorry to diverge a little. If, I was in this situation, and assuming VPN connectivity (for secure communication) is all I was wanting, I think I'd be wanting to handle this VPN connectivity via a router eg using DD-WRT. Just an idea...

https://www.dd-wrt.com/wiki/index.ph...PTP_VPN_Client
http://www.instructables.com/id/Conf...uter-for-Priv/
===============================================

thanks for the help however this is just not feasable for my situation for various factors. and think about it, why use an external router when all it takes to do this is a couple commands in the terminal or editing some configuration file. then think about it when I have the proper configuration software-wise what am I going to do with the unnessesary peripheral?thx though
 
Old 03-28-2016, 06:59 PM   #4
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,943

Rep: Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542
You can put startup stuff in a script in /etc/init.d. Everything there is run at startup.
 
1 members found this post helpful.
Old 03-28-2016, 06:59 PM   #5
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,870

Rep: Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152
The router approach has the advantage that any device connecting to it will be protected by the VPN (not always possible using mobile devices for example). Anyway, I have seen script solutions online that test for VPN connectivity and retsart the VPN service whenever it is dropped for some reason. Good luck with finding a solution that works for you.
 
1 members found this post helpful.
Old 03-28-2016, 07:22 PM   #6
hally8000
LQ Newbie
 
Registered: Mar 2016
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ferrari View Post
The router approach has the advantage that any device connecting to it will be protected by the VPN (not always possible using mobile devices for example). Anyway, I have seen script solutions online that test for VPN connectivity and retsart the VPN service whenever it is dropped for some reason. Good luck with finding a solution that works for you.
some script solutions would be great
thanks for expanding my mind though cause i didnt know about the router approach too bad its not it for me
 
Old 03-28-2016, 07:40 PM   #7
hally8000
LQ Newbie
 
Registered: Mar 2016
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sgosnell View Post
You can put startup stuff in a script in /etc/init.d. Everything there is run at startup.
ill try to make a script for that folder and see if it works. thanks.



any info on only using wired with vpn ppp0 is greatly appreciated
 
Old 03-28-2016, 07:49 PM   #8
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,870

Rep: Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152
Check these links out...

http://www.jamescoyle.net/how-to/968...ux-pptp-client

Since Debian 8 is using systemd by default, you may want to investigate creating a custom service to get the PPTP tunnel started after the network is up. It's not as hard as it might appear, but you will want to do some reading first

https://wiki.archlinux.org/index.php...ing_unit_files
https://wiki.debian.org/systemd
 
Old 03-28-2016, 09:16 PM   #9
hally8000
LQ Newbie
 
Registered: Mar 2016
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sgosnell View Post
You can put startup stuff in a script in /etc/init.d. Everything there is run at startup.
I added a script called vpnonstartup to that folder. It just does not load on startup:

/etc/init.d/vpnonstartup:

#! /bin/sh -e

pppd call blabla.net && route add default dev ppp0



i tried downloading rcconf from apt-get as per http://www.debianadmin.com/manage-li...p-scripts.html

the thing just doesnt work.
the /var/lib/rcconf/services file doesnt even exist.



How you make debian run the things in init.d ?

That would very much take care of the first half of the problem. However the second half, the dont use wired unless vpn, is still up in the air completely. The suggestion to use a cron job to ping every minute just wont do it for me bc im using a lot of cron jobs and dont want to clog that up besides , theres gotta be the real way to do it that just doesnt use the wired at all unless its ppp0.

Thanks a lot for your insight.
 
Old 03-28-2016, 09:19 PM   #10
hally8000
LQ Newbie
 
Registered: Mar 2016
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ferrari View Post
Check these links out...

http://www.jamescoyle.net/how-to/968...ux-pptp-client

Since Debian 8 is using systemd by default, you may want to investigate creating a custom service to get the PPTP tunnel started after the network is up. It's not as hard as it might appear, but you will want to do some reading first

https://wiki.archlinux.org/index.php...ing_unit_files
https://wiki.debian.org/systemd


Thanks a lot however the ping approach from
http://www.jamescoyle.net/how-to/968...ux-pptp-client is just too risky for me, im not allowing the possibility of "it was not up, lets restart it" because in that half a minute there would definately be a leak of my real address

going to check out other links thankx
 
Old 03-28-2016, 11:47 PM   #11
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian Stable and Unstable
Posts: 1,943

Rep: Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542
Make the script executable.

Take a look at /etc/init.d/skeleton. It's an example file for what should be in an init script.

Last edited by sgosnell; 03-28-2016 at 11:52 PM.
 
Old 03-29-2016, 01:37 AM   #12
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,870

Rep: Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152Reputation: 1152
Just so people are informed - here's an article describing a security flaw relating to WebRTC (browser vulnerability) and why running VPN connectivity via the router is considered a superior option...

http://lifehacker.com/how-to-see-if-...and-1685180082

Quote:
The Better Way: Configure Your VPN on Your Router

Update: We've been talking to a number of people in the security community about this issue, and after those conversations, we're not confident that configuring your VPN at the router level is any more effective (or rather, terribly effective at all) than blocking WebRTC at the browser. While we still recommend setting up your VPN at the router level for a number of reasons (outlined below), as far as this issue is concerned, right now, we'd suggest that you use one of the browser add-ons mentioned above while we all conduct more research into the root cause—and surefire remediation for it.

If you want a more surefire way to protect yourself beyond installing add-ons and making tweaks to your browser every time you install or update, there is a more permanent method. Run your VPN at your router instead of on your computer directly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I route traffic through my existing VPN? 123user Linux - Networking 6 02-24-2016 04:17 PM
Bad route with PPTP VPN through Network Manager dchicks Linux - Networking 3 07-31-2013 01:01 PM
raspberry PI as gateway to route VPN traffic depam Linux - Software 2 06-22-2013 06:13 AM
Win7 PPTP vpn client cannot send traffic to PPTPD server cyberzed Linux - Newbie 0 06-26-2012 03:26 PM
[SOLVED] No Internet traffic through the PPTP VPN connection tghasemi Linux - Server 2 05-21-2012 10:40 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration