Linux VPN hairpuller
March 7, 2013 12:37 PM   Subscribe

Please help me figure out how to get my VPN to work with Linux - it claims to, but I can't make it.

I use proXPN, which claims to work with PPTP VPN, but so far I have not been able to establish a connection.

Can someone provide me with examples of how these two forms should be completed when setting up the VPN connection?

VPN 1
VPN 2

I suspect there's something obvious that I'm missing, but I can't find any helpful documentation.
posted by ryanshepard to Computers & Internet (27 answers total) 1 user marked this as a favorite
 
I use openconnect (which relies on vpnc) with Ubuntu 12.10. I never got that Ubuntu UI to work, either.

I am connecting to a Cisco VPN and it works just ducky. I can provide more detail when I get home from work if you're interested.

How are you with the command line? I assume you're OK with it since you're running Linux!
posted by Currer Belfry at 12:50 PM on March 7, 2013


With my VPN, I have to check the "Enable MPPE" option in the "Advanced" dialog, or it fails to connect and doesn't provide any useful diagnostic information. Play around with the advanced options.
posted by qxntpqbbbqxl at 1:05 PM on March 7, 2013


Response by poster: How are you with the command line? I assume you're OK with it since you're running Linux!

OK, though I'd prefer a GUI - at this point I'm willing to do whatever works.

With my VPN, I have to check the "Enable MPPE" option in the "Advanced" dialog, or it fails to connect and doesn't provide any useful diagnostic information. Play around with the advanced options.

This doesn't make any any difference, unfortunately.
posted by ryanshepard at 1:28 PM on March 7, 2013


I set up a free proXPN account, and then I tried to connect with openconnect, kVPNC, and the default Ubuntu VPN GUI. No joy.

I assume you have a free account. Might be worth an upgrade (even just a temporary one) to get some support on the issue. That knowledgebase article is pretty sparse - it doesn't even mention that neither of the programs they mention is actually an executable.
posted by Currer Belfry at 2:57 PM on March 7, 2013


PPTP VPN is available on proXPN Premium accounts. While proXPN does not provide a linux client, it is possible to use your proXPN account on linux. Most linux distros have a PPTP VPN client package.


If you are not using Ubuntu or Fedora then here is a PPTP Client was known as pptp-linux, http://pptpclient.sourceforge.net/

(PPTP hostnames listed below)

For Ubuntu or Fedora, you can use the instructions below - The following focuses on Ubuntu or Fedora:

So fire up a terminal in your linux desktop and run the following from the command line:

Ubuntu:

sudo apt-get install pptp-linux network-manager-pptp

For Fedora, use these commands instead:

rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm

yum --enablerepo=pptp-stable install pptpconfig

Here is a complete list of PPTP VPN hostnames (locations) for proXPN,

PPTP locations for Premium proXPN accounts are:
* Los Angeles: pptp-la1.proxpn.com
* Miami: pptp.proxpn.com
* New York: pptp-ny1a.proxpn.com
* Seattle: pptp-se1.proxpn.com
* Netherlands: pptp-nl1.proxpn.com
* UK: pptp-uk1.proxpn.com
* Singapore: pptp-sg1.proxpn.com

If any of these don't work for you as a Premium account holder, please contact support
posted by snuffleupagus at 3:42 PM on March 7, 2013 [1 favorite]


Pro or Basic account? Is there any reason you prefer PPTP over an OpenVPN client? Given a choice I would use OpenVPN over PPTP any day of the week. I still don't know the GUI configuration magic for OpenVPN but the CLI usage is a simple single command. This might help for trying to configure PPTP from the CLI configure linux pptp client.
posted by zengargoyle at 4:02 PM on March 7, 2013


Best answer: As a side, PPTP is completly broken. Use OpenVPN if at all possible.
posted by devnull at 12:40 AM on March 8, 2013


Response by poster: I assume you have a free account.

Sorry - I should have specified that I have a pro account.

Is there any reason you prefer PPTP over an OpenVPN client?

No - I'm happy to use either.
posted by ryanshepard at 8:04 AM on March 8, 2013


Any error messages/logs?

Also, do you run a firewall on that machine? Block outgoing ports?
posted by banshee at 9:38 AM on March 8, 2013


Best answer: Well, aside from being a total PITA testing with a free account and googling up the required bits of information (maybe the premium account has better knowledge base access)... OpenVPN does work pretty much as expected. I would hope that your premium account would provide some way to download the relatively simple config file for OpenVPN and that there are NetworkManager plugins for configuration and such. I did it the hard way...

Download and unpack (install using Wine) the Windows client just to find the OpenVPN config files. 

/home/zg/.wine/drive_c/Program Files/proXPN/config
├── ProXPN.ovpn
└── ssl
    ├── ca.crt
    ├── client.crt
    └── client.key
The ProXPN.ovpn config file points to the ssl/foo.bar SSL certificate files which is a pain, there is a way to embed those SSL files directly into the config file, but for now it's too much trouble and I'll just start the OpenVPN tunnel from the config directory so that the files can be found using their relative paths. 

sudo openvpn --config ProXPN.ovpn --remote miami.proxpn.com 443 --route-nopull
The `--rout-nopull` is just to keep this tunnel from mucking up my other VPN. The `--remote` is a guess that works, as a premium user you probably have a list of servers that you can connect to. 

Fri Mar  8 11:53:42 2013 us=297872 Current Parameter Settings:
Fri Mar  8 11:53:42 2013 us=298064   config = 'ProXPN.ovpn'
Fri Mar  8 11:53:42 2013 us=298147   mode = 0
Fri Mar  8 11:53:42 2013 us=298193   persist_config = DISABLED
...
Enter Auth Username:MYEMAIL@gmail.com
Enter Auth Password:MYPASSWORD
...
Fri Mar  8 11:53:56 2013 us=875924 TUN/TAP device tun1 opened
Fri Mar  8 11:53:56 2013 us=875951 TUN/TAP TX queue length set to 100
Fri Mar  8 11:53:56 2013 us=875969 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Mar  8 11:53:56 2013 us=875999 /sbin/ifconfig tun1 173.0.10.154 netmask 255.255.255.0 mtu 1500 broadcast 173.0.10.255
Fri Mar  8 11:53:56 2013 us=896665 Initialization Sequence Completed
And voila I have a `tun1` device because I already have a `tun0` device in use... and no routes because I didn't want any.

# ifconfig tun1
tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:173.0.10.154  P-t-P:173.0.10.154  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
...

# route -n | fgrep tun1
173.0.10.0      0.0.0.0         255.255.255.0   U     0      0        0 tun1
Normally it would have added a `0.0.0.0` default route through the tunnel.

I hope their premium account gives you an option to grab an OpenVPN config file somehow, and I would guess that the NetworkManager OpenVPN plugin makes things as simple as pointing to the config and giving a hostname. But even if they don't it's really not that hard to get OpenVPN to connect, basically just: openvpn --config aConfigfile.ovpn --remote aServer aPort

I have an OpenVPN server at $WORK and split my routing so that $WORK and some RFC private spaces go through the tunnel and the rest go through my ISP and never bothered with NetworkManager stuff. I just manually start the VPN after reboot and it keeps chugging along until my ISP changes my DHCP lease or I reboot for some reason.
posted by zengargoyle at 12:35 PM on March 8, 2013 [1 favorite]


Best answer: Here's a proxpn.ovpn with embedded SSL stuff and a list of the servers nicked from the downloadable source code for the MacOSX client.

I'd use it in a script to be run as root/sudo that goes something like: 

#!/bin/bash
openvpn --config ${PATH_TO_CONFIG} --writepid /var/run/openvpn-proxpn.pid --daemon openvpn-proxpn
That roughly mimics the way I use my normal VPN. Check the config and activate your desired remote server. You could also comment out the one active `remote` configuration line and pass it as a command line argument `--remote SERVER PORT`. Terminate the VPN by `kill $(cat /var/run/openvpn-proxpn.pid)`.

And/or hopefully that config (maybe with the remote commented out) will drop in to the NetworkManager GUI somehow.
posted by zengargoyle at 1:54 PM on March 8, 2013


Response by poster: Marking zengargoyle's as "best answer" just for the effort - it's much appreciated. I will test this tonight and report back.
posted by ryanshepard at 2:00 PM on March 8, 2013


Response by poster: I've done my best to follow zengargoye's instructions, but they're above my technical level, it looks like. Still unable to establish a connection - I guess the next step is to look for a reliable VPN that provides more straightforward support for Linux.
posted by ryanshepard at 6:05 PM on March 8, 2013


Best answer: I hate Ubuntu with a passion nowadays. FWIW I tried on my Ubuntu 12.04 box (shhh, don't tell on me. It's a relic from when I was afraid Debian would be a PITA for various media formats.). I installed network-manager-openvpn, network-manager-openvpn-gnome, openvpn packages and carefully configured a new OpenVPN connection matching the options in the aforementioned proxpn.ovpn config file. Started it up, it churned, it popped up a successful connection message, the routes looked good, but it completely failed to actually pass any traffic. Go Figure. Did I mention I hate NetworkManager even more than Ubuntu in general...

Anyway, get this... manually starting OpenVPN with the aforementioned proxpn.ovpn config file worked perfectly. Minus the obnoxious initial web page capture to try and force an up-sell to a premium account before letting me continue to my destination.

Moral of the story, it's probably Ubuntu/NetworkManager just being broken. And you may not have any better luck with other VPN providers.

Which part of starting openvpn manually is above your technical level? I can probably be more specific about things I didn't bring up before like making sure you actually have the openvpn client installed... or knowing how to use sudo.
posted by zengargoyle at 8:10 PM on March 8, 2013


zengargoyle (and ryanshepard), when you were testing did you try to directly import the .ovpn file to Network-Manager? I also found this regarding network-manager under 12.04 connecting the VPN but failing to pass traffic, with this solution:
I had probably the same problem. I found different 2 solutions searching the web.
Go to IPv4 setting->Routes and check the "Use this connection only..." . [This did not work for me]
The other is to specify a DNS: Go to IPv4, change the Method to "Automatic (VPN) addresses only" , and specify a DNS (for example Google's 8.8.8.8) [Worked for me]

Anyway, I'd probably give goopenvpn a shot if you want a gui VPN connection manager and network-manager won't cooperate.
posted by snuffleupagus at 9:21 AM on March 9, 2013


Best answer: No luck with the two NetworkManager tweaks, but I had already tried the pinging tunnel gateway and trying direct IP connections in a browser. There's no longer an 'import' option in the NetworkManager setup (I had seen that in a screenshot somewhere and was hoping to use it, now NetworkManager has the required settings and a popup-tooltip that references the config file commands so I went through and checked each one against the working config).

Tried gadmin-openvpn-client, but it only works with configs that have a user-specific set of certificates which proxpn doesn't seem to use. goopenvpn might work as a wrapper around starting the tunnel manually, but there's not a package for it in Ubuntu (and the one listed on the web page is from 9.04 days, bad mojo it would be to try and get old GNOME system tray type stuff to work with Ubuntu's Unity crap, especially the stuff they did with system tray type things).

And yes, after pulling gopenvpn from their git repository, installing a bunch of *-dev dependencies, building and running... no systray icon because Ubuntu/Unity don't do that anymore. Did I mention my hatred of Ubuntu/Unity lately? :(
posted by zengargoyle at 11:18 AM on March 9, 2013


Response by poster: I'm a Linux novice, and not seeing an Open VPN client for any version more recent than 10 that I can download (I'm running 12.04) - does this make a difference?

This is the point where I should probably admit that I'm in over my head generally w/Linux, but I'm trying to learn by doing.
posted by ryanshepard at 12:02 PM on March 9, 2013


Best answer: OpenVPN is now in the regular Ubuntu repositories, you can install it through the Software Center thingy or from a Terminal using apt-get.

Open a Terminal (hit the Window key or whatever you normally do to bring up that searchy thing and you should be able to find the Terminal application). You'll have a Terminal with a prompt that looks something like: 

zengargoyle@zim:~$
You probably have automatic updates and such enabled so you should be able to just install packages without updating, but it's a decent idea to get into the habit of doing an update before installing stuff so... 

zengargoyle@zim:~$ sudo apt-get update
[sudo] password for zengargoyle:
`sudo` is the program that gives you super powers to do things that normally only the 'root' user can do. It will ask you for your password, then it will spew a bunch of stuff. 

Ign http://us.archive.ubuntu.com precise InRelease
Ign http://us.archive.ubuntu.com precise-updates InRelease
Ign http://us.archive.ubuntu.com precise-backports InRelease
Ign http://security.ubuntu.com precise-security InRelease
Hit http://us.archive.ubuntu.com precise Release.gpg
Get:1 http://security.ubuntu.com precise-security Release.gpg [198 B]
Ign http://extras.ubuntu.com precise InRelease                                 
Get:2 http://us.archive.ubuntu.com precise-updates Release.gpg [198 B]
...
Hit http://us.archive.ubuntu.com precise-backports/restricted Translation-en   
Hit http://us.archive.ubuntu.com precise-backports/universe Translation-en     
Fetched 2,984 kB in 13s (225 kB/s)                                             
Reading package lists... Done
zengargoyle@zim:~$
Now you can install the `openvpn` package. 

zengargoyle@zim:~$ sudo apt-get install openvpn
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  openvpn
0 upgraded, 1 newly installed, 0 to remove and 83 not upgraded.
Need to get 0 B/445 kB of archives.
After this operation, 1,058 kB of additional disk space will be used.
...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
zengargoyle@zim:~$
It may need to install some additional things and may ask you a '(Y/n)' question, mostly just answer yes.

Now fetch the OpenVPN config for testing. 

zengargoyle@zim:~$ wget jklmnop.net/metafilter/proxpn.ovpn
--2013-03-09 13:49:48--  http://jklmnop.net/metafilter/proxpn.ovpn
Resolving jklmnop.net (jklmnop.net)... 69.163.177.181, 2607:f298:1:107::e0e:b403
Connecting to jklmnop.net (jklmnop.net)|69.163.177.181|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8201 (8.0K) [text/plain]
Saving to: `proxpn.ovpn.1'

100%[======================================>] 8,201       --.-K/s   in 0.03s   

2013-03-09 13:49:48 (317 KB/s) - `proxpn.ovpn.1' saved [8201/8201]

zengargoyle@zim:~$
I think Ubuntu installs `wget` by default, but if it doesn't you just have to do the `sudo apt-get install wget` thing to install it.

Now the moment of truth, attempt to start OpenVPN by hand. Have your username/password handy. 

zengargoyle@zim:~$ sudo openvpn --config proxpn.ovpn
Sat Mar  9 13:50:18 2013 us=266192 Current Parameter Settings:
Sat Mar  9 13:50:18 2013 us=266266   config = 'proxpn.ovpn'
Sat Mar  9 13:50:18 2013 us=266284   mode = 0
Sat Mar  9 13:50:18 2013 us=266299   persist_config = DISABLED
Sat Mar  9 13:50:18 2013 us=266314   persist_mode = 1
Sat Mar  9 13:50:18 2013 us=266341 NOTE: --mute triggered...
Sat Mar  9 13:50:18 2013 us=266371 268 variation(s) on previous 5 message(s) suppressed by --mute
Sat Mar  9 13:50:18 2013 us=266388 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
Enter Auth Username:YOUR_USERNAME_GOES_HERE
Enter Auth Password:YOUR_PASSWORD
And it should continue and spew lots of stuff and hopefully it just seems to stop with a success message (but it doen't get you back to a prompt or anything). 

...
Sat Mar  9 13:50:40 2013 us=267295 TUN/TAP device tun0 opened
Sat Mar  9 13:50:40 2013 us=267328 TUN/TAP TX queue length set to 100
Sat Mar  9 13:50:40 2013 us=267352 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Mar  9 13:50:40 2013 us=267393 /sbin/ifconfig tun0 173.0.4.212 netmask 255.255.255.0 mtu 1500 broadcast 173.0.4.255
Sat Mar  9 13:50:40 2013 us=273108 /sbin/route add -net 173.0.14.249 netmask 255.255.255.255 gw 192.168.1.254
Sat Mar  9 13:50:40 2013 us=275439 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Sat Mar  9 13:50:40 2013 us=276692 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 173.0.4.1
Sat Mar  9 13:50:40 2013 us=277846 Initialization Sequence Completed
Now open firefox or whatever and browse around and find a "show me my ip" page somewhere. You should be all VPN'd.

To stop the VPN, just go back to the Terminal where you started it and hit 'Ctrl-c' and it should terminate and clean itself up leaving you network config back the way it was. 

^CSat Mar  9 13:53:28 2013 us=588160 event_wait : Interrupted system call (code=4)
Sat Mar  9 13:53:28 2013 us=588611 TCP/UDP: Closing socket
Sat Mar  9 13:53:28 2013 us=588680 /sbin/route del -net 173.0.14.249 netmask 255.255.255.255
Sat Mar  9 13:53:28 2013 us=590410 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Sat Mar  9 13:53:28 2013 us=591523 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.1.254
Sat Mar  9 13:53:28 2013 us=592583 Closing TUN/TAP interface
Sat Mar  9 13:53:28 2013 us=592619 /sbin/ifconfig tun0 0.0.0.0
Sat Mar  9 13:53:28 2013 us=630482 SIGINT[hard,] received, process exiting
zengargoyle@zim:~$
If you have errors starting the openvpn, double check your username/password of course, but you may need to change the remote server (I'm using miami.proxpn.com in the config, but that may be just for the free accounts...) Just use your favorite editor like say `gedit` is a handy one (if it's not already installed, do the `sudo apt-get install gedit` thing to install it). Edit the 'proxpn.ovpn' file and you'll see a long list of possible remote settings: 

zengargoyle@zim:~$ gedit proxpn.ovpn
...

...
reneg-sec 0

remote miami.proxpn.com 443 
#remote m1.proxpn.com 443
#remote m1.proxpn.org 443
#remote m1.secureconnect1.com 443
#remote m1.proxpn.com 8080
#remote m1.proxpn.org 8080
#remote m1.proxpn.com 80
...
Just comment out the miami line and uncomment some other remote, save the file and try again. Or you can comment out all of the remote lines and instead pass them in on the command line. 

zengargoyle@zim:~$ sudo openvpn --config proxpn.ovpn --remote miami.proxpn.com 443
So, see if you can get openvpn to start from the Terminal (with liberal use of `sudo`) and if this works for your premium account then the starting/stopping part can be at least wrapped up into a desktop like file that you just click on, or a script that you can just pop up the Run Command box of some sort and type `proxpn start` or something to turn it on and off.
posted by zengargoyle at 2:30 PM on March 9, 2013


Best answer: Oh, a note... It's still possible that the premium account uses different configuration information than the free account and that this config file just won't work for you. I can't really be much help there.
posted by zengargoyle at 2:33 PM on March 9, 2013


Response by poster: zengargoyle: Following your directions @5:30, I am able to get through to the "Initialization Sequence Completed" step, and can do this using several of the servers that are available to pro members!

I'm getting a DNS lookup error when I try to open any pages once the connection has been established, though - and this does not happen when connecting to any of the same servers using proXPN's Windows client. Any idea as to what might be happening?

Thanks very much for your patience and willingness to go into detail - your comments above are the single most helpful answers I've received to an AskMe in my twelve years here.
posted by ryanshepard at 7:20 PM on March 9, 2013


Best answer: DNS configuration has gotten a bit complicated over the years to make things supposedly easier for the user. In the past you would just edit '/etc/resolv.conf' and put in your nameservers and search paths. Now that file is auto-generated by a bunch of scripts and has a big warning 'DO NOT EDIT', and you're supposed to update it by creating a new file and passing it to a special `resolvconf` program that is also called by things like NetworkManager and your DHCP client. This is all so that if you're using Wi-Fi you get the Wi-Fi provided DNS, if you were using the NetworkManager's OpenVPN plugin (if it worked) you would get the VPN's DNS servers.

With 12.04, Ubuntu did a decent thing in a craptacular way, they added a `dnsmasq` caching DNS server that's controlled only by NetworkManager, and that then sets your '/etc/resolv.conf' file to point to 127.0.0.1 so that programs talk to dnsmasq which talks to the DNS server that NetworkManager has configured, and there's no easy way around it. Have I mentioned how much I hate Ubuntu/NetworkManager? Ubuntu doesn't use the option that would let dnsmasq get the *real* DNS server from a file so that you could change it yourself, and in the past they didn't even allow dnsmasq to pick up changes you made to your '/etc/hosts' file without restarting NetworkManager (they finally fixed that part).

Anyway, since my DNS kept working after starting openvpn, I'm guessing that maybe you are configured to use your ISP's DNS server, and that server is not proxied through your DSL/CableModem/etc. So when the tunnel comes up your DNS traffic is routed through the tunnel and your ISP's DNS isn't configured to allow queries from outside their network.

What should work is just not using your ISP's DNS server in the first place. Try this...

With the VPN deactivated, go to your network settings for your regular network. You're probably using DHCP. In the IPv4 Settings section you can choose a Method. You probably have ' Automatic (DHCP)' selected. Change that to 'Automatic (DHCP) addresses only', then down in the 'DNS Servers' field put '8.8.8.8, 4.2.2.1' (without the quotes, just the IPs separated by a comma). Save your changes, your NetworkManager icon will probably flash and tell you the network changed. This just changes your default DNS nameserver from whatever one you get from your ISP to one of Google's DNS servers. Unless your ISP is a cruel bastard and prevents you from using another DNS server this should work just fine.

Now, hopefully when you start the OpenVPN tunnel, your DNS lookups will go to google through the tunnel just fine. (in fact, proxpn actually sends these two DNS servers in the connection chat, if we were using a real proper openvpn setup method NetworkManager would pick up these servers and make the changes itself).

You can check by doing something like this in a Terminal. 

zengargoyle@zim:~$ cat /var/run/nm-dns-dnsmasq.conf 
server=8.8.8.8
server=4.2.2.1

zengargoyle@zim:~$ ps auxw | fgrep dnsmasq
nobody   26133  0.0  0.0  33020  1440 ?        S    20:56   0:00 /usr/sbin/dnsmasq.bin 
--no-resolv --keep-in-foreground --bind-interfaces --pid-file=/var/run/sendsigs.omit.d
/network-manager.dnsmasq.pid --listen-address=127.0.0.1 --conf-file=/var/run/nm-
dns-dnsmasq.conf --cache-size=0 --proxy-dnssec
Notice how dnsmasq has a start time 20:56 which was just a few minutes ago, and the servers are changed.

If DNS works after these changes, try the openvpn again and see if that fixes the lookup problems. If not, you can always just set it back to 'Automatic (DHCP)'.

If you didn't try browsing by IP to make sure the tunnel worked even though DNS was broken, you can always try http://192.0.43.10/ which is http://example.com/ and is not a virtual host (so you can get to it just by the IP without needing the hostname).
posted by zengargoyle at 9:09 PM on March 9, 2013 [1 favorite]


Response by poster: That looks to have done the trick - thank you, thank you, thank you, zengargoyle. Your know-how and helpfulness on this are much appreciated.
posted by ryanshepard at 7:55 PM on March 10, 2013


Best answer: Yay! I might whip up a simple '/usr/bin/proxpn' script later this week just to complete a 'ProXPN on Linux the Hard Way' package to put up somewhere since this wasn't as easily google solved as it should be. If anybody knows an easy Bash script-able way to do the Unity type applets for the menubar...
posted by zengargoyle at 6:52 AM on March 11, 2013


That was excellent work, zengargoyle. The least I could do was google up some info on using Bash to modify the Unity toolbar.
posted by snuffleupagus at 6:57 AM on March 11, 2013


Also:

http://ubuntutechnical.wordpress.com/2011/12/02/calling-shell-script-from-unity-launcher/

How can I add a bash script to the Unity launcher? [duplicate]

Also, IIRC, if you really hate dnsmasq and aren't using wifi (like, on a server) then comment out the

dns=dnsmasq

declaration in /etc/NetworkManager/NetworkManager.conf, and then restart network-manager. It should pick up whatever is in resolv.conf, as encapsulated here.
posted by snuffleupagus at 7:06 AM on March 11, 2013


snuffleupagus, thanks but I was looking more for something that went in the top menu area with the clock and current network manager that would say display an icon and a drop-down menu that I could configure with start/stop items that would then run a specific command. I think Ubuntu decided they weren't going to let anybody put anything there unless it was all Unity-ified.

I don't really hate dnsmasq, I actually have a couple extra instances of dnsmasq running to do fancy things (DNS hijacking, PXE booting) for the KVM machines running on that box. I just don't like that Ubuntu uses theirs in such an uneasy to modify way, at least they did fix the 'ignore the hosts file' thing so it's not completely broken.
posted by zengargoyle at 7:33 PM on March 15, 2013


ryanshepard, I haven't found a simple 'click the button' solution but I did dig into the generic Debian (and hopefully Ubuntu as well) network configuration and now it's as simple as: 

sudo ifup proxpn
to bring up the vpn. And a similar `sudo ifdown proxpn` to turn it off again.

You should have a `/etc/openvpn` directory from installing the openvpn package, copy the config file to there and change the extension to `.conf` 

sudo cp proxpn.ovpn /etc/openvpn/proxpn.conf
Edit that new copy and find the line that says `dev tun` and change that to `dev proxpn`, and add a line that says `dev-type tun`. We're basically changing it from a device named 'tun' that implies a device type of 'tun' to a device named 'proxpn' and explicitly specifying that it's a device type of 'tun'. 

sudo gedit /etc/openvpn/proxpn.conf
...
dev proxpn
dev-type tun
...
Now we just need to tell the system about this new interface. Edit `/etc/network/interfaces` and add a new section.
sudo gedit /etc/network/interfaces
...

auto proxpn
iface proxpn inet manual
  openvpn proxpn

...

Now the system has a new interface called 'proxpn' and you can control it with the `ifup/ifdown` commands 

sudo ifup proxpn
Hopefully that last command propted you for your username/password and started up the vpn. But there's still a bit more to do to finish things up.

Edit (sudo gedit blah blah blah) the `/etc/default/openvpn` file and uncomment the line that says 

AUTOSTART="none"
this will keep the vpn from starting automatically at boot.

Create a file `/etc/openvpn/proxpn.pass` and put two lines in it. The first line should be your username, the second your password.

Edit the config file again `/etc/openvpn/proxpn.conf` and look for the line that says 'auth-user-pass' and add the file you just created that holds your username/password info. 

...
auth-user-pass proxpn.pass
...
and that should keep you from actually having to type in your username/password when you start the vpn.

If all went well... you can now `sudo ifup proxpn` to start the vpn and `sudo ifdown proxpn` to stop the vpn.
posted by zengargoyle at 8:05 PM on March 15, 2013 [1 favorite]


« Older Waitlisted events/places in Europe or Asia in...   |   Help me re-create this awesomely creepy doll Newer »
This thread is closed to new comments.


Tags

Share