Thursday, June 22, 2017

Ubuntu - Connecting to a PPTP VPN server using the terminal


I was away from Islamabad and needed to download some scientific papers. This required me to connect to my University's VPN which was of the PPTP variety. I tried using the Network Manager applet in Ubuntu 14.04 which would successfully connect but the moment I would open a page on Chrome the VPN connection would fail.


Connect to the VPN from the terminal using instructions that were written for Ubuntu 7.04 ( and were supposed to have become outdated 7 years ago. But what is in the command line can never die.

Based on help from and with a little tweaking I was able to successfully connect to the VPN in a stable fashion.

  1. Install pptp package: sudo apt-get install pptp-linux

  2. Create a peers file. I named mine 'comsats' so I created: /etc/ppp/peers/comsats with the following content
        pty "pptp <vpn server ip address> --nolaunchpppd"
        logfd 2
        ipparam comsats
        remotename comsats
        name <vpn username>
    This file needs to be executable (sudo chmod +x /etc/ppp/peers/comsats). Note the 'remotename' and the 'ipparam' which are set to 'comsats'. These will be used to activate the connection and to run automated scripts when the connection is setup and torn down.

  3. Add your VPN credentials to /etc/ppp/chap-secrets in the following format:
        * <vpn username> * <vpn password>
    At this point you can check your vpn connection by executing:
        sudo pon comsats
    For debugging the connection look at /var/log/syslog. At this stage your internet will NOT be forwarded over the vpn because the routes haven't been set up for it.

    To close the connection Ctrl+C is supposed to work but it didn't for me so I had to use ps -A | grep ppp to find the pid of the connection process and then sudo kill -KILL <pid> to kill it.

  4. To forward your internet packets over the VPN you must first find the ip addresses of the gateways for your internet interface (wlan0 in my case) and the vpn interface (ppp0). Simply use ipconfig. In my case my wifi gateway was and the vpn gateway was To take a look at the current routes issue the route command, it will show you the current default gateway.
    The first step is the delete the current default gateway:
        sudo route delete gw wlan0
    Note the use of my wlan0 gateway ip address (
    Now switch to using the ppp0 gateway as the default so that all outgoing internet traffic is sent via the vpn:
        sudo route add gw ppp0
    You can confirm the switch to using the VPN by looking at your external IP address (I simply navigate to and a whois to confirm).

  5. After closing the vpn connection you will have to revert the changes to the routes to get your normal internet access back (the Network Manager applet does all of this automatically, when it works) as follows:
        sudo route delete gw ppp0
        sudo add gw wlan0

  6. To automate the route changes one can add files to the /etc/ppp/ip-up.d and /etc/ppp/ip-down.d folders that are automatically run when the connection is setup and torn down respectively.
    Create and populate /etc/ppp/ip-up.d/comsats:
        [ "$PPP_IPPARAM" = "comsats" ] || exit 0
        route delete default gw wlan0
        route add default gw ppp0
    Note how we use the $PPP_IPPARAM to match against the same we defined in /etc/ppp/peers/comsats to make the code run only when this connection is set up.
    Similarly create and populate /etc/ppp/ip-down.d/comsats:
        [ "$PPP_IPPARAM" = "comsats" ] || exit 0
        route delete default gw ppp0
        route add default gw wlan0
    Finally comment out nodetach in /etc/ppp/peers/comsats to run the connection as a deamon and use sudo poff comsats to close the connection when you need to. This connection is not as stable as I would like it (usable however) so I use tail -F /var/log/syslog | ccze -A to keep an eye on the connection while I am using it, restarting it as needed.

No comments:

Post a Comment