PPTP VPN on Ubuntu 10.04 for your iPhone / iPad

Below are the steps necessary to connect your iPhone / iPad or any other computer via a PPTP VPN.

Why would I want to do this? For various reasons such as allow you to access information and servers that are behind a firewall, or maybe you just need to route traffic through different servers.

I’ve tested this on a 256mb Rackspace Cloud instance running Ubuntu 10.04 and with an iPhone and an iPad. Thanks to Yaniv for debugging the instructions.

Disclaimer: This is for educational uses only and I take no responsibility as to what you may do with it. The PPTP VPN setup via the instructions below has no encryption and uses the simplest and lowest form of password authentication. If you require stricter encryption and authentication methods you’ll need to read more about pptpd configuration.

Assumptions:

  • The instance you are using is blank, specifically from firewall rules in iptables, otherwise, you’ll need to patch things up.
  • All commands assume you are current a root user. If you logged in as root, that’s great. If not, run:
    sudo su
  • Instead of messing a lot with iptables commands, I’m using ufw (Uncomplicated FireWall). In general, to most people, it will be easier to manage and work with.

Setting up the PPTP Server

In general we are going to create a PPTP VPN that is very basic without encryption and with basic authentication security (not fancy authentication protocols). Since Rackspace Cloud instance has an external interface (eth0) that has the instance public IP and an internal interface (eth1) with an internal IP used to communicate with your other Rackspace Cloud server (if you have them), we’ll create an alias network interface card that will have some other set of internal ips, which will be given to the devices connected via the VPN.

  1. Install the necessary software (pptpd, pptp-linux, ppp and ufw – for firewall):
    apt-get install pptpd pptp-linux ppp ufw
  2. Enable port 22 (ssh) in the firewall, so we don’t get locked out of our instance:
    ufw allow 22
  3. Enable port 1723 (pptpd) in the firewall to enable access to the pptpd dameon:
    ufw allow 1723
  4. Enable ufw:
    ufw enable
  5. Add an aliased network interface card (eth0:0): (We use the address space of 192.168.88.0/24 since its usually free for most networks for most users. You can feel free to change this address if it is already taken)
    Edit /etc/network/interfaces:

    nano /etc/network/interfaces

    Enter the following text at the end of the file:

    auto eth0:0
    iface eth0:0 inet static
    address 192.168.88.1
    netmask 255.255.255.0
    gateway (same value as listed for eth0)
    dns-nameservers (same value as listed for eth0)

    Replace the value of “gateway” with the same value you will see in this file for “eth0”, the real public network interface.
    Replace the value of “dns-nameservers” with the same value you will see in this file for “eth0”

  6. Configure the pptpd daemon:
    Edit /etc/ppp/pptpd-options:

    nano /etc/ppp/pptpd-options

    Comment out (add a “#” char at the start of the line) the following lines:
    “refuse-pap”
    “refuse-chap”
    “refuse-mschap”
    “refuse-mschap-v2”
    “require-mppe-128″replace “#ms-dns 10.0.0.1” with “ms-dns 8.8.8.8”
    replace “#ms-dns 10.0.0.2” with “ms-dns 8.8.4.4”

    The last 2 lines above sets the DNS server the devices connecting to your PPTP VPN will use. The addresses above are for the Google Public DNS server, but can be any other DNS server (including the same DNS servers as Rackspace or your hosting provider use)

    Edit /etc/pptpd.conf :

    nano /etc/pptpd.conf

    Add at the bottom of the file:

    localip 192.168.88.1
    remoteip 192.168.88.2-20

    The value of “remoteip” will be the set of IP addresses the devices connecting to the VPN will get upon successful connection. Currently, we have here 18 addresses, which is enough for 18 concurrent devices. You can make this range bigger if needed.

  7. Configure the username and password that will be used to authenticate client accessing the VPN:
    Edit /etc/ppp/chap-secrets:

    nano /etc/ppp/chap-secrets
    # client server secret IP addresses
    [UserName] pptpd [Password] *

    Replace [UserName] with the username you wish to use.
    Replace [Password] with the password you wish to use (I suggest a long random password. Try this generator)

  8. Enable IP forwarding in the kernel:
    Edit /etc/sysctl.conf :

    nano /etc/sysctl.conf

    Uncomment the line “net.ipv4.ip_forward=1”
    For IPv6, uncomment “net.ipv6.conf.all.forwarding=1”

  9. Enable IP forwarding in ufw:
    Edit /etc/default/ufw:

    nano /etc/default/ufw

    Change the value of “DEFAULT_FORWARD_POLICY” from “DROP” to “ACCEPT”

  10. Add IP masquerading rule in ufw, so that NAT will work and devices connecting to the VPN will be seen as if the traffic goes out of the VPN server:
    Edit /etc/ufw/before.rules:

    nano /etc/ufw/before.rules

    Paste the text below after the header and before the “*filter” rules:

    # nat Table rules
    *nat
    :POSTROUTING ACCEPT [0:0]

    # Allow forward traffic from eth0:0 to eth0
    -A POSTROUTING -s 192.168.88.0/24 -o eth0 -j MASQUERADE

    # don’t delete the ‘COMMIT’ line or these nat table rules won’t be processed
    COMMIT

  11. Reboot the machine, cross your fingers and hope for the best :-)

Configuring your iPhone / iPad

  1. In your iPhone / iPad go to “Settings” -> “General” -> “Network” -> “VPN”
    PPTP VPN Configuration
  2. Select “Add VPN Configuration”
  3. Select “PPTP”
  4. In “Description” enter the name of the VPN connection
  5. In “Server” enter the IP address of the server (or a server name, if you mapped the server’s IP address to a domain name)
  6. In “Account” enter the username you have entered into the “/etc/ppp/chap-secrets” file
  7. In “Password” enter the password you entered for the above username in “/etc/ppp/chap-secrets”
  8. Make sure “Send All Traffic” is turned to “ON”
  9. Set “Encryption Level” to “None” (this is how we configured the PPTP server in this post, if you setup an encryption try to keep it in “Auto”
  10. Select save

 


Ubuntu 9.10 Karmic Koala and ies4linux – Installation

Installing ies4linux on Ubuntu 9.10 Karmic Koala by just running “./ies4linux” might show some warnings such as:

IEs4Linux 2 is developed to be used with recent Wine versions (0.9.x). It seems that you are using an old version. It’s recommended that you update your wine to the latest version (Go to: winehq.com).

In my case it showed the above text, which seems to be a warning, and run the UI but then got stuck and didn’t complete anything.

To overcome this issue simply run the installation without the GTK based UI in a terminal window:

./ies4linux –no-gui

That’s it. Works like a charm.

Google AppEngine – Python – issubclass() arg 1 must be a class

If you are getting the error “”issubclass() arg 1 must be a class”” with Google App Engine SDK for Python on Linux its probably because you are running Python 2.6 (and will probably happen to you when you run Ubuntu 9.04 – 2.6 is the default there).

Just run the dev server under python 2.5 (i.e. python2.5 dev_appserver.py)

“Unable to retrieve MSN Address Book” on Pidgin on Ubuntu / Debian?

Today I got the following error on Pidgin (I’m running version 2.5.2 on Ubuntu 8.10 Intrepid Ibex) while it tried to connect to MSN:

“Unable to retrieve MSN Address Book”

After searching a bit I found this post by Gijs Nelissen which said to use a different MSN plugin for Pidgin called msn-pecan.

I’ll reiterate the instructions for those with Ubuntu / Debian:

  1. Close Pidgin (make sure the process is really down)
  2. Run “apt-get install msn-pecan”
  3. Start pidgin
  4. Change your MSN account type from MSN to WLM
  5. Reconnect

I don’t know if this error affects other libpurple based multi-headed IMs (such as Adium) (UPDATE: It appears this IS a libpurple issue – so Adium IS affected), however, the msn-pecan project has a Windows binary release as well as source release (if you care/need/want to compile it for Mac OS X or other Linux distributions).

Ubuntu 8.10, Dell D630, fan issues and screen repaints issues

On the day of Ubunut 8.10 I’ve upgraded my work laptop (Dell D630) to Ubuntu 8.10. I’ve previously ran my home desktop on the release candidates and saw that all is well so I didn’t expect any specific issues with the upgrade.

After finishing the upgrade successfully I’ve encountered 2 problems.

The first was with the computer fan. It was workin on and off in full steam in 4 seconds cycles. Really annoying. A quick search in the Ubuntu forums led to this post saying I should upgrade to the latest BIOS version (A13 – at least at the time of writing this post).

Upgrading to the latest BIOS stopped the fan from cycling to full speed and full stop but it was still running a bit too much even when the computer was rather idle.

There was another post in the forums that suggested to go back to the older Nvidia drivers (version 173) instead of using the version which ships with Ubuntu 8.10 (177).

That managed to solve the fan issues for now as well as fix some strange repaint problems I was seeing when working with TwinView and extending my screen to another external monitor.

Thought it might help others who face these problems.

Failed to run /usr/sbin/synaptic Unable to copy the user’s Xauthorisation file

If you get the following error while running Synaptic:

Failed to run /usr/sbin/synaptic
Unable to copy the user’s Xauthorisation file.

Make sure to that you have enough space in your /tmp directory.

To check if that is indeed the problem run the following command in your terminal:

df -h

This command will show you each mounted volumes you may have including the one mounted to /tmp.

/tmp usually contains temporary data for applications while they run. It sometimes may reach a point where it 100% full (might have happened to me while I upgraded to Hardy Heron 8.04).

To clear /tmp run the following commands (BE CAREFUL NOT TO RUN rm -rf ON ANYWHERE OTHER THAN /tmp):

cd /tmp

pwd # just to make sure you are really in /tmp

rm -rf *