Connecting to the Institute's VPN

VPN setup for Linux

The department currently provides a VPN server that support the proprietary Microsoft VPN system using PPTP and MPPE. This is different to the university VPN server which uses the CISCO system and requires different client software.

The instructions below are for Debian/GNU Linux. For other Linux distributions you will need to install similar packages and make similar configuration changes (see the pptp configuration page for details).

Connecting to the Departmental Microsoft VPN Service

Required software/packages

Firstly you need to ensure you have a kernel with MPPE support to encrypt the connection. A patch for this was accepted into kernel version 2.6.12-rc4 so should be available in stable versions from 2.6.13. Alternatively there is a debian package kernel-patch-mppe that you can use in which case you will need to recompile the kernel.

You then need to install the pptp-linux package, i.e. run

apt-get install pptp-linux

Initial configuration

Firstly create/edit the file /etc/ppp/options.pptp and add the line

lock noauth nobsdcomp nodeflate

Next create/add the line to the file /etc/ppp/chap-secrets of the form

MATHS\\username PPTP password *

where you replace username and password by your Mathematical Institute username and password. Note if the password contains any special characters you will need to quote them.

Now create a file /etc/ppp/peers/mi-tunnel containing

pty "pptp vpn.maths.ox.ac.uk --nolaunchpppd"
name MATHS\\username
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam mi-tunnel

where again username is you username.

Starting/stopping a tunnelled connection

You can now start a tunnel with the command

pon mi-tunnel

and stop a tunnel with

poff mi-tunnel

If you need to diagnose a failed tunnel connection use the command

pon mi-tunnel debug dump logfd 2 nodetach

Connecting to a CISCO VPN Service

The University VPN service uses the CISCO system rather than Microsofts proprietary one. In this case you need to install the vpnc package instead, i.e.

apt-get install vpnc

Having installed the package you need to configure it by editing the file /etc/cpn.conf and set the IPSec ID, IPSec GW along with an appropriate username and password.

Once configured you make the connection by running the command

vpnc-connect

and close the connection with the command

vpnc-disconnect