No internet over VPN connection
After setting up a connection to a VPN network, I can not make internet connection over the VPN. I get no response from network commands like e.g. tracepath ubuntu.com
.
The protocol is pptp. My system is lubuntu 17.10, 32-bit (reviving an old pc).
Please provide guidelines for a correct installation, or debugging hints.
Solution 1:
Finally, I got this up and running and want to share my findings on this forum. The info I needed seems to be scattered around different sites.
-
Configure VPN ...
in VPN Connections is greyed out.
Inconvenient, and I don't know how to solve, but there is a workaround.
Go through Edit Connections... and press +. However, in the Connection Type, no VPN's are listed. - I (re-)installed the necessary modules for vpn connection, with
sudo apt-get install --reinstall network-manager network-manager-gnome openvpn network-manager-openvpn network-manager-openvpn-gnome network-manager-pptp network-manager-pptp-gnome pptp-linux
- Now it is possible to add a pptp connection as described under the first bullet. Configure it with credentials and settings as given by the VPN provider.
- To avoid firewall problems, try first with UncomplicatedFirewall off.
sudo ufw disable
and reboot. - After this : VPN Connections ->
new_vpn
establishes the VPN connection. However, in my case it was not possible to access the internet. It feels like the connection breaks after the first site, or it takes forever to load any site. - The cure for this problem I found here.
Apparently the mtu, maximum transmission unit, for the vpn port is too high. In my case I have to lower it manually by executing
ifconfig ppp0 mtu 1388
- The maximum mtu which is suitable can be found by connecting to the vpn and then pinging some site (e.g. ubuntu.com) by executing
ping -M do -s <number> -c 1 ubuntu.com
. Increase<number>
by 10 until the connection is lost (once it is lost, in my case it also fails when lowering again) I had to revive the connection bysudo service network-manager restart
and connecting again to the vpn. Once you find the highest usable<number>
, add 28 and that is the mtu to use with the vpn port. See also here. -
Still two problems left, how to automate the setting of the mtu value when connecting to the VPN, and DNS seems to be gone after disconnecting from the VPN. The latter can be solved by
sudo service network-manager restart
. Both tasks can be automated as suggested in script/etc/NetworkManager/dispatcher.d/01-ifupdown
. Scripts in thedispatcher.d
folder are called with the port and event as argument. So, I create an executable script in this folder, as below#!/bin/sh
#info : pre-up and pre-down are not implemented in network-manager if [ "$2" = "vpn-up" ]; then /sbin/ifconfig "$1" mtu 1388 fi if [ "$2" = "vpn-down" ]; then /usr/sbin/service network-manager restart fi
Finally, I want to enable ufw again. For this I need to add
-A ufw-before-input -p 47 -j ACCEPT
in file/etc/ufw/before.rules
, just before# drop invalid packets
and dosudo ufw enable
, and reboot. Now everything works fine, in my case.Later I found that another (and probably better) way to get the dns back is to store the package resolvconf.
sudo apt install resolvconf
sudo dpkg-reconfigure resolvconf
Then the vpn-down part of the script can be deleted.
Later I found this behaviour of dns loss for non-superuser after pptp vpn described here:
https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1778946