Jun 192007

I figured out how to get Ubuntu to correctly connect to a Windows style PPTP VPN. Apparently there are a number of large issues with NetworkManager that make it all but unusable for VPN. The fix is enormously simple, so I’m extremely confused as to why on earth they haven’t patched it yet. Okay, so here’s what I have done:

1. Create a shell script that you will run after you connect to the VPN via NetworkManager applet. The contents are like this:

2. Connect to the VPN using NetworkManager

3. Run this script as root:

What this does is first it updates my resolv.conf so that I can find the DNS server that my company provides and also setups up my search domain for easy access to stuff like http://wiki. Next it adds a new route to the kernel IP routing table. The issue with NetworkManager is that it not only completely clears out resolv.conf (eeck!) but it also doesn’t always setup a route to get to the VPN network. In my script I just setup a simple default route that will direct all traffic to my VPNs gateway. This procedure assumes that NetworkManager is setting up a host route to the VPN gateway on the ppp network device. If this doesn’t happen, well your routing table could get all screwed up, but I think for now NetworkManager isn’t that stupid (however it might be).

Good luck and happy VPNing.

  6 Responses to “Ubuntu VPN issues”

  1. Brian,

    this is definitely the problem I’m having (I’m using the Cisco VPN, patched) it does connect, and, if I enter the IP address manually it does ping, browse, whatever.

    However, having followed your “absurdly simple” instructions does not seem to alleviate the problem.
    My /etc/resolv.conf seems to be created correctly by the Cisco client and looks like this:

    domain mycompany.com

    I get an IP address that looks something like

    but running the route command does not seem to fix the issue.
    A couple of questions:

    1. what should be the IP entry in the route command?
    2. what should the routing table (the one shown by the route command alone) look like?


  2. Marco,

    Sorry the post is misleading. The route command should add the gateway for your VPN to the route table. My VPN is on the 10.10.30 subnet and my gateway from the VPN network to the internets (hehe) is You should find the gateway for your VPN and then use that.

    Here is what my route looks like once I VPN in and run the command:

    As you can see, my wireless device has the gateway from the VPN network to the outside. However, the VPN device needs a gateway as well and that is what I setup with the route command so that the ppp0 has the gateway to the VPN network.

    Also, be careful of multiple networking devices. If you have wireless and wired devices I’ve seen it where sometimes if I’m using wireless my wired device will be assigned the VPN bridge and the route for the VPN gateway will be for my wired device.

  3. Cheers for this, fixed my issues. If you copy the resolv.conf before you connect, it has the correct info, so I just pasted the (old) resolv.conf into the new file.

  4. I started from here and found how to automate the process, thought I’d post my solution as I have searched high and low:

    Check that the VPN works. Usually you can log in and ping known hosts, or even name search with the full domain path. However it does not work without and you can’t access hosts by looking up just their name.

    We want to add that domain search and replace the name servers in /etc/resolv.conf automatically upon VPN activation. Now, contrary to everything you read about ip-up and ip-down, this does not work! The VPN connection manager calls pppd with some arguments and it does not execute any scripts. Don’t waste your time wondering why as I did.

    The way to get around it is to install resolvconf:
    >$ sudo apt-get install resolvconf

    Now try starting your VPN and doing a lookup. Hopefully it works, pppd calls resolvconf and passes it the name server on the VPN, and resolvconf overwrites /etc/resolv.conf to reflect the change. Check that the VPN name servers have been written to the /etc/resolv.conf file. However, once you exit the VPN connection resolvconf is called to delete the new name server info and you end up with an empty /etc/resolv.conf and you can’t resolve anything anymore until you edit /etc/resolv.conf and add ‘nameserver 192.168.xxx.yyy’ (your local name server). Once that is done, all is well again. To prevent having to do this after every VPN reconnect, resolvconf needs default information stored in /etc/resolvconf/resolvconf.d/base.

    Edit your /etc/resolvconf/resolvconf.d/base file to read ‘nameserver 192.168.xxx.yyy’, providing the address of your local name server (not the VPN one).

    After this it should work! Log in to the VPN and log out and your local connection, along with your local name server, should be restored.

    Happy VPN ing!

  5. I know this is an old post, but I ran into this problem using vpnc. The fix was selecting a check box called: Use DNS_UPDATE to rewrite resolve.conf
    which was found in Preferences->General->Network. You may need to restart vpnc.

  6. Greetings from Florida! I’m bored to tears at wok so
    I decided to browse yyour site on my iphone during lunch break.

    I love the knowledge you provide here and can’t wwait to take a
    look whn I gett home. I’m surprised at how quick your blog loaded on my phone ..
    I’m not even using WIFI, just 3G .. Anyways, very good blog!

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">