Skip to content

Instantly share code, notes, and snippets.

@tuxdna

tuxdna/connect-vpn.sh

Last active March 31, 2019 06:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tuxdna/ad47ffe765602c4f1478f5e30294d02d to your computer and use it in GitHub Desktop.
Save tuxdna/ad47ffe765602c4f1478f5e30294d02d to your computer and use it in GitHub Desktop.
Download ZIP
IPSec VPN connection using Shrew VPN Client and OpenVPN Clinet on Linux
Raw
connect-vpn.sh
IFACE=wlo1
VPN_MTU=1380
WL_MTU=$(cat /sys/class/net/$IFACE/mtu)
ip a | grep 'state UP'
echo "Checking: $IFACE MTU=$WL_MTU and VPN requires MTU=$VPN_MTU"
if [ "$WL_MTU" -gt "$VPN_MTU" ]
then
echo "Setting MTU on $IFACE to $VPN_MTU"
sudo ip link set "$IFACE" mtu $VPN_MTU
else
echo "MTU is all good."
fi
echo "Now connecting to VPN..."
qikec -r "MySite" -u 'User.Name' -p 'Pass.Word' -a
Raw
ipsec-vpn-using-OpenVPN.md

Using OpenVPN client on Ubuntu 18.04 works as well:

TLDR;

  • File: client.ovpn
  • File: user-pass.txt
  • Command: sudo openvpn --config client.ovpn --auth-user-pass user-pass.txt

Full details below:

Step 1:

Downloaded the file client.ovpn following this [1] page. Select third option after Windows and Mac to download this file.

Step 2:

Created a plain text file called user-pass.txt which contains username in first line and password on second line.

Step 3:

And then:

$ sudo openvpn --config client.ovpn --auth-user-pass user-pass.txt
 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018
 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
 Validating certificate extended key usage
 VERIFY EKU OK
 [Fireware SSLVPN Server] Peer Connection Initiated with [AF_INET]
 SENT CONTROL [Fireware SSLVPN Server]: 'PUSH_REQUEST' (status=1)
 PUSH: Received control message: 'PUSH_REPLY,...
 ...
 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
 TUN/TAP device tun0 opened
 TUN/TAP TX queue length set to 100
 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
 /sbin/ip link set dev tun0 up mtu 1500
 /sbin/ip addr add dev tun0 ...
 /sbin/ip route add ...
 Initialization Sequence Completed

This works from CLI now.

[1] http://customers.watchguard.com/articles/Article/Use-OpenVPN-on-Ubuntu-Linux-to-connect-to-an-XTM-device

Raw
ubuntu-linux-vpn.md

Install the Shrew VPN client [1] on Ubuntu (tested with Ubuntu 18.04) :

sudo apt-get install ike ike-qtgui

Obtain your VPN config from the archive, and import it using the GUI interface:

qikea

Verify that the configuration has been imported as a new site as below:

$ ls ~/.ike/sites/MySite

Now we can connect to the VPN:

qikec -r "MySite" -u '<USER_NAME>' -p '<PASSWORD_HERE>' -a

IMPORTANT: In case your network interface has a MTU greater than 1380, then you will observe issues with your VPN connection. Setting correct MTU of your machine's network as described below, will fix this issue.

Check and update the MTU for your network

$ ifconfig wlo1 | grep mtu
wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

## Alternative command, when you know the interface name.

$ cat /sys/class/net/wlo1/mtu 
1500

$ sudo ip link set wlo1 mtu 1380

$ ifconfig wlo1 | grep mtu
wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1380

Now VPN should work fine.

[1] https://www.shrew.net/download/ike

@tuxdna
Copy link
Author

tuxdna commented Dec 29, 2018 

$ sh connect-vpn.sh 
3: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1380 qdisc mq state UP group default qlen 1000
Checking: wlo1 MTU=1380 and VPN requires MTU=1380
MTU is all good.
Now connecting to VPN...
^C

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment