Linux: Setting up a VPN to only route specific IP addresses

October 20th, 2013 by Richy B. Leave a reply »

This post will detail how to setup a Linux Mint 14 (based on Ubuntu) desktop machine (so using the GUI) to connect to a PPTP/L2TP VPN account (from SafeVPN.Net) and only route accesses to certain/set specified IP addresses.

In this scenario, I’m working on the fact that you’ve only just up for a PPTP/L2TP VPN account from SafeVPN.Net (or another VPN provider) and have been given details such as:

Destination: Major Town(Country)
VPN Server IP: 198.51.100.1
Your IP: 192.0.2.2
L2TP/PPTP VPN Username: vpn12345
Password: pa55w0rd

And you’ve informed “XYZ Inc” that your new “static IP address” is 192.0.2.2 (the Your IP section above) and that they’ve let you know you should now be able to connection from 192.0.2.2 to their “XYZ Server” on 203.0.113.3

1. First of all, open “Network Connections” (click Menu->Search and search for “Network Connections”) and then click the “VPN” tab.
2. Click “Add” and under the “Choose a VPN Connection Type”, select “Point-to-point Tunnelling Protocol (PPTP)” and click “Create”
3. In the Connection name box, enter a name for you to refer to the connection to (such as “SafeVPN – Major Town(Country)”)
4. In the “VPN” tab, for the “Gateway” enter the VPN Server IP (such as 198.51.100.1)
5. In the “VPN” tab, enter the L2TP/PPTN VPN Username and password.
6. In the “VPN” tab, click “Advanced” and ensure that for Authentication, ONLY MSCHAP and MSCHAPv2 are enabled (so disable PAP, CHAP and EAP). Enable “Use Point-To-Point encryption (MPPE)” with a security level of “All Available (DEfault) and enable “Allow BSD data compression”, “Allow Deflate Compression”, and “Use TCP header compression”.
7. Click “OK” on the “PPTP Advanced Options” box
8. Ensure “Available to all users” is set

If you were to save and connect at this point, all your internet traffic would be filtered over the VPN (if this is what you want, jump to step 13), but we only want traffic to “XYZ Server” on 203.0.113.3 to go over the VPN, so let’s continue setting things up.

9. Now click on the “IPv4 Settings” tab and click “Routes…”
10. Click “Add” and in the “Address” box, enter the IP address of the machine you which to access. For our XYZ server, this is “203.0.113.3”. In the “Netmask” box enter “255.255.255.255” (to indicate we only want this single IP address). Leave the Gateway and Metric boxes empty.
11. Select “Use this connection only for resources on its network”
12. Click “Ok” on the “Editing IPv4 routes” box

13. Click “Save…”
14. On your task bar, left-click the “Network Connections” icon (usually your wireless symbol or network cables joining icon). There should now be an option labelled “VPN Connections”, just select that and then your connection (“SafeVPN – Major Town(Country)” in our example)

You should now have access to the remote system over the VPN connection with all your other traffic using your normal connection!

(All IP addresses used in this example are from the “reserved for documentation” ranges as detailed in RFC 5737 and should not be publicly routable)

This post is over 6 months old.

This means that, despite my best intentions, it may no longer be accurate.

This blog holds over 12 years of archived content - during that time, I may have changed my opinion of something, technology will have advanced (and old "best standards" may no longer be the case), my technology "know how" has improved etc etc - it would probably take me a considerable amount of time to update all the archival entries: and defeat the point of keeping them anyway.

Please take these posts for what they are: a brief look into my past, my history, my journey and "caveat emptor".

1 comment

  1. Mario Flores says:

    Worked well for me. I just found for purevpn, I had to uncheck MSCHAP – only v2 worked.

gamy-dance
%d bloggers like this: