Create a VPN connection from Linux Terminal

PowerADM.com / Linux / CentOS / Create a VPN connection from Linux Terminal

In this article, we’ll look at how to create a VPN connection from the Linux terminal console and connect to a remote VPN server from the command line. Consider how to create L2TP, PPTP, OpenVPN, and SSTP VPN connections on Linux.

Creating an L2TP VPN Connection in Linux

You can use NetworkManager to create L2TP VPN connections from the Linux console.

To install NetworkManager with L2TP support, run the command:

  • In CentOS/RHEL/Fedora:
    # yum -y install NetworkManager-l2tp
  • To install NM with L2TP on Ubuntu/Debian, you must first add the repository:
    $ sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
    $ sudo apt-get install network-manager-l2tp

install network-manager-l2tp on linux ubuntu

To create a new L2TP VPN connection, use the command:

$ nmcli connection add connection.id [VPNConnectionName] con-name [VPNConnectionName] type VPN vpn-type l2tp ifname -- connection.autoconnect no ipv4.method auto vpn.data "gateway = [ipv4], ipsec-enabled = yes, ipsec-psk = 0s"$(base64 <<<'[PSK]' | rev | cut -c2- | rev)"=, mru = 1400, mtu = 1400, password-flags = 0, refuse-chap = yes, refuse-mschap = yes, refuse-pap = yes, require-mppe = yes, user = [user]" vpn.secrets password=[user-password]
  • [VPNConnectionName]
  • [ipv4] — IP address or FQDN of L2TP/IPSEC VPN server
  • [PSK] —Pre-Shared Key (PSK)
  • [user] — VPN username
  • [user-password] — user password

The settings for a new VPN connection are saved to the /etc/NetworkManager/system-connections/{name} file.

List all connections in NetworkManager:

$ nmcli con

Show information about the created VPN connection:

$ nmcli c show id [VPNConnectionName]

To connect to the L2TP VPN server from the command line:

$ nmcli c up [VPNConnectionName]
When connecting to a remote VPN server, an error may appear:

Error: Connection activation failed: Could not find source connection.

In this case, check the following:

  • journactl logs;
  • the default gateway is set for the physical interface (for example, ens33);
  • the br0 interface may be enabled on the server, but is not used. Try to remove it.

To disconnect from a VPN server, run:

$ nmcli c down [VPNConnectionName]

Adding PPTP VPN Connection in Linux

To install a PPTP VPN client on Ubuntu/Debian:

$ sudo apt install pptp-linux

Go to the directory:

$ cd /etc/ppp/peers

Create a PPTP file:

$ sudo touch PPTP

Edit the file:

$ sudo nano /etc/ppp/peers/PPTP

Add the following content:

pty "pptp YOUR_VPN_SERVER --nolaunchpppd --debug"
name VPNUsername
password VPNPassword
remotename PPTP
require-mppe-128
require-mschap-v2
refuse-eap
refuse-pap
refuse-chap
refuse-mschap
noauth
debug
persist
maxfail 0
defaultroute
replacedefaultroute
usepeerdns

Save the file by pressing CTLR+X, Y -> Enter.
Change file permissions:

$ chmod 600 /etc/ppp/peers/PPTP

To connect to a PPTP VPN server, run the command:

$ pon PPTP

Disconnect VPN client:

$ poff PPTP

How to Set Up SSTP VPN Connection with Command Line on Linux?

You can set up an SSTP connection to a VPN server on Linux. On Ubuntu, you can use the sstp package for nmcli.

Install the SSTP package:

$ sudo add-apt-repository ppa:eivnaes/network-manager-sstp
$ sudo apt update
$ sudo apt install network-manager-sstp sstp-client

The following command is used to connect to the SSTP VPN server:

$ sudo sstpc --cert-warn --save-server-route --user <your_user_name> --password <your_password> <hostname_or_ip_address_of_sstp_server:port_if_not_standard_port> usepeerdns require-mschap-v2 noauth noipdefault nobsdcomp nodeflate

You can save VPN server connection settings to a text file:

$ sudo nano /etc/ppp/peers/sstptest
              remotename  sstptest
              linkname    sstptest
              ipparam     sstptest
              pty         "sstpc --ipparam sstptest --nolaunchpppd sstpvpn.contoso.com"
              name        user1
              plugin      sstp-pppd-plugin.so
              sstp-sock   /var/run/sstpc/sstpc-sstp-test
              usepeerdns
              require-mppe
              require-mschap-v2
              refuse-eap
              refuse-pap
              refuse-chap
              refuse-mschap
              nobsdcomp
              nodeflate

Add the username and password for authentication on the VPN server to /etc/ppp/chap-secrets file:

# Secrets for authentication using CHAP
# client        server  secret          IP addresses
user1         *       xxxxxx          *

Now you can connect to the SSTP VPN server using the configured connection:

$ sudo pon sstptest

To send all traffic through the VPN connection, you need to add a route:

$ sudo route add default <vpn_interface>

(usually, this is ppp0 device)

Or only traffic to specific networks/hosts:

$ sudo route add -net 192.168.2.0/24 dev ppp0

Configure OpenVPN Connection Using Linux Terminal

Install the OpenVPN package on Linux:

  • Debian, Ubuntu, Linux Mint, Kali Linux:
    $ sudo apt-get update && apt-get upgrade
    $ sudo apt-get install openvpn
  • RedHat, Fedora, CentOS, Oracle, Rocky Linux:
    # yum install epel-release –y.
    # yum install openvpn –y

You will need the *.ovpn configuration file to connect to an OpenVPN server. In order to connect to VPN using the client.ovpn file:

$ sudo openvpn --config /etc/openvpn/client.ovpn --daemon

Enter a username and password (if Active Directory authentication is enabled for OpenVPN).

Check that the VPN connection is established:

$ ip a show tun0

To end the OpenVPN connection, press CTRL+C (if the client is running without the --daemon parameter) or run the command:

$ sudo killall openvpn

In order for an OpenVPN connection to be automatically established when Linux starts, you need to create a separate systemd unit:

$ sudo vi /lib/systemd/system/OpenVPNClientCorp.service

[Unit]
Description=Hide.me OpenVPN Client Corp
After=multi-user.target
[Service]
Type=idle
ExecStart=/usr/sbin/openvpn --config /etc/openvpn/client.ovpn
[Install]
WantedBy=multi-user.target

Change the file permissions:

$ sudo chmod 644 /lib/systemd/system/OpenVPNClientCorp.service

Add the new unit via systemctl:

$ sudo systemctl daemon-reload
$ sudo systemctl enable OpenVPNClientCorp.service
On Windows, you can also implement an automatic connection to OpenVPN.
3 thoughts on “Create a VPN connection from Linux Terminal”
  1. I can’t fix the error

    Error: Connection activation failed: Could not find source connection.

    can you help me?

  2. NetworkManager-l2tp is not available for Centos 7, at least is not being shown on

    yum list NetworkManager\*

Leave a Reply

Your email address will not be published. Required fields are marked *