OSMC PPTP Client Configuration

My parents are retired and have a house in France where they live for about three months of the year. Like most people in the UK, they watch a lot of TV and are big users of the BBC iPlayer. This is a problem when they’re in France as the BBC uses GeoLocation authentication. Simply put, this means they block all connections coming from a non-UK IP address.

One solution to this problem is to route there internet traffic through a Virtual Private Network (VPN). You could host your own VPN, or you could simply subscribe to one of many VPN providers out there. Here I am trying iPortal.

iPortal VPN Connection Details

iPortal supports two protocols for tunnelling – PPTP and L2TP. Unfortunately this means that they do not support OpenVPN.

Here you will need to get your VPN connection details to hand. iPortal only requires a username and password. Other providers may also require you to provide a domain.

Username Password
me@andrewpike.co.uk kw3VX5uigjgf

Here I will be following this as a guide and configuring the client to use PPTP. I am using a Raspberry Pi with the OSMC as the OS.

Install and Configure PPTP Client

First we will need to install the pptp-linux package.

sudo apt-get update
sudo apt-get install pptp-linux

The PPTP configuration file is /etc/ppp/options.pptp. Use a text editor (nano) to edit the file if necessary.

nano /etc/ppp/options.pptp

…and add the following lines if not already present.

lock
noauth
nobsdcomp
nodeflate

You can use egrep to check, as I do below.

egrep "lock|noauth|nobsdcomp|nodeflate" /etc/ppp/options.pptp
lock
noauth
nobsdcomp
nodeflate

You now need to add your username, password and domain (if your providers gave you one) to the chap-secrets file, located in /etc/ppp/. Some provides also require you to specify a domain here – but not iPortal.

sudo nano /etc/ppp/chap-secrets

The format for entering these details are as shown below.

<DOMAIN>\\<USERNAME> PPTP <PASSWORD> *

My configuration file simply has the following entry. If you’re using iPortal, your username is normally your email address.


me@andrewpike.co.uk PPTP kw3VX5uigjgf *

Now create a file in /etc/ppp/peers. The name is not important.

sudo nano /etc/ppp/peers/iPortal

Now enter your connection details again like so. You may need to find out the host server name (connect2iportal.co.uk) from your provider. Name, is your your username. Remember to prepend the domain (\\somedomain.com) if required.

pty "pptp connect2iportal.co.uk --nolaunchpppd"
name me@andrewpike.co.uk
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam iPortal

The ipparam is the name of your VPN connection. This should be the same name of the file you recreated earlier in /etc/ppp/peers. Some providers may require “require-mppe” in place of “require-mppe-128“.

Test Connection

To test, use the pon command followed by the name of your VPN connection. The other information is useful for debugging connection issues.

sudo pon iPortal debug dump logfd 2 nodetach

A successful connection should look something like:

osmc@osmc:~$ sudo pon iPortal debug dump logfd 2 nodetach
pppd options in effect:
debug           # (from command line)
nodetach                # (from command line)
logfd 2         # (from command line)
dump            # (from command line)
noauth          # (from /etc/ppp/options.pptp)
refuse-pap              # (from /etc/ppp/options.pptp)
refuse-chap             # (from /etc/ppp/options.pptp)
refuse-mschap           # (from /etc/ppp/options.pptp)
refuse-eap              # (from /etc/ppp/options.pptp)
name cypike@btconnect.com               # (from /etc/ppp/peers/iPortal)
remotename PPTP         # (from /etc/ppp/peers/iPortal)
                # (from /etc/ppp/options.pptp)
pty pptp connect2iportal.co.uk --nolaunchpppd           # (from /etc/ppp/peers/iPortal)
crtscts         # (from /etc/ppp/options)
                # (from /etc/ppp/options)
asyncmap 0              # (from /etc/ppp/options)
lcp-echo-failure 4              # (from /etc/ppp/options)
lcp-echo-interval 30            # (from /etc/ppp/options)
hide-password           # (from /etc/ppp/options)
ipparam iPortal         # (from /etc/ppp/peers/iPortal)
nobsdcomp               # (from /etc/ppp/options.pptp)
nodeflate               # (from /etc/ppp/options.pptp)
require-mppe-128                # (from /etc/ppp/peers/iPortal)
noipx           # (from /etc/ppp/options)
using channel 1
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xfc34bc4b> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth eap> <magic 0x72c91c98> <pcomp> <accomp> <callback CBCP> <mrru 1614> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP ConfRej id=0x0 <callback CBCP> <mrru 1614>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xfc34bc4b> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <mru 1400> <auth eap> <magic 0x72c91c98> <pcomp> <accomp> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP ConfNak id=0x1 <auth chap MS-v2>]
rcvd [LCP ConfReq id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x72c91c98> <pcomp> <accomp> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP ConfAck id=0x2 <mru 1400> <auth chap MS-v2> <magic 0x72c91c98> <pcomp> <accomp> <endpoint [local:cd.01.ad.7a.1e.78.47.8f.99.0d.63.36.2a.f3.e1.e5.00.00.00.00]>]
sent [LCP EchoReq id=0x0 magic=0xfc34bc4b]
rcvd [CHAP Challenge id=0x0 <8adc771b8bafde36f1ef9dd9bc3253c1>, name = "SERVER5955"]
added response cache entry 0
sent [CHAP Response id=0x0 <aa362ea5ed92909ba0a813f6ba6b358f0000000000000000b0c4dc10e810cc54a48717df07a15846da629c63d8b9ce3d00>, name = "me@andrewpike.co.uk"]
rcvd [LCP EchoRep id=0x0 magic=0x72c91c98]
rcvd [CHAP Success id=0x0 "S=B4453B93CA28DC23F07704FE63A06DB0AE569B1E"]
response found in cache (entry 0)
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x4 <mppe +H -M -S -L -D +C>]
sent [CCP ConfNak id=0x4 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x5 <addr 10.0.102.1>]
sent [IPCP TermAck id=0x5]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr 10.0.102.5>]
sent [IPCP ConfReq id=0x3 <addr 10.0.102.5>]
rcvd [IPCP ConfAck id=0x3 <addr 10.0.102.5>]
rcvd [IPCP ConfReq id=0x7 <addr 10.0.102.1>]
sent [IPCP ConfAck id=0x7 <addr 10.0.102.1>]
local  IP address 10.0.102.5
remote IP address 10.0.102.1
Script /etc/ppp/ip-up started (pid 653)
Script /etc/ppp/ip-up finished (pid 653), status = 0x0

To stop it, use Ctrl + C or the below command from anther terminal.

sudo poff iPortal

Route Traffic Through VPN

Once you have successfully connected to your VPN provider, you now need to route your traffic through it. Before doing that, you might want to make a note of your public IP address first. You can do this from the command line with the curl command. This should return the IP address of your ISP.

osmc@osmc:~$ curl -4 icanhazip.com
86.151.208.153

Now reconnect to your VPN with the following command.

sudo pon iPortal

Wait a few seconds and then route your traffic through the VPN.

sudo route add default dev ppp0

Now check your public IP address again. If all when well – it should now be the IP address of your VPN provider!

osmc@osmc:~$ curl -4 icanhazip.com
72.98.247.13

Your VPN is now working!

Automation

Now we have to automate the process. I created two scripts with 755 permissions

osmc@osmc:/myscripts$ ls -l
total 8
-rwxrwxr-x 1 osmc osmc 134 Aug 12 21:01 iPortal_connect.sh
-rwxrwxr-x 1 osmc osmc 114 Aug 12 21:01 iPortal_disconnect.sh

The iPortal_connect.sh file looks like the following.

#!/bin/bash

sudo pon iPortal
sleep 10
sudo route add default dev ppp0
echo "VPN Connected: $(curl --silent -4 http://icanhazip.com)"

And the iPortal_disconnect.sh looks like.

#!/bin/bash

sudo poff iPortal
sleep 2
IP="$(curl --silent -4 http://icanhazip.com)"
echo "VPN Disconnected: $IP"

Here’s the output from executing these scripts.

osmc@osmc:/myscripts$ ./iPortal_connect.sh
VPN Connected: 72.98.247.13
osmc@osmc:/myscripts$ ./iPortal_disconnect.sh
VPN Disconnected: 86.151.208.153

Launch Scripts from within OSMC

The guide I’m following uses the Advanced Launcher plugin for OSMC. Sadly it was at this point that I realised that Advanced Launcher seems to have died a horrible death and is not available any more! I will need to do a bit more research on this one it looks like – I don’t think my folks will be SSH’ing into the Pi to execute a script each time they want to watch the news lol!!!

Related Documents

http://www.iportal.me/

iPortal VPN Review

http://forum.osmc.tv/showthread.php?tid=1754

https://wiki.archlinux.org/index.php/PPTP_VPN_client_setup_with_pptpclient

https://github.com/Angelscry/plugin.program.advanced.launcher