From me at tha.net Sun Aug 1 01:34:07 1999 From: me at tha.net (meridian) Date: Sun Aug 1 01:34:07 1999 Subject: [pptp-server] ppp_mppe.o: unresolved symbol RC4_set_key Message-ID: <000801bedbe7$0fd099d0$966138cb@thief.net> hi, i ran the kinstall.sh script to add ppp_mppe support to the kernel, and it compiled the ppp_mppe without any errors. after installing the modules, and rebooting (ppp is compiled into the kernel not as a module), i ran insmod ppp_mppe to install the module for mppe and got this error /lib/modules/2.2.10/net/ppp_mppe.o: unresolved symbol RC4_set_key i copied all the seemingly necessary rc4 files (from openssl 0.9.3a source) into /usr/src/linux/drivers/net before compiling the kernel. so i do not know what exactly is causing this. anyone able to help me out from here? thanks meridian me at NOSPAM.tha.net -------------- next part -------------- A non-text attachment was scrubbed... Name: meridian.vcf Type: text/x-vcard Size: 225 bytes Desc: not available URL: From tmk at netmagic.net Sun Aug 1 01:56:35 1999 From: tmk at netmagic.net (tmk) Date: Sun Aug 1 01:56:35 1999 Subject: [pptp-server] ppp_mppe.o: unresolved symbol RC4_set_key References: <000801bedbe7$0fd099d0$966138cb@thief.net> Message-ID: <001201bedbeb$718cc140$011c0fc0@lala.net> where did you get your rc4 source from? you need extra files if you don't get it from the spot listed in the readme.. Kevin ----- Original Message ----- From: meridian To: Sent: Saturday, July 31, 1999 11:28 PM Subject: [pptp-server] ppp_mppe.o: unresolved symbol RC4_set_key > hi, > i ran the kinstall.sh script to add ppp_mppe support to the kernel, and it > compiled the ppp_mppe without any errors. after installing the modules, and > rebooting (ppp is compiled into the kernel not as a module), i ran insmod > ppp_mppe to install the module for mppe and got this error > > /lib/modules/2.2.10/net/ppp_mppe.o: unresolved symbol RC4_set_key > > i copied all the seemingly necessary rc4 files (from openssl 0.9.3a source) > into /usr/src/linux/drivers/net before compiling the kernel. so i do not > know what exactly is causing this. > > anyone able to help me out from here? > > thanks > > meridian > me at NOSPAM.tha.net > > > > From naclos at swbell.net Sun Aug 1 14:18:34 1999 From: naclos at swbell.net (Andy Carlson) Date: Sun Aug 1 14:18:34 1999 Subject: [pptp-server] ppp_mppe.o: unresolved symbol RC4_set_key In-Reply-To: <000801bedbe7$0fd099d0$966138cb@thief.net> Message-ID: add #include "rc4_skey.c" to the ppp_mppe.c (and of course, copy that rc.4 file there also) Andy Carlson |\ _,,,---,,_ naclos at swbell.net ZZZzz /,`.-'`' -. ;-;;,_ BJC Health System |,4- ) )-,_. ,\ ( `'-' St. Louis, Missouri '---''(_/--' `-'_) Cat Pics: http://andyc.dyndns.org On Sun, 1 Aug 1999, meridian wrote: > hi, > i ran the kinstall.sh script to add ppp_mppe support to the kernel, and it > compiled the ppp_mppe without any errors. after installing the modules, and > rebooting (ppp is compiled into the kernel not as a module), i ran insmod > ppp_mppe to install the module for mppe and got this error > > /lib/modules/2.2.10/net/ppp_mppe.o: unresolved symbol RC4_set_key > > i copied all the seemingly necessary rc4 files (from openssl 0.9.3a source) > into /usr/src/linux/drivers/net before compiling the kernel. so i do not > know what exactly is causing this. > > anyone able to help me out from here? > > thanks > > meridian > me at NOSPAM.tha.net > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: meridian.vcf Type: text/x-vcard Size: 225 bytes Desc: URL: From srhodes at cpinternet.com Sun Aug 1 19:05:23 1999 From: srhodes at cpinternet.com (Steve Rhodes) Date: Sun Aug 1 19:05:23 1999 Subject: [pptp-server] PopTop w/ MPPE dosen't work with NT4 client? References: <199907302147.OAA02085@newyork.labj.com> <37A2E32C.A8463390@cpinternet.com> Message-ID: <37A4D2A2.FE4E03D1@cpinternet.com> I have tested the folowing patch running an NT client against the PoPToP server successfully. ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/pptp3-fix/pptpfixi.exe It looks like this fix is included in the Service Hack 4 update. Steve Rhodes wrote: > I don't have an NT machine to test with, but I suspect that this is an issue > similar to what happened with Windows 98. You have to run an upgrade against > the machine to get the encryption working. Seems like the original version of > PPTP from Microsoft was not implemented properly, and they went through an > iteration to get it write. The most promising lead I found on the Microsoft > site: > > http://support.microsoft.com/support/kb/articles/Q167/0/40.ASP > > >From the Microsoft site: > > "A new historyless mode for encryption and compression over PPTP connections has > been enabled in this update. This new mode solves performance problems > encountered using PPTP in high latency networks or networks that experience > significant packet loss. This upgrade is fully compatible with legacy PPTP > systems. However, in order to negotiate historyless mode, both the PPTP client > and server must support it. If either client or server refuses the new mode, > normal MPPE compression and encryption will be negotiated. To experience the > full benefit of the PPTP performance update, this Update must be installed on > both Windows NTclients and servers. " > > Please let us know if you get it working. > > water at labj.com wrote: > > > Has anybody tried PopTop w/ MPPE against WinNT clients? I tried, but no luck. > > The connection can be successfully established, but both ends just don't > > understand the encrypted frames from the other. Any hints to solve this > > problem? Thanks > > > > Jim > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From brian at eplazaonline.com Sun Aug 1 20:39:31 1999 From: brian at eplazaonline.com (Brian west) Date: Sun Aug 1 20:39:31 1999 Subject: [pptp-server] (no subject) Message-ID: <001701bedc86$c9bba980$0200a8c0@bkw.org> Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control connection started Aug 1 15:35:49 www pptpd[8476]: CTRL: Starting call (launching pppd, opening GRE) Aug 1 15:35:49 www pppd[8477]: pppd 2.3.8 started by root, uid 0 Aug 1 15:35:49 www pppd[8477]: Using interface ppp0 Aug 1 15:35:49 www pppd[8477]: Connect: ppp0 <--> /dev/pts/4 Aug 1 15:35:49 www pppd[8477]: No CHAP secret found for authenticating \\user Aug 1 15:35:49 www pppd[8477]: MSCHAP peer authentication failed for remote host \\user Aug 1 15:35:49 www pppd[8477]: Connection terminated. Aug 1 15:35:49 www pppd[8477]: Exit. Aug 1 15:35:49 www pptpd[8476]: GRE: read(fd=6,buffer=804d380,len=8196) from PTY failed: status = -1 error = Input/output error Aug 1 15:35:49 www pptpd[8476]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control connection finished Ok what is the format of the chap-secrets file I cant seem to get it to auth now! Thanks, Brian From matthewr at moreton.com.au Sun Aug 1 21:00:21 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Sun Aug 1 21:00:21 1999 Subject: [pptp-server] (no subject) References: <001701bedc86$c9bba980$0200a8c0@bkw.org> Message-ID: <37A4FA7A.CC5BDC2E@moreton.com.au> I usually have mine setup like this (from memory): /etc/ppp/chap-secrets DOMAIN\\username servername password * /etc/ppp/options.pptp name servername I think the correct way to do it may be this tho: /etc/ppp/chap-secrets DOMAIN\\username servername password * /etc/ppp/options.pptp name DOMAIN\\username user DOMAIN\\username remotename servername I think both would work...? btw, I seem to recall reading somewhere that the chap-secrets file should also reverse the order .. eg. DOMAIN\\username servername password * servername DOMAIN\\username password * don't know why that is... anyone have any further comments? cheers, -matt Brian west wrote: > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > connection started > Aug 1 15:35:49 www pptpd[8476]: CTRL: Starting call (launching pppd, > opening GRE) > Aug 1 15:35:49 www pppd[8477]: pppd 2.3.8 started by root, uid 0 > Aug 1 15:35:49 www pppd[8477]: Using interface ppp0 > Aug 1 15:35:49 www pppd[8477]: Connect: ppp0 <--> /dev/pts/4 > Aug 1 15:35:49 www pppd[8477]: No CHAP secret found for authenticating > \\user > Aug 1 15:35:49 www pppd[8477]: MSCHAP peer authentication failed for remote > host \\user > Aug 1 15:35:49 www pppd[8477]: Connection terminated. > Aug 1 15:35:49 www pppd[8477]: Exit. > Aug 1 15:35:49 www pptpd[8476]: GRE: read(fd=6,buffer=804d380,len=8196) > from PTY failed: status = -1 error = Input/output error > Aug 1 15:35:49 www pptpd[8476]: CTRL: PTY read or GRE write failed > (pty,gre)=(6,7) > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > connection finished > > Ok what is the format of the chap-secrets file I cant seem to get it to auth > now! > > Thanks, > Brian > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From tmk at netmagic.net Sun Aug 1 21:04:02 1999 From: tmk at netmagic.net (tmk) Date: Sun Aug 1 21:04:02 1999 Subject: [pptp-server] (no subject) References: <001701bedc86$c9bba980$0200a8c0@bkw.org> <37A4FA7A.CC5BDC2E@moreton.com.au> Message-ID: <001501bedc8b$c0a73120$011c0fc0@lala.net> I dislike putting the name and servername in the ppp options file, as it forces you to use only one user for the program.. could be useful in SOME circumstances, but not for me :) Kevin ----- Original Message ----- From: Matthew Ramsay To: Brian west Cc: Sent: Sunday, August 01, 1999 6:55 PM Subject: Re: [pptp-server] (no subject) > I usually have mine setup like this (from memory): > > /etc/ppp/chap-secrets > DOMAIN\\username servername password * > > /etc/ppp/options.pptp > name servername > > I think the correct way to do it may be this tho: > /etc/ppp/chap-secrets > DOMAIN\\username servername password * > > /etc/ppp/options.pptp > name DOMAIN\\username > user DOMAIN\\username > remotename servername > > I think both would work...? btw, I seem to recall reading somewhere that > the chap-secrets file should also reverse the order .. eg. > DOMAIN\\username servername password * > servername DOMAIN\\username password * > > don't know why that is... anyone have any further comments? > > cheers, > -matt > > Brian west wrote: > > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > > connection started > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Starting call (launching pppd, > > opening GRE) > > Aug 1 15:35:49 www pppd[8477]: pppd 2.3.8 started by root, uid 0 > > Aug 1 15:35:49 www pppd[8477]: Using interface ppp0 > > Aug 1 15:35:49 www pppd[8477]: Connect: ppp0 <--> /dev/pts/4 > > Aug 1 15:35:49 www pppd[8477]: No CHAP secret found for authenticating > > \\user > > Aug 1 15:35:49 www pppd[8477]: MSCHAP peer authentication failed for remote > > host \\user > > Aug 1 15:35:49 www pppd[8477]: Connection terminated. > > Aug 1 15:35:49 www pppd[8477]: Exit. > > Aug 1 15:35:49 www pptpd[8476]: GRE: read(fd=6,buffer=804d380,len=8196) > > from PTY failed: status = -1 error = Input/output error > > Aug 1 15:35:49 www pptpd[8476]: CTRL: PTY read or GRE write failed > > (pty,gre)=(6,7) > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > > connection finished > > > > Ok what is the format of the chap-secrets file I cant seem to get it to auth > > now! > > > > Thanks, > > Brian > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From MarshallJ at switch.aust.com Sun Aug 1 22:06:39 1999 From: MarshallJ at switch.aust.com (Marshall, Joshua) Date: Sun Aug 1 22:06:39 1999 Subject: [pptp-server] PPTP Authentication Message-ID: <1D5D8EC2A0ADD111BE6C00A0C95AAE4E238835@server2.ussbris> Hi All, I've got a Linux box running PPTP and am trying to use an NT Server for authentication of incoming connections. I notice that PPTP uses the CHAP protocol, which sends and encrypted key which is matched by the secret after encryption before authentication is deemed successful. I can test a username/password combination from the NT Server, but I only get username and encrypted secret. Has anyone any ideas on how to make it either use PAP or how to authenticate to the NT Server using CHAP? Regards, Josh Marshall. From brian at eplazaonline.com Mon Aug 2 00:10:07 1999 From: brian at eplazaonline.com (Brian west) Date: Mon Aug 2 00:10:07 1999 Subject: [pptp-server] CHAP still not working! References: <001701bedc86$c9bba980$0200a8c0@bkw.org> <37A4FA7A.CC5BDC2E@moreton.com.au> Message-ID: <004a01bedca4$2f05a940$0200a8c0@bkw.org> This still will not work! I have tried it all! with ZERO luck /etc/ppp/options debug auth name bkw remotename bkw <- This causes it all to die and give error require-chap proxyarp lock +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/ppp/chap-secrets # Secrets for authentication using # client server secret IP addresses bkw\\bkw bkw test * bkw\\wguy bkw test * bkw bkw\\bkw test * <- This doesnt work either wguy bkw\\wguy test * I need this to work with multi users any Ideas?? thanks, Brian ----- Original Message ----- From: Matthew Ramsay To: Brian west Cc: Sent: Sunday, August 01, 1999 8:55 PM Subject: Re: [pptp-server] (no subject) > I usually have mine setup like this (from memory): > > /etc/ppp/chap-secrets > DOMAIN\\username servername password * > > /etc/ppp/options.pptp > name servername > > I think the correct way to do it may be this tho: > /etc/ppp/chap-secrets > DOMAIN\\username servername password * > > /etc/ppp/options.pptp > name DOMAIN\\username > user DOMAIN\\username > remotename servername > > I think both would work...? btw, I seem to recall reading somewhere that > the chap-secrets file should also reverse the order .. eg. > DOMAIN\\username servername password * > servername DOMAIN\\username password * > > don't know why that is... anyone have any further comments? > > cheers, > -matt > > Brian west wrote: > > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > > connection started > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Starting call (launching pppd, > > opening GRE) > > Aug 1 15:35:49 www pppd[8477]: pppd 2.3.8 started by root, uid 0 > > Aug 1 15:35:49 www pppd[8477]: Using interface ppp0 > > Aug 1 15:35:49 www pppd[8477]: Connect: ppp0 <--> /dev/pts/4 > > Aug 1 15:35:49 www pppd[8477]: No CHAP secret found for authenticating > > \\user > > Aug 1 15:35:49 www pppd[8477]: MSCHAP peer authentication failed for remote > > host \\user > > Aug 1 15:35:49 www pppd[8477]: Connection terminated. > > Aug 1 15:35:49 www pppd[8477]: Exit. > > Aug 1 15:35:49 www pptpd[8476]: GRE: read(fd=6,buffer=804d380,len=8196) > > from PTY failed: status = -1 error = Input/output error > > Aug 1 15:35:49 www pptpd[8476]: CTRL: PTY read or GRE write failed > > (pty,gre)=(6,7) > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > > connection finished > > > > Ok what is the format of the chap-secrets file I cant seem to get it to auth > > now! > > > > Thanks, > > Brian > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! From matthewr at moreton.com.au Mon Aug 2 02:18:35 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Aug 2 02:18:35 1999 Subject: [pptp-server] CHAP still not working! References: <001701bedc86$c9bba980$0200a8c0@bkw.org> <37A4FA7A.CC5BDC2E@moreton.com.au> <004a01bedca4$2f05a940$0200a8c0@bkw.org> Message-ID: <37A54515.FB3C9A51@moreton.com.au> Brian, How about you send me pppd's debug info.. simply saying "this still will not work" doesn't get you far. If you got the exact error message as your last message then you could say as much. secondly, did you even follow my instructions from last time? from looking at your files I would say not!! finally, what client are you using (NT or 9x)? and what settings do you have? Are you specifically trying to get authenticated with MSCHAP? if so.. you probably don't need require-chap in your options file (?). Cheers, Matt Brian west wrote: > > This still will not work! I have tried it all! with ZERO luck > > /etc/ppp/options > debug > auth > name bkw > remotename bkw <- This causes it all to die and give error > require-chap > proxyarp > lock > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > /etc/ppp/chap-secrets > # Secrets for authentication using > # client server secret IP addresses > bkw\\bkw bkw test * > bkw\\wguy bkw test * > bkw bkw\\bkw test * <- This doesnt work either > wguy bkw\\wguy test * > > I need this to work with multi users any Ideas?? > > thanks, > Brian > > ----- Original Message ----- > From: Matthew Ramsay > To: Brian west > Cc: > Sent: Sunday, August 01, 1999 8:55 PM > Subject: Re: [pptp-server] (no subject) > > > I usually have mine setup like this (from memory): > > > > /etc/ppp/chap-secrets > > DOMAIN\\username servername password * > > > > /etc/ppp/options.pptp > > name servername > > > > I think the correct way to do it may be this tho: > > /etc/ppp/chap-secrets > > DOMAIN\\username servername password * > > > > /etc/ppp/options.pptp > > name DOMAIN\\username > > user DOMAIN\\username > > remotename servername > > > > I think both would work...? btw, I seem to recall reading somewhere that > > the chap-secrets file should also reverse the order .. eg. > > DOMAIN\\username servername password * > > servername DOMAIN\\username password * > > > > don't know why that is... anyone have any further comments? > > > > cheers, > > -matt > > > > Brian west wrote: > > > > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > > > connection started > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Starting call (launching pppd, > > > opening GRE) > > > Aug 1 15:35:49 www pppd[8477]: pppd 2.3.8 started by root, uid 0 > > > Aug 1 15:35:49 www pppd[8477]: Using interface ppp0 > > > Aug 1 15:35:49 www pppd[8477]: Connect: ppp0 <--> /dev/pts/4 > > > Aug 1 15:35:49 www pppd[8477]: No CHAP secret found for authenticating > > > \\user > > > Aug 1 15:35:49 www pppd[8477]: MSCHAP peer authentication failed for > remote > > > host \\user > > > Aug 1 15:35:49 www pppd[8477]: Connection terminated. > > > Aug 1 15:35:49 www pppd[8477]: Exit. > > > Aug 1 15:35:49 www pptpd[8476]: GRE: read(fd=6,buffer=804d380,len=8196) > > > from PTY failed: status = -1 error = Input/output error > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: PTY read or GRE write failed > > > (pty,gre)=(6,7) > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > > > connection finished > > > > > > Ok what is the format of the chap-secrets file I cant seem to get it to > auth > > > now! > > > > > > Thanks, > > > Brian > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulte.org! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From tmk at netmagic.net Mon Aug 2 02:30:14 1999 From: tmk at netmagic.net (tmk) Date: Mon Aug 2 02:30:14 1999 Subject: [pptp-server] CHAP still not working! References: <001701bedc86$c9bba980$0200a8c0@bkw.org> <37A4FA7A.CC5BDC2E@moreton.com.au> <004a01bedca4$2f05a940$0200a8c0@bkw.org> Message-ID: <002b01bedcb9$614317c0$011c0fc0@lala.net> ok, remotename is the username, name is the server name, so name bkw and remotename bkw mean the options line should be: bkw bkw test * you might also need to try (assuming name bkw option is used, and log on to domain is checked on the windows box, and the domain is bkw, username bkw bkw\\\\bkw bkw test * as sometimes \'s need to be escaped otherwise just do: username linux-server-name pass * [note no \\ in username] Kevin > This still will not work! I have tried it all! with ZERO luck > > /etc/ppp/options > debug > auth > name bkw > remotename bkw <- This causes it all to die and give error > require-chap > proxyarp > lock > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > /etc/ppp/chap-secrets > # Secrets for authentication using > # client server secret IP addresses > bkw\\bkw bkw test * > bkw\\wguy bkw test * > bkw bkw\\bkw test * <- This doesnt work either > wguy bkw\\wguy test * > > I need this to work with multi users any Ideas?? > > thanks, > Brian > > > > > > ----- Original Message ----- > From: Matthew Ramsay > To: Brian west > Cc: > Sent: Sunday, August 01, 1999 8:55 PM > Subject: Re: [pptp-server] (no subject) > > > > I usually have mine setup like this (from memory): > > > > /etc/ppp/chap-secrets > > DOMAIN\\username servername password * > > > > /etc/ppp/options.pptp > > name servername > > > > I think the correct way to do it may be this tho: > > /etc/ppp/chap-secrets > > DOMAIN\\username servername password * > > > > /etc/ppp/options.pptp > > name DOMAIN\\username > > user DOMAIN\\username > > remotename servername > > > > I think both would work...? btw, I seem to recall reading somewhere that > > the chap-secrets file should also reverse the order .. eg. > > DOMAIN\\username servername password * > > servername DOMAIN\\username password * > > > > don't know why that is... anyone have any further comments? > > > > cheers, > > -matt > > > > Brian west wrote: > > > > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > > > connection started > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Starting call (launching pppd, > > > opening GRE) > > > Aug 1 15:35:49 www pppd[8477]: pppd 2.3.8 started by root, uid 0 > > > Aug 1 15:35:49 www pppd[8477]: Using interface ppp0 > > > Aug 1 15:35:49 www pppd[8477]: Connect: ppp0 <--> /dev/pts/4 > > > Aug 1 15:35:49 www pppd[8477]: No CHAP secret found for authenticating > > > \\user > > > Aug 1 15:35:49 www pppd[8477]: MSCHAP peer authentication failed for > remote > > > host \\user > > > Aug 1 15:35:49 www pppd[8477]: Connection terminated. > > > Aug 1 15:35:49 www pppd[8477]: Exit. > > > Aug 1 15:35:49 www pptpd[8476]: GRE: read(fd=6,buffer=804d380,len=8196) > > > from PTY failed: status = -1 error = Input/output error > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: PTY read or GRE write failed > > > (pty,gre)=(6,7) > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > > > connection finished > > > > > > Ok what is the format of the chap-secrets file I cant seem to get it to > auth > > > now! > > > > > > Thanks, > > > Brian > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulte.org! > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From thor at advance-it.com Mon Aug 2 10:28:55 1999 From: thor at advance-it.com (Thor Johnson) Date: Mon Aug 2 10:28:55 1999 Subject: [pptp-server] Everything looks right, but I can't connect (NT client) In-Reply-To: <001501bedc8b$c0a73120$011c0fc0@lala.net> Message-ID: It starts, and listens. When I dial in, it connects, but doesn't authenticate (nothing special about the logs... see below). Linux Mandrake 5.2, krnl 2.2.10 +FreeS/Wan patches (unix to unix connectivity), masq:ipchains eth0: NePCI, Public network eth1: Tulip, Private network [192.0.3.x] Network Cards & PPP in kernel (not modules). What did I miss? TIA, Thor Johnson Output of /var/messages: Jul 31 11:05:17 gatekeeper pptpd[1059]: CTRL: Starting call (launching pppd, ope ning GRE) Jul 31 11:05:17 gatekeeper pppd[1060]: pppd 2.3.7 started by root, uid 0 Jul 31 11:05:17 gatekeeper pppd[1060]: Using interface ppp0 Jul 31 11:05:17 gatekeeper pppd[1060]: Connect: ppp0 <--> /dev/pts/3 Jul 31 11:05:19 gatekeeper pptpd[1059]: CTRL: Error with select(), quitting Jul 31 11:05:19 gatekeeper pptpd[1059]: CTRL: Client 207.211.115.62 control conn ection finished Jul 31 11:05:19 gatekeeper pppd[1060]: Modem hangup Jul 31 11:05:19 gatekeeper pppd[1060]: Connection terminated. Jul 31 11:05:19 gatekeeper pppd[1060]: Connect time 0.1 minutes. Jul 31 11:05:19 gatekeeper pppd[1060]: Exit. Jul 31 11:08:12 gatekeeper pptpd[1070]: MGR: Manager process started Jul 31 11:08:22 gatekeeper pptpd[1071]: CTRL: Client 207.211.115.62 control conn ection started Jul 31 11:08:22 gatekeeper pptpd[1071]: CTRL: Starting call (launching pppd, ope ning GRE) Jul 31 11:08:22 gatekeeper pppd[1072]: pppd 2.3.7 started by root, uid 0 Jul 31 11:08:22 gatekeeper pppd[1072]: Using interface ppp0 Jul 31 11:08:22 gatekeeper pppd[1072]: Connect: ppp0 <--> /dev/pts/3 Jul 31 11:08:52 gatekeeper pptpd[1071]: GRE: read(fd=4,buffer=804d440,len=8196) from PTY failed: status = -1 error = Input/output error Jul 31 11:08:52 gatekeeper pptpd[1071]: CTRL: PTY read or GRE write failed (pty, gre)=(4,5) Jul 31 11:08:52 gatekeeper pptpd[1071]: CTRL: Client 207.211.115.62 control conn ection finished Jul 31 11:08:52 gatekeeper pppd[1072]: LCP: timeout sending Config-Requests Jul 31 11:08:52 gatekeeper pppd[1072]: Connection terminated. Jul 31 11:08:52 gatekeeper pppd[1072]: Connect time 0.5 minutes. Jul 31 11:08:52 gatekeeper pppd[1072]: Exit. -------------=--------------- /etc/pptpd.conf: ############################################################################ #### # # Sample PoPToP configuration file # # for PoPToP version 0.9.4 # ############################################################################ #### # TAG: speed # # Specifies the speed for the PPP daemon to talk at. # #speed 115200 # TAG: option # # Specifies the location of the PPP options file. # By default PPP looks in '/etc/ppp/options' # #option /this/is/the/options/file # TAG: debug # # Turns on (more) debugging to syslog # #debug # TAG: localip # TAG: remoteip # # Specifies the local and remote IP address ranges. # # You can specify single IP addresses seperated by commas or you can # specify ranges, or both. For example: # # 192.168.0.234,192.168.0.245-249,192.168.0.254 # # IMPORTANT RESTRICTIONS: # # 1. No spaces are permitted between commas or within addresses. # # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, # you must type 234-238 if you mean this. # # 4. If you give a single localIP, that's ok - all local IPs will # be set to the given one. You MUST still give at least one remote # IP for each simultaneous client. # localip 192.0.3.234-238 remoteip 192.168.1.234-238 -------------=--------------- /etc/ppp/options: lock debug name gatekeeper auth require-chap proxyarp -------------=--------------- /etc/ppp/chap-secrets: # Secrets for authentication using CHAP # client server secret IP addresses rift gatekeeper rooft * From woodruff at ao.net Mon Aug 2 12:26:53 1999 From: woodruff at ao.net (Eric M. Woodruff) Date: Mon Aug 2 12:26:53 1999 Subject: [pptp-server] auth Message-ID: <001401bedd0c$316fd030$0200a8c0@Kenny> This is what I get when PopTop (VPN) starts pptpd[2085]: MGR: Manager process started pptpd[2085]: MGR: Couldn't create host socket and with the ppp/options "auth" I can't connect to my ISP pppd[680]: The remote system (ppp0) is required to autthenticate itself = but I pppd[680]: couldn't find any suitable secret (password) for it to use to = do so. Any ideas? Eric Woodruff woodruff at ao.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From rowl at earthcorp.com Mon Aug 2 15:26:49 1999 From: rowl at earthcorp.com (Michael St. Laurent) Date: Mon Aug 2 15:26:49 1999 Subject: [pptp-server] PDC Authentication? Message-ID: <3.0.6.32.19990802132444.00915bb0@guardian.hartwellcorp.com> Are there any plans to add authentication against an NT PDC instead of the secrets file? It would make administration a lot easier. -------------------- Michael St. Laurent Hartwell Corporation From kev at WPI.EDU Mon Aug 2 16:03:34 1999 From: kev at WPI.EDU (Kevin Amorin) Date: Mon Aug 2 16:03:34 1999 Subject: FW: [pptp-server] PDC Authentication? In-Reply-To: <7CD674FF54FBD21181D800805F57CD54F62D13@RED-MSG-44> Message-ID: I had the same question, what I came up with is using portslave's pppd-radius to authentication to a win2k IAS (internet auth service - windows radius) which will do windows domain auth. There is also the nt 4 option pack that you can download from MS which contains IAS. Limitation to this is that I haven't been able to patch portslave's version of pppd with the mschap patch. Wonder if anyone had some spare time you could set up a patch for pppd-radius that would allow mschap v2. Thanks Kev On Mon, 2 Aug 1999, David Slorah (Volt Computer) wrote: > > > -----Original Message----- > From: Michael St. Laurent [mailto:rowl at earthcorp.com] > Sent: Monday, August 02, 1999 1:25 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] PDC Authentication? > > > Are there any plans to add authentication against an NT PDC instead of the > secrets file? It would make administration a lot easier. > > -------------------- > Michael St. Laurent > Hartwell Corporation > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From Tim.Beacham at LifePointHospitals.com Mon Aug 2 16:42:02 1999 From: Tim.Beacham at LifePointHospitals.com (Beacham Tim P) Date: Mon Aug 2 16:42:02 1999 Subject: [pptp-server] Please help.. Message-ID: <413E5FCC63D9D111956600805F31383201B87CB9@nasex01.columbia.net> Hello all.. I am new to pptp so I am probably doing something wrong here... I have a couple of issues with getting connected. I am able to connect if I am using Windows 95 using the updated DUN version 1.3. When I am connected, I can not ping anything on the subnet. I am sure I need to do something else. I thought it had something to do with the subnet I was assigned when connected. I reconfigured the Linux box to 192.168.0.7 - 255.255.255.0 so it would be on the same subnet as the server that I need to be able to access: 192.168.0.2 (NT Box..).. Also, I am unable to connect with my Win98 box that is masqueraded behind a Linux router, is this an issue? I had someone on dial-up test with Win98 and he could connect (after uninstalling DUN and reinstalling like someone suggested). Here are files and logs.. Sorry to dump them but I thought they may shed some light on what I am doing wrong. /etc/pptpd.conf: speed 115200 localip 192.168.0.100 remoteip 192.168.0.101-254 netmask 255.255.0.0 <-- Still sets netmask as 255.255.255.0 though! /etc/ppp/options: debug require-chap name ticlnx2 auth proxyarp /etc/ppp/chap-secrets: billy ticlnx2 pass * \\my_domain\billy ticlnx2 pass * /var/log/pptpd.log: Aug 3 02:27:11 ticlnx2 pptpd[3538]: CTRL: Client 209.86.155.89 control connection started Aug 3 02:27:14 ticlnx2 pptpd[3538]: CTRL: Starting call (launching pppd, opening GRE) Aug 3 02:27:14 ticlnx2 pppd[3539]: pppd 2.3.8 started by root, uid 0 Aug 3 02:27:14 ticlnx2 pppd[3539]: Using interface ppp0 Aug 3 02:27:14 ticlnx2 pppd[3539]: Connect: ppp0 <--> /dev/pts/0 Aug 3 02:27:14 ticlnx2 pppd[3539]: sent [LCP ConfReq id=0x1 ] Aug 3 02:27:14 ticlnx2 pppd[3539]: rcvd [LCP ConfReq id=0x1 ] Aug 3 02:27:14 ticlnx2 pppd[3539]: sent [LCP ConfAck id=0x1 ] Aug 3 02:27:15 ticlnx2 pppd[3539]: rcvd [LCP ConfAck id=0x1 ] Aug 3 02:27:15 ticlnx2 pppd[3539]: sent [CHAP Challenge id=0x1 , name = "ticlnx2"] Aug 3 02:27:15 ticlnx2 pppd[3539]: rcvd [CHAP Response id=0x1 <8bb93c009c0efdf94fb39541aac7ca9e>, name = "billy"] Aug 3 02:27:15 ticlnx2 pppd[3539]: sent [CHAP Success id=0x1 "Welcome to ticlnx2."] Aug 3 02:27:15 ticlnx2 pppd[3539]: sent [IPCP ConfReq id=0x1 ] Aug 3 02:27:15 ticlnx2 pppd[3539]: sent [CCP ConfReq id=0x1 ] Aug 3 02:27:15 ticlnx2 pppd[3539]: CHAP peer authentication succeeded for billy Aug 3 02:27:15 ticlnx2 pppd[3539]: rcvd [IPCP ConfReq id=0x1 ] Aug 3 02:27:15 ticlnx2 pppd[3539]: sent [IPCP ConfRej id=0x1 ] Aug 3 02:27:18 ticlnx2 pppd[3539]: sent [IPCP ConfReq id=0x1 ] Aug 3 02:27:18 ticlnx2 pppd[3539]: sent [CCP ConfReq id=0x1 ] Aug 3 02:27:21 ticlnx2 pppd[3539]: rcvd [IPCP ConfReq id=0x2 ] Aug 3 02:27:21 ticlnx2 pppd[3539]: sent [IPCP ConfNak id=0x2 ] Aug 3 02:27:21 ticlnx2 pppd[3539]: rcvd [IPCP ConfReq id=0x3 ] Aug 3 02:27:21 ticlnx2 pppd[3539]: sent [IPCP ConfAck id=0x3 ] Aug 3 02:27:21 ticlnx2 pppd[3539]: sent [IPCP ConfReq id=0x1 ] Aug 3 02:27:21 ticlnx2 pppd[3539]: sent [CCP ConfReq id=0x1 ] Aug 3 02:27:21 ticlnx2 pppd[3539]: rcvd [IPCP ConfRej id=0x1 ] Aug 3 02:27:21 ticlnx2 pppd[3539]: sent [IPCP ConfReq id=0x2 ] Aug 3 02:27:21 ticlnx2 pppd[3539]: rcvd [IPCP ConfAck id=0x2 ] Aug 3 02:27:21 ticlnx2 pppd[3539]: found interface eth1 for proxy arp Aug 3 02:27:21 ticlnx2 pppd[3539]: local IP address 192.168.0.100 Aug 3 02:27:21 ticlnx2 pppd[3539]: remote IP address 192.168.0.101 Aug 3 02:27:21 ticlnx2 pppd[3539]: Script /etc/ppp/ip-up started (pid 3540) Aug 3 02:27:21 ticlnx2 pppd[3539]: Script /etc/ppp/ip-up finished (pid 3540), status = 0x0 Aug 3 02:27:24 ticlnx2 pppd[3539]: sent [CCP ConfReq id=0x1 ] Aug 3 02:27:24 ticlnx2 pppd[3539]: rcvd [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f] Aug 3 02:29:37 ticlnx2 sshd[417]: log: Generating new 768 bit RSA key. Aug 3 02:29:37 ticlnx2 sshd[417]: log: RSA key generation complete. ******************** Output after trying to connect with masqueraded Win98 PC (address changed to protect the innocent!): Aug 2 12:30:45 ticlnx2 pptpd[2342]: CTRL: Client 24.24.24.24 control connection started Aug 2 12:30:45 ticlnx2 pptpd[2342]: CTRL: Starting call (launching pppd, opening GRE) Aug 2 12:30:45 ticlnx2 pppd[2343]: pppd 2.3.8 started by root, uid 0 Aug 2 12:30:45 ticlnx2 pppd[2343]: Using interface ppp1 Aug 2 12:30:45 ticlnx2 pppd[2343]: Connect: ppp1 <--> /dev/pts/4 Aug 2 12:30:45 ticlnx2 pppd[2343]: sent [LCP ConfReq id=0x1 ] Aug 2 12:31:12 ticlnx2 last message repeated 9 times Aug 2 12:31:15 ticlnx2 pppd[2343]: LCP: timeout sending Config-Requests Aug 2 12:31:15 ticlnx2 pptpd[2342]: GRE: read(fd=4,buffer=804d440,len=8196) from PTY failed: status = -1 error = Input/output error Aug 2 12:31:15 ticlnx2 pptpd[2342]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Aug 2 12:31:15 ticlnx2 pptpd[2342]: CTRL: Client 24.24.24.24 control connection finished Aug 2 12:31:15 ticlnx2 pppd[2343]: Connection terminated. --- Beach From tmk at netmagic.net Mon Aug 2 19:13:29 1999 From: tmk at netmagic.net (tmk) Date: Mon Aug 2 19:13:29 1999 Subject: [pptp-server] auth In-Reply-To: <001401bedd0c$316fd030$0200a8c0@Kenny> Message-ID: you need to have a separate pppd options file for your isp vs your pptp server. This can be done using the /etc/pptpd.conf (or is it pptp.conf) file. There is a setting to tell it where to go for the ppp options file making it /etc/ppp/options.pptp is a good way to do it. As for the error, be sure to kill any running pptpd processes, since running more than one is pointless :) Kevin On Mon, 2 Aug 1999, Eric M. Woodruff wrote: > This is what I get when PopTop (VPN) starts > > pptpd[2085]: MGR: Manager process started > pptpd[2085]: MGR: Couldn't create host socket > > and with the ppp/options "auth" I can't connect to my ISP > > pppd[680]: The remote system (ppp0) is required to autthenticate itself = > but I > pppd[680]: couldn't find any suitable secret (password) for it to use to = > do so. > > Any ideas? > > Eric Woodruff > woodruff at ao.net > > > From tmk at netmagic.net Mon Aug 2 19:20:50 1999 From: tmk at netmagic.net (tmk) Date: Mon Aug 2 19:20:50 1999 Subject: [pptp-server] Please help.. In-Reply-To: <413E5FCC63D9D111956600805F31383201B87CB9@nasex01.columbia.net> Message-ID: > connect if I am using Windows 95 using the updated DUN version 1.3. When I > am connected, I can not ping anything on the subnet. I am sure I need to do > something else. I thought it had something to do with the subnet I was > assigned when connected. I reconfigured the Linux box to 192.168.0.7 - > 255.255.255.0 so it would be on the same subnet as the server that I need to > be able to access: 192.168.0.2 (NT Box..).. try this: make the pptp remote IP addresses on the same subnet as your private network, use the proxyarp ppp option, and make sure ip forwarding is allowed in the kernel. > Also, I am unable to connect with my Win98 box that is masqueraded behind a > Linux router, is this an issue? I had someone on dial-up test with Win98 > and he could connect (after uninstalling DUN and reinstalling like someone > suggested). masquing is bad for pptp, but there is a kernel mod out there which will tunnel pptp through a masq server.. the problem is that the server needs to make a connection back to the clients, and masquing doesn't do this without a patch. Kevin From matthewr at moreton.com.au Mon Aug 2 20:18:48 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Aug 2 20:18:48 1999 Subject: [pptp-server] v0.9.10 Message-ID: <37A64237.86AA6EED@moreton.com.au> PoPToP v0.9.10 has been released here: http://www.moretonbay.com/vpn/download_pptp.html ChangeLog: http://www.moretonbay.com/vpn/releases/ChangeLog.txt From EMIR.TOKTAR at bra.xerox.com Mon Aug 2 22:37:56 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Mon Aug 2 22:37:56 1999 Subject: [pptp-server] CHAP still not working! Message-ID: <51E5E026247AD2118CDD0008C74CC2DD34188E@bra0070ms1.bra.xerox.com> Is your client Win 95/ NT?? I had a problem when I make a conecction form clients to VPN Server (Linux). When I prompt a Dialup Conection, I did: Name : User Password: Passw Domain: <>*** //is your Domain Network, not domain DNS ========================================================== ** If you fill with your Domain, for example, "MyDomain" , your files will be: /etc/ppp/options debug auth name MyDomain require-chap proxyarp lock ... //etc/ppp/chap-secrets # Secrets for authentication using # client server secret IP addresses Mydomain\\bkw bkw test * .... ============================================================= ** If you fill with the name or IP Linux Server,or yet, BLANK, your files will be: Name : User Password: Passw Domain: <> or " " /etc/ppp/options debug auth name bwk // or bwk.mydomaindns.com require-chap proxyarp lock ... //etc/ppp/chap-secrets # Secrets for authentication using # client server secret IP addresses user1_bwk bkw passw_test * .... Sorry if I don?t understand your question or about my English!!! If I can help you anything... Regards Emir Toktar Tel : +55 41 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: Brian west [mailto:brian at eplazaonline.com] Sent: Monday, August 02, 1999 2:02 AM To: Matthew Ramsay Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] CHAP still not working! This still will not work! I have tried it all! with ZERO luck /etc/ppp/options debug auth name bkw remotename bkw <- This causes it all to die and give error require-chap proxyarp lock +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/ppp/chap-secrets # Secrets for authentication using # client server secret IP addresses bkw\\bkw bkw test * bkw\\wguy bkw test * bkw bkw\\bkw test * <- This doesnt work either wguy bkw\\wguy test * I need this to work with multi users any Ideas?? thanks, Brian ----- Original Message ----- From: Matthew Ramsay To: Brian west Cc: Sent: Sunday, August 01, 1999 8:55 PM Subject: Re: [pptp-server] (no subject) > I usually have mine setup like this (from memory): > > /etc/ppp/chap-secrets > DOMAIN\\username servername password * > > /etc/ppp/options.pptp > name servername > > I think the correct way to do it may be this tho: > /etc/ppp/chap-secrets > DOMAIN\\username servername password * > > /etc/ppp/options.pptp > name DOMAIN\\username > user DOMAIN\\username > remotename servername > > I think both would work...? btw, I seem to recall reading somewhere that > the chap-secrets file should also reverse the order .. eg. > DOMAIN\\username servername password * > servername DOMAIN\\username password * > > don't know why that is... anyone have any further comments? > > cheers, > -matt > > Brian west wrote: > > > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > > connection started > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Starting call (launching pppd, > > opening GRE) > > Aug 1 15:35:49 www pppd[8477]: pppd 2.3.8 started by root, uid 0 > > Aug 1 15:35:49 www pppd[8477]: Using interface ppp0 > > Aug 1 15:35:49 www pppd[8477]: Connect: ppp0 <--> /dev/pts/4 > > Aug 1 15:35:49 www pppd[8477]: No CHAP secret found for authenticating > > \\user > > Aug 1 15:35:49 www pppd[8477]: MSCHAP peer authentication failed for remote > > host \\user > > Aug 1 15:35:49 www pppd[8477]: Connection terminated. > > Aug 1 15:35:49 www pppd[8477]: Exit. > > Aug 1 15:35:49 www pptpd[8476]: GRE: read(fd=6,buffer=804d380,len=8196) > > from PTY failed: status = -1 error = Input/output error > > Aug 1 15:35:49 www pptpd[8476]: CTRL: PTY read or GRE write failed > > (pty,gre)=(6,7) > > Aug 1 15:35:49 www pptpd[8476]: CTRL: Client 208.165.104.20 control > > connection finished > > > > Ok what is the format of the chap-secrets file I cant seem to get it to auth > > now! > > > > Thanks, > > Brian > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! -------------- next part -------------- A non-text attachment was scrubbed... Name: Emir Toktar.vcf Type: application/octet-stream Size: 420 bytes Desc: not available URL: From thor at advance-it.com Tue Aug 3 08:50:08 1999 From: thor at advance-it.com (Thor Johnson) Date: Tue Aug 3 08:50:08 1999 Subject: [pptp-server] Got it.... almost.... Message-ID: Ok... heres hints for running PPTPd on a Masq server: 1. You have to have a *non-masq* rout between the subnets in the pptpd.conf file -- e.g. I use: ipchains -F forward ipchains -A forward -s 192.0.3.0/24 -d 192.168.0.0/24 ipchains -A -s 192.0.3.0/24 -j MASQ This allows the link to come up & become connected, but I am still having a problem: The NT machine cannot see the entire inside subnet (i.e. ping 192.0.3.1 [PPTP inside address] works, as does ping 192.0.3.245 [Pptp inside end address], but ping 192.0.3.2 [an NT box on the inside] does not. The NT Box on the inside can ping 192.0.3.245, but no 192.168.0.245 (PPTP's given address). Any ideas? TIA, Thor Johnson Log is attached, but I think the only interesting line is: Aug 3 00:34:04 gatekeeper pppd[764]: Cannot determine ethernet address for proxy ARP -------------- next part -------------- A non-text attachment was scrubbed... Name: pptpd.log Type: application/octet-stream Size: 12878 bytes Desc: not available URL: From case at clight.net Tue Aug 3 09:58:51 1999 From: case at clight.net (Laurent 'case' Mahieux) Date: Tue Aug 3 09:58:51 1999 Subject: [pptp-server] More: LCP ConfRequest failing (A hint?) Message-ID: Browsing thru the FAQ & Mail archive, I found multiple instances of the problem; and seemingly no definitive answer. I don't have one, though I believe this is a help. BTW, I'm not on the list, so if you intend me to read an answer, plz CC me. Problem basically looks like this on server: Aug 3 14:06:28 finet0 pptpd[8742]: CTRL: Client 194.149.90.201 control connection started Aug 3 14:06:28 finet0 pptpd[8742]: CTRL: Starting call (launching pppd, opening GRE) Aug 3 14:06:28 finet0 pppd[8743]: pppd 2.3.5 started by root, uid 0 Aug 3 14:06:28 finet0 pppd[8743]: Using interface ppp0 Aug 3 14:06:28 finet0 pppd[8743]: Connect: ppp0 <--> /dev/ttyp0 Aug 3 14:06:28 finet0 pppd[8743]: Warning - secret file /etc/ppp/pap-secrets has world and/or group access Aug 3 14:06:28 finet0 pppd[8743]: sent [LCP ConfReq id=0x1 ] Aug 3 14:06:55 finet0 last message repeated 9 times Aug 3 14:06:58 finet0 pptpd[8742]: GRE: read(fd=4,buffer=804cffc,len=8196) from PTY failed: status = -1 error = Input/output error Aug 3 14:06:58 finet0 pptpd[8742]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Aug 3 14:06:58 finet0 pptpd[8742]: CTRL: Client 194.149.90.201 control connection finished Aug 3 14:06:58 finet0 pppd[8743]: LCP: timeout sending Config-Requests Aug 3 14:06:58 finet0 pppd[8743]: Connection terminated. Aug 3 14:06:58 finet0 pppd[8743]: Exit. On the client (Win98) it fails during the username/password authentification I traced this to going thru a firewall (two actually). I went from the follownig setup: ISP RAS (194.xx.xx.xx) ---> Firewall (195.xx.xx.xx) --> NAT (10.xx.xx.xx) server To this setup: (195.xx.xx.xx) Local RAS --> NAT (10.xx.xx.xx) server So, basically, I still go thru a NAT firewall between my dial-up access and the server, but I bypass the first firewall (the one between our provider and our "real IP class). This works fine. The first firewall is setup for basic services (www, mail, ftp...) and denies everything else. I dunno what port/protocol LCP is using, but it's clearly not getting thru. pptpd protocol is getting thru though. It might be interesting to have all port/protocols listed in the FAQ for every step of the connection. Now everything seems to be working great :-) I hope this can be usefull. Regards, Laurent. -- +------------------------------------------------------+----------------+ |case at clight.net URL http://spring.clight.fr/~case/ | ** GO LINUX ** | +------------------------------------------------------+----------------+ | Life's not fair | My opinions | | But the root password helps | are my very own| +------------------------------------------------------+----------------+ From tmk at netmagic.net Tue Aug 3 11:18:30 1999 From: tmk at netmagic.net (tmk) Date: Tue Aug 3 11:18:30 1999 Subject: [pptp-server] Got it.... almost.... References: Message-ID: <001d01beddcc$5c877280$011c0fc0@lala.net> > This allows the link to come up & become connected, but I am still having a > problem: > The NT machine cannot see the entire inside subnet (i.e. ping 192.0.3.1 > [PPTP inside address] works, as does ping 192.0.3.245 [Pptp inside end > address], but ping 192.0.3.2 [an NT box on the inside] does not. > > The NT Box on the inside can ping 192.0.3.245, but no 192.168.0.245 (PPTP's > given address). this is a routing issue. if pings are to work across subnets, masquing must be disabled on them, and both participants in the ping must have the linux box as a gateway As for the proxy arp error, that just means that the pptp addresses are on a different subnet than the ethernet card, and therefore proxy arp can't work. Kevin From tmk at netmagic.net Tue Aug 3 11:24:50 1999 From: tmk at netmagic.net (tmk) Date: Tue Aug 3 11:24:50 1999 Subject: [pptp-server] More: LCP ConfRequest failing (A hint?) References: Message-ID: <001e01beddcd$2c159a40$011c0fc0@lala.net> The error you list means that the pptp control connection was successful, but the GRE (generic routing encapsulation - proto 47) did not connect. As such, ppp has nowhere to send it's LCP requests and it can't get any response to them. Usually the problem is running behind a NAT (aka masq) system, without the appropriate kernel mod or ip forwarding set up. The other possible problem is that the other end (client's ISP) doesn't support protocol 47, and they refuse to route it to their subnet. This will squelch any possibility for running pptp :) I'm not exactly sure why NAT systems don't work, but i think it's because GRE isn't really TCP, it's an independant protocol, and as such it probably isn't recognized by ipchains or ipfwadm as something it can work with. ideas/comments? send them to the list Kevin ----- Original Message ----- From: Laurent 'case' Mahieux To: Sent: Tuesday, August 03, 1999 8:04 AM Subject: [pptp-server] More: LCP ConfRequest failing (A hint?) > Browsing thru the FAQ & Mail archive, I found multiple instances of the > problem; and seemingly no definitive answer. > > I don't have one, though I believe this is a help. > > BTW, I'm not on the list, so if you intend me to read an answer, plz CC me. > > Problem basically looks like this on server: > Aug 3 14:06:28 finet0 pptpd[8742]: CTRL: Client 194.149.90.201 control connection started > Aug 3 14:06:28 finet0 pptpd[8742]: CTRL: Starting call (launching pppd, opening GRE) > Aug 3 14:06:28 finet0 pppd[8743]: pppd 2.3.5 started by root, uid 0 > Aug 3 14:06:28 finet0 pppd[8743]: Using interface ppp0 > Aug 3 14:06:28 finet0 pppd[8743]: Connect: ppp0 <--> /dev/ttyp0 > Aug 3 14:06:28 finet0 pppd[8743]: Warning - secret file /etc/ppp/pap-secrets has world and/or group access > Aug 3 14:06:28 finet0 pppd[8743]: sent [LCP ConfReq id=0x1 ] > Aug 3 14:06:55 finet0 last message repeated 9 times > Aug 3 14:06:58 finet0 pptpd[8742]: GRE: read(fd=4,buffer=804cffc,len=8196) from PTY failed: status = -1 error = Input/output error > Aug 3 14:06:58 finet0 pptpd[8742]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) > Aug 3 14:06:58 finet0 pptpd[8742]: CTRL: Client 194.149.90.201 control connection finished > Aug 3 14:06:58 finet0 pppd[8743]: LCP: timeout sending Config-Requests > Aug 3 14:06:58 finet0 pppd[8743]: Connection terminated. > Aug 3 14:06:58 finet0 pppd[8743]: Exit. > > On the client (Win98) it fails during the username/password authentification > > I traced this to going thru a firewall (two actually). > > I went from the follownig setup: > > ISP RAS (194.xx.xx.xx) ---> Firewall (195.xx.xx.xx) --> NAT (10.xx.xx.xx) server > > To this setup: > > (195.xx.xx.xx) Local RAS --> NAT (10.xx.xx.xx) server > > So, basically, I still go thru a NAT firewall between my dial-up access > and the server, but I bypass the first firewall (the one between our provider > and our "real IP class). This works fine. > The first firewall is setup for basic services (www, mail, ftp...) and > denies everything else. > > I dunno what port/protocol LCP is using, but it's clearly not getting thru. > pptpd protocol is getting thru though. > > It might be interesting to have all port/protocols listed in the FAQ for > every step of the connection. > > Now everything seems to be working great :-) > > I hope this can be usefull. > > Regards, > Laurent. > > -- > +------------------------------------------------------+----------------+ > |case at clight.net URL http://spring.clight.fr/~case/ | ** GO LINUX ** | > +------------------------------------------------------+----------------+ > | Life's not fair | My opinions | > | But the root password helps | are my very own| > +------------------------------------------------------+----------------+ > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From woodruff at ao.net Tue Aug 3 11:25:20 1999 From: woodruff at ao.net (Eric M. Woodruff) Date: Tue Aug 3 11:25:20 1999 Subject: [pptp-server] IPs Message-ID: <001201beddcc$c5030950$0200a8c0@Kenny> I'm running my box as a Masq., telnet, ftp, and now pptp, and also a samba server. Can someone please explain to me what the local and remote IPs are for. Should I be able to ping both if someone logs in? If not why did someone suggect the non-masq route to that subnet, because you would only be working with the local subnet. One more thing, If it is the case that I connect throught the local subnet, should they not be in the browse list? Eric Woodruff woodruff at ao.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From thor at advance-it.com Tue Aug 3 11:51:29 1999 From: thor at advance-it.com (Thor Johnson) Date: Tue Aug 3 11:51:29 1999 Subject: [pptp-server] PPTP vulnerabilities that still exist? Message-ID: Been reading through the PPTP faqs... and as I understand it the main 2 attacks on a PPTP server are: 1. Lack of authenticating the control port (DoS) 2. Short passwords Is it possible to put in a long password on the /etc/chap-secrets (64 chars?) and in the DUN & have it work? Does applying the PPTP-Masq patch (GRE, etc) to my firewall at work (so I can PPTP to home) compromise the firewall's security (I understand the concerns about the home-network from the FAQs, but - if I have my home connection up, can someone "invade" work?) TIA, Thor Johnson From rmatlock at calltech.com Tue Aug 3 14:20:47 1999 From: rmatlock at calltech.com (Rick Matlock) Date: Tue Aug 3 14:20:47 1999 Subject: [pptp-server] Windows 98/95 DUN errors: 650, 629, 640 Message-ID: I found a solution that has worked for me. I was getting the whole 650, 629, 640 stuff that didn't work. I went and looked at MS's support site, and found the following article: http://support.microsoft.com/support/kb/articles/Q188/1/41.ASP Basically, what I have been doing (and I assume everyone else because it's in the directions for win9x client setup) is going into network ctrl pannel and install the VPN adapter. That won't work, you MUST install it using the add-remove programs tool, go to windows->communications and install VPN support. If you have already done it like the Win9X setup says to do, you must uninstall it (just uncheck the box), then re-install it. That should get it up and running for you. Rick > -----Original Message----- > From: tmk [mailto:tmk at netmagic.net] > Sent: Tuesday, August 03, 1999 12:28 PM > To: Laurent 'case' Mahieux; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] More: LCP ConfRequest failing (A hint?) > > > The error you list means that the pptp control connection was > successful, > but the GRE (generic routing encapsulation - proto 47) did > not connect. As > such, ppp has nowhere to send it's LCP requests and it can't get any > response to them. > > Usually the problem is running behind a NAT (aka masq) > system, without the > appropriate kernel mod or ip forwarding set up. The other > possible problem > is that the other end (client's ISP) doesn't support protocol > 47, and they > refuse to route it to their subnet. This will squelch any > possibility for > running pptp :) > > I'm not exactly sure why NAT systems don't work, but i think > it's because > GRE isn't really TCP, it's an independant protocol, and as > such it probably > isn't recognized by ipchains or ipfwadm as something it can work with. > > ideas/comments? send them to the list > Kevin > > ----- Original Message ----- > From: Laurent 'case' Mahieux > To: > Sent: Tuesday, August 03, 1999 8:04 AM > Subject: [pptp-server] More: LCP ConfRequest failing (A hint?) > > > > Browsing thru the FAQ & Mail archive, I found multiple > instances of the > > problem; and seemingly no definitive answer. > > > > I don't have one, though I believe this is a help. > > > > BTW, I'm not on the list, so if you intend me to read an > answer, plz CC > me. > > > > Problem basically looks like this on server: > > Aug 3 14:06:28 finet0 pptpd[8742]: CTRL: Client > 194.149.90.201 control > connection started > > Aug 3 14:06:28 finet0 pptpd[8742]: CTRL: Starting call > (launching pppd, > opening GRE) > > Aug 3 14:06:28 finet0 pppd[8743]: pppd 2.3.5 started by root, uid 0 > > Aug 3 14:06:28 finet0 pppd[8743]: Using interface ppp0 > > Aug 3 14:06:28 finet0 pppd[8743]: Connect: ppp0 <--> /dev/ttyp0 > > Aug 3 14:06:28 finet0 pppd[8743]: Warning - secret file > /etc/ppp/pap-secrets has world and/or group access > > Aug 3 14:06:28 finet0 pppd[8743]: sent [LCP ConfReq id=0x1 > > ] > > Aug 3 14:06:55 finet0 last message repeated 9 times > > Aug 3 14:06:58 finet0 pptpd[8742]: GRE: > read(fd=4,buffer=804cffc,len=8196) from PTY failed: status = > -1 error = > Input/output error > > Aug 3 14:06:58 finet0 pptpd[8742]: CTRL: PTY read or GRE > write failed > (pty,gre)=(4,5) > > Aug 3 14:06:58 finet0 pptpd[8742]: CTRL: Client > 194.149.90.201 control > connection finished > > Aug 3 14:06:58 finet0 pppd[8743]: LCP: timeout sending > Config-Requests > > Aug 3 14:06:58 finet0 pppd[8743]: Connection terminated. > > Aug 3 14:06:58 finet0 pppd[8743]: Exit. > > > > On the client (Win98) it fails during the username/password > authentification > > > > I traced this to going thru a firewall (two actually). > > > > I went from the follownig setup: > > > > ISP RAS (194.xx.xx.xx) ---> Firewall (195.xx.xx.xx) --> NAT > (10.xx.xx.xx) server > > > > To this setup: > > > > (195.xx.xx.xx) Local RAS --> NAT (10.xx.xx.xx) server > > > > So, basically, I still go thru a NAT firewall between my > dial-up access > > and the server, but I bypass the first firewall (the one between our > provider > > and our "real IP class). This works fine. > > The first firewall is setup for basic services (www, > mail, ftp...) and > > denies everything else. > > > > I dunno what port/protocol LCP is using, but it's clearly > not getting > thru. > > pptpd protocol is getting thru though. > > > > It might be interesting to have all port/protocols listed > in the FAQ for > > every step of the connection. > > > > Now everything seems to be working great :-) > > > > I hope this can be usefull. > > > > Regards, > > Laurent. > > > > -- > > > +------------------------------------------------------+------ > ----------+ > > |case at clight.net URL http://spring.clight.fr/~case/ | ** > GO LINUX ** | > > > +------------------------------------------------------+------ > ----------+ > > | Life's not fair | > My opinions | > > | But the root password helps | > are my very own| > > > +------------------------------------------------------+------ > ----------+ > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From srhodes at cpinternet.com Tue Aug 3 16:20:24 1999 From: srhodes at cpinternet.com (Steve Rhodes) Date: Tue Aug 3 16:20:24 1999 Subject: [pptp-server] Subnets on the pptp host side Message-ID: <37A74EFF.E3650C2B@cpinternet.com> I have seen a large number of posts regarding the problem of accessing hosts on the server side of the pptp connection. The typical post goes something like I have a pptp server set up on my office LAN. I can connect to the server and ping to it fine, but I can't ping any other hosts on the office subnet. I have ip-forwarding turned on and I have proxyarp set in the ppp/options file. What can be wrong? There seem to be a lot of questions floating around about routing and masq'ing associated with this issue. Well, my curiosity got the best of me, so I thought I would check this out. Shown below is my test setup for investigating this problem. 192.168.8.142 192.168.56.10 192.168.56.11 192.168.56.12 ________ _______ ______ ______ | | | | | | | | | client |-------------->| fire |-------------->| pptp |---------->| host | | | | wall | | srvr | | | |________| |_______| |______| |______| H H H 192.168.8.10 H H H H===============================================H 192.168.5.12 pptp connection 192.168.5.11 For the sake of simplicity, we will ignore address translation issues associated with the firewall. This assumes that the client at 192.168.8.142 is going to use 192.168.56.11 as its target address for the pptp connection to pptp_srvr. The firewall will block all access to the 192.168.56.0 subnet except for pptp connections associated with pptp_srvr. This can be implemented with ipchains ipchains -P input DENY ipchains -P forward DENY ipchains -A input 192.168.56.0/24 -j ACCEPT /* allow connections from inside */ ipchains -A input -p tcp -d 192.168.56.11 1723 -j ACCEPT ipchains -A input -p 47 -d 192.168.56.11 -j ACCEPT ipchains -A forward -p tcp -d 192.168.56.11 1723 -j ACCEPT ipchains -A forward -p tcp -s 192.168.56.11 1723 -j ACCEPT ipchains -A forward -p 47 -d 192.168.56.11 -j ACCEPT ipchains -A forward -p 47 -s 192.168.56.11 -j ACCEPT When you connect from client to pptp_srvr, you will be able to complete the connection and ping to pptp_srvr. However, if you attempt to ping host, at 192.168.56.12, this will fail. A clue to this problem can be found in the /var/tmp/messages file on pptp_srvr. There, in the pppd messages, you will find Cannot determine ethernet address for proxy ARP This is due to an issue with the pppd program, which attempts to find a hardware interface on the subnet to which the pppd client has been assigned. In this case its looking for a hardware interface on the 192.168.5.0 subnet. It will fail to find one, and will drop the proxyarp request. The simplest way around this problem, and the one that is suggested in the pppd documentation, is to set the pppd client IP assignment to be on the local subnet. An example in this case might be 192.168.56.129. However, it may not be possible to do that. In the case of a fully loaded subnet, there may not be any addresses to spare. Or there may be some security issues with giving out local subnet addresses. What to do? The place to look is in the arp table. If you run tcpdump on host (192.168.56.12) during the time when client is pinging, you will see unanswered arp requests from host attempting to find the hardware address for 192.168.5.12. You need to proxy the hardware address of the pptp_srvr for client in order for this request to be fulfilled. This is the job of proxyarp. However, proxyarp has let us down in this instance, and we need to find a workaround. This can be done manually using the arp command on pptp_srvr. For example, if the hardware address of the ethernet card on pptp_srvr is 00:60:08:98:14:14, you could force the arp to proxy the client pptp address by saying arp --set 192.168.5.12 00:60:08:98:14:13 pub You should now be able to ping from client to host through the pptp connection. This can be a problem, however, in a dynamic environment when clients are logging into and out of the pptp server on a continuous basis. One way around this problem is to write a script that will execute upon the initiation of each ppp connection. The place to do this is in /etc/ppp/ip-up. This script is executed each time a new ppp connection is started. It gets some variables passed into it, one of which is the assigned IP address of the client. Note that RedHat systems use ip-up.local as the place for you to make the script. Don't forget to chmod +x ! #! /bin/bash REMOTE_IP_ADDRESS=$5 date > /var/run/ppp.up echo "REMOTE_IP_ADDRESS = " $REMOTE_IP_ADDRESS >> /var/run/ppp.up arp --set $REMOTE_IP_ADDRESS 00:60:08:98:14:14 pub >> /var/run/ppp.up exit 0 This should put you in business for accessing the remote subnet under this scenario. I am a little bit concerned, however, because I also built a script ip-down.local, that should remove the arp proxy when client disconnected. It doesn't seem to do anything, however, and if I try to delete the arp entry manually, it just spits out a cryptic error message. The arp entries remain persistent, as far as I can tell. If this is a problem or not, I don't know. The next few clients that log in are treated well, so I guess its OK. I hope this information is useful to you, especially if you have bothered to read the whole thing to this point, as it is rather lengthy! Regards, Steve Rhodes From srhodes at cpinternet.com Tue Aug 3 16:31:06 1999 From: srhodes at cpinternet.com (Steve Rhodes) Date: Tue Aug 3 16:31:06 1999 Subject: [pptp-server] Subnets on the pptp host side (Take Two) Message-ID: <37A75179.5BB7E81@cpinternet.com> I have seen a large number of posts regarding the problem of accessing hosts on the server side of the pptp connection. The typical post goes something like I have a pptp server set up on my office LAN. I can connect to the server and ping to it fine, but I can't ping any other hosts on the office subnet. I have ip-forwarding turned on and I have proxyarp set in the ppp/options file. What can be wrong? There seem to be a lot of questions floating around about routing and masq'ing associated with this issue. Well, my curiosity got the best of me, so I thought I would check this out. Shown below is my test setup for investigating this problem. 192.168.8.142 192.168.56.10 192.168.56.11 192.168.56.12 ________ _______ ______ _____ | | | | | | | | | client |------->| fire |-------->| pptp |----->| host | | | | wall | | srvr | | | |________| |_______| |______| |______| H H H 192.168.8.10 H H H H===================================H 192.168.5.12 pptp connection 192.168.5.11 For the sake of simplicity, we will ignore address translation issues associated with the firewall. This assumes that the client at 192.168.8.142 is going to use 192.168.56.11 as its target address for the pptp connection to pptp_srvr. The firewall will block all access to the 192.168.56.0 subnet except for pptp connections associated with pptp_srvr. This can be implemented with ipchains ipchains -P input DENY ipchains -P forward DENY ipchains -A input 192.168.56.0/24 -j ACCEPT /* allow connections from inside */ ipchains -A input -p tcp -d 192.168.56.11 1723 -j ACCEPT ipchains -A input -p 47 -d 192.168.56.11 -j ACCEPT ipchains -A forward -p tcp -d 192.168.56.11 1723 -j ACCEPT ipchains -A forward -p tcp -s 192.168.56.11 1723 -j ACCEPT ipchains -A forward -p 47 -d 192.168.56.11 -j ACCEPT ipchains -A forward -p 47 -s 192.168.56.11 -j ACCEPT When you connect from client to pptp_srvr, you will be able to complete the connection and ping to pptp_srvr. However, if you attempt to ping host, at 192.168.56.12, this will fail. A clue to this problem can be found in the /var/tmp/messages file on pptp_srvr. There, in the pppd messages, you will find Cannot determine ethernet address for proxy ARP This is due to an issue with the pppd program, which attempts to find a hardware interface on the subnet to which the pppd client has been assigned. In this case its looking for a hardware interface on the 192.168.5.0 subnet. It will fail to find one, and will drop the proxyarp request. The simplest way around this problem, and the one that is suggested in the pppd documentation, is to set the pppd client IP assignment to be on the local subnet. An example in this case might be 192.168.56.129. However, it may not be possible to do that. In the case of a fully loaded subnet, there may not be any addresses to spare. Or there may be some security issues with giving out local subnet addresses. What to do? The place to look is in the arp table. If you run tcpdump on host (192.168.56.12) during the time when client is pinging, you will see unanswered arp requests from host attempting to find the hardware address for 192.168.5.12. You need to proxy the hardware address of the pptp_srvr for client in order for this request to be fulfilled. This is the job of proxyarp. However, proxyarp has let us down in this instance, and we need to find a workaround. This can be done manually using the arp command on pptp_srvr. For example, if the hardware address of the ethernet card on pptp_srvr is 00:60:08:98:14:14, you could force the arp to proxy the client pptp address by saying arp --set 192.168.5.12 00:60:08:98:14:13 pub You should now be able to ping from client to host through the pptp connection. This can be a problem, however, in a dynamic environment when clients are logging into and out of the pptp server on a continuous basis. One way around this problem is to write a script that will execute upon the initiation of each ppp connection. The place to do this is in /etc/ppp/ip-up. This script is executed each time a new ppp connection is started. It gets some variables passed into it, one of which is the assigned IP address of the client. Note that RedHat systems use ip-up.local as the place for you to make the script. Don't forget to chmod +x ! #! /bin/bash REMOTE_IP_ADDRESS=$5 date > /var/run/ppp.up echo "REMOTE_IP_ADDRESS = " $REMOTE_IP_ADDRESS >> /var/run/ppp.up arp --set $REMOTE_IP_ADDRESS 00:60:08:98:14:14 pub >> /var/run/ppp.up exit 0 This should put you in business for accessing the remote subnet under this scenario. I am a little bit concerned, however, because I also built a script ip-down.local, that should remove the arp proxy when client disconnected. It doesn't seem to do anything, however, and if I try to delete the arp entry manually, it just spits out a cryptic error message. The arp entries remain persistent, as far as I can tell. If this is a problem or not, I don't know. The next few clients that log in are treated well, so I guess its OK. I hope this information is useful to you, especially if you have bothered to read the whole thing to this point, as it is rather lengthy! Regards, Steve Rhodes From MarshallJ at switch.aust.com Tue Aug 3 17:42:35 1999 From: MarshallJ at switch.aust.com (Marshall, Joshua) Date: Tue Aug 3 17:42:35 1999 Subject: [pptp-server] IPs Message-ID: <1D5D8EC2A0ADD111BE6C00A0C95AAE4E28BC75@server2.ussbris> Can someone please explain to me what the local and remote IPs are for. Should I be able to ping both if someone logs in? If not why did someone suggect the non-masq route to that subnet, because you would only be working with the local subnet. The local IP is the IP allocated to the server side of the PPTP connection, the remote IP is the IP address allocated to the client upon connection. You should be able to ping the remote IP from the server and the local IP from the client. From tmk at netmagic.net Tue Aug 3 18:17:44 1999 From: tmk at netmagic.net (tmk) Date: Tue Aug 3 18:17:44 1999 Subject: [pptp-server] IPs In-Reply-To: <001201beddcc$c5030950$0200a8c0@Kenny> Message-ID: > Can someone please explain to me what the local and remote IPs are for. > Should I be able to ping both if someone logs in? If not why did > someone suggect the non-masq route to that subnet, because you would > only be working with the local subnet. local ip is the ip of the linux box (server) as seen by the clients, and the remote ip is the ip address that the client will be seen as on your network. you should be able to ping both ips if the client can connect, but peers can't see it, the culprit is usually masqing. What happens is if the clinets are assigned an ip on a separate subnet, and masquing is enabled, the defaulot forwarding policy is usually to masq the packets. As such, packets coming to the client get sent out the wrong interface and on to the internet, or they get masqued by the linux box, and since they are talking to some other computer, they ignore the packets because they come from the wrong place. > One more thing, If it is the case that I connect throught the local > subnet, should they not be in the browse list? this depends on how long they've been connected, whether or not they're onthe same subnet as other computers, and if you have a wins server (and the client is configured to use it) Kevin From tmk at netmagic.net Tue Aug 3 18:29:14 1999 From: tmk at netmagic.net (tmk) Date: Tue Aug 3 18:29:14 1999 Subject: [pptp-server] PPTP vulnerabilities that still exist? In-Reply-To: Message-ID: > Been reading through the PPTP faqs... and as I understand it the main 2 > attacks on a PPTP server are: > 1. Lack of authenticating the control port (DoS) > 2. Short passwords > > > Is it possible to put in a long password on the /etc/chap-secrets (64 > chars?) and in the DUN & have it work? Password length is determined by the method of authentication you use.. MS-CHAP and V2 of it, have RFCs orsomething that define the max lengths. We can't ignore those. Short passwords isn't usually hte problem, it's more like weak encryption. MS-CHPAv2 seems to have fixed this a bit, and unless the link is up for a long time , it's not much of an issue. > Does applying the PPTP-Masq patch (GRE, etc) to my firewall at work (so I > can PPTP to home) compromise the firewall's security (I understand the > concerns about the home-network from the FAQs, but - if I have my home > connection up, can someone "invade" work?) the GRE kernel patch i think just routes protocol 47 stuff properly, and MIGHT be a security problems if you have routers that communicate using GRE on your company network, but that's unlikely, and i wouldn't worry about it. Kevin From matthewr at moreton.com.au Wed Aug 4 01:12:06 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Aug 4 01:12:06 1999 Subject: [pptp-server] Who is using PoPToP? Message-ID: <37A7D878.8EB0DB96@moreton.com.au> I'm in the early stages of putting together a paper on PoPToP (and PPTP and VPNs in general). I am interested in hearing about where PoPToP is currently being used. If you are using PoPToP on a day to day basis could you drop me a line describing your particular situation and need for PoPToP, what kind of system it is running on, how many client connections (simultaneous connections/connections per day) and any other interesting details.. etc. I'm also interested in what OS's PoPToP is currently running on. My current list has PoPToP ported to: Linux Solaris 2.6 FreeBSD OpenBSD StarOS 4 Has anyone had success on other platforms? Thanks to all those who take the time to respond. Cheers, Matt. From Peter.Galbavy at knowledge.com Wed Aug 4 05:56:32 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Wed Aug 4 05:56:32 1999 Subject: [pptp-server] anonCVS server down for maintenance Message-ID: <19990804115600.A18570@office.knowledge.com> Hi all, In view of some network issues and machines crashing all over here at the office, I have unilaterally decided to reorganise some stuff. One part of this is to move the pptpd CVS server stuff around. I will disabling access soon, but hope to have it back in a coupld of hours. Sorry for the inconvenience and short notice. Regards, -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From Peter.Galbavy at knowledge.com Wed Aug 4 09:58:30 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Wed Aug 4 09:58:30 1999 Subject: [pptp-server] anonCVS server down for maintenance In-Reply-To: <19990804115600.A18570@office.knowledge.com>; from Peter Galbavy on Wed, Aug 04, 1999 at 11:56:01AM +0100 References: <19990804115600.A18570@office.knowledge.com> Message-ID: <19990804155813.A17943@office.knowledge.com> On Wed, Aug 04, 1999 at 11:56:01AM +0100, Peter Galbavy wrote: > One part of this is to move the pptpd CVS server stuff around. I will > disabling access soon, but hope to have it back in a coupld of hours. The server should now be back. Let me know of any problems. Thanks. -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From rlankshear at comset.co.uk Wed Aug 4 10:54:19 1999 From: rlankshear at comset.co.uk (Robert Lankshear) Date: Wed Aug 4 10:54:19 1999 Subject: [pptp-server] pppd netmask problem - can we track it down? Message-ID: <002567C3.005BDB09.00@StClare1.comset.co.uk> Greetings, I'm currently fighting it out with my Dual homed Linux Masq'ing Firewall to allow me to tunnel in. Having patched 2.2.10 with the standard 2.2.5 masq. patch I am able to connect and transfer data so GRE must be working although I've done no portfw or ipfwd to it. My problem is with the Netmask that is used to transmit Netbeui packets.. which is the broadcast for the Class A. I use a Class C of 10.20.30.0/24. Reading the previous tips on this thread I decided to hack pppd to make it behave. The code that does the netmask setting according to class is the function GetMask in pppd/sys-linux.c and not the one in options that never seems to get called. Just thought I'd let you know so we don't go chasing around the wrong code for what needs to be 'improved'. TTFN Robert. --- Robert J Lankshear - rlankshear at comset.co.uk From ScottMunns at Freightliner.com Wed Aug 4 10:57:19 1999 From: ScottMunns at Freightliner.com (Scott Munns) Date: Wed Aug 4 10:57:19 1999 Subject: [pptp-server] PPTP solution for VMware?? Message-ID: Hello everyone, I have a dilemma in using VMware for Linux. I am running Windows NT on the "virtual machine" (VM), and the Linux box is connected to our corporate LAN by a token ring adapter. Unfortunately, that means that I can't use Ethernet bridging to give access between the NT VM and the LAN. To (partially) solve the problem, I set up IP masq on the Linux box. The VM is the only machine on the masq'ed private network. So, here's the diagram: VM (192.168.0.2) virtual AMD PCI Ethernet adapter -> Linux (192.168.0.1) vmnet1 "VMware virtual hub" -> Linux (123.45.67.89) tr0 token ring adapter -> Corporate LAN (123.45.67.xx) However, IP masq won't allow me to do NT domain authentication or login to our corporate authenticated Samba servers. I've gotta get it working!! Some newsgroups mentioned that PPTP might solve this issue. Is there a way to install PoPToP on the linux box so I can tunnel the NT VM onto our corporate network? Will this solve the above issue? Is there a better way? I can get a legal LAN IP address for the NT VM no problem. Thanks for your help/advice! Scott --- Scott Munns Research Engineer, Vehicle Systems Technology Center DaimlerChrysler Research and Technology North America Inc. At Freightliner Corporation, a DaimlerChrysler Company scottmunns at freightliner.com From R.Rankin at queens-belfast.ac.uk Thu Aug 5 05:17:34 1999 From: R.Rankin at queens-belfast.ac.uk (Ricky Rankin) Date: Thu Aug 5 05:17:34 1999 Subject: [pptp-server] vpn v WTS Message-ID: A question that probbaly shows my lack of knowledge. At Queen's we are currently piloting a Windows Terminal Server to enable people to work from off site. What advantage does using a VPN solution such as pptp have over a WTS? Also I have read several articles about RAS systems which seem to require an NT system to be loaded with modem cards. We are interested in providing a solution that uses the services of ISPs thus removing our need to provide modems on site. What are the possible systems we should be looking at. Thanks Ricky ---------------------- Ricky Rankin Principal Analyst Computing Services tel +44 1232 273819 fax +44 1232 230592 From walterm at Gliatech.com Thu Aug 5 09:10:41 1999 From: walterm at Gliatech.com (Michael Walter) Date: Thu Aug 5 09:10:41 1999 Subject: [pptp-server] Getting there a step at a time Message-ID: Hello again all, Well, thanks to Steve Rhodes for pointing out the big problem in my pptpd server configuration. I had assumed that in the pptpd.conf file the remote address was supposed to be the address of the internet nic. When I changed this to the internal address I wanted to supply to the vpn client most of my problems went away. I can now connect to the vpn effortlessly, ping to the local subnet, use mschap-v2, and pretty much be a complete member of the local network. I am still having one problem however, when I tell the win98 client to require encrypted data I get an error 742, the server does not support data encryption on the client. The pptpd.log file reports gateway modpro be: can't locate module ppp-compress-18. I have done the aliasing for ppp-compress-21, ppp-compress-24 and ppp-compress-26. Does anyone know if there is an alias for ppp-compress-18, or did i miss something when I added rc4 support? Thanks for all the help so far, Michael J. Walter mcse Gliatech, Inc. walterm at gliatech.com mwalter at drwalter.com From Tim.Beacham at LifePointHospitals.com Thu Aug 5 09:29:21 1999 From: Tim.Beacham at LifePointHospitals.com (Beacham Tim P) Date: Thu Aug 5 09:29:21 1999 Subject: [pptp-server] Security? Message-ID: <413E5FCC63D9D111956600805F31383201B87CC9@nasex01.columbia.net> I know this is probably a FAQ, but how secure is pptp? Does it use encryption of some sort? (3 DES, Blowfish, etc..) I would like to start using pptpd because it works extremely well but would like a little peace of mind that the data stream is not open to prying eyes. -------------------------------------------------------------------- Tim Beacham, HDIS ? Barrow Medical Center Tim.Beacham at Lifepointhospitals.com From amacc at mailer.org Thu Aug 5 10:12:00 1999 From: amacc at mailer.org (Andrew McRory) Date: Thu Aug 5 10:12:00 1999 Subject: [pptp-server] ISDN connections from Compaq 4000 modem chassis Message-ID: Hello, I was wondering if any progress progress has been made adding support for incoming ISDN connections to PoPToP? I have a Compaq Microcom 4000 modem chassis which works using NT but all I have gotten is "message type 9 not supported" when using PoPToP. I'd really love to ditch our NT server ;) Thanks Andrew McRory - amacc at linuxsys.com *********************************** Linux Systems Engineers / The PC Doctors * 3009-C West Tharpe Street - Tallahassee, FL 32303 * Voice 850.575.7213 *************************************************** From butler at usit.net Thu Aug 5 10:20:40 1999 From: butler at usit.net (Philip L. Butler) Date: Thu Aug 5 10:20:40 1999 Subject: [pptp-server] PPTP/Slackware configuration.... Message-ID: <37A9AC21.70418568@usit.net> Hi, I am interested in setting up a PoPToP server on Slackware 2.0.33 and would like to hear from others that have done the same. The PoPToP installation/configuration looks fairly straightforward, but there's mention of 'pty' support. Has anyone used Slackware 2.0.x with PoPToP and what's up with the 'pty' stuff ?? I see also that I'll probably need to get a later version of PPPD, but that doesn't look too terribly bad. Many Thanks in Advance, Phil Butler butler at usit.net From alex at nauta.it Thu Aug 5 10:25:00 1999 From: alex at nauta.it (Alessandro Iob) Date: Thu Aug 5 10:25:00 1999 Subject: [pptp-server] Win98 dialup problem Message-ID: <37A9ACB7.AE442015@nauta.it> I think this is really a win98 configuration problem, but I could not resolve it, so... The proble is that I couldn't set correct routing when the pptp (VPN) connection is started over a ppp-modem (Remote Access) connection. The authentication works and the connection with the pptp server is estabilished, but the private ip packets are routed through the normal dial-up ppp connection, and not over the VPN one. So the win98 client couldn't reache the remote vpn. I've installed , in the network control pannel this devices and protocols: Microsoft VPN adapter Remote access Adapter Remote access Adapter #2 (for VPN) NDISWAN VPN for microsoft clients TCP/IP protocol TCP/IP protocol #2 (for VPN) PPTP connections over LAN work correctly. Any suggestions? Thank You Alex Iob From amacc at mailer.org Thu Aug 5 10:37:09 1999 From: amacc at mailer.org (Andrew McRory) Date: Thu Aug 5 10:37:09 1999 Subject: [pptp-server] PPTP/Slackware configuration.... In-Reply-To: <37A9AC21.70418568@usit.net> Message-ID: On Thu, 5 Aug 1999, Philip L. Butler wrote: > Hi, > > I am interested in setting up a PoPToP server on Slackware 2.0.33 and > would like to hear from others that have done the same. The PoPToP > installation/configuration looks fairly straightforward, but there's > mention of 'pty' support. Has anyone used Slackware 2.0.x with PoPToP > and what's up with the 'pty' stuff ?? I see also that I'll probably > need to get a later version of PPPD, but that doesn't look too terribly > bad. pty is referring to "pseudo tty" support. you'll be ok... Andrew McRory - amacc at linuxsys.com *********************************** Linux Systems Engineers / The PC Doctors * 3009-C West Tharpe Street - Tallahassee, FL 32303 * Voice 850.575.7213 *************************************************** From jcaspen at ittc.ukans.edu Thu Aug 5 12:08:33 1999 From: jcaspen at ittc.ukans.edu (Carlos Javier Castro Pena) Date: Thu Aug 5 12:08:33 1999 Subject: [pptp-server] Compression / Encryption / routing Message-ID: <37A9C50B.5C6E2905@ittc.ukans.edu> Hi, I could connect from Windows 98 to PoPTop in Linux. I have some questions: - PoPTop logs ' compression disabled by peer ' if compression is selected in the Client. How can it be enabled. - If software encryption is enabled in the client, it says that the server doesn't support it. - How should I set a route from my local NET to the net of the POPTop server? I tryied using the route add command of Windows but it didn't add the route. regards, javier From tmk at netmagic.net Thu Aug 5 12:32:32 1999 From: tmk at netmagic.net (tmk) Date: Thu Aug 5 12:32:32 1999 Subject: [pptp-server] Compression / Encryption / routing In-Reply-To: <37A9C50B.5C6E2905@ittc.ukans.edu> Message-ID: > - PoPTop logs ' compression disabled by peer ' if compression is > selected in the Client. How can it be enabled. make sure you have the compression modules loaded for ppp. if your linux /var/log/messages has lines that say can't load module ppp-compress-?? then you need to load the compression modules. > - If software encryption is enabled in the client, it says that the > server doesn't support it. did you compile the mppe patch into pppd? you need to do that before it will support encryption > > - How should I set a route from my local NET to the net of the POPTop > server? I tryied using the route add command of Windows but it didn't > add the route. when it connects, windows makes a route for it automatically. You might try reading the ppp-howto for info on how to setup routes for dialup users (pptp uses ppp to connect, so it can be viewed just like a dialup connection) Kevin From rmatlock at calltech.com Thu Aug 5 18:02:46 1999 From: rmatlock at calltech.com (Rick Matlock) Date: Thu Aug 5 18:02:46 1999 Subject: [pptp-server] Speed/performance problems with v0.9.10 and 98 Message-ID: I am having some pretty bad performance problems with Windows 98 and PoPToP v0.9.10. I will describe the networks first: Server: two 10MB cards, one on an external net and one on an internet network. I have PoPToP v0.9.10 installed (clean) and pppd v2.3.8 (unpatched). It is a pentium 120 with 64MB ram, Redhat 6.0 and Kernel 2.2.7 installed. This machine is connected through a Cisco router through a single T1 to the internet. Client: Celeron 333, Windows 98 + misc patches. This machine is connected directly to a cable modem (Time Warner's Road Runner). I can get the tunnel up without a problem. I can't ping immediately after I connect. After about 2-3 seconds, I can ping things (The other side of the tunnel). I then get MAJOR packet loss and VERY slow pings through the tunnel. I have averaged about 23% packet loss and an average ping time of over 10000 MS (short being 100 and long being 35000). My pptpd configuration is: speed 115200 localip 10.129.0.5 remoteip 10.129.3.1-127 My pppd options file is: name pptp auth require-chap proxyarp netmask 255.255.255.0 ms-dns 10.129.0.52 ms-dns 206.175.59.25 ms-wins 206.175.59.25 From jcaspen at ittc.ukans.edu Thu Aug 5 18:55:56 1999 From: jcaspen at ittc.ukans.edu (Carlos Javier Castro Pena) Date: Thu Aug 5 18:55:56 1999 Subject: [pptp-server] Where are the rc4 files? Message-ID: <37AA2481.D854D5F6@ittc.ukans.edu> I am following the instructions to apply the encryption patch but: - I can't gunzip the .gz patch - I can' find the rc4 files Where should I look for them? From phil at vibrationresearch.com Thu Aug 5 18:56:16 1999 From: phil at vibrationresearch.com (Philip Van Baren) Date: Thu Aug 5 18:56:16 1999 Subject: [pptp-server] Speed/performance problems with v0.9.10 and 98 In-Reply-To: Message-ID: <000001bedf9e$1624f460$74108318@bud.mw.mediaone.net> I noticed a large performance decrease between 0.9.4 and later versions. I would suggest trying 0.9.4 to see if that version works better for you. Phil Van Baren phil at vibrationresearch.com > From: Rick Matlock > Sent: Thursday, 5 August 1999 7:12 PM > > I am having some pretty bad performance problems with Windows 98 and > PoPToP v0.9.10. From rmatlock at calltech.com Thu Aug 5 19:12:45 1999 From: rmatlock at calltech.com (Rick Matlock) Date: Thu Aug 5 19:12:45 1999 Subject: [pptp-server] Speed/performance problems with v0.9.10 and 98 Message-ID: Ok, two more things... I went down to 0.9.4 and still had simmilar problems, but not as bad. Pinging from the client side, I received higher ping rates, but my packet loss was just as bad. On the server side, the ping rates were a little lower (but still unusable), and packet loss was down (12%). So, average was 4700, low was like 150 and high 12000. Also, one more thing to add that I had forgotten previously, if I dial into the ISP and do a tunnel (with a 33.6 connection), I have no problems at all. Pings are good, packet loss is acceptable (1-2%). Any more ideas? Rick -----Original Message----- From: Philip Van Baren [mailto:phil at vibrationresearch.com] Sent: Thursday, August 05, 1999 4:56 PM To: Rick Matlock; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Speed/performance problems with v0.9.10 and 98 I noticed a large performance decrease between 0.9.4 and later versions. I would suggest trying 0.9.4 to see if that version works better for you. Phil Van Baren phil at vibrationresearch.com > From: Rick Matlock > Sent: Thursday, 5 August 1999 7:12 PM > > I am having some pretty bad performance problems with Windows 98 and > PoPToP v0.9.10. From tmk at netmagic.net Thu Aug 5 19:19:15 1999 From: tmk at netmagic.net (tmk) Date: Thu Aug 5 19:19:15 1999 Subject: [pptp-server] Speed/performance problems with v0.9.10 and 98 References: Message-ID: <003201bedfa1$dd31a6e0$011c0fc0@lala.net> sounds like either the cable modem or the cable modem service is crappy.. what results do you get when you ping the internet ip's of each? (ie ping cable ip from linux server, and linux ip from cable) Kevin ----- Original Message ----- From: Rick Matlock To: Cc: 'Philip Van Baren' Sent: Thursday, August 05, 1999 5:22 PM Subject: RE: [pptp-server] Speed/performance problems with v0.9.10 and 98 > Ok, two more things... > > I went down to 0.9.4 and still had simmilar problems, but not as bad. > Pinging from the client side, I received higher ping rates, but my > packet loss was just as bad. > > On the server side, the ping rates were a little lower (but still > unusable), and packet loss was down (12%). > So, average was 4700, low was like 150 and high 12000. > > Also, one more thing to add that I had forgotten previously, if I dial > into the ISP and do a tunnel (with a 33.6 connection), I have no > problems at all. Pings are good, packet loss is acceptable (1-2%). > > Any more ideas? > > Rick > > -----Original Message----- > From: Philip Van Baren [mailto:phil at vibrationresearch.com] > Sent: Thursday, August 05, 1999 4:56 PM > To: Rick Matlock; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Speed/performance problems with v0.9.10 and > 98 > > > I noticed a large performance decrease between 0.9.4 and later versions. > I > would suggest trying 0.9.4 to see if that version works better for you. > > Phil Van Baren > phil at vibrationresearch.com > > > From: Rick Matlock > > Sent: Thursday, 5 August 1999 7:12 PM > > > > I am having some pretty bad performance problems with Windows 98 and > > PoPToP v0.9.10. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From rmatlock at calltech.com Thu Aug 5 20:31:54 1999 From: rmatlock at calltech.com (Rick Matlock) Date: Thu Aug 5 20:31:54 1999 Subject: [pptp-server] Speed/performance problems with v0.9.10 and 98 Message-ID: I get between 120 and 200 pings normally, with no (<1%) packetloss. Without pptp, the connection to the site is very nice (fast and low latency). I go through about 4 routers going from my cable modem to the cisco border router at our site. My first guess would not be the cable modem. The ISP has 1 router to go through (we own the ISP). Rick -----Original Message----- From: tmk [mailto:tmk at netmagic.net] Sent: Thursday, August 05, 1999 5:23 PM To: Rick Matlock; pptp-server at lists.schulte.org Cc: 'Philip Van Baren' Subject: Re: [pptp-server] Speed/performance problems with v0.9.10 and 98 sounds like either the cable modem or the cable modem service is crappy.. what results do you get when you ping the internet ip's of each? (ie ping cable ip from linux server, and linux ip from cable) Kevin ----- Original Message ----- From: Rick Matlock To: Cc: 'Philip Van Baren' Sent: Thursday, August 05, 1999 5:22 PM Subject: RE: [pptp-server] Speed/performance problems with v0.9.10 and 98 > Ok, two more things... > > I went down to 0.9.4 and still had simmilar problems, but not as bad. > Pinging from the client side, I received higher ping rates, but my > packet loss was just as bad. > > On the server side, the ping rates were a little lower (but still > unusable), and packet loss was down (12%). > So, average was 4700, low was like 150 and high 12000. > > Also, one more thing to add that I had forgotten previously, if I dial > into the ISP and do a tunnel (with a 33.6 connection), I have no > problems at all. Pings are good, packet loss is acceptable (1-2%). > > Any more ideas? > > Rick > > -----Original Message----- > From: Philip Van Baren [mailto:phil at vibrationresearch.com] > Sent: Thursday, August 05, 1999 4:56 PM > To: Rick Matlock; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Speed/performance problems with v0.9.10 and > 98 > > > I noticed a large performance decrease between 0.9.4 and later versions. > I > would suggest trying 0.9.4 to see if that version works better for you. > > Phil Van Baren > phil at vibrationresearch.com > > > From: Rick Matlock > > Sent: Thursday, 5 August 1999 7:12 PM > > > > I am having some pretty bad performance problems with Windows 98 and > > PoPToP v0.9.10. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From jcaspen at ittc.ukans.edu Thu Aug 5 20:39:54 1999 From: jcaspen at ittc.ukans.edu (Carlos Javier Castro Pena) Date: Thu Aug 5 20:39:54 1999 Subject: [pptp-server] Where are the rc4 files? References: <37AA2481.D854D5F6@ittc.ukans.edu> <001901bedfa0$556b2840$011c0fc0@lala.net> Message-ID: <37AA3CC1.5D01086D@ittc.ukans.edu> I read them ,but I couldn't find help. My first problem is where can I find the rc4 files because I couldn't find a link from the Web site or the docs. Then I tried to gunzip the patch as described, but it didn't recognize it as a gzip file. Thanks! tmk wrote: > look through the archives, there was a couple posts that explain in detail > how to install the mppe patch. > > Kevin > ----- Original Message ----- > From: Carlos Javier Castro Pena > To: ppptp server > Sent: Thursday, August 05, 1999 4:55 PM > Subject: [pptp-server] Where are the rc4 files? > > > I am following the instructions to apply the encryption patch but: > > > > - I can't gunzip the .gz patch > > - I can' find the rc4 files > > > > Where should I look for them? > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > From luyer at ucs.uwa.edu.au Fri Aug 6 00:30:30 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Aug 6 00:30:30 1999 Subject: [pptp-server] ISDN connections from Compaq 4000 modem chassis In-Reply-To: Your message of "Thu, 05 Aug 1999 11:13:59 -0400." Message-ID: <199908060530.NAA14256@typhaon.ucs.uwa.edu.au> > > Hello, > > I was wondering if any progress progress has been made adding support for > incoming ISDN connections to PoPToP? I have a Compaq Microcom 4000 modem > chassis which works using NT but all I have gotten is "message type 9 not > supported" when using PoPToP. This has been discussed in the past. It is a lot deeper than adding "message type 9" support. I consider it a post-1.0 issue that I have some plans on how to implement but will require major work. The current PoPToP is a PAC (the server side of IP tunnelling is a PAC), you want a PNS. That's the first problem, but not too major, it just requires a complete set of new functions to respond to different messages. The second item is a bit more of a problem. You need support for multiple "calls" from the same source address. This requires proper multiplexing of the GRE channel, something which has been ignored so far, and a restructuring of the way everything works, probably including the addition of another binary. David. From luyer at ucs.uwa.edu.au Fri Aug 6 00:32:49 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Aug 6 00:32:49 1999 Subject: [pptp-server] PPTP/Slackware configuration.... In-Reply-To: Your message of "Thu, 05 Aug 1999 11:22:17 -0400." <37A9AC21.70418568@usit.net> Message-ID: <199908060532.NAA14279@typhaon.ucs.uwa.edu.au> > but there's > mention of 'pty' support. Has anyone used Slackware 2.0.x with PoPToP > and what's up with the 'pty' stuff ?? If you have either xterm or telnetd working, then you already have pty support. Almost every Linux kernel has it. I don't know if it's even an option, it isn't in 2.2.x. Under *BSD, it is an option you need to make sure you have. David. From luyer at ucs.uwa.edu.au Fri Aug 6 00:41:39 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Aug 6 00:41:39 1999 Subject: [pptp-server] Speed/performance problems with v0.9.10 and 98 In-Reply-To: Your message of "Thu, 05 Aug 1999 20:22:21 -0400." Message-ID: <199908060541.NAA14381@typhaon.ucs.uwa.edu.au> > Ok, two more things... > > I went down to 0.9.4 and still had simmilar problems, but not as bad. > Pinging from the client side, I received higher ping rates, but my > packet loss was just as bad. That's interesting. Can you positively verify a decrease in performance between 0.9.4 and 0.9.5? 0.9.5 fixes some important bugs. If there is definitely a performance decrease there, try backing out the changes one by one and find which one caused it. The first two to try backing out would be the specific GRE bind() and the sequence number checking change. Is your pptpd logging anything on the server, eg, heaps of out-of-order packets? David. From grewer at grewer.flf.lu Fri Aug 6 02:25:37 1999 From: grewer at grewer.flf.lu (Niklas Hoglund) Date: Fri Aug 6 02:25:37 1999 Subject: [pptp-server] Re: pptp-server digest, Vol 1 #77 - 9 msgs In-Reply-To: <199908031350.IAA15373@snaildust.schulte.org> Message-ID: On Tue, 3 Aug 1999 pptp-server-admin at lists.schulte.org wrote: > /etc/ppp/options: > mppe-40 > mppe-128 I thought that MPPE only supported 40bits encryption? is there a 128 bits too? //Regards, Niklas From Peter.Galbavy at knowledge.com Fri Aug 6 07:04:32 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Fri Aug 6 07:04:32 1999 Subject: [pptp-server] RPM's and MPPE 40-128 bit RC4 encryption In-Reply-To: <379F26F3.E906506A@home.com>; from Malay Shah on Wed, Jul 28, 1999 at 11:51:15AM -0400 References: <379F26F3.E906506A@home.com> Message-ID: <19990806130426.A9766@office.knowledge.com> On Wed, Jul 28, 1999 at 11:51:15AM -0400, Malay Shah wrote: > Michael, > You'll have to download the SSLeay 0.6.6 package from > ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ > It should contain the rc4.h and rc4_enc.c It may not work, but a better maintained package would be the later OpenSLL - www.openssl.org -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From srhodes at amll.com Fri Aug 6 08:59:54 1999 From: srhodes at amll.com (Steve Rhodes) Date: Fri Aug 6 08:59:54 1999 Subject: [pptp-server] Getting there a step at a time References: Message-ID: <37AAE9B0.675A6A05@amll.com> Michael, I am away from my machines, so I don't have exact reference, but it sounds like you forgot to compile the modules after building the pppd with mppe encryption. In your lib/modules subdir there should be an object file called ppp_mppe.o, as well as ppp_deflate.o and bsd_comp.o. These correspond to the ppp-compress-xx messages. The biggest one here is ppp-compress-18 which is ppp_mppe. If you run the command insmod ppp_mppe, and it succeeds, this message should go away. If it fails, you forgot to install the module. This can happen unexpectedly, because there are a couple of tricks to get it in. When you build pppd-2.3.8, you have to go into the pppd-2.3.8/linux subdir and run a command ./kinstall.sh. This patches the kernel modules so ppp_mppe will build. You then have to go over to the kernel source at /usr/src/linux and run make modules, then make modules_install. This should put the ppp_mppe.o file into lib/modules. You can then edit the conf.modules file and add alias ppp-compress-18 ppp_mppe. This will auto load the encryption stuff. There are entries that will also get the other two, but I can't recall which is which. One of them will get two ppp-compress-xx messages to go away. Regards, Steve Rhodes Michael Walter wrote: > Hello again all, > Well, thanks to Steve Rhodes for pointing out the big problem in my pptpd > server configuration. I had assumed that in the pptpd.conf file the remote > address was supposed to be the address of the internet nic. When I changed > this to the internal address I wanted to supply to the vpn client most of my > problems went away. I can now connect to the vpn effortlessly, ping to the > local subnet, use mschap-v2, and pretty much be a complete member of the > local network. I am still having one problem however, when I tell the win98 > client to require encrypted data I get an error 742, the server does not > support data encryption on the client. The pptpd.log file reports gateway > modpro be: can't locate module ppp-compress-18. I have done the aliasing > for ppp-compress-21, ppp-compress-24 and ppp-compress-26. Does anyone know > if there is an alias for ppp-compress-18, or did i miss something when I > added rc4 support? > Thanks for all the help so far, > > Michael J. Walter mcse > Gliatech, Inc. > walterm at gliatech.com > mwalter at drwalter.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From phil at vibrationresearch.com Fri Aug 6 20:30:11 1999 From: phil at vibrationresearch.com (Philip Van Baren) Date: Fri Aug 6 20:30:11 1999 Subject: [pptp-server] Speed/performance problems with v0.9.10 and 98 In-Reply-To: <199908060541.NAA14381@typhaon.ucs.uwa.edu.au> Message-ID: <000001bee074$a65ea040$ea02a8c0@bud.ameritech.net> I found what caused my performance decrease: in 0.9.5 the PCKT_RECV_WINDOW_SIZE was changed to 1 (was 2 in 0.9.4) Bumping that value back up to 2 in the source for version 0.9.10 fixes my performance problem. Phil VanBaren > That's interesting. Can you positively verify a decrease in performance > between 0.9.4 and 0.9.5? 0.9.5 fixes some important bugs. > > If there is definitely a performance decrease there, try backing out the > changes one by one and find which one caused it. > > The first two to try backing out would be the specific GRE bind() and the > sequence number checking change. > > Is your pptpd logging anything on the server, eg, heaps of out-of-order > packets? > > David. > --- pptpd-0.9.10/pptpdefs.h Mon Aug 2 19:25:10 1999 +++ pptpd-0.9.10-new/pptpdefs.h Fri Aug 6 21:13:25 1999 @@ -90,7 +90,7 @@ #define MAX_CHANNELS 0x0001 /* Out Call Reply Defines */ -#define PCKT_RECV_WINDOW_SIZE 0x0001 +#define PCKT_RECV_WINDOW_SIZE 0x0002 #define PCKT_PROCESS_DELAY 0x0000 #define CHANNEL_ID 0x00000000 From rmatlock at calltech.com Fri Aug 6 21:17:42 1999 From: rmatlock at calltech.com (Rick Matlock) Date: Fri Aug 6 21:17:42 1999 Subject: [pptp-server] Speed/performance problems with v0.9.10 and 98 Message-ID: This worked for me on v0.9.5!!! I have no idea because 0.9.4 had the same problems as the .9.10, but changing that in 0.9.10 worked great. Thanks for your help Rick -----Original Message----- From: Philip Van Baren [mailto:phil at vibrationresearch.com] Sent: Friday, August 06, 1999 6:32 PM To: pptp-server at lists.schulte.org Cc: matthewr at moreton.com.au; David Luyer; Rick Matlock Subject: RE: [pptp-server] Speed/performance problems with v0.9.10 and 98 I found what caused my performance decrease: in 0.9.5 the PCKT_RECV_WINDOW_SIZE was changed to 1 (was 2 in 0.9.4) Bumping that value back up to 2 in the source for version 0.9.10 fixes my performance problem. Phil VanBaren > That's interesting. Can you positively verify a decrease in performance > between 0.9.4 and 0.9.5? 0.9.5 fixes some important bugs. > > If there is definitely a performance decrease there, try backing out the > changes one by one and find which one caused it. > > The first two to try backing out would be the specific GRE bind() and the > sequence number checking change. > > Is your pptpd logging anything on the server, eg, heaps of out-of-order > packets? > > David. > --- pptpd-0.9.10/pptpdefs.h Mon Aug 2 19:25:10 1999 +++ pptpd-0.9.10-new/pptpdefs.h Fri Aug 6 21:13:25 1999 @@ -90,7 +90,7 @@ #define MAX_CHANNELS 0x0001 /* Out Call Reply Defines */ -#define PCKT_RECV_WINDOW_SIZE 0x0001 +#define PCKT_RECV_WINDOW_SIZE 0x0002 #define PCKT_PROCESS_DELAY 0x0000 #define CHANNEL_ID 0x00000000 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From me at tha.net Sat Aug 7 07:24:15 1999 From: me at tha.net (meridian) Date: Sat Aug 7 07:24:15 1999 Subject: [pptp-server] Compression / Encryption / routing References: Message-ID: <37AC2551.AD5C2ACB@tha.net> tmk wrote: > > > - PoPTop logs ' compression disabled by peer ' if compression is > > selected in the Client. How can it be enabled. > > make sure you have the compression modules loaded for ppp. if your linux > /var/log/messages has lines that say can't load module ppp-compress-?? > then you need to load the compression modules. > > > - If software encryption is enabled in the client, it says that the > > server doesn't support it. > > did you compile the mppe patch into pppd? you need to do that before it > will support encryption > well i know i compiled mppe into the kernel and into ppp however it gives me the same error trying to connect from win2k. i can connect perfectly with encryption turned off however > > > > - How should I set a route from my local NET to the net of the POPTop > > server? I tryied using the route add command of Windows but it didn't > > add the route. > > when it connects, windows makes a route for it automatically. You might > try reading the ppp-howto for info on how to setup routes for dialup users > (pptp uses ppp to connect, so it can be viewed just like a dialup > connection) > > Kevin > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- meridian me at NOSPAM.tha.net -------------- next part -------------- A non-text attachment was scrubbed... Name: me.vcf Type: text/x-vcard Size: 159 bytes Desc: Card for meridian URL: From vogt at serc.nl Sat Aug 7 07:39:33 1999 From: vogt at serc.nl (Harald Vogt) Date: Sat Aug 7 07:39:33 1999 Subject: [pptp-server] W95 no traffic via pptpd/slirp/solaris problem - help Message-ID: Hi, I am running pptpd-0.9.10 with slirp instead of pppd on a Solaris box and try to connect with a W95 DUN 1.3 client. I am getting a normal pptp connection without errors via my ISP, so authentication is ok. The problem is that I can get no traffic via the pptp link. My routing table looks as follows on W95 (my ISP address is 193.173.113.22, my ppptp server address is 192.87.7.3 and my remote ip pptp adress is 192.87.7.231): Active Routes: Network Address Netmask Gateway Address Interface Metric 0.0.0.0 0.0.0.0 193.173.113.22 193.173.113.22 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.87.7.0 255.255.255.0 192.87.7.231 192.87.7.231 1 192.87.7.3 255.255.255.255 193.173.113.22 193.173.113.22 1 192.87.7.231 255.255.255.255 127.0.0.1 127.0.0.1 1 193.173.113.0 255.255.255.0 193.173.113.22 193.173.113.22 1 193.173.113.22 255.255.255.255 127.0.0.1 127.0.0.1 1 193.173.113.255 255.255.255.255 193.173.113.22 193.173.113.22 1 224.0.0.0 224.0.0.0 193.173.113.22 193.173.113.22 1 224.0.0.0 224.0.0.0 192.87.7.231 192.87.7.231 1 255.255.255.255 255.255.255.255 193.173.113.22 193.173.113.22 1 I am able to ping my pptp server via my ISP link, but when I try to ping or telnet to 192.87.7.4 on our own net, I get only request timed out. Questions: o What is/ am i doing wrong? o The route table seems to be ok, internal traffic should go via the entry 192.87.7.0 and everythig else via 0.0.0.0, or am I wrong? o Should slirp send some "magic" init bytes to the client? Any hints/suggestions are appreciated. Regards, Harald Vogt From luyer at ucs.uwa.edu.au Sat Aug 7 13:30:56 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sat Aug 7 13:30:56 1999 Subject: [pptp-server] Speed/performance problems with v0.9.10 and 98 Message-ID: <199908071830.CAA03841@libretto.ucs.uwa.edu.au> OK, increasing PCKT_RECV_WINDOW_SIZE would appear sensible, and probably to a much larger value (64??). I'm going to re-read all the congestion control stuff in the internet draft as our implementation is very light on this. David. From cybear at pacbell.net Sat Aug 7 13:38:36 1999 From: cybear at pacbell.net (Matt Templeton) Date: Sat Aug 7 13:38:36 1999 Subject: [pptp-server] Using second address on card... Message-ID: <37AC80CC.C3C29AA0@pacbell.net> I have pptp up and running great. however, I have several Linux boxes with 2 or 3 address per nic. If I try to use an address on eth0:0 I get the following error messaged in /var/log/messages: found interface eth0:0 for proxy arp ioctl (SIOCSARP): no such device(19) local IP address 192.168.3.100 remote IP address 192.168.3.150 MPPE 40 bit, stateless compression enabled CTRL: EOF or bad error reading ctrl packet length. CTRL: couldn't read packet header (exit) CTRL: CTRL read failed CTRL: Client control connection finished Modem hangup Has anyone ben able to make a connection using the second IP on a nic? If so, could you clue me in on the trick?? From luyer at ucs.uwa.edu.au Sat Aug 7 15:59:43 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sat Aug 7 15:59:43 1999 Subject: [pptp-server] Using second address on card... Message-ID: <199908072059.EAA04849@libretto.ucs.uwa.edu.au> That error is happening way too early, it's an error on the TCP connection. Confusing and possibly not the real error. Are you using a version after the specific interface bind() was added to the GRE code? 0.9.5 or so I think... You want to be using one of those versions for multiple IP address boxes. David. From luyer at ucs.uwa.edu.au Sat Aug 7 16:04:03 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sat Aug 7 16:04:03 1999 Subject: [pptp-server] ugh: real congestion control Message-ID: <199908072103.FAA04856@libretto.ucs.uwa.edu.au> I started working on real congestion control, but after reading the draft a bit I realised the way things are meant to work is pretty stupid and we aren't doing much worse on the outbound by simply flooding the network. An ack automatically acknowledges all previous packets in the window, so if the window is large and there is a strong packet flow, chances are the window will move quick enough that you will always acknowledge a range of packets before timeout and you'll just flood the network in question with dropped packets. Anyway, I'm going to back out most of my changes and then commit the useful ones; return the same receive window size on our end as the transmitter sent us (even though it's a complete lie, the whole thing seems to poorly designed it shouldn't matter and should improve performance, an alternative would be returing a constant like 64 or 128). The other is a fix for a bug to do with failed network writes, which I don't think can happen anyway. David. From matthewr at moreton.com.au Sun Aug 8 20:04:41 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Sun Aug 8 20:04:41 1999 Subject: [pptp-server] v0.9.11 Message-ID: <37AE27D6.8260457E@moreton.com.au> PoPToP v0.9.11 has been released! Grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html This version includes the recent PCKT_RECV_WINDOW_SIZE lag fix noted by Phillip. David also made some other changes (ChangeLog below): v0.9.10 -> v0.9.11 8 August, 1999 - increased "receive window size" to match the other side - improved behaviour if a network write ever fails - minor changes to macro names and operation of functions - check call id on incoming GRE packets Finally, I'm looking for more feedback from people using PoPToP. If you are using PoPToP on a regular basis can you drop me a line and give me some info.. Thanks to the few who took the time to reply last time I requested this. cheers, From rmatlock at calltech.com Mon Aug 9 15:02:40 1999 From: rmatlock at calltech.com (Rick Matlock) Date: Mon Aug 9 15:02:40 1999 Subject: [pptp-server] problem with mppe patch on pppd Message-ID: This is probably an extermely simple solution, so I figured I would post it. I am getting the following error win I attempt to insmod the ppp_mppe module: unresolved symbol RC4_set_key I have attempted to use the rc4.h and the rc4_enc.c files from both SSLea-0.9.0b and openssl-0.9.3a, but both have the exact same problem. Any quick solutions, or a URL that has the solution? I found the above function in the rc4_skey.c file: void RC4_set_key(key, len, data) RC4_KEY *key; int len; register unsigned char *data; I am using pppd-2.3.8 and the patch. THe patch installed fine, and the kernel compiled good. All other modules in the kernel work, just the ppp_mppe is giving this error. Thanks in advance for any help. Rick From jcaspen at ittc.ukans.edu Mon Aug 9 17:22:19 1999 From: jcaspen at ittc.ukans.edu (Carlos Castro Pena) Date: Mon Aug 9 17:22:19 1999 Subject: [pptp-server] Problem untar the diff patche for secure pptp Message-ID: <37AF5495.A94E7114@ittc.ukans.edu> If I untar the file I get: % tar xvzf ppp-2.3.8-mppe-others-norc4_TH7.diff gzip: stdin: not in gzip format tar: Child returned status 1 tar: Error exit delayed from previous errors % tar xvf ppp-2.3.8-mppe-others-norc4_TH7.diff tar: Hmm, this doesn't look like a tar archive tar: Skipping to next file header tar: Only read 5318 bytes from archive ppp-2.3.8-mppe-others-norc4_TH7.diff tar: Error is not recoverable: exiting now Downloaded from: http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff.gz Thank you for your answer! javier From jcaspen at ittc.ukans.edu Mon Aug 9 17:45:48 1999 From: jcaspen at ittc.ukans.edu (Carlos Castro Pena) Date: Mon Aug 9 17:45:48 1999 Subject: [pptp-server] Problem untar the diff patche for secure pptp References: <37AF5495.A94E7114@ittc.ukans.edu> Message-ID: <37AF5A18.45153C99@ittc.ukans.edu> I downloaded it again and applied the patch without following the step by step instructions. It wasn't compressed. Carlos Castro Pena wrote: > If I untar the file I get: > > % tar xvzf ppp-2.3.8-mppe-others-norc4_TH7.diff > gzip: stdin: not in gzip format > tar: Child returned status 1 > tar: Error exit delayed from previous errors > > % tar xvf ppp-2.3.8-mppe-others-norc4_TH7.diff > tar: Hmm, this doesn't look like a tar archive > tar: Skipping to next file header > tar: Only read 5318 bytes from archive > ppp-2.3.8-mppe-others-norc4_TH7.diff > tar: Error is not recoverable: exiting now > > Downloaded from: > > http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff.gz > > Thank you for your answer! > javier > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From jcaspen at ittc.ukans.edu Mon Aug 9 18:16:37 1999 From: jcaspen at ittc.ukans.edu (Carlos Castro Pena) Date: Mon Aug 9 18:16:37 1999 Subject: [pptp-server] Problem to compile mppe module Message-ID: <37AF614E.C180E191@ittc.ukans.edu> I could patch ppp 2.3.8, and replace the old pppd daemon. Now I am trying to compile the kernel modules and I get the following error (I pasted only the part I could copy). What can be the problem. My kernel is 2.2.10 and the distribution is Red Hat 5. The rc4 files were copied from SSLeay 0.9.0b ppp_mppe.c:124: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_change_key': ppp_mppe.c:138: dereferencing pointer to incomplete type ppp_mppe.c:138: dereferencing pointer to incomplete type ppp_mppe.c:139: dereferencing pointer to incomplete type ppp_mppe.c:140: dereferencing pointer to incomplete type ppp_mppe.c:140: dereferencing pointer to incomplete type ppp_mppe.c:141: dereferencing pointer to incomplete type ppp_mppe.c:144: dereferencing pointer to incomplete type ppp_mppe.c:144: dereferencing pointer to incomplete type ppp_mppe.c:145: dereferencing pointer to incomplete type ppp_mppe.c:145: dereferencing pointer to incomplete type ppp_mppe.c:148: warning: implicit declaration of function `RC4' ppp_mppe.c:148: dereferencing pointer to incomplete type ppp_mppe.c:148: dereferencing pointer to incomplete type ppp_mppe.c:149: dereferencing pointer to incomplete type ppp_mppe.c:150: dereferencing pointer to incomplete type ppp_mppe.c:150: dereferencing pointer to incomplete type ppp_mppe.c:151: dereferencing pointer to incomplete type ppp_mppe.c:153: dereferencing pointer to incomplete type ppp_mppe.c:156: dereferencing pointer to incomplete type ppp_mppe.c:156: dereferencing pointer to incomplete type ppp_mppe.c:157: dereferencing pointer to incomplete type ppp_mppe.c:157: dereferencing pointer to incomplete type ppp_mppe.c:158: dereferencing pointer to incomplete type ppp_mppe.c:158: dereferencing pointer to incomplete type ppp_mppe.c:162: dereferencing pointer to incomplete type ppp_mppe.c:162: dereferencing pointer to incomplete type ppp_mppe.c:162: dereferencing pointer to incomplete type ppp_mppe.c:163: dereferencing pointer to incomplete type ppp_mppe.c:163: dereferencing pointer to incomplete type ppp_mppe.c:163: dereferencing pointer to incomplete type ppp_mppe.c:165: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_comp_alloc': ppp_mppe.c:274: dereferencing pointer to incomplete type ppp_mppe.c:280: sizeof applied to an incomplete type ppp_mppe.c:280: sizeof applied to an incomplete type ppp_mppe.c:280: sizeof applied to an incomplete type ppp_mppe.c:280: sizeof applied to an incomplete type ppp_mppe.c:280: sizeof applied to an incomplete type ppp_mppe.c:280: sizeof applied to an incomplete type ppp_mppe.c:283: dereferencing pointer to incomplete type ppp_mppe.c:283: dereferencing pointer to incomplete type ppp_mppe.c:285: dereferencing pointer to incomplete type ppp_mppe.c:286: dereferencing pointer to incomplete type ppp_mppe.c:286: dereferencing pointer to incomplete type ppp_mppe.c:286: dereferencing pointer to incomplete type ppp_mppe.c:286: dereferencing pointer to incomplete type ppp_mppe.c:286: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c:287: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_comp_init': ppp_mppe.c:307: dereferencing pointer to incomplete type ppp_mppe.c:308: dereferencing pointer to incomplete type ppp_mppe.c:309: dereferencing pointer to incomplete type ppp_mppe.c:313: dereferencing pointer to incomplete type ppp_mppe.c:313: dereferencing pointer to incomplete type ppp_mppe.c:315: dereferencing pointer to incomplete type ppp_mppe.c:316: dereferencing pointer to incomplete type ppp_mppe.c:316: dereferencing pointer to incomplete type ppp_mppe.c:316: dereferencing pointer to incomplete type ppp_mppe.c:316: dereferencing pointer to incomplete type ppp_mppe.c:316: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c:317: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_decomp_init': ppp_mppe.c:337: dereferencing pointer to incomplete type ppp_mppe.c:338: dereferencing pointer to incomplete type ppp_mppe.c:339: dereferencing pointer to incomplete type ppp_mppe.c:340: dereferencing pointer to incomplete type ppp_mppe.c:344: dereferencing pointer to incomplete type ppp_mppe.c:344: dereferencing pointer to incomplete type ppp_mppe.c:346: dereferencing pointer to incomplete type ppp_mppe.c:347: dereferencing pointer to incomplete type ppp_mppe.c:347: dereferencing pointer to incomplete type ppp_mppe.c:347: dereferencing pointer to incomplete type ppp_mppe.c:347: dereferencing pointer to incomplete type ppp_mppe.c:347: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c:348: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_comp_reset': ppp_mppe.c:364: dereferencing pointer to incomplete type ppp_mppe.c:365: dereferencing pointer to incomplete type ppp_mppe.c:366: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_update_count': ppp_mppe.c:375: dereferencing pointer to incomplete type ppp_mppe.c:377: dereferencing pointer to incomplete type ppp_mppe.c:379: dereferencing pointer to incomplete type ppp_mppe.c:380: dereferencing pointer to incomplete type ppp_mppe.c:382: dereferencing pointer to incomplete type ppp_mppe.c:386: dereferencing pointer to incomplete type ppp_mppe.c:389: dereferencing pointer to incomplete type ppp_mppe.c:390: dereferencing pointer to incomplete type ppp_mppe.c:392: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_compress': ppp_mppe.c:431: dereferencing pointer to incomplete type ppp_mppe.c:431: dereferencing pointer to incomplete type ppp_mppe.c:432: dereferencing pointer to incomplete type ppp_mppe.c:435: dereferencing pointer to incomplete type ppp_mppe.c:439: dereferencing pointer to incomplete type ppp_mppe.c:442: dereferencing pointer to incomplete type ppp_mppe.c:443: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_comp_stats': ppp_mppe.c:459: dereferencing pointer to incomplete type ppp_mppe.c:459: dereferencing pointer to incomplete type ppp_mppe.c:460: dereferencing pointer to incomplete type ppp_mppe.c:460: dereferencing pointer to incomplete type ppp_mppe.c:463: dereferencing pointer to incomplete type ppp_mppe.c:463: dereferencing pointer to incomplete type ppp_mppe.c:463: dereferencing pointer to incomplete type ppp_mppe.c:465: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_decompress': ppp_mppe.c:479: dereferencing pointer to incomplete type ppp_mppe.c:481: dereferencing pointer to incomplete type ppp_mppe.c:490: dereferencing pointer to incomplete type ppp_mppe.c:491: dereferencing pointer to incomplete type ppp_mppe.c:492: dereferencing pointer to incomplete type ppp_mppe.c:495: dereferencing pointer to incomplete type ppp_mppe.c:499: dereferencing pointer to incomplete type ppp_mppe.c:500: dereferencing pointer to incomplete type ppp_mppe.c:502: dereferencing pointer to incomplete type ppp_mppe.c:502: dereferencing pointer to incomplete type ppp_mppe.c:505: dereferencing pointer to incomplete type ppp_mppe.c:527: dereferencing pointer to incomplete type ppp_mppe.c:532: dereferencing pointer to incomplete type ppp_mppe.c:534: dereferencing pointer to incomplete type ppp_mppe.c:535: dereferencing pointer to incomplete type ppp_mppe.c: In function `mppe_incomp': ppp_mppe.c:548: dereferencing pointer to incomplete type ppp_mppe.c:549: dereferencing pointer to incomplete type make[1]: *** [ppp_mppe.o] Error 1 make[1]: Leaving directory `/xxx/linux/drivers/net' make: *** [_mod_drivers/net] Error 2 From tmk at netmagic.net Mon Aug 9 18:36:47 1999 From: tmk at netmagic.net (tmk) Date: Mon Aug 9 18:36:47 1999 Subject: [pptp-server] problem with mppe patch on pppd In-Reply-To: Message-ID: that's an easy one.. there are a couple of extra files you need to get if you get the rc4 files from a different distro than is mentioned in readme.mppe. I forget what they are, but look through the archives, and i'll see what i can do about getting this note added to teh main install guide. Kevin On Mon, 9 Aug 1999, Rick Matlock wrote: > This is probably an extermely simple solution, so I figured I would post > it. I am getting the following error win I attempt to insmod the > ppp_mppe module: > > unresolved symbol RC4_set_key > > I have attempted to use the rc4.h and the rc4_enc.c files from both > SSLea-0.9.0b and openssl-0.9.3a, but both have the exact same problem. > > Any quick solutions, or a URL that has the solution? I found the above > function in the rc4_skey.c file: > > void RC4_set_key(key, len, data) > RC4_KEY *key; > int len; > register unsigned char *data; > > I am using pppd-2.3.8 and the patch. THe patch installed fine, and the > kernel compiled good. All other modules in the kernel work, just the > ppp_mppe is giving this error. > > > Thanks in advance for any help. > Rick > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Mon Aug 9 18:41:57 1999 From: tmk at netmagic.net (tmk) Date: Mon Aug 9 18:41:57 1999 Subject: [pptp-server] Problem to compile mppe module In-Reply-To: <37AF614E.C180E191@ittc.ukans.edu> Message-ID: try getting the rc4 files from the distribution recommended in the readme.mppe file that is created after you patch pppd. Also check through the mailer archives - i posed an expanded install guide a while back. Kevin On Mon, 9 Aug 1999, Carlos Castro Pena wrote: > I could patch ppp 2.3.8, and replace the old pppd daemon. Now I am > trying to compile the kernel modules and I get the following error > (I pasted only the part I could copy). What can be the problem. My > kernel is 2.2.10 and the distribution is Red Hat 5. The rc4 files were > copied from SSLeay 0.9.0b > > ppp_mppe.c:124: dereferencing pointer to incomplete type > ppp_mppe.c: In function `mppe_change_key': > ppp_mppe.c:138: dereferencing pointer to incomplete type > ppp_mppe.c:138: dereferencing pointer to incomplete type > ppp_mppe.c:139: dereferencing pointer to incomplete type > ppp_mppe.c:140: dereferencing pointer to incomplete type > ppp_mppe.c:140: dereferencing pointer to incomplete type > ppp_mppe.c:141: dereferencing pointer to incomplete type > ppp_mppe.c:144: dereferencing pointer to incomplete type > ppp_mppe.c:144: dereferencing pointer to incomplete type > ppp_mppe.c:145: dereferencing pointer to incomplete type > ppp_mppe.c:145: dereferencing pointer to incomplete type > ppp_mppe.c:148: warning: implicit declaration of function `RC4' > ppp_mppe.c:148: dereferencing pointer to incomplete type > ppp_mppe.c:148: dereferencing pointer to incomplete type > ppp_mppe.c:149: dereferencing pointer to incomplete type > ppp_mppe.c:150: dereferencing pointer to incomplete type > ppp_mppe.c:150: dereferencing pointer to incomplete type > ppp_mppe.c:151: dereferencing pointer to incomplete type > ppp_mppe.c:153: dereferencing pointer to incomplete type > ppp_mppe.c:156: dereferencing pointer to incomplete type > ppp_mppe.c:156: dereferencing pointer to incomplete type > ppp_mppe.c:157: dereferencing pointer to incomplete type > ppp_mppe.c:157: dereferencing pointer to incomplete type > ppp_mppe.c:158: dereferencing pointer to incomplete type > ppp_mppe.c:158: dereferencing pointer to incomplete type > ppp_mppe.c:162: dereferencing pointer to incomplete type > ppp_mppe.c:162: dereferencing pointer to incomplete type > ppp_mppe.c:162: dereferencing pointer to incomplete type > ppp_mppe.c:163: dereferencing pointer to incomplete type > ppp_mppe.c:163: dereferencing pointer to incomplete type > ppp_mppe.c:163: dereferencing pointer to incomplete type > ppp_mppe.c:165: dereferencing pointer to incomplete type > ppp_mppe.c: In function `mppe_comp_alloc': > ppp_mppe.c:274: dereferencing pointer to incomplete type > ppp_mppe.c:280: sizeof applied to an incomplete type > ppp_mppe.c:280: sizeof applied to an incomplete type > ppp_mppe.c:280: sizeof applied to an incomplete type > ppp_mppe.c:280: sizeof applied to an incomplete type > ppp_mppe.c:280: sizeof applied to an incomplete type > ppp_mppe.c:280: sizeof applied to an incomplete type > ppp_mppe.c:283: dereferencing pointer to incomplete type > ppp_mppe.c:283: dereferencing pointer to incomplete type > ppp_mppe.c:285: dereferencing pointer to incomplete type > ppp_mppe.c:286: dereferencing pointer to incomplete type > ppp_mppe.c:286: dereferencing pointer to incomplete type > ppp_mppe.c:286: dereferencing pointer to incomplete type > ppp_mppe.c:286: dereferencing pointer to incomplete type > ppp_mppe.c:286: dereferencing pointer to incomplete type > ppp_mppe.c:287: dereferencing pointer to incomplete type > ppp_mppe.c:287: dereferencing pointer to incomplete type > ppp_mppe.c:287: dereferencing pointer to incomplete type > ppp_mppe.c:287: dereferencing pointer to incomplete type > ppp_mppe.c:287: dereferencing pointer to incomplete type > ppp_mppe.c:287: dereferencing pointer to incomplete type > ppp_mppe.c:287: dereferencing pointer to incomplete type > ppp_mppe.c: In function `mppe_comp_init': > ppp_mppe.c:307: dereferencing pointer to incomplete type > ppp_mppe.c:308: dereferencing pointer to incomplete type > ppp_mppe.c:309: dereferencing pointer to incomplete type > ppp_mppe.c:313: dereferencing pointer to incomplete type > ppp_mppe.c:313: dereferencing pointer to incomplete type > ppp_mppe.c:315: dereferencing pointer to incomplete type > ppp_mppe.c:316: dereferencing pointer to incomplete type > ppp_mppe.c:316: dereferencing pointer to incomplete type > ppp_mppe.c:316: dereferencing pointer to incomplete type > ppp_mppe.c:316: dereferencing pointer to incomplete type > ppp_mppe.c:316: dereferencing pointer to incomplete type > ppp_mppe.c:317: dereferencing pointer to incomplete type > ppp_mppe.c:317: dereferencing pointer to incomplete type > ppp_mppe.c:317: dereferencing pointer to incomplete type > ppp_mppe.c:317: dereferencing pointer to incomplete type > ppp_mppe.c:317: dereferencing pointer to incomplete type > ppp_mppe.c:317: dereferencing pointer to incomplete type > ppp_mppe.c:317: dereferencing pointer to incomplete type > ppp_mppe.c: In function `mppe_decomp_init': > ppp_mppe.c:337: dereferencing pointer to incomplete type > ppp_mppe.c:338: dereferencing pointer to incomplete type > ppp_mppe.c:339: dereferencing pointer to incomplete type > ppp_mppe.c:340: dereferencing pointer to incomplete type > ppp_mppe.c:344: dereferencing pointer to incomplete type > ppp_mppe.c:344: dereferencing pointer to incomplete type > ppp_mppe.c:346: dereferencing pointer to incomplete type > ppp_mppe.c:347: dereferencing pointer to incomplete type > ppp_mppe.c:347: dereferencing pointer to incomplete type > ppp_mppe.c:347: dereferencing pointer to incomplete type > ppp_mppe.c:347: dereferencing pointer to incomplete type > ppp_mppe.c:347: dereferencing pointer to incomplete type > ppp_mppe.c:348: dereferencing pointer to incomplete type > ppp_mppe.c:348: dereferencing pointer to incomplete type > ppp_mppe.c:348: dereferencing pointer to incomplete type > ppp_mppe.c:348: dereferencing pointer to incomplete type > ppp_mppe.c:348: dereferencing pointer to incomplete type > ppp_mppe.c:348: dereferencing pointer to incomplete type > ppp_mppe.c:348: dereferencing pointer to incomplete type > ppp_mppe.c: In function `mppe_comp_reset': > ppp_mppe.c:364: dereferencing pointer to incomplete type > ppp_mppe.c:365: dereferencing pointer to incomplete type > ppp_mppe.c:366: dereferencing pointer to incomplete type > ppp_mppe.c: In function `mppe_update_count': > ppp_mppe.c:375: dereferencing pointer to incomplete type > ppp_mppe.c:377: dereferencing pointer to incomplete type > ppp_mppe.c:379: dereferencing pointer to incomplete type > ppp_mppe.c:380: dereferencing pointer to incomplete type > ppp_mppe.c:382: dereferencing pointer to incomplete type > ppp_mppe.c:386: dereferencing pointer to incomplete type > ppp_mppe.c:389: dereferencing pointer to incomplete type > ppp_mppe.c:390: dereferencing pointer to incomplete type > ppp_mppe.c:392: dereferencing pointer to incomplete type > ppp_mppe.c: In function `mppe_compress': > ppp_mppe.c:431: dereferencing pointer to incomplete type > ppp_mppe.c:431: dereferencing pointer to incomplete type > ppp_mppe.c:432: dereferencing pointer to incomplete type > ppp_mppe.c:435: dereferencing pointer to incomplete type > ppp_mppe.c:439: dereferencing pointer to incomplete type > ppp_mppe.c:442: dereferencing pointer to incomplete type > ppp_mppe.c:443: dereferencing pointer to incomplete type > ppp_mppe.c: In function `mppe_comp_stats': > ppp_mppe.c:459: dereferencing pointer to incomplete type > ppp_mppe.c:459: dereferencing pointer to incomplete type > ppp_mppe.c:460: dereferencing pointer to incomplete type > ppp_mppe.c:460: dereferencing pointer to incomplete type > ppp_mppe.c:463: dereferencing pointer to incomplete type > ppp_mppe.c:463: dereferencing pointer to incomplete type > ppp_mppe.c:463: dereferencing pointer to incomplete type > ppp_mppe.c:465: dereferencing pointer to incomplete type > ppp_mppe.c: In function `mppe_decompress': > ppp_mppe.c:479: dereferencing pointer to incomplete type > ppp_mppe.c:481: dereferencing pointer to incomplete type > ppp_mppe.c:490: dereferencing pointer to incomplete type > ppp_mppe.c:491: dereferencing pointer to incomplete type > ppp_mppe.c:492: dereferencing pointer to incomplete type > ppp_mppe.c:495: dereferencing pointer to incomplete type > ppp_mppe.c:499: dereferencing pointer to incomplete type > ppp_mppe.c:500: dereferencing pointer to incomplete type > ppp_mppe.c:502: dereferencing pointer to incomplete type > ppp_mppe.c:502: dereferencing pointer to incomplete type > ppp_mppe.c:505: dereferencing pointer to incomplete type > ppp_mppe.c:527: dereferencing pointer to incomplete type > ppp_mppe.c:532: dereferencing pointer to incomplete type > ppp_mppe.c:534: dereferencing pointer to incomplete type > ppp_mppe.c:535: dereferencing pointer to incomplete type > ppp_mppe.c: In function `mppe_incomp': > ppp_mppe.c:548: dereferencing pointer to incomplete type > ppp_mppe.c:549: dereferencing pointer to incomplete type > make[1]: *** [ppp_mppe.o] Error 1 > make[1]: Leaving directory `/xxx/linux/drivers/net' > make: *** [_mod_drivers/net] Error 2 > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From rmatlock at calltech.com Mon Aug 9 19:24:17 1999 From: rmatlock at calltech.com (Rick Matlock) Date: Mon Aug 9 19:24:17 1999 Subject: [pptp-server] problem with mppe patch on pppd Message-ID: This was posted last month sometime (before I was on the list). I have included it again maybe to make life easier to someone else: Andy Carlson naclos at swbell.net Thu, 22 Jul 1999 09:09:06 -0500 (CDT) I fixed my problem with ppp_mppe.o, though I am still not sure why I had problems, and others seem not to. The instructions call for copying rc4.h and rc4_enc.c, but I also had to copy rc4_locl.h. I found the header for RC4_set_key in rc4_skey.c, so I copied that file, and added an include for it in ppp_mppe.c. -----Original Message----- From: tmk [mailto:tmk at netmagic.net] Sent: Monday, August 09, 1999 4:43 PM To: Rick Matlock Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] problem with mppe patch on pppd that's an easy one.. there are a couple of extra files you need to get if you get the rc4 files from a different distro than is mentioned in readme.mppe. I forget what they are, but look through the archives, and i'll see what i can do about getting this note added to teh main install guide. Kevin On Mon, 9 Aug 1999, Rick Matlock wrote: > This is probably an extermely simple solution, so I figured I would post > it. I am getting the following error win I attempt to insmod the > ppp_mppe module: > > unresolved symbol RC4_set_key > > I have attempted to use the rc4.h and the rc4_enc.c files from both > SSLea-0.9.0b and openssl-0.9.3a, but both have the exact same problem. > > Any quick solutions, or a URL that has the solution? I found the above > function in the rc4_skey.c file: > > void RC4_set_key(key, len, data) > RC4_KEY *key; > int len; > register unsigned char *data; > > I am using pppd-2.3.8 and the patch. THe patch installed fine, and the > kernel compiled good. All other modules in the kernel work, just the > ppp_mppe is giving this error. > > > Thanks in advance for any help. > Rick > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From jcaspen at ittc.ukans.edu Tue Aug 10 10:52:15 1999 From: jcaspen at ittc.ukans.edu (Carlos Javier Castro Pena) Date: Tue Aug 10 10:52:15 1999 Subject: [pptp-server] Re: Use of VPND References: Message-ID: <37B04A40.CCE5AB79@ittc.ukans.edu> Use the slip interface IP instead the ethernet IP of the other machine to send traffic through the tunnel. From jcaspen at ittc.ukans.edu Tue Aug 10 23:08:57 1999 From: jcaspen at ittc.ukans.edu (Carlos Castro Pena) Date: Tue Aug 10 23:08:57 1999 Subject: [pptp-server] Script to install ppp patches for encryption didn't work Message-ID: <37B0F74A.BC20701A@ittc.ukans.edu> When I run [./kinstall.sh], it didn't copy the files to the destination directory. It said that the current files of the linux source were newer. But this was not true, the rc4* didn't exist in /usr/src/linux/drivers/net . I solved it by deleting the files by hand, running the script again and copying the remaining files to the correct directory. ---------------------------------------------- Notice to the user: It is perfectly legal for this script to run without making any changes to your system. This means that the system currently contains the necessary changes to support this package. Please do not attempt to force this script to replace any file nor make any patch. If you do so then it is probable that you are actually putting older, buggier, code over the newer, fixed, code. Thank you. Installing into kernel version 2.2.10 in /usr/src/linux Installing new /usr/src/linux/drivers/net/bsd_comp.c Installing new /usr/src/linux/drivers/net/ppp_deflate.c Installing new /usr/src/linux/drivers/net/zlib.c Installing new /usr/src/linux/drivers/net/zlib.h Installing new /usr/src/linux/drivers/net/ppp_mppe.c Installing new /usr/src/linux/drivers/net/ppp_lzscomp.c Installing new /usr/src/linux/drivers/net/ppp_lzscomp.h Installing new /usr/src/linux/drivers/net/mppe.h Installing new /usr/src/linux/drivers/net/sha.h Installing new /usr/src/linux/drivers/net/sha1dgst.c Installing new /usr/src/linux/drivers/net/sha_locl.h /usr/src/linux/drivers/net/rc4_enc.c is not older than rc4_enc.c, skipping /usr/src/linux/drivers/net/rc4.h is not older than rc4.h, skipping Installing new /usr/src/linux/include/linux/if_ppp.h Installing new /usr/src/linux/include/linux/if_pppvar.h Installing new /usr/src/linux/include/linux/ppp-comp.h Installing new /usr/src/linux/include/linux/ppp_defs.h Installing new /usr/src/linux/drivers/net/ppp.c Adding BSD compression module to drivers makefile...(already there--skipping) Adding Deflate compression module to drivers makefile...(already there--skipping) Adding MPPE compression module to drivers makefile...(already there--skipping) Kernel driver files installation done ------------------------------------------------------ From walterm at Gliatech.com Wed Aug 11 16:09:08 1999 From: walterm at Gliatech.com (Michael Walter) Date: Wed Aug 11 16:09:08 1999 Subject: [pptp-server] Detailed Instruction Set Message-ID: Hello All, Well, my poptop server is up and running perfectly(Thanks for all the help). The final part of this project was to document how to recreate it from scratch for other administrators at my company. This installation is very specific to redhat 6.0. This is also writen for a complete newbie. In addition I wrote it while over-caffeinated and under slept and haven't had a chance to proof it. But it may help some who are still struggling out. It is in word 97 format(Sorry that's what we use). Michael J. Walter mcse Gliatech, Inc. walterm at gliatech.com mwalter at drwalter.com HOWTO Setup a Secure Redhat Linux 6.0 VPN 1) Introduction I initially prepared this document as an internal howto so that other administrators in my organization would be able to set up comparable VPN's without the learning curve that I went through. It is designed for a complete Linux/VPN newbie and goes into a large amount of detail. It also assumes that the installed computer will ONLY be a VPN and is completely blank at the start. The systems we are using have 3com 3c905b Ethernet cards that are plug and play and recognized by the Linux kernel. There may be slight differences in installation for different systems but this will give you a general idea of how things should work. Please note: I am NEITHER a Linux nor a security expert. This represents what I believe will be a secure implementation, but I make no guarantees. I also know that other users have had success with different installation methods and I am sure that there are better ways to do this. I am mailing this document to the Poptop users group purely out of appreciation for all the help that I was given when I started this project. Feel free to make any changes to this document that you wish for your own purposes. I claim no responsibility for this documents content or accuracy. 2) Software Information a) Redhat-6.0 Kernel-2.2.5-15 b) PPP-2.3.8 c) Pptpd-0.9.9-1 3) Hardware Information 4) Install the initial Redhat Linux 6.0 OS a) Insert the redhat boot floppy and/or redhat install CD. b) Allow the system to boot, when the, "Installation Path" window appears choose "install". c) In the "Installation Class" window choose "custom". d) In the "SCSI Configuration" window choose "No". e) In the "Disk Setup" window choose "Disk Druid". f) Use Disk Druid to create a Linux swap partition of 120meg in size. g) Use Disk Druid to create a Linux Native partition of the remaining hard drive space with a Mount Point of "/". Choose "OK" to exit Disk Druid. h) In the "Active Swap Space" window make sure there is a "*" next to the device and that "Check for bad blocks during format" does not have a "*". Choose "OK". i) In the "Partitions to Format" window make sure there is a "*" next to the device and that "Check for bad blocks during format" does not have a "*". Choose "OK". j) In the "Components to Install" window place a "*" next to the following components and clear all others. Then choose "OK" 1) X Windows System 2) GNOME 3) Networked Workstation 4) Dialup Workstation 5) C Development 6) Development Libraries 7) C++ Development 8) X Development 9) GNOME Development 10) Kernel Development 11) Extra Documentation k) In the "Install Log" window choose "OK". l) Redhat will start installing files... When it finishes the "Probing Result" window will appear. Redhat should have found your mouse, choose "OK". m) The "Configure Mouse" window will now appear. Choose your mouse type (normally Generic Mouse or Microsoft Compatible) then choose "OK". n) The "Network Configuration" window will now appear. Choose "Yes". o) The "Probe" window should now appear. One of your network cards should be listed. Choose "OK". p) The "Boot Protocol" window will appear. Choose "Static IP address" then choose "OK". q) The "Configure TCP/IP" window will appear. 1) Next to "IP address:" type the internal network IP address for this server. 2) Next to "Netmask:" type your internal Netmask. 3) Next to "Default gateway (IP):" type the IP address of your Internet router. 4) Next to "Primary nameserver:" type the address of your primary Internet DNS server. 5) Choose "OK". r) The "Configure Network" window should now appear. 1) Next to "Domain name: " type your TCP/IP domain name, do not include the name of this computer.(Note: this is not the same as your Windows NT domain) 2) Next to "Host name:" choose the internal name of this computer, redhat should append the domain name to your computer name. 3) Next to "Secondary nameserver (IP):" type the IP address of your secondary Internet DNS server if you have one, or leave this blank if you don't. 4) Next to "Tertiary nameserver (IP):" type the IP address of your internal DNS server or the address of a third Internet DNS server. 5) Choose "OK". s) The "Configure Timezones" window should appear. 1) 1) If your BIOS clock is set to Greenwich Mean Time place a "*" next to the "Hardware clock set to GMT". 2) Beneath the "Hardware clock set to GMT" item choose your local time zone. 3) Choose "OK". t) The "Services" window should now appear. Make sure there are "*"'s next to the following items and blanks next to any others. 1) Gpm- Mouse Driver 2) Keytable- Keyboard Driver 3) Network- Runlevel and network driver 4) Random- Probably a random number generator 5) Syslog- System Logger driver 6) Choose "OK". u) The "Configure Printer" window will appear, choose "No". v) The "Root Password" window will appear. Enter your password next to the "Password:" and "Password (again):" items then choose "OK". w) The "Authentication Configuration" window will now appear, remove the "*"'s from all the items in this window then choose "OK". x) The "Bootdisk" window will now appear, choose "No". y) The "Lilo Installation" window will appear, choose "OK". z) The "Lilo Installation" window will appear, choose "OK". aa) Now the Xwindows setup windows will begin to appear, Xwindows is out of the scope of this document, just make sure that your video card and monitor both work, as we will need to use Xwindows later in the install. bb) After Xwindows is installed Redhat will reboot your computer. Be sure to remove the floppy disk and CD-ROM. If you miss, wait for the initial install window to appear then remove the floppy and CD-ROM and reboot the system. 5) Build installable module support into your kernel a) After the reboot your login screen should appear. Next to login type "root" b) The "Password:" prompt will appear, enter the password you chose above in section 4 step v. c) Type "cd /usr/src/linux" d) Type "make menuconfig" e) After a while and several lines of text the "Main Menu" window should appear. I highly encourage you to explore the options available in this window but for now we will stick to what we need for the VPN. 1) Use your arrow keys to scroll to the "Networking Options" item and hit "Enter". a) a) The "Networking options" window should appear. b) Use your arrow keys to scroll down to "IP: masquerading" and type "N". c) Use your arrow keys to scroll down to "IP: tunneling" and type "N". d) Use your arrow keys to scroll down to "IP: aliasing support" and type "N". e) Use your arrow keys to scroll down to "IP: Reverse ARP" and type "N". f) Use your arrow keys to scroll down to "The IPX protocol" and type "N". g) Use your arrow keys to scroll down to "Appletalk DDP" and type "N". h) Use your right arrow key to highlight "" at the bottom of the screen and hit "Enter" f) Use your right arrow key to highlight "" at the bottom of the screen and hit "Enter" g) A titleless window should now appear, choose "". h) Type "make dep" i) Type "make clean" j) Type "make bzImage" (Go get some coffee, take a nap, whatever-it's gonna be a while) k) This probably is not necessary, but I always reboot here, type "shutdown -r now" 6) Build the Microsoft Compatible Point to Point Protocol a) After the reboot your login screen should appear. Next to login type "root" b) The "Password:" prompt will appear, enter the password you chose above in section 4 step v. c) You will now need to download the ppp-2.3.8 source files. I get them from ftp://cs.anu.edu.au/pub/software/ppp/ppp-2.3.8.tar.gz Note: you must get the tar.gz version NOT the RPM. d) Go to the directory where you downloaded ppp-2.3.8.tar.gz and type "cp ppp-2.3.8.tar.gz /usr/src/linux" e) Type "cd /usr/src/linux" f) Type "tar xvzf ppp-2.3.8.tar.gz" g) Now, you will need to obtain the SSLeay-0.6.6b files. I get them from ftp://ftp.psy.uq.oz.au/ Note: the previous address is not the complete URL as I was not able to connect at the time I made this document. Note: once again you will need to get the tar.gz version NOT the rpm. h) Go to the directory where you downloaded SSLeay-0.6.6b.tar.gz and type "cp SSLeay-0.6.6b.tar.gz ~/root" i) Type "cd ~/root" j) Type "tar xvzf SSLeay-0.6.6b.tar.gz" k) Type "cd ~/SSLeay-0.6.6b/crypto/rc4" l) Type "cp rc4.h /usr/src/linux/ppp-2.3.8/linux" m) Type "cp rc4_enc.c /usr/src/linux/ppp-2.3.8/linux" n) Now you will need to obtain the ppp patch ppp-2.3.8-mppe-others-norc4_TH7.diff.gz. I get it from http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff. gz o) Go to whatever directory you downloaded the patch to and type "cp ppp-2.3.8-mppe-others-norc4_TH7.diff.gz /usr/src/linux/ppp-2.3.8" p) Type "cd /usr/src/linux/ppp-2.3.8" q) Type "patch -p1 < ppp-2.3.8-mppe-others-norc4_TH7.diff.gz" r) Type "./configure" s) Type "cd /usr/src/linux/ppp-2.3.8/linux" t) Type "./kinstall.sh" u) Type "cp * /usr/src/linux/drivers/net" v) You will be prompted several times about overwriting files, overwrite ALL files. w) Type "cd .." x) Type "make" y) Type "cat pppd/pppd > /sbin/pppd" z) Type "cd /usr/src/linux" aa) Type "make modules SUBDIRS=drivers/net" bb) Type "make modules_install" cc) Type "insmod slhc" dd) Type "insmod ppp" ee) Type "insmod bsd_comp" ff) Type "insmod ppp_deflate" gg) Type "insmod ppp_mppe" 7) Setup and Configure Networking a) Note: I am assuming that you are using Plug and Play Ethernet adapters here. b) type "linuxconf" c) An information screen will appear, hit "tab" until "quit" is highlighted then hit "enter". d) The "Linuxconf" window should now appear. Use your arrow keys to scroll down to "Basic host information" then hit "enter". e) Your first device should already be set up. Use your arrow keys to scroll down to "Adaptor 2" and make the following changes. 1) Scroll to "Enabled" and hit "space" 2) Next to "Primary name + domain" enter the Internet name and Internet domain of your compute in the form name.domain.com. 3) Next to "IP address" enter your Internet IP address. 4) Next to "Netmask (opt)" enter your Internet netmask. 5) Next to "Net device" type "eth1" Note: this assumes you use Ethernet to connect to the Internet. 6) Next to "Kernel module" type the driver name for your Ethernet card. Note: for a 3c905b the driver name is 3c59x. 7) Hit "Tab" until the "Accept" button is highlighted, then hit "Enter" 8) Hit "Tab" until the "Quit" button is highlighted then hit "Enter" 9) The "Status of the system" window should appear, hit "tab" until "Quit" is highlighted then hit "Enter" 10) You should now be able to ping the internal computers and the Internet. If you can't, try switching adapter 1 to eth1 and adapter2 to eth0 8) Install Poptop a) You will need to obtain the latest version of poptop. I get them from http://www.moretonbay.com/vpn/releases/pptpd-0.9.9-1.i386.rpm Note: I believe this is the only site where this file is available. Note: Here you will want to get the RPM. b) Go to the directory in which you placed the pptpd rpm and type "cp pptpd-0.9.9-1.i386.rpm ~/" c) Type "startx" d) You will probably get a few warnings about logging into Xwindows as root, close these and any other open windows. e) Click the "Paw" Button at the lower left of your screen and scroll up to "System". Scroll over to "GnoRPM" and click. f) The "Gnome RPM" window should appear. Click the "Install" button. g) The "Install" window should now appear. Click the "Add" button. h) The "Add Packages" window should now appear. Under directories double click "../" until the "Directories" section stops changing. Then scroll down in the "Directories" section until you see "root/" i) Double click "root/" j) Under the "Files" section find "pptpd-0.9.9-1.i386.rpm" and click it once to highlight it. k) Click the "Add" button. l) Click the "Close" button. m) The "Install" window should now have the focus. Click the "Install" button. n) Click the "Close" button. o) The "Gnome RPM" window should now have the focus. Click the "Packages" menu item and scroll down and click "Quit". p) Once again click the "Paw" button and choose "Log out". q) The "Really log out?" Window should now appear. Click the "Yes" button. 9) Setup Your Configuration Files a) I am not going to go into how to edit a file here, if you need more information type "man vi" b) Anything that appears in <> is meant for you to add your own settings to c) Create or edit the etc/ppp/options file so that it looks like this(Without the numbers) 1) lock 2) debug 3) auth 4) name 5) +chap 6) +chapms 7) +chapms-v2 8) mppe-40 9) mppe-stateless 10) netmask 11) ms-wins 12) proxyarp d) Create or edit the etc/ppp/chap-secrets file so that it looks like this (Without the numbers) Note: All VPN users appear twice, once with the domain name and once without. This is so that if they are internal/dialup network users they don't need to do any configuring when they switch 1) * * 2) \\ * * e) Create or edit the etc/pptpd.conf file so that it looks like this(Without the numbers) 1) speed 115200 2) localip 3) remoteip f) edit the /etc/syslog.conf file and add the following line(Without the numbers) 1) daemon.debug /var/log/pptpd.log g) edit the /etc/conf.modules file and add the following lines(Without the numbers) 1) alias ppp-compress-18 ppp_mppe 2) alias ppp-compress-21 slhc 3) alias ppp-compress-24 bsd_comp 4) alias ppp-compress-26 ppp_deflate 10) Setup Firewall Features a) create a new file called /etc/rc.d/init.d/firewall_rules b) type "cd /etc/rc.d/init.d/firewall_rules" c) type "chmod +x firewall_rules" d) edit the "firewall_rules" file such that it looks like the following(Without the numbers)(enter your own information where you see <>) 1) #### SET DEFAULT RULES TO DENY 2) /sbin/ipchains -P input DENY 3) /sbin/ipchains -P forward DENY 4) #### ALLOW ALL PORTS ON THE INTERNAL INTERFACE 5) ipchains -A input -s /24 -j ACCEPT 6) ipchains -A forward -s /24 -j ACCEPT 7) #### ALLOW AND FORWARD INCOMING VPN PACKETS 8) ipchains -A input -p tcp -d 1723 -j ACCEPT 9) ipchains -A input -p 47 -d -j ACCEPT 10) ipchains -A forward -p tcp -d 1723 -j ACCEPT 11) ipchains -A forward -p tcp -s 1723 -j ACCEPT 13) ipchains -A forward -p 47 -d -j ACCEPT 14) ipchains -A forward -p 47 -s -j ACCEPT e) type "startx" f) As usual, close all the windows that Xwindows opens. g) Click the "paw" icon then choose "System" and finally "Control Panel" h) Click the "Stop Light" icon at the very top of the "Control Panel" i) The "SYSV Runlevel Manager" window should appear. Under available, single click to highlight "firewall_rules" j) Click the "Add" button. k) A new window should appear, in this window Push in the button next to "Start firewall_rules" l) Under "in runlevel:" push in button "3". m) Click the "Done" button. n) The "Where" window should now appear. Click into the box beneath "The Number for firewall_rules is:" and type "98" o) Click the "Done" button. p) The "SYSV Runlevel Manager" window should now have the focus. Click the "File" menu item and choose "Quit" q) Once again click the "Paw" button and choose "Log out". r) The "Really log out?" Window should now appear. Click the "Yes" button. 11) Reboot and Connect a) type "shutdown -r now" b) When the system comes back on-line you will be ready to roll with your VPN. c) Setup your clients. Note: you will need to download a patch from Microsoft for windows95 and windows98 in order to use Data Encryption. From jcaspen at ittc.ukans.edu Wed Aug 11 19:02:44 1999 From: jcaspen at ittc.ukans.edu (Carlos Castro Pena) Date: Wed Aug 11 19:02:44 1999 Subject: [pptp-server] Problems to connect w/ Encryption Message-ID: <37B20F1B.983F28A1@ittc.ukans.edu> I am trying to connect w/ encryption enabled, but I get the following error: Aug 11 18:34:19 xxx pptpd[428]: MGR: Manager process started No free connection slots or IPs available - no more clients can connect! Aug 11 18:43:53 xxxx pptpd[428]: MGR: No free connection slots or IPs - no more clients can connect! Aug 11 18:43:53 xxxx pptpd[436]: CTRL: Client a.b.c.d control connection started /usr/sbin/pppd: The remote system is required to authenticate itself but I /usr/sbin/pppd: couldn't find any suitable secret (password) for it to use to do so. Aug 11 18:43:54 xxxx pptpd[436]: CTRL: Starting call (launching pppd, opening GRE) Aug 11 18:43:54 xxxx pptpd[436]: GRE: read(fd=5,buffer=804cffc,len=8196) from PTY failed: status = -1 error = Input/output error Aug 11 18:43:54 xxxx pptpd[436]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Aug 11 18:43:54 xxxx pptpd[436]: CTRL: Client a.b.c.d control connection finished Aug 11 18:43:54 xxxx pppd[437]: The remote system is required to authenticate itself but I Aug 11 18:43:54 xxxx pppd[437]: couldn't find any suitable secret (password) for it to use to do so. POPTOP: ------ /etc/ppp/options: lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/ppp/chap-secret # Secrets for authentication using CHAP # client server secret IP addresses xxxxxxxx server xxxxxxxx * /etc/pptpd.conf speed 115200 localip 10.0.2.22 remoteip 10.0.2.30 lsmod (ppp is compiled in the kernel): Module Size Used by ppp_mppe 10432 0 (unused) ppp_deflate 38460 0 (unused) bsd_comp 3456 0 (unused) /user/sbin/pptpd: was generated from kernel 2.3.8 + patch + rc4 files from SSLeay 0.6.6b Execution script: sudo arp --set 10.0.2.22 aa:bb:cc:dd:ee:ff pub sudo ../pptpd-0.9.11/pptpd Client: ---- I will put my pptp 1.0.2 client configuration . I get the same error as listed before with the Windows 98 clients. Both clients worked without problems with PoPTop with no encryption. I installed pppd here as in the PoPtop server (patched w/ rc4) The linux client says : (unknown)[391]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection established. (unknown)[391]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. /usr/sbin/pppd: The remote system (xxxxxxxx) is required to authenticate itself but I /usr/sbin/pppd: couldn't find any suitable secret (password) for it to use to do so. (unknown)[391]: log[pptp_read_some:pptp_ctrl.c:368]: read error: Broken pipe The Windows client says that I was disconnected. /etc/ppp/options: lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/ppp/chap-screts: # client server secret IP addresses xxxxxxxx server xxxxxxxx * Execution script: sudo ../pptp-linux-1.0.2/pptp hostname name xxxxxxxx remotename xxxxxxxx The name and remotename user here are the same as the ones defined in the chap-secrets file of PoPTop Any suggestion? From toktar at per.com.br Wed Aug 11 22:15:17 1999 From: toktar at per.com.br (Emir Toktar) Date: Wed Aug 11 22:15:17 1999 Subject: [pptp-server] Problems to connect w/ Encryption References: <37B20F1B.983F28A1@ittc.ukans.edu> Message-ID: <012501bee46f$a3894e20$010010ac@crypto.net> I'm not sure , but isn't it necessary put in /etc/ppp/options: ... name servername_vpn .... // same in /etc/ppp/chap-secret > # client server secret IP addresses ..... servername_vpn ....... Emir Toktar ----- Original Message ----- From: Carlos Castro Pena To: Sent: Wednesday, August 11, 1999 9:02 PM Subject: [pptp-server] Problems to connect w/ Encryption > I am trying to connect w/ encryption enabled, but I get the following > error: > > Aug 11 18:34:19 xxx pptpd[428]: MGR: Manager process started > No free connection slots or IPs available - no more clients can connect! > > Aug 11 18:43:53 xxxx pptpd[428]: MGR: No free connection slots or IPs - > no more clients can connect! > Aug 11 18:43:53 xxxx pptpd[436]: CTRL: Client a.b.c.d control connection > started > /usr/sbin/pppd: The remote system is required to authenticate itself but > I > /usr/sbin/pppd: couldn't find any suitable secret (password) for it to > use to do so. > Aug 11 18:43:54 xxxx pptpd[436]: CTRL: Starting call (launching pppd, > opening GRE) > Aug 11 18:43:54 xxxx pptpd[436]: GRE: read(fd=5,buffer=804cffc,len=8196) > from PTY failed: status = -1 error = Input/output error > Aug 11 18:43:54 xxxx pptpd[436]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Aug 11 18:43:54 xxxx pptpd[436]: CTRL: Client a.b.c.d control > connection finished > Aug 11 18:43:54 xxxx pppd[437]: The remote system is required to > authenticate itself but I > Aug 11 18:43:54 xxxx pppd[437]: couldn't find any suitable secret > (password) for it to use to do so. > > > POPTOP: > ------ > > /etc/ppp/options: > > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > /etc/ppp/chap-secret > > # Secrets for authentication using CHAP > # client server secret IP addresses > xxxxxxxx server xxxxxxxx * > > /etc/pptpd.conf > > speed 115200 > localip 10.0.2.22 > remoteip 10.0.2.30 > > lsmod (ppp is compiled in the kernel): > > Module Size Used by > ppp_mppe 10432 0 (unused) > ppp_deflate 38460 0 (unused) > bsd_comp 3456 0 (unused) > > /user/sbin/pptpd: was generated from kernel 2.3.8 + patch + rc4 files > from SSLeay 0.6.6b > > > Execution script: > > sudo arp --set 10.0.2.22 aa:bb:cc:dd:ee:ff pub > sudo ../pptpd-0.9.11/pptpd > > > Client: > ---- > I will put my pptp 1.0.2 client configuration . I get the same error as > listed before with the Windows 98 clients. Both clients worked without > problems with PoPTop with no encryption. > I installed pppd here as in the PoPtop server (patched w/ rc4) > > The linux client says : > > (unknown)[391]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client > connection established. > (unknown)[391]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing > call established. > > /usr/sbin/pppd: The remote system (xxxxxxxx) is required to authenticate > itself but I > /usr/sbin/pppd: couldn't find any suitable secret (password) for it to > use to do so. > (unknown)[391]: log[pptp_read_some:pptp_ctrl.c:368]: read error: Broken > pipe > > The Windows client says that I was disconnected. > > /etc/ppp/options: > > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > /etc/ppp/chap-screts: > > # client server secret IP addresses > xxxxxxxx server xxxxxxxx * > > > Execution script: > > sudo ../pptp-linux-1.0.2/pptp hostname name xxxxxxxx remotename xxxxxxxx > > The name and remotename user here are the same as the ones defined in > the chap-secrets file of PoPTop > > > Any suggestion? > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From toktar at per.com.br Wed Aug 11 22:21:00 1999 From: toktar at per.com.br (Emir Toktar) Date: Wed Aug 11 22:21:00 1999 Subject: [pptp-server] Problem untar the diff patche for secure pptp References: <37AF5495.A94E7114@ittc.ukans.edu> <008901bee46c$319f0aa0$010010ac@crypto.net> <37B23728.5488C751@ittc.ukans.edu> Message-ID: <013001bee470$74caf240$010010ac@crypto.net> Do you try edit the /etc/conf.modules file and add the following lines, [sugest Michael Walter] alias ppp-compress-18 ppp_mppe alias ppp-compress-21 slhc alias ppp-compress-24 bsd_comp alias ppp-compress-26 ppp_deflate I'll try tomorrow because now I'going to sleep.. (it's 00:20 AM - Brazil) Emir Toktar ----- Original Message ----- From: Carlos Castro Pena To: Emir Toktar Sent: Wednesday, August 11, 1999 11:53 PM Subject: Re: [pptp-server] Problem untar the diff patche for secure pptp > > I have any problems too with ppp_mppe, mainly with this command : > > > > # insmod ppp_mppe ==> my error - no module by that name found. > > > > If you discovery anything I will appreciate. > > I had the same problem, but if I go to /lib/modules/2.2.10/net and execute the > insmod command there, it loads . > > From walterm at Gliatech.com Thu Aug 12 12:10:20 1999 From: walterm at Gliatech.com (Michael Walter) Date: Thu Aug 12 12:10:20 1999 Subject: [pptp-server] Revised Detailed Instruction Set(Word97 Format) Message-ID: Well, apparently my overcaffeinated and under slept state yesterday created a few problems with bost my post and instructions. Here is a new set that reads correctly. Michael J. Walter mcse Gliatech, Inc. walterm at gliatech.com mwalter at drwalter.com <> -------------- next part -------------- A non-text attachment was scrubbed... Name: RedhatPoptop.doc Type: application/msword Size: 57856 bytes Desc: not available URL: From dkelson at inconnect.com Thu Aug 12 12:21:30 1999 From: dkelson at inconnect.com (Dax Kelson) Date: Thu Aug 12 12:21:30 1999 Subject: [pptp-server] Revised Detailed Instruction Set(Word97 Format) In-Reply-To: Message-ID: Text format please? Is there anything to be gained by the Word97 format? From jasonj at uui-alaska.com Thu Aug 12 12:23:30 1999 From: jasonj at uui-alaska.com (Jason Jeremias) Date: Thu Aug 12 12:23:30 1999 Subject: [pptp-server] Revised Detailed Instruction Set(Word97 Format) References: Message-ID: <37B3036F.24047165@uui-alaska.com> Um, being a Linux User I tend not to run MS Office. Could you repost this in text. Michael Walter wrote: > Well, apparently my overcaffeinated and under slept state yesterday created > a few problems with bost my post and instructions. Here is a new set that > reads correctly. > > Michael J. Walter mcse > Gliatech, Inc. > walterm at gliatech.com > mwalter at drwalter.com > <> > > ------------------------------------------------------------------------ > Name: RedhatPoptop.doc > RedhatPoptop.doc Type: Microsoft Word Document (application/msword) > Encoding: base64 > Download Status: Not downloaded with message -- "First they ignore you, then they laugh at you, then they fight you, then you win". -Ghandi -------------- next part -------------- An HTML attachment was scrubbed... URL: From Tim.Beacham at LifePointHospitals.com Thu Aug 12 12:36:11 1999 From: Tim.Beacham at LifePointHospitals.com (Beacham Tim P) Date: Thu Aug 12 12:36:11 1999 Subject: [pptp-server] Revised Detailed Instruction Set(Word97 Format) Message-ID: <413E5FCC63D9D111956600805F31383201B87CE0@nasex01.columbia.net> Doesn't Star Office read Word97 format? Personally I like this format, its easier to read when printed. My 2 cents worth. > -----Original Message----- > From: Dax Kelson [SMTP:dkelson at inconnect.com] > Sent: Thursday, August 12, 1999 1:21 PM > To: Michael Walter > Cc: 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] Revised Detailed Instruction Set(Word97 > Format) > > > Text format please? Is there anything to be gained by the Word97 format? > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From walterm at Gliatech.com Thu Aug 12 14:03:35 1999 From: walterm at Gliatech.com (Michael Walter) Date: Thu Aug 12 14:03:35 1999 Subject: [pptp-server] Extended Instructions-HTML Message-ID: Hello again all, Took a bit longer than a half an hour(Word does not convert to HTML nicely) and I am sure that I have made a few mistakes(Had to basically re-format the whole thing) so let me know if you see anything that needs changed. Cheers, Michael J. Walter mcse Gliatech, Inc. walterm at gliatech.com mwalter at drwalter.com <> -------------- next part -------------- An HTML attachment was scrubbed... URL: From allanc at sco.com Thu Aug 12 15:24:52 1999 From: allanc at sco.com (Allan Clark) Date: Thu Aug 12 15:24:52 1999 Subject: [pptp-server] Extended Instructions-HTML References: Message-ID: <37B32A5B.9C6228EE@sco.com> Thanks for the effort, Michael. Although it's almost a given that poptop client are MSoft, hence *probably* have MSOffice, par of the soapbox *I* stand on to promote PopTop is "Microsoft is a closed-system Cathedral, PopTop is worth the assets you've already sunken into Redmond". (or something like that). Should the next poptop RPM include your instructions (ie as /usr/doc/pptpd-0.9.11/R...html) ? Anyone have comments whether this is helpful? How does the procedure change for RH52? at all? Again, thanks for making your document readable to us all. Much appreciated. Nice to see an MCSE stamp beside it at all; lends credibility to your procedure. Allan Michael Walter wrote: > Hello again all, > Took a bit longer than a half an hour(Word does not convert to HTML nicely) > and I am sure that I have made a few mistakes(Had to basically re-format the > whole thing) so let me know if you see anything that needs changed. From matthewr at moreton.com.au Thu Aug 12 18:29:29 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu Aug 12 18:29:29 1999 Subject: [pptp-server] Extended Instructions-HTML References: Message-ID: <99081309235002.13491@gibberling.moreton.com.au> Hi Michael, I'll add you RedHat-HOWTO to the existing PoPToP HOWTO/FAQ on the web page (http://www.moretonbay.com/vpn/releases/HOWTO-PoPToP.txt). Cheers, Matt On Fri, 13 Aug 1999, Michael Walter wrote: > >%_Hello again all, > Took a bit longer than a half an hour(Word does not convert to HTML nicely) > and I am sure that I have made a few mistakes(Had to basically re-format the > whole thing) so let me know if you see anything that needs changed. > Cheers, > > Michael J. Walter mcse > Gliatech, Inc. > walterm at gliatech.com > mwalter at drwalter.com > <> > ---------------------------------------- Content-Type: text/html; name="RedhatPoptopHOWTO.html" Content-Transfer-Encoding: quoted-printable Content-Description: ---------------------------------------- -- Matthew Ramsay From jcaspen at ittc.ukans.edu Thu Aug 12 19:28:49 1999 From: jcaspen at ittc.ukans.edu (Carlos Javier Castro Pena) Date: Thu Aug 12 19:28:49 1999 Subject: [pptp-server] Problems to connect w/ Encryption References: Message-ID: <37B3659E.D03BF01A@ittc.ukans.edu> This is the problem. Thank you! > It looks like the problem is in your secrets file, try : > > > Note: the only change from your existing secrets is changing line 3 from > xxxxxxxx server xxxxxxxx * to xxxxxxxx * xxxxxxxx * From dkelson at inconnect.com Thu Aug 12 20:50:47 1999 From: dkelson at inconnect.com (Dax Kelson) Date: Thu Aug 12 20:50:47 1999 Subject: [pptp-server] Extended Instructions-HTML In-Reply-To: Message-ID: Comments on your HOWTO Under VIII) C should be changed to type "rpm -Uvh ~/pptpd-0.9.9-1.i386.rpm" delete D through Q Under X) typo in B) should be "cd /etc/rc.d/init.d/" Under D) We need to add two lines at the top of the file # chkconfig: 2345 98 98 # description: Setup the firewall Those two lines will be 1) and 2) and there will be 16 lines total. E) should be changed to "chkconfig --add firewall_rules" Delete F through R Under XI) Supply a URL in C) Dax Kelson RedHat Certified Engineer From EMIR.TOKTAR at bra.xerox.com Thu Aug 12 21:55:56 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Thu Aug 12 21:55:56 1999 Subject: [pptp-server] Help Compiling with RC4 Message-ID: <51E5E026247AD2118CDD0008C74CC2DD3418D5@bra0070ms1.bra.xerox.com> David, My PoPTop it was fine until I update MSCHAP / MPPE... Notation: +=============================== | my observation and question... +=============================== This is cut out of the poptop howto/faq.. Grab yourself a clean copy of the PPP deamon version 2.3.8 (ppp-2.3.8). I usually go here for my PPP files: ftp://cs.anu.edu.au/pub/software/ppp/ +======================================================== |PPP : ftp://cs.anu.edu.au/pub/software/ppp/ |ppp-2.3.8.tar.gz |ppp-2.3.8-patch1 | |1) It?s necessary applly this patch?? | +======================================================== Grab yourself the MSCHAP/MPPE diff files and the RC4 files +======================================================== |I achieved from : | |MSCHAP/MPPE :http://www.moretonbay.com/vpn/releases/ |ppp-2.3.8-mppe-others-norc4_TH7.diff | |RC4 files : ftp://ftp.psy.uq.oz.au/pub/Crypto/OpenSSL/ |[bin]openssl-0.9.1.c.tar.gz |[txt]openssl-0.9.1c.tar.gz.md5 | |gunzip openssl-0.9.1.c.tar.gz |../crypto/rc4/ | rc4.h | rc4_enc.c | rc4_locl.h | rc4_skey.c | ... | It?s OK!!! +======================================================== |i.e: |.diff file is a patch. Apply it with the 'patch' command. |You may need to read the manual page on patch but the main important |option is the '-p' option which may be needed (eg, -p1 to strip one |path component off filenames). | |A typical patch application is something like | cd some-distribution | gzip -dc ../some-patch.gz | patch -p1 |but this varies based on the specific patches. | |-----Original Message----- |From: David Luyer [mailto:luyer at ucs.uwa.edu.au] |Sent: Wednesday, July 07, 1999 9:34 AM +========================================================= Follow these instructions: Note: [] are example commands to run * extract the archive to your local file system [tar zxvf ppp-2.3.8.tgz]. * copy the MSCHAP/MPPE diff file to ppp-2.3.8/ * copy the RC4 files (rc4.h and rc4_enc.c) to ppp-2.3.8/linux/ +======================================================== |Basically, you need more than just rc4.h and rc4_enc.c from openssl. | 1. copy rc4.h, rc4_enc.c rc4_locl.h, rc4_skey.c to both | .../ppp-2.3.8/linux/ | and | /usr/src/linux/drivers/net/ | | 2. edit both "ppp_mppe.c" files and add the following line at the end | of the set of #include lines at the top of the file... | #include "rc4_skey.c" | | ... the rest of the standard instructions are fine. | | Also, you might want to execute a "depmod -a" to update the dependencies. | |-----Original Message----- |From: Marcus Lee [mailto:marclee at mgmt.utoronto.ca] |Sent: Sunday, July 25, 1999 6:05 PM | | | 2)I make this procedure (copy rc*.* to /linux/ and /net/, it?s OK? | | | 3)"depmod -a" on root? What is this? I didn?t saw to happen nothing!! | | +======================================================== * [cd ppp-2.3.8] * extract the diff file [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] +======================================================== | this file is not gzip in http://www.moretonbay.com/vpn/releases/ +======================================================== * patch the diff [patch -p1 < ppp-2.3.8-mppe-others-norc4_TH7.diff] * [./configure] * [cd linux] * [./kinstall.sh] * [cd ..] * [make] * make a backup of your pppd if your so inclined * copy the new pppd over the old one [cat pppd/pppd > `which pppd`] * [cd /usr/src/linux] * [make modules SUBDIRS=drivers/net] * [make modules_install] * [rmmod ppp] +======================================================== | My problem... ppp don?t load in kernel. | I did a mistake anyware!! Which was it? Can you help me? +======================================================== * [insmod ppp] * [insmod ppp_mppe] Emir Toktar emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br From walterm at Gliatech.com Fri Aug 13 14:06:48 1999 From: walterm at Gliatech.com (Michael Walter) Date: Fri Aug 13 14:06:48 1999 Subject: [pptp-server] Detailed Directions and Redhat 5.2 Message-ID: A few of you have sent me mail inquiring about the instructions I posted and redhat 5.2 After much research, and several builds, it is apparent that there are significant differences between the install of poptop on redhat 5.2 versus 6.0 I will be re-writing the detailed instructions to cover 5.2 but it will take a while. For now though, I would only use the detailed instructions as a last resort for information on redhat 5.2 installs. I will also be updating the instructions with the information provided by Dax Kelson(Thanks Dax, especially for the RPM install stuff) If anyone has further suggestions for changes to the instructions please let me know. Also Matt, the HOWTO looks great, wish i had it when I worked through this the first time. Michael J. Walter mcse Gliatech, Inc. walterm at gliatech.com mwalter at drwalter.com From jcaspen at ittc.ukans.edu Fri Aug 13 14:36:28 1999 From: jcaspen at ittc.ukans.edu (Carlos Castro Pena) Date: Fri Aug 13 14:36:28 1999 Subject: [Fwd: [pptp-server] Detailed Instruction Set] Message-ID: <37B473B2.1A92A2C9@ittc.ukans.edu> -------------- next part -------------- An embedded message was scrubbed... From: Michael Walter Subject: RE: [pptp-server] Detailed Instruction Set Date: Fri, 13 Aug 1999 15:30:04 -0400 Size: 1886 URL: From jcaspen at ittc.ukans.edu Fri Aug 13 14:39:48 1999 From: jcaspen at ittc.ukans.edu (Carlos Castro Pena) Date: Fri Aug 13 14:39:48 1999 Subject: [pptp-server] Detailed Instruction Set References: Message-ID: <37B4747E.904C7E93@ittc.ukans.edu> I didn't find anything about forcing a secure connection. I was assuming that if mppe-?? was specified in the ppp options, the client and the server would try to establish an encrypted connection. The draft also says that if an encrypted connection can't be established, the connection is aborted (it doesn't fall back to 'clean text') > Looks that way, i'll kill that line. Does anyone know if there is a way to > force the client to have an encrypted connection? I seem to recall seeing a > require option in this newsgroup before... > From jcaspen at ittc.ukans.edu Fri Aug 13 14:45:03 1999 From: jcaspen at ittc.ukans.edu (Carlos Castro Pena) Date: Fri Aug 13 14:45:03 1999 Subject: [pptp-server] Detailed Instruction Set References: Message-ID: <37B471C2.AF812F82@ittc.ukans.edu> In your instructions you said: > 8) mppe-40 > 9) mppe-stateless > a) Note: I believe you will want to remove this line after testing to require mppe-40(I believe it is the more secure of the two) The mppe draft says: "If the 'H' bit is set (corresponding to a value of 0x01 in the most significant octet), this indicates that the sender wishes to negotiate the use of stateless mode, in which the session key is changed after the transmission of each packet " Doesn't it mean that session keys are changed more often and the connection should be more secure against sniffers? I have been doing some performance tests and it seems that the impact of stateless connection in performance is very small. From walterm at Gliatech.com Fri Aug 13 14:48:38 1999 From: walterm at Gliatech.com (Michael Walter) Date: Fri Aug 13 14:48:38 1999 Subject: [pptp-server] Require Encryption Message-ID: If you un-check require encryption on the win98 client you can still connect to the vpn and browse. The pptpd.log file gives a message about the client disabling encryption but does not prevent the connection. Michael J. Walter mcse Gliatech, Inc. walterm at gliatech.com mwalter at drwalter.com From jcaspen at ittc.ukans.edu Fri Aug 13 14:55:09 1999 From: jcaspen at ittc.ukans.edu (Carlos Javier Castro Pena) Date: Fri Aug 13 14:55:09 1999 Subject: [pptp-server] Require Encryption References: Message-ID: <37B47801.9C3C1CC1@ittc.ukans.edu> Your're right. I had a confusion. If the client and server try to do encrypted connection and something fails (during handshake?), the connection should not be established. Michael Walter wrote: > If you un-check require encryption on the win98 client you can still connect > to the vpn and browse. The pptpd.log file gives a message about the client > disabling encryption but does not prevent the connection. > > Michael J. Walter mcse > Gliatech, Inc. > walterm at gliatech.com > mwalter at drwalter.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From Russell.Dill at asu.edu Sat Aug 14 13:14:43 1999 From: Russell.Dill at asu.edu (Russell.Dill at asu.edu) Date: Sat Aug 14 13:14:43 1999 Subject: [pptp-server] seperate configs for seperate accounts Message-ID: I know its easy for me to say, because I'll probably end up doing 0 of the coding but..... If you are allowing various vpn clients to connect, it occasionally becomes neccesary to have different pptp.conf's for the different clients (ie, allowing access to different subnets, routing to a different subnet upon connection instead of proxyaring the remote IP onto the current subnet, etc). It seems that the way to do this (I haven't looked at the pppd or pptpd, so chances are, there is a better way) would be to make sections in the pptpd.conf file. Each section would contain the standard pptpd.conf options, along with a user name and a ppp directory. The ppp directory would be a the directory that ppp looks for everything in (options, ip-up, chap-secrets, etc). This would probably neccesitate patching pppd....but there are other reasons to patch ppp (Saw something in the mailing list reguarding having ppp strip the domain name from the login). I guess I will look into the code a bit myself since this functionality is important to me, but I have no clue reguarding the ppp and pptpd source Russ Dill russell.dill at asu.edu From macleajb at Trademart-1.EDnet.NS.CA Sun Aug 15 14:50:31 1999 From: macleajb at Trademart-1.EDnet.NS.CA (James B. MacLean) Date: Sun Aug 15 14:50:31 1999 Subject: [pptp-server] Kernel Freeze Message-ID: Hi Folks, I have had an SMP machine freeze with the trace attached. Though everyone might enjoy it :). Cheers, JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 -------------- next part -------------- WARNING: This version of ksymoops is obsolete. WARNING: The current version can be obtained from ftp://ftp.ocs.com.au/pub/ksymoops Options used: -V (default) -o /lib/modules/2.2.11/ (default) -k /proc/ksyms (default) -l /proc/modules (default) -m /boot/System.map (specified) -c 1 (default) Aug 15 10:31:45 linux kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000070 Aug 15 10:31:45 linux kernel: current->tss.cr3 = 009d9000, %cr3 = 009d9000 Aug 15 10:31:45 linux kernel: *pde = 00000000 Aug 15 10:31:45 linux kernel: Oops: 0002 Aug 15 10:31:45 linux kernel: CPU: 1 Aug 15 10:31:45 linux kernel: EIP: 0010:[] Aug 15 10:31:45 linux kernel: EFLAGS: 00010286 Aug 15 10:31:45 linux kernel: eax: 00000080 ebx: 000000c7 ecx: c7400400 edx: 00000000 Aug 15 10:31:45 linux kernel: esi: c740065f edi: c7400448 ebp: c7400448 esp: c1acdeb8 Aug 15 10:31:45 linux kernel: ds: 0018 es: 0018 ss: 0018 Aug 15 10:31:45 linux kernel: Process pptpctrl (pid: 17181, process nr: 39, stackpage=c1acd000) Aug 15 10:31:45 linux kernel: Stack: c5466000 00000000 ffffc7f2 00000016 c7400448 00000000 c2f5c500 c740072a Aug 15 10:31:45 linux kernel: 0000002f c88a0ed4 c7400400 c7400400 c5466000 c5456000 c1acdf8c c88a0aeb Aug 15 10:31:45 linux kernel: c7400400 c5466000 c5456000 c01c653a c5466000 00000000 00000000 c01bdf7e Aug 15 10:31:45 linux kernel: Call Trace: [] [] [pty_unthrottle+38/72] [check_unthrottle+42/48] [read_chan+1526/1808] [do_select+529/572] [tty_read+176/208] >>EIP: c88a11fe Trace: c88a0ed4 Trace: c88a0aeb Aug 15 10:31:45 linux kernel: Code: f0 ff 4a 70 0f 94 c0 84 c0 74 09 52 e8 b1 8c 8c f7 83 c4 04 Code: c88a11fe 00000000 <_EIP>: <=== Code: c88a11fe 0: f0 ff 4a 70 lock decl 0x70(%edx) <=== Code: c88a1202 4: 0f 94 c0 sete %l Code: c88a1205 7: 84 c0 testb %al,%al Code: c88a1207 9: 74 09 je c88a1212 Code: c88a1209 b: 52 pushl %edx Code: c88a120a c: e8 b1 8c 8c f7 call c0169ec0 <__kfree_skb+0/a8> Code: c88a120f 11: 83 c4 04 addl $0x4,%esp 4 warnings issued. Results may not be reliable. From matthewr at moreton.com.au Sun Aug 15 21:14:28 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Sun Aug 15 21:14:28 1999 Subject: [pptp-server] v0.9.12 released Message-ID: <99081612084000.00857@gibberling.moreton.com.au> Hiya all, PoPToP v0.9.12 has been released. Grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html -- PoPToP Development Team. From case at clight.fr Mon Aug 16 03:17:22 1999 From: case at clight.fr (Laurent 'case' Mahieux) Date: Mon Aug 16 03:17:22 1999 Subject: [pptp-server] More: LCP ConfRequest failing (A hint?) In-Reply-To: <001e01beddcd$2c159a40$011c0fc0@lala.net> Message-ID: Hi, sorry for the delay, lotta work ;) On Tue, 3 Aug 1999, tmk wrote: > The error you list means that the pptp control connection was successful, > but the GRE (generic routing encapsulation - proto 47) did not connect. As > such, ppp has nowhere to send it's LCP requests and it can't get any > response to them. > > Usually the problem is running behind a NAT (aka masq) system, without the > appropriate kernel mod or ip forwarding set up. The other possible problem Well, the NAT is a Cisco PIX, and it's working OK. What is not working (I traced the problem to this) is that I'm not getting thru the Cisco router to the Internet. The router has a simple config, allowing basic services, and denying eveything else. > is that the other end (client's ISP) doesn't support protocol 47, and they > refuse to route it to their subnet. This will squelch any possibility for > running pptp :) Yup, I can see that. However, I can change config on both end. The question is what do I need to change. Has someone knowledge of what to allow on a cisco 2500 (and I gather on any cisco router)? > I'm not exactly sure why NAT systems don't work, but i think it's because > GRE isn't really TCP, it's an independant protocol, and as such it probably > isn't recognized by ipchains or ipfwadm as something it can work with. That would probably be true on a linux system. The new set of 'ip' commands might however solve this. I haven't looked at this yet, so I wouldn't know. > ideas/comments? send them to the list Just did ;) > > BTW, I'm not on the list, so if you intend me to read an answer, plz CC > me. > > > > Problem basically looks like this on server: > > Aug 3 14:06:28 finet0 pppd[8743]: sent [LCP ConfReq id=0x1 > ] > > Aug 3 14:06:55 finet0 last message repeated 9 times > > Aug 3 14:06:58 finet0 pptpd[8742]: GRE: > read(fd=4,buffer=804cffc,len=8196) from PTY failed: status = -1 error = > Input/output error > > Aug 3 14:06:58 finet0 pptpd[8742]: CTRL: PTY read or GRE write failed > > I traced this to going thru a firewall (two actually). > > > > I went from the follownig setup: Ugly ASCII. I'll try and do better: Linux --- Cisco PIX --- Cisco Router --/Internet/-- Cisco Router --- Linux doing NAT Firewalling Firewalling OK, this setup fails miserably. What I tried is that: Linux --- Cisco PIX --- 3Com RAS 1500 --- Linux doing NAT providing dial-in access This works, so the fault is in my Cisco router acces-list configuration. It also shows that NAT does not break the setup if properly done. Excessive filtering on the router/firewall does ;) I don't have time right now, but will investigate the acces-list config and mail any answer I can find. Thanks for the quick answer; apologies for my late answer. Regards, Laurent. +------------------------------------------------------+----------------+ |case at clight.net URL http://spring.clight.fr/~case/ | ** GO LINUX ** | +------------------------------------------------------+----------------+ | Life's not fair | My opinions | | But the root password helps | are my very own| +------------------------------------------------------+----------------+ From jkm at tbred.com Mon Aug 16 07:15:20 1999 From: jkm at tbred.com (Jim McConnell) Date: Mon Aug 16 07:15:20 1999 Subject: [pptp-server] Strong authentication? Message-ID: <007001bee7e1$88fa3770$84a7bec6@tsinj.tbred.com> Hello all; First let me say thanks to all the people on this mailing list. I've lurked for a while, and from simply keeping up with the list, I've been able to get PoPToP running on a RH 6.0 system... One of the things that I require for my VPN is some sort of strong authentication. I find a hardware token is often the best solution. My question is simply this: is it possible to use a hardware token with ppp-2.3.8 & pptpd-0.9.x? It seems that ppp comes with PAM support, which is extremely helpful, but that it is still lacking. Specifically, I'm trying to accomplish the following: Setup RH 6.0 with PoPToP, and have ppp authenticate to a RADIUS server. This particular RADIUS server is a version of the Livingston RADIUS server, with custom mods from CryptoCard. The custom RADIUS server will then pass the auth request to another piece of CryptoCard software, which will actually perform the authentication. Status (pass/fail) is then returned to the RADIUS server, which is returned to PPP, which is finally returned to the client. Has any work been done in this area that would be helpful? Any ideas on which way to go? Unfortunately, I'm not a C programmer, or I'd take it upon myself to make this work. I have looked into PAM support for RADIUS. It appears however, that the current PAM module only supports accounting features. So, I suppose that's my plea for help... :) Jim -- Jim McConnell (jkm at tbred.com) Network Administrator From dax at gurulabs.com Mon Aug 16 09:23:27 1999 From: dax at gurulabs.com (Dax Kelson) Date: Mon Aug 16 09:23:27 1999 Subject: [pptp-server] More: LCP ConfRequest failing (A hint?) In-Reply-To: Message-ID: Laurent 'case' Mahieux said once upon a time (Fri, 13 Aug 1999): > This works, so the fault is in my Cisco router acces-list configuration. > It also shows that NAT does not break the setup if properly done. Excessive > filtering on the router/firewall does ;) Yes, this is likely the culprit. A common beginner's mistake it to allow some tcp, some upd, and maybe some icmp (blocking icmp completely is a *big* mistake). Turn off your access-list temporarily, I'm sure it will work then. If you like, post your access-lists, and either myself of someone else should be able to quickly correct it for you. Dax Kelson Guru Labs, L.C. From mspieth at telserve.com Mon Aug 16 10:15:37 1999 From: mspieth at telserve.com (Mark Spieth) Date: Mon Aug 16 10:15:37 1999 Subject: [pptp-server] vpn routing In-Reply-To: Message-ID: I followed the instrucions on the howto, and can properly get authenticated to the VPN box, however I cannot get past the vpn box. Heres my network info. /etc/pptpd.conf speed 115200 localip 10.0.51.100-111 remoteip 10.0.51.112-150 Here is the ipchains script.. #### SET DEFAULT RULES TO DENY /sbin/ipchains -P input DENY /sbin/ipchains -P forward DENY #### ALLOW ALL PORTS ON THE INTERNAL INTERFACE ipchains -A input -s 0.0.0.0/16 -j ACCEPT ipchains -A input -s 10.0.0.0/16 -j ACCEPT ipchains -A forward -s 10.0.0.0/16 -j ACCEPT #### ALLOW AND FORWARD INCOMING VPN PACKETS ipchains -A input -p tcp -d 206.183.25.175 1723 -j ACCEPT ipchains -A input -p 47 -d 206.183.25.175 -j ACCEPT ipchains -A forward -p tcp -d 206.183.25.175 1723 -j ACCEPT ipchains -A forward -p tcp -s 206.183.25.175 1723 -j ACCEPT ipchains -A forward -p 47 -d 206.183.25.175 -j ACCEPT ipchains -A forward -p 47 -s 206.183.25.175 -j ACCEPT Obviously eth0 is 206.183.25.175 eth1 is 10.0.51.5 From macleajb at Trademart-1.EDnet.NS.CA Mon Aug 16 10:56:17 1999 From: macleajb at Trademart-1.EDnet.NS.CA (James B. MacLean) Date: Mon Aug 16 10:56:17 1999 Subject: [pptp-server] PPPD stalling on 2.2.11 + tcp patches In-Reply-To: Message-ID: Hi Folks, Alan Cox directed me to patches for the 2.2.11 kernel re the abend I posted yesterday. Today I am testing again and the pppd link on my 2.2.11+patches box stalls. pings get from my host to the pptpd host and the pptpd host puts the reply back on ppp0 (according to tcpdump). But it never reaches back to my side. All other traffic from the pptpd host comes to an almost complete stop :(. Traffic to the host seems to travel ok. On a 2.0.37 host it all cruises right along with basically the same config files. Anyone else getting same, or suggest where I can check, or who I should ask? :) thnxs, JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From phil at vibrationresearch.com Mon Aug 16 11:25:18 1999 From: phil at vibrationresearch.com (Philip Van Baren) Date: Mon Aug 16 11:25:18 1999 Subject: [pptp-server] PPPD stalling on 2.2.11 + tcp patches In-Reply-To: Message-ID: <000101bee804$42babc80$2801a8c0@bud.ameritech.net> James, You might try change the value for the packet receive window size. In version 0.9.4 this was 2, in 0.9.5 through 0.9.9 it was 1, and in 0.9.10 and above it echoes back the same value as the other side uses. In my setup I found that using 1 results in significantly reduced performance, 2 through 8 work ok, and values higher than 8 result in flooding of the network, lots of lost packets, and poor performance. I would recommend changing the pckt_recv_size setting in ctrlpacket.c to 4 and then recompiling: ---- ctrlpacket.c ------------ /* lets match their window size for now... was htons(PKT_RECV_WINDOW_SIZE) */ out_call_rply.pckt_recv_size = htons(4); /*was: out_call_rqst->pckt_recv_size;*/ ------------------------ Phil > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of James B. > MacLean > Sent: Monday, August 16, 1999 11:56 AM > To: pptp-server at lists.schulte.org > Cc: Alan.Cox at linux.org > Subject: [pptp-server] PPPD stalling on 2.2.11 + tcp patches > > > Hi Folks, > > Alan Cox directed me to patches for the 2.2.11 kernel re the abend I > posted yesterday. > > Today I am testing again and the pppd link on my 2.2.11+patches box > stalls. > > pings get from my host to the pptpd host and the pptpd host puts the reply > back on ppp0 (according to tcpdump). But it never reaches back to my side. > > All other traffic from the pptpd host comes to an almost complete stop > :(. Traffic to the host seems to travel ok. > > On a 2.0.37 host it all cruises right along with basically the same config > files. > > Anyone else getting same, or suggest where I can check, or who I should > ask? :) > > thnxs, > JES > -- > James B. MacLean macleajb at ednet.ns.ca > Department of Education http://www.ednet.ns.ca/~macleajb > Nova Scotia, Canada > B3M 4B2 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From macleajb at Trademart-1.EDnet.NS.CA Mon Aug 16 12:01:24 1999 From: macleajb at Trademart-1.EDnet.NS.CA (James B. MacLean) Date: Mon Aug 16 12:01:24 1999 Subject: Tested: [pptp-server] PPPD stalling on 2.2.11 + tcp patches In-Reply-To: <000101bee804$42babc80$2801a8c0@bud.ameritech.net> Message-ID: On Mon, 16 Aug 1999, Philip Van Baren wrote: > James, > You might try change the value for the packet receive window size. In > version 0.9.4 this was 2, in 0.9.5 through 0.9.9 it was 1, and in 0.9.10 and > above it echoes back the same value as the other side uses. > ---- ctrlpacket.c ------------ > /* lets match their window size for now... was > htons(PKT_RECV_WINDOW_SIZE) > */ > out_call_rply.pckt_recv_size = htons(4); /*was: > out_call_rqst->pckt_recv_size;*/ > ------------------------ > Phil Hi Phil, Thanks for the response. I tried your suggestion, but it is still failing in the same way. Enclosed I have attached 2 tcpdumps. One on the pptpd side and one on the client side. The end of the logs is where the traffic died :(. thanks again, JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 -------------- next part -------------- 13:44:36.622791 10.227.52.6.10777 > 142.227.51.1.www: S 516020089:516020089(0) win 512 13:44:36.625011 142.227.51.1.www > 10.227.52.6.10777: S 4126267905:4126267905(0) ack 516020090 win 16060 13:44:36.626877 10.227.52.6.10777 > 142.227.51.1.www: . ack 1 win 32120 (DF) 13:44:36.633717 10.227.52.6.10777 > 142.227.51.1.www: P 1:121(120) ack 1 win 32120 (DF) 13:44:36.675888 142.227.51.1.www > 10.227.52.6.10777: . 1:1461(1460) ack 121 win 16060 13:44:36.677216 142.227.51.1.www > 10.227.52.6.10777: . 1461:2921(1460) ack 121 win 16060 13:44:36.678466 142.227.51.1.www > 10.227.52.6.10777: . 2921:4381(1460) ack 121 win 16060 13:44:36.688361 10.227.52.6.10777 > 142.227.51.1.www: . ack 1 win 32120 (DF) 13:44:36.947406 10.227.52.6.10777 > 142.227.51.1.www: . ack 1 win 32120 (DF) 13:44:38.170961 142.227.51.1.www > 10.227.52.6.10777: . 1:1461(1460) ack 121 win 16060 13:44:38.437330 10.227.52.6.10777 > 142.227.51.1.www: . ack 1461 win 30660 (DF) 13:44:38.439907 142.227.51.1.www > 10.227.52.6.10777: . 1461:2921(1460) ack 121 win 16060 13:44:38.441203 142.227.51.1.www > 10.227.52.6.10777: . 2921:4381(1460) ack 121 win 16060 13:44:38.452130 10.227.52.6.10777 > 142.227.51.1.www: . ack 4381 win 30660 (DF) 13:44:38.454673 142.227.51.1.www > 10.227.52.6.10777: . 4381:5841(1460) ack 121 win 16060 13:44:38.455957 142.227.51.1.www > 10.227.52.6.10777: . 5841:7301(1460) ack 121 win 16060 13:44:38.457253 142.227.51.1.www > 10.227.52.6.10777: . 7301:8761(1460) ack 121 win 16060 13:44:38.467285 10.227.52.6.10777 > 142.227.51.1.www: . ack 7301 win 32120 (DF) 13:44:38.469856 142.227.51.1.www > 10.227.52.6.10777: . 8761:10221(1460) ack 121 win 16060 13:44:38.471132 142.227.51.1.www > 10.227.52.6.10777: . 10221:11681(1460) ack 121 win 16060 13:44:39.674948 142.227.51.1.www > 10.227.52.6.10777: . 7301:8761(1460) ack 121 win 16060 13:44:42.715040 142.227.51.1.www > 10.227.52.6.10777: . 7301:8761(1460) ack 121 win 16060 13:44:43.337101 10.227.52.6.10775 > 142.227.51.1.www: F 1896691214:1896691214(0) ack 4103303651 win 32120 13:44:43.337981 142.227.51.1.www > 10.227.52.6.10775: . ack 1 win 16060 -------------- next part -------------- 13:56:30.079400 10.227.52.6.10777 > Trademart-1.EDnet.NS.CA.http: S 516020089:516020089(0) win 512 13:56:30.079400 Trademart-1.EDnet.NS.CA.http > 10.227.52.6.10777: S 4126267905:4126267905(0) ack 516020090 win 16060 13:56:30.079400 10.227.52.6.10777 > Trademart-1.EDnet.NS.CA.http: . ack 1 win 32120 (DF) 13:56:30.089400 10.227.52.6.10777 > Trademart-1.EDnet.NS.CA.http: P 1:121(120) ack 1 win 32120 (DF) 13:56:30.149400 Trademart-1.EDnet.NS.CA.http > 10.227.52.6.10777: . 2921:4381(1460) ack 121 win 16060 13:56:30.149400 10.227.52.6.10777 > Trademart-1.EDnet.NS.CA.http: . ack 1 win 32120 (DF) 13:56:30.409400 10.227.52.6.10777 > Trademart-1.EDnet.NS.CA.http: . ack 1 win 32120 (DF) 13:56:31.639400 Trademart-1.EDnet.NS.CA.http > 10.227.52.6.10777: . 1:1461(1460) ack 121 win 16060 13:56:31.899400 10.227.52.6.10777 > Trademart-1.EDnet.NS.CA.http: . ack 1461 win 30660 (DF) 13:56:31.909400 Trademart-1.EDnet.NS.CA.http > 10.227.52.6.10777: . 1461:2921(1460) ack 121 win 16060 13:56:31.909400 Trademart-1.EDnet.NS.CA.http > 10.227.52.6.10777: . 2921:4381(1460) ack 121 win 16060 13:56:31.909400 10.227.52.6.10777 > Trademart-1.EDnet.NS.CA.http: . ack 4381 win 30660 (DF) 13:56:31.919400 Trademart-1.EDnet.NS.CA.http > 10.227.52.6.10777: . 4381:5841(1460) ack 121 win 16060 13:56:31.919400 Trademart-1.EDnet.NS.CA.http > 10.227.52.6.10777: . 5841:7301(1460) ack 121 win 16060 13:56:31.929400 10.227.52.6.10777 > Trademart-1.EDnet.NS.CA.http: . ack 7301 win 32120 (DF) 13:56:36.799400 10.227.52.6.10775 > Trademart-1.EDnet.NS.CA.http: F 1896691214:1896691214(0) ack 4103303651 win 32120 From jclark at xnet.com Mon Aug 16 13:58:23 1999 From: jclark at xnet.com (Jeff Clark) Date: Mon Aug 16 13:58:23 1999 Subject: [pptp-server] Authentication problem? Message-ID: I'm assuming this is a ppp authentication problem. The client is Windows 2000 Professional. I've turned off software compression and ip header compression. Here is the log of a session: Aug 16 13:46:51 junk pptpd[16168]: MGR: Manager process started Aug 16 13:50:00 junk pptpd[16173]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Aug 16 13:50:00 junk pptpd[16173]: CTRL: local address = Aug 16 13:50:00 junk pptpd[16173]: CTRL: remote address = Aug 16 13:50:00 junk pptpd[16173]: CTRL: pppd speed = 115200 Aug 16 13:50:00 junk pptpd[16173]: CTRL: Client 198.147.221.163 control connection started Aug 16 13:50:00 junk pptpd[16173]: CTRL: Received PPTP Control Message (type: 1) Aug 16 13:50:00 junk pptpd[16173]: CTRL: Made a START CTRL CONN RPLY packet Aug 16 13:50:00 junk pptpd[16173]: CTRL: I wrote 156 bytes to the client. Aug 16 13:50:00 junk pptpd[16173]: CTRL: Sent packet to client Aug 16 13:50:03 junk pptpd[16173]: CTRL: Received PPTP Control Message (type: 7) Aug 16 13:50:03 junk pptpd[16173]: CTRL: Set parameters to 1525 maxbps, 64 window size Aug 16 13:50:03 junk pptpd[16173]: CTRL: Made a OUT CALL RPLY packet Aug 16 13:50:03 junk pptpd[16173]: CTRL: Starting call (launching pppd, opening GRE) Aug 16 13:50:03 junk pptpd[16173]: CTRL: pty_fd = 4 Aug 16 13:50:03 junk pptpd[16173]: CTRL: tty_fd = 5 Aug 16 13:50:03 junk pptpd[16173]: CTRL: I wrote 32 bytes to the client. Aug 16 13:50:03 junk pptpd[16173]: CTRL: Sent packet to client Aug 16 13:50:03 junk pptpd[16174]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 16 13:50:03 junk pptpd[16174]: CTRL (PPPD Launcher): local address = 129.186.203.26 Aug 16 13:50:03 junk pptpd[16174]: CTRL (PPPD Launcher): remote address = 192.168.203.30 Aug 16 13:50:03 junk pptpd[16173]: CTRL: Received PPTP Control Message (type: 15) Aug 16 13:50:03 junk pptpd[16173]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 16 13:50:03 junk pppd[16174]: pppd 2.3.8 started by root, uid 0 Aug 16 13:50:03 junk pppd[16174]: Using interface ppp0 Aug 16 13:50:03 junk pppd[16174]: Connect: ppp0 <--> /dev/pts/0 Aug 16 13:50:03 junk pppd[16174]: sent [LCP ConfReq id=0x1 ] Aug 16 13:50:03 junk pptpd[16173]: GRE: Discarding duplicate packet Aug 16 13:50:05 junk pppd[16174]: rcvd [LCP ConfReq id=0x1 ] Aug 16 13:50:05 junk pppd[16174]: sent [LCP ConfAck id=0x1 ] Aug 16 13:50:06 junk pppd[16174]: sent [LCP ConfReq id=0x1 ] Aug 16 13:50:08 junk pppd[16174]: rcvd [LCP ConfReq id=0x2 ] Aug 16 13:50:08 junk pppd[16174]: sent [LCP ConfAck id=0x2 ] Aug 16 13:50:09 junk pppd[16174]: sent [LCP ConfReq id=0x1 ] Aug 16 13:50:12 junk pppd[16174]: sent [LCP ConfReq id=0x1 ] Aug 16 13:50:12 junk pppd[16174]: rcvd [LCP ConfReq id=0x3 ] Aug 16 13:50:12 junk pppd[16174]: sent [LCP ConfAck id=0x3 ] Aug 16 13:50:15 junk pppd[16174]: sent [LCP ConfReq id=0x1 ] Aug 16 13:50:16 junk pppd[16174]: rcvd [LCP ConfReq id=0x4 ] Aug 16 13:50:16 junk pppd[16174]: sent [LCP ConfAck id=0x4 ] Aug 16 13:50:18 junk pppd[16174]: sent [LCP ConfReq id=0x1 ] Aug 16 13:50:20 junk pppd[16174]: rcvd [LCP ConfReq id=0x5 ] Aug 16 13:50:20 junk pppd[16174]: sent [LCP ConfAck id=0x5 ] Aug 16 13:50:21 junk pppd[16174]: sent [LCP ConfReq id=0x1 ] Aug 16 13:50:24 junk pppd[16174]: sent [LCP ConfReq id=0x1 ] Aug 16 13:50:24 junk pppd[16174]: rcvd [LCP ConfReq id=0x6 ] Aug 16 13:50:24 junk pppd[16174]: sent [LCP ConfAck id=0x6 ] Aug 16 13:50:27 junk pppd[16174]: sent [LCP ConfReq id=0x1 ] Aug 16 13:50:28 junk pppd[16174]: rcvd [LCP ConfReq id=0x7 ] Aug 16 13:50:28 junk pppd[16174]: sent [LCP ConfAck id=0x7 ] Aug 16 13:50:30 junk pppd[16174]: sent [LCP ConfReq id=0x1 ] Aug 16 13:50:32 junk pppd[16174]: rcvd [LCP ConfReq id=0x8 ] Aug 16 13:50:32 junk pppd[16174]: sent [LCP ConfAck id=0x8 ] Aug 16 13:50:33 junk pptpd[16168]: MGR: Reaped child 16173 Aug 16 13:50:33 junk pptpd[16173]: GRE: read(fd=4,buffer=804d5a0,len=8196) from PTY failed: status = -1 error = Input/output error Aug 16 13:50:33 junk pptpd[16173]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Aug 16 13:50:33 junk pptpd[16173]: CTRL: Client 198.147.221.163 control connection finished Aug 16 13:50:33 junk pptpd[16173]: CTRL: Exiting now Aug 16 13:50:33 junk pppd[16174]: LCP: timeout sending Config-Requests Aug 16 13:50:33 junk pppd[16174]: Connection terminated. Aug 16 13:50:33 junk pppd[16174]: Exit. /etc/ppp/options: lock name junk debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp - Any ideas? Thanks - Jeff Clark XNet Information Systems "All Routes Lead Here" From jcaspen at ittc.ukans.edu Mon Aug 16 16:32:42 1999 From: jcaspen at ittc.ukans.edu (Carlos Javier Castro Pena) Date: Mon Aug 16 16:32:42 1999 Subject: [pptp-server] 128 bit encryption Message-ID: <37B8836F.1B0CDB0@ittc.ukans.edu> I couldn't connect with 128 bit encryption. I installed mpee and the MS patch in the client and the server. There is no problem with 40 bit encryption. What can be the reason? Can it be that the rc4 libraries from SSLeay 0.6.6 didn't include this support? I tried w/ pptp 1.0.2 client, and I had the same problem. I noticed that with this program the server didn't say that 40 bit encryption was enabled, but I think that it was working, because the memory usage augmented and the transference speed diminished. From walterm at Gliatech.com Mon Aug 16 16:55:24 1999 From: walterm at Gliatech.com (Michael Walter) Date: Mon Aug 16 16:55:24 1999 Subject: [pptp-server] Win98 Second Edition 128 bit DUN Message-ID: I am not sure if this is your problem or not Carlos, I haven't worked with 128 bit stuff at all yet. Basically, there is no 128bit encryption support for win98 second edition. However, it is good to know either way... http://support.microsoft.com/support/kb/articles/q237/4/19.asp Michael J. Walter mcse Gliatech, Inc. walterm at gliatech.com mwalter at drwalter.com From walterm at Gliatech.com Mon Aug 16 17:04:45 1999 From: walterm at Gliatech.com (Michael Walter) Date: Mon Aug 16 17:04:45 1999 Subject: [pptp-server] Redhat 5.2 Message-ID: Hello All, Well the redhat 5.2 detailed instruction set is almost complete. I am testing them as I write them as well so they should be pretty thorough. I am running into a problem that I was hoping someone might have an answer to. The RH 5.2 machine I am testing on is working perfectly, taking encrypted passwords and connections and routing appropriately. There is one small fluke though, I can't seem to keep ppp_mppe installed in the kernel. If i reboot the linux box and try to log on with a client that requires encryption I get the standard encryption not supported message. So I type insmod ppp_mppe and voila everything works perfectly. Problem is if I reboot, I have to do another insmod ppp_mppe. Seems odd because all the other modules remain installed. It isn't a big deal, I can simply add insmod ppp_mppe to the bootup scripts but I would like the installation instructions to be as clean as possible. Does anyone have a method for forcing ppp_mppe or any module to stay loaded???? Aside from that, all that is holding up the 5.2 instructions is the translation of the ipchains firewalling section to ipfwadm. So, with luck the new instructions will post this week. Cheers, Michael J. Walter mcse Gliatech, Inc. walterm at gliatech.com mwalter at drwalter.com From matthewr at moreton.com.au Mon Aug 16 17:58:35 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Aug 16 17:58:35 1999 Subject: [pptp-server] Win98 Second Edition 128 bit DUN References: Message-ID: <99081708521802.07839@gibberling.moreton.com.au> There was a 128 bit patch for windows clients.. but i'm not sure where you'd get it from. -matt On Tue, 17 Aug 1999, Michael Walter wrote: > I am not sure if this is your problem or not Carlos, I haven't worked with > 128 bit stuff at all yet. Basically, there is no 128bit encryption support > for win98 second edition. However, it is good to know either way... > > > http://support.microsoft.com/support/kb/articles/q237/4/19.asp > > > Michael J. Walter mcse > Gliatech, Inc. > walterm at gliatech.com > mwalter at drwalter.com > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- Matthew Ramsay From jclark at xnet.com Mon Aug 16 20:13:02 1999 From: jclark at xnet.com (Jeff Clark) Date: Mon Aug 16 20:13:02 1999 Subject: [pptp-server] Win98 Second Edition 128 bit DUN In-Reply-To: <99081708521802.07839@gibberling.moreton.com.au> Message-ID: Actually, if you follow the link below you can get to the 128 bit DUN for other windows clients besides Win98 SE. On Tue, 17 Aug 1999, Matthew Ramsay wrote: > There was a 128 bit patch for windows clients.. but i'm not sure where you'd > get it from. > -matt > > On Tue, 17 Aug 1999, Michael Walter wrote: > > I am not sure if this is your problem or not Carlos, I haven't worked with > > 128 bit stuff at all yet. Basically, there is no 128bit encryption support > > for win98 second edition. However, it is good to know either way... > > > > > > http://support.microsoft.com/support/kb/articles/q237/4/19.asp > > > > > > Michael J. Walter mcse > > Gliatech, Inc. > > walterm at gliatech.com > > mwalter at drwalter.com > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > -- > Matthew Ramsay > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Mon Aug 16 23:59:29 1999 From: tmk at netmagic.net (tmk) Date: Mon Aug 16 23:59:29 1999 Subject: [pptp-server] Win98 Second Edition 128 bit DUN References: Message-ID: <002e01bee86d$e2ccbb60$011c0fc0@lala.net> I have it from one of the pptp programmers at MS that they are working on (nearing completion?) another upgrade for pptp that is all new code.. perhaps we'll see that at the same time as the 128bit upgrade for 98se.. If you NEED the 128 bit, you can always use 98 standard.. Kevin ----- Original Message ----- From: Michael Walter To: Sent: Monday, August 16, 1999 2:52 PM Subject: [pptp-server] Win98 Second Edition 128 bit DUN > I am not sure if this is your problem or not Carlos, I haven't worked with > 128 bit stuff at all yet. Basically, there is no 128bit encryption support > for win98 second edition. However, it is good to know either way... > > > http://support.microsoft.com/support/kb/articles/q237/4/19.asp > > > Michael J. Walter mcse > Gliatech, Inc. > walterm at gliatech.com > mwalter at drwalter.com > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From matthewr at moreton.com.au Tue Aug 17 00:11:50 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Aug 17 00:11:50 1999 Subject: [pptp-server] a future poptop? Message-ID: <99081715061800.09691@gibberling.moreton.com.au> As some of you already know, PoPToP was originally written for Moreton Bay's VPN linux router (which runs on a linux coldfire platform) http://www.moreton.com.au/mbweb/product/nettel/nettel.htm (slipped the link in shamelessly :-) Anyways, one of my original goals was to make PoPToP a client as well as a server so as to do fancy things like PoPToP to PoPToP blowfish encryption.. the reason behind this thinking was that PoPToP would be running on the NETtel and we could control both the client and the server end (assuming 2 nettels). BUT since the main goal was windows compatibility I never implemented this as it would break the protocol.. I've been thinking about this again recently and was wondering if anyone else would be interested in this kind of development. I seem to recall a "vpnd" for linux that may do just this.. I'm not sure? I was wondering if there would be a point to grabbing the existing PPTP client and adding in say blowfish encryption (?) and maybe some authentication stuff and then adding support in PoPToP (obviously in such a way as not to break the windows client support -- still thinking about that).. am I wasting my time? My ultimate goal would be to put this on our NETtel boards to do NETtel to NETtel blowfish VPNs and not have any extra costs for RC4 code. Another idea I was looking into developing (again for our NETtel boards.. and hopefully finding use in the linux community) was a VPN directory service: Say you have a small office that connects to the Net each morning at 8am and disconnects at 5pm.. You get your ip address via dhcp from the isp.. and hence every morning your ip changes.. now say you have a salesman on the road who wants to VPN (with poptop of course :-).. instead of having to ring up the office to find the IP address a VPN directory service online tells him what it is and connects him transparently. that's another thing i'll be looking into hacking together.. unless someone has a better solution? Anyways.. I guess this email is more for letting everyone know my thoughts and directions on future PoPToP and related developments. Cheers, Matt. From jeremyl at hrmc.com.au Tue Aug 17 00:29:22 1999 From: jeremyl at hrmc.com.au (Jeremy Lee) Date: Tue Aug 17 00:29:22 1999 Subject: [pptp-server] Adaptive Directories [Was: a future poptop?] References: <99081715061800.09691@gibberling.moreton.com.au> Message-ID: <37B8F30B.FDFF05E8@hrmc.com.au> Matthew Ramsay wrote: > Another idea I was looking into developing (again for our NETtel boards.. and > hopefully finding use in the linux community) was a VPN directory service: > > Say you have a small office that connects to the Net each morning at 8am and > disconnects at 5pm.. You get your ip address via dhcp from the isp.. and hence > every morning your ip changes.. now say you have a salesman on the road who > wants to VPN (with poptop of course :-).. instead of having to ring up the > office to find the IP address a VPN directory service online tells him what > it is and connects him transparently. > > that's another thing i'll be looking into hacking together.. unless someone has > a better solution? I'd been thinking something similar. A few friends and myself have home LANs which masqerade through a linux/bsd box which dials our ISP. We've got all-you-can-surf accounts, (ie. We're on-line 24/7/365. Thank you, The Hub! :-) but of course the numbers are handed out dynamically, so once a day (generally) our IP address changes. It would be good to run web servers and other sevices from our home machines... very much the same as what you're looking for. The solution I came up with (but haven't implemented) is just to use good 'ol DNS, hacked a little. You need at least one machine with a permanent IP address running a DNS server which is friendly to you. (Fortunately, I run the DNS at work.) When your temporary IP number is allocated, you contact the DNS server, (through a remote secure shell script or special client) update your current IP address, and refresh. As long as the zone timeout is low (say, 2 minutes) then you'll generally have the latest info. O'course, DNS isn't really meant to do this. You milage may vary depending on how your primary DNS caches entries, (whether it overrides the timeouts, etc) but if in doubt, just set the 'friendly' DNS as your primary. All theory. But it sound plausable enough. :-) -- . . . . . . . . . . . . . . . . . . . . . Jeremy Lee | Orinoco "One Crowded Hour of Glorious Life jeremyl at hrmc.com.au Is worth an age without a name." http://i.am/orinoco From Russell.Dill at asu.edu Tue Aug 17 01:29:42 1999 From: Russell.Dill at asu.edu (Russell.Dill at asu.edu) Date: Tue Aug 17 01:29:42 1999 Subject: [pptp-server] a future poptop? In-Reply-To: <99081715061800.09691@gibberling.moreton.com.au> Message-ID: On Tue, 17 Aug 1999, Matthew Ramsay wrote: > As some of you already know, PoPToP was originally written for Moreton Bay's > VPN linux router (which runs on a linux coldfire platform) > http://www.moreton.com.au/mbweb/product/nettel/nettel.htm > (slipped the link in shamelessly :-) > > Anyways, one of my original goals was to make PoPToP a client as well as a > server so as to do fancy things like PoPToP to PoPToP blowfish encryption.. the > reason behind this thinking was that PoPToP would be running on the NETtel and > we could control both the client and the server end (assuming 2 nettels). > BUT since the main goal was windows compatibility I never implemented this as it > would break the protocol.. > > I've been thinking about this again recently and was wondering if anyone else > would be interested in this kind of development. I seem to recall a "vpnd" for > linux that may do just this.. I'm not sure? If its not possible to run pptpd and vpnd, possibly, but I like to see stuff kept small (blowfish as a compile time option?). If you were to do this, you would definately have to seperate the pptpd.conf into sections ala dhcpd.conf....You would also probably have to modify ppp to read the ip-up/down, chap-secrets, etc, from different directories (if its only a user, proxyarp, if its another network, add routes when the link comes up, etc) also it would be nice if the patch including ppp striping the domain name from a win9x user's login > Another idea I was looking into developing (again for our NETtel boards.. and > hopefully finding use in the linux community) was a VPN directory service: > > Say you have a small office that connects to the Net each morning at 8am and > disconnects at 5pm.. You get your ip address via dhcp from the isp.. and hence > every morning your ip changes.. now say you have a salesman on the road who > wants to VPN (with poptop of course :-).. instead of having to ring up the > office to find the IP address a VPN directory service online tells him what > it is and connects him transparently. > > that's another thing i'll be looking into hacking together.. unless someone has > a better solution? you could always send out an email to a list of remote users with the ip in the subject line every time the IP changes. The win9x user connects to the internet, a small utility reads the email headers from their mailbox, and the most recent IP is stuffed into the hosts file. Russ russell.dill at asu.edu From matthewr at moreton.com.au Tue Aug 17 01:52:16 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Aug 17 01:52:16 1999 Subject: [pptp-server] a future poptop? References: Message-ID: <99081716462904.09691@gibberling.moreton.com.au> > If its not possible to run pptpd and vpnd, possibly, but I like to see stuff > kept small (blowfish as a compile time option?). If you were to do this, you > would definately have to seperate the pptpd.conf into sections ala > dhcpd.conf....You would also probably have to modify ppp to read the > ip-up/down, chap-secrets, etc, from different directories (if its only a user, > proxyarp, if its another network, add routes when the link comes up, etc) this would most definitely be a compile option... I (as well as David and the other guys) want PoPToP as small and efficient as possible. I'm actually starting to think twice about it now anyway (I checked out vpnd). PoPToP's advantages lie in its windows compatibility. -matt From paul.boyer at paulboyer.org Tue Aug 17 04:42:15 1999 From: paul.boyer at paulboyer.org (Paul Boyer) Date: Tue Aug 17 04:42:15 1999 Subject: [pptp-server] a future poptop? References: <99081715061800.09691@gibberling.moreton.com.au> Message-ID: <37B93045.573FC76C@paulboyer.org> Matthew Ramsay wrote: > [...] > I've been thinking about this again recently and was wondering if anyone else > would be interested in this kind of development. I seem to recall a "vpnd" for > linux that may do just this.. I'm not sure? VPNd is an option, Free S/WAN is probably a more long lasting one since IPSEC will undoubtly get more and more used as a VPN standard. Also, IPSEC will be part of IPv6 Doing IPSEC allows compatibility with other (commercial or not) IPSEC implementation. As an exemple, you can set up a VPN tunnel between a Free S/WAN linux box and a Cisco VPN router. I am myself planning to work on the integration of PoPToP and Free S/WAN in order to get a running VPN host that can allow some PPTP host to network connection (the remote laptop user you are talking about) and serious IPSEC tunnels for network to network tunnels, or secure-hosts to network links. > > I was wondering if there would be a point to grabbing the existing PPTP > client and adding in say blowfish encryption (?) and maybe some authentication > stuff and then adding support in PoPToP (obviously in such a way as not to > break the windows client support -- still thinking about that).. > > am I wasting my time? I have the feeling PoPToP is a very great help for using the de facto MS standard, PPTP, but _the_ standard will most probably be IPSEC. Since, I would chose to work towards ipsec for the future, while providing compatibility with pptp > > My ultimate goal would be to put this on our NETtel boards to do NETtel to > NETtel blowfish VPNs and not have any extra costs for RC4 code. vpnd allows you to do it. IPSEC, with Free S/Wan allows you to think about Moreton Bay's Nettel talking to 's or even to using blowfish, or other encryption. > > Another idea I was looking into developing (again for our NETtel boards.. and > hopefully finding use in the linux community) was a VPN directory service: > > Say you have a small office that connects to the Net each morning at 8am and > disconnects at 5pm.. You get your ip address via dhcp from the isp.. and hence > every morning your ip changes.. now say you have a salesman on the road who > wants to VPN (with poptop of course :-).. instead of having to ring up the > office to find the IP address a VPN directory service online tells him what > it is and connects him transparently. This is implemented with dynamic-DNS. Some free DNS server offers you the ability to get a DNS resolution changing every time you change your IP. simply set your new IP on the DNS server, use a short time to live for the SOA, and voila. alternatively, you can set it up yourself using any dns software, but you need one box with static IP for the dns. > > that's another thing i'll be looking into hacking together.. unless someone has > a better solution? Better or worse, your mileage may vary. An other option is to implement a kind of server (on a static IP machine, hard to get rid of that one ;-) ) that gives the information to the remote users. DNS is a standard, but you can think of ICQ as a similar thing: a server where everyone register when they connect, so anyone "knows" where to "find" each other. You then rules your own protocol, which can be better, or worse than any other. If you also have other information to pass to the user (such as what is the public key of the VPN server, etc.) you will love to read about DNSSEC which is a similar idea. > > Anyways.. I guess this email is more for letting everyone know my thoughts and > directions on future PoPToP and related developments. > > Cheers, > Matt. hope this helps. Paul From macleajb at Trademart-1.EDnet.NS.CA Tue Aug 17 07:50:55 1999 From: macleajb at Trademart-1.EDnet.NS.CA (James B. MacLean) Date: Tue Aug 17 07:50:55 1999 Subject: [pptp-server] a future poptop? In-Reply-To: <99081715061800.09691@gibberling.moreton.com.au> Message-ID: On Tue, 17 Aug 1999, Matthew Ramsay wrote: > I've been thinking about this again recently and was wondering if anyone else > would be interested in this kind of development. I seem to recall a "vpnd" for > linux that may do just this.. I'm not sure? I have been investigating a _dream_. 200,000 users connect via pptp to separate but local hosts which _always_ give them the same IP (auditing) and no matter where they are in the province, setup a rule bases access list (firewall, routing) that gives them access to the resources they are needing to use. 160,000 students that only want Internet, and 40,000 that need specific, protected information. So no matter where ya go, you are known by your IP :). Local sites connect back to the central site secure and encrypted. Users traffic is secure and encrypted by whatever pptp offers when they connect to their local Linux box. Userids and rulesets exist in either LDAP or an ODBC database (MySQL?). Low bandwidth sites can (are) use the QoS capabilites of Linux to give telnet the upper hand on priority, etc... To connect the routing-boxes around the province you currently have some options : . IPSec - Not ready for Linux 2.2.x kernels which I depend on for QoS. - Open Standard and scales well. - Takes over existing IP, so no tunnelling of private network. . CIPE - Have not used it yet... VPND - Can use Linux ethertap device, or ppp, or just about anything. - Does _not_ allow multiple connects to one device (as I have tested it) so with a limit of 15 ethertap devices, I could only connect 15 sites :(. . VTUN - Not as malible as above, but works well. . TAPTunnel - Very simple design to connect 2 points. Allows _all_ traffic not just IP. Bug in the encryption makes link run slow :(. . TINCD - Uses ethertap. - Allows _multiple_ clients (sites) to connect back to same local ethertap, creating virtual ethernet. - Only does IP. - Only routes traffic destined to ethertap devices :(. - Not stable enough for me :(. - Great system to keep links up and restart them when they go down. . PPTPD - Uses pppd (so scaling up to approx. 400 sites sounds like I need a bit of horspower at the home site). - Currently my 2.2.11 boxes are having stalling problems with ppp, both over LAN's and just modem links. - Not sure about its restart/linkup/linkdown capabilities So... personally :), I've been leaning towards getting tincd stable for connecting deseparte Linux boxes, and users connect to these boxes using pptpd. But if pptpd can be the cat's meow :), I'm listening. There may also be others, but this was from www.freshmeat.net searching :). > I was wondering if there would be a point to grabbing the existing PPTP > client and adding in say blowfish encryption (?) and maybe some authentication > stuff and then adding support in PoPToP (obviously in such a way as not to > break the windows client support -- still thinking about that).. > am I wasting my time? It would not be a waste of time to me if the solution scaled well, and was dependable for keeping the links live, even when the connecting medium goes up and down :(. > Another idea I was looking into developing (again for our NETtel boards.. and > hopefully finding use in the linux community) was a VPN directory service: I see others' responses with the Dynamic-DNS which seems open and popular. The ICQ idea is also interesting as there is already an ICQ server clone or 2 :). The E-mail idea is OK, but personally would not be as slick as something that would be transparent to the user... SpeakEasy has their server too for finding where people are... > Cheers, > Matt. Just my 2 cents worth. cheers, JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From kurt at skypro.be Tue Aug 17 08:07:55 1999 From: kurt at skypro.be (Kurt Vlaminck) Date: Tue Aug 17 08:07:55 1999 Subject: [pptp-server] GRE protocol - security Message-ID: <4.2.0.58.19990817150810.00cd4220@pop.skypro.be> Hello, I am new to this mailing list so apologise if this questions has already been treated. I saw that you need to open the GRE protocol in both ways (outgoing/incoming) when implementing a PPTP server behind a firewall. Is't this a security issue as you have to open ports into both directions? I need to be sure when opening these ports on the firewall that this protocol on port 47 is completely safe. Pse comments are more than welcome. _____________________________________ | BELGACOM Skynet n.v./s.a. | | Kurt Vlaminck | | Senior Internet Field Engineer | _| Kol. Bourgstraat 124, Evere 1140 | _ / )| tel.+32 2 7060516 - fax. +2 2 7061312 |( \ / / | E-mail: kurt at skypro.be | \ \ ( ( | homepage: http://www.skynet.be | ) ) (((\ \ |_/ )________________________________( \_| / /))) (\\\\ \_/ / \ \_/ ////) \ / \ / \ _/ \_ / / / \ \ From paul.boyer at paulboyer.org Tue Aug 17 12:56:21 1999 From: paul.boyer at paulboyer.org (Paul Boyer) Date: Tue Aug 17 12:56:21 1999 Subject: [pptp-server] GRE protocol - security References: <4.2.0.58.19990817150810.00cd4220@pop.skypro.be> Message-ID: <37B9A42E.E2427098@paulboyer.org> Kurt Vlaminck wrote: > > Hello, > > I am new to this mailing list so apologise if this questions has already > been treated. > > I saw that you need to open the GRE protocol in both ways > (outgoing/incoming) when implementing a PPTP server behind a firewall. Is't > this a security issue as you have to open ports into both directions? Security is what it is all about. Not only it is a "hole" in the firewall policy, but also the VPN host encrypt the connection so that the firewall can not see what it's in. What's more, it is a complete routing protocol that is embeded in it so that internal machines can communicate freely with external machines through this link !!!! The point is what do you want ? The firewall will make sure the GRE connection is only possible from VPN hosts to VPN hosts. This will be enforced by the firewall, and only that. Now, the security of the system is the security of the weakest point in the system, so take a look to the VPN hosts : * the Linux PoPToP server can be made serious about security. It can also be wide open, this depend on your system security settings. Authenticate strongly (strong passwords or tokens), give only the needed rights to users (the VPN can allow/deny connections, the poptop server can limit rights users have on the filesystem), strenghten your system (listen to bugtraq and other vulnerability disclosure lists, apply necessary patches _FAST_, separate your distinct functionnality, don't put a web server on a poptop server !!, etc.) and... _WATCH OUT_ (read, and/or parse yours logs, monitor your machines, your users, your data and your hardware) * The MS-Windows machine can be made reasonably difficult to get into for a beginner, and up to difficult to get into for a medium skilled hacker/cracker. No more ;-( * The user may or may not be able to understand basic security needs and avoid deliberate risky attitude such as run any downloaded software :-[ The conclusion is this one: you open a secure channel in order to give access to your network to machines that...are of little security. The point of entry is not the firewall. Neither is it the poptop server. The entry to your network is your remote user and its weak laptop full of trojans and backdoors. > I need to be sure when opening these ports on the firewall that this > protocol on port 47 is completely safe. > > Pse comments are more than welcome. > [there was a very nice .signature here ;-) ] Paul Boyer From jcaspen at ittc.ukans.edu Tue Aug 17 13:28:52 1999 From: jcaspen at ittc.ukans.edu (Carlos Javier Castro Pena) Date: Tue Aug 17 13:28:52 1999 Subject: [Fwd: [pptp-server] Win98 Second Edition 128 bit DUN] References: <37B8FCFD.C17F913E@iname.com> Message-ID: <37B9A9DB.5CB504E1@ittc.ukans.edu> How do I know if my Win 98 is 2nd Edition? I don't have the cd's / manuals here. I think it is the 1st edition. The error that Win is displaying says that the server does not support the encryption required (in fact, something similar :-). But if I uninstall the 128 bit patch, it works with 40 Bit encryption (no changes in the configuration of poptop). regards, javier "C. Javier Castro Pe?a" wrote: > -------- Original Message -------- > Subject: [pptp-server] Win98 Second Edition 128 bit DUN > Date: Mon, 16 Aug 1999 17:52:50 -0400 > From: Michael Walter > To: "'pptp-server at lists.schulte.org'" > > I am not sure if this is your problem or not Carlos, I haven't worked > with > 128 bit stuff at all yet. Basically, there is no 128bit encryption > support > for win98 second edition. However, it is good to know either way... > > http://support.microsoft.com/support/kb/articles/q237/4/19.asp > > Michael J. Walter mcse > Gliatech, Inc. > walterm at gliatech.com > mwalter at drwalter.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From jcaspen at ittc.ukans.edu Tue Aug 17 13:32:15 1999 From: jcaspen at ittc.ukans.edu (Carlos Javier Castro Pena) Date: Tue Aug 17 13:32:15 1999 Subject: [pptp-server] 128 bit encryption] References: <37B8FCF8.31A15F92@iname.com> Message-ID: <37B9AAA8.FF3179A6@ittc.ukans.edu> Here is the last part of the error I get. The routes are added to the server and client (linux), but ping does not reach the other host. Aug 17 00:46:50 testbed22 pppd[549]: sent [CCP ConfReq id=0x2] Aug 17 00:46:50 testbed22 pppd[549]: rcvd [CCP TermAck id=0x2] Aug 17 00:46:53 testbed22 pppd[549]: sent [CCP ConfReq id=0x2] Aug 17 00:46:53 testbed22 pppd[549]: rcvd [CCP TermAck id=0x2] Aug 17 00:46:56 testbed22 pppd[549]: sent [CCP ConfReq id=0x2] Aug 17 00:46:57 testbed22 pppd[549]: rcvd [CCP TermAck id=0x2] Aug 17 00:47:00 testbed22 pppd[549]: sent [CCP ConfReq id=0x2] Aug 17 00:47:00 testbed22 pppd[549]: rcvd [CCP TermAck id=0x2] Aug 17 00:47:03 testbed22 pppd[549]: sent [CCP ConfReq id=0x2] Aug 17 00:47:03 testbed22 pppd[549]: rcvd [CCP TermAck id=0x2] Aug 17 00:47:06 testbed22 pppd[549]: sent [CCP ConfReq id=0x2] Aug 17 00:47:06 testbed22 pppd[549]: rcvd [CCP TermAck id=0x2] Aug 17 00:47:09 testbed22 pppd[549]: sent [CCP ConfReq id=0x2] Aug 17 00:47:09 testbed22 pppd[549]: rcvd [CCP TermAck id=0x2] Aug 17 00:47:12 testbed22 pppd[549]: sent [CCP ConfReq id=0x2] Aug 17 00:47:12 testbed22 pppd[549]: rcvd [CCP TermAck id=0x2] Aug 17 00:47:15 testbed22 pppd[549]: sent [CCP ConfReq id=0x2] Aug 17 00:47:15 testbed22 pppd[549]: rcvd [CCP TermAck id=0x2] Aug 17 00:47:18 testbed22 pppd[549]: CCP: timeout sending Config-Requests From matthewr at moreton.com.au Tue Aug 17 21:37:44 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Aug 17 21:37:44 1999 Subject: [pptp-server] v0.9.13 released Message-ID: <99081812320401.01860@gibberling.moreton.com.au> PoPToP v0.9.13 has been released! Grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html This release brings all the documentation up to date. In addition to the HOWTO/FAQ there are now 3 man pages (thanks to David): pptpd.8, pptpctrl.8 and pptpd.conf.5. New RPMs will be available soon. -PoPToP development team From matthewr at moreton.com.au Wed Aug 18 19:20:02 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Aug 18 19:20:02 1999 Subject: [pptp-server] poptop directory Message-ID: <99081910142804.09672@gibberling.moreton.com.au> I've been thinking some more on a PoPToP VPN directory service.. Here's my thoughts so far: Since on the windows client end the only options are the IP address of the pptp server a VPN directory service would only operate for 1 pptp server.. I cant think of a way around this without adding in some extra windows client support :-( 3 Machines: machine (A) is a Windows 98 client -- say a telecommuter. machine (B) is a PoPToP server in the office. The company only goes online from 8am-5pm everyday and their IP address for the server changes each day. machine (C) is a PoPToP directory server on the net somewhere with a permanent ip address and connection. Procedure: 1. B goes online at 8am and sends its ip address to C 2. A always makes a pptp connection to C which transparently hooks up machines A and B. Immediate problem with this is that machine C can only handle 1 pptp server (in this case B). Ideally machine C would handle 1000's of A's and B's. Does anyone see a way around this? cheers, matt. From rlankshear at comset.co.uk Thu Aug 19 07:29:13 1999 From: rlankshear at comset.co.uk (Robert Lankshear) Date: Thu Aug 19 07:29:13 1999 Subject: [pptp-server] Error 650 under Windows98 Message-ID: <002567D2.0046BF9E.00@StClare1.comset.co.uk> Greetings, The problem I'm having is as follows: - When connect via Ethernet to the external facing network of my Firewall / PPTP server and connecting via PPTP under Windows98 I can connect, log-on to the domain and work through the tunnel. - When I connect via ISP to the Firewall / PPTP Servers I get the Validating User dialog and then get kicked off with a 650 error message. The log extracts are appended to the bottom. Thanks in advance.. none of the other articles seemed to reflect this situation. Robert J Lankshear LOGS: DEBUG ----- 09:56:50 server pptpd[15063]: MGR: Launching /usr/local/sbin/pptpctrl to handle client 09:56:50 server pptpd[15063]: CTRL: local address = 192.168.1.240 09:56:50 server pptpd[15063]: CTRL: remote address = 192.168.1.248 09:56:50 server pptpd[15063]: CTRL: pppd speed = 115200 09:56:50 server pptpd[15063]: CTRL: Received PPTP Control Message (type: 1) 09:56:50 server pptpd[15063]: CTRL: Made a START CTRL CONN RPLY packet 09:56:50 server pptpd[15063]: CTRL: I wrote 156 bytes to the client. 09:56:50 server pptpd[15063]: CTRL: Sent packet to client 09:56:51 server pptpd[15063]: CTRL: Received PPTP Control Message (type: 7) 09:56:51 server pptpd[15063]: CTRL: Made a OUT CALL RPLY packet 09:56:51 server pptpd[15063]: CTRL: Allocating pty/tty pair 09:56:51 server pptpd[15063]: CTRL: pty_fd = 5 09:56:51 server pptpd[15063]: CTRL: tty_fd = 6 09:56:51 server pptpd[15063]: CTRL: I wrote 32 bytes to the client. 09:56:51 server pptpd[15063]: CTRL: Sent packet to client 09:56:51 server pptpd[15064]: CTRL (PPPD Launcher): Connection speed = 115200 09:56:51 server pptpd[15064]: CTRL (PPPD Launcher): local address = 192.168.1.240 09:56:51 server pptpd[15064]: CTRL (PPPD Launcher): remote address = 192.168.1.248 09:56:51 server pppd[15064]: sent [LCP ConfReq id=0x1 ] 09:57:15 server last message repeated 8 times 09:57:18 server pptpd[15063]: CTRL: Received PPTP Control Message (type: 12) 09:57:18 server pptpd[15040]: MGR: Reaped child 15063 09:57:18 server pptpd[15063]: CTRL: Made a CALL DISCONNECT RPLY packet 09:57:18 server pptpd[15063]: CTRL: Received CALL CLR request (closing call) 09:57:18 server pptpd[15063]: CTRL: I wrote 148 bytes to the client. 09:57:18 server pptpd[15063]: CTRL: Sent packet to client 09:57:18 server pptpd[15063]: CTRL: Exiting now SYSLOG ------ 09:54:55 server pptpd[15043]: GRE: Bad checksum from pppd. 09:54:54 server pppd[15044]: Netmask & Mask are: 0.0.0.0 & 0.0.0.0 09:55:25 server pptpd[15043]: GRE: read(fd=5,buffer=804d0d4,len=8196) from PTY failed: status = -1 error = I/O error 09:55:25 server pptpd[15043]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) 09:56:07 server pptpd[15054]: GRE: Bad checksum from pppd. 09:56:37 server pptpd[15054]: GRE: read(fd=5,buffer=804d0d4,len=8196) from PTY failed: status = -1 error = I/O error 09:56:37 server pptpd[15054]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) 09:56:51 server pptpd[15063]: GRE: Bad checksum from pppd. 09:57:18 server pptpd[15063]: CTRL: Error with select(), quitting MESSAGES -------- 09:56:06 server pptpd[15054]: CTRL: Client w.x.y.z control connection started 09:56:07 server pptpd[15054]: CTRL: Starting call (launching pppd, opening GRE) 09:56:07 server pptpd[15054]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0) 09:56:07 server pppd[15055]: pppd 2.3.8 started by root, uid 0 09:56:07 server pppd[15055]: Using interface ppp0 09:56:07 server pppd[15055]: Connect: ppp0 <--> /dev/ttyp0 09:56:37 server pppd[15055]: Connection terminated. 09:56:37 server pptpd[15054]: CTRL: Client w.x.y.z control connection finished 09:56:37 server pppd[15055]: Exit. 09:56:50 server pptpd[15063]: CTRL: Client w.x.y.z control connection started 09:56:51 server pptpd[15063]: CTRL: Starting call (launching pppd, opening GRE) 09:56:51 server pptpd[15063]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0) 09:56:51 server pppd[15064]: pppd 2.3.8 started by root, uid 0 09:56:51 server pppd[15064]: Using interface ppp0 09:56:51 server pppd[15064]: Connect: ppp0 <--> /dev/ttyp0 09:57:18 server pptpd[15063]: CTRL: Client w.x.y.z control connection finished 09:57:18 server pppd[15064]: Modem hangup 09:57:18 server pppd[15064]: Connection terminated. 09:57:18 server pppd[15064]: Exit. From amiklas at bigfoot.com Thu Aug 19 16:15:07 1999 From: amiklas at bigfoot.com (Andrew Miklas) Date: Thu Aug 19 16:15:07 1999 Subject: [pptp-server] Numerous Questions (IPX and pptpd.conf) Message-ID: <002201beea87$005afc80$0200a8c0@AndrewComputer> Hi all, I have been thoroughly reading up on the archives for this list; however, I may have missed a few posts in which case my questions might be a bit redundant. As well, my first two questions have to do more with routing and pppd than PoPToP. I have successfully got PoPToP to work using TCP, and it correctly attaches the single client to the network. My first question is: Will PoPToP connect two networks together if the "client" computer is a Win98 station. Will the Win98 station require special routing? ie. Win 98 ---------------\ (ppp link) Win 98 ----------------> Linux Machine with PopTop <----------- Win 98 Win 98 ---------------/ This is my current configuration. It seems to work (only TCP though). However, will this work? Win 98 -----\ (ppp) /---------Win 98 Win 98 ------> Linux <-------- Win 98 (1)<----------Win 98 Win 98 -----/ \---------Win 98 Will the computers at the far right be able to see the computers at the far left? Will the computer marked Win 98 (1) require special routing rules before this will go? If so, how can the Win 98 computer be configured to not only route TCP but also IPX data? Next Question: I need IPX to work on this entire system. I have been able to get IPX to work (ie. PPPd assigns the client a IPX Net Address and Node Address. However, the computers on the far left cannot see the computer marked Win 98 (1). I have read that one daemon called ipxd will handle routing between all networks on a system, but I have been unable to find this package. Does anyone know where I can find it? Has anyone been able to set up a ipx network using PoPToP? I have been trying to use ipxping to test the setup but I can't seem to figure out how to use it. (Pretty pathetic, huh :) Next Question: What "device" does PoPToP use to connect with. When configuring PPPd (with a pool of modems), you use files such as "options.ttyS1" to assign IPX addresses to incoming calls. However, with PoPToP, I can't figure out what I should name the files. Currently, I put my IPX configuration info in the "options" file, but this won't allow more than one client to connect. How do I specify a pool of IPX node and IPX addresses to give out to connecting clients? Next Question: What does the speed parameter do? The tunnel (which goes over the INET) uses a high speed connection between the two sites. The Win 98 client reports that it connects at 10 000 000 000 bps (which is correct, as that is supposed to be the through-put of the connection). However, the PoPToP logs indicate that I am only connecting at 115200 bps. Which is the connect speed? If it is only 115200, is it possible to get it to work faster? When I set the speed parameter in the pptpd.conf file to 10000000000, the PoPToP logs tell me it is an invalid parameter. I realize that my IPX question is really vague. Right now, my only way of checking the IPX configuration is to boot up a game of MS Age of Empires on one of the computers on the far left with the machine Win 98 (1). (pretty professional huh :) Here are some of my configuration files / settings ipx_route ============================ [root at CS982790-A net]# cat ipx_route Network Router_Net Router_Node ABCDEF01 Directly Connected 00ABCDEF Directly Connected ifconfig ============================ eth0 Link encap:Ethernet HWaddr 00:E0:29:20:98:F0 inet addr:24.65.45.83 Bcast:24.65.45.255 Mask:255.255.255.0 UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:1740 errors:0 dropped:0 overruns:0 frame:0 TX packets:1061 errors:0 dropped:0 overruns:0 carrier:0 collisions:24 txqueuelen:100 Interrupt:5 Base address:0x250 Memory:c0000-c2000 eth1 Link encap:Ethernet HWaddr 00:40:05:2C:D4:2A inet addr:192.168.0.1 Bcast:192.168.255.255 Mask:255.255.0.0 IPX/Ethernet II addr:00ABCDEF:0040052CD42A UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1506 errors:0 dropped:0 overruns:0 frame:0 TX packets:1818 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0x340 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:293 errors:0 dropped:0 overruns:0 frame:0 TX packets:293 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.0.1 P-t-P:192.168.100.2 Mask:255.255.255.255 IPX/Ethernet II addr:ABCDEF01:000000000003 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:101 errors:0 dropped:0 overruns:0 frame:0 TX packets:33 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 options ===================================== debug name CS982790-A auth require-chap proxyarp ipx ipx-network 0xABCDEF01 ipx-node 3:0 ipxcp-accept-remote pptpd.conf ===================================== speed 115200 debug localip 192.168.0.1 remoteip 192.168.100.1-254 Thanks for any help you can provide, (and for wading through this seemingly endless post!) Andrew Miklas -------------- next part -------------- An HTML attachment was scrubbed... URL: From mals at home.com Thu Aug 19 17:28:38 1999 From: mals at home.com (Malay Shah) Date: Thu Aug 19 17:28:38 1999 Subject: [pptp-server] Numerous Questions (IPX and pptpd.conf) References: <002201beea87$005afc80$0200a8c0@AndrewComputer> Message-ID: <37BC8522.F3CBF06C@home.com> Hi. I've been trying to get the same thing working on my linux machine but I haven't got it working. I have the ipxd package and I can execute it, but for some odd reason it doesn't route ipx packets between the interfaces and I can't figure out why. My setup is very similar to yours but it doesn't work. Any help will be appreciated Malay Shah Andrew Miklas wrote: > Hi all, > > I have been thoroughly reading up on the archives for this list; > however, I > may have missed a few posts in which case my questions might be a bit > redundant. As well, my first two questions have to do more with > routing and > pppd than PoPToP. > > I have successfully got PoPToP to work using TCP, and it correctly > attaches > the single client to the network. > > My first question is: > Will PoPToP connect two networks together if the "client" computer is > a > Win98 station. Will the Win98 station require special routing? > > ie. > > Win 98 ---------------\ (ppp link) > Win 98 ----------------> Linux Machine with PopTop <----------- Win 98 > > Win 98 ---------------/ > > This is my current configuration. It seems to work (only TCP though). > > However, will this work? > > Win 98 -----\ (ppp) /---------Win 98 > Win 98 ------> Linux <-------- Win 98 (1)<----------Win 98 > Win 98 -----/ \---------Win 98 > > Will the computers at the far right be able to see the computers at > the far > left? Will the computer marked Win 98 (1) require special routing > rules > before this will go? If so, how can the Win 98 computer be configured > to > not only route TCP but also IPX data? > > Next Question: > I need IPX to work on this entire system. I have been able to get IPX > to > work (ie. PPPd assigns the client a IPX Net Address and Node Address. > However, the computers on the far left cannot see the computer marked > Win 98 > (1). I have read that one daemon called ipxd will handle routing > between > all networks on a system, but I have been unable to find this > package. Does > anyone know where I can find it? Has anyone been able to set up a ipx > network using PoPToP? I have been trying to use ipxping to test the > setup > but I can't seem to figure out how to use it. (Pretty pathetic, huh > :) > > Next Question: > What "device" does PoPToP use to connect with. When configuring PPPd > (with > a pool of modems), you use files such as "options.ttyS1" to assign IPX > > addresses to incoming calls. However, with PoPToP, I can't figure out > what > I should name the files. Currently, I put my IPX configuration info > in the > "options" file, but this won't allow more than one client to connect. > How > do I specify a pool of IPX node and IPX addresses to give out to > connecting > clients? > > Next Question: > What does the speed parameter do? The tunnel (which goes over the > INET) > uses a high speed connection between the two sites. The Win 98 client > > reports that it connects at 10 000 000 000 bps (which is correct, as > that is > supposed to be the through-put of the connection). However, the > PoPToP logs > indicate that I am only connecting at 115200 bps. Which is the > connect > speed? If it is only 115200, is it possible to get it to work > faster? When > I set the speed parameter in the pptpd.conf file to 10000000000, the > PoPToP > logs tell me it is an invalid parameter. > > I realize that my IPX question is really vague. Right now, my only > way of > checking the IPX configuration is to boot up a game of MS Age of > Empires on > one of the computers on the far left with the machine Win 98 (1). > (pretty > professional huh :) > Here are some of my configuration files / > settings ipx_route============================[root at CS982790-A net]# > cat ipx_route > Network Router_Net Router_Node > ABCDEF01 Directly Connected > 00ABCDEF Directly > Connected ifconfig============================eth0 Link > encap:Ethernet HWaddr 00:E0:29:20:98:F0 > inet addr:24.65.45.83 Bcast:24.65.45.255 > Mask:255.255.255.0 > UP BROADCAST RUNNING MTU:1500 Metric:1 > RX packets:1740 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1061 errors:0 dropped:0 overruns:0 carrier:0 > collisions:24 txqueuelen:100 > Interrupt:5 Base address:0x250 Memory:c0000-c2000 eth1 > Link encap:Ethernet HWaddr 00:40:05:2C:D4:2A > inet addr:192.168.0.1 Bcast:192.168.255.255 > Mask:255.255.0.0 > IPX/Ethernet II addr:00ABCDEF:0040052CD42A > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:1506 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1818 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:11 Base address:0x340 lo Link encap:Local > Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:293 errors:0 dropped:0 overruns:0 frame:0 > TX packets:293 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 ppp0 Link > encap:Point-to-Point Protocol > inet addr:192.168.0.1 P-t-P:192.168.100.2 > Mask:255.255.255.255 > IPX/Ethernet II addr:ABCDEF01:000000000003 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:101 errors:0 dropped:0 overruns:0 frame:0 > TX packets:33 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 > txqueuelen:10 options=====================================debug > name CS982790-A > auth > require-chap > proxyarp > ipx > ipx-network 0xABCDEF01 > ipx-node 3:0 > > pxcp-accept-remote pptpd.conf=====================================speed > 115200 > debug > localip 192.168.0.1 > remoteip 192.168.100.1-254 > > Thanks for any help you can provide, (and for wading through this > seemingly endless post!) > > > > Andrew Miklas > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmk at netmagic.net Thu Aug 19 17:38:54 1999 From: tmk at netmagic.net (tmk) Date: Thu Aug 19 17:38:54 1999 Subject: [pptp-server] Numerous Questions (IPX and pptpd.conf) In-Reply-To: <002201beea87$005afc80$0200a8c0@AndrewComputer> Message-ID: quick answers: can 98 route networks? sort of.. 98SE can, but i think it just masq's it. can ipx be routed? not really. Unless i missed the release of the ipx routing tools, ipx is still client-only in the later versions of linux (2.2.x kernels) there was an ipxroute util for 2.0.x i believe. poptop uses code that returns a free tty, usually ttyS?? on linux machines. Perhaps a better way to do custom configs based on who's calling would be to use the /etc/ppp/ip-up script (gets called whenever a ppp connection starts) and use one of the many bits of info it gives you (local ip, remote ip, ppp device, etc) to set routing info or other conifigurations. See the ppp-howto for more on this. The speed paramater is used by pppd, and is ignored for the most part(i thinkn it might be used with some flow-control settings). I know for sure that windows98 asks pptpd for a 64000 baud connection, but then goes and reports 10 000 000bps, so we can be pretty sure it's ignoring it as well. perhaps a better test for ipx would be to connect using IPX as the only supported protocol, then try to browse to the remote side of the link using windows machines Kevin On Thu, 19 Aug 1999, Andrew Miklas wrote: > Hi all, > > I have been thoroughly reading up on the archives for this list; however, I > may have missed a few posts in which case my questions might be a bit > redundant. As well, my first two questions have to do more with routing and > pppd than PoPToP. > > I have successfully got PoPToP to work using TCP, and it correctly attaches > the single client to the network. > > My first question is: > Will PoPToP connect two networks together if the "client" computer is a > Win98 station. Will the Win98 station require special routing? > > ie. > > Win 98 ---------------\ (ppp link) > Win 98 ----------------> Linux Machine with PopTop <----------- Win 98 > Win 98 ---------------/ > > This is my current configuration. It seems to work (only TCP though). > However, will this work? > > Win 98 -----\ (ppp) /---------Win 98 > Win 98 ------> Linux <-------- Win 98 (1)<----------Win 98 > Win 98 -----/ \---------Win 98 > > Will the computers at the far right be able to see the computers at the far > left? Will the computer marked Win 98 (1) require special routing rules > before this will go? If so, how can the Win 98 computer be configured to > not only route TCP but also IPX data? > > Next Question: > I need IPX to work on this entire system. I have been able to get IPX to > work (ie. PPPd assigns the client a IPX Net Address and Node Address. > However, the computers on the far left cannot see the computer marked Win 98 > (1). I have read that one daemon called ipxd will handle routing between > all networks on a system, but I have been unable to find this package. Does > anyone know where I can find it? Has anyone been able to set up a ipx > network using PoPToP? I have been trying to use ipxping to test the setup > but I can't seem to figure out how to use it. (Pretty pathetic, huh :) > > Next Question: > What "device" does PoPToP use to connect with. When configuring PPPd (with > a pool of modems), you use files such as "options.ttyS1" to assign IPX > addresses to incoming calls. However, with PoPToP, I can't figure out what > I should name the files. Currently, I put my IPX configuration info in the > "options" file, but this won't allow more than one client to connect. How > do I specify a pool of IPX node and IPX addresses to give out to connecting > clients? > > Next Question: > What does the speed parameter do? The tunnel (which goes over the INET) > uses a high speed connection between the two sites. The Win 98 client > reports that it connects at 10 000 000 000 bps (which is correct, as that is > supposed to be the through-put of the connection). However, the PoPToP logs > indicate that I am only connecting at 115200 bps. Which is the connect > speed? If it is only 115200, is it possible to get it to work faster? When > I set the speed parameter in the pptpd.conf file to 10000000000, the PoPToP > logs tell me it is an invalid parameter. > > I realize that my IPX question is really vague. Right now, my only way of > checking the IPX configuration is to boot up a game of MS Age of Empires on > one of the computers on the far left with the machine Win 98 (1). (pretty > professional huh :) > > > > Here are some of my configuration files / settings > > ipx_route > ============================ > [root at CS982790-A net]# cat ipx_route > Network Router_Net Router_Node > ABCDEF01 Directly Connected > 00ABCDEF Directly Connected > > ifconfig > ============================ > eth0 Link encap:Ethernet HWaddr 00:E0:29:20:98:F0 > inet addr:24.65.45.83 Bcast:24.65.45.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MTU:1500 Metric:1 > RX packets:1740 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1061 errors:0 dropped:0 overruns:0 carrier:0 > collisions:24 txqueuelen:100 > Interrupt:5 Base address:0x250 Memory:c0000-c2000 > > eth1 Link encap:Ethernet HWaddr 00:40:05:2C:D4:2A > inet addr:192.168.0.1 Bcast:192.168.255.255 Mask:255.255.0.0 > IPX/Ethernet II addr:00ABCDEF:0040052CD42A > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:1506 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1818 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:11 Base address:0x340 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:293 errors:0 dropped:0 overruns:0 frame:0 > TX packets:293 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > > ppp0 Link encap:Point-to-Point Protocol > inet addr:192.168.0.1 P-t-P:192.168.100.2 Mask:255.255.255.255 > IPX/Ethernet II addr:ABCDEF01:000000000003 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:101 errors:0 dropped:0 overruns:0 frame:0 > TX packets:33 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:10 > > > options > ===================================== > debug > name CS982790-A > auth > require-chap > proxyarp > ipx > ipx-network 0xABCDEF01 > ipx-node 3:0 > ipxcp-accept-remote > > > pptpd.conf > ===================================== > speed 115200 > debug > localip 192.168.0.1 > remoteip 192.168.100.1-254 > > > > Thanks for any help you can provide, (and for wading through this seemingly endless post!) > > > > Andrew Miklas > > > > From jcaspen at ittc.ukans.edu Thu Aug 19 23:00:28 1999 From: jcaspen at ittc.ukans.edu (Carlos Javier Castro Pena) Date: Thu Aug 19 23:00:28 1999 Subject: [pptp-server] Numerous Questions (IPX and pptpd.conf) References: Message-ID: <37BCD2CF.5974E4E5@ittc.ukans.edu> > can ipx be routed? I found this one (but didn't test it): > tipxd is an IPX tunneling daemon which snoops on a local network for IPX 802.3 traffic, packages it and sends it > over one or many TCP/IP connections to tipxd running on remote machines where it is unpacked and sent via the > local network. To the IPX networks, it then appears that the LANs are joined. This is a request for testing and > big-finding. It is intended for playing IPX based games where the remote machines are joined only by a TCP/IP > network, and typically when the the gaming machines are each behind a firewall > From paulo at nlink.com.br Fri Aug 20 07:46:19 1999 From: paulo at nlink.com.br (Paulo Fragoso) Date: Fri Aug 20 07:46:19 1999 Subject: [pptp-server] getsockname error Message-ID: Hi, I'm tring use pptpd-0.9.12 on FreeBSD-3.2-RELEASE. It compile fine, but when It's starting I get this error: # /usr/local/sbin/pptpctrl 0 0 0 0 0 getsockname: Socket operation on non-socket In /etc/services there is this line: pptp 1723/tcp #Point-to-point tunnelling protocol I tried pptpctrl instead pptp but I get same error. What's happening? Can anyone help me? Many Thanks, Paulo. ------ " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! From jase at sensis.com Fri Aug 20 08:24:11 1999 From: jase at sensis.com (Jason Desai) Date: Fri Aug 20 08:24:11 1999 Subject: [pptp-server] Re: Numerous Questions (IPX and pptpd.conf) Message-ID: <1A981F2F45@astro.syr.sensis.com> (Sorry if this has been answered already. I only check the archives every so often.) > I have read that one daemon called > ipxd will handle routing between all networks on a system, but I > have been unable to find this package. Does anyone know where I > can find it? ftp://metalab.unc.edu/pub/Linux/system/filesystems/ncpfs/ipxripd-0.7.tgz > Has anyone been able to set up a ipx network using > PoPToP? Yes. I've been able to log into a Netware server, but it is so slow over a dialup! > Next Question: > What "device" does PoPToP use to connect with. When configuring PPPd > (with a pool of modems), you use files such as "options.ttyS1" to assign > IPX addresses to incoming calls. However, with PoPToP, I can't figure > out what I should name the files. Currently, I put my IPX configuration > info in the "options" file, but this won't allow more than one client to > connect. How do I specify a pool of IPX node and IPX addresses to give > out to connecting clients? On my debian box, the ppp with PoPToP connections are made on device /dev/ttypX. So, I set up IPX specific configuration in files named options.ttyp0, options.ttyp1, ... options.ttypf. If you look in your log file, you should see which device is being used for the ppp connection. Hope this helps. If you reply to this, please cc me too, as I'm not subscribed to this list. Thanks. Jason From paulo at nlink.com.br Fri Aug 20 09:15:21 1999 From: paulo at nlink.com.br (Paulo Fragoso) Date: Fri Aug 20 09:15:21 1999 Subject: [pptp-server] pptpd-0.9.13 Message-ID: Hi, I changed to pptpd-0.9.13 and started pptpd from prompt, it's working, but when I connect from Windows 95 client, my pptpd logs this mensage: pptpd[6180]: CTRL: PPTP Control Message type 9 not supported. pptpd[6180]: CTRL: Got a reply to a packet we didn't send Did I do any mistakes? Paulo. ------ " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! From nick at advance.com Fri Aug 20 11:16:20 1999 From: nick at advance.com (Nick White) Date: Fri Aug 20 11:16:20 1999 Subject: [pptp-server] GRE Message-ID: I'm unclear on what networking options I need to compile with my Linux 2.2.11 kernel to use pptp. Do I need GRE and IP tunneling? I'm using ppp-2.3.8 with the appropriate patches. Here's my log when trying to connect with a Win95 machine: Thanks in advance, Nick ------------------------------------------------------------- Nick White UNIX Systems Engineer Landmark Graphics From nick at advance.com Fri Aug 20 11:22:00 1999 From: nick at advance.com (Nick White) Date: Fri Aug 20 11:22:00 1999 Subject: [pptp-server] GRE In-Reply-To: Message-ID: I decided to skip the log part, but didn't get it edited out of my first message. Oops. Disregard it. _____________________________________________________________________ nick white landmark graphics corporation On Fri, 20 Aug 1999, Nick White wrote: | |I'm unclear on what networking options I need to compile with my Linux |2.2.11 kernel to use pptp. Do I need GRE and IP tunneling? | |I'm using ppp-2.3.8 with the appropriate patches. Here's my log when |trying to connect with a Win95 machine: | |Thanks in advance, |Nick | |------------------------------------------------------------- |Nick White |UNIX Systems Engineer |Landmark Graphics | | |_______________________________________________ |pptp-server maillist - pptp-server at lists.schulte.org |http://lists.schulte.org/mailman/listinfo/pptp-server |List services provided by www.schulte.org! | From paulo at nlink.com.br Fri Aug 20 12:04:00 1999 From: paulo at nlink.com.br (Paulo Fragoso) Date: Fri Aug 20 12:04:00 1999 Subject: [pptp-server] pptp-0.9.13 (2) Message-ID: Hi, I'm using Comopaq Microcom 4000 as pptp-client. My server is pptp-0.9.13 and this way I would like authenticate ISDN connections. Is it possible? When some user connect to Microcom by ISDN, pptp server return this error: pptpd[6180]: CTRL: PPTP Control Message type 9 not supported. pptpd[6180]: CTRL: Got a reply to a packet we didn't send What does "type 9" means? What does Microcom waits? Thanks, Paulo. ------ " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! From amacc at mailer.org Fri Aug 20 12:27:42 1999 From: amacc at mailer.org (Andrew McRory) Date: Fri Aug 20 12:27:42 1999 Subject: [pptp-server] pptp-0.9.13 (2) In-Reply-To: Message-ID: On Fri, 20 Aug 1999, Paulo Fragoso wrote: > Hi, > > I'm using Comopaq Microcom 4000 as pptp-client. My server is pptp-0.9.13 > and this way I would like authenticate ISDN connections. Is it possible? > > When some user connect to Microcom by ISDN, pptp server return this error: > > pptpd[6180]: CTRL: PPTP Control Message type 9 not supported. > pptpd[6180]: CTRL: Got a reply to a packet we didn't send > > What does "type 9" means? What does Microcom waits? Sorry Paulo, The PNS side of the PPTP protocol is not supported by current versions of PoPToP. I have been told support will be considered/added after the 1.0 release. Those of us with CM4000's are waiting patiently! Andrew McRory - amacc at linuxsys.com ************************************ President / Chief Technical Officer * Iron-Bridge Communications / Linux Systems Engineers / The PC Doctors * 3009-C West Tharpe Street - Tallahassee, FL 32303 * Voice 850.575.7213 **************************************************** From wherbert at earthlink.net Sun Aug 22 23:52:18 1999 From: wherbert at earthlink.net (william herbert) Date: Sun Aug 22 23:52:18 1999 Subject: [pptp-server] FreeBSD 3.2 STABLE & pptpd -0.9.13 Message-ID: <001a01beecbe$aac178a0$19fea8c0@thor.digiden.net> Hi there, pptpd 0.9.13 compiles out of the box ok, Im using configure --with-bsdppp, the pptpd works, can establish multiple ms vpn connections, however, pptpctrl core dumps :( Anyone interested in analyzing the core? From wherbert at earthlink.net Mon Aug 23 09:34:38 1999 From: wherbert at earthlink.net (wherbert) Date: Mon Aug 23 09:34:38 1999 Subject: [pptp-server] FreeBSD 3.2 STABLE & pptpd -0.9.13 Message-ID: <000001beed73$4e463b00$6f01a8c0@billh.60north.net> OK I just wanna say im not a programmer so Im not sure if I did this rite... Went into the Makefile after running ./configure & edited line CC = gcc to look like CC = gcc -ggdb, did make. Heres the output from gdb: su-2.02# gdb --exec=pptpctrl GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-freebsd". (gdb) run Starting program: /usr/src/pptpd-0.9.13/pptpctrl (no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x280bf96b in strtol () from /usr/lib/libc.so.3 (gdb) bt #0 0x280bf96b in strtol () from /usr/lib/libc.so.3 #1 0x280be824 in atoi () from /usr/lib/libc.so.3 #2 0x8048ae3 in ?? () #3 0x8048a49 in ?? () (gdb) Hope that helps, let me know if i did something wrong. >compile with -g and use gdb to run it, it'll tell you where it dumps >Kevin >----- Original Message ----- >From: william herbert >To: >Sent: Sunday, August 22, 1999 9:52 AM >Subject: [pptp-server] FreeBSD 3.2 STABLE & pptpd -0.9.13 > Hi there, pptpd 0.9.13 compiles out of the box ok, > Im using configure --with-bsdppp, the pptpd works, can establish multiple > ms vpn connections, however, pptpctrl core dumps -------------- next part -------------- An HTML attachment was scrubbed... URL: From luyer at ucs.uwa.edu.au Mon Aug 23 09:44:31 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Mon Aug 23 09:44:31 1999 Subject: [pptp-server] FreeBSD 3.2 STABLE & pptpd -0.9.13 In-Reply-To: Your message of "Mon, 23 Aug 1999 10:21:00 -0400." <000001beed73$4e463b00$6f01a8c0@billh.60north.net> Message-ID: <199908231444.WAA07458@typhaon.ucs.uwa.edu.au> > Hope that helps, let me know if i did something wrong. It's not actually useful for two reasons, one the -s option to gcc is causing the executable to be stripped (no debugging symbols) and two you can't invoke pptpctrl directly without options, that's causing the segfault. I'll fix the buglet in pptpctrl (make it print an error message) but that won't find your actual problem. David. From matthewr at moreton.com.au Mon Aug 23 23:22:21 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Aug 23 23:22:21 1999 Subject: [pptp-server] v0.9.14 Message-ID: <99082414162804.24004@gibberling.moreton.com.au> PoPToP v0.9.14 has been released. This version addresses a few minor bugs (see ChangeLog). Download your copy here: http://www.moretonbay.com/vpn/download_pptp.html -PoPToP Development Team From toktar at per.com.br Tue Aug 24 01:24:26 1999 From: toktar at per.com.br (Emir Toktar) Date: Tue Aug 24 01:24:26 1999 Subject: [pptp-server] MSCHAP Message-ID: <001101beedf8$261a1b30$010010ac@crypto.net> Hi all, I can make a conecction with pptpd server, but I can't ping or open telnet session over it. I get IP 192.168.0.234 but I can't ping, telnet or other things... Can any help me? ========================================= My configuration: ---------------------------------------------------- [chap-secrets] # Secrets for authentication using CHAP # client server secret IP addresses user1 linux.crypto.net user1 * ----------------------------------------------------- [options] debug name linux.crypto.net auth ##require-chap ##proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ==================================== [pptpt.log] Aug 24 02:02:47 linux pptpd[1071]: MGR: Manager process started Aug 24 02:03:09 linux pptpd[1072]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Aug 24 02:03:09 linux pptpd[1072]: CTRL: local address = 192.168.0.234 Aug 24 02:03:09 linux pptpd[1072]: CTRL: remote address = 192.168.1.234 Aug 24 02:03:09 linux pptpd[1072]: CTRL: pppd speed = 115200 Aug 24 02:03:09 linux pptpd[1072]: CTRL: Client 172.16.0.1 control connection started Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 1) Aug 24 02:03:09 linux pptpd[1072]: CTRL: Made a START CTRL CONN RPLY packet Aug 24 02:03:09 linux pptpd[1072]: CTRL: I wrote 156 bytes to the client. Aug 24 02:03:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 7) Aug 24 02:03:09 linux pptpd[1072]: CTRL: Set parameters to 152 maxbps, 16 window size Aug 24 02:03:09 linux pptpd[1072]: CTRL: Made a OUT CALL RPLY packet Aug 24 02:03:09 linux pptpd[1072]: CTRL: Starting call (launching pppd, opening GRE) Aug 24 02:03:09 linux pptpd[1072]: CTRL: pty_fd = 4 Aug 24 02:03:09 linux pptpd[1072]: CTRL: tty_fd = 5 Aug 24 02:03:09 linux pptpd[1073]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 24 02:03:09 linux pptpd[1073]: CTRL (PPPD Launcher): local address = 192.168.0.234 Aug 24 02:03:09 linux pptpd[1073]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Aug 24 02:03:09 linux pptpd[1072]: CTRL: I wrote 32 bytes to the client. Aug 24 02:03:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:03:09 linux pppd[1073]: pppd 2.3.8 started by root, uid 0 Aug 24 02:03:09 linux pppd[1073]: Using interface ppp0 Aug 24 02:03:09 linux pppd[1073]: Connect: ppp0 <--> /dev/pts/0 Aug 24 02:03:09 linux pppd[1073]: sent [LCP ConfReq id=0x1 ] Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 15) Aug 24 02:03:09 linux pptpd[1072]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP ConfReq id=0x0 < 0d 03 06>] Aug 24 02:03:09 linux pppd[1073]: sent [LCP ConfRej id=0x0 < 0d 03 06>] Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP ConfAck id=0x1 ] Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP ConfReq id=0x1 ] Aug 24 02:03:09 linux pppd[1073]: sent [LCP ConfAck id=0x1 ] Aug 24 02:03:09 linux pppd[1073]: sent [CHAP Challenge id=0x1 <1a62251edeaf9c3f4ca09e93813dfbd5>, name = "linux.crypto.net"] Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 15) Aug 24 02:03:09 linux pptpd[1072]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP code=0xc id=0x2 00 00 76 2d 4d 53 52 41 53 56 34 2e 30 30] Aug 24 02:03:09 linux pppd[1073]: sent [LCP CodeRej id=0x2 0c 02 00 12 00 00 76 2d 4d 53 52 41 53 56 34 2e 30 30] Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP code=0xc id=0x3 00 00 76 2d 4d 53 52 41 53 2d 31 2d 54 4f 4b 54 41 52] Aug 24 02:03:09 linux pppd[1073]: sent [LCP CodeRej id=0x3 0c 03 00 16 00 00 76 2d 4d 53 52 41 53 2d 31 2d 54 4f 4b 54 41 52] Aug 24 02:03:09 linux pppd[1073]: rcvd [CHAP Response id=0x1 <0f8d5cb63801309f0184afbe884616f10000000000000000c28ef8d0e5893b1fdec2faa8d02 586ae703c84bd9627dd7800>, name = "toktar"] Aug 24 02:03:09 linux pppd[1073]: sent [CHAP Success id=0x1 "S=3AA8FDC59DF46061F25367128246906DFFA6E3BE"] Aug 24 02:03:09 linux pppd[1073]: sent [IPCP ConfReq id=0x1 ] Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfReq id=0x1 ] Aug 24 02:03:10 linux pppd[1073]: MSCHAP-v2 peer authentication succeeded for toktar Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfReq id=0x4 ] Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfNak id=0x4 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfReq id=0x5 ] Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfRej id=0x5 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfRej id=0x1 ] Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfReq id=0x2 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfRej id=0x1 ] Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfReq id=0x2 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfReq id=0x6 ] Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfAck id=0x6 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfReq id=0x7 ] Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfNak id=0x7 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfAck id=0x2 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfNak id=0x2 ] Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfReq id=0x3 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfReq id=0x8 ] Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfAck id=0x8 ] Aug 24 02:03:10 linux pppd[1073]: local IP address 192.168.0.234 Aug 24 02:03:10 linux pppd[1073]: remote IP address 192.168.1.234 Aug 24 02:03:10 linux pppd[1073]: Script /etc/ppp/ip-up started (pid 1080) Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfAck id=0x3 ] Aug 24 02:03:10 linux pppd[1073]: MPPE 40 bit, stateless compression enabled Aug 24 02:03:11 linux pppd[1073]: Script /etc/ppp/ip-up finished (pid 1080), status = 0x0 Aug 24 02:03:17 linux pppd[1073]: rcvd [Compressed data] 90 05 c4 8c 91 e2 94 15 ... Aug 24 02:03:17 linux pppd[1073]: rcvd [Compressed data] 90 06 1f 0a 18 32 74 04 ... ......[ I cut it this part...] Aug 24 02:04:08 linux pppd[1073]: rcvd [Compressed data] 90 80 49 c0 c0 c1 22 8b ... Aug 24 02:04:08 linux pppd[1073]: rcvd [Compressed data] 90 81 ad eb 68 16 b0 19 ... Aug 24 02:04:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:04:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:04:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:04:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:04:10 linux pppd[1073]: rcvd [Compressed data] 90 82 1b fe f5 5b da 97 ... Aug 24 02:04:10 linux pppd[1073]: rcvd [Compressed data] 90 83 fe 0f f6 49 eb 35 ... ..[ I cut it this part...] Aug 24 02:04:58 linux pppd[1073]: rcvd [Compressed data] 90 e5 20 77 6f 39 4b f8 ... Aug 24 02:05:01 linux pppd[1073]: rcvd [Compressed data] 90 e6 3a 5f bf d1 66 05 ... Aug 24 02:05:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:05:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:05:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:05:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:06:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:06:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:06:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:06:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:06:15 linux pppd[1073]: rcvd [Compressed data] 90 e7 ad ac bc 70 71 66 ... Aug 24 02:06:17 linux pppd[1073]: rcvd [Compressed data] 90 e8 ea 5a 12 e9 9a c1 ... Aug 24 02:06:19 linux pppd[1073]: rcvd [Compressed data] 90 e9 cf 1b 87 5e 60 01 ... Aug 24 02:07:07 linux pppd[1073]: rcvd [Compressed data] 90 ea b8 29 b2 71 b9 7d ... Aug 24 02:07:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:07:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:07:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:07:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:08:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:08:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:08:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:08:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:09:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:09:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:09:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:09:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:10:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:10:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:10:10 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:10:10 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:11:10 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:11:10 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:11:10 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:11:10 linux pptpd[1072]: CTRL: Sent packet to client toktar at per.com.br emir.toktar at bra.xerox.com toktar at ppgia.pucpr.br From mspieth at telserve.com Tue Aug 24 04:17:43 1999 From: mspieth at telserve.com (Mark Spieth) Date: Tue Aug 24 04:17:43 1999 Subject: [pptp-server] MSCHAP In-Reply-To: <001101beedf8$261a1b30$010010ac@crypto.net> Message-ID: Check your pptpd.log. Look for something about unable to set proxy arp.. This is the most common problem. The readme that comes with poptop talks about this problem. Mark Spieth MCSE -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Emir Toktar Sent: Tuesday, August 24, 1999 2:16 AM To: poptop Subject: [pptp-server] MSCHAP Importance: High Hi all, I can make a conecction with pptpd server, but I can't ping or open telnet session over it. I get IP 192.168.0.234 but I can't ping, telnet or other things... Can any help me? ========================================= My configuration: ---------------------------------------------------- [chap-secrets] # Secrets for authentication using CHAP # client server secret IP addresses user1 linux.crypto.net user1 * ----------------------------------------------------- [options] debug name linux.crypto.net auth ##require-chap ##proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ==================================== [pptpt.log] Aug 24 02:02:47 linux pptpd[1071]: MGR: Manager process started Aug 24 02:03:09 linux pptpd[1072]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Aug 24 02:03:09 linux pptpd[1072]: CTRL: local address = 192.168.0.234 Aug 24 02:03:09 linux pptpd[1072]: CTRL: remote address = 192.168.1.234 Aug 24 02:03:09 linux pptpd[1072]: CTRL: pppd speed = 115200 Aug 24 02:03:09 linux pptpd[1072]: CTRL: Client 172.16.0.1 control connection started Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 1) Aug 24 02:03:09 linux pptpd[1072]: CTRL: Made a START CTRL CONN RPLY packet Aug 24 02:03:09 linux pptpd[1072]: CTRL: I wrote 156 bytes to the client. Aug 24 02:03:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 7) Aug 24 02:03:09 linux pptpd[1072]: CTRL: Set parameters to 152 maxbps, 16 window size Aug 24 02:03:09 linux pptpd[1072]: CTRL: Made a OUT CALL RPLY packet Aug 24 02:03:09 linux pptpd[1072]: CTRL: Starting call (launching pppd, opening GRE) Aug 24 02:03:09 linux pptpd[1072]: CTRL: pty_fd = 4 Aug 24 02:03:09 linux pptpd[1072]: CTRL: tty_fd = 5 Aug 24 02:03:09 linux pptpd[1073]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 24 02:03:09 linux pptpd[1073]: CTRL (PPPD Launcher): local address = 192.168.0.234 Aug 24 02:03:09 linux pptpd[1073]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Aug 24 02:03:09 linux pptpd[1072]: CTRL: I wrote 32 bytes to the client. Aug 24 02:03:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:03:09 linux pppd[1073]: pppd 2.3.8 started by root, uid 0 Aug 24 02:03:09 linux pppd[1073]: Using interface ppp0 Aug 24 02:03:09 linux pppd[1073]: Connect: ppp0 <--> /dev/pts/0 Aug 24 02:03:09 linux pppd[1073]: sent [LCP ConfReq id=0x1 ] Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 15) Aug 24 02:03:09 linux pptpd[1072]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP ConfReq id=0x0 < 0d 03 06>] Aug 24 02:03:09 linux pppd[1073]: sent [LCP ConfRej id=0x0 < 0d 03 06>] Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP ConfAck id=0x1 ] Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP ConfReq id=0x1 ] Aug 24 02:03:09 linux pppd[1073]: sent [LCP ConfAck id=0x1 ] Aug 24 02:03:09 linux pppd[1073]: sent [CHAP Challenge id=0x1 <1a62251edeaf9c3f4ca09e93813dfbd5>, name = "linux.crypto.net"] Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 15) Aug 24 02:03:09 linux pptpd[1072]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP code=0xc id=0x2 00 00 76 2d 4d 53 52 41 53 56 34 2e 30 30] Aug 24 02:03:09 linux pppd[1073]: sent [LCP CodeRej id=0x2 0c 02 00 12 00 00 76 2d 4d 53 52 41 53 56 34 2e 30 30] Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP code=0xc id=0x3 00 00 76 2d 4d 53 52 41 53 2d 31 2d 54 4f 4b 54 41 52] Aug 24 02:03:09 linux pppd[1073]: sent [LCP CodeRej id=0x3 0c 03 00 16 00 00 76 2d 4d 53 52 41 53 2d 31 2d 54 4f 4b 54 41 52] Aug 24 02:03:09 linux pppd[1073]: rcvd [CHAP Response id=0x1 <0f8d5cb63801309f0184afbe884616f10000000000000000c28ef8d0e5893b1fdec2faa8d02 586ae703c84bd9627dd7800>, name = "toktar"] Aug 24 02:03:09 linux pppd[1073]: sent [CHAP Success id=0x1 "S=3AA8FDC59DF46061F25367128246906DFFA6E3BE"] Aug 24 02:03:09 linux pppd[1073]: sent [IPCP ConfReq id=0x1 ] Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfReq id=0x1 ] Aug 24 02:03:10 linux pppd[1073]: MSCHAP-v2 peer authentication succeeded for toktar Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfReq id=0x4 ] Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfNak id=0x4 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfReq id=0x5 ] Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfRej id=0x5 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfRej id=0x1 ] Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfReq id=0x2 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfRej id=0x1 ] Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfReq id=0x2 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfReq id=0x6 ] Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfAck id=0x6 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfReq id=0x7 ] Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfNak id=0x7 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfAck id=0x2 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfNak id=0x2 ] Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfReq id=0x3 ] Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfReq id=0x8 ] Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfAck id=0x8 ] Aug 24 02:03:10 linux pppd[1073]: local IP address 192.168.0.234 Aug 24 02:03:10 linux pppd[1073]: remote IP address 192.168.1.234 Aug 24 02:03:10 linux pppd[1073]: Script /etc/ppp/ip-up started (pid 1080) Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfAck id=0x3 ] Aug 24 02:03:10 linux pppd[1073]: MPPE 40 bit, stateless compression enabled Aug 24 02:03:11 linux pppd[1073]: Script /etc/ppp/ip-up finished (pid 1080), status = 0x0 Aug 24 02:03:17 linux pppd[1073]: rcvd [Compressed data] 90 05 c4 8c 91 e2 94 15 ... Aug 24 02:03:17 linux pppd[1073]: rcvd [Compressed data] 90 06 1f 0a 18 32 74 04 ... ......[ I cut it this part...] Aug 24 02:04:08 linux pppd[1073]: rcvd [Compressed data] 90 80 49 c0 c0 c1 22 8b ... Aug 24 02:04:08 linux pppd[1073]: rcvd [Compressed data] 90 81 ad eb 68 16 b0 19 ... Aug 24 02:04:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:04:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:04:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:04:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:04:10 linux pppd[1073]: rcvd [Compressed data] 90 82 1b fe f5 5b da 97 ... Aug 24 02:04:10 linux pppd[1073]: rcvd [Compressed data] 90 83 fe 0f f6 49 eb 35 ... ..[ I cut it this part...] Aug 24 02:04:58 linux pppd[1073]: rcvd [Compressed data] 90 e5 20 77 6f 39 4b f8 ... Aug 24 02:05:01 linux pppd[1073]: rcvd [Compressed data] 90 e6 3a 5f bf d1 66 05 ... Aug 24 02:05:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:05:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:05:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:05:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:06:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:06:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:06:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:06:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:06:15 linux pppd[1073]: rcvd [Compressed data] 90 e7 ad ac bc 70 71 66 ... Aug 24 02:06:17 linux pppd[1073]: rcvd [Compressed data] 90 e8 ea 5a 12 e9 9a c1 ... Aug 24 02:06:19 linux pppd[1073]: rcvd [Compressed data] 90 e9 cf 1b 87 5e 60 01 ... Aug 24 02:07:07 linux pppd[1073]: rcvd [Compressed data] 90 ea b8 29 b2 71 b9 7d ... Aug 24 02:07:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:07:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:07:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:07:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:08:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:08:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:08:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:08:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:09:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:09:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:09:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:09:09 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:10:09 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:10:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:10:10 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:10:10 linux pptpd[1072]: CTRL: Sent packet to client Aug 24 02:11:10 linux pptpd[1072]: CTRL: Received PPTP Control Message (type: 5) Aug 24 02:11:10 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet Aug 24 02:11:10 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. Aug 24 02:11:10 linux pptpd[1072]: CTRL: Sent packet to client toktar at per.com.br emir.toktar at bra.xerox.com toktar at ppgia.pucpr.br _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From srogge at harmonic.com Tue Aug 24 04:42:32 1999 From: srogge at harmonic.com (Stan A. Rogge) Date: Tue Aug 24 04:42:32 1999 Subject: [pptp-server] MSCHAP Message-ID: <005301beee14$4c12a700$6601a8c0@telsarlt> Well, wouldn't you need for pppd to assign different addresses than what you normally use. This is a vpn and as such it is rather customary to assign the client an ip address off of a internal subnet and proxyarp it. Windows is rather particular about his routing table/routing behavior using a vpn when you are assigning something similar to what he is using for his lan/dial connection. -----Original Message----- From: Mark Spieth To: Emir Toktar ; poptop Date: Tuesday, August 24, 1999 4:21 AM Subject: RE: [pptp-server] MSCHAP |Check your pptpd.log. Look for something about unable to set proxy arp.. |This is the most common problem. The readme that comes with poptop talks |about this problem. | |Mark Spieth MCSE | | |-----Original Message----- |From: pptp-server-admin at lists.schulte.org |[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Emir Toktar |Sent: Tuesday, August 24, 1999 2:16 AM |To: poptop |Subject: [pptp-server] MSCHAP |Importance: High | | |Hi all, | |I can make a conecction with pptpd server, but I can't ping or open telnet |session over it. |I get IP 192.168.0.234 but I can't ping, telnet or other things... | |Can any help me? | |========================================= |My configuration: |---------------------------------------------------- |[chap-secrets] |# Secrets for authentication using CHAP |# client server secret IP addresses |user1 linux.crypto.net user1 * | |----------------------------------------------------- |[options] |debug |name linux.crypto.net |auth |##require-chap |##proxyarp |+chap |+chapms |+chapms-v2 |mppe-40 |mppe-128 |mppe-stateless | |==================================== | | |[pptpt.log] | |Aug 24 02:02:47 linux pptpd[1071]: MGR: Manager process started |Aug 24 02:03:09 linux pptpd[1072]: MGR: Launching /usr/local/sbin/pptpctrl |to handle client |Aug 24 02:03:09 linux pptpd[1072]: CTRL: local address = 192.168.0.234 |Aug 24 02:03:09 linux pptpd[1072]: CTRL: remote address = 192.168.1.234 |Aug 24 02:03:09 linux pptpd[1072]: CTRL: pppd speed = 115200 |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Client 172.16.0.1 control |connection started |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 1) |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Made a START CTRL CONN RPLY packet |Aug 24 02:03:09 linux pptpd[1072]: CTRL: I wrote 156 bytes to the client. |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Sent packet to client |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 7) |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Set parameters to 152 maxbps, 16 |window size |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Made a OUT CALL RPLY packet |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Starting call (launching pppd, |opening GRE) |Aug 24 02:03:09 linux pptpd[1072]: CTRL: pty_fd = 4 |Aug 24 02:03:09 linux pptpd[1072]: CTRL: tty_fd = 5 |Aug 24 02:03:09 linux pptpd[1073]: CTRL (PPPD Launcher): Connection speed = |115200 |Aug 24 02:03:09 linux pptpd[1073]: CTRL (PPPD Launcher): local address = |192.168.0.234 |Aug 24 02:03:09 linux pptpd[1073]: CTRL (PPPD Launcher): remote address = |192.168.1.234 |Aug 24 02:03:09 linux pptpd[1072]: CTRL: I wrote 32 bytes to the client. |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Sent packet to client |Aug 24 02:03:09 linux pppd[1073]: pppd 2.3.8 started by root, uid 0 |Aug 24 02:03:09 linux pppd[1073]: Using interface ppp0 |Aug 24 02:03:09 linux pppd[1073]: Connect: ppp0 <--> /dev/pts/0 |Aug 24 02:03:09 linux pppd[1073]: sent [LCP ConfReq id=0x1 | ] |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 15) |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Got a SET LINK INFO packet with |standard ACCMs |Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP ConfReq id=0x0 | < 0d 03 06>] |Aug 24 02:03:09 linux pppd[1073]: sent [LCP ConfRej id=0x0 < 0d 03 06>] |Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP ConfAck id=0x1 | ] |Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP ConfReq id=0x1 | ] |Aug 24 02:03:09 linux pppd[1073]: sent [LCP ConfAck id=0x1 | ] |Aug 24 02:03:09 linux pppd[1073]: sent [CHAP Challenge id=0x1 |<1a62251edeaf9c3f4ca09e93813dfbd5>, name = "linux.crypto.net"] |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 15) |Aug 24 02:03:09 linux pptpd[1072]: CTRL: Ignored a SET LINK INFO packet with |real ACCMs! |Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP code=0xc id=0x2 00 00 76 2d 4d |53 52 41 53 56 34 2e 30 30] |Aug 24 02:03:09 linux pppd[1073]: sent [LCP CodeRej id=0x2 0c 02 00 12 00 00 |76 2d 4d 53 52 41 53 56 34 2e 30 30] |Aug 24 02:03:09 linux pppd[1073]: rcvd [LCP code=0xc id=0x3 00 00 76 2d 4d |53 52 41 53 2d 31 2d 54 4f 4b 54 41 52] |Aug 24 02:03:09 linux pppd[1073]: sent [LCP CodeRej id=0x3 0c 03 00 16 00 00 |76 2d 4d 53 52 41 53 2d 31 2d 54 4f 4b 54 41 52] |Aug 24 02:03:09 linux pppd[1073]: rcvd [CHAP Response id=0x1 |<0f8d5cb63801309f0184afbe884616f10000000000000000c28ef8d0e5893b1fdec2faa8d0 2 |586ae703c84bd9627dd7800>, name = "toktar"] |Aug 24 02:03:09 linux pppd[1073]: sent [CHAP Success id=0x1 |"S=3AA8FDC59DF46061F25367128246906DFFA6E3BE"] |Aug 24 02:03:09 linux pppd[1073]: sent [IPCP ConfReq id=0x1 ] |Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfReq id=0x1 | ] |Aug 24 02:03:10 linux pppd[1073]: MSCHAP-v2 peer authentication succeeded |for toktar |Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfReq id=0x4 ] |Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfNak id=0x4 ] |Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfReq id=0x5 | ] |Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfRej id=0x5 ] |Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfRej id=0x1 ] |Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfReq id=0x2 ] |Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfRej id=0x1 |] |Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfReq id=0x2 ] |Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfReq id=0x6 ] |Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfAck id=0x6 ] |Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfReq id=0x7 ] |Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfNak id=0x7 ] |Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfAck id=0x2 ] |Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfNak id=0x2 ] |Aug 24 02:03:10 linux pppd[1073]: sent [CCP ConfReq id=0x3 ] |Aug 24 02:03:10 linux pppd[1073]: rcvd [IPCP ConfReq id=0x8 ] |Aug 24 02:03:10 linux pppd[1073]: sent [IPCP ConfAck id=0x8 ] |Aug 24 02:03:10 linux pppd[1073]: local IP address 192.168.0.234 |Aug 24 02:03:10 linux pppd[1073]: remote IP address 192.168.1.234 |Aug 24 02:03:10 linux pppd[1073]: Script /etc/ppp/ip-up started (pid 1080) |Aug 24 02:03:10 linux pppd[1073]: rcvd [CCP ConfAck id=0x3 ] |Aug 24 02:03:10 linux pppd[1073]: MPPE 40 bit, stateless compression enabled |Aug 24 02:03:11 linux pppd[1073]: Script /etc/ppp/ip-up finished (pid 1080), |status = 0x0 |Aug 24 02:03:17 linux pppd[1073]: rcvd [Compressed data] 90 05 c4 8c 91 e2 |94 15 ... |Aug 24 02:03:17 linux pppd[1073]: rcvd [Compressed data] 90 06 1f 0a 18 32 |74 04 ... |......[ I cut it this part...] |Aug 24 02:04:08 linux pppd[1073]: rcvd [Compressed data] 90 80 49 c0 c0 c1 |22 8b ... |Aug 24 02:04:08 linux pppd[1073]: rcvd [Compressed data] 90 81 ad eb 68 16 |b0 19 ... |Aug 24 02:04:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 5) |Aug 24 02:04:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet |Aug 24 02:04:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. |Aug 24 02:04:09 linux pptpd[1072]: CTRL: Sent packet to client |Aug 24 02:04:10 linux pppd[1073]: rcvd [Compressed data] 90 82 1b fe f5 5b |da 97 ... |Aug 24 02:04:10 linux pppd[1073]: rcvd [Compressed data] 90 83 fe 0f f6 49 |eb 35 ... |..[ I cut it this part...] |Aug 24 02:04:58 linux pppd[1073]: rcvd [Compressed data] 90 e5 20 77 6f 39 |4b f8 ... |Aug 24 02:05:01 linux pppd[1073]: rcvd [Compressed data] 90 e6 3a 5f bf d1 |66 05 ... |Aug 24 02:05:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 5) |Aug 24 02:05:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet |Aug 24 02:05:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. |Aug 24 02:05:09 linux pptpd[1072]: CTRL: Sent packet to client |Aug 24 02:06:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 5) |Aug 24 02:06:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet |Aug 24 02:06:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. |Aug 24 02:06:09 linux pptpd[1072]: CTRL: Sent packet to client |Aug 24 02:06:15 linux pppd[1073]: rcvd [Compressed data] 90 e7 ad ac bc 70 |71 66 ... |Aug 24 02:06:17 linux pppd[1073]: rcvd [Compressed data] 90 e8 ea 5a 12 e9 |9a c1 ... |Aug 24 02:06:19 linux pppd[1073]: rcvd [Compressed data] 90 e9 cf 1b 87 5e |60 01 ... |Aug 24 02:07:07 linux pppd[1073]: rcvd [Compressed data] 90 ea b8 29 b2 71 |b9 7d ... |Aug 24 02:07:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 5) |Aug 24 02:07:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet |Aug 24 02:07:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. |Aug 24 02:07:09 linux pptpd[1072]: CTRL: Sent packet to client |Aug 24 02:08:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 5) |Aug 24 02:08:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet |Aug 24 02:08:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. |Aug 24 02:08:09 linux pptpd[1072]: CTRL: Sent packet to client |Aug 24 02:09:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 5) |Aug 24 02:09:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet |Aug 24 02:09:09 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. |Aug 24 02:09:09 linux pptpd[1072]: CTRL: Sent packet to client |Aug 24 02:10:09 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 5) |Aug 24 02:10:09 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet |Aug 24 02:10:10 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. |Aug 24 02:10:10 linux pptpd[1072]: CTRL: Sent packet to client |Aug 24 02:11:10 linux pptpd[1072]: CTRL: Received PPTP Control Message |(type: 5) |Aug 24 02:11:10 linux pptpd[1072]: CTRL: Made a ECHO RPLY packet |Aug 24 02:11:10 linux pptpd[1072]: CTRL: I wrote 20 bytes to the client. |Aug 24 02:11:10 linux pptpd[1072]: CTRL: Sent packet to client | |toktar at per.com.br |emir.toktar at bra.xerox.com |toktar at ppgia.pucpr.br | | | |_______________________________________________ |pptp-server maillist - pptp-server at lists.schulte.org |http://lists.schulte.org/mailman/listinfo/pptp-server |List services provided by www.schulte.org! | | |_______________________________________________ |pptp-server maillist - pptp-server at lists.schulte.org |http://lists.schulte.org/mailman/listinfo/pptp-server |List services provided by www.schulte.org! | From adamichl at foliotrade.com Tue Aug 24 09:56:57 1999 From: adamichl at foliotrade.com (Louis Adamich) Date: Tue Aug 24 09:56:57 1999 Subject: [pptp-server] Beginner Help Message-ID: <37C2B26A.FD678F3D@foliotrade.com> I have successfully compiled and installed the poptop server software (I think). My first test is a win98 box on the internal net connecting to the pptp server (no fiirewall in-between). The box connects and I see the ppp connection come up on the linux box vi ifconfig. If I do a ipconfig on the windows box I see the new address. I set up the ip-up.local script to add to the arp table and if I do an arp at the command line I see the ip is in there. Everything seems good to go except that I cannot ping (or anything else) between the win98 client and the pptp server. When I run tcpdump and ping from the pptp server I see GRE stuff fly by. If I ping from the win98 box I see nothing on the linux side with tcpdump. Is there a configuration problem on the win box or the linux box? Any suggestions? What more information does someone need to give me a hand? Please Help, Louis Adamich From srogge at harmonic.com Tue Aug 24 12:00:46 1999 From: srogge at harmonic.com (Stan A. Rogge) Date: Tue Aug 24 12:00:46 1999 Subject: [pptp-server] Beginner Help Message-ID: <003c01beee51$62eccb80$0b01fb0a@telsarlt> Yea, I was just there. Make sure your subnets are very different between your real ip for win98 and the vpn address..........or............do a lot of elaborate changes to your win98 routing table. Its probably working, but win98 decides not to use the tunnel because he don't think he needs too. -----Original Message----- From: Louis Adamich To: pptp-server at lists.schulte.org Date: Tuesday, August 24, 1999 9:58 AM Subject: [pptp-server] Beginner Help |I have successfully compiled and installed the poptop server software (I |think). | |My first test is a win98 box on the internal net connecting to the pptp |server (no fiirewall in-between). | |The box connects and I see the ppp connection come up on the linux box |vi ifconfig. If I do a ipconfig on the windows box I see the new |address. | |I set up the ip-up.local script to add to the arp table and if I do an |arp at the command line I see the ip is in there. | |Everything seems good to go except that I cannot ping (or anything else) |between the win98 client and the pptp server. | |When I run tcpdump and ping from the pptp server I see GRE stuff fly |by. If I ping from the win98 box I see nothing on the linux side with |tcpdump. | |Is there a configuration problem on the win box or the linux box? | |Any suggestions? What more information does someone need to give me a |hand? | |Please Help, | |Louis Adamich | | |_______________________________________________ |pptp-server maillist - pptp-server at lists.schulte.org |http://lists.schulte.org/mailman/listinfo/pptp-server |List services provided by www.schulte.org! | From blalor at netDrives.com Tue Aug 24 13:47:18 1999 From: blalor at netDrives.com (Brian Lalor) Date: Tue Aug 24 13:47:18 1999 Subject: [pptp-server] Initial setup problems Message-ID: Hey all. I'm trying to get up and running with a Win98 client and pptpd-0.9.13. I'm not worried about encryption at the moment, just connectivity. I've attached my pptpd.conf, pptpd.log with output for a failed attempt, ppp/options and listing of "ipchains -L" output. My network segment looks like: The World --+ | +------------+ +----------+ | client |<=-(192.168.5.12)--- tunnel ---(192.168.5.11)-=>| server | +------------+ +----------+ | | +--(10.0.0.209)---------- Ethernet ------------(10.0.0.2)--+ So, my client's 10.0.0.209, my gateway (Linux) that does masquerading and hosts the pptpd is at 10.0.0.2. The gateway is dual homed and has an interface with a Real World IP addy. Incoming connections on the gateway for the external interface is pretty restricted, but connections to the internal interface is unrestricted. Perhaps my brain just isn't working up to par today, but for the life of me, I can't make sense out of my problems. Can someone give me some direction? Thanks, B -- Brian Lalor, Web Honkey netDrives, Inc. blalor at netDrives.com 607-272-5650 x7167 -------------- next part -------------- # see pptpd.conf(5) speed 115200 debug localip 192.168.5.11 remoteip 192.168.5.12 listen 10.0.0.2 -------------- next part -------------- Aug 24 14:29:53 stratus pptpd[4281]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 24 14:29:53 stratus pptpd[4281]: CTRL: pppd speed = 115200 Aug 24 14:29:53 stratus pptpd[4281]: CTRL: Client 10.0.0.209 control connection started Aug 24 14:29:53 stratus pptpd[4281]: CTRL: Received PPTP Control Message (type: 1) Aug 24 14:29:53 stratus pptpd[4281]: CTRL: Made a START CTRL CONN RPLY packet Aug 24 14:29:53 stratus pptpd[4281]: CTRL: I wrote 156 bytes to the client. Aug 24 14:29:53 stratus pptpd[4281]: CTRL: Sent packet to client Aug 24 14:29:53 stratus pptpd[4281]: CTRL: Received PPTP Control Message (type: 7) Aug 24 14:29:53 stratus pptpd[4281]: CTRL: Set parameters to 0 maxbps, 16 window size Aug 24 14:29:53 stratus pptpd[4281]: CTRL: Made a OUT CALL RPLY packet Aug 24 14:29:53 stratus pptpd[4281]: CTRL: Starting call (launching pppd, opening GRE) Aug 24 14:29:53 stratus pptpd[4281]: CTRL: pty_fd = 4 Aug 24 14:29:53 stratus pptpd[4281]: CTRL: tty_fd = 5 Aug 24 14:29:53 stratus pptpd[4281]: CTRL: I wrote 32 bytes to the client. Aug 24 14:29:53 stratus pptpd[4281]: CTRL: Sent packet to client Aug 24 14:29:53 stratus pptpd[4282]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 24 14:29:53 stratus pppd[4282]: pppd 2.3.8 started by root, uid 0 Aug 24 14:29:53 stratus pppd[4282]: Using interface ppp0 Aug 24 14:29:53 stratus pppd[4282]: Connect: ppp0 <--> /dev/pts/2 Aug 24 14:29:53 stratus pppd[4282]: sent [LCP ConfReq id=0x1 ] Aug 24 14:29:53 stratus pppd[4282]: rcvd [LCP ConfReq id=0x1 ] Aug 24 14:29:53 stratus pppd[4282]: sent [LCP ConfAck id=0x1 ] Aug 24 14:29:53 stratus pppd[4282]: rcvd [LCP ConfAck id=0x1 ] Aug 24 14:29:53 stratus pppd[4282]: sent [CHAP Challenge id=0x1 <654e7a13e10fe078752ebcfe15942cdace0df62424f95e286b873ba246c9fa62a45f67301af61f26c90250df>, name = "stratus"] Aug 24 14:29:53 stratus pppd[4282]: rcvd [CHAP Response id=0x1 <2540bca5aee504e36b1b1af59fc55dd6>, name = "blalor"] Aug 24 14:29:53 stratus pppd[4282]: sent [CHAP Success id=0x1 "Welcome to stratus.ith.glyphtech.com."] Aug 24 14:29:53 stratus pppd[4282]: sent [IPCP ConfReq id=0x1 ] Aug 24 14:29:53 stratus modprobe: can't locate module ppp-compress-21 Aug 24 14:29:53 stratus modprobe: can't locate module ppp-compress-26 Aug 24 14:29:54 stratus modprobe: can't locate module ppp-compress-24 Aug 24 14:29:54 stratus pppd[4282]: CHAP peer authentication succeeded for blalor Aug 24 14:29:54 stratus pppd[4282]: rcvd [IPCP ConfReq id=0x1 ] Aug 24 14:29:54 stratus pppd[4282]: sent [IPCP ConfRej id=0x1 ] Aug 24 14:29:54 stratus pppd[4282]: rcvd [IPCP ConfRej id=0x1 ] Aug 24 14:29:54 stratus pppd[4282]: sent [IPCP ConfReq id=0x2 ] Aug 24 14:29:54 stratus pppd[4282]: rcvd [IPCP ConfReq id=0x2 ] Aug 24 14:29:54 stratus pppd[4282]: sent [IPCP ConfRej id=0x2 ] Aug 24 14:29:54 stratus pppd[4282]: rcvd [IPCP ConfAck id=0x2 ] Aug 24 14:29:57 stratus pppd[4282]: sent [IPCP ConfReq id=0x2 ] Aug 24 14:29:57 stratus pppd[4282]: rcvd [IPCP ConfReq id=0x3 ] Aug 24 14:29:57 stratus pppd[4282]: sent [IPCP ConfRej id=0x3 ] Aug 24 14:29:57 stratus pppd[4282]: rcvd [IPCP ConfAck id=0x2 ] Aug 24 14:29:57 stratus pppd[4282]: rcvd [IPCP TermReq id=0x4] Aug 24 14:29:57 stratus pppd[4282]: sent [IPCP TermAck id=0x4] Aug 24 14:29:57 stratus pppd[4282]: rcvd [LCP TermReq id=0x2] Aug 24 14:29:57 stratus pppd[4282]: LCP terminated by peer Aug 24 14:29:57 stratus pppd[4282]: sent [LCP TermAck id=0x2] Aug 24 14:29:57 stratus pptpd[4215]: MGR: Reaped child 4281 Aug 24 14:29:57 stratus pptpd[4281]: CTRL: Received PPTP Control Message (type: 12) Aug 24 14:29:57 stratus pptpd[4281]: CTRL: Made a CALL DISCONNECT RPLY packet Aug 24 14:29:57 stratus pptpd[4281]: CTRL: Received CALL CLR request (closing call) Aug 24 14:29:57 stratus pptpd[4281]: CTRL: I wrote 148 bytes to the client. Aug 24 14:29:57 stratus pptpd[4281]: CTRL: Sent packet to client Aug 24 14:29:57 stratus pptpd[4281]: CTRL: Error with select(), quitting Aug 24 14:29:57 stratus pptpd[4281]: CTRL: Client 10.0.0.209 control connection finished Aug 24 14:29:57 stratus pptpd[4281]: CTRL: Exiting now Aug 24 14:29:57 stratus pppd[4282]: Modem hangup Aug 24 14:29:57 stratus pppd[4282]: Connection terminated. Aug 24 14:29:57 stratus pppd[4282]: Exit. -------------- next part -------------- lock debug name stratus auth require-chap proxyarp -------------- next part -------------- Chain input (policy ACCEPT): target prot opt source destination ports ACCEPT tcp ------ anywhere anywhere any -> pop-3 ACCEPT tcp ------ anywhere anywhere any -> imap2 ACCEPT tcp ------ anywhere anywhere any -> smtp ACCEPT tcp ------ anywhere anywhere any -> ssh ACCEPT tcp ------ anywhere anywhere ftp-data -> any ACCEPT tcp ------ anywhere anywhere any -> auth REJECT tcp -y--l- anywhere anywhere any -> any Chain forward (policy DENY): target prot opt source destination ports MASQ all ------ 10.0.0.0/24 anywhere n/a Chain output (policy ACCEPT): From EMIR.TOKTAR at bra.xerox.com Tue Aug 24 16:42:26 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Tue Aug 24 16:42:26 1999 Subject: [pptp-server] installing MSCHAP/MPPE PPPD patch Message-ID: <51E5E026247AD2118CDD0008C74CC2DD34191E@bra0070ms1.bra.xerox.com> PoPToP HOWTO/FAQ ---------------- Last Updated: 19990813 >>This is cut out of the poptop howto/faq.. the howto is not finished.. at >>the moment it is a big mess. any feedback on these instructions most >>welcome. also i'd like to hear about anyone having success with this >>under win98 and NT. see below! -matt In HOWTO 3.0 PPP (and MSCHAP/MPPE) Installation -------------------------------------- setp 5. Assuming your files are in /usr/local/src/ and your current working directory is also /usr/local/src/ do the following: [tar zxvf ppp-2.3.8.tar.gz] [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] ???? is not gunzip. ############################################################## I followed PoPToP HOWTO/FAQ and not work properlly with RedHat 6.0 kernel 2.2.5-15. Below are my steps get with many cuts of the your HOWTO/FAQ and others e-mails. I have follow this instructions (step-by-step), if I do any mistakes and you can send me I will appreciate!!! ============================================================================ 3.1 Installing MSCHAP/MPPE PPPD Patch Grab yourself a clean copy of the PPP deamon version 2.3.8 (ppp-2.3.8). I usually go here for my PPP files: ftp://cs.anu.edu.au/pub/software/ppp/ ftp://cs.anu.edu.au/pub/software/ppp/ ppp-2.3.8.tar.gz ppp-2.3.8-patch1 {correction IPX...} Grab youself the MSCHAP/MPPE diff files and the RC4 files Follow these instructions: MSCHAP/MPPE: http://www.moretonbay.com/vpn/releases/ ppp-2.3.8-mppe-others-norc4_TH7.diff RC4 files : ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ SSLeay-0.6.6b.tar.gz [ i.e: host: vpn {example} ] 1. Copy the archives to your local file system [i.e: /usr/local/src/] [root at vpn src]# ls ppp-2.3.8.tar.gz ppp-2.3.8-mppe-others-norc4_TH7.diff.gz SSLeay-0.6.6b.tar.gz [root at vpn src]# tar zxvf ppp-2.3.8.tar.gz [root at vpn src]# tar zxvf SSLeay-0.6.6b.tar.gz 2. Copy the RC4 files (rc4.h and rc4_enc.c) to ppp-2.3.8/linux/ [root at vpn src]# pwd /usr/local/src [root at vpn src]# cd SSLeay-0.6.6b/crypto/rc4/ [root at vpn rc4]# cp rc4.h /usr/local/src/ppp-2.3.8/linux/ [root at vpn rc4]# cp rc4_enc.c /usr/local/src/ppp-2.3.8/linux/ 3. Patch the MSCHAP/MPPE diff file [root at vpn rc4]# cd /usr/local/src/ [root at vpn src]# cp ppp-2.3.8-patch1 ppp-2.3.8/pppd [root at vpn src]# cd ppp-2.3.8/pppd patching file 'sys-linux.c' [root at vpn pppd]# patch -p1 < ppp-2.3.8-patch1 [pwd] /usr/src/linux/ppp-2.3.8/pppd [root at vpn pppd]# cd /usr/local/src [root at vpn src]# patch -p0 < ppp-2.3.8-mppe-others-norc4_TH7.diff patching file 'ppp-2.3.8/...' [root at vpn src]# cd ppp-2.3.8 4. The files should now all be in place and we are ready to compile PPP. Follow these steps to compile it: [root at vpn ppp-2.3.8]# ./configure [root at vpn ppp-2.3.8]# cd linux [root at vpn linux]# pwd /usr/local/src/linux/ppp-2.3.8/linux [root at vpn linux]# ./kinstall.sh ... Kernel driver files installation done. [root at vpn linux]# cp * /usr/src/linux/drivers/net/ { not compile with ?make? because there isn?t rc4* files then, I did this copy } [root at vpn linux]# cd .. [root at vpn ppp-2.3.8]# make [root at vpn ppp-2.3.8]# cd pppd [root at vpn pppd]# cp pppd /usr/sbin/ [root at vpn pppd]# cd /usr/src/linux [root at vpn linux]# pwd /usr/src/linux [root at vpn linux]# make modules SUBDIRS=drivers/net ------------------------------------------ [ by ppp-2.3.8/README.linux ] 2. Update the kernel sources. If you are using a kernel earlier than 2.2.8, you can either use the driver in this package or upgrade your kernel to 2.2.8. If you choose to use the driver in this package, you will need a copy of the kernel source tree to compile the driver. 3. Build the kernel. ------------------------------------------- ***** mistakes will be happen if there was disable modules **** [ by Michael J. Walter mcse ] Type "make menuconfig" Use your arrow keys to scroll to the "Networking Options" item and hit "Enter". a) The "Networking options" window should appear. b) Use your arrow keys to scroll down to "IP: masquerading" and type "N". c) Use your arrow keys to scroll down to "IP: tunneling" and type "N". d) Use your arrow keys to scroll down to "IP: aliasing support" and type "N". e) Use your arrow keys to scroll down to "IP: Reverse ARP" and type "N". f) Use your arrow keys to scroll down to "The IPX protocol" and type "N". g) Use your arrow keys to scroll down to "Appletalk DDP" and type "N". h) Use your right arrow key to highlight "" at the bottom of the screen and hit "Enter" Use your right arrow key to highlight "" at the bottom of the screen and hit "Enter" and save. a) Type "make dep" b) Type "make clean" c) Type "make bzImage" This probably is not necessary, but I always reboot here, type "shutdown -r now" ***************************************************** [root at vpn linux]# make modules SUBDIRS=drivers/net [root at vpn linux]# make modules_install [root at vpn linux]# rmmod ppp -------------------------------------------------- (*) if module ppp not load [root at vpn linux]# cd /lib/modules/2.2.5-15/net/ 1. # insmod slhc 2. # insmod ppp 3. # insmod bsd_comp 4. # insmod ppp_deflate 5. # insmod ppp_mppe -------------------------------------------------- [root at vpn linux]# insmod ppp [root at vpn linux]# insmod ppp_mppe Edit the /etc/conf.modules file and add alias the following lines alias ppp-compress-18 ppp_mppe alias ppp-compress-21 slhc alias ppp-compress-24 bsd_comp alias ppp-compress-26 ppp_deflate From dhahn at techangle.com Tue Aug 24 17:37:25 1999 From: dhahn at techangle.com (Dave Hahn) Date: Tue Aug 24 17:37:25 1999 Subject: [pptp-server] pts Problem Message-ID: <37C31C97.73A7B807@techangle.com> Trying to get pptp running on a RedHat 6.0 installation. The recompile of pppd went as did the install. However, when trying to connect problems start. Pertinent log info: Aug 23 15:37:12 proxy pptpd[2261]: CTRL: Client 216.168.67.212 control connection started Aug 23 15:37:12 proxy pptpd[2261]: CTRL: Starting call (launching pppd, opening GRE) Aug 23 15:37:43 proxy pptpd[2261]: GRE: read(fd=4,buffer=804d194,len=8196) from PTY failed: status = -1 error = Input/output error Aug 23 15:37:43 proxy pptpd[2261]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Aug 23 15:37:43 proxy pptpd[2261]: CTRL: Client 216.168.67.212 control connection finished I'm guessing that the problem comes from the PTY read of GRE write failed line. How can I go about fixing this issue? Dave From luyer at ucs.uwa.edu.au Wed Aug 25 04:26:29 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Aug 25 04:26:29 1999 Subject: [pptp-server] pts Problem In-Reply-To: Your message of "Tue, 24 Aug 1999 16:28:39 CST." <37C31C97.73A7B807@techangle.com> Message-ID: <199908250926.RAA27859@typhaon.ucs.uwa.edu.au> > Trying to get pptp running on a RedHat 6.0 installation. The recompile > of pppd went as did the install. However, when trying to connect > problems start. > > Pertinent log info: > Aug 23 15:37:43 proxy pptpd[2261]: GRE: > read(fd=4,buffer=804d194,len=8196) from PTY failed: status = -1 error = > Input/output error > > I'm guessing that the problem comes from the PTY read of GRE write > failed line. Interesting. Either pppd isn't working or there's something going wrong with the pty/tty pair. What version of pptpd are you trying? Where are the corresponding ppp logs? David. From adamichl at foliotrade.com Wed Aug 25 10:37:49 1999 From: adamichl at foliotrade.com (Louis Adamich) Date: Wed Aug 25 10:37:49 1999 Subject: [pptp-server] More help needed. Confused. Message-ID: <37C40D75.23542BF4@foliotrade.com> I have followed the instructions for compiling/installing/etc. Everything seems to go okay but when I connect from a client it connects but if I try to do anything (ping, etc) I get a bunch of unsopported protocol errors in my log file. If I turn off encryption then everything works OK. The log is below. Thanks for any help. Louis Adamich This is what I get upon connect Aug 25 10:20:21 firewall pptpd[553]: CTRL: Client 38.202.233.105 control connection started Aug 25 10:20:21 firewall pptpd[553]: CTRL: Starting call (launching pppd, opening GRE) Aug 25 10:20:22 firewall kernel: CSLIP: code copyright 1989 Regents of the University of California Aug 25 10:20:22 firewall kernel: PPP: version 2.3.8 (demand dialling) Aug 25 10:20:22 firewall kernel: PPP line discipline registered. Aug 25 10:20:22 firewall kernel: registered device ppp0 Aug 25 10:20:22 firewall pppd[554]: pppd 2.3.8 started by root, uid 0 Aug 25 10:20:22 firewall pppd[554]: Using interface ppp0 Aug 25 10:20:22 firewall pppd[554]: Connect: ppp0 <--> /dev/pts/2 Aug 25 10:20:22 firewall kernel: PPP MPPE compression module registered Aug 25 10:20:22 firewall kernel: PPP Deflate Compression module registered Aug 25 10:20:22 firewall pppd[554]: MSCHAP peer authentication succeeded for testdomain\\testuser Aug 25 10:20:22 firewall pppd[554]: Cannot determine ethernet address for proxy ARP Aug 25 10:20:22 firewall pppd[554]: local IP address 10.0.0.1 Aug 25 10:20:22 firewall pppd[554]: remote IP address 10.0.0.2 Aug 25 10:20:22 firewall pppd[554]: MPPE 40 bit, non-stateless compression enabled Aug 25 10:20:23 firewall pppd[554]: Unsupported protocol (0x337b) received Aug 25 10:20:24 firewall pppd[554]: Unsupported protocol (0xbf6b) received Aug 25 10:20:24 firewall pppd[554]: Unsupported protocol (0x92ab) received Aug 25 10:20:25 firewall pppd[554]: Unsupported protocol (0x4f24) received Aug 25 10:20:25 firewall pppd[554]: Unsupported protocol (0x1a3f) received Aug 25 10:20:25 firewall pppd[554]: Unsupported protocol (0x29e5) received Aug 25 10:20:25 firewall pppd[554]: Unsupported protocol (0xe6be) received Aug 25 10:20:26 firewall pppd[554]: Unsupported protocol (0xadb1) received Aug 25 10:20:26 firewall pppd[554]: Unsupported protocol (0xd9d4) received Aug 25 10:20:26 firewall pppd[554]: Unsupported protocol (0x4a9b) received Aug 25 10:20:26 firewall pppd[554]: Unsupported protocol (0x47e9) received Aug 25 10:20:27 firewall pppd[554]: Unsupported protocol (0x9244) received Aug 25 10:20:27 firewall pppd[554]: Unsupported protocol (0x68ee) received Aug 25 10:20:27 firewall pppd[554]: Unsupported protocol (0x31c4) received Aug 25 10:20:29 firewall pppd[554]: Unsupported protocol (0xfdd) received This is what I get from a ping to the client Aug 25 10:21:44 firewall pppd[554]: Protocol-Reject for unsupported protocol 0x61 Aug 25 10:21:45 firewall pppd[554]: Protocol-Reject for unsupported protocol 0xb850 Aug 25 10:21:46 firewall pppd[554]: Protocol-Reject for unsupported protocol 0x3606 Aug 25 10:21:47 firewall pppd[554]: Protocol-Reject for unsupported protocol 0xacaa Aug 25 10:21:48 firewall pppd[554]: Protocol-Reject for unsupported protocol 0x3f Aug 25 10:21:49 firewall pppd[554]: Protocol-Reject for unsupported protocol 0xcd Aug 25 10:21:50 firewall pppd[554]: Protocol-Reject for unsupported protocol 0x2ca4 Aug 25 10:21:51 firewall pppd[554]: Protocol-Reject for unsupported protocol 0x8d Aug 25 10:21:52 firewall pppd[554]: Protocol-Reject for unsupported protocol 0x642e Aug 25 10:21:53 firewall pppd[554]: Protocol-Reject for unsupported protocol 0xb2e6 Aug 25 10:21:54 firewall pppd[554]: Protocol-Reject for unsupported protocol 0x1 Aug 25 10:21:55 firewall pppd[554]: Protocol-Reject for unsupported protocol 0xe6c8 Aug 25 10:21:56 firewall pppd[554]: Protocol-Reject for unsupported protocol 0xb7 From rowl at earthcorp.com Thu Aug 26 16:41:03 1999 From: rowl at earthcorp.com (Michael St. Laurent) Date: Thu Aug 26 16:41:03 1999 Subject: [pptp-server] Can server _require_ encryption? Message-ID: <3.0.6.32.19990826143358.0091eb30@guardian.hartwellcorp.com> I have pptp working with encryption (!!!_party_!!!) What I need to do now is configure the server to inisist on data encryption. I know this can be set on the clients but I don't trust our users to not screw it up. Is there some way to set the server to reject any connection attempt that will not agree to data encryption? -------------------- Michael St. Laurent Hartwell Corporation From amiklas at bigfoot.com Thu Aug 26 22:55:31 1999 From: amiklas at bigfoot.com (Andrew Miklas) Date: Thu Aug 26 22:55:31 1999 Subject: [pptp-server] Bridging Message-ID: <001301bef03f$1200c9c0$0200a8c0@AndrewComputer> Hi all, Your replies have given me plenty to think about! Thanks! However, I believe I may have found another simple solution to my problem. Is it possible to simply bridge the ppp device with a eth device on the pptpd server? In this way, the ppp connection will think it is simply plugged straight into a hub here? I have tried messing with proxyarp and routing tables with no avail. I believe the solution lies in doing a straight out bridge with something like brcfg, but I have been unsuccessful in doing this. Bridging, as I understand it, was somewhat of a nightmare in the 2.0 series of kernels, and was pulled from the 2.1 series. I use a Redhat 6.0 standard 2.2.5-15 kernel. Does it have routing support by default? If not, is there a module or daemon that I can load to accomplish this? What program can I use to configure the kernel level / module bridge? While this approach may be a tad inefficient, it will virtually guarantee every application will run on the network. Currently, file sharing using Network Neighborhood seems spotty and unnecessarily slow, and other applications don't work at all. By simply bridging the networks, I believe IPX will simply fall into place. Since the connection really doesn't have to be all that fast (and the two sites are connected by cable modem), I don't think the performance problems would be that big. So, basically, is there a way to dump all traffic on eth1 onto ppp0 in such a way it is transparent to the "client" on ppp0. (ie. traceroute from a computer on eth1 to "client" on ppp0 will not show pptpd server or bridge in the middle -- I guess that is the definition of a bridge anyway.) Better yet, can I dump a subnet of eth1 onto ppp0 in such a way that the "client" of ppp0 appears as a host on a subnet of eth1? This way, I can group all computers that VPN clients will need to gain _direct_ access to in a subnet, and make all VPN clients plug straight into that subnet. Computers they need access to, but not direct, can be in other subnets, routed to the special subnet by way of conventional routing and gateways on the Linux machine. That way, the bridge is only dumping a minimal amount of excess chatter over the ppp line. I hope some of that made sense! I am a recent Windows convert, and am still getting used to the idea of playing around with TCP settings at this level. Thanks for your help, Andrew Miklas -------------- next part -------------- An HTML attachment was scrubbed... URL: From rlankshear at comset.co.uk Fri Aug 27 04:24:27 1999 From: rlankshear at comset.co.uk (Robert Lankshear) Date: Fri Aug 27 04:24:27 1999 Subject: [pptp-server] Initial setup problems Message-ID: <002567DA.0037ACD2.00@StClare1.comset.co.uk> Greetings, I'm making the assumption that you have PoPToP installed and running on the Dual-Homed Firewall machine that also performs Masquerading. If you followed the rules from the IP Masq. How To then you would have executed the following configuration: ipchains -P forward DENY ipchains -A forward -i eth0 -s -j MASQ This pushes all traffic going from eth0 into the Masquerade code AND DENIES all other forwards.. including down the PPP link. To stop this I used the following: ipchains -A forward -i ! eth0 -s -j ACCEPT which is a bit wide in scope. ipchains -A forward -i ppp+ -s -j ACCEPT may also work too :). I had this problem but have solved it with this additional config line. I do not have any of the kernel patches for PPTP or port forwarding installed as I found that these are not neccessary when the Firewall is the PPTP server BUT no internal clients will be able to access EXTERNAL PPTP servers in this mode.. which is not something I needed to do. TTFN Robert J Lankshear From macleajb at Trademart-1.EDnet.NS.CA Fri Aug 27 08:23:40 1999 From: macleajb at Trademart-1.EDnet.NS.CA (James B. MacLean) Date: Fri Aug 27 08:23:40 1999 Subject: [pptp-server] Kernel Oops in 2.2.12 In-Reply-To: <99082414162804.24004@gibberling.moreton.com.au> Message-ID: Hi Folks, Just got this today beating on my SMP box with 2 100meg connects that were just FTPing a file... It's version 13 not 14 of pptpd. cheers, JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 -------------- next part -------------- WARNING: This version of ksymoops is obsolete. WARNING: The current version can be obtained from ftp://ftp.ocs.com.au/pub/ksymoops Options used: -V (default) -o /lib/modules/2.2.12/ (default) -k /proc/ksyms (default) -l /proc/modules (default) -m /usr/src/linux/System.map (default) -c 1 (default) You did not tell me where to find symbol information. I will assume that the log matches the kernel and modules that are running right now and I'll use the default options above for symbol resolution. If the current kernel and/or modules do not match the log, you can get more accurate output by telling me the kernel version and where to find map, modules, ksyms etc. ksymoops -h explains the options. Aug 27 10:14:01 linux kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000080 Aug 27 10:14:01 linux kernel: current->tss.cr3 = 02094000, %cr3 = 02094000 Aug 27 10:14:01 linux kernel: *pde = 00000000 Aug 27 10:14:01 linux kernel: Oops: 0000 Aug 27 10:14:01 linux kernel: CPU: 0 Aug 27 10:14:01 linux kernel: EIP: 0010:[] Aug 27 10:14:01 linux kernel: EFLAGS: 00010246 Aug 27 10:14:01 linux kernel: eax: 00000000 ebx: 00000000 ecx: c4a5c400 edx: c72e5000 Aug 27 10:14:01 linux kernel: esi: c4a5c630 edi: c4a5c400 ebp: 000005db esp: c7b6beb8 Aug 27 10:14:01 linux kernel: ds: 0018 es: 0018 ss: 0018 Aug 27 10:14:01 linux kernel: Process pptpctrl (pid: 4979, process nr: 54, stackpage=c7b6b000) Aug 27 10:14:01 linux kernel: Stack: c52a3000 00000000 c52a3000 00000000 c4a5c448 00000000 c8894e97 c52a3000 Aug 27 10:14:01 linux kernel: 00000000 c8894ed4 c4a5c400 c4a5c400 c52a3000 c72e5000 c7b6bf8c c8894aeb Aug 27 10:14:01 linux kernel: c4a5c400 c52a3000 c72e5000 c01c6e56 c52a3000 00000008 00000000 c01be89a Aug 27 10:14:01 linux kernel: Call Trace: [] [] [] [pty_unthrottle+38/72] [check_unthrottle+42/48] [read_chan+1526/1808] [tty_read+176/208] Aug 27 10:14:01 linux kernel: Code: 8b b8 80 00 00 00 89 7c 24 20 8b 40 5c 89 44 24 28 31 ff 66 >>EIP: c8894fc2 Trace: c8894e97 Trace: c8894ed4 Trace: c8894aeb Code: c8894fc2 00000000 <_EIP>: <=== Code: c8894fc2 0: 8b b8 80 00 00 00 movl 0x80(%eax),%edi <=== Code: c8894fc8 6: 89 7c 24 20 movl %edi,0x20(%esp,1) Code: c8894fcc a: 8b 40 5c movl 0x5c(%eax),%eax Code: c8894fcf d: 89 44 24 28 movl %eax,0x28(%esp,1) Code: c8894fd3 11: 31 ff xorl %edi,%edi Code: c8894fd5 13: 66 00 00 addb %al,(%eax) 5 warnings issued. Results may not be reliable. From martin at simpli.net Sat Aug 28 15:01:56 1999 From: martin at simpli.net (Martin) Date: Sat Aug 28 15:01:56 1999 Subject: [pptp-server] Info Message-ID: <37C7F936.2A294DC0@simpli.net> Hi someone can tell me why I get this error : Aug 28 11:02:32 server pptpd[6007]: CTRL: Starting call (launching pppd, opening GRE) Aug 28 11:02:32 server pppd[6008]: pppd 2.3.7 started by root, uid 0 Aug 28 11:02:32 server pppd[6008]: Using interface ppp0 Aug 28 11:02:32 server pppd[6008]: Connect: ppp0 <--> /dev/pts/2 Aug 28 11:02:33 server pptpd[6007]: CTRL: Error with select(), quitting Aug 28 11:02:33 server pptpd[6007]: CTRL: Client 216.46.20.53 control connection finished I just check in my /dev/pts/ directory and I dont have any 2 file ony a 0 one so any one have a clue? Thanks Martin From luyer at ucs.uwa.edu.au Sun Aug 29 22:45:48 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun Aug 29 22:45:48 1999 Subject: [pptp-server] Info In-Reply-To: Your message of "Sat, 28 Aug 1999 10:59:02 -0400." <37C7F936.2A294DC0@simpli.net> Message-ID: <199908300345.LAA23545@typhaon.ucs.uwa.edu.au> > Hi someone can tell me why I get this error : > > Aug 28 11:02:32 server pptpd[6007]: CTRL: Starting call (launching pppd, > opening > GRE) > Aug 28 11:02:32 server pppd[6008]: pppd 2.3.7 started by root, uid 0 > Aug 28 11:02:32 server pppd[6008]: Using interface ppp0 > Aug 28 11:02:32 server pppd[6008]: Connect: ppp0 <--> /dev/pts/2 > Aug 28 11:02:33 server pptpd[6007]: CTRL: Error with select(), quitting > Aug 28 11:02:33 server pptpd[6007]: CTRL: Client 216.46.20.53 control > connection > finished Looks like it could be a normal exit from a broken (Win9x) client or a problem, without more debugging it's hard to tell. > I just check in my /dev/pts/ directory and I dont have any 2 file ony a > 0 one so any one have a clue? /dev/pts is the Linux 2.2.x special filesystem which creates pseudo terminals on demand, hence they will only be there when in use. David. From fgibbons at rtihosting.com Mon Aug 30 12:06:40 1999 From: fgibbons at rtihosting.com (Francis Gibbons) Date: Mon Aug 30 12:06:40 1999 Subject: [pptp-server] DHCP and PPTPD Message-ID: <003a01bef309$8473a820$7110a8c0@wsib.on.ca> Can I use a DHCP server to assign addresses to clients rather than using localip/remoteip. From stan at rogge.net Mon Aug 30 12:53:11 1999 From: stan at rogge.net (Stan A. Rogge) Date: Mon Aug 30 12:53:11 1999 Subject: [pptp-server] DHCP and PPTPD References: <003a01bef309$8473a820$7110a8c0@wsib.on.ca> Message-ID: <004a01bef30f$e86eff40$fd011fac@harmonic.com> no.. ----- Original Message ----- From: Francis Gibbons To: Sent: Monday, August 30, 1999 12:03 PM Subject: [pptp-server] DHCP and PPTPD | Can I use a DHCP server to assign addresses to clients rather than using localip/remoteip. | | | _______________________________________________ | pptp-server maillist - pptp-server at lists.schulte.org | http://lists.schulte.org/mailman/listinfo/pptp-server | List services provided by www.schulte.org! | From tmk at netmagic.net Mon Aug 30 15:14:20 1999 From: tmk at netmagic.net (tmk) Date: Mon Aug 30 15:14:20 1999 Subject: [pptp-server] DHCP and PPTPD In-Reply-To: <003a01bef309$8473a820$7110a8c0@wsib.on.ca> Message-ID: we MIGHT build dhcp support into future versions, but for now it's not supported. The idea is floating around though. Kevin On Mon, 30 Aug 1999, Francis Gibbons wrote: > Can I use a DHCP server to assign addresses to clients rather than using localip/remoteip. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From luyer at ucs.uwa.edu.au Tue Aug 31 02:29:29 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Tue Aug 31 02:29:29 1999 Subject: [pptp-server] DHCP and PPTPD In-Reply-To: Your message of "Mon, 30 Aug 1999 13:03:00 -0400." <003a01bef309$8473a820$7110a8c0@wsib.on.ca> Message-ID: <199908310729.PAA08847@typhaon.ucs.uwa.edu.au> > Can I use a DHCP server to assign addresses to clients rather than using localip/remoteip. You can use PPPd IP allocation and whatever allocation strategy you like by customizing the PPP daemon. Personally I use an erpcd, but there are pppd's out there that use radius and so on. I guess DHCP wouldn't be that hard. Nobody's stopping you from doing it... David. From oftedal at netpower.no Tue Aug 31 07:27:47 1999 From: oftedal at netpower.no (Einar Oftedal) Date: Tue Aug 31 07:27:47 1999 Subject: [pptp-server] error Message-ID: Hi, I have a problem with pptp on my firewall. (RedHat 5.2 with kernel 2.2.x) Aug 31 14:25:24 gw pptpd[4979]: MGR: Manager process started Aug 31 14:25:26 gw pptpd[4980]: CTRL: Client 212.33.133.4 control connection started Aug 31 14:25:26 gw pptpd[4980]: CTRL: Starting call (launching pppd, opening GRE) Aug 31 14:25:26 gw pppd[4981]: pppd 2.3.8 started by root, uid 0 Aug 31 14:25:26 gw pppd[4981]: Using interface ppp0 Aug 31 14:25:26 gw pppd[4981]: Connect: ppp0 <--> /dev/ttyp0 Aug 31 14:25:57 gw pppd[4981]: LCP: timeout sending Config-Requests Aug 31 14:25:57 gw pppd[4981]: Connection terminated. Aug 31 14:25:57 gw pppd[4981]: Exit. Aug 31 14:25:57 gw pptpd[4980]: GRE: read(fd=4,buffer=804d344,len=8196) from PTY failed: status = -1 error = Input/output error Aug 31 14:25:57 gw pptpd[4980]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Aug 31 14:25:57 gw pptpd[4980]: CTRL: Client 212.33.133.4 control connection finished Help!! From rowl at earthcorp.com Tue Aug 31 12:04:13 1999 From: rowl at earthcorp.com (Michael St. Laurent) Date: Tue Aug 31 12:04:13 1999 Subject: [pptp-server] Can server _require_ encryption? Message-ID: <3.0.6.32.19990831100335.00939100@guardian.hartwellcorp.com> I have pptp working with encryption (!!!_party_!!!) What I need to do now is configure the server to inisist on data encryption. I know this can be set on the clients but I don't trust our users to not screw it up. Is there some way to set the server to reject any connection attempt that will not agree to data encryption? -------------------- Michael St. Laurent Hartwell Corporation From EMIR.TOKTAR at bra.xerox.com Tue Aug 31 17:57:20 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Tue Aug 31 17:57:20 1999 Subject: [pptp-server] Can server _require_ encryption? Message-ID: <51E5E026247AD2118CDD0008C74CC2DD341940@bra0070ms1.bra.xerox.com> In [options] file there is any syntax that could be set. Look file ~/ppp-2.3.8/ppp/auth.c ~/ppp-2.3.8/ppp/auth.c ... ... ... /* * Authentication-related options. */ option_t auth_options[] = { { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap, "Require PAP authentication from peer", 1, &auth_required }, { "+pap", o_bool, &lcp_wantoptions[0].neg_upap, "Require PAP authentication from peer", 1, &auth_required }, { "refuse-pap", o_bool, &refuse_pap, "Don't agree to auth to peer with PAP", 1 }, { "-pap", o_bool, &refuse_pap, "Don't allow PAP authentication with peer", 1 }, { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap, "Require CHAP authentication from peer", 1, &auth_required }, { "+chap", o_bool, &lcp_wantoptions[0].neg_chap, "Require CHAP authentication from peer", 1, &auth_required }, { "refuse-chap", o_bool, &refuse_chap, "Don't agree to auth to peer with CHAP", 1 }, { "-chap", o_bool, &refuse_chap, "Don't allow CHAP authentication with peer", 1 }, { "name", o_string, our_name, "Set local name for authentication", OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN }, { "user", o_string, user, "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN }, { "usehostname", o_bool, &usehostname, "Must use hostname for authentication", 1 }, ... ... ... ... ... ... Emir Toktar emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: Michael St. Laurent [mailto:rowl at earthcorp.com] Sent: Tuesday, August 31, 1999 2:04 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Can server _require_ encryption? I have pptp working with encryption (!!!_party_!!!) What I need to do now is configure the server to inisist on data encryption. I know this can be set on the clients but I don't trust our users to not screw it up. Is there some way to set the server to reject any connection attempt that will not agree to data encryption? -------------------- Michael St. Laurent Hartwell Corporation _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From mnoorh at it.kubnet.com.my Tue Aug 31 22:49:33 1999 From: mnoorh at it.kubnet.com.my (Mohamed Noor Harun) Date: Tue Aug 31 22:49:33 1999 Subject: [pptp-server] (pptp-server) Windows Client's speed? Message-ID: <99Sep1.114753sst.17032@gateway.kub.com.my> Hai all; I have managed to setup my pptp-server (on Redhat 6.0)up and running with encryption turned on. Thanks to all..Now I can connect to my LAN through pptp-server through LAN or ISP connection. There is a small problem that I notice when I'm connected through ISP where the speed of the connection to ISP is 23 K (my pcmcia is 28.8 K) whereas the speed of my VPN is only 9.6 K ? I know that we setup the pptpd speed to 115200 ! I could'nt find anywhere on the Win95 client to set the speed on the Microsoft VPN adapter? Each time I'm connected, the default speed is 9.6 K! Can anybody help me on this? Any suggestions? Thanks. Matnor KUB Teknologi -------------- next part -------------- An HTML attachment was scrubbed... URL: