From dfages at netguards.net Wed Dec 1 03:16:56 1999 From: dfages at netguards.net (Daniel Fages) Date: Wed Dec 1 03:16:56 1999 Subject: [pptp-server] mppe_comp_reset problems Message-ID: <3844E748.A7457669@netguards.net> Hi, here's my config : Kernel 2.2.13 ppp 2.3.10 Windows95 & 98 clients about every 30s or 1 minute (depending on the load of the PPTP connection), I have the following messages in my syslog file : Dec 1 11:18:53 mylinux kernel: mppe_comp_reset Dec 1 11:18:53 mylinux pppd[17111]: rcvd [CCP ResetReq id=0xe8] Dec 1 11:18:53 mylinux pppd[17111]: sent [CCP ResetAck id=0xe8] I have them repeated several times (10 to 20) The connection still works fine but I ask myself what is it 'cause it doesn't seem normal to me. Any clue ? *** Daniel Fages *** Internet/Security consultant *** NetGuards From cswan at connectria.com Wed Dec 1 08:26:42 1999 From: cswan at connectria.com (Chris Swan) Date: Wed Dec 1 08:26:42 1999 Subject: [pptp-server] mppe_comp_reset problems References: <3844E748.A7457669@netguards.net> Message-ID: <000601bf3c07$fa725de0$07c0fc80@wustl.edu> Check the specifications for the protocol, but I believe that MPPE (or is it PPTP?) exchanges a new keypair every X seconds, based on the theory that a new keypair every so often will make the connection more secure. That's just my guess, though... And I think that's also the reason that mapped SMB shares will expire over a PPTP link after a certain amount of time--you have to re-net-use the drive in order to access it again. That could just be some weird issue I was having, though. Anyone? Anyone? Bueller? ----- Original Message ----- From: "Daniel Fages" To: Sent: Wednesday, December 01, 1999 3:15 AM Subject: [pptp-server] mppe_comp_reset problems > Hi, > here's my config : > Kernel 2.2.13 > ppp 2.3.10 > Windows95 & 98 clients > > about every 30s or 1 minute (depending on the load of the > PPTP connection), > I have the following messages in my syslog file : > Dec 1 11:18:53 mylinux kernel: mppe_comp_reset > Dec 1 11:18:53 mylinux pppd[17111]: rcvd [CCP ResetReq id=0xe8] > Dec 1 11:18:53 mylinux pppd[17111]: sent [CCP ResetAck id=0xe8] > I have them repeated several times (10 to 20) > > The connection still works fine but I ask myself what is it 'cause it > doesn't seem normal to me. > > Any clue ? > > *** Daniel Fages > *** Internet/Security consultant > *** NetGuards > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From mis at cindyrowe.com Wed Dec 1 09:16:13 1999 From: mis at cindyrowe.com (Matthew C. Grab) Date: Wed Dec 1 09:16:13 1999 Subject: [pptp-server] pptp ahd ADSL References: <19991128170704.12905.qmail@hotmail.com> <384233CD.663754AD@sxb.bsf.alcatel.fr> Message-ID: <00aa01bf3c0f$2bb28900$0200a8c0@mis> Hi, I have been trying for about 3 or 4 months (not constant) to try and get this same setup working. It appears that the suggestions you have made are different than the other suggestions that I have been given. First, you have noauth and noipdefault in the options file. Secondly, you have a version of pptp-linux-1.0.2 that you say is patched for the A1000? Is it specific for this setup to use the noauth, and the noipdefault? What do these do? Also, what needed patched for the A1000? (I will look at it, but I figure I won't be able to find it - I only play a programmer on TV...). I'm glad to see I'm not the only person stuck with this cantankerous setup. Mathieu, did you get it working? Thanks, Matt Grab mis at cindyrowe.com ----- Original Message ----- From: Fr?d?ric SOULIER To: Mathieu Noel Cc: Sent: Monday, November 29, 1999 3:05 AM Subject: Re: [pptp-server] pptp ahd ADSL Hi, Mathieu Noel wrote: > > I have an ADSL modem connected on my network. It has a local IP adress > (10.0.0.138). hum ... seem to have a Alcatel A1000 ADSL modem there .... >I don't really know how to use pptp-server to connect to my > provider. It works with windows pptp client connection but I don't know how > to configure it under linux. Can you help. Let's try that : 1. Kernel configuration : validate PPP option in kernel config (native or module) 2. Download a recent version of PPP if you don't have and configure it. - For example : ftp://cs.anu.edu.au/pub/software/ppp - Run ./configure and then ./make all; ./make install - edit /etc/ppp/pap-secrets and fill in fields : #client server secret IP adress your_login at your_isp * password * -edit /etc/ppp/options name "your_login at your_isp" noauth noipdefault defaultroute 3. Dowload a recent version of PPTP and install it. - I recommend you to download this version : (patched for A1000 and other bugs) : ftp://ftp.rhapsodyk.net/pub/linux/pptp/pptp-linux-1.0.2-patched.tar.gz 4. Try it ! -pptp 10.0.0.138 BRs, Fred. --------------------------------------------------------------------- Fr?d?ric SOULIER Alcatel Telecom Alcatel Business Systems ***** Technical Direction - ADSL 1 route du Dr Schweitzer *** Phone : +33 (0)3 88 67 76 88 F-67408 ILLKIRCH cedex * e-mail : soulier1 at sxb.bsf.alcatel.fr --------------------------------------------------------------------- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From gordon at hortauto.co.nz Wed Dec 1 14:21:20 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Wed Dec 1 14:21:20 1999 Subject: [pptp-server] Tunnelling SMB Message-ID: <99120209252202.01028@gordon.hal> Hi all, I think I need some advice here. I'm trying to tunnel NetBIOS in to a private network. Current setup is: msclient -> internet -> firewall -> internal net Firewall has a real world address and an internal address bound to the NIC. Its running pptpd, and clients connect successfully. Now what I want to do is allow the clients access to the internal network - all NetBIOS over TCP/IP. File and print is done with Samba. Is this just a masquerading issue on the firewall, or do I need to run the pptp daemon on the internal file server and masq to it. Thanks, -- Gordon Smith, MCP, TCP Network Administrator Compac Sorting Equipment Ltd. From tmk at netmagic.net Wed Dec 1 18:32:25 1999 From: tmk at netmagic.net (tmk) Date: Wed Dec 1 18:32:25 1999 Subject: [pptp-server] Tunnelling SMB References: <99120209252202.01028@gordon.hal> Message-ID: <001c01bf3c5c$f994ce80$071c0fc0@lala.net> > I think I need some advice here. > I'm trying to tunnel NetBIOS in to a private network. > Current setup is: > > > msclient -> internet -> firewall -> internal net > Firewall has a real world address and an internal address bound to the NIC. > Its running pptpd, and clients connect successfully. > Now what I want to do is allow the clients access to the internal network - all > NetBIOS over TCP/IP. File and print is done with Samba. > Is this just a masquerading issue on the firewall, or do I need to run the > pptp daemon on the internal file server and masq to it. What you might need is proxy arp set up for the pptp connections. you haven't said what the problem is, but i'm guessing that browsing doesn't work. Try connecting to the shares using their ip addresses (ie \\123.56.78.90\sharename from the start->run menu). If that works, then everything is working except name resolution, and you should tell the clients to use the dns or wins server within the private network to get their names from. If you aren't running a nameserver for some reason (you should be) then you CAN do the dirty fix by using a lmhosts file and naming all the computers in that, but i wouldnt recommend it. There should be NO masquerading at all. That is a totally seperate thing. If the fileservers are on a different subnet than the firewall, then the clients may need to be given routing information. Kevin From gordon at hortauto.co.nz Wed Dec 1 20:39:44 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Wed Dec 1 20:39:44 1999 Subject: [pptp-server] Tunnelling SMB References: <001c01bf3c5c$f994ce80$071c0fc0@lala.net> Message-ID: <9912021544510G.01028@gordon.hal> Thanks Kevin, I have connections being established from the outside now. It turned out that I needed to allow GRE thru the router :-) Oops. I do see the following errors: Dec 2 15:57:21 homer modprobe: can't locate module char-major-108 Dec 2 15:57:23 homer pptpd[23496]: GRE: read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error Dec 2 15:57:23 homer pptpd[23496]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) The connection is made successfully, however. Haven't got browsing going yet. I've pointed the MS client to the internal DNS and WINS servers, but no luck. I'll have a look at doing proxy arp as you suggested. Cheers, Gordon > > What you might need is proxy arp set up for the pptp connections. > > you haven't said what the problem is, but i'm guessing that browsing doesn't > work. Try connecting to the shares using their ip addresses (ie > \\123.56.78.90\sharename from the start->run menu). If that works, then > everything is working except name resolution, and you should tell the > clients to use the dns or wins server within the private network to get > their names from. If you aren't running a nameserver for some reason (you > should be) then you CAN do the dirty fix by using a lmhosts file and naming > all the computers in that, but i wouldnt recommend it. > > There should be NO masquerading at all. That is a totally seperate thing. If > the fileservers are on a different subnet than the firewall, then the > clients may need to be given routing information. > > Kevin > From chavant at geosys.fr Thu Dec 2 02:22:59 1999 From: chavant at geosys.fr (jean-Paul Chavant) Date: Thu Dec 2 02:22:59 1999 Subject: [pptp-server] encryption Message-ID: <001301bf3c9d$c4b9b4a0$7d03a8c0@pcjpc> Hello, how can i be sure that encryption works fine ? i don't fine a good sniffer to verify it ? Thanks. Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From chavant at geosys.fr Thu Dec 2 02:55:09 1999 From: chavant at geosys.fr (jean-Paul Chavant) Date: Thu Dec 2 02:55:09 1999 Subject: [pptp-server] PB : CreateHostSocket : Adress already in use Message-ID: <001501bf3ca2$4441e180$7d03a8c0@pcjpc> Hello, i ve installed pptpd. it works fine. I launch pptpd daemon at th starting of the system and i have this error : CreateHostSocket : Adress already in use CreateHostSocket : Adress already in use Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From chavant at geosys.fr Thu Dec 2 02:57:19 1999 From: chavant at geosys.fr (jean-Paul Chavant) Date: Thu Dec 2 02:57:19 1999 Subject: [pptp-server] CreateHostSocket : Adress already in use Message-ID: <001601bf3ca2$923cf460$7d03a8c0@pcjpc> Hello, Sorry i ve made an error ... i ve installed pptpd. it works fine. I launch pptpd daemon at th starting of the system and i have this error : CreateHostSocket : Adress already in use CreateHostSocket : Adress already in use CreateHostSocket : Adress already in use CreateHostSocket : Adress already in use INIT: Id "pptp" respawning too fast: disabled for 5 minutes is it normal ... ? Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From mike at coredump.ae.usr.com Thu Dec 2 11:30:49 1999 From: mike at coredump.ae.usr.com (Mike Wronski) Date: Thu Dec 2 11:30:49 1999 Subject: [pptp-server] Control Message Type 9 Message-ID: <000e01bf3cea$f726eb40$7fa918cf@otherland.ae.usr.com> Is anyone working on implementing Control message type 9 for use with RAS equipment? I am considering taking a look, but don't want to be redundant.. - Mike Wronski 3Com Network Systems Engineer From amacc at mailer.org Thu Dec 2 11:44:33 1999 From: amacc at mailer.org (Andrew McRory) Date: Thu Dec 2 11:44:33 1999 Subject: [pptp-server] Control Message Type 9 In-Reply-To: <000e01bf3cea$f726eb40$7fa918cf@otherland.ae.usr.com> Message-ID: On Thu, 2 Dec 1999, Mike Wronski wrote: > Is anyone working on implementing Control message type 9 for use with RAS > equipment? I am considering taking a look, but don't want to be redundant.. Please get this started. I can't code but I'll help in any other way I can. WBR, Andrew McRory - amacc at linuxsys.com ************************************ President / Chief Technical Officer * Iron-Bridge Communications / Linux Systems Engineers / The PC Doctors * 3009-C West Tharpe Street - Tallahassee, FL 32303 * Voice 850.575.7213 **************************************************** From gordon at hortauto.co.nz Thu Dec 2 12:46:56 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Thu Dec 2 12:46:56 1999 Subject: [pptp-server] Samba and PPTP Message-ID: <99120307515100.02017@gordon.hal> Well, 128 bit connections are now working successfully. Browsing is still a problem, however. Some things that may help others: 1. The README is incorrect with regards to the files to add to the kernel for compilation. As well as the rc4 files, there are a couple of others. Not a big issue, since watching the compilation errors will tell you what you need to add. 2. If you're not in the US, you will only get 40-bit encryption (export version of Windows clients). This can be upgraded - download the 128-bit patch from http://www.zedz.net - it used to be replay.com Getting browsing working across a tunnel is an ordeal. I made a silly mistake - assuming I needed to allow port 47, when in actual fact GRE is what needed to be opened up on our router (protocol 47, not port 47). I'm now establishing 128-bit connections, but cannot see the internal network. The pptp daemon is running on the firewall. The firewall has one NIC, with 2 addresses bound to it. An internal server runs Samba, and an authorative DNS for the internal network. When trying to browse, pppd throws up a lot of "unsupported protocol" errors in the logs. Any ideas? Cheers, -- Gordon Smith, MCP, TCP Network Administrator Compac Sorting Equipment Ltd. From geoff at gnaa.net Thu Dec 2 12:57:29 1999 From: geoff at gnaa.net (geoff nordli) Date: Thu Dec 2 12:57:29 1999 Subject: [pptp-server] Samba and PPTP In-Reply-To: <99120307515100.02017@gordon.hal> Message-ID: <000d01bf3cf7$1586fce0$0101a8c0@highwayi.com> Can you ping an internal address? -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Gordon Smith Sent: Thursday, December 02, 1999 10:38 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Samba and PPTP Well, 128 bit connections are now working successfully. Browsing is still a problem, however. Some things that may help others: 1. The README is incorrect with regards to the files to add to the kernel for compilation. As well as the rc4 files, there are a couple of others. Not a big issue, since watching the compilation errors will tell you what you need to add. 2. If you're not in the US, you will only get 40-bit encryption (export version of Windows clients). This can be upgraded - download the 128-bit patch from http://www.zedz.net - it used to be replay.com Getting browsing working across a tunnel is an ordeal. I made a silly mistake - assuming I needed to allow port 47, when in actual fact GRE is what needed to be opened up on our router (protocol 47, not port 47). I'm now establishing 128-bit connections, but cannot see the internal network. The pptp daemon is running on the firewall. The firewall has one NIC, with 2 addresses bound to it. An internal server runs Samba, and an authorative DNS for the internal network. When trying to browse, pppd throws up a lot of "unsupported protocol" errors in the logs. Any ideas? Cheers, -- Gordon Smith, MCP, TCP Network Administrator Compac Sorting Equipment Ltd. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From gordon at hortauto.co.nz Thu Dec 2 13:26:20 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Thu Dec 2 13:26:20 1999 Subject: [pptp-server] Samba and PPTP References: <000d01bf3cf7$1586fce0$0101a8c0@highwayi.com> Message-ID: <99120308311501.02017@gordon.hal> On Fri, 03 Dec 1999, geoff nordli wrote: > Can you ping an internal address? > No. Yet the addressing is all in the internal subnet. From geoff at gnaa.net Thu Dec 2 13:35:59 1999 From: geoff at gnaa.net (geoff nordli) Date: Thu Dec 2 13:35:59 1999 Subject: [pptp-server] Samba and PPTP In-Reply-To: <99120308311501.02017@gordon.hal> Message-ID: <001001bf3cfc$72ea5c10$0101a8c0@highwayi.com> You have a problem with: a) proxyarp is not being initiated. Look in your logs. b) routing. I will send you the document that was posted a while back to help you with this. when you can ping, they you know you are very close. -----Original Message----- From: Gordon Smith [mailto:gordon at hortauto.co.nz] Sent: Thursday, December 02, 1999 11:30 AM To: geoff nordli; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Samba and PPTP On Fri, 03 Dec 1999, geoff nordli wrote: > Can you ping an internal address? > No. Yet the addressing is all in the internal subnet. From joe at dietcraze.com Thu Dec 2 13:52:58 1999 From: joe at dietcraze.com (R. Joseph Villa., II) Date: Thu Dec 2 13:52:58 1999 Subject: [pptp-server] insmod failure Message-ID: <000001bf3cfd$a40d7100$0a01a8c0@tampabay.rr.com> I am anxiously following the How-to and doing very well with it, I might add. I have run into a snag though. In section 6 I do the following: [rmmod ppp] [insmod slhc] [insmod ppp] [insmod bsd_comp] [insmod ppp_deflate] [insmod ppp_mppe] <<<<< This one fails. It says no module by that name found. Sure enough. I can't find it either. Surely something didn't go right but being new to hacking linux :) I am not exactly sure where to look. Any thoughts? Joe From natecars at real-time.com Thu Dec 2 14:21:20 1999 From: natecars at real-time.com (Nate Carlson) Date: Thu Dec 2 14:21:20 1999 Subject: [pptp-server] insmod failure In-Reply-To: <000001bf3cfd$a40d7100$0a01a8c0@tampabay.rr.com> Message-ID: On Thu, 2 Dec 1999, R. Joseph Villa., II wrote: > I am anxiously following the How-to and doing very well with it, I might > add. I have run into a snag though. In section 6 I do the following: > [rmmod ppp] > [insmod slhc] > [insmod ppp] > [insmod bsd_comp] > [insmod ppp_deflate] > [insmod ppp_mppe] <<<<< This one fails. It says no module by that name > found. Sure enough. I can't find it either. > Surely something didn't go right but being new to hacking linux :) I am not > exactly sure where to look. Any thoughts? > > Joe > Did you successfully apply the pppd patches against the kernel and recompile/install it? You need to do this for ppp_mppe to be compiled. -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From gordon at hortauto.co.nz Thu Dec 2 14:32:31 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Thu Dec 2 14:32:31 1999 Subject: [pptp-server] Samba and PPTP References: <001001bf3cfc$72ea5c10$0101a8c0@highwayi.com> Message-ID: <99120309372902.02017@gordon.hal> On Fri, 03 Dec 1999, geoff nordli wrote: > You have a problem with: > > a) proxyarp is not being initiated. Look in your logs. > b) routing. I will send you the document that was posted > a while back to help you with this. > > when you can ping, they you know you are very close. > Thanks Geoff, I agree. It looks like a routing problem. Proxyarp works fine according to the logs. I'm not too sure on pppd throwing up a heap of "unsupported protocol" messages. I think it may be the netbios stuff, since it only appears when the client attempts to explore the network. I'll also add the wins server definition to the ppp options file, although I don't think that will help. The IP addresses of the internal name server and the wins server are specified in the client's vpn setup. Cheers, -- Gordon Smith, MCP, TCP Network Administrator Compac Sorting Equipment Ltd. From gordon at hortauto.co.nz Thu Dec 2 14:36:23 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Thu Dec 2 14:36:23 1999 Subject: [pptp-server] insmod failure References: <000001bf3cfd$a40d7100$0a01a8c0@tampabay.rr.com> Message-ID: <99120309412703.02017@gordon.hal> On Fri, 03 Dec 1999, R. Joseph Villa., II wrote: > I am anxiously following the How-to and doing very well with it, I might > add. I have run into a snag though. In section 6 I do the following: > [rmmod ppp] > [insmod slhc] > [insmod ppp] > [insmod bsd_comp] > [insmod ppp_deflate] > [insmod ppp_mppe] <<<<< This one fails. It says no module by that name > found. Sure enough. I can't find it either. > Surely something didn't go right but being new to hacking linux :) I am not > exactly sure where to look. Any thoughts? > > Joe > Did you see any errors when you re-compiled the kernel and modules? I found, using the most recent openssl, that I needed to copy a couple of additional files as well as the rc4 stuff mentioned in the README. Cheers, -- Gordon Smith, MCP, TCP Network Administrator Compac Sorting Equipment Ltd. From jvilla at WirelessKnowledge.com Thu Dec 2 14:42:02 1999 From: jvilla at WirelessKnowledge.com (Joe Villa) Date: Thu Dec 2 14:42:02 1999 Subject: [pptp-server] insmod failure Message-ID: Isn't that what the "make modules SUBDIRS=drivers/net" is supposed to do. I did it and then a "make modules_install" but it isn't there. Is there a log that I can check that will tell me if something went wrong? -----Original Message----- From: Nate Carlson [mailto:natecars at real-time.com] Sent: Thursday, December 02, 1999 3:21 PM To: R. Joseph Villa., II Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] insmod failure On Thu, 2 Dec 1999, R. Joseph Villa., II wrote: > I am anxiously following the How-to and doing very well with it, I might > add. I have run into a snag though. In section 6 I do the following: > [rmmod ppp] > [insmod slhc] > [insmod ppp] > [insmod bsd_comp] > [insmod ppp_deflate] > [insmod ppp_mppe] <<<<< This one fails. It says no module by that name > found. Sure enough. I can't find it either. > Surely something didn't go right but being new to hacking linux :) I am not > exactly sure where to look. Any thoughts? > > Joe > Did you successfully apply the pppd patches against the kernel and recompile/install it? You need to do this for ppp_mppe to be compiled. -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From rowl at earthcorp.com Thu Dec 2 15:14:32 1999 From: rowl at earthcorp.com (Michael St. Laurent) Date: Thu Dec 2 15:14:32 1999 Subject: [pptp-server] Where to find PPP patches Message-ID: <3.0.6.32.19991202131402.0098d9c0@guardian.hartwellcorp.com> Can someone suggest a good site to find the many patches for pppd? I've been looking but I'm having trouble finding. :-) -------------------- Michael St. Laurent Hartwell Corporation From nngodinh at tiscalinet.it Fri Dec 3 14:41:07 1999 From: nngodinh at tiscalinet.it (Nhan NGO DINH) Date: Fri Dec 3 14:41:07 1999 Subject: [pptp-server] patched pppd 2.3.8 / 2.3.10 Message-ID: <4.1.19991203203352.00a62a50@pop.tiscalinet.it> Hi, I've a lot of problems with a PPTP connection between two machines with Linux. Both of them have the kernel 2.2.12. On the server side there is PoPToP 1.0.0 w/pppd mppe-patched 2.3.8. On the client side there is the Linux PPTP client 1.0.2 with pppd mppe-patched 2.3.8. I've followed all the instructions in the HOWTO... Let's go first to the things that for the moment are working fine. I have an internal class-c network with addresses in the range of 192.168.0.1-254. Server/client IP addresses are: server: 192.168.0.1 client: 192.168.0.200 Nodes of the network are connected by an ethernet link. The PoPToP server is configured (pptpd.conf) to have 192.168.1.1-100 for server and 192.168.1.101-200 for client. When I launch the pptp client the connection works fine and ppp devices are created as well, for example: server: ppp0 - 192.168.1.1 client: ppp0 - 192.168.1.101 And when I "ping 192.168.1.101" from server and "ping 192.168.1.1" from client all does work. But, when I try to route packets through the PPTP interface something goes wrong: server: route 192.168.0.200 gw 192.168.1.101 client: route 192.168.0.1 gw 192.168.1.1 Not only it doesn't work "ping 192.168.0.200" from server and "ping 192.168.0.1" from client, but even "ping 192.168.1.101" for server and "ping 192.168.1.1" for client. And that's not all... After one or two minutes the routing rules are up the PPTP links falls down. If I try instead to remove the routing rules before the link goes down and the PPTP connection allow any ping command between the two PPTP interfaces without problems. Sometimes the Linux kernel say "compression rejected"... Any idea? --- Nhan NGO DINH e-mail: nngodinh at tiscalinet.it web site: http://www.tiscalinet.it/nngodinh From sam at linuxtec.com Sat Dec 4 10:12:51 1999 From: sam at linuxtec.com (Samuel Gonzalez, Jr.) Date: Sat Dec 4 10:12:51 1999 Subject: [pptp-server] NetLogon and VPN/DUN References: Message-ID: <023401bf3e69$c254f8a0$ec5025c0@sgonzalez> I have the same problem, the only way I could get that to work was to have the vpn server also handle domain logons. ----- Original Message ----- From: Patrick Reid To: Sent: Friday, November 26, 1999 11:51 AM Subject: [pptp-server] NetLogon and VPN/DUN > I have pptp 1.0, pppd 2.3.8 with appropriate mods for encryption etc. and > SAMBA set-up on my Linux server. > > All seems to work properly, including browsing of shared directories, with > only one problem: my logon script doesn't run. When I connect on my local > LAN, a script runs from the "netlogon" share, setting the time and mapping a > couple of shares. When I dial in to my ISP and set up a PPTP session, > however, this logon script doesn't run. > > Is there any way to get that functionality back? > > Also, is there any way to get Windows to dial a default DUN connection when > I start my VPN connection? It's kind of a pain to have to separately launch > each of these. > > Patrick > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From P.J.Reid at earthling.net Mon Dec 6 11:51:40 1999 From: P.J.Reid at earthling.net (Patrick Reid) Date: Mon Dec 6 11:51:40 1999 Subject: [pptp-server] NetLogon and VPN/DUN In-Reply-To: <023401bf3e69$c254f8a0$ec5025c0@sgonzalez> Message-ID: <000701bf4012$7b9032e0$0500a8c0@reidworld.dynip.com> Hmm... my samba server and my VPN server are both on the same machine, so I have the same machine doing both. I can run the logon scripts manually, but they don't just run on connection. Patrick -----Original Message----- From: Samuel Gonzalez, Jr. [mailto:sam at linuxtec.com] Sent: December 4, 1999 11:11 AM To: Patrick Reid; pptp-server at lists.schulte.org Subject: Re: [pptp-server] NetLogon and VPN/DUN I have the same problem, the only way I could get that to work was to have the vpn server also handle domain logons. ----- Original Message ----- From: Patrick Reid To: Sent: Friday, November 26, 1999 11:51 AM Subject: [pptp-server] NetLogon and VPN/DUN > I have pptp 1.0, pppd 2.3.8 with appropriate mods for encryption etc. and > SAMBA set-up on my Linux server. > > All seems to work properly, including browsing of shared directories, with > only one problem: my logon script doesn't run. When I connect on my local > LAN, a script runs from the "netlogon" share, setting the time and mapping a > couple of shares. When I dial in to my ISP and set up a PPTP session, > however, this logon script doesn't run. > > Is there any way to get that functionality back? > > Also, is there any way to get Windows to dial a default DUN connection when > I start my VPN connection? It's kind of a pain to have to separately launch > each of these. > > Patrick > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From chavant at geosys.fr Tue Dec 7 02:23:48 1999 From: chavant at geosys.fr (Jean-Paul Chavant) Date: Tue Dec 7 02:23:48 1999 Subject: [pptp-server] 40 & 128 bits encryption Message-ID: <001601bf408b$999b8040$7d03a8c0@pcjpc> Hello, I ve installed pptp-1.0.0 with SSL-0.6.0b (for rc4.h, ...) and ppp-2.3.8 with mppe patch. My data connexion is encrypted in 40 or 128 bits ? How I know if my connection is encrypted in 40 or 128 bits mode ? Thanks. Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From dfages at netguards.net Tue Dec 7 04:14:58 1999 From: dfages at netguards.net (Daniel Fages) Date: Tue Dec 7 04:14:58 1999 Subject: [pptp-server] mppe_comp_reset again Message-ID: <384CDDC6.8BD30C67@netguards.net> Hi all, I still have those 'kernel: mppe_comp_reset' messages in my log which some times repeat several times in seconds. Does anybody know if this is a normal behavior and if I can safely modify the source code to remove those ? Thanks. -- *** Daniel Fages *** Internet/Security consultant *** NetGuards From peter.plak at thelodge.nl Tue Dec 7 08:33:28 1999 From: peter.plak at thelodge.nl (Plak, Peter) Date: Tue Dec 7 08:33:28 1999 Subject: [pptp-server] Authentication via NT Server Message-ID: Hi, When my Win NT Clients connect to the LINUX Firewall to do VPN, I want to have the LINUX box get his authentication from the Primary Domain Controller in the DOMEIN. IS there a way to do this? This avoid me maintain a userdatabase on my linuxbox. Regards, Peter Firewall Admin The Lodge bv Holland From blalor at netDrives.com Tue Dec 7 08:56:59 1999 From: blalor at netDrives.com (Brian Lalor) Date: Tue Dec 7 08:56:59 1999 Subject: [pptp-server] More than one IP Message-ID: Hey all. I've managed to get the pptpd running and set up properly for one client, but I don't know how to set it up for more than one client. In the pptpd.conf, you are supposed to be able to give it a range of remote IPs to assign, but in the ppp options file, you don't have that flexibility. How would I modify my current config to be able to assign, say, 10 clients with 10 different remote IPs? Thanks, B -- Brian Lalor, Web Honkey netDrives blalor at netDrives.com 607-272-5650 x7167 -------------- next part -------------- # 115200 # defaultroute # passive xxx.xxx.xxx.xxx:10.0.0.250 lock debug auth name stratus require-chap +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless netmask 255.255.255.0 ms-dns 10.0.0.2 ms-wins 10.0.0.2 proxyarp -------------- next part -------------- # see pptpd.conf(5) speed 115200 debug localip xxx.xxx.xxx.xxx remoteip 10.0.0.250 listen xxx.xxx.xxx.xxx # listen 10.0.0.2 From fparacchini at alteanet.it Tue Dec 7 09:19:18 1999 From: fparacchini at alteanet.it (fparacchini at alteanet.it) Date: Tue Dec 7 09:19:18 1999 Subject: [pptp-server] More than one IP Message-ID: Brian, you can assign a fixed IP to each user in /etc/ppp/chap-secrets, like this : # Secrets for authentication using CHAP # client server secret IP addresses FABIO * fabio 192.168.1.1 Hope that helps Cheers Fabio Paracchini Altea S.r.L. Brian Lalor on 07/12/99 15.56.53 To: pptp-server at lists.schulte.org cc: (bcc: Fabio Paracchini/ALTEA) Subject: [pptp-server] More than one IP Hey all. I've managed to get the pptpd running and set up properly for one client, but I don't know how to set it up for more than one client. In the pptpd.conf, you are supposed to be able to give it a range of remote IPs to assign, but in the ppp options file, you don't have that flexibility. How would I modify my current config to be able to assign, say, 10 clients with 10 different remote IPs? Thanks, B -- Brian Lalor, Web Honkey netDrives blalor at netDrives.com 607-272-5650 x7167 -------------- next part -------------- A non-text attachment was scrubbed... Name: options Type: application/octet-stream Size: 243 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pptpd.conf Type: application/octet-stream Size: 137 bytes Desc: not available URL: From chavant at geosys.fr Tue Dec 7 11:00:27 1999 From: chavant at geosys.fr (Jean-Paul Chavant) Date: Tue Dec 7 11:00:27 1999 Subject: [pptp-server] Wins Ip attribution Message-ID: <000101bf40d3$d331da00$7d03a8c0@pcjpc> Hello, pptpd attribuates @IP ... Is it possible to pptpd to attribuate Wins @IP to client ? Thanks Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From P.J.Reid at earthling.net Tue Dec 7 11:02:58 1999 From: P.J.Reid at earthling.net (Patrick Reid) Date: Tue Dec 7 11:02:58 1999 Subject: [pptp-server] 40 & 128 bits encryption In-Reply-To: <001601bf408b$999b8040$7d03a8c0@pcjpc> Message-ID: <000401bf40d4$d952f440$0500a8c0@reidworld.dynip.com> Look in /var/log/pptp.log for each connection, there will be an entry from pppd saying whether the connection was 40 bit or 128. From epadin at wagweb.com Tue Dec 7 19:17:19 1999 From: epadin at wagweb.com (Ed Padin) Date: Tue Dec 7 19:17:19 1999 Subject: [pptp-server] mppe_comp_reset again Message-ID: Dooes this use the windows VPN adapter? If so, the maybe PPTP would be a good fit. It's a VPN client and server that mimics the Winblows VPN. It supports CHAP and the much more secure CHAP V2 encryption. Here's a link to their mailing list but I forget where to get the code: http://lists.schulte.org/mailman/listinfo/pptp-server >-----Original Message----- >From: Daniel Fages [mailto:dfages at netguards.net] >Sent: Tuesday, December 07, 1999 5:13 AM >To: pptp-server at lists.schulte.org >Subject: [pptp-server] mppe_comp_reset again > > >Hi all, >I still have those 'kernel: mppe_comp_reset' messages in my log >which some times repeat several times in seconds. Does anybody >know if this is a normal behavior and if I can safely modify the >source code to remove those ? > >Thanks. > >-- >*** Daniel Fages >*** Internet/Security consultant >*** NetGuards > > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > From P.J.Reid at earthling.net Tue Dec 7 22:45:45 1999 From: P.J.Reid at earthling.net (Patrick Reid) Date: Tue Dec 7 22:45:45 1999 Subject: [pptp-server] NetLogon and VPN/DUN In-Reply-To: <000701bf4012$7b9032e0$0500a8c0@reidworld.dynip.com> Message-ID: <000001bf4137$1121d5a0$0500a8c0@reidworld.dynip.com> I have discovered the problem: I was running off a notebook. If the ethernet card is in, the machine attempts to log on. Even if it fails, that is it - the computer won't attempt a log on again until a restart (or log off from the start menu and log on again). So it seems that there is no way for a stand-alone machine which is already on one network locally to run a login script over the VPN link - even if it isn't logged into its normal network. Patrick -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Patrick Reid Sent: December 6, 1999 1:51 PM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] NetLogon and VPN/DUN Hmm... my samba server and my VPN server are both on the same machine, so I have the same machine doing both. I can run the logon scripts manually, but they don't just run on connection. Patrick -----Original Message----- From: Samuel Gonzalez, Jr. [mailto:sam at linuxtec.com] Sent: December 4, 1999 11:11 AM To: Patrick Reid; pptp-server at lists.schulte.org Subject: Re: [pptp-server] NetLogon and VPN/DUN I have the same problem, the only way I could get that to work was to have the vpn server also handle domain logons. ----- Original Message ----- From: Patrick Reid To: Sent: Friday, November 26, 1999 11:51 AM Subject: [pptp-server] NetLogon and VPN/DUN > I have pptp 1.0, pppd 2.3.8 with appropriate mods for encryption etc. and > SAMBA set-up on my Linux server. > > All seems to work properly, including browsing of shared directories, with > only one problem: my logon script doesn't run. When I connect on my local > LAN, a script runs from the "netlogon" share, setting the time and mapping a > couple of shares. When I dial in to my ISP and set up a PPTP session, > however, this logon script doesn't run. > > Is there any way to get that functionality back? > > Also, is there any way to get Windows to dial a default DUN connection when > I start my VPN connection? It's kind of a pain to have to separately launch > each of these. > > Patrick > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From mis at cindyrowe.com Wed Dec 8 09:32:56 1999 From: mis at cindyrowe.com (Matthew C. Grab) Date: Wed Dec 8 09:32:56 1999 Subject: [pptp-server] trouble connecting Message-ID: <006f01bf4191$ccb72040$0200a8c0@mis> Hi, I hope someone can point me to an easy fix for this. This is what I've got, and this is what's happening. Thanks for all your help so far! Matt Grab mis at cindyrowe.com I'm trying to get PPTP working with an Alcatel A1000 ADSL modem. I've taken all the steps necessary to get to this point. Recompile kernel, recompile ppp, compile pptp. This is the command I run, "pptp 10.0.0.138 user crags7 debug kdebug7." At this point, I get these messages on the screen. ---------------------------------------------------------------------------- ----------------- log[pptp_dispatch_ctrl_packet:pptp-ctrl.c:533]:client connection established log[pptp_dispatch_ctrl_packet:pptp-ctrl.c:639]:outgoing call established * few second pause * warn[decaps_gre:pptp_gre.c:239]:discarding out of order I've done a tail -f /var/log/messages, and this is what shows up there. ---------------------------------------------------------------------------- ------------------ log[pptp_dispatch_ctrl_packet:pptp-ctrl.c:533]:client connection established modprobe: can't locate module char-major-108 pppd: pppd 2.3.10 started by root, uid 0 kernel: ppp_ioctl set dbg flags to 70000 kernel: ppp_ioctl set flags to 70000 pppd: using interface ppp0 pppd: connect ppp0 <-> /dev/ttya0 kernel: ppp_tty_ioctl set xasyncmap kernel: ppp_tty_ioctl set xmit asyncmap ffffffff kernel:ppp_ioctl: set flags to 70000 kernel:ppp_ioctl: set mru to 5dc kernel:ppp_tty_ioctl: set rcv asyncmap ffffffff pppd: LCP: timeout sending Config-Requests pppd: connection terminated kernel: ppp: channel ppp0 closing pppd: Exit Looking in my pppd.log, this is what I find: ---------------------------------------------------------------------------- -------------- Outgoing call established modprobe: Can't locate module char-major-108 From joe at dietcraze.com Wed Dec 8 10:11:17 1999 From: joe at dietcraze.com (R. Joseph Villa., II) Date: Wed Dec 8 10:11:17 1999 Subject: [pptp-server] mppe_stateless.patch failure on ppp-2.2.10 Message-ID: <000301bf4196$7ac824a0$0a01a8c0@tampabay.rr.com> I am having trouble applying the ppp-2.2.10 mppe_stateless.diff patch referenced in the link below. I get 2 failed hunks when I apply it according to the instructions. I have installed from the tarball into /usr/local/src. I have successfully applied the ppp-2.3.10-openssl-norc4-mppe.patch with no trouble. I am not sure where the problem is. Here is the output of the command: patch -p0 -b < mppe_stateless.diff >>> patching file linux/ppp_mppe.c Hunk #1 FAILED at 163. Hunk #2 FAILED at 1051. 2 out of 2 hunks FAILED -- saving rejects to file linux/ppp_mppe.c.rej >>>> Original instructions found in: http://lists.schulte.org/pipermail/pptp-server/1999-November/001085.html R. Joseph Villa, II joe at dietcraze.com http://www.dietcraze.com From joe at dietcraze.com Wed Dec 8 12:06:19 1999 From: joe at dietcraze.com (R. Joseph Villa., II) Date: Wed Dec 8 12:06:19 1999 Subject: [pptp-server] mppe_stateless.patch failure on ppp-2.2.10 In-Reply-To: Message-ID: <000401bf41a6$5bae7640$0a01a8c0@tampabay.rr.com> I'm not familiar enough with how the patching process works to figure out how to do it like you did. If you have come up with a patch file that works. I'd love to check it out. Thanks for your help. Joe -----Original Message----- From: Philip L. Butler [mailto:butler at dii.net] Sent: Wednesday, December 08, 1999 11:25 AM To: joe at dietcraze.com Subject: Re: [pptp-server] mppe_stateless.patch failure on ppp-2.2.10 I had the same problem. The patch file looked OK, but it didn't seem to work. What I did was to manually patch the files based on the patch file. There were only 2 simple edits to make. After that, I created my own patch files (using diff -U3... if I recall) and used those within my master install script. I didn't combine them into a single patch file but I just (from within my master install script) patch the 2 files that the other patch file should have processed. Hope this helps. Phil Butler butler at dii.net >I am having trouble applying the ppp-2.2.10 mppe_stateless.diff patch >referenced in the link below. I get 2 failed hunks when I apply it according >to the instructions. I have installed from the tarball into /usr/local/src. >I have successfully applied the ppp-2.3.10-openssl-norc4-mppe.patch with no >trouble. I am not sure where the problem is. > >Here is the output of the command: > >patch -p0 -b < mppe_stateless.diff > > >>> >patching file linux/ppp_mppe.c >Hunk #1 FAILED at 163. >Hunk #2 FAILED at 1051. >2 out of 2 hunks FAILED -- saving rejects to file linux/ppp_mppe.c.rej > >>>> > >Original instructions found in: >http://lists.schulte.org/pipermail/pptp-server/1999-November/001085.html > > >R. Joseph Villa, II >joe at dietcraze.com > >http://www.dietcraze.com > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! From natecars at real-time.com Wed Dec 8 12:16:08 1999 From: natecars at real-time.com (Nate Carlson) Date: Wed Dec 8 12:16:08 1999 Subject: [pptp-server] mppe_stateless.patch failure on ppp-2.2.10 In-Reply-To: <000401bf41a6$5bae7640$0a01a8c0@tampabay.rr.com> Message-ID: On Wed, 8 Dec 1999, R. Joseph Villa., II wrote: > I'm not familiar enough with how the patching process works to figure out > how to do it like you did. If you have come up with a patch file that works. > I'd love to check it out. > > Thanks for your help. > Joe > I'm not sure if this list accepts attachments, but I figured I'd try since this is < 500bytes. Here's the patch I made to use in a RPM for ppp-2.3.10+mppe.. please let me know if it works for you. (It is based on the other patch.) -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 -------------- next part -------------- A non-text attachment was scrubbed... Name: ppp-2.3.10-mppe_stateless.patch.gz Type: application/octet-stream Size: 446 bytes Desc: URL: From t_galan at pacbell.net Wed Dec 8 13:16:07 1999 From: t_galan at pacbell.net (Tony Galan) Date: Wed Dec 8 13:16:07 1999 Subject: [pptp-server] Newbie questions Message-ID: Hello all, I have a linux box running pptp using chap authentication & works like a charm. My question is : Are passwords sent in clear text? Do I need to upgrade to Microsoft MSCHAPv2/MPPE authentication in order to get 40 bit encryption? What are the benefits if any of MS authentication besides the encryption? Thanks in advance. From t_galan at pacbell.net Wed Dec 8 13:21:47 1999 From: t_galan at pacbell.net (Tony Galan) Date: Wed Dec 8 13:21:47 1999 Subject: [pptp-server] pptp behind LRP Message-ID: Hello all, I have a pptp linux box running behind a Linux Router Project box. I'm using the LRP box to act as my firewall & ip masquerader. Does anyone out there have a configuration like this? I'd like to know what rules to apply in order to forward incoming VPN traffic from the LRP box to the internal VPN server. Thanks in advance From natecars at real-time.com Wed Dec 8 14:06:57 1999 From: natecars at real-time.com (Nate Carlson) Date: Wed Dec 8 14:06:57 1999 Subject: [pptp-server] pptp behind LRP In-Reply-To: Message-ID: On Wed, 8 Dec 1999, Tony Galan wrote: > Hello all, > > I have a pptp linux box running behind a Linux Router Project box. > I'm using the LRP box to act as my firewall & ip masquerader. > > Does anyone out there have a configuration like this? > I'd like to know what rules to apply in order to forward incoming VPN > traffic from the LRP box to the internal VPN server. > > Thanks in advance > http://www.wolfenet.com/~jhardin/ip_masq_vpn.html Kernel patch to masq VPN, I believe. I haven't personally tried it though.. -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From email at paul-hargreaves.freeserve.co.uk Wed Dec 8 16:47:14 1999 From: email at paul-hargreaves.freeserve.co.uk (Paul Hargreaves) Date: Wed Dec 8 16:47:14 1999 Subject: [pptp-server] Secured Linux host, serving local subnet issue Message-ID: <000d01bf41ce$263d6750$c800a8c0@potato> I've got a Mandrake 6.1 Linux host, and I want to secure all traffic to it, regardless of location (either the local subnet or over the internet). All of this stuff is at my home, so I can fiddle with impunity. Here's where I've got to: Linux host: 10.0.0.1/8. dhcpd giving out 10.0.0.2-254/8. Samba listening on all interfaces. Win98: Using dynamic IP. Everything has been working fine, with me adding and removing machines, and being able to use Samba with impunity. Installed pptpd. Altered the /etc/ppp/options and enabled basic chaps, I'll worry about the patches when I get everything working. Added vpn support to win98. Altered my chaps-secrets, "Dialed in" (over lan, 1 segment) and everything seemed to work. Realised that although I was getting a tunnel, I wasn't using it because my 98 client can see 10.0.0.1 without vpn, so doesn't use the tunnel. Changed the linux box to 10.1.0.1/16, altered dhcpd to serve 10.1.0.2-254/16, restarted daemons and used winipcfg to refresh my ip addresses. Altered my "dial-in" session to point to the new location, then "dialed in". winipcfg now shows an ip address of 10.1.0.2/16 on my adapter, and 10.0.0.2/8 on my ppp link. Obviously I don't want 10.0.0.2/8, I want 10.0.0.2/16, so looked at the ppp docs and attempted to add in the netmask option into the options file, but nothing happened. Tried adding it to pptpd.conf, same result. So, next idea. Changed pptpd to serve 192.168.0.1 as localip, and 192.168.1.1-255 as remoteip. Reconnected, and winipcfg shows everything fine. However, if I try to ping 192.168.0.1 from my win98 box, I get Destination host unreachable. Pinging it from the linux machine itself returns correctly, since I guess once the ppp tunnel is created, the server is given another ip address for a while. If you've got this far ;) here are my questions: 1. Is there any easy way of getting pptpd to serve out an A class IP address with the netmask of my choice? 2. What is a sensible set of configuration for my setup? I'm planning on firewalling my linux machine, and only allowing localnet dhcpd, and remote vpn through it. Whenever I use my linux machine at home, I'll vpn over to it; it also means that when I'm remote, my configuration should be identical, my ISP will set my IP, rather than my dhcp server. From matthewr at moreton.com.au Wed Dec 8 17:01:36 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Dec 8 17:01:36 1999 Subject: [pptp-server] Newbie questions References: Message-ID: <99120909025303.01158@gibberling> >I have a linux box running pptp using chap authentication & works like a >charm. good to here. >My question is : Are passwords sent in clear text? No. >Do I need to upgrade to Microsoft MSCHAPv2/MPPE authentication in order to >get 40 bit encryption? Yes. >What are the benefits if any of MS authentication besides the encryption? MSCHAPv2 provides stronger authentication and addresses some of the flaws in MSCHAP. cheers, Matt. From natecars at real-time.com Wed Dec 8 17:03:08 1999 From: natecars at real-time.com (Nate Carlson) Date: Wed Dec 8 17:03:08 1999 Subject: [pptp-server] Secured Linux host, serving local subnet issue In-Reply-To: <000d01bf41ce$263d6750$c800a8c0@potato> Message-ID: On Wed, 8 Dec 1999, Paul Hargreaves wrote: > I've got a Mandrake 6.1 Linux host, and I want to secure all traffic to it, > regardless of location (either the local subnet or over the internet). > > All of this stuff is at my home, so I can fiddle with impunity. > > Here's where I've got to: > > Linux host: 10.0.0.1/8. dhcpd giving out 10.0.0.2-254/8. Samba listening on > all interfaces. > Win98: Using dynamic IP. > > Everything has been working fine, with me adding and removing machines, and > being able to use Samba with impunity. > > Installed pptpd. Altered the /etc/ppp/options and enabled basic chaps, I'll > worry about the patches when I get everything working. > > Added vpn support to win98. Altered my chaps-secrets, "Dialed in" (over lan, > 1 segment) and everything seemed to work. > > Realised that although I was getting a tunnel, I wasn't using it because my > 98 client can see 10.0.0.1 without vpn, so doesn't use the tunnel. Try configuring the vpn connection to set the default route. Then any traffic should be tunneled. Why you want to tunnel on your local lan is beyond me though.. =) > > Changed the linux box to 10.1.0.1/16, altered dhcpd to serve > 10.1.0.2-254/16, restarted daemons and used winipcfg to refresh my ip > addresses. Altered my "dial-in" session to point to the new location, then > "dialed in". winipcfg now shows an ip address of 10.1.0.2/16 on my adapter, > and 10.0.0.2/8 on my ppp link. Obviously I don't want 10.0.0.2/8, I want > 10.0.0.2/16, so looked at the ppp docs and attempted to add in the netmask > option into the options file, but nothing happened. Tried adding it to > pptpd.conf, same result. > > So, next idea. Changed pptpd to serve 192.168.0.1 as localip, and > 192.168.1.1-255 as remoteip. Reconnected, and winipcfg shows everything > fine. However, if I try to ping 192.168.0.1 from my win98 box, I get > Destination host unreachable. Pinging it from the linux machine itself > returns correctly, since I guess once the ppp tunnel is created, the server > is given another ip address for a while. > > If you've got this far ;) here are my questions: > > 1. Is there any easy way of getting pptpd to serve out an A class IP address > with the netmask of my choice? > 2. What is a sensible set of configuration for my setup? I'm planning on > firewalling my linux machine, and only allowing localnet dhcpd, and remote > vpn through it. Whenever I use my linux machine at home, I'll vpn over to > it; it also means that when I'm remote, my configuration should be > identical, my ISP will set my IP, rather than my dhcp server. > -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From missions at ocic.org Thu Dec 9 05:36:57 1999 From: missions at ocic.org (Nhan NGO DINH (OCIC Missionary Service)) Date: Thu Dec 9 05:36:57 1999 Subject: [pptp-server] Compress rejected Message-ID: <4.1.19991209123724.00abece0@mail.rome.ocicnet.net> Hi, Once established a PPTP link between two linux machines, the ppp device comes up after two minutes (too slowly!)... I look in kernel messages, I get: === compress rejected: opt_len=17,o[0]=1a,o[1]=4 options are bad: 1a 4 === I have: PoPToP 1.0.0. Linux PPTP client 1.0.2. pppd 2.3.8 w/mppe patch. ppp, bsd_comp, ppp_deflate, ppp_mppe modules loaded. options file: === lock debug nodefaultroute noipdefault usehostname auth +chapms +chapms-v2 mppe-40 === I'm establishing the connection over a ppp link through the internet: Linux1 --> PPP --> INTERNET <-- PPP <-- Linux2 Any idea? I have to say that all works well... But only authentication is too slow (I don't know if the problem is authentication, may be the problem are other steps before the ppp-device comes up). Thanks. --- Nhan NGO DINH (OCIC Missionary Service Technical Support) e-mail: missions at ocic.org web site: http://www.ocic.org/missions/index1.html From larry at greenmotor.com Thu Dec 9 07:05:36 1999 From: larry at greenmotor.com (Larry Gray) Date: Thu Dec 9 07:05:36 1999 Subject: [pptp-server] Several Problems Message-ID: <006101bf4245$a5eccf00$8ccac8c6@greenmotor.com> Hello, I've got everything working, but sometimes it stops. I'm using PopTop on Redhat 6.1 with DSL connection at one end, and the pptp Linux client on Redhat 6.1 and a cable modem at the other end. Everything works fine for awhile. Then, I've noticed two things, on the pptp client, pppd will disconnect. (unknown) is listed in the pppd.log file. After this I cannot restart the client, I have to reboot. PopTop is more reliable, but about once a week, it starts writing to the syslog in a loop, cpu usage goes through the roof. After killing this process, I again cannot restart PopTop, and have to reboot. Has anyone else seen these problems? Thanks in advance, Larry Gray larry at greenmotor.com From yan at cardinalengineering.com Thu Dec 9 09:22:05 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Thu Dec 9 09:22:05 1999 Subject: [pptp-server] pppd 2.3.10 and the ppp-2_3_10-openssl-norc4-mppe patch Message-ID: <384FCA07.EE6392FB@cardinalengineering.com> I am trying to patch pppd with the above patch. I am getting a lot of failures: patching file `ppp-2.3.10/pppd/pppd.8' Hunk #1 FAILED at 27. Hunk #2 FAILED at 77. Hunk #3 FAILED at 320. Hunk #4 FAILED at 531. Hunk #5 FAILED at 774. Hunk #6 FAILED at 838. Hunk #7 FAILED at 1195. 7 out of 7 hunks FAILED -- saving rejects to ppp-2.3.10/pppd/pppd.8.rej This happens to 17 files - in other words, most of the patches fail. Is this normal or did I get some bogus source somewhere? Some spot checking of the files indicates that the patch code is not included in the original code, and that the source code for 2.3.10 that I have is somewhat different from what the patch is trying to patch. Does anyone have a patched copy they can post somewhere? --Yan -- Think different ride a recumbent use Linux. From ivanfetch at technologist.com Fri Dec 10 03:38:11 1999 From: ivanfetch at technologist.com (Ivan Fetch) Date: Fri Dec 10 03:38:11 1999 Subject: [pptp-server] Problems reading and writing to GRE and TTYs! Message-ID: <199912100930.BAA59464@iris3.ecsecure.com> Hello, I have the following message in syslog and was wondering who would be good enough to give me a hand with it: Dec 10 02:09:32 matrix pptpd[224]: GRE: read(fd=5,buffer=804d780,len=8196) from PTY failed: status = -1 error = Input/output error Dec 10 02:09:32 matrix pptpd[224]: CTRL: PTY read or GRE write failed (pty,gre)= (5,6) Dec 10 02:09:32 matrix pppd[226]: tcsetattr: Invalid argument Dec 10 02:09:35 matrix pptpd[227]: GRE: read(fd=5,buffer=804d780,len=8196) from PTY failed: status = -1 error = Input/output error Dec 10 02:09:35 matrix pptpd[227]: CTRL: PTY read or GRE write failed (pty,gre)= (5,6) Dec 10 02:09:35 matrix pppd[229]: tcsetattr: Invalid argument I am using kernel 2.2.13, and (as it happens) ip masqing as well. I have ppp 2.3.10, but have not done any of the MS chap patches as of yet. When attempting to connect using Win98 Second Ed, I get ERROR 645, I have also received error 629. Who knows what these equate to? :) Thank you in advance for any help, Ivan Fetch. From missions at ocic.org Fri Dec 10 03:57:25 1999 From: missions at ocic.org (Nhan NGO DINH (OCIC Missionary Service)) Date: Fri Dec 10 03:57:25 1999 Subject: [pptp-server] Compress rejected: update Message-ID: <4.1.19991210105230.00acf620@mail.rome.ocicnet.net> Hi, To say something more than the previous message about a slowly PPTP w/encryption connection: I noticed that probably: === compress rejected: opt_len=17,o[0]=1a,o[1]=4 options are bad: 1a 4 === Is due to ppp_deflate. The fact is that the module is loaded on both sides... Why compression should be rejected? May be "compression" stands for "encryption"? Any idea? Thanks. --- Nhan NGO DINH (OCIC Missionary Service Technical Support) e-mail: missions at ocic.org web site: http://www.ocic.org/missions/index1.html From nicolas.lienard at internet-telecom.net Fri Dec 10 04:02:53 1999 From: nicolas.lienard at internet-telecom.net (LIENARD Nicolas) Date: Fri Dec 10 04:02:53 1999 Subject: [pptp-server] PPTP and ip masquerading ? References: <199912100930.BAA59464@iris3.ecsecure.com> Message-ID: <017101bf42f5$d393c200$100a0007@jayce> Hello, I've installed ADSL connexion on my Linux box (2.0.34) with PPTP and now i 'd like to use ip masquerading for my Network. How can i do?? Thanx. ----------- Nicolas LIENARD Internet Telecom T/01.55.80.17.26 - F/01.55.80.17.18 19/21, rue Poissonni?re - 75002 PARIS nicolas.lienard at internet-telecom.net ----- Original Message ----- From: Ivan Fetch To: Sent: Friday, December 10, 1999 10:36 AM Subject: [pptp-server] Problems reading and writing to GRE and TTYs! > Hello, > I have the following message in syslog and was wondering who would be > good enough to give me a hand with it: > Dec 10 02:09:32 matrix pptpd[224]: GRE: read(fd=5,buffer=804d780,len=8196) > from > PTY failed: status = -1 error = Input/output error > Dec 10 02:09:32 matrix pptpd[224]: CTRL: PTY read or GRE write failed > (pty,gre)= > (5,6) > Dec 10 02:09:32 matrix pppd[226]: tcsetattr: Invalid argument > Dec 10 02:09:35 matrix pptpd[227]: GRE: read(fd=5,buffer=804d780,len=8196) > from > PTY failed: status = -1 error = Input/output error > Dec 10 02:09:35 matrix pptpd[227]: CTRL: PTY read or GRE write failed > (pty,gre)= > (5,6) > Dec 10 02:09:35 matrix pppd[229]: tcsetattr: Invalid argument > > I am using kernel 2.2.13, and (as it happens) ip masqing as well. I have > ppp 2.3.10, but have not done any of the MS chap patches as of yet. When > attempting to connect using Win98 Second Ed, I get ERROR 645, I have also > received error 629. Who knows what these equate to? :) > > Thank you in advance for any help, > Ivan Fetch. > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From email at paul-hargreaves.freeserve.co.uk Fri Dec 10 04:07:19 1999 From: email at paul-hargreaves.freeserve.co.uk (Paul Hargreaves) Date: Fri Dec 10 04:07:19 1999 Subject: [pptp-server] Secured Linux host, serving local subnet issue Message-ID: <004001bf42f6$4d3c78e0$c800a8c0@potato> >> Realised that although I was getting a tunnel, I wasn't using it because my >> 98 client can see 10.0.0.1 without vpn, so doesn't use the tunnel. >Try configuring the vpn connection to set the default route. Then any >traffic should be tunneled. Why you want to tunnel on your local lan is >beyond me though.. =) There doesn't seem to be any setting in pptpd.conf to do this. I've tried having the dhcp server pass out the route information and that goes into the ethernet setup, not the ppp setup. I have a couple of reasons for wanting to do this :) Once I've got it figured out and working, I can give configuration information to others so they can tunnel through to my machine. I'll then be able to dismantle my use of it, but I'll be able to know that it works, rather than trying to get it working remotely and all the trouble that gives. Another problem I've noticed, when using samba I can't resolve any netbios address anymore, even if I do it using "nmblookup" under Linux. If I have 192.168.0.1 as my localip (as set in pptpd.conf though the real host is actually 192.168.1.1) , and have Linux only offer information to 192.168.0, nmblookup fails because it cannot broadcast to 192.168.0.255. If I change samba to offer on 192.168.1 then I'm not using the tunnel again, so it defeats the object. Paul From yan at cardinalengineering.com Fri Dec 10 07:06:21 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Fri Dec 10 07:06:21 1999 Subject: [pptp-server] Can't establish connection Message-ID: <3850FB22.4FCDA899@cardinalengineering.com> OK, I got my new pppd compiled and all modules load; no errors. I am using ppp-2.3.10 with the mppe patch. Rh 6.0, 2.2.13 kernel. I have tried both auth and noauth in the options - no difference. Any help at all is greatly appreciated. When I try to connect to connect to my ISP, I get this: Serial connection established. Using interface ppp0 Connect: ppp0 <--> /dev/ttyD3 sent [LCP ConfReq id=0x4 ] Timeout 0x8050164:0x8077400 in 3 seconds. sent [LCP ConfReq id=0x4 ] Timeout 0x8050164:0x8077400 in 3 seconds. sent [LCP ConfReq id=0x4 ] Timeout 0x8050164:0x8077400 in 3 seconds. sent [LCP ConfReq id=0x4 ] Timeout 0x8050164:0x8077400 in 3 seconds. rcvd [LCP ConfReq id=0x1 < 11 04 05 ea> < 13 03 00>] lcp_reqci: rcvd unknown option 17 lcp_reqci: rcvd unknown option 19 lcp_reqci: returning CONFREJ. sent [LCP ConfRej id=0x1 < 11 04 05 ea> < 13 03 00>] rcvd [LCP ConfNak id=0x4 ] Untimeout 0x8050164:0x8077400. sent [LCP ConfReq id=0x5 ] Timeout 0x8050164:0x8077400 in 3 seconds. rcvd [LCP ConfReq id=0x2 ] lcp_reqci: returning CONFACK. sent [LCP ConfAck id=0x2 ] rcvd [LCP ConfAck id=0x5 ] Untimeout 0x8050164:0x8077400. peer refused to authenticate: terminating link sent [LCP TermReq id=0x6 "peer refused to authenticate"] Timeout 0x8050164:0x8077400 in 3 seconds. rcvd [LCP TermAck id=0x6] Untimeout 0x8050164:0x8077400. Connection terminated. What does this mean? -- Think different ride a recumbent use Linux. From kpjkey at jcsbs.lanobis.de Fri Dec 10 08:06:24 1999 From: kpjkey at jcsbs.lanobis.de (Peter Kolloch) Date: Fri Dec 10 08:06:24 1999 Subject: [pptp-server] My Kernel barks: kernel: Not enough space to encrypt packet: 1504<1504+4! Message-ID: <38510821.5B1C580@jcsbs.lanobis.de> Hi, I get this message repeatedly in my logs: Dec 10 14:49:37 world-pptp kernel: Not enough space to encrypt packet: 1504<1504+4! Is there any buffer I can enlarge? I am running a 2.2.13 Linux Kernel, a MPPE-patched pppd 2.3.10 and pptpd 1.0.0. Oh, and I used SSLeay-0.9.0b instead of the 0.6.0b Version, because I couldn't find another version. But everything works fine -- I just get this nasty error message all the time. Thanks , Peter Kolloch From bens at saber.net Fri Dec 10 10:38:22 1999 From: bens at saber.net (Benjamin Smith) Date: Fri Dec 10 10:38:22 1999 Subject: [pptp-server] VPN using SSH and pppd References: <38510821.5B1C580@jcsbs.lanobis.de> Message-ID: <99121008381900.02411@bug1> Recently, I read an interesting article in Linux Journal about setting up a VPN using remote SSH login, pppd and route. Has anybody here ever tried this method? In terms of implementation, is this more or less complicated than VPN with PPTP? (I've heard lots of nasty stuff about MS PPTP and bad security) I don't plan on trying to VPN via modem or anything, and with the above solution, Windows clients on each network side would "see" the other clients. (In theory - I've not ever implemented it yet) I have two Linux boxes (one is RH 6.0, the other is 6.1) running via ADSL, (approximately 1.0-1.5 Mb d/l, ~384k u/l) each providing masqueraded Internet access for LANs. Since I'm already using SSH to do work @work from my home-office LAN, this seems rather natural. The main application will be PC/Anywhere or VNC. Thoughts, anyone? (thanks!) From epadin at wagweb.com Fri Dec 10 10:52:16 1999 From: epadin at wagweb.com (Ed Padin) Date: Fri Dec 10 10:52:16 1999 Subject: [pptp-server] VPN using SSH and pppd Message-ID: I think that SSH method may be easier because all you're doign is an encrypted RSH where you redirect the input and output through a PPP server and client. SSH v1 does have it's own vulnerabilities. SSH v2 is better but it is a commercial product. >-----O >-----Original Message----- >From: Benjamin Smith [mailto:bens at saber.net] >Sent: Friday, December 10, 1999 11:28 AM >To: pptp-server at lists.schulte.org >Subject: [pptp-server] VPN using SSH and pppd > > >Recently, I read an interesting article in Linux Journal about >setting up a VPN >using remote SSH login, pppd and route. > >Has anybody here ever tried this method? In terms of >implementation, is this >more or less complicated than VPN with PPTP? (I've heard lots >of nasty stuff >about MS PPTP and bad security) > >I don't plan on trying to VPN via modem or anything, and with the above >solution, Windows clients on each network side would "see" the >other clients. >(In theory - I've not ever implemented it yet) > >I have two Linux boxes (one is RH 6.0, the other is 6.1) >running via ADSL, >(approximately 1.0-1.5 Mb d/l, ~384k u/l) each providing >masqueraded Internet >access for LANs. Since I'm already using SSH to do work @work from my >home-office LAN, this seems rather natural. The main >application will be >PC/Anywhere or VNC. > >Thoughts, anyone? (thanks!) > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > From anderson at moat.centtech.com Fri Dec 10 10:59:40 1999 From: anderson at moat.centtech.com (Eric Anderson) Date: Fri Dec 10 10:59:40 1999 Subject: [pptp-server] VPN using SSH and pppd In-Reply-To: Message-ID: <4.2.0.58.19991210105955.00a90d90@mailhost.centtech.com> True.. it is easier.. i chose to go this method and have it working now.. there is one problem i am having with pppd tho.. i cant set the netmask (which i have seen on this list before).. i have tried using ppp 2.3.9 and 2.3.10... still, no avail.. other than that, it works great.. At 11:53 AM 12/10/99 -0500, Ed Padin wrote: >I think that SSH method may be easier because all you're doign is an >encrypted RSH where you redirect the input and output through a PPP server >and client. SSH v1 does have it's own vulnerabilities. SSH v2 is better but >it is a commercial product. > > >-----O > >-----Original Message----- > >From: Benjamin Smith [mailto:bens at saber.net] > >Sent: Friday, December 10, 1999 11:28 AM > >To: pptp-server at lists.schulte.org > >Subject: [pptp-server] VPN using SSH and pppd > > > > > >Recently, I read an interesting article in Linux Journal about > >setting up a VPN > >using remote SSH login, pppd and route. > > > >Has anybody here ever tried this method? In terms of > >implementation, is this > >more or less complicated than VPN with PPTP? (I've heard lots > >of nasty stuff > >about MS PPTP and bad security) > > > >I don't plan on trying to VPN via modem or anything, and with the above > >solution, Windows clients on each network side would "see" the > >other clients. > >(In theory - I've not ever implemented it yet) > > > >I have two Linux boxes (one is RH 6.0, the other is 6.1) > >running via ADSL, > >(approximately 1.0-1.5 Mb d/l, ~384k u/l) each providing > >masqueraded Internet > >access for LANs. Since I'm already using SSH to do work @work from my > >home-office LAN, this seems rather natural. The main > >application will be > >PC/Anywhere or VNC. > > > >Thoughts, anyone? (thanks!) > > > > > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >List services provided by www.schulte.org! > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! ____________________________________ Microsoft: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? From alahooti at rodgers.rain.com Fri Dec 10 13:38:32 1999 From: alahooti at rodgers.rain.com (Ali Lahooti) Date: Fri Dec 10 13:38:32 1999 Subject: [pptp-server] NAT Installation Message-ID: <46D73F159D@ri1.rodgers.rain.com> Hi, I am in a process of installing NAT (NETWORK ADDRESS TRANSLATION) software to configure a VPN firewall. I have received these instructions from the following URLs: http://www.moretonbay.com/vpn/releases/HOWTO-PoPToP.txt and have downloaded NAT from the site below. http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html However, I have problems installing NAT. Here is more information, please advise where can I find the missing file(s) or what I am doing wrong. Thanks in advance. -Ali ================================================ /* Contents of the source directory */ [root at vpn nat-static-2.2.4]# ls COPYING README README2 doc ipnatadm kernel ================================================ /* Contents of the ipnatadm directory */ [root at vpn ipnatadm]# ls Makefile README ipnatadm.8 ipnatadm.c ipnatadm.h routines.c ================================================ /* Makefile source code */ [root at vpn ipnatadm]# more Makefile CC = gcc CFLAGS = -Wall -O2 SBIN = /usr/local/sbin MANDIR = /usr/local/man INSTALL = install INCLUDE = -I/usr/src/linux/include all: ipnatadm ipnatadm: ipnatadm.o routines.o ipnatadm.o: ipnatadm.c ipnatadm.h $(CC) $(CFLAGS) $(INCLUDE) -c -o ipnatadm.o ipnatadm.c routines.o: routines.c ipnatadm.h $(CC) $(CFLAGS) $(INCLUDE) -c -o routines.o routines.c ipnatadm.h: install: ipnatadm $(INSTALL) -m 0755 -o root -g root ipnatadm $(SBIN)/ $(INSTALL) -m 644 -o root -g root ipnatadm.8 $(MANDIR)/ clean: rm -f ipnatadm *.o core ================================================ /* Error message after running "make" */ [root at vpn ipnatadm]# make gcc -Wall -O2 -I/usr/src/linux/include -c -o ipnatadm.o ipnatadm.c In file included from ipnatadm.c:45: ipnatadm.h:9: linux/ip_nat.h: No such file or directory make: *** [ipnatadm.o] Error 1 ================================================ --------------------------- Ali Lahooti Rodgers Instruments LLC http://www.rodgerscorp.com Tel: (503) 681-0484 Fax: (503) 681-6530 ---------------------------- From epadin at wagweb.com Fri Dec 10 14:46:20 1999 From: epadin at wagweb.com (Ed Padin) Date: Fri Dec 10 14:46:20 1999 Subject: [pptp-server] NAT Installation Message-ID: Are you looking to do a static NAT implmentation? This is where you have a one-to-one correspondence between addresses on the 'inside' and 'outside' networks. If you are, then you can use this app. but be aware that this thing is a real pain in the ass to get working. If you need help let me know. I got this code working under a 2.0.33 kernel. You need to do a proxy ARP to get it working right. If all you want is to do the typical NAT you need for accessing the Internet from a private network, that is, network masquerading, then you don't need ip-nat. ipfwadm with the -m flag will do what you need. It's included with almost all Linux distributions but you may have to recompile your kernel to enable it. The newer version for 2.2 kernels is ipchains. I don't know much about ipchains (yet). >-----Original Message----- >From: Ali Lahooti [mailto:alahooti at rodgers.rain.com] >Sent: Friday, December 10, 1999 2:38 PM >To: pptp-server at lists.schulte.org >Subject: [pptp-server] NAT Installation > > >Hi, > >I am in a process of installing NAT (NETWORK ADDRESS >TRANSLATION) software to configure a VPN firewall. > >I have received these instructions from the following URLs: > >http://www.moretonbay.com/vpn/releases/HOWTO-PoPToP.txt > >and have downloaded NAT from the site below. > >http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html >However, I have problems installing NAT. Here is more information, >please advise where can I find the missing file(s) or what I am doing >wrong. Thanks in advance. >-Ali >================================================ >/* Contents of the source directory */ > >[root at vpn nat-static-2.2.4]# ls >COPYING README README2 doc ipnatadm kernel >================================================ >/* Contents of the ipnatadm directory */ > >[root at vpn ipnatadm]# ls >Makefile README ipnatadm.8 ipnatadm.c ipnatadm.h routines.c >================================================ >/* Makefile source code */ > >[root at vpn ipnatadm]# more Makefile >CC = gcc >CFLAGS = -Wall -O2 >SBIN = /usr/local/sbin >MANDIR = /usr/local/man >INSTALL = install >INCLUDE = -I/usr/src/linux/include > >all: ipnatadm > >ipnatadm: ipnatadm.o routines.o > >ipnatadm.o: ipnatadm.c ipnatadm.h > $(CC) $(CFLAGS) $(INCLUDE) -c -o ipnatadm.o >ipnatadm.c > >routines.o: routines.c ipnatadm.h > $(CC) $(CFLAGS) $(INCLUDE) -c -o routines.o routines.c > >ipnatadm.h: > >install: ipnatadm > $(INSTALL) -m 0755 -o root -g root ipnatadm $(SBIN)/ > $(INSTALL) -m 644 -o root -g root ipnatadm.8 >$(MANDIR)/ > >clean: > rm -f ipnatadm *.o core >================================================ >/* Error message after running "make" */ > >[root at vpn ipnatadm]# make >gcc -Wall -O2 -I/usr/src/linux/include -c -o ipnatadm.o ipnatadm.c >In file included from ipnatadm.c:45: >ipnatadm.h:9: linux/ip_nat.h: No such file or directory >make: *** [ipnatadm.o] Error 1 >================================================ > > > > >--------------------------- >Ali Lahooti >Rodgers Instruments LLC >http://www.rodgerscorp.com >Tel: (503) 681-0484 >Fax: (503) 681-6530 >---------------------------- > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > From jbeauchamp at 4anything.com Fri Dec 10 16:56:13 1999 From: jbeauchamp at 4anything.com (Joe Beauchamp) Date: Fri Dec 10 16:56:13 1999 Subject: [pptp-server] OK, What's the magic? Message-ID: <3.0.6.32.19991210175503.0093e4c0@1mailbox.com> I know VPN should be a breeze -- I've had little luck with trying to set it up, but I see things going back and forth here like a lot of people are successfully using it. I seem to have been able to create the connectivity (I've used both pptpd/ppp and vpnd at different times), but I just can't get one Windows 98 machine on one net to see the Windows 98 machine on the other! Yes, it is driving me bonkers... My ideal setup would be two places each with dhcp and masquerading and each with a connection to internet then I would use pptpd or vpnd to connect the 2 via linux (now using 2.2.12). And this is where I am now. Just can't get these guys to see each other. I can ping, etc. but I can't "find computer" or see the networks via Windows. I keep thinking this is some sort of routing issue, but I've tried everything that I can think of. What's the trick, guys? What am I missing?? Thanks!! -- Joe B. ________________________________________________________________________ Joe Beauchamp -- VP, New Technology -- 4anything.com -- (610) 768-1444 From geoff at gnaa.net Fri Dec 10 17:56:33 1999 From: geoff at gnaa.net (geoff nordli) Date: Fri Dec 10 17:56:33 1999 Subject: [pptp-server] OK, What's the magic? In-Reply-To: <3.0.6.32.19991210175503.0093e4c0@1mailbox.com> Message-ID: <009e01bf436a$31b0fbe0$0101a8c0@highwayi.com> If you can ping properly then it probably is a name resolution problem. Use a lmhosts file for windows based commands like net use, Use a Hosts file for socket based commands like ping, ftp, etc.... If you have a wins server on the network then look in the docs for info about the wins-server option. geoff nordli -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Joe Beauchamp Sent: Friday, December 10, 1999 2:55 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] OK, What's the magic? I know VPN should be a breeze -- I've had little luck with trying to set it up, but I see things going back and forth here like a lot of people are successfully using it. I seem to have been able to create the connectivity (I've used both pptpd/ppp and vpnd at different times), but I just can't get one Windows 98 machine on one net to see the Windows 98 machine on the other! Yes, it is driving me bonkers... My ideal setup would be two places each with dhcp and masquerading and each with a connection to internet then I would use pptpd or vpnd to connect the 2 via linux (now using 2.2.12). And this is where I am now. Just can't get these guys to see each other. I can ping, etc. but I can't "find computer" or see the networks via Windows. I keep thinking this is some sort of routing issue, but I've tried everything that I can think of. What's the trick, guys? What am I missing?? Thanks!! -- Joe B. ________________________________________________________________________ Joe Beauchamp -- VP, New Technology -- 4anything.com -- (610) 768-1444 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From nngodinh at tiscalinet.it Sat Dec 11 10:34:46 1999 From: nngodinh at tiscalinet.it (Nhan NGO DINH) Date: Sat Dec 11 10:34:46 1999 Subject: [pptp-server] MSCHAP-v2 Message-ID: <4.1.19991211172936.00a79ea0@pop.tiscalinet.it> Hi, On a connection link over a 56k serial link I tried to establish a PPTP link and sometimes MSCHAP-v2 does not work. MSCHAP istead seems to work well... Any idea? Bye, --- Nhan NGO DINH e-mail: nngodinh at tiscalinet.it web site: http://www.tiscalinet.it/nngodinh From joe at dietcraze.com Sat Dec 11 14:30:21 1999 From: joe at dietcraze.com (R. Joseph Villa., II) Date: Sat Dec 11 14:30:21 1999 Subject: [pptp-server] mppe_stateless.patch failure on ppp-2.2.10 In-Reply-To: Message-ID: <000101bf4416$09198560$0a01a8c0@tampabay.rr.com> Nate, Udaman! This worked great. I really appreciate the help. Now all I have to do is figure out how to get the encryption started and I'll be in business. Everything works fine as long as I don't try and force encryption from my 98 client. Joe -----Original Message----- From: Nate Carlson [mailto:natecars at real-time.com] Sent: Wednesday, December 08, 1999 1:16 PM To: R. Joseph Villa., II Cc: 'Philip L. Butler'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] mppe_stateless.patch failure on ppp-2.2.10 On Wed, 8 Dec 1999, R. Joseph Villa., II wrote: > I'm not familiar enough with how the patching process works to figure out > how to do it like you did. If you have come up with a patch file that works. > I'd love to check it out. > > Thanks for your help. > Joe > I'm not sure if this list accepts attachments, but I figured I'd try since this is < 500bytes. Here's the patch I made to use in a RPM for ppp-2.3.10+mppe.. please let me know if it works for you. (It is based on the other patch.) -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From simonm at fastbase.co.nz Sun Dec 12 13:38:39 1999 From: simonm at fastbase.co.nz (Simon Munro) Date: Sun Dec 12 13:38:39 1999 Subject: [pptp-server] NEWBIE QUESTION Message-ID: <199912121938.NAA06470@snaildust.schulte.org> PoPToP sounds great for allowing remote clients to connect to a LAN. However from what I can gather PoPTop couldn't be used to join 2 LANs over the Internet to form a WAN? Does anyone know of a product that will connect 2 LAN's together over the Internet - i.e. a VPN connecting 2 subnets. This can be done using NT & RRAS however I would much rather use Linux. TIA Simon From geoff at gnaa.net Sun Dec 12 14:25:46 1999 From: geoff at gnaa.net (geoff nordli) Date: Sun Dec 12 14:25:46 1999 Subject: [pptp-server] suggestion to include init script in tar file Message-ID: <003801bf44df$1b2be300$0101a8c0@highwayi.com> It would be great to have a init startup script included in the "samples" directory inside the tar files. It would make life a lot easier to just copy the script into the /etc/rc.d/init/ directory, and run a chkconfig to set it up for automatic start. geoff nordli From geoff at gnaa.net Sun Dec 12 14:36:29 1999 From: geoff at gnaa.net (geoff nordli) Date: Sun Dec 12 14:36:29 1999 Subject: [pptp-server] NEWBIE QUESTION In-Reply-To: <199912121938.NAA06470@snaildust.schulte.org> Message-ID: <003a01bf44e0$97a1f540$0101a8c0@highwayi.com> To join LANs with Linux the real solution, IMO, is Freeswan http://www.xs4all.nl/~freeswan/ geoff nordli -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Simon Munro Sent: Sunday, December 12, 1999 11:37 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] NEWBIE QUESTION PoPToP sounds great for allowing remote clients to connect to a LAN. However from what I can gather PoPTop couldn't be used to join 2 LANs over the Internet to form a WAN? Does anyone know of a product that will connect 2 LAN's together over the Internet - i.e. a VPN connecting 2 subnets. This can be done using NT & RRAS however I would much rather use Linux. TIA Simon _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From t_galan at pacbell.net Sun Dec 12 16:22:03 1999 From: t_galan at pacbell.net (Tony Galan) Date: Sun Dec 12 16:22:03 1999 Subject: [pptp-server] Client can't see network Message-ID: Hello all. I have a remote user that can connect to my pptp server but can't ping or access machines within my network. I'm sending the log, but I don't see anything out of the ordinary. Any clues would help. Thanks in advance. Tony Galan -------------------/var/log/messages------------------------------------ Dec 12 05:52:42 obiwan pppd[7150]: pppd 2.3.8 started by root, uid 0 Dec 12 05:52:42 obiwan pppd[7150]: Using interface ppp1 Dec 12 05:52:42 obiwan pppd[7150]: Connect: ppp1 <--> /dev/pts/4 Dec 12 05:52:44 obiwan pppd[7150]: CHAP peer authentication succeeded for joe Dec 12 05:52:45 obiwan pppd[7150]: CCP terminated by peer Dec 12 05:52:45 obiwan pppd[7150]: Compression disabled by peer. Dec 12 05:52:48 obiwan pppd[7150]: Cannot determine ethernet address for proxy ARP Dec 12 05:52:48 obiwan pppd[7150]: local IP address 192.168.1.235 Dec 12 05:52:48 obiwan pppd[7150]: remote IP address 192.168.2.235 Dec 12 05:59:22 obiwan pppd[7150]: Modem hangup Dec 12 05:59:22 obiwan pppd[7150]: Connection terminated. Dec 12 05:59:22 obiwan pppd[7150]: Connect time 6.7 minutes. Dec 12 05:59:22 obiwan pppd[7150]: Sent 515 bytes, received 2326 bytes. Dec 12 05:59:22 obiwan pppd[7150]: Exit. From geoff at gnaa.net Sun Dec 12 19:09:56 1999 From: geoff at gnaa.net (geoff nordli) Date: Sun Dec 12 19:09:56 1999 Subject: [pptp-server] Client can't see network In-Reply-To: Message-ID: <004201bf4506$c97e4840$0101a8c0@highwayi.com> There is a problem with your proxyarp. Notice the 4th line from the bottom Here is my log: kernel: PPP: version 2.3.8 (demand dialling) kernel: PPP line discipline registered. saturn kernel: registered device ppp0 saturn pppd[13277]: pppd 2.3.8 started by root, uid 0 saturn pppd[13277]: Using interface ppp0 pppd[13277]: Connect: ppp0 <--> /dev/pts/1 pptpd[13276]: GRE: Discarding duplicate packet pptpd[13276]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! PPP MPPE compression module registered PPP Deflate Compression module registered pppd[13277]: MSCHAP-v2 peer authentication succeeded for user pppd[13277]: MPPE 128 bit, stateless compression enabled pppd[13277]: found interface eth0 for proxy arp pppd[13277]: local IP address x.x.x.x pppd[13277]: remote IP address x.x.x.x pptpd[13276]: CTRL: Ignored a SET LINK INFO packet with -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Tony Galan Sent: Sunday, December 12, 1999 1:12 PM To: Pptp-Server Subject: [pptp-server] Client can't see network Hello all. I have a remote user that can connect to my pptp server but can't ping or access machines within my network. I'm sending the log, but I don't see anything out of the ordinary. Any clues would help. Thanks in advance. Tony Galan -------------------/var/log/messages------------------------------------ Dec 12 05:52:42 obiwan pppd[7150]: pppd 2.3.8 started by root, uid 0 Dec 12 05:52:42 obiwan pppd[7150]: Using interface ppp1 Dec 12 05:52:42 obiwan pppd[7150]: Connect: ppp1 <--> /dev/pts/4 Dec 12 05:52:44 obiwan pppd[7150]: CHAP peer authentication succeeded for joe Dec 12 05:52:45 obiwan pppd[7150]: CCP terminated by peer Dec 12 05:52:45 obiwan pppd[7150]: Compression disabled by peer. Dec 12 05:52:48 obiwan pppd[7150]: Cannot determine ethernet address for proxy ARP Dec 12 05:52:48 obiwan pppd[7150]: local IP address 192.168.1.235 Dec 12 05:52:48 obiwan pppd[7150]: remote IP address 192.168.2.235 Dec 12 05:59:22 obiwan pppd[7150]: Modem hangup Dec 12 05:59:22 obiwan pppd[7150]: Connection terminated. Dec 12 05:59:22 obiwan pppd[7150]: Connect time 6.7 minutes. Dec 12 05:59:22 obiwan pppd[7150]: Sent 515 bytes, received 2326 bytes. Dec 12 05:59:22 obiwan pppd[7150]: Exit. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From ilan at bloch.org.il Mon Dec 13 06:27:45 1999 From: ilan at bloch.org.il (ilan Bloch) Date: Mon Dec 13 06:27:45 1999 Subject: [pptp-server] VPN using SSH and pppd In-Reply-To: <4.2.0.58.19991210105955.00a90d90@mailhost.centtech.com> References: Message-ID: <3.0.5.32.19991213101828.00819c40@mail.bloch.org.il> Hi there, But if it's easier AND you can connect WinXX stations to the LAN why then bother with PPTP -and its rather cumbersome install process ? ilan At 11:01 10/12/99 -0600, Eric Anderson wrote: >True.. it is easier.. i chose to go this method and have it working now.. >there is one problem i am having with pppd tho.. i cant set the netmask >(which i have seen on this list before).. i have tried using ppp 2.3.9 and >2.3.10... still, no avail.. other than that, it works great.. > > >At 11:53 AM 12/10/99 -0500, Ed Padin wrote: > >>I think that SSH method may be easier because all you're doign is an >>encrypted RSH where you redirect the input and output through a PPP server >>and client. SSH v1 does have it's own vulnerabilities. SSH v2 is better but >>it is a commercial product. >> >> >-----O >> >-----Original Message----- >> >From: Benjamin Smith [mailto:bens at saber.net] >> >Sent: Friday, December 10, 1999 11:28 AM >> >To: pptp-server at lists.schulte.org >> >Subject: [pptp-server] VPN using SSH and pppd >> > >> > >> >Recently, I read an interesting article in Linux Journal about >> >setting up a VPN >> >using remote SSH login, pppd and route. >> > >> >Has anybody here ever tried this method? In terms of >> >implementation, is this >> >more or less complicated than VPN with PPTP? (I've heard lots >> >of nasty stuff >> >about MS PPTP and bad security) >> > >> >I don't plan on trying to VPN via modem or anything, and with the above >> >solution, Windows clients on each network side would "see" the >> >other clients. >> >(In theory - I've not ever implemented it yet) >> > >> >I have two Linux boxes (one is RH 6.0, the other is 6.1) >> >running via ADSL, >> >(approximately 1.0-1.5 Mb d/l, ~384k u/l) each providing >> >masqueraded Internet >> >access for LANs. Since I'm already using SSH to do work @work from my >> >home-office LAN, this seems rather natural. The main >> >application will be >> >PC/Anywhere or VNC. >> > >> >Thoughts, anyone? (thanks!) >> > >> > >> >_______________________________________________ >> >pptp-server maillist - pptp-server at lists.schulte.org >> >http://lists.schulte.org/mailman/listinfo/pptp-server >> >List services provided by www.schulte.org! >> > >> >>_______________________________________________ >>pptp-server maillist - pptp-server at lists.schulte.org >>http://lists.schulte.org/mailman/listinfo/pptp-server >>List services provided by www.schulte.org! > > > >____________________________________ >Microsoft: Where do you want to go today? >Linux: Where do you want to go tomorrow? >FreeBSD: Are you guys coming or what? > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > > ***************************************** Ilan Bloch Nouvelle adresse - New address - Neuiwe address - Neue Addresse ilan at bloch.org.il ***************************************** From anderson at moat.centtech.com Mon Dec 13 08:06:29 1999 From: anderson at moat.centtech.com (Eric Anderson) Date: Mon Dec 13 08:06:29 1999 Subject: [pptp-server] VPN using SSH and pppd In-Reply-To: <3.0.5.32.19991213101828.00819c40@mail.bloch.org.il> References: <4.2.0.58.19991210105955.00a90d90@mailhost.centtech.com> Message-ID: <4.2.0.58.19991213080729.00aa7830@mailhost.centtech.com> because ssh+ppp needs a dedicated linux/bsd box at both ends.. pptp does not.. At 10:18 AM 12/13/99 +0200, ilan Bloch wrote: >Hi there, >But if it's easier AND you can connect WinXX stations to the LAN why then >bother with PPTP -and its rather cumbersome install process ? > >ilan > >At 11:01 10/12/99 -0600, Eric Anderson wrote: > >True.. it is easier.. i chose to go this method and have it working now.. > >there is one problem i am having with pppd tho.. i cant set the netmask > >(which i have seen on this list before).. i have tried using ppp 2.3.9 and > >2.3.10... still, no avail.. other than that, it works great.. > > > > > >At 11:53 AM 12/10/99 -0500, Ed Padin wrote: > > > >>I think that SSH method may be easier because all you're doign is an > >>encrypted RSH where you redirect the input and output through a PPP server > >>and client. SSH v1 does have it's own vulnerabilities. SSH v2 is better but > >>it is a commercial product. > >> > >> >-----O > >> >-----Original Message----- > >> >From: Benjamin Smith [mailto:bens at saber.net] > >> >Sent: Friday, December 10, 1999 11:28 AM > >> >To: pptp-server at lists.schulte.org > >> >Subject: [pptp-server] VPN using SSH and pppd > >> > > >> > > >> >Recently, I read an interesting article in Linux Journal about > >> >setting up a VPN > >> >using remote SSH login, pppd and route. > >> > > >> >Has anybody here ever tried this method? In terms of > >> >implementation, is this > >> >more or less complicated than VPN with PPTP? (I've heard lots > >> >of nasty stuff > >> >about MS PPTP and bad security) > >> > > >> >I don't plan on trying to VPN via modem or anything, and with the above > >> >solution, Windows clients on each network side would "see" the > >> >other clients. > >> >(In theory - I've not ever implemented it yet) > >> > > >> >I have two Linux boxes (one is RH 6.0, the other is 6.1) > >> >running via ADSL, > >> >(approximately 1.0-1.5 Mb d/l, ~384k u/l) each providing > >> >masqueraded Internet > >> >access for LANs. Since I'm already using SSH to do work @work from my > >> >home-office LAN, this seems rather natural. The main > >> >application will be > >> >PC/Anywhere or VNC. > >> > > >> >Thoughts, anyone? (thanks!) > >> > > >> > > >> >_______________________________________________ > >> >pptp-server maillist - pptp-server at lists.schulte.org > >> >http://lists.schulte.org/mailman/listinfo/pptp-server > >> >List services provided by www.schulte.org! > >> > > >> > >>_______________________________________________ > >>pptp-server maillist - pptp-server at lists.schulte.org > >>http://lists.schulte.org/mailman/listinfo/pptp-server > >>List services provided by www.schulte.org! > > > > > > > >____________________________________ > >Microsoft: Where do you want to go today? > >Linux: Where do you want to go tomorrow? > >FreeBSD: Are you guys coming or what? > > > > > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >List services provided by www.schulte.org! > > > > >***************************************** >Ilan Bloch > >Nouvelle adresse - New address - Neuiwe address - >Neue Addresse > >ilan at bloch.org.il >***************************************** > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! ____________________________________ Microsoft: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? From t_galan at pacbell.net Mon Dec 13 12:12:12 1999 From: t_galan at pacbell.net (Tony Galan) Date: Mon Dec 13 12:12:12 1999 Subject: [pptp-server] proxy ARP Message-ID: Anyone know how I can fix the problem on line #7 (Cannot determine ethernet address for proxy ARP)? Thanks in advance. Tony Galan -------------------/var/log/messages------------------------------------ Dec 12 05:52:42 obiwan pppd[7150]: pppd 2.3.8 started by root, uid 0 Dec 12 05:52:42 obiwan pppd[7150]: Using interface ppp1 Dec 12 05:52:42 obiwan pppd[7150]: Connect: ppp1 <--> /dev/pts/4 Dec 12 05:52:44 obiwan pppd[7150]: CHAP peer authentication succeeded forjoe Dec 12 05:52:45 obiwan pppd[7150]: CCP terminated by peer Dec 12 05:52:45 obiwan pppd[7150]: Compression disabled by peer. Dec 12 05:52:48 obiwan pppd[7150]: Cannot determine ethernet address for proxy ARP Dec 12 05:52:48 obiwan pppd[7150]: local IP address 192.168.1.235 Dec 12 05:52:48 obiwan pppd[7150]: remote IP address 192.168.2.235 Dec 12 05:59:22 obiwan pppd[7150]: Modem hangup Dec 12 05:59:22 obiwan pppd[7150]: Connection terminated. Dec 12 05:59:22 obiwan pppd[7150]: Connect time 6.7 minutes. Dec 12 05:59:22 obiwan pppd[7150]: Sent 515 bytes, received 2326 bytes. Dec 12 05:59:22 obiwan pppd[7150]: Exit. From yan at cardinalengineering.com Mon Dec 13 13:03:13 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Mon Dec 13 13:03:13 1999 Subject: [pptp-server] pppd will not connect Message-ID: <385543DE.AC7F5877@cardinalengineering.com> OK, I'm about to give up on PPTP. I rebuilt the ppp modules per the FAQ last week; no dice. So I spent some time over the weekend on my test bed and built a working pppd. Tested, ran, I could dial in and connect. No sweat. Tarballed the patched source and transferred it to the production server. Rebuilt from source, installed and - no dice. Same config, same options file, same ISP, same login, same everyting. Both machines are RH 6.0. The only difference is that the test bed has the 2.2.5 kernel while the production box has the 2.2.13. kernel. I am trying to apply the MS patches. Here's what I get: Using interface ppp0 Connect: ppp0 <--> /dev/ttyD3 sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077400 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077400 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077400 in 3 seconds. sent [LCP ConfReq id=0x1 ] Timeout 0x8050164:0x8077400 in 3 seconds. rcvd [LCP ConfReq id=0x1 < 11 04 05 ea> < 13 03 00>] lcp_reqci: rcvd unknown option 17 lcp_reqci: rcvd unknown option 19 lcp_reqci: returning CONFREJ. sent [LCP ConfRej id=0x1 < 11 04 05 ea> < 13 03 00>] rcvd [LCP ConfAck id=0x1 ] rcvd [LCP ConfReq id=0x2 ] lcp_reqci: returning CONFACK. sent [LCP ConfAck id=0x2 ] Untimeout 0x8050164:0x8077400. Timeout 0x8054fc4:0x80776a0 in 30 seconds. sent [PAP AuthReq id=0x1 user="xxxxx" password="xxxxx"] Timeout 0x8054f84:0x80776a0 in 3 seconds. rcvd [PAP AuthAck id=0x1 ""] Untimeout 0x8054fc4:0x80776a0. sent [LCP TermReq id=0x2 "Authentication failed"] Timeout 0x8050164:0x8077400 in 3 seconds. rcvd [LCP TermAck id=0x2] Untimeout 0x8050164:0x8077400. Connection terminated. Timeout 0x804e6a0:0x0 in 30 seconds. -- Think different ride a recumbent use Linux. From yan at cardinalengineering.com Mon Dec 13 13:47:27 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Mon Dec 13 13:47:27 1999 Subject: [pptp-server] pppd will not connect References: <000801bf459d$da530880$0101a8c0@highwayi.com> Message-ID: <38554E1F.1C247912@cardinalengineering.com> OK, maybe I am doing something really off the wall. All I am trying to do right now is recompile pppd with the mppe patches, then use it to dial in to my ISP. Basically take ppp-2.3.10 source, apply the patches, recompile, copy the appropriate rc4 files to drivers/net, recompile and install modules, rmmod ppp, slhc, and compression modules, insmod same, and try to dial in. I can dial in and connect using the stock pppd that came with the distro. I am not even trying to do anything with pptpd yet. My ISP apparently does not authenticate via CHAP, only PAP. The recompiled pppd insists on CHAP, even when the options file says otherwise. I am using rh 6.0, 2.2.13 kernel. Any help at all is appreciated. --Yan geoff nordli wrote: > > You are using pptp to receive incoming connection for a VPN. Right? > > Could you tell me the steps that you took to get where you are? Then > maybe I could help you out. > -- Think different ride a recumbent use Linux. From neale at lowendale.com.au Mon Dec 13 13:54:49 1999 From: neale at lowendale.com.au (Neale Banks) Date: Mon Dec 13 13:54:49 1999 Subject: [pptp-server] proxy ARP In-Reply-To: Message-ID: On Mon, 13 Dec 1999, Tony Galan wrote: > Anyone know how I can fix the problem on line #7 > (Cannot determine ethernet address for proxy ARP)? [...] > -------------------/var/log/messages------------------------------------ [...] > Dec 12 05:52:48 obiwan pppd[7150]: Cannot determine ethernet address for > proxy ARP > Dec 12 05:52:48 obiwan pppd[7150]: local IP address 192.168.1.235 Is your PPP local IP address in the same subnet as an ethernet interface? AFAIK, this is a necessary condition for proxy-arp and having the local IP address on other than the subnet of an ethernet interface is the usual reason for the "Cannot determine..." message. HTH, Neale. From geoff at gnaa.net Mon Dec 13 13:59:30 1999 From: geoff at gnaa.net (geoff nordli) Date: Mon Dec 13 13:59:30 1999 Subject: [pptp-server] pppd will not connect In-Reply-To: <38554E1F.1C247912@cardinalengineering.com> Message-ID: <000d01bf45a4$a63ad5d0$0101a8c0@highwayi.com> If all you are trying to do is get a net connection then PPTP is of no use. You want to use the existing ppp. If you want to use the pptp if you are connecting to a VPN accross the net. If that is what you want, then this might help you out: http://www.moretonbay.com/vpn/setup_pptp_client.html If you are trying to do anything else you might want to post an explanation. geoff nordli -----Original Message----- From: Yan Seiner [mailto:yan at cardinalengineering.com] Sent: Monday, December 13, 1999 11:51 AM To: geoff nordli; pptp-server at lists.schulte.org Subject: Re: [pptp-server] pppd will not connect OK, maybe I am doing something really off the wall. All I am trying to do right now is recompile pppd with the mppe patches, then use it to dial in to my ISP. Basically take ppp-2.3.10 source, apply the patches, recompile, copy the appropriate rc4 files to drivers/net, recompile and install modules, rmmod ppp, slhc, and compression modules, insmod same, and try to dial in. I can dial in and connect using the stock pppd that came with the distro. I am not even trying to do anything with pptpd yet. My ISP apparently does not authenticate via CHAP, only PAP. The recompiled pppd insists on CHAP, even when the options file says otherwise. I am using rh 6.0, 2.2.13 kernel. Any help at all is appreciated. --Yan geoff nordli wrote: > > You are using pptp to receive incoming connection for a VPN. Right? > > Could you tell me the steps that you took to get where you are? Then > maybe I could help you out. > -- Think different ride a recumbent use Linux. From yan at cardinalengineering.com Mon Dec 13 14:36:56 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Mon Dec 13 14:36:56 1999 Subject: [pptp-server] pppd will not connect References: <000d01bf45a4$a63ad5d0$0101a8c0@highwayi.com> Message-ID: <385559D2.6589130A@cardinalengineering.com> I am trying to set up pptpd as a server for MS boxes. My understanding is that as step one, I need to have a working pppd with the patches to recognize the ms compression and encryption. This is what I am trying to do right now. When I get that working I will start configuring pptpd (which looks pretty easy compared to what I've run into so far....) --Yan geoff nordli wrote: > > If all you are trying to do is get a net connection then PPTP is of > no use. You want to use the existing ppp. > > If you want to use the pptp if you are connecting to a VPN accross > the net. If that is what you want, then this might help you out: > > http://www.moretonbay.com/vpn/setup_pptp_client.html > > If you are trying to do anything else you might want to post an > explanation. > > geoff nordli > -- Think different ride a recumbent use Linux. From geoff at gnaa.net Mon Dec 13 14:57:50 1999 From: geoff at gnaa.net (geoff nordli) Date: Mon Dec 13 14:57:50 1999 Subject: [pptp-server] pppd will not connect In-Reply-To: <385559D2.6589130A@cardinalengineering.com> Message-ID: <001101bf45ac$c6d7dbf0$0101a8c0@highwayi.com> But the idea is that people will be connecting to your box (pptp server). Not the other way around. Follow the instructions, and test it by taking a windows box, and connecting to the PPTP server. Pay close attention to the logs in "/var/log/messages" that will tell you how things are going. geoff nordli -----Original Message----- From: Yan Seiner [mailto:yan at cardinalengineering.com] Sent: Monday, December 13, 1999 12:41 PM To: geoff nordli Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] pppd will not connect I am trying to set up pptpd as a server for MS boxes. My understanding is that as step one, I need to have a working pppd with the patches to recognize the ms compression and encryption. This is what I am trying to do right now. When I get that working I will start configuring pptpd (which looks pretty easy compared to what I've run into so far....) --Yan geoff nordli wrote: > > If all you are trying to do is get a net connection then PPTP is of > no use. You want to use the existing ppp. > > If you want to use the pptp if you are connecting to a VPN accross > the net. If that is what you want, then this might help you out: > > http://www.moretonbay.com/vpn/setup_pptp_client.html > > If you are trying to do anything else you might want to post an > explanation. > > geoff nordli > -- Think different ride a recumbent use Linux. From natecars at real-time.com Mon Dec 13 15:09:03 1999 From: natecars at real-time.com (Nate Carlson) Date: Mon Dec 13 15:09:03 1999 Subject: [pptp-server] mppe_stateless.patch failure on ppp-2.2.10 In-Reply-To: <000101bf4416$09198560$0a01a8c0@tampabay.rr.com> Message-ID: On Sat, 11 Dec 1999, R. Joseph Villa., II wrote: > Nate, > Udaman! This worked great. I really appreciate the help. Now all I have to > do is figure out how to get the encryption started and I'll be in business. > Everything works fine as long as I don't try and force encryption from my 98 > client. > > Joe > Are you loading the ppp_mppe module? Try adding the following lines to /etc/conf.modules to automagically load the proper modules when needed: alias ppp-compress-1 off # This is Predictor-1, not yet supported alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 off alias ppp-compress-18 ppp_mppe (hint: if you see any 'Cannot find ppp-compress-XX module' errors in /var/log/messages this is probably causing the problem.) -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From natecars at real-time.com Mon Dec 13 15:09:55 1999 From: natecars at real-time.com (Nate Carlson) Date: Mon Dec 13 15:09:55 1999 Subject: [pptp-server] NEWBIE QUESTION In-Reply-To: <199912121938.NAA06470@snaildust.schulte.org> Message-ID: On Mon, 13 Dec 1999, Simon Munro wrote: > > PoPToP sounds great for allowing remote clients to connect to a > LAN. However from what I can gather PoPTop couldn't be used to > join 2 LANs over the Internet to form a WAN? > > Does anyone know of a product that will connect 2 LAN's together > over the Internet - i.e. a VPN connecting 2 subnets. > > This can be done using NT & RRAS however I would much rather > use Linux. > > > TIA > Simon > FreeS/WAN can do this. Nab the url from Freshmeat (www.freshmeat.net). Although, with the proper combination of the pptp client and pptpd server, you could probably use pptp for all of this.. -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From tmk at netmagic.net Mon Dec 13 16:49:55 1999 From: tmk at netmagic.net (tmk) Date: Mon Dec 13 16:49:55 1999 Subject: [pptp-server] VPN using SSH and pppd In-Reply-To: <3.0.5.32.19991213101828.00819c40@mail.bloch.org.il> Message-ID: You cant connect windows stations to the lan using ssh, at least not without a ppp stack that can connect using a tcp port. Kevin On Mon, 13 Dec 1999, ilan Bloch wrote: > Hi there, > But if it's easier AND you can connect WinXX stations to the LAN why then > bother with PPTP -and its rather cumbersome install process ? > > ilan > > At 11:01 10/12/99 -0600, Eric Anderson wrote: > >True.. it is easier.. i chose to go this method and have it working now.. > >there is one problem i am having with pppd tho.. i cant set the netmask > >(which i have seen on this list before).. i have tried using ppp 2.3.9 and > >2.3.10... still, no avail.. other than that, it works great.. > > > > > >At 11:53 AM 12/10/99 -0500, Ed Padin wrote: > > > >>I think that SSH method may be easier because all you're doign is an > >>encrypted RSH where you redirect the input and output through a PPP server > >>and client. SSH v1 does have it's own vulnerabilities. SSH v2 is better but > >>it is a commercial product. > >> > >> >-----O > >> >-----Original Message----- > >> >From: Benjamin Smith [mailto:bens at saber.net] > >> >Sent: Friday, December 10, 1999 11:28 AM > >> >To: pptp-server at lists.schulte.org > >> >Subject: [pptp-server] VPN using SSH and pppd > >> > > >> > > >> >Recently, I read an interesting article in Linux Journal about > >> >setting up a VPN > >> >using remote SSH login, pppd and route. > >> > > >> >Has anybody here ever tried this method? In terms of > >> >implementation, is this > >> >more or less complicated than VPN with PPTP? (I've heard lots > >> >of nasty stuff > >> >about MS PPTP and bad security) > >> > > >> >I don't plan on trying to VPN via modem or anything, and with the above > >> >solution, Windows clients on each network side would "see" the > >> >other clients. > >> >(In theory - I've not ever implemented it yet) > >> > > >> >I have two Linux boxes (one is RH 6.0, the other is 6.1) > >> >running via ADSL, > >> >(approximately 1.0-1.5 Mb d/l, ~384k u/l) each providing > >> >masqueraded Internet > >> >access for LANs. Since I'm already using SSH to do work @work from my > >> >home-office LAN, this seems rather natural. The main > >> >application will be > >> >PC/Anywhere or VNC. > >> > > >> >Thoughts, anyone? (thanks!) > >> > > >> > > >> >_______________________________________________ > >> >pptp-server maillist - pptp-server at lists.schulte.org > >> >http://lists.schulte.org/mailman/listinfo/pptp-server > >> >List services provided by www.schulte.org! > >> > > >> > >>_______________________________________________ > >>pptp-server maillist - pptp-server at lists.schulte.org > >>http://lists.schulte.org/mailman/listinfo/pptp-server > >>List services provided by www.schulte.org! > > > > > > > >____________________________________ > >Microsoft: Where do you want to go today? > >Linux: Where do you want to go tomorrow? > >FreeBSD: Are you guys coming or what? > > > > > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >List services provided by www.schulte.org! > > > > > ***************************************** > Ilan Bloch > > Nouvelle adresse - New address - Neuiwe address - > Neue Addresse > > ilan at bloch.org.il > ***************************************** > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Mon Dec 13 16:54:06 1999 From: tmk at netmagic.net (tmk) Date: Mon Dec 13 16:54:06 1999 Subject: [pptp-server] proxy ARP In-Reply-To: Message-ID: this means that the ip address you gave the client is not on the same subnet as the ethernet card that is supposed to be proxy arp'ing for it. If the clients aren't on the same subnet, then there isn't any reason to do proxy arp, since arp finds the mac address of an ip on the same subnet only. If the client is on a different subnet, then routing needs to be used. If you dont want to do routing, just make sure hte clcient's address is on the same subnet as the eth card that you want to do proxy arp for it. Kevin On Mon, 13 Dec 1999, Tony Galan wrote: > Anyone know how I can fix the problem on line #7 > (Cannot determine ethernet address for proxy ARP)? > > Thanks in advance. > > Tony Galan > > -------------------/var/log/messages------------------------------------ > Dec 12 05:52:42 obiwan pppd[7150]: pppd 2.3.8 started by root, uid 0 > Dec 12 05:52:42 obiwan pppd[7150]: Using interface ppp1 > Dec 12 05:52:42 obiwan pppd[7150]: Connect: ppp1 <--> /dev/pts/4 > Dec 12 05:52:44 obiwan pppd[7150]: CHAP peer authentication succeeded forjoe > Dec 12 05:52:45 obiwan pppd[7150]: CCP terminated by peer > Dec 12 05:52:45 obiwan pppd[7150]: Compression disabled by peer. > Dec 12 05:52:48 obiwan pppd[7150]: Cannot determine ethernet address for > proxy ARP > Dec 12 05:52:48 obiwan pppd[7150]: local IP address 192.168.1.235 > Dec 12 05:52:48 obiwan pppd[7150]: remote IP address 192.168.2.235 > Dec 12 05:59:22 obiwan pppd[7150]: Modem hangup > Dec 12 05:59:22 obiwan pppd[7150]: Connection terminated. > Dec 12 05:59:22 obiwan pppd[7150]: Connect time 6.7 minutes. > Dec 12 05:59:22 obiwan pppd[7150]: Sent 515 bytes, received 2326 bytes. > Dec 12 05:59:22 obiwan pppd[7150]: Exit. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Mon Dec 13 16:57:58 1999 From: tmk at netmagic.net (tmk) Date: Mon Dec 13 16:57:58 1999 Subject: [pptp-server] pppd will not connect In-Reply-To: <385543DE.AC7F5877@cardinalengineering.com> Message-ID: looks like you are missing the mschapV2 and possibly the mppe kernel modules. (actually i think they are the same module) Anyways, make sure you remake modules and such. As you no doubt have noticed, the password isnt working so it kicks you off. It could be that your domain isnt allowed to login or something, but there wasnt enough info provided to say for sure. Kevin On Mon, 13 Dec 1999, Yan Seiner wrote: > OK, I'm about to give up on PPTP. I rebuilt the ppp modules per the FAQ > last week; no dice. So I spent some time over the weekend on my test > bed and built a working pppd. Tested, ran, I could dial in and > connect. No sweat. Tarballed the patched source and transferred it to > the production server. > > Rebuilt from source, installed and - no dice. Same config, same options > file, same ISP, same login, same everyting. Both machines are RH 6.0. > The only difference is that the test bed has the 2.2.5 kernel while the > production box has the 2.2.13. kernel. > > I am trying to apply the MS patches. > > Here's what I get: > > Using interface ppp0 > Connect: ppp0 <--> /dev/ttyD3 > sent [LCP ConfReq id=0x1 > ] > Timeout 0x8050164:0x8077400 in 3 seconds. > sent [LCP ConfReq id=0x1 > ] > Timeout 0x8050164:0x8077400 in 3 seconds. > sent [LCP ConfReq id=0x1 > ] > Timeout 0x8050164:0x8077400 in 3 seconds. > sent [LCP ConfReq id=0x1 > ] > Timeout 0x8050164:0x8077400 in 3 seconds. > rcvd [LCP ConfReq id=0x1 0xcca804e8> < 11 04 05 ea> < 13 03 00>] > lcp_reqci: rcvd unknown option 17 > lcp_reqci: rcvd unknown option 19 > lcp_reqci: returning CONFREJ. > sent [LCP ConfRej id=0x1 < 11 04 05 ea> < 13 03 00>] > rcvd [LCP ConfAck id=0x1 > ] > rcvd [LCP ConfReq id=0x2 0xcca804e8> ] > lcp_reqci: returning CONFACK. > sent [LCP ConfAck id=0x2 0xcca804e8> ] > Untimeout 0x8050164:0x8077400. > Timeout 0x8054fc4:0x80776a0 in 30 seconds. > sent [PAP AuthReq id=0x1 user="xxxxx" password="xxxxx"] > Timeout 0x8054f84:0x80776a0 in 3 seconds. > rcvd [PAP AuthAck id=0x1 ""] > Untimeout 0x8054fc4:0x80776a0. > sent [LCP TermReq id=0x2 "Authentication failed"] > Timeout 0x8050164:0x8077400 in 3 seconds. > rcvd [LCP TermAck id=0x2] > Untimeout 0x8050164:0x8077400. > Connection terminated. > Timeout 0x804e6a0:0x0 in 30 seconds. > > > -- > > Think different > ride a recumbent > use Linux. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Mon Dec 13 17:01:50 1999 From: tmk at netmagic.net (tmk) Date: Mon Dec 13 17:01:50 1999 Subject: [pptp-server] pppd will not connect In-Reply-To: <385543DE.AC7F5877@cardinalengineering.com> Message-ID: ok, i read the rest of the thread, and the quick and dirty fix for you would be to have two versions of pppd on your linux box. pptp lets you speficy the pppd binary, so you could build one stock (call it pppd) and one withthe extra stuff (call it pppd_mppe) and just change the appropriate line in the .h file when you compile pptpd to tell it to use the version that supports encryption. Kevin On Mon, 13 Dec 1999, Yan Seiner wrote: > OK, I'm about to give up on PPTP. I rebuilt the ppp modules per the FAQ > last week; no dice. So I spent some time over the weekend on my test > bed and built a working pppd. Tested, ran, I could dial in and > connect. No sweat. Tarballed the patched source and transferred it to > the production server. > > Rebuilt from source, installed and - no dice. Same config, same options > file, same ISP, same login, same everyting. Both machines are RH 6.0. > The only difference is that the test bed has the 2.2.5 kernel while the > production box has the 2.2.13. kernel. > > I am trying to apply the MS patches. > > Here's what I get: > > Using interface ppp0 > Connect: ppp0 <--> /dev/ttyD3 > sent [LCP ConfReq id=0x1 > ] > Timeout 0x8050164:0x8077400 in 3 seconds. > sent [LCP ConfReq id=0x1 > ] > Timeout 0x8050164:0x8077400 in 3 seconds. > sent [LCP ConfReq id=0x1 > ] > Timeout 0x8050164:0x8077400 in 3 seconds. > sent [LCP ConfReq id=0x1 > ] > Timeout 0x8050164:0x8077400 in 3 seconds. > rcvd [LCP ConfReq id=0x1 0xcca804e8> < 11 04 05 ea> < 13 03 00>] > lcp_reqci: rcvd unknown option 17 > lcp_reqci: rcvd unknown option 19 > lcp_reqci: returning CONFREJ. > sent [LCP ConfRej id=0x1 < 11 04 05 ea> < 13 03 00>] > rcvd [LCP ConfAck id=0x1 > ] > rcvd [LCP ConfReq id=0x2 0xcca804e8> ] > lcp_reqci: returning CONFACK. > sent [LCP ConfAck id=0x2 0xcca804e8> ] > Untimeout 0x8050164:0x8077400. > Timeout 0x8054fc4:0x80776a0 in 30 seconds. > sent [PAP AuthReq id=0x1 user="xxxxx" password="xxxxx"] > Timeout 0x8054f84:0x80776a0 in 3 seconds. > rcvd [PAP AuthAck id=0x1 ""] > Untimeout 0x8054fc4:0x80776a0. > sent [LCP TermReq id=0x2 "Authentication failed"] > Timeout 0x8050164:0x8077400 in 3 seconds. > rcvd [LCP TermAck id=0x2] > Untimeout 0x8050164:0x8077400. > Connection terminated. > Timeout 0x804e6a0:0x0 in 30 seconds. > > > -- > > Think different > ride a recumbent > use Linux. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From rowl at earthcorp.com Mon Dec 13 18:23:57 1999 From: rowl at earthcorp.com (Michael St. Laurent) Date: Mon Dec 13 18:23:57 1999 Subject: [pptp-server] Configuring outgoing pptp connections Message-ID: <3.0.6.32.19991213161337.008193c0@guardian.hartwellcorp.com> I am trying to setup a firewall system so that it will automatically establish a pptp connection to multiple other locations either on demand or when the system is booted (and just leave them up). Does a HOW-TO for this exist? If not can someone who has done this give me a few pointers to get me started? -------------------- Michael St. Laurent Hartwell Corporation From cunctator at apartia.ch Tue Dec 14 07:58:42 1999 From: cunctator at apartia.ch (Louis-David Mitterrand) Date: Tue Dec 14 07:58:42 1999 Subject: sharing of IP addresses between ppp0 and eth0 (was Re: [pptp-server] proxy ARP) In-Reply-To: ; from tmk@netmagic.net on Mon, Dec 13, 1999 at 03:06:58PM -0800 References:

Message-ID: <19991214145834.A1394@aparima.com> On Mon, Dec 13, 1999 at 03:06:58PM -0800, tmk wrote: > this means that the ip address you gave the client is not on the same > subnet as the ethernet card that is supposed to be proxy arp'ing for it. > > If the clients aren't on the same subnet, then there isn't any reason to > do proxy arp, since arp finds the mac address of an ip on the same subnet > only. If the client is on a different subnet, then routing needs to be > used. > > If you dont want to do routing, just make sure hte clcient's address is on > the same subnet as the eth card that you want to do proxy arp for it. Is it a problem if I assign the ppp0 adapter (local IP in pptp.conf) the same IP address as the eht0 adapter? (It seems to work here but I want to make sure I am not commiting some cardinal networking sin here ;-) -- Louis-David Mitterrand - mito at aparima.com - http://www.aparima.com Should crematoriums give discounts for burn victims? From chavant at geosys.fr Tue Dec 14 10:22:24 1999 From: chavant at geosys.fr (Jean-Paul Chavant) Date: Tue Dec 14 10:22:24 1999 Subject: [pptp-server] problem connecting to pptpd server Message-ID: <001d01bf464e$aad5e080$7d03a8c0@pcjpc> Hello, my pptp server is a linux box with kernel 2.2.13 pptpd 1.0 & pppd 2.3.8 When my client (win95) is on the same network of pptp server i can connect. when my client (win95) and pptp server are on different network (separated by a linux router (filter for dmz) i can access to the pptp server with my client ... (linux router is 2.2.13 kernel with ipchains 1.3.8). Error is : Error 678 : time out my filtrant router has these policies : echo -n "PPTP" /sbin/ipchains -A input -p tcp -s client -d pptpd 1723 -j ACCEPT /sbin/ipchains -A input -p tcp -d client -s pptpd 1723 -j ACCEPT /sbin/ipchains -A output -p tcp -s client -d pptpd 1723 -j ACCEPT /sbin/ipchains -A output -p tcp -d client -s pptpd 1723 -j ACCEPT /sbin/ipchains -A forward -p tcp -s client -d pptpd 1723 -j ACCEPT /sbin/ipchains -A forward -p tcp -d client -s pptpd 1723 -j ACCEPT echo -n "GRE" /sbin/ipchains -A input -p 47 -s client -d pptpd -j ACCEPT /sbin/ipchains -A input -p 47 -d client -s pptpd -j ACCEPT /sbin/ipchains -A output -p 47 -s client -d pptpd -j ACCEPT /sbin/ipchains -A output -p 47 -d client -s pptpd -j ACCEPT /sbin/ipchains -A forward -p 47 -d client -s pptpd -j ACCEPT is it correct ? is it possible to upgrade timeout in win95 client ? thanks Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From andreisv at isdn.net.il Tue Dec 14 17:02:25 1999 From: andreisv at isdn.net.il (Andrei Sava) Date: Tue Dec 14 17:02:25 1999 Subject: [pptp-server] AtmPvc option in PPTP Client for Linux Message-ID: <199912142302.BAA24298@mail.barak.net.il> Hello, Although this issue is not directly related to the PPTP server but to the client, i thought that perhaps someone in this mailing list might be able to help... I am connecting to the Internet through an ADSL connection, using PPTP. In order to configure my connection in Windows, i set up a VPN PPTP dialup, specifying as IP address "10.10.20.62 0510". The parameter 0510 that follows the IP is called ATM-PVC port, and is required in order to establish the connection. I would like to connect to the internet using my linux box, but the linux PPTP client (www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/) does not support sending the AtmPvc parameter. Following is some information about AtmPvc: I am using an Orckit FastInternet ADSL modem (www.orckit.com). This parameter is actually a string that is being sent by the dialup adapter to the modem. It is not treated by the modem as a number but as a string. Different configurations require a parameter that contains letters. The paramter is used for ISP selection. I can telnet into my modem and watch connection status (using the command 'event show'). This is the status output when using the linux client, that does not send the ATM parameter: MSG_R_LISTEN new r NEW RX type (1 ) send_packet size 156 new_server_socket f 5932896 pptp MSG_R_RECVr NEW RX type (7 ) TU:set_ipmac ip = 10.10.20.35 r - 23140a0a l- 3e140a0a TU:get_atmPvc lenght- 0 adddres = <------------ handle_new_outcall atm pvc short <------------ send_packet size 32 pptp MSG_R_RECVr NEW RX type (3 ) handle_con_msg (0):PPTP_STOP_SESSION_REQUEST reason=3 TU:closetunnel (0) send_packet size 16 closeTCP f 5951392 As you can see the modem refused conection without the atm pvc option. When the parameter is specified (using "10.10.20.62 0510" as the IP in Windows dialup adapter), connection is established: pptp: MSG_R_LISTEN new r NEW RX type (1 ) send_packet size 156 new_server_socket f 5914400 pptp MSG_R_RECVr NEW RX type (7 ) TU:set_ipmac ip = 10.10.20.35 r - 23140a0a l- 3e140a0a TU:get_atmPvc lenght- 4 adddres = 0510 <--------------- TU succes new call on pvc L.I= 1 F.I 0 GRE.I 1 <--------------- send_packet size 32 pptp MSG_R_RECVr NEW RX type (15 ) ... Please inform me if you have any ideas how i can patch the PPTP linux client to send the atmPvc parameter to the modem. Thanks, Andrei Sava andreisv at isdn.net.il From matthewr at moreton.com.au Tue Dec 14 18:15:55 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Dec 14 18:15:55 1999 Subject: [pptp-server] 3rd party clients Message-ID: <9912151017010A.13906@gibberling> Gday all, Does anyone know of any 3rd party pptp clients (besides MS clients) that work with PoPToP? please let me know. (also, while i'm spamming the list anyway: does anyone live in NY and have cable internet access?) Cheers, Matt. -- Matthew Ramsay Moreton Bay From ken.hilliard at acotec.com Wed Dec 15 08:15:53 1999 From: ken.hilliard at acotec.com (Ken Hilliard) Date: Wed Dec 15 08:15:53 1999 Subject: [pptp-server] RADIUS server support Message-ID: <001401bf476b$715aebc0$d7766dc0@kenversa.acotec.com> Christopher, Does the Linux PPTP server support authenitication via RADIUS? There are a few RADIUS products that can authenticate VPN users and supply the MPPE encryption key. In the general case does the PPTP server maintain its own authentication or password file/database? Thanks in advance for whatever information you can provide. Ken From yan at cardinalengineering.com Wed Dec 15 11:39:41 1999 From: yan at cardinalengineering.com (Yan Seiner) Date: Wed Dec 15 11:39:41 1999 Subject: [pptp-server] pppd will not connect - solved (for the moment) References: Message-ID: <3857D351.7C76BFB6@cardinalengineering.com> Thanks for all the advice. It turned out to be a "minor" config problem that cost me a few days of head scratching: the old connect line: exec /usr/sbin/pppd connect \ '/usr/sbin/chat -v -f /etc/ppp/chatscript' \ -detach crtscts modem defaultroute persist \ lock \ user xyz \ /dev/ttyD3 115200 the new connect line: exec /usr/sbin/pppd connect \ '/usr/sbin/chat -v -f /etc/ppp/chatscript' \ -detach -chap +pap noauth crtscts modem defaultroute persist \ lock \ user xyz \ /dev/ttyD3 115200 For some reason, on my system, pppd has to be given the options -chap +pap noauth on the command line to work. Putting the same options in the options file did not do the trick, so I also deleted the /etc/ppp/options file to make sure that that was not causing any problems and put all options on the command line. This was for all versions of pppd newer than 2.3.7, which is what shipped with the system. 2.3.7 authenticates with PAP with no problems. --Yan tmk wrote: > > ok, i read the rest of the thread, and the quick and dirty fix for you > would be to have two versions of pppd on your linux box. pptp lets you > speficy the pppd binary, so you could build one stock (call it pppd) and > one withthe extra stuff (call it pppd_mppe) and just change the > appropriate line in the .h file when you compile pptpd to tell it to use > the version that supports encryption. > > Kevin > -- Think different ride a recumbent use Linux. From geoff at gnaa.net Wed Dec 15 13:32:21 1999 From: geoff at gnaa.net (geoff nordli) Date: Wed Dec 15 13:32:21 1999 Subject: [pptp-server] 2.2.10 MPPE patch Message-ID: <000701bf4733$224e6350$0101a8c0@highwayi.com> Does this patch actually work without modification--besides editing the ppp_mppe.c file with: vi /usr/src/ppp-2.3.10/linux/ppp_mppe.c add the #include "rc4_skey.c" to the end of the include section I normally use the 2.3.8, because it works, but would like to try the 2.3.10. thanks, geoff From patl at cag.lcs.mit.edu Wed Dec 15 16:01:30 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Wed Dec 15 16:01:30 1999 Subject: [pptp-server] Reliability over lossy links? Message-ID: We primarily use PPTP to let users tunnel through our firewall from home. We have pptp-1.0.0 set up on a Linux 6.1 system, using kernel 2.2.13 and ppp 2.3.10 plus MPPE patches. Things are working nicely (thanks!), except that connections from remote places, even via a cable modem, wedge completely fairly often. Are others experiencing this problem? The first entry in the TODO list sounds like it is related. I would be interested in helping out. Is anyone actively working on this? If not, does anyone have suggestions for where to start? - Pat From matthewr at moreton.com.au Wed Dec 15 16:52:33 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Dec 15 16:52:33 1999 Subject: [pptp-server] RADIUS server support References: <001401bf476b$715aebc0$d7766dc0@kenversa.acotec.com> Message-ID: <9912160853370Z.13906@gibberling> PoPToP uses pppd for its authentication/encryption. On Thu, 16 Dec 1999, Ken Hilliard wrote: >Christopher, > >Does the Linux PPTP server support authenitication via RADIUS? There are a >few RADIUS products that can authenticate VPN users and supply the MPPE >encryption key. > >In the general case does the PPTP server maintain its own authentication or >password file/database? > >Thanks in advance for whatever information you can provide. > > Ken > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! -- Matthew Ramsay Moreton Bay From macleajb at Trademart-1.EDnet.NS.CA Wed Dec 15 19:04:41 1999 From: macleajb at Trademart-1.EDnet.NS.CA (James B. MacLean) Date: Wed Dec 15 19:04:41 1999 Subject: [pptp-server] RADIUS server support In-Reply-To: <001401bf476b$715aebc0$d7766dc0@kenversa.acotec.com> Message-ID: On Wed, 15 Dec 1999, Ken Hilliard wrote: > Christopher, > Does the Linux PPTP server support authenitication via RADIUS? There are a > few RADIUS products that can authenticate VPN users and supply the MPPE > encryption key. > In the general case does the PPTP server maintain its own authentication or > password file/database? From ken.hilliard at acotec.com Thu Dec 16 00:56:30 1999 From: ken.hilliard at acotec.com (Ken Hilliard) Date: Thu Dec 16 00:56:30 1999 Subject: [pptp-server] RADIUS server support In-Reply-To: Message-ID: <001701bf47f7$325ea1a0$d7766dc0@kenversa.acotec.com> James, The Microsoft Internet Authentication Server (IAS) supports MS-CHAP v1 and v2. I also believe that Funk Software's Steel Belted Radius supports MS-CHAP v1. Our company (Acotec) is working on a Java-based RADIUS server/proxy that we plan to add MS-CHAP authentication. One of the benefits of having RADIUS support for the PPTP server is that you can add other kinds of authentication packages. For example, we've added support for RSA's SecurID for PPTP, so that only user with a valid SecurID token will be allowed access. Thanks for the info. Ken > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of James B. > MacLean > Sent: Wednesday, December 15, 1999 5:04 PM > To: Ken Hilliard > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] RADIUS server support > > > On Wed, 15 Dec 1999, Ken Hilliard wrote: > > Christopher, > > Does the Linux PPTP server support authenitication via RADIUS? > There are a > > few RADIUS products that can authenticate VPN users and supply the MPPE > > encryption key. > > In the general case does the PPTP server maintain its own > authentication or > > password file/database? > > From where I sit, it uses pppd which by default uses > /etc/ppp/chap-secrets. > > I have been working on adding MS-CHAP-v2 authentication to ICradius, but > do not have it ready for general consumption. I have not seen any radius > servers that provide MS-Chap-v2 support. > > > Thanks in advance for whatever information you can provide. > > Ken > > Hope this helps, > JES > -- > James B. MacLean macleajb at ednet.ns.ca > Department of Education http://www.ednet.ns.ca/~macleajb > Nova Scotia, Canada > B3M 4B2 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From gis88512 at cis.nctu.edu.tw Thu Dec 16 09:54:06 1999 From: gis88512 at cis.nctu.edu.tw (=?big5?B?vuW3rA==?=) Date: Thu Dec 16 09:54:06 1999 Subject: [pptp-server] help!!!!!! Message-ID: Think you for reading this mail. I am a graduate student of NCTU in Taiwan. Could you take some time to answer my question of pptp server? Question:Why I can use sniffer to obain data transmitting on the net?? PPTP server suppose to data encrption(RSA RC4 40 bits session key) but the packet that I get on the net is not encrpted. OS: linux redhat 6.0 pptp server: pptp-1.0.0 windows 98 ps:I don't know what is version of pppd ?? so I do not update my pppd. ps: client can connect to pptp server ,and server do not show any error message. ps:After connecting, client can telnet server that have pptp server. I can use sniffer to get clear of packet. why??? Think you for your answer!!!!! Xiao-Feng From natecars at real-time.com Thu Dec 16 10:51:38 1999 From: natecars at real-time.com (Nate Carlson) Date: Thu Dec 16 10:51:38 1999 Subject: [pptp-server] help!!!!!! In-Reply-To: Message-ID: On Thu, 16 Dec 1999, [big5] ???? wrote: > Think you for reading this mail. I am a graduate student of NCTU in Taiwan. > Could you take some time to answer my question of pptp server? > Question:Why I can use sniffer to obain data transmitting on the net?? > PPTP server suppose to data encrption(RSA RC4 40 bits session key) > but the packet that I get on the net is not encrpted. > OS: linux redhat 6.0 > pptp server: pptp-1.0.0 > windows 98 > ps:I don't know what is version of pppd ?? so I do not update my pppd. > ps: client can connect to pptp server ,and server do not show any > error message. > ps:After connecting, client can telnet server that have pptp server. I can > use sniffer to get clear of packet. why??? > > Think you for your answer!!!!! > > Xiao-Feng Have you checked your messages file to make sure that the user is really connecting with encryption? You will probably need to recompile your pppd and kernel modules to get the encryption support (the ppp_mppe module). -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From matthewr at moreton.com.au Thu Dec 16 17:28:56 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu Dec 16 17:28:56 1999 Subject: [pptp-server] Re: help!!!!! References: Message-ID: <9912170930040B.21082@gibberling> Gday! >Think you for reading this mail. I am a graduate student of NCTU in Taiwan. nee how ma? (that's the only mandarin I know :-) >Question:Why I can use sniffer to obain data transmitting on the net?? > PPTP server suppose to data encrption(RSA RC4 40 bits session key) > but the packet that I get on the net is not encrpted. You *must* recompile pppd with the encryption/authentication patch or this will not work!! See the PoPToP HOWTO in html/ of your source directory... or find the HOWTO on the web site (http://www.moretonbay.com/vpn/pptp.html) Cheers, Matt. From macleajb at Trademart-1.EDnet.NS.CA Thu Dec 16 20:30:55 1999 From: macleajb at Trademart-1.EDnet.NS.CA (James B. MacLean) Date: Thu Dec 16 20:30:55 1999 Subject: [pptp-server] RADIUS server support In-Reply-To: <001701bf47f7$325ea1a0$d7766dc0@kenversa.acotec.com> Message-ID: Hi Ken, I'm glad to see that I am not the only one venturing into radius land :). On Thu, 16 Dec 1999, Ken Hilliard wrote: > James, > The Microsoft Internet Authentication Server (IAS) supports MS-CHAP v1 and > v2. I also believe that Funk Software's Steel Belted Radius supports MS-CHAP > v1. Do you know of standard check keys? I made up my own for the chap response and second challenge. > Our company (Acotec) is working on a Java-based RADIUS server/proxy that we > plan to add MS-CHAP authentication. One of the benefits of having RADIUS > support for the PPTP server is that you can add other kinds of > authentication packages. For example, we've added support for RSA's SecurID > for PPTP, so that only user with a valid SecurID token will be allowed > access. Sounds great. I agree about radius opening more opportunity. The password part seems to be my only hitch. My efforts have been only on v2. I (probably incorrectly) understood v2 was needed for the 128bit stateless encryption. I'm not convinced I am doing that great of a solution. At this time I am returning the password in a reply pair that is used by pppd natively to create the keys. Plus either you appear to need to store the password in plain text, or keep the NThash password along with the md5 or whatever else you keep. (Again maybe there is a better way :). > Thanks for the info. Thanks for letting me know I'm not completely off my mark trying to get v2 authentication against a radius server. take care, JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From blalor at netDrives.com Fri Dec 17 15:58:29 1999 From: blalor at netDrives.com (Brian Lalor) Date: Fri Dec 17 15:58:29 1999 Subject: [pptp-server] Ping problems Message-ID: Hey all. My saga continues. :-) I'm really close, now. I've gotten my NT box working as a client to the Linux VPN server. From the NT box, I can connect to any machine on my protected LAN, but I can't ping the PPTP client (the NT box) from nodes on the internal network. I've attached the contents of my arp and routing table, as well as my /etc/ppp/options file. 192.168.235.201 is the IP of our router (yes, the numbers are fictional), 10.0.0.* is our internal subnet, 192.168.235.202 is the PPTP server's external IP addy, 10.0.0.2 is the PPTP server's internal IP addy. The arp table looks a bit suspect to me, but I'm not sure what it should be like. On a totally different note, is there any way to have the NT client dial my server when it boots without human interaction? I'd like to have this box be on a secure connection to our LAN all the time. Thanks to the group for all the help you've given me thus far; I'm so close, I can taste it! :-) B -- Brian Lalor, Web Honkey netDrives blalor at netDrives.com 607-272-5650 x7167 -------------- next part -------------- Address HWtype HWaddress Flags Mask Iface 10.0.0.44 ether 00:C0:F0:22:6F:5D C eth0 10.0.0.211 ether 00:C0:F0:4B:5B:F2 C eth0 10.0.0.99 ether 00:60:94:EB:28:6F C eth0 10.0.0.42 ether 00:C0:F0:22:76:5F C eth0 10.0.0.1 ether 00:C0:F0:2B:11:59 C eth0 192.168.235.201 ether 00:60:47:A5:42:26 C eth1 10.0.0.38 ether 00:C0:F0:15:3B:C7 C eth0 10.0.0.33 ether 00:C0:F0:2A:EA:5F C eth0 10.0.0.34 ether 00:05:02:F8:5E:9A C eth0 10.0.0.29 ether 00:C0:F0:4B:5B:EE C eth0 10.0.0.18 ether 00:C0:F0:15:E6:56 C eth0 10.0.0.202 ether 00:C0:F0:2B:11:A3 C eth0 10.0.0.16 ether 00:C0:F0:15:3B:31 C eth0 10.0.0.51 ether 00:C0:F0:2B:11:A1 C eth0 10.0.0.205 ether 00:05:02:91:A4:14 C eth0 10.0.0.206 ether 00:C0:F0:15:D5:A4 C eth0 10.0.0.252 * * MP eth0 -------------- next part -------------- Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.235.202 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 10.0.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 10.0.0.252 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.235.200 0.0.0.0 255.255.255.252 U 0 0 0 eth1 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.235.201 0.0.0.0 UG 0 0 0 eth1 -------------- next part -------------- # 115200 # defaultroute # passive 192.168.235.202:10.0.0.250 lock debug auth name stratus require-chap +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless netmask 255.255.255.0 ms-dns 10.0.0.2 ms-wins 10.0.0.2 proxyarp From edk at cendatsys.com Fri Dec 17 16:48:51 1999 From: edk at cendatsys.com (Edward King) Date: Fri Dec 17 16:48:51 1999 Subject: [pptp-server] Ping problems References: Message-ID: <385ABD5F.8F2E5B17@cendatsys.com> To have the NT server dial on startup we've put a shortcut into the Start -> Programs -> Startup. When the user logs on, it executes. To get automatic logon there are some registry entries you can change, or do it the easy way and install "Tweak UI" -- I believe we got it off the microsoft site. It allows automatic login on bootup to any user you want. Edward King Centurion Data Systems, Inc. 262-524-9290 Brian Lalor wrote: > Hey all. My saga continues. :-) I'm really close, now. I've gotten my > NT box working as a client to the Linux VPN server. From the NT box, I > can connect to any machine on my protected LAN, but I can't ping the PPTP > client (the NT box) from nodes on the internal network. > > I've attached the contents of my arp and routing table, as well as my > /etc/ppp/options file. 192.168.235.201 is the IP of our router (yes, the > numbers are fictional), 10.0.0.* is our internal subnet, 192.168.235.202 > is the PPTP server's external IP addy, 10.0.0.2 is the PPTP server's > internal IP addy. The arp table looks a bit suspect to me, but I'm not > sure what it should be like. > > On a totally different note, is there any way to have the NT client > dial my server when it boots without human interaction? I'd like to have > this box be on a secure connection to our LAN all the time. > > Thanks to the group for all the help you've given me thus far; I'm so > close, I can taste it! :-) > > B > > -- > Brian Lalor, Web Honkey > netDrives > blalor at netDrives.com > 607-272-5650 x7167 > > ------------------------------------------------------------------------ > Name: arp.out > arp.out Type: Plain Text (TEXT/PLAIN) > Encoding: BASE64 > > Name: route.out > route.out Type: Plain Text (TEXT/PLAIN) > Encoding: BASE64 > > Name: ppp_options.out > ppp_options.out Type: Plain Text (TEXT/PLAIN) > Encoding: BASE64 From patl at cag.lcs.mit.edu Fri Dec 17 18:09:53 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Fri Dec 17 18:09:53 1999 Subject: [pptp-server] Unsupported protocol errors from pppd? Message-ID: This is with pptpd-1.0.0 and ppp-2.3.10+mppe+stateless patches. For some of our clients, PoPToP is working great. For others, we log a bunch of messages like the ones below. As you can see, pppd is complaining about "unsupported protocol" errors, after the PPP link has been negotiated and authenticated. There is no pattern to the protocol numbers that I can discern. Based on my limited knowledge of this stuff, I am guessing this is some sort of HDLC weirdness (address/control field compression problem?), since the protocol field comes just before the data in the PPP/HDLC frame. Does anyone have suggestions for sorting this out? I am willing to hack pptpd and/or pppd to gather more information, but suggestions from an expert as to *what* information I should gather would be helpful. I also have more complete debugging logs if anyone wants to see them. - Pat (Note: IP addresses and names x'ed out below to protect the guilty) 18:23:07 pptpd: CTRL: Client xx.xx.xx.xx control connection started 18:23:07 pptpd: CTRL: Starting call (launching pppd, opening GRE) 18:23:07 kernel: CSLIP: code copyright 1989 Regents of the University of California 18:23:07 kernel: PPP: version 2.3.10 (demand dialling) 18:23:07 kernel: PPP line discipline registered. 18:23:07 kernel: registered device ppp0 18:23:07 pppd: pppd 2.3.10 started by root, uid 0 18:23:07 pppd: Using interface ppp0 18:23:07 pppd: Connect: ppp0 <--> /dev/pts/0 18:23:07 pptpd: CTRL: Ignored a SET LINK INFO packet with real ACCMs! 18:23:07 kernel: PPP BSD Compression module registered 18:23:07 kernel: PPP MPPE compression module registered 18:23:07 kernel: PPP Deflate Compression module registered 18:23:07 pppd: MSCHAP peer authentication succeeded for xxx 18:23:08 pppd: found interface eth0 for proxy arp 18:23:08 pppd: local IP address xx.xx.xx.xx 18:23:08 pppd: remote IP address xx.xx.xx.xx 18:23:08 pppd: MPPE 40 bit, non-stateless compression enabled 18:23:13 pppd: Unsupported protocol (0x1e98) received 18:23:14 pppd: Unsupported protocol (0x5081) received 18:23:16 pppd: Unsupported protocol (0x6c02) received 18:23:22 pppd: Unsupported protocol (0x1425) received 18:23:23 pppd: Unsupported protocol (0xd53d) received 18:23:25 pppd: Unsupported protocol (0x8a99) received 18:23:31 pppd: Unsupported protocol (0x5728) received 18:23:32 pppd: Unsupported protocol (0x16d3) received 18:23:34 pppd: Unsupported protocol (0x27b) received 18:23:40 pppd: Unsupported protocol (0xecc9) received 18:23:41 pppd: Unsupported protocol (0xe32c) received 18:23:43 pppd: Unsupported protocol (0xd282) received 18:23:49 pppd: Unsupported protocol (0x3161) received 18:23:50 pppd: Unsupported protocol (0x1b8d) received 18:23:52 pppd: Unsupported protocol (0x51be) received 18:23:54 pppd: Unsupported protocol (0xb2d3) received 18:24:00 pppd: Unsupported protocol (0x27cb) received 18:24:02 pppd: Unsupported protocol (0xedb7) received 18:24:04 pppd: Unsupported protocol (0x9afd) received 18:24:04 pppd: Unsupported protocol (0xfad8) received 18:24:04 pppd: Unsupported protocol (0x2a15) received 18:24:05 pppd: Unsupported protocol (0x9d58) received 18:24:05 pppd: Unsupported protocol (0x7fc8) received 18:24:06 pppd: Unsupported protocol (0x9f23) received 18:24:07 pppd: Unsupported protocol (0xf465) received 18:24:20 pppd: Unsupported protocol (0x9532) received 18:24:20 pppd: Unsupported protocol (0xc784) received 18:24:20 pppd: Unsupported protocol (0x442c) received 18:24:21 pppd: Unsupported protocol (0x15e) received 18:24:22 pppd: Unsupported protocol (0x19a1) received 18:24:22 pppd: Unsupported protocol (0xe012) received 18:24:22 pppd: Unsupported protocol (0xa056) received 18:24:23 pppd: Unsupported protocol (0x27f7) received 18:24:23 pppd: Unsupported protocol (0x3a53) received 18:24:23 pppd: Unsupported protocol (0x86c) received 18:24:24 pppd: Unsupported protocol (0x88f3) received 18:24:24 pppd: Unsupported protocol (0x80c3) received 18:24:24 pppd: Unsupported protocol (0x75a6) received 18:24:25 pppd: Unsupported protocol (0xc361) received 18:24:25 pppd: Unsupported protocol (0x2753) received 18:24:26 pppd: Unsupported protocol (0xe80a) received 18:24:27 pppd: Unsupported protocol (0xb332) received 18:24:27 pppd: Unsupported protocol (0x287c) received 18:24:27 pppd: Unsupported protocol (0x260b) received 18:24:28 pppd: Unsupported protocol (0xac4d) received 18:24:28 pppd: Unsupported protocol (0x6626) received 18:24:29 pppd: Unsupported protocol (0xc5dd) received 18:24:30 pppd: Unsupported protocol (0x1db1) received 18:24:30 pppd: Unsupported protocol (0x8348) received 18:24:30 pppd: Unsupported protocol (0xa3bd) received 18:24:31 pppd: Unsupported protocol (0x4bd7) received 18:24:31 pppd: Unsupported protocol (0xb0f5) received 18:24:31 pppd: Unsupported protocol (0x216d) received 18:24:32 pppd: Unsupported protocol (0x73c1) received 18:24:33 pppd: Unsupported protocol (0xc00) received 18:24:33 pppd: Unsupported protocol (0x8f1d) received 18:24:34 pppd: Unsupported protocol (0xdc7a) received 18:24:35 pppd: Unsupported protocol (0x4d5e) received 18:24:48 pppd: Unsupported protocol (0xceda) received 18:24:48 pppd: Unsupported protocol (0x6ea9) received 18:24:49 pppd: Unsupported protocol (0x3d73) received 18:24:50 pppd: Unsupported protocol (0x287f) received 18:24:50 pppd: Unsupported protocol (0x6a8b) received 18:24:51 pppd: Unsupported protocol (0x536d) received 18:24:51 pppd: Unsupported protocol (0xb4b0) received 18:24:52 pppd: Unsupported protocol (0xd47f) received 18:24:52 pppd: Unsupported protocol (0x54d5) received 18:24:52 pppd: Unsupported protocol (0x161a) received 18:24:53 pppd: Unsupported protocol (0xd34f) received 18:24:53 pppd: Unsupported protocol (0x6847) received 18:24:54 pppd: Unsupported protocol (0x8e64) received 18:24:54 pppd: Unsupported protocol (0x1e38) received 18:24:55 pppd: Unsupported protocol (0xc75e) received 18:24:55 pppd: Unsupported protocol (0xba93) received 18:24:56 pppd: Unsupported protocol (0x8fce) received 18:24:56 pppd: Unsupported protocol (0x1422) received 18:24:57 pppd: Unsupported protocol (0xc7f3) received 18:24:57 pppd: Unsupported protocol (0x88f6) received 18:24:57 pppd: Unsupported protocol (0x49b2) received 18:24:58 pppd: Unsupported protocol (0xeacd) received 18:24:58 pppd: Unsupported protocol (0x96c7) received 18:24:59 pppd: Unsupported protocol (0x4bc6) received 18:24:59 pppd: Unsupported protocol (0x83e9) received 18:24:59 pppd: Unsupported protocol (0x781a) received 18:25:00 pppd: Unsupported protocol (0x48f0) received 18:25:01 pppd: Unsupported protocol (0xd278) received 18:25:01 pppd: Unsupported protocol (0x4320) received 18:25:01 pppd: Unsupported protocol (0x3523) received 18:25:01 pppd: Unsupported protocol (0x3fad) received 18:25:02 pppd: Unsupported protocol (0xbc02) received 18:25:02 pppd: Unsupported protocol (0x5bbf) received 18:25:03 pppd: Unsupported protocol (0xca33) received 18:25:03 pppd: Unsupported protocol (0x7899) received 18:25:03 pppd: Unsupported protocol (0x8ee8) received 18:25:04 pppd: Unsupported protocol (0x9a4) received 18:25:05 pppd: Unsupported protocol (0xf7c5) received 18:25:05 pppd: Unsupported protocol (0xa840) received 18:25:05 pppd: Unsupported protocol (0xafce) received 18:25:06 pppd: Unsupported protocol (0xac97) received 18:25:07 pppd: Unsupported protocol (0x573b) received 18:25:07 pppd: Unsupported protocol (0x3d50) received 18:25:07 pppd: Unsupported protocol (0x4afd) received 18:25:08 pppd: Unsupported protocol (0x304f) received 18:25:09 pppd: Unsupported protocol (0x85d5) received 18:25:09 pppd: Unsupported protocol (0x22c5) received 18:25:09 pppd: Unsupported protocol (0xbdf5) received 18:25:10 pppd: Unsupported protocol (0xa29e) received 18:25:11 pppd: Unsupported protocol (0xf3ea) received 18:25:11 pppd: Unsupported protocol (0xe805) received 18:25:11 pppd: Unsupported protocol (0x1833) received 18:25:12 pppd: Unsupported protocol (0x7876) received 18:25:13 pppd: Unsupported protocol (0xd3a4) received 18:25:13 pppd: Unsupported protocol (0xc957) received 18:25:14 pppd: Unsupported protocol (0x5746) received 18:25:16 pppd: Unsupported protocol (0x80e1) received 18:25:19 pppd: Unsupported protocol (0x8f7b) received 18:25:22 pppd: Unsupported protocol (0x109d) received 18:25:23 pppd: Unsupported protocol (0xc0dd) received 18:25:24 pppd: Unsupported protocol (0x6c9f) received 18:25:25 pppd: Unsupported protocol (0x9e6b) received 18:25:29 pppd: Unsupported protocol (0xe7d7) received 18:25:31 pppd: Unsupported protocol (0x505b) received 18:25:32 pppd: Unsupported protocol (0x231b) received 18:25:34 pppd: Unsupported protocol (0x6f80) received 18:25:34 pppd: Unsupported protocol (0xa9ab) received 18:25:39 pppd: Unsupported protocol (0xdd57) received 18:25:40 pppd: Unsupported protocol (0x5e45) received 18:25:41 pppd: Unsupported protocol (0x191c) received 18:25:43 pppd: Unsupported protocol (0xe9e8) received 18:25:46 pppd: Unsupported protocol (0xfbcf) received 18:25:49 pppd: Unsupported protocol (0x1e7b) received 18:25:50 pppd: Unsupported protocol (0xa0f5) received 18:25:52 pppd: Unsupported protocol (0x9642) received 18:25:53 pppd: Unsupported protocol (0x5a5b) received 18:26:02 pptpd: CTRL: Error with select(), quitting 18:26:02 pptpd: CTRL: Client xx.xx.xx.xx control connection finished 18:26:02 pppd: Modem hangup 18:26:02 pppd: Connection terminated. 18:26:02 pppd: Connect time 3.0 minutes. 18:26:02 pppd: Sent 16634 bytes, received 16201 bytes. 18:26:02 pppd: Exit. From stan at rogge.net Fri Dec 17 18:27:08 1999 From: stan at rogge.net (Stan A. Rogge) Date: Fri Dec 17 18:27:08 1999 Subject: [pptp-server] Ping problems References: <385ABD5F.8F2E5B17@cendatsys.com> Message-ID: <001e01bf48ee$77991280$fd01a8c0@harmonic.com> But, how do you get a VPN connection up automatically on a boot-up, no logon at all. Anyone have any fairy dust for this? ----- Original Message ----- From: "Edward King" To: "Brian Lalor" Cc: Sent: Friday, December 17, 1999 4:46 PM Subject: Re: [pptp-server] Ping problems | To have the NT server dial on startup we've put a shortcut into the Start -> | Programs -> Startup. When the user logs on, it executes. | | To get automatic logon there are some registry entries you can change, or do | it the easy way and install "Tweak UI" -- I believe we got it off the | microsoft site. It allows automatic login on bootup to any user you want. | | Edward King | Centurion Data Systems, Inc. | 262-524-9290 | | Brian Lalor wrote: | | > Hey all. My saga continues. :-) I'm really close, now. I've gotten my | > NT box working as a client to the Linux VPN server. From the NT box, I | > can connect to any machine on my protected LAN, but I can't ping the PPTP | > client (the NT box) from nodes on the internal network. | > | > I've attached the contents of my arp and routing table, as well as my | > /etc/ppp/options file. 192.168.235.201 is the IP of our router (yes, the | > numbers are fictional), 10.0.0.* is our internal subnet, 192.168.235.202 | > is the PPTP server's external IP addy, 10.0.0.2 is the PPTP server's | > internal IP addy. The arp table looks a bit suspect to me, but I'm not | > sure what it should be like. | > | > On a totally different note, is there any way to have the NT client | > dial my server when it boots without human interaction? I'd like to have | > this box be on a secure connection to our LAN all the time. | > | > Thanks to the group for all the help you've given me thus far; I'm so | > close, I can taste it! :-) | > | > B | > | > -- | > Brian Lalor, Web Honkey | > netDrives | > blalor at netDrives.com | > 607-272-5650 x7167 | > | ------------------------------------------------------------------------ | > Name: arp.out | > arp.out Type: Plain Text (TEXT/PLAIN) | > Encoding: BASE64 | > | > Name: route.out | > route.out Type: Plain Text (TEXT/PLAIN) | > Encoding: BASE64 | > | > Name: ppp_options.out | > ppp_options.out Type: Plain Text (TEXT/PLAIN) | > Encoding: BASE64 | | | _______________________________________________ | pptp-server maillist - pptp-server at lists.schulte.org | http://lists.schulte.org/mailman/listinfo/pptp-server | List services provided by www.schulte.org! | From johnoel at hawaii.com Fri Dec 17 18:34:05 1999 From: johnoel at hawaii.com (john oel@H@) Date: Fri Dec 17 18:34:05 1999 Subject: [pptp-server] firewall Message-ID: <199912180129.RAA11463@mail.hawaii.com> hi, after reading the vpn-masq howto and the poptop howto, the poptop howto say that i should open the ports 1723 and 47. but the vpn-masq howto says that i need to update the kernel install ipfwd to run pptp. is this only for pptp servers running on nt servers? or does it apply to linux poptop server as well? johnoel -------------------------------- Get your free email @hawaii.com http://www.hawaii.com/ From leungsp at bigfoot.com Sat Dec 18 00:23:28 1999 From: leungsp at bigfoot.com (Spencer Leung) Date: Sat Dec 18 00:23:28 1999 Subject: [pptp-server] PPTP with PPPOE Message-ID: <385B5260.5B54A88E@bigfoot.com> Hi, Has anyone try pptp with PPPOE? I'm currently subscribed to sympatico.ca for their ADSL service. My pptp server has stopped working since they introduced PPPOE which uses pppd to establish a connection over ethernet. I'm running Redhat 6.0, pppd 2.3.10 with MPPE patch, kernel 2.2.9. The following is taken from the messages log. Dec 18 02:16:29 valuepoint pptpd[1002]: MGR: Manager process started Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Client x.x.x.x control connection started Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Starting call (launching pppd, opening GRE) Dec 18 02:16:34 valuepoint pptpd[1003]: GRE: read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Client x.x.x.x control connection finished Dec 18 02:16:34 valuepoint pppd[1006]: pppd 2.3.10 started by root, uid 0 Dec 18 02:16:34 valuepoint pppd[1006]: Using interface ppp1 Dec 18 02:16:34 valuepoint pppd[1006]: Connect: ppp1 <--> /dev/pts/1 Dec 18 02:16:39 valuepoint pppd[1006]: peer refused to authenticate: terminating link Dec 18 02:16:45 valuepoint pppd[1006]: Connection terminated. Dec 18 02:16:45 valuepoint pppoe[1007]: read (sessionReadFromPPP): Input/output error Dec 18 02:16:45 valuepoint pppd[1006]: Hangup (SIGHUP) Dec 18 02:16:45 valuepoint pppd[1006]: Exit. Thanks for your time. Spencer From camille at mandrakesoft.com Sat Dec 18 20:22:33 1999 From: camille at mandrakesoft.com (Camille Begnis) Date: Sat Dec 18 20:22:33 1999 Subject: [pptp-server] pptp client hardware - newbie Message-ID: <385C415D.387EFCFA@pop.multimania.com> Hi all, This is a general question as I know nothing about pptp. It should go to pptp-client list, but I couldn't find it. Which modem (If one ?) is needed to run a pptp-client under Linux? The point is I am in Dominican Republic. They barely never heard about Linux. The phone company offers what they call "Internat-Flash". From what I could heard from the techs it is based on: xDSL, CDMA ... I heard it has also something to see with pptp. So please could you tell me if pptp covers this. And if so, Which modem do I need that for? Thanks a lot, you're my only source of information here... Camille. From matthewr at moreton.com.au Sat Dec 18 21:18:32 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Sat Dec 18 21:18:32 1999 Subject: [pptp-server] pptp client hardware - newbie References: <385C415D.387EFCFA@pop.multimania.com> Message-ID: <003a01bf496a$ba435880$7b00a8c0@qld.bigpond.net.au> > This is a general question as I know nothing about pptp. It should go to > pptp-client list, but I couldn't find it. The pptp-client list is here: mailto:pptp at opensource.captech.com Concerning needing a modem.. that is unnecessary as PPTP uses IP to wrap PPP. Do not assume that since PPTP uses PPP that you need a modem... Cheers, Matt From butler at dii.net Sun Dec 19 09:08:24 1999 From: butler at dii.net (Philip L. Butler) Date: Sun Dec 19 09:08:24 1999 Subject: [pptp-server] Setting up WINS and DNS in options file... Message-ID: Hi everyone and Happy Holidays !! Is it possible to set the IP address of a WINS server and also internal DNS server into the options file. I assume it would be the pppd options file (/etc/ppp/options). I have the OReilly pppd book and I don't see any reference to setting up the WINS address - and I have to admit that I haven't looked for the DNS stuff yet. Thanks, Phil Butler butler at dii.net From matthewr at moreton.com.au Sun Dec 19 09:17:10 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Sun Dec 19 09:17:10 1999 Subject: [pptp-server] Setting up WINS and DNS in options file... References: Message-ID: <001201bf49cf$232be380$495dc018@qld.bigpond.net.au> Try 'man pppd' From mals at home.com Sun Dec 19 12:25:38 1999 From: mals at home.com (Malay Shah) Date: Sun Dec 19 12:25:38 1999 Subject: [pptp-server] Setting up WINS and DNS in options file... References: <001201bf49cf$232be380$495dc018@qld.bigpond.net.au> Message-ID: <000901bf4a4a$e3dfe600$0240a8c0@mtmc1.on.wave.home.com> To setup WINS, you have to use the following option ms-wins x.x.x.x and the entry for DNS is ms-dns x.x.x.x Mal ----- Original Message ----- From: Matthew Ramsay To: ; Philip L. Butler Sent: Saturday, December 18, 1999 10:14 PM Subject: Re: [pptp-server] Setting up WINS and DNS in options file... > Try 'man pppd' > From memory there is a 'wins x.x.x.x' option...... (?) > I don't know about a pppd DNS option (except maybe usepeerdns or something > probably not really related.. it's been a while :-). > > cheers, > -matt > > > Is it possible to set the IP address of a WINS server and also > > internal DNS server into the options file. I assume it would be the > > pppd options file (/etc/ppp/options). I have the OReilly pppd book > > and I don't see any reference to setting up the WINS address - and I > > have to admit that I haven't looked for the DNS stuff yet. > > > > Thanks, > > > > Phil Butler > > butler at dii.net > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From nmeyers at javalinux.net Mon Dec 20 00:51:38 1999 From: nmeyers at javalinux.net (Nathan Meyers) Date: Mon Dec 20 00:51:38 1999 Subject: [pptp-server] PPTP w/data encryption: works w/W98, not NT Message-ID: <385DD1F6.1741C08D@javalinux.net> Hi, I'm a new PoPToP user. I've configured for support of MS 40-bit encryption with the following setup: Kernel 2.2.12 (RH6.1) pptpd 1.0.0 ppp-2.3.8 with ppp-2.3.8-mppe patches SSLeay 0.6.6b I've configured PPP as follows: name foo auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-stateless I've ended up with a PPTP setup that works flawlessly with Win98 and WinNT clients *without* data encryption, and with a Win98 client using data encryption (after applying the MS dun40.exe update). But I cannot get encryption to work with the WinNT client. I'm running NT workstation with the latest service pack (#6). The following options are disabled in the dialup setup for the VPN connection: IP header compression Default gateway on remote network Software compression PPP LCP extensions The attempt to login succeeds to a certain point: user authentication succeeds but then, during the "Registering your computer on the network" step, NT displays a failure dialog with the message "Error 742: The remote server does not support encryption". Looking at the logfiles on the Linux side, I see a successful authentication and loading of the MPPE module, and then NT apparently just hangs up: >Dec 19 22:39:16 vectra pppd[7845]: pppd 2.3.8 started by root, uid 0 >Dec 19 22:39:16 vectra pppd[7845]: Using interface ppp1 >Dec 19 22:39:16 vectra pppd[7845]: Connect: ppp1 <--> /dev/pts/2 >Dec 19 22:39:16 vectra pptpd[7844]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! >Dec 19 22:39:17 vectra kernel: PPP BSD Compression module registered >Dec 19 22:39:17 vectra kernel: PPP MPPE compression module registered >Dec 19 22:39:17 vectra pppd[7845]: MSCHAP peer authentication succeeded for ntvectra >Dec 19 22:39:18 vectra pptpd[7844]: CTRL: Error with select(), quitting >Dec 19 22:39:18 vectra pptpd[7844]: CTRL: Client 192.168.204.128 control connection finished >Dec 19 22:39:18 vectra pppd[7845]: Modem hangup >Dec 19 22:39:18 vectra pppd[7845]: Connection terminated. >Dec 19 22:39:19 vectra pppd[7845]: Exit. Does anyone recognize this problem? Nathan Meyers nmeyers at javalinux.net From patl at cag.lcs.mit.edu Mon Dec 20 08:22:22 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Mon Dec 20 08:22:22 1999 Subject: [pptp-server] PPTP w/data encryption: works w/W98, not NT In-Reply-To: Nathan Meyers's message of "20 Dec 1999 01:56:32 -0500" References: <385DD1F6.1741C08D@javalinux.net> Message-ID: Nathan Meyers writes: > I've ended up with a PPTP setup that works flawlessly with Win98 and > WinNT clients *without* data encryption, and with a Win98 client > using data encryption (after applying the MS dun40.exe update). But > I cannot get encryption to work with the WinNT client. We have similar behavior here, and it seems to be related to the "Unsupported protocol" errors I and others have reported to this list. Could you try setting the "debug" option in /etc/ppp/options and in /etc/pptpd.conf, then editing syslog.conf to capture daemon.* and local2.* to a log file? If yours is the same problem, there will be a slew of "Unsupported protocol" messages from pppd before the disconnect. What service pack are you on with NT? (We are on 6a here). My guess is that MickeySoft added some nonstandard protocol field compression to their PPP implementation in some service pack. If so, we need to reverse-engineer it... - Pat From jeff at connectware-tul.com Mon Dec 20 09:49:46 1999 From: jeff at connectware-tul.com (Jeff Wilder) Date: Mon Dec 20 09:49:46 1999 Subject: [pptp-server] Firewall/PPTP Server Message-ID: Trying to cut some corners... Is it possible to use the same Linux server for a firewall and a PPTP server? If so is this a security risk? If it can be done, can anyone give an example of how to implement this with ipchains? Thanks in advance. Jeff Wilder Systems Analyst Connectware 9820 East 41st Street, Suite 101 Tulsa, Oklahoma 74146 From natecars at real-time.com Mon Dec 20 10:03:08 1999 From: natecars at real-time.com (Nate Carlson) Date: Mon Dec 20 10:03:08 1999 Subject: [pptp-server] Unsupported protocol errors from pppd? In-Reply-To: Message-ID: On 17 Dec 1999, Patrick J. LoPresti wrote: > This is with pptpd-1.0.0 and ppp-2.3.10+mppe+stateless patches. > > For some of our clients, PoPToP is working great. For others, we log > a bunch of messages like the ones below. As you can see, pppd is > complaining about "unsupported protocol" errors, after the PPP link > has been negotiated and authenticated. There is no pattern to the > protocol numbers that I can discern. > > Based on my limited knowledge of this stuff, I am guessing this is > some sort of HDLC weirdness (address/control field compression > problem?), since the protocol field comes just before the data in the > PPP/HDLC frame. > > Does anyone have suggestions for sorting this out? I am willing to > hack pptpd and/or pppd to gather more information, but suggestions > from an expert as to *what* information I should gather would be > helpful. I also have more complete debugging logs if anyone wants to > see them. > Is this a Win98-a box per chance? If it is, you need to grab the file 'dun40.exe' from Microsoft's web site and apply that. That's the problem I was having.. Win98-a encryption is borked out of the box. -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From patl at cag.lcs.mit.edu Mon Dec 20 10:27:17 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Mon Dec 20 10:27:17 1999 Subject: [pptp-server] Unsupported protocol errors from pppd? In-Reply-To: Nate Carlson's message of "Mon, 20 Dec 1999 10:02:53 -0600 (CST)" References: Message-ID: Nate Carlson writes: > Is this a Win98-a box per chance? No, NT4 SP6a. > If it is, you need to grab the file 'dun40.exe' from Microsoft's web > site and apply that. That's the problem I was having.. Win98-a > encryption is borked out of the box. Interesting; thanks for the tip. We are still trying to track down what makes this happen. It looks like it *might* be triggered when the client lives behind a NAT (IP masquerading) box of some sort. I am having one of our users do some experiments tonight. - Pat From nmeyers at javalinux.net Mon Dec 20 10:43:56 1999 From: nmeyers at javalinux.net (Nathan Meyers) Date: Mon Dec 20 10:43:56 1999 Subject: [pptp-server] PPTP w/data encryption: works w/W98, not NT References: <385DD1F6.1741C08D@javalinux.net> Message-ID: <385E5CC4.26FAEC9@javalinux.net> "Patrick J. LoPresti" wrote: > > Nathan Meyers writes: > > > I've ended up with a PPTP setup that works flawlessly with Win98 and > > WinNT clients *without* data encryption, and with a Win98 client > > using data encryption (after applying the MS dun40.exe update). But > > I cannot get encryption to work with the WinNT client. > > We have similar behavior here, and it seems to be related to the > "Unsupported protocol" errors I and others have reported to this list. Thanks for your response. I saw "Unsupported protocol" with the win98 client before applying the dun40.exe patch. I've never seen it with the NT client (which I'm running with SP6a)... the connection never progresses far enough. I received some other advice to update to PPP 2.3.10 and related patches. I'll give that a try and, if I'm still having problems I'll try to capture some more detailed debug info. Nathan > > Could you try setting the "debug" option in /etc/ppp/options and in > /etc/pptpd.conf, then editing syslog.conf to capture daemon.* and > local2.* to a log file? If yours is the same problem, there will be a > slew of "Unsupported protocol" messages from pppd before the > disconnect. > > What service pack are you on with NT? (We are on 6a here). My guess > is that MickeySoft added some nonstandard protocol field compression > to their PPP implementation in some service pack. If so, we need to > reverse-engineer it... > > - Pat From gord at amador.ca Mon Dec 20 12:11:08 1999 From: gord at amador.ca (Gord Belsey) Date: Mon Dec 20 12:11:08 1999 Subject: [pptp-server] Firewall/PPTP Server References: Message-ID: <011901bf4b15$13db2a70$280111ac@amadorinc.com> Jeff: I've set up several servers this way. The key is to allow tcp port 1723, and protocol 47 through your chains for all the pptp clients. I set up chains for the specific address of the client, as these are static (in my case). If you're using dhcp on the client, you could use a chain for the entire subnet but it would be less secure, obviously. Other than that it's a straight forward ipchains setup. There's nothing special about the pptpd setup....it'll be the same as if it where inside a firewall. Hope this is helpful Gord Belsey ----- Original Message ----- From: Jeff Wilder To: Sent: Monday, December 20, 1999 8:45 AM Subject: [pptp-server] Firewall/PPTP Server > Trying to cut some corners... > Is it possible to use the same Linux server for a firewall and a PPTP > server? If so is this a security risk? If it can be done, can anyone give > an example of how to implement this with ipchains? > > Thanks in advance. > > Jeff Wilder > Systems Analyst > Connectware > 9820 East 41st Street, Suite 101 > Tulsa, Oklahoma 74146 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From gord at amador.ca Mon Dec 20 12:18:12 1999 From: gord at amador.ca (Gord Belsey) Date: Mon Dec 20 12:18:12 1999 Subject: [pptp-server] PPTP with PPPOE References: <385B5260.5B54A88E@bigfoot.com> Message-ID: <012001bf4b16$7943e680$280111ac@amadorinc.com> Spencer: I just went through this last week! I found the problem is that PPPOE and PPTPD sure different options in the ppp options file, and they're not compatible. What I did was take everything out of options in /etc/ppp. Then I created options.pppoe and options.pptp with the appropriate options for each daemon. When I call the daemons, I include -o /etc/options.pppoe for PPPoE and -o /etc/ppp/options.pptp. I also set it up to start on boot. The key ther is simply to start PPPoE before PPTPD. I put scripts in /etc/rc.d/rc3.d that run after the network script. (I run at run level 3). Once I figured out the options file issue. It was clear sailing. Once you get this up and running, I would very much (!!) appreciate your keeping in touch about issues that come up. I'm piloting this right now, and it's working pretty well. But I'm sure some issues will come up.....I'll do the same for you:o) Anyway, I hope this helps. Gord Belsey ----- Original Message ----- From: Spencer Leung To: PPTP Sent: Saturday, December 18, 1999 2:22 AM Subject: [pptp-server] PPTP with PPPOE > Hi, > > Has anyone try pptp with PPPOE? I'm currently subscribed to sympatico.ca > for their ADSL service. > My pptp server has stopped working since they introduced PPPOE which > uses pppd to establish a connection over ethernet. > I'm running Redhat 6.0, pppd 2.3.10 with MPPE patch, kernel 2.2.9. > The following is taken from the messages log. > > Dec 18 02:16:29 valuepoint pptpd[1002]: MGR: Manager process started > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Client x.x.x.x control > connection started > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Starting call (launching > pppd, opening GRE) > Dec 18 02:16:34 valuepoint pptpd[1003]: GRE: > read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = > Input/output error > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: PTY read or GRE write > failed (pty,gre)=(5,6) > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Client x.x.x.x control > connection finished > Dec 18 02:16:34 valuepoint pppd[1006]: pppd 2.3.10 started by root, uid > 0 > Dec 18 02:16:34 valuepoint pppd[1006]: Using interface ppp1 > Dec 18 02:16:34 valuepoint pppd[1006]: Connect: ppp1 <--> /dev/pts/1 > Dec 18 02:16:39 valuepoint pppd[1006]: peer refused to authenticate: > terminating link > Dec 18 02:16:45 valuepoint pppd[1006]: Connection terminated. > Dec 18 02:16:45 valuepoint pppoe[1007]: read (sessionReadFromPPP): > Input/output error > Dec 18 02:16:45 valuepoint pppd[1006]: Hangup (SIGHUP) > Dec 18 02:16:45 valuepoint pppd[1006]: Exit. > > Thanks for your time. > > Spencer > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From gord at amador.ca Mon Dec 20 12:19:11 1999 From: gord at amador.ca (Gord Belsey) Date: Mon Dec 20 12:19:11 1999 Subject: [pptp-server] PPTP with PPPOE References: <385B5260.5B54A88E@bigfoot.com> Message-ID: <012a01bf4b17$129922a0$280111ac@amadorinc.com> Spencer: One more thing. I came accross a problem with routing over PPPoE. It sets the default route to the PPPx IP at\ddress (standard linux thing). However, I couldn't get traffic accross the link. I found that if I deleted the PPPoE inserted route, and added a default route through the OTHER end of the link, it worked fine (that's how CSICO routers do it). I'm still working on this one. I have defaultroute in my options.pppoe. I'm going to try removing it to see what happens. Gord Belsey ----- Original Message ----- From: Spencer Leung To: PPTP Sent: Saturday, December 18, 1999 2:22 AM Subject: [pptp-server] PPTP with PPPOE > Hi, > > Has anyone try pptp with PPPOE? I'm currently subscribed to sympatico.ca > for their ADSL service. > My pptp server has stopped working since they introduced PPPOE which > uses pppd to establish a connection over ethernet. > I'm running Redhat 6.0, pppd 2.3.10 with MPPE patch, kernel 2.2.9. > The following is taken from the messages log. > > Dec 18 02:16:29 valuepoint pptpd[1002]: MGR: Manager process started > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Client x.x.x.x control > connection started > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Starting call (launching > pppd, opening GRE) > Dec 18 02:16:34 valuepoint pptpd[1003]: GRE: > read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = > Input/output error > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: PTY read or GRE write > failed (pty,gre)=(5,6) > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Client x.x.x.x control > connection finished > Dec 18 02:16:34 valuepoint pppd[1006]: pppd 2.3.10 started by root, uid > 0 > Dec 18 02:16:34 valuepoint pppd[1006]: Using interface ppp1 > Dec 18 02:16:34 valuepoint pppd[1006]: Connect: ppp1 <--> /dev/pts/1 > Dec 18 02:16:39 valuepoint pppd[1006]: peer refused to authenticate: > terminating link > Dec 18 02:16:45 valuepoint pppd[1006]: Connection terminated. > Dec 18 02:16:45 valuepoint pppoe[1007]: read (sessionReadFromPPP): > Input/output error > Dec 18 02:16:45 valuepoint pppd[1006]: Hangup (SIGHUP) > Dec 18 02:16:45 valuepoint pppd[1006]: Exit. > > Thanks for your time. > > Spencer > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From gord at amador.ca Mon Dec 20 12:29:39 1999 From: gord at amador.ca (Gord Belsey) Date: Mon Dec 20 12:29:39 1999 Subject: [pptp-server] PPTP with PPPOE References: <385B5260.5B54A88E@bigfoot.com> Message-ID: <014f01bf4b18$95ec68a0$280111ac@amadorinc.com> Spencer: OOPS! For PPTPD use -o filename to use an alternate options file. For PPPoE, I'm using pppoed from Davin Technical Services in Ottawa, ON, CA. It uses -F filename to use an alternate options file. Gord Belsey ----- Original Message ----- From: Spencer Leung To: PPTP Sent: Saturday, December 18, 1999 2:22 AM Subject: [pptp-server] PPTP with PPPOE > Hi, > > Has anyone try pptp with PPPOE? I'm currently subscribed to sympatico.ca > for their ADSL service. > My pptp server has stopped working since they introduced PPPOE which > uses pppd to establish a connection over ethernet. > I'm running Redhat 6.0, pppd 2.3.10 with MPPE patch, kernel 2.2.9. > The following is taken from the messages log. > > Dec 18 02:16:29 valuepoint pptpd[1002]: MGR: Manager process started > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Client x.x.x.x control > connection started > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Starting call (launching > pppd, opening GRE) > Dec 18 02:16:34 valuepoint pptpd[1003]: GRE: > read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = > Input/output error > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: PTY read or GRE write > failed (pty,gre)=(5,6) > Dec 18 02:16:34 valuepoint pptpd[1003]: CTRL: Client x.x.x.x control > connection finished > Dec 18 02:16:34 valuepoint pppd[1006]: pppd 2.3.10 started by root, uid > 0 > Dec 18 02:16:34 valuepoint pppd[1006]: Using interface ppp1 > Dec 18 02:16:34 valuepoint pppd[1006]: Connect: ppp1 <--> /dev/pts/1 > Dec 18 02:16:39 valuepoint pppd[1006]: peer refused to authenticate: > terminating link > Dec 18 02:16:45 valuepoint pppd[1006]: Connection terminated. > Dec 18 02:16:45 valuepoint pppoe[1007]: read (sessionReadFromPPP): > Input/output error > Dec 18 02:16:45 valuepoint pppd[1006]: Hangup (SIGHUP) > Dec 18 02:16:45 valuepoint pppd[1006]: Exit. > > Thanks for your time. > > Spencer > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From rowl at earthcorp.com Mon Dec 20 13:12:54 1999 From: rowl at earthcorp.com (Michael St. Laurent) Date: Mon Dec 20 13:12:54 1999 Subject: [pptp-server] Setting up WINS and DNS in options file... Message-ID: <3.0.6.32.19991220111231.009a9980@guardian.hartwellcorp.com> DNS is configured using the "ms-dns w.x.y.z" line and wins is "ms-wins w.x.y.z". Both of these go in the pppd options file. >Date: Sun, 19 Dec 1999 10:11:34 -0500 >To: pptp-server at lists.schulte.org >From: "Philip L. Butler" >Subject: [pptp-server] Setting up WINS and DNS in options file... > >Hi everyone and Happy Holidays !! > >Is it possible to set the IP address of a WINS server and also >internal DNS server into the options file. I assume it would be the >pppd options file (/etc/ppp/options). I have the OReilly pppd book >and I don't see any reference to setting up the WINS address - and I >have to admit that I haven't looked for the DNS stuff yet. > >Thanks, > >Phil Butler >butler at dii.net > -------------------- Michael St. Laurent Hartwell Corporation From gord at amador.ca Mon Dec 20 15:30:28 1999 From: gord at amador.ca (Gord Belsey) Date: Mon Dec 20 15:30:28 1999 Subject: [pptp-server] modprobe error message Message-ID: <01eb01bf4b31$d59ead50$280111ac@amadorinc.com> I'm getting the following error (in /var/log/messages) whenever I start up pptpd: Dec 20 14:16:37 cpwvpn1 modprobe: can't locate module char-major-108 Can anyone tell mhat module char-major-108 is, or better yet where I can get info on various modules (ie: for setting up aliases in /etc/conf.modules). Also, I regualrly get out-of-order GRE packet messages like this: Dec 20 14:16:43 cpwvpn1 pptpd[5569]: GRE: Discarding out of order packet Dec 20 14:16:48 cpwvpn1 last message repeated 2 times Everything works ok, but I'm wondering if these are causing performance problems, and/or if there is tuning that I can do to reduce or eliminate these messages. Thanks Gord Belsey From patric.sandberg at swipnet.se Mon Dec 20 15:51:24 1999 From: patric.sandberg at swipnet.se (Patric Sandberg) Date: Mon Dec 20 15:51:24 1999 Subject: [pptp-server] PPTPD works great on LAN ! Half-Life/Q2 almost works over dial-up... Message-ID: <002301bf4b33$487362c0$0104a8c0@sensenet.se> Hello everyone! I just wanted to clarify that PPTP v1.0.0 works great on a LAN out of the box; I installed the pptpd-1.0.0 and ppp-2.3.10 RPMs and just configured the necessary config/option files, no recompiling or generally nerd-like actions, and voil?! it works right out of the box. I have managed to try the tunnel from two Win98SE machines, one on the same LAN and one over the Internet. I have run Roger Wilco which is a Voice-over-IP application successfully over my configuration. [Newbie helper: If anyone wants my config I'd be happy to send them over] The thing is; when running over the Internet with a Win98SE VPN client using a 33.6 outgoing stream from a 56k modem things get hairy when loading the tunnel; running Quake2 drops the tunnel after a few minutes, Half-Life too. I get an error message in the /var/log/messages about GRE dropping 'out of sequence' packets. Does anyone run PPTPD over slow dial-up links successfully? Regards, Patrick -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmeyers at javalinux.net Mon Dec 20 16:10:35 1999 From: nmeyers at javalinux.net (Nathan Meyers) Date: Mon Dec 20 16:10:35 1999 Subject: [pptp-server] modprobe error message References: <01eb01bf4b31$d59ead50$280111ac@amadorinc.com> Message-ID: <385EA960.BA2C1E83@javalinux.net> Gord Belsey wrote: > > I'm getting the following error (in /var/log/messages) whenever I start up > pptpd: > > Dec 20 14:16:37 cpwvpn1 modprobe: can't locate module char-major-108 > > Can anyone tell mhat module char-major-108 is, or better yet where I can get > info on various modules (ie: for setting up aliases in /etc/conf.modules). Here's a quote about it from a nice PPP setup document I found (http://axion.physics.ubc.ca/ppp-linux.html): "On the 2.3.9 and 2.3.10 versions of pppd, the message modprobe: can't locate module char-major-108 is displayed in the log file. Ignore this. These versions of pppd use some new features of the ppp kernel drivers in the development kernels on linux if they are available. This message says ppp cannot find these features. This is fine as these versions of ppp also work perfectly well with the older (2.0.x and 2.2.x) kernels." Nathan > Also, I regualrly get out-of-order GRE packet messages like this: > > Dec 20 14:16:43 cpwvpn1 pptpd[5569]: GRE: Discarding out of order packet > Dec 20 14:16:48 cpwvpn1 last message repeated 2 times > > Everything works ok, but I'm wondering if these are causing performance > problems, and/or if there is tuning that I can do to reduce or eliminate > these messages. > > Thanks > > Gord Belsey > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From patl at cag.lcs.mit.edu Mon Dec 20 16:38:33 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Mon Dec 20 16:38:33 1999 Subject: [pptp-server] modprobe error message In-Reply-To: Nathan Meyers's message of "20 Dec 1999 17:12:11 -0500" References: <01eb01bf4b31$d59ead50$280111ac@amadorinc.com> <385EA960.BA2C1E83@javalinux.net> Message-ID: > Gord Belsey wrote: > > > > I'm getting the following error (in /var/log/messages) whenever I > > start up pptpd: > > > > Dec 20 14:16:37 cpwvpn1 modprobe: can't locate module char-major-108 > > If the messages bother you, you can silence them by putting either this: alias char-major-108 ppp ...or this: alias char-major-108 off ..in your /etc/conf.modules file. (The former is what we are using and seems to work; the latter was some other suggestion which I never tried.) > > Can anyone tell mhat module char-major-108 is, or better yet where > > I can get info on various modules (ie: for setting up aliases in > > /etc/conf.modules). Try "grep -C 108 /usr/src/linux/Documentation/devices.txt". - Pat From patl at cag.lcs.mit.edu Mon Dec 20 16:53:56 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Mon Dec 20 16:53:56 1999 Subject: [pptp-server] PPTPD works great on LAN ! Half-Life/Q2 almost works over dial-up... In-Reply-To: "Patric Sandberg"'s message of "20 Dec 1999 16:53:48 -0500" References: <002301bf4b33$487362c0$0104a8c0@sensenet.se> Message-ID: "Patric Sandberg" writes: > The thing is; when running over the Internet with a Win98SE VPN > client using a 33.6 outgoing stream from a 56k modem things get > hairy when loading the tunnel; running Quake2 drops the tunnel after > a few minutes, Half-Life too. > I get an error message in the /var/log/messages about GRE dropping > 'out of sequence' packets. Does anyone run PPTPD over slow dial-up > links successfully? (Warning: I am relatively new to this stuff, so everything below might be nonsense.) We are trying to deploy PoPToP as a serious solution, which means working well over high-latency and low-bandwidth links. We are still in the experimental phase, so I don't really have any concrete suggestions for you. What I have done so far is to rewrite pptpgre.c to support windowing. Adaptive timeouts and window sizing will be next; I am conversing with the PoPToP experts to get their ideas on approaches to use. The other thing I want to try is playing with the mru/mtu size in pppd. (By the way, doesn't PPTP completely screw over path MTU discovery? I mean, the apparent end-to-end MTU will be independent of the MTUs along the path of the GRE tunnel, creating "hidden" fragmentation which could be really bad for TCP?) I am really interested in getting this sorted out, but I can probably only work on it on weekends, so it may take some time unless some other hackers show interest... - Pat From geoff at gnaa.net Mon Dec 20 17:11:36 1999 From: geoff at gnaa.net (Geoff Nordli) Date: Mon Dec 20 17:11:36 1999 Subject: [pptp-server] PPTP w/data encryption: works w/W98, not NT In-Reply-To: <385E5CC4.26FAEC9@javalinux.net> Message-ID: <004b01bf4b3f$a285be00$0101a8c0@highwayi.com> I am running NT 4, Sp6a without a problem. I am using ppp2.3.8, with the mppe patches. I use Data Encyption, Stateless, chapms-v2. geoff nordli -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Nathan Meyers Sent: Monday, December 20, 1999 8:44 AM To: Patrick J. LoPresti Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPTP w/data encryption: works w/W98, not NT "Patrick J. LoPresti" wrote: > > Nathan Meyers writes: > > > I've ended up with a PPTP setup that works flawlessly with Win98 and > > WinNT clients *without* data encryption, and with a Win98 client > > using data encryption (after applying the MS dun40.exe update). But > > I cannot get encryption to work with the WinNT client. > > We have similar behavior here, and it seems to be related to the > "Unsupported protocol" errors I and others have reported to this list. Thanks for your response. I saw "Unsupported protocol" with the win98 client before applying the dun40.exe patch. I've never seen it with the NT client (which I'm running with SP6a)... the connection never progresses far enough. I received some other advice to update to PPP 2.3.10 and related patches. I'll give that a try and, if I'm still having problems I'll try to capture some more detailed debug info. Nathan > > Could you try setting the "debug" option in /etc/ppp/options and in > /etc/pptpd.conf, then editing syslog.conf to capture daemon.* and > local2.* to a log file? If yours is the same problem, there will be a > slew of "Unsupported protocol" messages from pppd before the > disconnect. > > What service pack are you on with NT? (We are on 6a here). My guess > is that MickeySoft added some nonstandard protocol field compression > to their PPP implementation in some service pack. If so, we need to > reverse-engineer it... > > - Pat _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From patl at cag.lcs.mit.edu Mon Dec 20 17:38:40 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Mon Dec 20 17:38:40 1999 Subject: [pptp-server] PPTP w/data encryption: works w/W98, not NT In-Reply-To: "Geoff Nordli"'s message of "Mon, 20 Dec 1999 15:12:06 -0800" References: <004b01bf4b3f$a285be00$0101a8c0@highwayi.com> Message-ID: "Geoff Nordli" writes: > I am running NT 4, Sp6a without a problem. > > I am using ppp2.3.8, with the mppe patches. > > I use Data Encyption, Stateless, chapms-v2. Yours is similar to our configuration, only with ppp 2.3.10 instead of 2.3.8. We have some people connecting with SP6a with no problem; others get the dreaded "unsupported protocol" error cascade repeatedly. Tonight we are testing my new theory that it is correlated with using a NAT (IP masquerading) box, although I have no theory about how that could matter. Both problem users can do PPTP to a NT Server just fine, even from behind their NAT boxes. Sigh. Weird stuff. - Pat From nmeyers at javalinux.net Mon Dec 20 18:27:02 1999 From: nmeyers at javalinux.net (Nathan Meyers) Date: Mon Dec 20 18:27:02 1999 Subject: [pptp-server] PPTP w/data encryption: works w/W98, not NT References: <004b01bf4b3f$a285be00$0101a8c0@highwayi.com> Message-ID: <385EC956.8FA1AC4A@javalinux.net> "Patrick J. LoPresti" wrote: > > "Geoff Nordli" writes: > > > I am running NT 4, Sp6a without a problem. > > > > I am using ppp2.3.8, with the mppe patches. > > > > I use Data Encyption, Stateless, chapms-v2. > > Yours is similar to our configuration, only with ppp 2.3.10 instead of > 2.3.8. > > We have some people connecting with SP6a with no problem; others get > the dreaded "unsupported protocol" error cascade repeatedly. Tonight > we are testing my new theory that it is correlated with using a NAT > (IP masquerading) box, although I have no theory about how that could > matter. Both problem users can do PPTP to a NT Server just fine, even > from behind their NAT boxes. Well, that's encouraging, in its way :-(. There is no NAT or firewall involved in my configuration; the client is NT running in a VMWare window on the server box, connecting through VMWare's pseudo-network device. (Needless to say, this is preparation for a deployment to *other* client machines not running inside VMWare processes :-) I'm eager to learn the result of your experiments. Nathan > Sigh. Weird stuff. > > - Pat From tmk at netmagic.net Mon Dec 20 19:10:27 1999 From: tmk at netmagic.net (tmk) Date: Mon Dec 20 19:10:27 1999 Subject: [pptp-server] Firewall/PPTP Server References: Message-ID: <004601bf4b50$6cfc3c80$071c0fc0@lala.net> set up your firewall as usual, and allow incoming connections on port 1723 and allow ip protocol 47 through and you should be fine. as far as security risks, this will allow users to get onto your local network if they authenticate properly, so be sure to have a decent authentication procedure as well as encryption. ie ipchains -I input -p 47 -j ACCEPT ipchains -I input -p TCP -d 1723 -j ACCEPT (those are just of the top of my head.. there might be an error) Kevin ----- Original Message ----- From: Jeff Wilder To: Sent: Monday, December 20, 1999 7:45 AM Subject: [pptp-server] Firewall/PPTP Server > Trying to cut some corners... > Is it possible to use the same Linux server for a firewall and a PPTP > server? If so is this a security risk? If it can be done, can anyone give > an example of how to implement this with ipchains? > > Thanks in advance. > > Jeff Wilder > Systems Analyst > Connectware > 9820 East 41st Street, Suite 101 > Tulsa, Oklahoma 74146 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From geoff at gnaa.net Mon Dec 20 19:23:46 1999 From: geoff at gnaa.net (Geoff Nordli) Date: Mon Dec 20 19:23:46 1999 Subject: [pptp-server] PPTP w/data encryption: works w/W98, not NT In-Reply-To: Message-ID: <000001bf4b52$1a3a67e0$0101a8c0@highwayi.com> I am connecting from a client that has to go through NAT to get to the Internet. Client --> NAT --> Internet --> PPTP Server --> remote lan. geoff -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Patrick J. LoPresti Sent: Monday, December 20, 1999 3:38 PM To: geoff at gnaa.net Cc: 'Nathan Meyers'; pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPTP w/data encryption: works w/W98, not NT "Geoff Nordli" writes: > I am running NT 4, Sp6a without a problem. > > I am using ppp2.3.8, with the mppe patches. > > I use Data Encyption, Stateless, chapms-v2. Yours is similar to our configuration, only with ppp 2.3.10 instead of 2.3.8. We have some people connecting with SP6a with no problem; others get the dreaded "unsupported protocol" error cascade repeatedly. Tonight we are testing my new theory that it is correlated with using a NAT (IP masquerading) box, although I have no theory about how that could matter. Both problem users can do PPTP to a NT Server just fine, even from behind their NAT boxes. Sigh. Weird stuff. - Pat _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From paul at kcbbs.gen.nz Tue Dec 21 03:45:50 1999 From: paul at kcbbs.gen.nz (Paul Kendall) Date: Tue Dec 21 03:45:50 1999 Subject: [pptp-server] Connected, but not browsing. Message-ID: <001301bf4b98$3530b540$0401a8c0@PPP2K> Hi all, I have configured a linux masq firewall and PPTP server as below. linux firewall is running 2.2.12 with ip_masq_vpn-2.2.11.patch installed. I am forwarding connections on 1723 to the pptp server and have IP_MASQUERADE_PPTP in the kernel and so my GRE protocol is being masq'd as well. I have 2.2.5 with ppp-2.3.10 and the ppp-2.3.10-openssl-norc4-mppe patch and mppe-stateless patches installed. Ok, heres my problem. I can connect, using Win-2K RC2, to the pptp server from outside the firewall. Once this is done, I can connect to an intranet webserver inside the firewall and I can ping and telnet to anything inside, but for the life of me I cannot browse the network! Please, what am I doing wrong? Cheers, Paul. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthewr at moreton.com.au Tue Dec 21 04:04:35 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Dec 21 04:04:35 1999 Subject: Network Neighborhood browsing (was Re: [pptp-server] Connected, but not browsing.) References: <001301bf4b98$3530b540$0401a8c0@PPP2K> Message-ID: <002101bf4b35$c43ac900$495dc018@qld.bigpond.net.au> Gday All, I'm keen to resolve the issue of Network Neighborhood browsing with a poptop server once and for all. I've seen this thread everynow and then.. but have ignored it as it never bothered me.. I now have some time to spare to hack something together to solve it... Here is what I think needs being written to solve the problem.. (I may be completey wrong.. i'm looking for comments) 1. the network neighborhood works via NETBIOS over TCP/IP.. It broadcast these packets to the network. Q. will these packets make it down the VPN tunnel to the poptop server? My initial thoughts are *no*. I will do some tests on this in a few days. 2. The linux poptop server won't send these broadcast packets over the ppp link.. so we will have to send them manually. Ahh.. I don't know enough about it yet. I'm looking for lots of input. If I get a good idea of what needs to be done I'll sit down and hack it together. Or is there an easier solution. Cheers, Matt. ----- Original Message ----- From: Paul Kendall To: pptp-server at lists.schulte.org Sent: Tuesday, December 21, 1999 7:46 PM Subject: [pptp-server] Connected, but not browsing. Hi all, I have configured a linux masq firewall and PPTP server as below. linux firewall is running 2.2.12 with ip_masq_vpn-2.2.11.patch installed. I am forwarding connections on 1723 to the pptp server and have IP_MASQUERADE_PPTP in the kernel and so my GRE protocol is being masq'd as well. I have 2.2.5 with ppp-2.3.10 and the ppp-2.3.10-openssl-norc4-mppe patch and mppe-stateless patches installed. Ok, heres my problem. I can connect, using Win-2K RC2, to the pptp server from outside the firewall. Once this is done, I can connect to an intranet webserver inside the firewall and I can ping and telnet to anything inside, but for the life of me I cannot browse the network! Please, what am I doing wrong? Cheers, Paul. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sistemas1 at hipernet.es Tue Dec 21 05:35:44 1999 From: sistemas1 at hipernet.es (David =?iso-8859-1?Q?Sede=F1o=20Fern=E1ndez?=) Date: Tue Dec 21 05:35:44 1999 Subject: [pptp-server] Error messages in ppp Message-ID: <385F7228.EA483DF@hipernet.es> Hi, I've run succesfuly pptp by a time (a month or so), but today the clients can't connect and I see in the messages: Dec 21 12:06:26 medina pppd[22232]: Receive serial link is not 8-bit clean: Dec 21 12:06:26 medina pppd[22232]: Problem: all had bit 7 set to 0 Dec 21 12:06:27 medina pppd[22232]: Exit. The configuration haven't change, so i don't known what's wrong. Any idea? Thanks in advance -- David Sede?o Fern?ndez Servicio Tecnico Virtual Net, S.L. Grupo Hipernet C/. Casas de Campos, 3 29001 M?laga Tlf Nal.: 902 20 21 02 Tlf Int.: +34 95 222 92 14 http://www.hipernet.es/ mailto:sistemas at hipernet.es From patl at cag.lcs.mit.edu Tue Dec 21 08:14:53 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Tue Dec 21 08:14:53 1999 Subject: Network Neighborhood browsing (was Re: [pptp-server] Connected, but not browsing.) In-Reply-To: matthewr@moreton.com.au's message of "21 Dec 1999 05:06:49 -0500" References: <001301bf4b98$3530b540$0401a8c0@PPP2K> <002101bf4b35$c43ac900$495dc018@qld.bigpond.net.au> Message-ID: > 1. the network neighborhood works via NETBIOS over TCP/IP.. It > broadcast these packets to the network. UDP I think. > Q. will these packets make it down the VPN tunnel to the poptop > server? My initial thoughts are *no*. I will do some tests on this > in a few days. Correct. > 2. The linux poptop server won't send these broadcast packets over > the ppp link.. so we will have to send them manually. I think that will be hard. You will need to hack pppd, since inserting packets in the PPP stream without pppd's knowledge is dangerous (and impossible for an encrypted link?). > Ahh.. I don't know enough about it yet. I'm looking for lots of > input. If I get a good idea of what needs to be done I'll sit down > and hack it together. > Or is there an easier solution. Use a WINS server. If your MickeySoft boxes are configured to use a WINS server, they will register themselves with it directly. The WINS server will create a "browse list" which can be obtained by any machine (e.g., the PPTP client) without the use of broadcast. Three things you need to do: 1) Have a WINS server (see Samba's "wins server" parameter). 2) Configure your local Windows machines to use it. DHCP can do this for you, or you can set it manually on each machine in Network Properties. (This may not be necessary if the WINS server is reachable reached via broadcast; it may collect the browse list automatically. Not sure.) 3) Set the "ms-wins" parameter in /etc/ppp/options to point to your WINS server. This will tell your PPTP client how to reach it. 4) OK, I lied about there being three things. Play around with various "workgroup" and "domain logon" settings on the PPTP client until it decides it belongs to the workgroup. I haven't figured out exactly what magic combination works; it would be great to nail this down and document it. Well, this works for us, anyway. - Pat From natecars at real-time.com Tue Dec 21 10:23:31 1999 From: natecars at real-time.com (Nate Carlson) Date: Tue Dec 21 10:23:31 1999 Subject: Network Neighborhood browsing (was Re: [pptp-server] Connected, but not browsing.) In-Reply-To: <002101bf4b35$c43ac900$495dc018@qld.bigpond.net.au> Message-ID: On Tue, 21 Dec 1999, Matthew Ramsay wrote: > Or is there an easier solution. > Configure a WINS server on the remote end and point the client at it. That is by far the easiest solution. :) -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From chris.ellingsen at sympatico.ca Tue Dec 21 10:36:54 1999 From: chris.ellingsen at sympatico.ca (Chris Ellingsen) Date: Tue Dec 21 10:36:54 1999 Subject: [pptp-server] PPTP on FreeBSD Message-ID: <003801bf4bd1$9a6ce8a0$8d17858e@lmc.ericsson.se> Hi, does anyone have any experience with running the poptop PPTP on FreeBSD? The PPTP part seems to work fine, and I have played with the ppp.conf file as much as I can to try to get it to connect but it just fails after the 5 standard tries... I am using the userland PPP that comes with BSD, version 2.23. Here is an excerpt of my ppp log file, any suggestions are welcome... Dec 20 23:14:29 greene ppp[23903]: Phase: Using interface: tun1 Dec 20 23:14:29 greene ppp[23903]: Phase: deflink: Created in closed state Dec 20 23:14:29 greene ppp[23903]: Phase: PPP Started (direct mode). Dec 20 23:14:29 greene ppp[23903]: Debug: Select changes time: no Dec 20 23:14:29 greene ppp[23903]: Phase: bundle: Establish Dec 20 23:14:29 greene ppp[23903]: Phase: deflink: closed -> opening Dec 20 23:14:29 greene ppp[23903]: Debug: deflink: Link is SOCK_STREAM, but not inet Dec 20 23:14:29 greene ppp[23903]: Debug: deflink: stdin is unidentified Dec 20 23:14:29 greene ppp[23903]: Phase: deflink: Connected! Dec 20 23:14:29 greene ppp[23903]: Phase: deflink: opening -> lcp Dec 20 23:14:29 greene ppp[23903]: LCP: FSM: Using "deflink" as a transport Dec 20 23:14:29 greene ppp[23903]: LCP: deflink: State change Initial --> Closed Dec 20 23:14:29 greene ppp[23903]: LCP: deflink: State change Closed --> Stopped Dec 20 23:14:30 greene ppp[23903]: LCP: deflink: LayerStart Dec 20 23:14:30 greene ppp[23903]: LCP: deflink: SendConfigReq(1) state = Stopped Dec 20 23:14:30 greene ppp[23903]: LCP: MRU[4] 1500 Dec 20 23:14:30 greene ppp[23903]: LCP: MAGICNUM[6] 0x68e00392 Dec 20 23:14:30 greene ppp[23903]: Debug: fsm_Output Dec 20 23:14:30 greene ppp[23903]: Debug: 01 01 00 0e 01 04 05 dc 05 06 68 e0 03 92 ..........h... Dec 20 23:14:30 greene ppp[23903]: Debug: proto_LayerPush: Using 0xc021 Dec 20 23:14:30 greene ppp[23903]: Debug: link_PushPacket: Transmit proto 0xc021 Dec 20 23:14:30 greene ppp[23903]: Debug: mbuf_Enqueue: len = 1 Dec 20 23:14:30 greene ppp[23903]: LCP: deflink: State change Stopped --> Req-Sent Dec 20 23:14:30 greene ppp[23903]: Debug: mbuf_Dequeue: queue len = 1 Dec 20 23:14:30 greene ppp[23903]: Debug: link_Dequeue: Dequeued from queue 1, containing 0 more packets Dec 20 23:14:30 greene ppp[23903]: Debug: deflink: DescriptorWrite: wrote 18(18) to 0 Dec 20 23:14:34 greene ppp[23903]: LCP: deflink: SendConfigReq(1) state = Req-Sent Dec 20 23:14:34 greene ppp[23903]: LCP: MRU[4] 1500 Dec 20 23:14:34 greene ppp[23903]: LCP: MAGICNUM[6] 0x68e00392 Dec 20 23:14:34 greene ppp[23903]: Debug: fsm_Output ... until Dec 20 23:14:43 greene ppp[23903]: Debug: deflink: DescriptorWrite: wrote 18(18) to 0 Dec 20 23:14:46 greene ppp[23903]: LCP: deflink: LayerFinish Dec 20 23:14:46 greene ppp[23903]: LCP: deflink: State change Req-Sent --> Stopped Dec 20 23:14:46 greene ppp[23903]: LCP: deflink: State change Stopped --> Closed Dec 20 23:14:46 greene ppp[23903]: LCP: deflink: State change Closed --> Initial Dec 20 23:14:46 greene ppp[23903]: Phase: deflink: Disconnected! Dec 20 23:14:46 greene ppp[23903]: Debug: deflink: Close Dec 20 23:14:46 greene ppp[23903]: Phase: deflink: Connect time: 17 secs: 0 octets in, 90 octets out Dec 20 23:14:46 greene ppp[23903]: Phase: total 5 bytes/sec, peak 7 bytes/sec on Mon Dec 20 23:14:46 1999 Dec 20 23:14:46 greene ppp[23903]: Phase: deflink: lcp -> closed Thanks, Chris From mday at wdda.com Tue Dec 21 11:11:33 1999 From: mday at wdda.com (Michael Day) Date: Tue Dec 21 11:11:33 1999 Subject: Network Neighborhood browsing (was Re: [pptp-server] Connected, but not browsing.) In-Reply-To: Message-ID: >Use a WINS server. If your MickeySoft boxes are configured to use a >WINS server, they will register themselves with it directly. The WINS >server will create a "browse list" which can be obtained by any >machine (e.g., the PPTP client) without the use of broadcast. >Three things you need to do: > 1) Have a WINS server (see Samba's "wins server" parameter). > 2) Configure your local Windows machines to use it. DHCP can do > this for you, or you can set it manually on each machine in > Network Properties. (This may not be necessary if the WINS > server is reachable reached via broadcast; it may collect the > browse list automatically. Not sure.) > 3) Set the "ms-wins" parameter in /etc/ppp/options to point to your > WINS server. This will tell your PPTP client how to reach it. > 4) OK, I lied about there being three things. Play around with > various "workgroup" and "domain logon" settings on the PPTP > client until it decides it belongs to the workgroup. I haven't > figured out exactly what magic combination works; it would be > great to nail this down and document it. I have got network browsing working with WINS by setting the workgroup setting to match the WINDOZE Workgroup name. I also staticly defined the WINS Server Address Only thing I can't do is logon to Win2000 Terminal Services, I believe I Blue Screened the Server. From rosenbj at hotmail.com Tue Dec 21 14:45:30 1999 From: rosenbj at hotmail.com (Jeff Rosenberg) Date: Tue Dec 21 14:45:30 1999 Subject: [pptp-server] Problem connecting over Dialup connection Message-ID: <19991221204524.68894.qmail@hotmail.com> Have installed PPTPD. The problem I am experiencing is that from cable modems on the internet, there is no problem using Win98_SE to create the PPTP tunnel into the company. The VPN comes up great from any and all employees who have a cable modem. When trying users who have regular Dial-up connections we all get an error from the VPN connection #645. Since the Cable modems work I am assuming my configuration (PPPD, chap-secrets, etc. etc. is properly done). I have played with the MTU and MRU settings in the Options file but no values produce a connection with the #645 error. Here is the PPPD Options file and the debug info. from the PPTPD and Kernel: Dec 21 15:23:39 linux pptpd[8513]: CTRL: Client 4.54.51.144 control connection s tarted Dec 21 15:23:39 linux pptpd[8513]: CTRL: Starting call (launching pppd, opening GRE) Dec 21 15:23:39 linux pppd[8514]: pppd 2.3.7 started by root, uid 0 Dec 21 15:23:39 linux kernel: ppp_ioctl: set dbg flags to 10000 Dec 21 15:23:39 linux kernel: ppp_ioctl: set flags to 10000 Dec 21 15:23:39 linux kernel: ppp_tty_ioctl: set xasyncmap Dec 21 15:23:39 linux kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff Dec 21 15:23:39 linux kernel: ppp_ioctl: set flags to 10000 Dec 21 15:23:39 linux pppd[8514]: Using interface ppp1 Dec 21 15:23:39 linux pppd[8514]: Connect: ppp1 <--> /dev/pts/3 Dec 21 15:23:39 linux kernel: ppp_ioctl: set mru to 5dc Dec 21 15:23:39 linux kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff Dec 21 15:23:39 linux kernel: ppp_ioctl: set flags to 10000 Dec 21 15:23:40 linux kernel: ppp: channel ppp1 closing. Dec 21 15:23:40 linux pptpd[8513]: CTRL: Error with select(), quitting Dec 21 15:23:40 linux pptpd[8513]: CTRL: Client 4.54.51.144 control connection f inished Dec 21 15:23:40 linux pppd[8514]: Modem hangup Dec 21 15:23:40 linux pppd[8514]: Connection terminated. /etc/ppp/options: asyncmap 0 lock local kdebug 1 debug name myservername auth require-chap mru 552 mtu 1104 proxyarp Any help would be apprecited ! ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From jasonf at Baldwingroup.COM Tue Dec 21 15:12:46 1999 From: jasonf at Baldwingroup.COM (Jason M. Felice) Date: Tue Dec 21 15:12:46 1999 Subject: [pptp-server] Problem connecting over Dialup connection In-Reply-To: <19991221204524.68894.qmail@hotmail.com>; from Jeff Rosenberg on Tue, Dec 21, 1999 at 12:45:24PM -0800 References: <19991221204524.68894.qmail@hotmail.com> Message-ID: <19991221161228.G2062@waco.baldwingroup.com> On Tue, Dec 21, 1999 at 12:45:24PM -0800, Jeff Rosenberg wrote: > Have installed PPTPD. The problem I am experiencing is that from cable > modems on the internet, there is no problem using Win98_SE to create the > PPTP tunnel into the company. The VPN comes up great from any and all > employees who have a cable modem. > > When trying users who have regular Dial-up connections we all get an error > from the VPN connection #645. > > Since the Cable modems work I am assuming my configuration (PPPD, > chap-secrets, etc. etc. is properly done). I have played with the MTU and > MRU settings in the Options file but no values produce a connection with the > #645 error. > > Here is the PPPD Options file and the debug info. from the PPTPD and Kernel: [snip] This makes me very curious as to how PoPToP handles gre packets which get sliced up (due to device MTU or what not). Changing the MTU to be lower on the server won't change anything, BTW, neither will changing the MTU on the client (can you do that under Windoze). Changing the MTU on an intermediary router is the only thing you can do to cause packets to get sliced. Even then, I'm not sure if route MTU discovery (via some ICMP magic) is involved. If it is, this is sometimes incorrect as some firewall vendors filter these ICMP requests and others (for some reason) always reply 1500, despite the actual MTU. Really, the only thing to do is do a tcpdump on interfaces on both ends, then generate some large traffic and see how the packets get sliced up. -Jay 'Eraserhead' Felice From patl at cag.lcs.mit.edu Tue Dec 21 16:38:31 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Tue Dec 21 16:38:31 1999 Subject: [pptp-server] Unified diff for PPP 2.3.10 + MPPE + OpenSSL Message-ID: Anybody could cobble this together, but I figure this might save others some time. Also, I would like other people to be running the same thing I am running; safety in numbers :-). I applied the MPPE patches for ppp-2.3.10, then the stateless mode fixes, then made some minor modifications to use the RC4 implementation from the latest OpenSSL (0.9.4) instead of older SSLeay. (Because we already had OpenSSL installed.) As always, ppp-2.3.10 comes from: OpenSSL comes from: And my unified patch is at: You still have to copy the RC4 files by hand (see README.MPPE after applying the patch) because I don't live in a free country. Hm, could our Australian friends distribute a version with bundled crypto? - Pat From matthewr at moreton.com.au Tue Dec 21 16:48:01 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Dec 21 16:48:01 1999 Subject: Network Neighborhood browsing (was Re: [pptp-server] Connected, but not browsing.) References: Message-ID: <99122208484305.08446@gibberling> >> Q. will these packets make it down the VPN tunnel to the poptop >> server? My initial thoughts are *no*. I will do some tests on this >> in a few days. > >Correct. correct that it will make it, or correct that it wont? > 1) Have a WINS server (see Samba's "wins server" parameter). A number of replies mention a wins server.. so I'm going to follow this up closely.. Is there any light-weight wins servers out there? I had a quick look around but couldn't find any. Samba is too huge for my purposes (ie. I may hack one together). Comments? Cheers, Matt. From patl at cag.lcs.mit.edu Tue Dec 21 17:06:15 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Tue Dec 21 17:06:15 1999 Subject: [pptp-server] Problem connecting over Dialup connection In-Reply-To: "Jason M. Felice"'s message of "21 Dec 1999 16:14:16 -0500" References: <19991221204524.68894.qmail@hotmail.com> <19991221161228.G2062@waco.baldwingroup.com> Message-ID: "Jason M. Felice" writes: > This makes me very curious as to how PoPToP handles gre packets > which get sliced up (due to device MTU or what not). PoPToP never knows about it. pptpd uses a raw socket to read and write GRE packets, so it never sees fragments (nor even knows when fragmentation happened). > Changing the MTU to be lower on the server won't change anything, BTW, > neither will changing the MTU on the client (can you do that under > Windoze). I think it will (and tests here suggest that it does). The PPP connection is tunnelled over GRE, but the code sending packets into the PPP device doesn't know that. So the MTU on the server will affect whether packets get fragmented as they make their way into the tunnel. > Changing the MTU on an intermediary router is the only thing you can > do to cause packets to get sliced. Even then, I'm not sure if route > MTU discovery (via some ICMP magic) is involved. Whether path MTU discovery is being used depends on the protocol (e.g., TCP) and implementation. It works by setting the "don't fragment" bit on the IP packets and then processing the resulting ICMP responses. (At least, that is my understanding; I am sure someone will correct me if I am confused.) Of course, the "don't fragment" bit is buried in the GRE encapsulation, so PPTP completely defeats the whole purpose of path MTU discovery. > If it is, this is sometimes incorrect as some firewall vendors > filter these ICMP requests and others (for some reason) always reply > 1500, despite the actual MTU. Not exactly; the firewalls swallow the ICP responses, making path MTU discovery fail. David Luyer (one of the PoPToP developers, and much more of an expert than I) says most everyone just assumes a MTU of 1500. Of course, GRE adds an overhead of 12 to 16 bytes, so even that assumption is pretty meaningless. I still suspect it might make sense to drop the mtu a bit to make room for the GRE overhead, but I have no empirical evidence to support this. - Pat From patl at cag.lcs.mit.edu Tue Dec 21 17:16:17 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Tue Dec 21 17:16:17 1999 Subject: Network Neighborhood browsing (was Re: [pptp-server] Connected, but not browsing.) In-Reply-To: matthewr@moreton.com.au's message of "21 Dec 1999 17:49:22 -0500" References: <99122208484305.08446@gibberling> Message-ID: matthewr at moreton.com.au (Matthew Ramsay) writes: > >> Q. will these packets make it down the VPN tunnel to the poptop > >> server? My initial thoughts are *no*. I will do some tests on this > >> in a few days. > > > >Correct. > > correct that it will make it, or correct that it wont? Your original statement is correct; the broadcast packets will not make it through the PPP tunnel. At least, I am pretty sure that is the case :-). > A number of replies mention a wins server.. so I'm going to follow > this up closely.. Is there any light-weight wins servers out there? > I had a quick look around but couldn't find any. Samba is too huge > for my purposes (ie. I may hack one together). > > Comments? I have no idea how hard it would be. I concede that Samba is overkill for this purpose, but it is free and it does work. The name service part lives in its own daemon (nmbd); perhaps you could just run that with a minimal smb.conf... - Pat From sperla at rampnet.com Tue Dec 21 23:24:09 1999 From: sperla at rampnet.com (Sathya Perla) Date: Tue Dec 21 23:24:09 1999 Subject: [pptp-server] Does MPPE enc require MS-CHAP Message-ID: <00b501bf4c3c$b7e12e80$1fb7f7d0@butthead.hyd.rampnet.com> Hi, Does anyone know if MPPE key generation requires that a PPTP server should have done a MS-CHAP v1/v2 authentication prior to that. Or, is plain CHAP enough. When I looked up the MPPE key derivation RFC, it looks like 128 bit key generation requires MS-CHAP (and not PAP), but don't know if it works with plain CHAP. Thanks, -Sathya -------------- next part -------------- An HTML attachment was scrubbed... URL: From geoff at gnaa.net Tue Dec 21 23:32:03 1999 From: geoff at gnaa.net (Geoff Nordli) Date: Tue Dec 21 23:32:03 1999 Subject: [pptp-server] Does MPPE enc require MS-CHAP In-Reply-To: <00b501bf4c3c$b7e12e80$1fb7f7d0@butthead.hyd.rampnet.com> Message-ID: <005401bf4c3d$ef006600$0101a8c0@highwayi.com> Looking at it from a client's perspective. You can't use Data Encryption, unless you specify chapms-v2. Therefore you can't use MPPE, unless you use chapms-v2. Of course, I may be wrong. geoff nordli Hi, Does anyone know if MPPE key generation requires that a PPTP server should have done a MS-CHAP v1/v2 authentication prior to that. Or, is plain CHAP enough. When I looked up the MPPE key derivation RFC, it looks like 128 bit key generation requires MS-CHAP (and not PAP), but don't know if it works with plain CHAP. Thanks, -Sathya -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul at kcbbs.gen.nz Wed Dec 22 02:43:37 1999 From: paul at kcbbs.gen.nz (Paul Kendall) Date: Wed Dec 22 02:43:37 1999 Subject: Network Neighborhood browsing (was Re: [pptp-server] Connected, but not browsing.) References: <001301bf4b98$3530b540$0401a8c0@PPP2K> <002101bf4b35$c43ac900$495dc018@qld.bigpond.net.au> Message-ID: <002f01bf4c58$a7b0fb50$0400a8c0@PPP2K> I'd like to thank everybody for answering this qusetion for me. I'd also like to suggest that this question and the ultimate answer of putting ms-wins x.x.x.x in your /etc/ppp/options file or setup a wins-server, go into the FAQ, as it seems to be asked quite a lot according to some of the responses I have seen. Cheers, and have a merry Christmas everybody :-) Paul. From bledbetter at ael-peo.com Wed Dec 22 09:46:25 1999 From: bledbetter at ael-peo.com (Ledbetter, Brian) Date: Wed Dec 22 09:46:25 1999 Subject: [pptp-server] PPTP and encryption... Message-ID: I have a FreeBSD 3.3-RELEASE box running a custom-compiled pppd-2.3.8 with the MSCHAP and MPPE patches, and with PoPToP 1.0, both compiled as described on the PoPToP web page. The problem I'm encountering is this: When connecting to the VPN server, unencrypted authentication (i.e. CHAP) works okay, but encrypted (MSCHAP,MSCHAP-V2) authentication fails. Enclosed are my configuration files. Anyone have any ideas on what would be causing this strangeness? ---------8< /etc/ppp/options ----------- asyncmap 0 lock debug name vpn-01 +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp ms-wins {x.x.x.x} ## (Commented out for security's sake...) ms-wins {x.x.x.x} ms-dns {x.x.x.x} -------->8------------------------------ I've enabled +chap and +chapms to test unencrypted connnections, and it functions. For some reason, chapms-v2 doesn't work... ---------8< tail /var/log/ppp.log ------ Dec 22 07:21:46 garconpoint pppd[6966]: pppd 2.3.8 started by root, uid 0 Dec 22 07:21:46 garconpoint pppd[6966]: Using interface ppp0 Dec 22 07:21:46 garconpoint pppd[6966]: Connect: ppp0 <--> /dev/ttyp1 Dec 22 07:21:46 garconpoint pppd[6966]: sent [LCP ConfReq id=0x1 ] Dec 22 07:21:46 garconpoint pppd[6966]: rcvd [LCP ConfNak id=0x1 ] Dec 22 07:21:46 garconpoint pppd[6966]: sent [LCP ConfReq id=0x2 ] Dec 22 07:21:46 garconpoint pppd[6966]: rcvd [LCP ConfAck id=0x2 ] Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP ConfReq id=0x1 < 11 04 06 4e> < 13 17 01 05 3e b3 c4 b7 fd 11 d3 94 0c 00 50 04 a2 4e 6f 00 00 00 00>] Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP ConfRej id=0x1 < 11 04 06 4e> < 13 17 01 05 3e b3 c4 b7 fd 11 d3 94 0c 00 50 04 a2 4e 6f 00 00 00 00>] Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP ConfReq id=0x2 ] Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP ConfAck id=0x2 ] Dec 22 07:21:48 garconpoint pppd[6966]: peer refused to authenticate: terminating link Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP TermReq id=0x3 "peer refused to authenticate"] Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP code=0xc id=0x3 1e 18 5f f8 4d 53 52 41 53 56 35 2e 30 30] Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP CodeRej id=0x4 0c 03 00 12 1e 18 5f f8 4d 53 52 41 53 56 35 2e 30 30] Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP code=0xc id=0x4 1e 18 5f f8 4d 53 52 41 53 2d 31 2d 53 41 4e 44 45 52 53] Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP CodeRej id=0x5 0c 04 00 17 1e 18 5f f8 4d 53 52 41 53 2d 31 2d 53 41 4e 44 45 52 53] Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [CCP ConfReq id=0x5 < 12 06 01 00 00 01>] Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [IPCP ConfReq id=0x6

] Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP TermAck id=0x3 "peer refused to authenticate"] Dec 22 07:21:48 garconpoint pppd[6966]: Connection terminated. Dec 22 07:21:48 garconpoint pppd[6966]: Exit. -------->8------------------------------ (Is the

... line normal? I have an address configured in /etc/ppp/options...) ---------8< tail /var/log/pptpd.log ---- Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Starting call (launching pppd, opening GRE) Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: pty_fd = 5 Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: tty_fd = 6 Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: I wrote 32 bytes to the client. Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Sent packet to client Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): local address = {x.x.x.x} Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): remote address = {x.x.x.x} Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Received PPTP Control Message (type: 15) Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 22 07:21:46 garconpoint pptpd[6965]: GRE: Discarding duplicate packet Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Received PPTP Control Message (type: 15) Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Dec 22 07:21:48 garconpoint pptpd[6965]: GRE: read(fd=5,buffer=804d1f0,len=8196) from PTY failed: status = 0 error = No error Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Client {x.x.x.x} control connection finished Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Exiting now Dec 22 07:21:48 garconpoint pptpd[6958]: MGR: Reaped child 6965 -------->8------------------------------ Client-side system is a Win2k Advanced Server Beta 3 system, configured with PPTP support. Also has been tried with Win98-SE and WinNT 4.0 to no avail. Any information provided would help greatly! == ___ ==== _ ============================================================ / _ )____(_)__ ____ Brian C. Ledbetter / _ / __/ / _ `/ _ \ American Employee Leasing /____/_/ /_/\_,_/_//_/ Network Guru, Slayer of NT =[bledbetter at ael-peo.com]==============[http://www.shadowcom.net/~brian]== From ken.hilliard at acotec.com Wed Dec 22 10:48:23 1999 From: ken.hilliard at acotec.com (Ken Hilliard) Date: Wed Dec 22 10:48:23 1999 Subject: [pptp-server] unsubscribe In-Reply-To: <00b501bf4c3c$b7e12e80$1fb7f7d0@butthead.hyd.rampnet.com> Message-ID: <000701bf4d00$df52af60$28884b3f@kenversa.acotec.com> -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Sathya Perla Sent: Tuesday, December 21, 1999 9:24 PM To: pptp-server at lists.schulte.org Cc: sperla at ns.hyd.rampnet.com Subject: [pptp-server] Does MPPE enc require MS-CHAP Hi, Does anyone know if MPPE key generation requires that a PPTP server should have done a MS-CHAP v1/v2 authentication prior to that. Or, is plain CHAP enough. When I looked up the MPPE key derivation RFC, it looks like 128 bit key generation requires MS-CHAP (and not PAP), but don't know if it works with plain CHAP. Thanks, -Sathya -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmeyers at javalinux.net Wed Dec 22 15:20:47 1999 From: nmeyers at javalinux.net (Nathan Meyers) Date: Wed Dec 22 15:20:47 1999 Subject: [pptp-server] PPTP and encryption... References: Message-ID: <386140A5.6AF1543@javalinux.net> "Ledbetter, Brian" wrote: > > I have a FreeBSD 3.3-RELEASE box running a custom-compiled pppd-2.3.8 > with the MSCHAP and MPPE patches, and with PoPToP 1.0, both compiled as > described on the PoPToP web page. The problem I'm encountering is this: > When connecting to the VPN server, unencrypted authentication (i.e. CHAP) > works okay, but encrypted (MSCHAP,MSCHAP-V2) authentication fails. Enclosed > are my configuration files. Anyone have any ideas on what would be causing > this strangeness? Is your client running NT? If so, this looks similar (but not quite identical) to the problem I reported a few days ago. There seems to be some magic button to allow NT to use encryption with a PoPToP server, but nobody has been able to name the button... some boxes happen to have it, some do not. Nathan > > ---------8< /etc/ppp/options ----------- > asyncmap 0 > lock > debug > name vpn-01 > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > proxyarp > ms-wins {x.x.x.x} ## (Commented out for security's sake...) > ms-wins {x.x.x.x} > ms-dns {x.x.x.x} > -------->8------------------------------ > > I've enabled +chap and +chapms to test unencrypted connnections, and > it functions. For some reason, chapms-v2 doesn't work... > > ---------8< tail /var/log/ppp.log ------ > Dec 22 07:21:46 garconpoint pppd[6966]: pppd 2.3.8 started by root, uid 0 > Dec 22 07:21:46 garconpoint pppd[6966]: Using interface ppp0 > Dec 22 07:21:46 garconpoint pppd[6966]: Connect: ppp0 <--> /dev/ttyp1 > Dec 22 07:21:46 garconpoint pppd[6966]: sent [LCP ConfReq id=0x1 ] > Dec 22 07:21:46 garconpoint pppd[6966]: rcvd [LCP ConfNak id=0x1 ] > Dec 22 07:21:46 garconpoint pppd[6966]: sent [LCP ConfReq id=0x2 ] > Dec 22 07:21:46 garconpoint pppd[6966]: rcvd [LCP ConfAck id=0x2 ] > Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP ConfReq id=0x1 < 11 04 06 4e> < 13 17 01 05 3e b3 c4 b7 fd 11 d3 94 0c 00 50 04 a2 4e 6f 00 00 00 00>] > Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP ConfRej id=0x1 < 11 04 06 4e> < 13 17 01 05 3e b3 c4 b7 fd 11 d3 94 0c 00 50 04 a2 4e 6f 00 00 00 00>] > Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP ConfReq id=0x2 ] > Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP ConfAck id=0x2 ] > Dec 22 07:21:48 garconpoint pppd[6966]: peer refused to authenticate: terminating link > Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP TermReq id=0x3 "peer refused to authenticate"] > Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP code=0xc id=0x3 1e 18 5f f8 4d 53 52 41 53 56 35 2e 30 30] > Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP CodeRej id=0x4 0c 03 00 12 1e 18 5f f8 4d 53 52 41 53 56 35 2e 30 30] > Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP code=0xc id=0x4 1e 18 5f f8 4d 53 52 41 53 2d 31 2d 53 41 4e 44 45 52 53] > Dec 22 07:21:48 garconpoint pppd[6966]: sent [LCP CodeRej id=0x5 0c 04 00 17 1e 18 5f f8 4d 53 52 41 53 2d 31 2d 53 41 4e 44 45 52 53] > Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [CCP ConfReq id=0x5 < 12 06 01 00 00 01>] > Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [IPCP ConfReq id=0x6

] > Dec 22 07:21:48 garconpoint pppd[6966]: rcvd [LCP TermAck id=0x3 "peer refused to authenticate"] > Dec 22 07:21:48 garconpoint pppd[6966]: Connection terminated. > Dec 22 07:21:48 garconpoint pppd[6966]: Exit. > -------->8------------------------------ > > (Is the

... line normal? I have an > address configured in /etc/ppp/options...) > > ---------8< tail /var/log/pptpd.log ---- > Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Starting call (launching pppd, opening GRE) > Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: pty_fd = 5 > Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: tty_fd = 6 > Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: I wrote 32 bytes to the client. > Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): Connection speed = 115200 > Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Sent packet to client > Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): local address = {x.x.x.x} > Dec 22 07:21:46 garconpoint pptpd[6966]: CTRL (PPPD Launcher): remote address = {x.x.x.x} > Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Received PPTP Control Message (type: 15) > Dec 22 07:21:46 garconpoint pptpd[6965]: CTRL: Got a SET LINK INFO packet with standard ACCMs > Dec 22 07:21:46 garconpoint pptpd[6965]: GRE: Discarding duplicate packet > Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Received PPTP Control Message (type: 15) > Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! > Dec 22 07:21:48 garconpoint pptpd[6965]: GRE: read(fd=5,buffer=804d1f0,len=8196) from PTY failed: status = 0 error = No error > Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) > Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Client {x.x.x.x} control connection finished > Dec 22 07:21:48 garconpoint pptpd[6965]: CTRL: Exiting now > Dec 22 07:21:48 garconpoint pptpd[6958]: MGR: Reaped child 6965 > -------->8------------------------------ > > Client-side system is a Win2k Advanced Server Beta 3 system, configured > with PPTP support. Also has been tried with Win98-SE and WinNT 4.0 to no > avail. > > Any information provided would help greatly! > > == ___ ==== _ ============================================================ > / _ )____(_)__ ____ Brian C. Ledbetter > / _ / __/ / _ `/ _ \ American Employee Leasing > /____/_/ /_/\_,_/_//_/ Network Guru, Slayer of NT > =[bledbetter at ael-peo.com]==============[http://www.shadowcom.net/~brian]== > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From bledbetter at ael-peo.com Wed Dec 22 15:22:56 1999 From: bledbetter at ael-peo.com (Brian Ledbetter) Date: Wed Dec 22 15:22:56 1999 Subject: [pptp-server] PPTP and encryption... In-Reply-To: <386140A5.6AF1543@javalinux.net> Message-ID: > > I have a FreeBSD 3.3-RELEASE box running a custom-compiled pppd-2.3.8 > > with the MSCHAP and MPPE patches, and with PoPToP 1.0, both compiled as > > described on the PoPToP web page. The problem I'm encountering is this: > > When connecting to the VPN server, unencrypted authentication (i.e. CHAP) > > works okay, but encrypted (MSCHAP,MSCHAP-V2) authentication fails. Enclosed > > are my configuration files. Anyone have any ideas on what would be causing > > this strangeness? > > Is your client running NT? If so, this looks similar (but not quite > identical) to the problem I reported a few days ago. There seems to be > some magic button to allow NT to use encryption with a PoPToP server, > but nobody has been able to name the button... some boxes happen to have > it, some do not. I've tried with 98-SE, NT 4.0, and Win2k Advanced Server beta 3 clients. Micro$loth must be using the encryption-algorithm-of-the-day... :) == ___ ==== _ ============================================================ / _ )____(_)__ ____ Brian C. Ledbetter / _ / __/ / _ `/ _ \ American Employee Leasing /____/_/ /_/\_,_/_//_/ Webmaster =[bledbetter at ael-peo.com]==============[http://www.shadowcom.net/~brian]== From patl at cag.lcs.mit.edu Wed Dec 22 16:05:29 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Wed Dec 22 16:05:29 1999 Subject: [pptp-server] PPTP and encryption... In-Reply-To: Nathan Meyers's message of "22 Dec 1999 16:25:41 -0500" References: <386140A5.6AF1543@javalinux.net> Message-ID: Nathan Meyers writes: > Is your client running NT? If so, this looks similar (but not quite > identical) to the problem I reported a few days ago. There seems to > be some magic button to allow NT to use encryption with a PoPToP > server, but nobody has been able to name the button... some boxes > happen to have it, some do not. There is a checkbutton somewhere in the NT dialing properties for "enable PPP LCP extensions". With Linux and ppp 2.3.10, we have to disable that checkbox before we can connect to it with NT. The only reason I think this might be relevant here is the rejected "callback" LCP packets in the session log; callback is one of the LCP extensions. See: ...and search for "LCP". - Pat From bledbetter at ael-peo.com Wed Dec 22 16:16:26 1999 From: bledbetter at ael-peo.com (Brian Ledbetter) Date: Wed Dec 22 16:16:26 1999 Subject: [pptp-server] PPTP and encryption... In-Reply-To: Message-ID: > > Is your client running NT? If so, this looks similar (but not quite > > identical) to the problem I reported a few days ago. There seems to > > be some magic button to allow NT to use encryption with a PoPToP > > server, but nobody has been able to name the button... some boxes > > happen to have it, some do not. > There is a checkbutton somewhere in the NT dialing properties for > "enable PPP LCP extensions". With Linux and ppp 2.3.10, we have to > disable that checkbox before we can connect to it with NT. > > The only reason I think this might be relevant here is the rejected > "callback" LCP packets in the session log; callback is one of the LCP > extensions. See: > > > > ...and search for "LCP". Good catch! I've checked out the article, and will try it on an NT box when I get a chance. For all out there like me, in Win2k, this can be found in... Control Panel -> Network & Dialup Connections -> (Properties) -> Networking tab -> Settings button -> LCP checkbox Will let you know if this change works :) Thanks mucho!!! == ___ ==== _ ============================================================ / _ )____(_)__ ____ Brian C. Ledbetter / _ / __/ / _ `/ _ \ American Employee Leasing /____/_/ /_/\_,_/_//_/ Webmaster =[bledbetter at ael-peo.com]==============[http://www.shadowcom.net/~brian]== From nmeyers at javalinux.net Wed Dec 22 16:32:03 1999 From: nmeyers at javalinux.net (Nathan Meyers) Date: Wed Dec 22 16:32:03 1999 Subject: [pptp-server] PPTP and encryption... References: <386140A5.6AF1543@javalinux.net> Message-ID: <38615166.D0124A4D@javalinux.net> "Patrick J. LoPresti" wrote: > > Nathan Meyers writes: > > > Is your client running NT? If so, this looks similar (but not quite > > identical) to the problem I reported a few days ago. There seems to > > be some magic button to allow NT to use encryption with a PoPToP > > server, but nobody has been able to name the button... some boxes > > happen to have it, some do not. > > There is a checkbutton somewhere in the NT dialing properties for > "enable PPP LCP extensions". With Linux and ppp 2.3.10, we have to > disable that checkbox before we can connect to it with NT. Good eye. That is probably the magic button for Brian's problem. My magic button turned out to be, er, um, reinstalling SP6a. I had installed VPN after installing SP6a, and needed to reinstall SP6a to update. I'm now making encrypted connections from NT. BTW, one thing that does not work: Microsoft's windowsupdate.microsoft.com site. It's a pretty clever approach to updates (for Microsoft, anyway :-), but it doesn't catch the sort of problems that are solved by reinstalling a service pack. Nathan > The only reason I think this might be relevant here is the rejected > "callback" LCP packets in the session log; callback is one of the LCP > extensions. See: > > > > ...and search for "LCP". > > - Pat > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From christopher at schulte.org Wed Dec 22 17:53:42 1999 From: christopher at schulte.org (Christopher Schulte) Date: Wed Dec 22 17:53:42 1999 Subject: [pptp-server] Fwd: OK, I've been seeing things that indicate this works.. Message-ID: <4.3.0.23.19991222175200.01c266b0@pop.schulte.org> This was sent to the admin address, and I do not believe the entire list got a copy... Send any personal replies to the original sender, and not me please. :p >X-Sender: jbeauchamp at 1mailbox.com >X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) >Date: Wed, 22 Dec 1999 17:03:20 -0500 >To: pptp-server-admin at lists.schulte.org >From: Joe Beauchamp >Subject: OK, I've been seeing things that indicate this works.. > >I'm having a nasty time just trying to make the basics work. I have a PC >win98 being masqueraded through a linux box and something is not getting >through because it fails differently from when I move it to the other side >of the box. > >I would think that this is a common setup -- machines behind a "firewall" >masq'd and doing VPN to elsewhere. Now, when I send the connection to >another linux box running pptpd, it connects, but I don't see machines. So, >I've read here about adding lmhosts, wins via samba, and that it could be >routing. I'm still stuck. > >1. what is being stopped from connecting when I have the masq'd machine >going through linux to an NT VPN on the other side of the linux box? > >2. Why can't I see those computers? I can see them if I overtly put in an >IP instead of the computer name. Still using LMHOSTS, WINS. > >This **IS** supposed to be the easy part, right? > >Using linux-2.2.14p16 (thought a new kernel might fix some problems -- didn't). >dhcpd running for the masq'd machine 192.168.2.10 and the machines on the >other side of linux have real addresses. > >I'm using ipchains (it would be nice to put that up first in the >documentation since I spent a long while studying the older stuff that I >didn't need to know for the 2.2 kernels -- I think). > >Isn't there a simple formula to set this up? Thanks for pointers!!! > >-- Joe Beauchamp >________________________________________________________________________ > Joe Beauchamp -- VP, New Technology -- 4anything.com -- (610) 768-1444 -- NAME: Christopher Schulte MAIL: christopher at schulte.org SITE: http://www.schulte.org/ FINGER(PGP): christopher at schulte.org "there is a place that still remains it eats the fear; it eats the pain" --Trent Reznor, Nine Inch Nails HALO 13 From jbeauchamp at 4anything.com Wed Dec 22 18:33:27 1999 From: jbeauchamp at 4anything.com (Joe Beauchamp) Date: Wed Dec 22 18:33:27 1999 Subject: [pptp-server] OK, I've been seeing things that indicate this works.. Message-ID: <3.0.6.32.19991222193141.00802d90@1mailbox.com> I'm having a nasty time just trying to make the basics work. I have a PC win98 being masqueraded through a linux box and something is not getting through because it fails differently from when I move it to the other side of the box. I would think that this is a common setup -- machines behind a "firewall" masq'd and doing VPN to elsewhere. Now, when I send the connection to another linux box running pptpd, it connects, but I don't see machines. So, I've read here about adding lmhosts, wins via samba, and that it could be routing. I'm still stuck. 1. what is being stopped from connecting when I have the masq'd machine going through linux to an NT VPN on the other side of the linux box? 2. Why can't I see those computers? I can see them if I overtly put in an IP instead of the computer name. Still using LMHOSTS, WINS. This **IS** supposed to be the easy part, right? Using linux-2.2.14p16 (thought a new kernel might fix some problems -- didn't). dhcpd running for the masq'd machine 192.168.2.10 and the machines on the other side of linux have real addresses. I'm using ipchains (it would be nice to put that up first in the documentation since I spent a long while studying the older stuff that I didn't need to know for the 2.2 kernels -- I think). Isn't there a simple formula to set this up? Thanks for pointers!!! -- Joe Beauchamp ________________________________________________________________________ Joe Beauchamp -- VP, New Technology -- 4anything.com -- (610) 768-1444 From geoff at gnaa.net Wed Dec 22 21:05:50 1999 From: geoff at gnaa.net (Geoff Nordli) Date: Wed Dec 22 21:05:50 1999 Subject: [pptp-server] I just don't understand why this is so damn hard!!!! Message-ID: <000c01bf4cf2$aea3a4e0$0101a8c0@highwayi.com> Sometimes I just don't understand why things have to be so damn difficult. I have been on list this for 5 months. It doesn't seem to get any easier. There must be at least a hundred people out there installing this software. 2.3.8 wan't working on this one machine so I thought I would venture out, and try 2.3.10. Why can't there be a patch that works, when you follow a particular order. WHY! How hard is it? I am not a retard. I think the rc4 files should go in first, and then the patch should be applied. So it takes care of any modifications needed to the rc4 files. I started with a fresh copy of 2.3.10, applied the 2.3.10-mppe patch, copied over these files: rc4.h, rc4_skey.c, rc4_enc.c, rc4_locl.h I looked in the ppp_mppe.c file, and it had the rc4_skey.c file in the include section. The ppp.2.3.10 compiles properly. Oh.. I am using the openssl.0.9.4 rc4 files. Here is the crap that comes out of my machine when I compile the modules "make modules" There is some of the garbage. rc4.h:70: openssl/opensslconf.h: No such file or directory In file included from ppp_mppe.c:67:rc4_enc.c:59: openssl/rc4.h: No such file or directory thanks for helping a stressed out human. bah! humbug! geoff nordli -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: errors.txt URL: From gmader at geoanalytics.com Wed Dec 22 21:39:27 1999 From: gmader at geoanalytics.com (Greg Mader) Date: Wed Dec 22 21:39:27 1999 Subject: [pptp-server] Re: I just don't understand why this is so damn hard!!!! Message-ID: <99122222264500.00754@twister> Amen, brother! Matt has personally tried to walk me through the building of the damn binaries. It has never worked for me, either. I ask the kind souls on this list to put more of it together, ( including the SSL parts, overseas of course), and document what is working, and how they did it, and make this more useable. To put it in perspective, if those idiots at Microsoft can put together PPTP, with encryption and a user interface, I know that the talent here can do it better yet. I have faith in Matt, and the rest of the developers. Please listen to your beta testers, though. PopTop needs some work to make it more useable. Greg Mader From matthewr at moreton.com.au Wed Dec 22 21:57:12 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Dec 22 21:57:12 1999 Subject: [pptp-server] Re: I just don't understand why this is so damn hard!!!! References: <99122222264500.00754@twister> Message-ID: <99122313575903.17128@gibberling> My time is so short.. and support is so painful :-). But know that I care.. and that i hear ya.. and that in the near future I plan to resolve this rc4/auth patch mess.. (i live in Oz.. but my bandwidth leaves much to be desired.. and hence I don't host a rc4/auth version locally)... Anyone? l8r -matt On Thu, 23 Dec 1999, Greg Mader wrote: >Amen, brother! > >Matt has personally tried to walk me through the building of the damn binaries. > It has never worked for me, either. > > I ask the kind souls on this list to put more of it together, ( including the >SSL parts, overseas of course), and document what is working, and how they did >it, and make this more useable. > >To put it in perspective, if those idiots at Microsoft can put together PPTP, >with encryption and a user interface, I know that the talent here can do it >better yet. I have faith in Matt, and the rest of the developers. Please listen >to your beta testers, though. PopTop needs some work to make it more useable. > >Greg Mader > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! -- Matthew Ramsay Moreton Bay From geoff at gnaa.net Wed Dec 22 22:02:55 1999 From: geoff at gnaa.net (Geoff Nordli) Date: Wed Dec 22 22:02:55 1999 Subject: [pptp-server] Re: I just don't understand why this is so damn hard!!!! In-Reply-To: <99122313575903.17128@gibberling> Message-ID: <001301bf4cfa$a37fcd20$0101a8c0@highwayi.com> Isn't that what a place like zedz.net does? They have all kinds of crypto code on their site. geoff -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Matthew Ramsay Sent: Wednesday, December 22, 1999 7:46 PM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Re: I just don't understand why this is so damn hard!!!! My time is so short.. and support is so painful :-). But know that I care.. and that i hear ya.. and that in the near future I plan to resolve this rc4/auth patch mess.. (i live in Oz.. but my bandwidth leaves much to be desired.. and hence I don't host a rc4/auth version locally)... Anyone? l8r -matt On Thu, 23 Dec 1999, Greg Mader wrote: >Amen, brother! > >Matt has personally tried to walk me through the building of the damn binaries. > It has never worked for me, either. > > I ask the kind souls on this list to put more of it together, ( including the >SSL parts, overseas of course), and document what is working, and how they did >it, and make this more useable. > >To put it in perspective, if those idiots at Microsoft can put together PPTP, >with encryption and a user interface, I know that the talent here can do it >better yet. I have faith in Matt, and the rest of the developers. Please listen >to your beta testers, though. PopTop needs some work to make it more useable. > >Greg Mader > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! -- Matthew Ramsay Moreton Bay _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From jimbud at arborlink.com Wed Dec 22 22:34:18 1999 From: jimbud at arborlink.com (Adrian) Date: Wed Dec 22 22:34:18 1999 Subject: [pptp-server] I just don't understand why this is so damn hard!!!! In-Reply-To: <000c01bf4cf2$aea3a4e0$0101a8c0@highwayi.com> Message-ID: Hello, A while ago I also compiled pppd 2.3.10 with the mppe patches, and had the same problem youre having. the openssl version youre using installs its files in /usr/local/ssl. you need to do this is the /usr/include directory: ln -s /usr/local/ssl/include/openssl this will create the missing link to the include files. this really isnt a problem with how pppd and encryption are packaged, but more the subjective ideas of different developers on where to install their packages. Hope this helped. Regards, Adrian On Wed, 22 Dec 1999, Geoff Nordli wrote: > Sometimes I just don't understand why things have to be so damn difficult. > I have been on list this for 5 months. It doesn't seem to get any easier. > > There must be at least a hundred people out there installing this software. > > 2.3.8 wan't working on this one machine so I thought I would venture out, > and try 2.3.10. Why can't there be a patch that works, when you follow > a particular order. WHY! How hard is it? I am not a retard. I think the > rc4 files should go in first, and then the patch should be applied. So it > takes care of any modifications needed to the rc4 files. > > I started with a fresh copy of 2.3.10, applied the 2.3.10-mppe patch, > copied over these files: rc4.h, rc4_skey.c, rc4_enc.c, rc4_locl.h > > I looked in the ppp_mppe.c file, and it had the rc4_skey.c file in the > include section. > > The ppp.2.3.10 compiles properly. > > Oh.. I am using the openssl.0.9.4 rc4 files. > > Here is the crap that comes out of my machine when I compile the > modules "make modules" > > There is some of the garbage. > > rc4.h:70: openssl/opensslconf.h: No such file or directory In file included > from ppp_mppe.c:67:rc4_enc.c:59: openssl/rc4.h: No such file or directory > > thanks for helping a stressed out human. > > bah! humbug! > > geoff nordli > > > > > > > From geoff at gnaa.net Wed Dec 22 22:40:45 1999 From: geoff at gnaa.net (Geoff Nordli) Date: Wed Dec 22 22:40:45 1999 Subject: [pptp-server] I just don't understand why this is so damn hard!!!! In-Reply-To: Message-ID: <001401bf4cff$f8e08b60$0101a8c0@highwayi.com> that worked. I don't understand why that isn't anywhere in the FAQ's or was ever on the list before. I could imagine that many people have the openssl installed in that directory, because that is the default. What would happen if you don't have the openssl installed on the system? How would that work? (for the benefit of those who don't have it installed on your system). thanks, geoff -----Original Message----- From: Adrian [mailto:jimbud at arborlink.com] Sent: Wednesday, December 22, 1999 8:35 PM To: Geoff Nordli Cc: Pptp-Server List (E-mail) Subject: Re: [pptp-server] I just don't understand why this is so damn hard!!!! Hello, A while ago I also compiled pppd 2.3.10 with the mppe patches, and had the same problem youre having. the openssl version youre using installs its files in /usr/local/ssl. you need to do this is the /usr/include directory: ln -s /usr/local/ssl/include/openssl this will create the missing link to the include files. this really isnt a problem with how pppd and encryption are packaged, but more the subjective ideas of different developers on where to install their packages. Hope this helped. Regards, Adrian On Wed, 22 Dec 1999, Geoff Nordli wrote: > Sometimes I just don't understand why things have to be so damn difficult. > I have been on list this for 5 months. It doesn't seem to get any easier. > > There must be at least a hundred people out there installing this software. > > 2.3.8 wan't working on this one machine so I thought I would venture out, > and try 2.3.10. Why can't there be a patch that works, when you follow > a particular order. WHY! How hard is it? I am not a retard. I think the > rc4 files should go in first, and then the patch should be applied. So it > takes care of any modifications needed to the rc4 files. > > I started with a fresh copy of 2.3.10, applied the 2.3.10-mppe patch, > copied over these files: rc4.h, rc4_skey.c, rc4_enc.c, rc4_locl.h > > I looked in the ppp_mppe.c file, and it had the rc4_skey.c file in the > include section. > > The ppp.2.3.10 compiles properly. > > Oh.. I am using the openssl.0.9.4 rc4 files. > > Here is the crap that comes out of my machine when I compile the > modules "make modules" > > There is some of the garbage. > > rc4.h:70: openssl/opensslconf.h: No such file or directory In file included > from ppp_mppe.c:67:rc4_enc.c:59: openssl/rc4.h: No such file or directory > > thanks for helping a stressed out human. > > bah! humbug! > > geoff nordli > > > > > > > From patl at cag.lcs.mit.edu Wed Dec 22 23:16:22 1999 From: patl at cag.lcs.mit.edu (Patrick J. LoPresti) Date: Wed Dec 22 23:16:22 1999 Subject: [pptp-server] I just don't understand why this is so damn hard!!!! In-Reply-To: Adrian's message of "22 Dec 1999 23:35:59 +1900" References: <000c01bf4cf2$aea3a4e0$0101a8c0@highwayi.com> Message-ID: