From andrew at ibi.co.za Thu Jul 1 00:44:27 1999 From: andrew at ibi.co.za (Andrew Cameron) Date: Thu Jul 1 00:44:27 1999 Subject: [pptp-server] Re: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: <199906140350.LAA12186@typhaon.ucs.uwa.edu.au> Message-ID: Hi, Is there any progress on this yet? Regards Andrew On Mon, 14 Jun 1999, David Luyer wrote: > I'm working on some very preliminary work for PoPToP to be able to act as a > PNS. It will require to use the pppd-ip-alloc option in order to work in this > way and I can't really see a way around that - except for bringing back the > control-manager pipe in this case, but this is the very case where we will > expect to be having high numbers of clients and hence don't want the cost > of those pipes. So, at least initially, that is going to be one of the > restrictions. I don't intend to implement the PNS side of the PPTP > interaction, just the basic structure required for it (multiple call support > to one address and so on) as a compile time option. > > David. > ----------------------------------------------------------------------------- Andrew Cameron Internet: andrew at ibi.co.za Internet: apcameron at intch.co.za ----------------------------------------------------------------------------- From luyer at ucs.uwa.edu.au Thu Jul 1 00:52:17 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jul 1 00:52:17 1999 Subject: [pptp-server] Re: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: Your message of "Sat, 01 Jul 1999 07:45:07 +0200." Message-ID: <199907010552.NAA23777@typhaon.ucs.uwa.edu.au> > > Hi, > > Is there any progress on this yet? I did one implementation and threw it away as it would have been uselessly inefficient in the real world. At current I'm working on other things at UWA and most of my spare coding time is going into trying to finish off some things in Squid rather than pptpd (I've finally worked out a solution to the final problem laying in my Squid delay-pools stuff which will be efficient enough for me to be happy to implement it I believe; I don't believe in putting out poor solutions since they just become permanent and then people structure other things around existing kludges). Once I've finished the thing I'm doing for Squid I'll move back to looking at this again (the structure I've decided on now is a "pptpmux" process which splits off GRE to different child processes, each of which acts like out current "pptpctrl" processes, so there is one "pptpmux" per client PAC when running as a PNS with multi-call support). (I also have some other stuff for Squid that I would like to finalize but it can probably wait) David. From luyer at ucs.uwa.edu.au Thu Jul 1 00:54:46 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jul 1 00:54:46 1999 Subject: [pptp-server] Re: [pptp-server] PTY?? In-Reply-To: Your message of "Wed, 30 Jun 1999 15:06:45 -0400." Message-ID: <199907010554.NAA23832@typhaon.ucs.uwa.edu.au> > The documentation says that I need to make sure my kernel is compiled with > PTY support. What is PTY support and what options in the kernel do I need > to modify. I'm using the kernel that came with RedHat-6.0 - do I need to > change the config and recompile or is there a system configuration I need > to worry about? No. Almost all kernels will have PTY support unless you've deliberately removed it, so don't worry. > Also, after running pptpd and monitoring its log file and seeing that it > failed to open ttyp1 - I chmod +rw /dev/ttyp[0-9] and it seemed to work > somewhat. But, after I rebooted, I had to do this again. Is this normal? pptpd should be running as root (unless you have a system with a setuid openpty() helper, which isn't very common). If it fails to open a pty/tty pair as root then that is probably because it is in use. Other programs which use pty/tty's will change their permissions back to the standard ones. David. From luyer at ucs.uwa.edu.au Thu Jul 1 00:57:46 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jul 1 00:57:46 1999 Subject: [pptp-server] Re: [pptp-server] PPTP routing In-Reply-To: Your message of "Wed, 30 Jun 1999 13:51:04 -0400." Message-ID: <199907010557.NAA23872@typhaon.ucs.uwa.edu.au> > Now, all of the computers that dial up seem to route to my local network > via the PPTP connection, not that it seems to add that to the routing > table printed by 'route print'. Some of the computers seem to route > everything else via the normal dialup connection. Others seem to route > everything via the VPN. Maybe some of the machines just aren't working? I found that sometimes the VPN just doesn't work due to the Windows client box being confused about it's network stack and (if I turned up debugging on pppd to see) rejecting the 'IP' protocol and sitting there with a connection with no protocols on it. Suggested solution is to completely re-install the network stack (delete everything, restart, add everything and configure, restart). I didn't try this since the person who had the problem didn't have the time to stay and try and fix it. David. From luyer at ucs.uwa.edu.au Thu Jul 1 01:02:56 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jul 1 01:02:56 1999 Subject: [pptp-server] Re: [pptp-server] "SLIRP mode currently requires PPPd IP allocation. In-Reply-To: Your message of "Wed, 30 Jun 1999 17:07:08 +0200." <199906301507.PAA00080@oshima.sonytel.be> Message-ID: <199907010602.OAA24006@typhaon.ucs.uwa.edu.au> > I'm trying to compile pptp with slirp support. I compiled and > installed slirp without problems, but when I try to configure > pptpd 0.9.2 I get: [...] > checking for openpty in -lutil... no > SLIRP mode currently requires PPPd IP allocation. > > I tried adding "--with-pppd-ip-alloc" but that didn't work > either. How can I make configure work? Argh.. ok... will fix and commit to CVS in a few minutes. If you have autoconf installed, the fix is to change AC_DEFINE(PPPD_IP_ALLOC)) to [ AC_DEFINE(PPPD_IP_ALLOC) PPPD_IP_ALLOC=yes ]) around line 135 of configure.in then re-run autoconf. David. From nico at sonycom.com Thu Jul 1 02:29:15 1999 From: nico at sonycom.com (Nico De Ranter) Date: Thu Jul 1 02:29:15 1999 Subject: [pptp-server] --prefix does only half of the work Message-ID: <199907010728.HAA05598@oshima.sonytel.be> Howdy, we have a local policy that says that everything that has to do with security should be installed in /usr/local.host/ in stead of /usr/local/. For most programs that use "configure" this is easily done by saying "configure --prefix=/usr/local.host". Unfortunately when I do this with pptpd the software will be installed correctly in /usr/local.host but when pptpd tries to start pptpctrl it will look for it in... /usr/local :-( It turns out that defaults.h contains #define PREFIX "/usr/local/" in stead of the prefix I gave with "configure --prefix=...". Nico -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From luyer at ucs.uwa.edu.au Thu Jul 1 03:03:25 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jul 1 03:03:25 1999 Subject: [pptp-server] Re: [pptp-server] --prefix does only half of the work In-Reply-To: Your message of "Thu, 01 Jul 1999 09:28:47 +0200." <199907010728.HAA05598@oshima.sonytel.be> Message-ID: <199907010803.QAA25711@typhaon.ucs.uwa.edu.au> > > It turns out that defaults.h contains > > #define PREFIX "/usr/local/" > > in stead of the prefix I gave with "configure --prefix=...". OK, this will be fixed in the CVS in around 10 minutes. David. From martin at simpli.net Thu Jul 1 08:03:25 1999 From: martin at simpli.net (martin at simpli.net) Date: Thu Jul 1 08:03:25 1999 Subject: [pptp-server] Info Message-ID: <001e01bec3c3$13d640c0$0202a8c0@simpli.net> Hi, Well I have a little question do you think it possible on linux to make a server tool that will ack as a MS exchange server ? (imap mailbox, public folder and scheduling...) now I can do all this stuff with cyrus imap server but not the scheduling part ... well the schedule work for standalone purpose but we need to get the option to see others users schedules but this capability is only available in outlook when we are connected to a exchange server so here go the question is it possible to make a clone of that on linux ? Thanks Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthewr at moreton.com.au Thu Jul 1 21:58:38 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu Jul 1 21:58:38 1999 Subject: [pptp-server] v0.9.3 released Message-ID: <377C29AD.A846607C@moreton.com.au> Hiya all, PoPToP v0.9.3 has been released! You can download your copy from here: http://www.moretonbay.com/vpn/download_pptp.html Minor fixes only -- see below: v0.9.2 -> v0.9.3 2 July, 1999 - changes to configure to fix SLIRP option and print out options chosen - configure --prefix fix PoPToP Development Team From luyer at ucs.uwa.edu.au Fri Jul 2 01:36:16 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Jul 2 01:36:16 1999 Subject: [pptp-server] Re: [pptp-server] PPTP over dialup In-Reply-To: Your message of "Wed, 30 Jun 1999 10:24:41 +0100." <3.0.6.32.19990630102441.0087b8c0@mail.scl.co.uk> Message-ID: <199907020636.OAA04671@typhaon.ucs.uwa.edu.au> > My problem is that it works fine over a LAN connection with either client, but > fails with both clients when used over a dialup connection. From looking at > the debug traces on the server and the linux client, I can see that the server > is sending the LCP requests and the client receives these and responds by > sending the LCP acks, and its own LCP requests, BUT these are never received > by the server. The server just sends 10 requests and having got nothing back, > times out. > > This is not a firewall issue (I've eliminated the firewall for the purpose of > trying to get this going) so what is it? How do I get a handle on it? Try doing 'tcpdump proto 47' at both ends to see if any GRE traffic is actually getting sent/received at both ends. If it's sent at one end but not received at the other, then it's getting lost somewhere in-between. David. From nico at sonycom.com Fri Jul 2 04:57:52 1999 From: nico at sonycom.com (Nico De Ranter) Date: Fri Jul 2 04:57:52 1999 Subject: [pptp-server] can connect only once Message-ID: <199907020957.JAA15285@oshima.sonytel.be> Howdy, I'm still trying to setup a pptp server on a Linux box, I have it working and I can connect from Win95/98/NT4. However when I connect from Win98 , disconnect and try to reconnect again I don't seem to get passed "Verifying username and password". In the errorlog on the server I get something like this: Jul 1 15:10:42 ape pptpd[2751]: MGR: Launching /usr/local.host/software/pptpd-0.9.2/bin/pptpctrl to handle client Jul 1 15:10:42 ape pptpd[2751]: CTRL: local address = xxx.xxx.xxx.xxx Jul 1 15:10:42 ape pptpd[2751]: CTRL: remote address = xxx.xxx.xxx.xxx Jul 1 15:10:42 ape pptpd[2751]: CTRL: pppd speed = 115200 Jul 1 15:10:42 ape pptpd[2751]: CTRL: Client xxx.xxx.xxx.xxx control connection started Jul 1 15:10:42 ape pptpd[2751]: CTRL: Received PPTP Control Message (type: 1) Jul 1 15:10:42 ape pptpd[2751]: CTRL: Made a START CTRL CONN packet Jul 1 15:10:42 ape pptpd[2751]: CTRL: I wrote 156 bytes to the client. Jul 1 15:10:42 ape pptpd[2751]: CTRL: Sent packet to client Jul 1 15:10:42 ape pptpd[2751]: CTRL: Received PPTP Control Message (type: 7) Jul 1 15:10:42 ape pptpd[2751]: CTRL: Made a OUT CALL RPLY packet Jul 1 15:10:42 ape pptpd[2751]: CTRL: Starting call (launching pppd, opening GRE) Jul 1 15:10:42 ape pptpd[2751]: CTRL: pty_fd = 4 Jul 1 15:10:42 ape pptpd[2751]: CTRL: tty_fd = 5 Jul 1 15:10:42 ape pptpd[2751]: CTRL: I wrote 32 bytes to the client. Jul 1 15:10:42 ape pptpd[2752]: CTRL (PPPD Launcher): Connection speed = 115200 Jul 1 15:10:42 ape pptpd[2752]: CTRL (PPPD Launcher): local address = xxx.xxx.xxx.xxx Jul 1 15:10:42 ape pptpd[2752]: CTRL (PPPD Launcher): remote address = xxx.xxx.xxx.xxx Jul 1 15:10:42 ape pptpd[2751]: CTRL: Sent packet to client Jul 1 15:11:13 ape pptpd[2751]: GRE: read(fd=4,buffer=804c9c8,len=8196) from PTY failed: status = -1 errno = 5 Jul 1 15:11:13 ape pptpd[2751]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jul 1 15:11:13 ape pptpd[2751]: CTRL: Client xxx.xxx.xxx.xxx control connection finished Jul 1 15:11:13 ape pptpd[2751]: CTRL: Exiting now I tried rebooting the client and/or the server but I still get that message. If I try again 10 minutes later chances are it will again work without problem. Any idea what's wrong? (haven't tried this from 95 or NT since I only have a 98 box closeby). Nico -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From nico at sonycom.com Fri Jul 2 10:34:17 1999 From: nico at sonycom.com (Nico De Ranter) Date: Fri Jul 2 10:34:17 1999 Subject: [pptp-server] can't find module ppp-compress-.. Message-ID: <199907021534.PAA17155@oshima.sonytel.be> Howdy, sometimes when I make a connection to my pptpd server I see a message like Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 in /var/log/messages on the server. Any idea what I can do about it? Nico -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From tmk at netmagic.net Fri Jul 2 12:47:34 1999 From: tmk at netmagic.net (tmk) Date: Fri Jul 2 12:47:34 1999 Subject: [pptp-server] Re: [pptp-server] can't find module ppp-compress-.. In-Reply-To: <199907021534.PAA17155@oshima.sonytel.be> Message-ID: yeah, in your /lib/modules//net/ directory, there should be files called bsd_comp.o and ppp_deflate.o.. insmod those files and you'll be good to go. Kevin On Fri, 2 Jul 1999, Nico De Ranter wrote: > > Howdy, > > sometimes when I make a connection to my pptpd server I > see a message like > > Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 > Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 > Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 > Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 > Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 > Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 > Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 > Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 > Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 > > > in /var/log/messages on the server. Any idea what I > can do about it? > > Nico > > -- > -------------------------------------------------------- > How do you tell when you run out of invisible ink? > -------------------------------------------------------- > Nico De Ranter > Sony Service Center (SUPC-E/NSSE) > Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) > 1130 Brussel (Bruxelles), Belgium, Europe, Earth > Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 > e-mail: nico.deranter at sonycom.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From mals at home.com Fri Jul 2 22:14:53 1999 From: mals at home.com (Malay Shah) Date: Fri Jul 2 22:14:53 1999 Subject: [pptp-server] Compiling pptpd on Slackware 4.0 Message-ID: <377D7FE9.B6C1892B@home.com> Hi, I'm having trouble compiling pptpd on Slackware 4.0. I've compiled it on a Slackware 3.6 machine and it seemed to work fine but it just won't compile with this distribution. This is the output during compiling that I received before the error. gcc -O2 -fno-builtin -Wall -ansi -DPREFIX='"/usr/local"' -o pptpd pptpd.o con figfile.o pptpmanager.o compat.o getopt.o getopt1.o getopt.o: In function `_getopt_internal': getopt.o(.text+0x4dc): undefined reference to `gettext' getopt.o(.text+0x57a): undefined reference to `gettext' getopt.o(.text+0x5b6): undefined reference to `gettext' getopt.o(.text+0x64a): undefined reference to `gettext' getopt.o(.text+0x73d): undefined reference to `gettext' getopt.o(.text+0x776): more undefined references to `gettext' follow make[2]: *** [pptpd] Error 1 make[2]: Leaving directory `/root/net/pptpd' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/root/net/pptpd' make: *** [all-recursive-am] Error 2 Any help would be appreciated, thanks. Malay Shah From mals at home.com Sat Jul 3 00:02:03 1999 From: mals at home.com (Malay Shah) Date: Sat Jul 3 00:02:03 1999 Subject: [pptp-server] pptpd & mschap-v2 Message-ID: <377D9904.D3C9AA97@home.com> Hi, I'm having trouble getting pptpd & mschap-v2 to work. I downloaded all of the patches and compiled everything but whenever i try to connect from my win98 machine, it says: Error 691: The computer you have dialed in to has denied access because the username and/or password is invalid on the domain. What is this suppose to mean? Malay Shah From straitiff at syrinex.com Sat Jul 3 11:51:08 1999 From: straitiff at syrinex.com (David M. Straitiff) Date: Sat Jul 3 11:51:08 1999 Subject: [pptp-server] RE: [pptp-server] pptpd & mschap-v2 Message-ID: Error 691 is an authentication problem probably due to the fact that MS chap uses the domain name and username combo to authenticate. If you look at the logs you will probably see a message saying that MS chap is trying to authenticate user "domain\\username". I got it to work by putting the full domain and user string in the client portion of the chap-secrets file. # Secrets for authentication using CHAP # client server secret IP addresses workgroup\\user server password * If anyone knows how to get it to default to a particular domain, I would like to know. Dave Straitiff > -----Original Message----- > From: Malay Shah [SMTP:mals at home.com] > Sent: Saturday, July 03, 1999 1:01 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptpd & mschap-v2 > > Hi, I'm having trouble getting pptpd & mschap-v2 to work. I downloaded > all of the patches and compiled everything but whenever i try to > connect > from my win98 machine, it says: > > Error 691: The computer you have dialed in to has denied access > because > the username and/or password is invalid on the domain. > > What is this suppose to mean? > > Malay Shah > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From straitiff at syrinex.com Sat Jul 3 11:59:41 1999 From: straitiff at syrinex.com (David M. Straitiff) Date: Sat Jul 3 11:59:41 1999 Subject: [pptp-server] Trouble with mschap-v2 on win 98 Message-ID: I applied the patches for mschap-v2 and mppe encryption to ppp-2.3.8. I have found that windows 98 clients negotiate the old mschap and mppe, but not the new mschap-v2. After that, I get lots of unknown protocol messages from the pppd daemon on linux and the link does not appear to work. I believe it is due to the fact that it is not using mschap-v2 to establish the keys for the encyrption. I tried the exact same setup under windows 95 with the Dun 1.3 updates and it worked perfectly. The only difference being that it indicated it had negotiated mschap-v2 properly. Any ideas? Also has anyone had success compiling the lzs compression module I found in the patch, I would be interested in getting it working. Dave Straitiff... From straitiff at syrinex.com Sat Jul 3 12:02:01 1999 From: straitiff at syrinex.com (David M. Straitiff) Date: Sat Jul 3 12:02:01 1999 Subject: [pptp-server] RE: Compiling pptpd on Slackware 4.0 Message-ID: In the config.h file, I had to comment out international library support to get it to compile correctly under Slackware 4.0: /* Define if you have the header file. */ /* #define HAVE_LIBINTL_H 1 */ > -----Original Message----- > From: Malay Shah [SMTP:mals at home.com] > Sent: Friday, July 02, 1999 11:14 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Compiling pptpd on Slackware 4.0 > > Hi, I'm having trouble compiling pptpd on Slackware 4.0. I've > compiled > it on a Slackware 3.6 machine and it seemed to work fine but it just > won't compile with this distribution. This is the output during > compiling that I received before the error. > ... From luyer at ucs.uwa.edu.au Mon Jul 5 07:07:31 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Mon Jul 5 07:07:31 1999 Subject: [pptp-server] gettext() and Slackware 4.0 Message-ID: <199907051206.UAA23630@typhaon.ucs.uwa.edu.au> The gettext() and Slackware 4.0 compilation problems should be gone in the current CVS. I've also ripped out the list of all the old bugs and put some new TODO items in, split into 'release critical' and 'non release critical' (as to the things which I think need fixing before we can call it a 1.0 and the things which I think can be post-1.0 - note that other developers may think differently here!) David. From nico at sonycom.com Mon Jul 5 09:33:05 1999 From: nico at sonycom.com (Nico De Ranter) Date: Mon Jul 5 09:33:05 1999 Subject: [pptp-server] cannot connect from remote network Message-ID: <199907051432.OAA08468@oshima.sonytel.be> Howdy, this issue seems to have risen a few times but I never saw an answer. I have the following problem: I set up a PPTP server on a Linux box. The clients are running Linux, Win95/Win98 or WinNT. The network setup looks kindof like the following: |client 1| | -----net A--------|FW|-------net B---------- | | |pptp server| |cisco| | | pstn or isdn | | |client 2| Client 1 connects to a virtual ip-address on net B which is converted and forwarded (NAT) by the firewall to the pptp server. This setup works perfectly. Now I take exactly the same client 1 and have it dialin to the cisco with exactly the same configuration as client 2. The dialin setup is ok (I can surf the net and do whatever I want). However I can only connect to the pptp server once. If I disconnect and reconnect again the logon hangs during ppp negotiation. If I dialin again with client 2 and get another ip-address assigned by the Cisco, it again works only once. If I reboot client 2 to another OS and connect again with the same ip-address, it will have the same problem. After some time I'm able to logon again. Note: the pstn and isdn dialins use different cisco routers but they both have the problem. Any idea what might be wrong. Nico -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From matthewr at moreton.com.au Mon Jul 5 20:05:04 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Jul 5 20:05:04 1999 Subject: [pptp-server] v0.9.4 released! Message-ID: <37815522.86C8786D@moreton.com.au> PoPToP v0.9.4 has been released! You can grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html Here's the ChangeLog: v0.9.3 -> v0.9.4 5 July, 1999 - fixed to detect Slackware 4.0 needing -lintl for gettext() - better fix for using different binary locations (cover --bindir too) - removed select() in ctrlpacket.c in favour of setting control sockets to be nonblocking (for performance - plain read() is cheaper than select() especially when you're pretty sure of success) Anyone have any success with the MPPE encryption stuff yet?? -PoPToP Development Team From nhelsley at mcservices.net Tue Jul 6 11:17:07 1999 From: nhelsley at mcservices.net (Neil Helsley) Date: Tue Jul 6 11:17:07 1999 Subject: [pptp-server] Remote IP and Local IP Message-ID: <9182EB037693D211A9EA006008E4441A063429@RANGER> I'm trying to see if I have my setup installed correctly. I assume Local IP is the IP that you give the PPTP client. What is Remote IP used for? My Server is behind a router, we have everything forwarded correctly (according to my sniffing logs), but what is happening is that the GRE request is coming from the internal IP but getting the replies from the client on the external IP, so my internal server isn't seeing it's requests getting answered. I tried forwarding all GRE requests to the internal IP (ipfwd #internalip 47 &), I now get replies logged in my pptpd.log, but it is telling me they are out of sequence so they get disregarded. Any suggestions? Specs: PPP 2.3.8 RedHat 6.0 PPTPD 0.9.4 Neil Helsley From matthewr at moreton.com.au Tue Jul 6 19:51:30 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Jul 6 19:51:30 1999 Subject: [pptp-server] poptop howto/mppe Message-ID: <3782A376.6E676FDA@moreton.com.au> gday all, i just went thru the poptop archives and grabbed a bunch of questions and answers that looked FAQ/HOWTO-able. a number of people said they were gonna do this over the last few months.. but i never saw anything materialise... to those people who possibly started a faq/howto for poptop can they send in what they have so i can add it in. secondly i want feedback on how people are going with the MSCHAPv2/MPPE stuff? anyone having success? cheers, -matt From luyer at ucs.uwa.edu.au Wed Jul 7 00:19:46 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jul 7 00:19:46 1999 Subject: [pptp-server] Re: [pptp-server] Remote IP and Local IP In-Reply-To: Your message of "Tue, 06 Jul 1999 12:19:51 -0400." <9182EB037693D211A9EA006008E4441A063429@RANGER> Message-ID: <199907070519.NAA09039@typhaon.ucs.uwa.edu.au> > I'm trying to see if I have my setup installed correctly. I assume Local IP > is the IP that you give the PPTP client. What is Remote IP used for? A PPP session is established between the client and server. Local IP is the address you use for yourself in this session (the server end) and remote IP is the address you give the other end (the client). Local IP should usually be some unused IP address and may be the same for all clients, using eth0 is sometimes possible but not advisable since it complicates routing tables (and makes using the Linux client pretty much impossible). > My Server is behind a router, we have everything forwarded correctly > (according to my sniffing logs), but what is happening is that the GRE > request is coming from the internal IP but getting the replies from the > client on the external IP, so my internal server isn't seeing it's requests > getting answered. I tried forwarding all GRE requests to the internal IP > (ipfwd #internalip 47 &), I now get replies logged in my pptpd.log, but it > is telling me they are out of sequence so they get disregarded. Any > suggestions? Out of sequence could mean that you're causing duplicates or that they're really out of sequence due to some network complication. I will make a change so that sequential duplicate packets are logged differently from other out of order packets as this may be an important difference in debugging these problems. David. From Bjoern at CHYBA.at Wed Jul 7 03:35:22 1999 From: Bjoern at CHYBA.at (Bjoern Chyba) Date: Wed Jul 7 03:35:22 1999 Subject: [pptp-server] filter ? Message-ID: <199907070836.KAA17700@stud1.tuwien.ac.at> i am acting from a win98 client and i am connected by a cable modem isp who has got something like a firewall is there a possibility to find out whether my poptop packets are filtered out by a firewall on their way? my poptop server has already worked and connection was ok. everything was fine, once upon a time, but now the connection is constantly being refused. i can see that the client tries to exchange authentication, though. so the port is open and the server is up. the logs contain no hint for malfunction, either (nothing but 'connection from client... connection closed...' and a few packets inbetween) bjoern From cybear at pacbell.net Wed Jul 7 05:53:32 1999 From: cybear at pacbell.net (Matt Templeton) Date: Wed Jul 7 05:53:32 1999 Subject: [pptp-server] MS Encryption pactch installation Message-ID: <37833521.66F47FE8@pacbell.net> I just downloaded the MS encryption patch and got a .diff file. I have never dealt with a diff file and am not sure what to do with it. The instructions states "compile this pppd, and the associated kernel modules", but nothing about how to apply the patch. Can anyone help?? Thanks Matt From luyer at ucs.uwa.edu.au Wed Jul 7 07:33:57 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jul 7 07:33:57 1999 Subject: [pptp-server] Re: [pptp-server] MS Encryption pactch installation In-Reply-To: Your message of "Wed, 07 Jul 1999 11:08:17 GMT." <37833521.66F47FE8@pacbell.net> Message-ID: <199907071233.UAA14501@typhaon.ucs.uwa.edu.au> > I just downloaded the MS encryption patch and got a .diff file. I have > never dealt with a diff file and am not sure what to do with it. The > instructions states "compile this pppd, and the associated kernel > modules", but nothing about how to apply the patch. Can anyone help?? A .diff file is a patch. Apply it with the 'patch' command. You may need to read the manual page on patch but the main important option is the '-p' option which may be needed (eg, -p1 to strip one path component off filenames). A typical patch application is something like cd some-distribution gzip -dc ../some-patch.gz | patch -p1 but this varies based on the specific patches. David. From coutel at prophecy.lu Wed Jul 7 08:07:07 1999 From: coutel at prophecy.lu (Thierry Coutelier) Date: Wed Jul 7 08:07:07 1999 Subject: [pptp-server] pptp client version In-Reply-To: <199907071233.UAA14501@typhaon.ucs.uwa.edu.au> Message-ID: Greetings, Mabe i'm on the wrong list but I found nowhere else to ask my question. I try to connect to the Internet using an ADSL ANT which uses PPTP. I have a RedHat 6.0 box with kernel 2.2.5 and downloaded the pptp client 1.0.2 from C. Scott Ananian. I tried with the 2.2.10 kernel and on Slackware and SuSe. Whe I try to connect Iget the folowing messages rm: remove `/var/run/pptp/194.154.198.39'? y [root at cthol ppp]# pptp 194.154.198.39 debug user coutel warn[pptp_dispatch_ctrl_packet:pptp_ctrl.c:701]: pptp_conn_close(2) (unknown)[6896]: log[pptp_conn_close:pptp_ctrl.c:275]: Closing PPTP connection warn[open_unixsock:pptp_callmgr.c:310]: Call manager for 194.154.198.39 is already running. fatal[callmgr_main:pptp_callmgr.c:125]: Could not open unix socket for 194.154.198.39 fatal[launch_callmgr:pptp.c:215]: Call manager exited with error 256 [root at cthol ppp]# The only debug line i get is: Jul 7 15:08:56 cthol (unknown)[6896]: log[pptp_conn_close:pptp_ctrl.c:275]: Closing PPTP connection I could not find any answers in the newsgroups or on any web site. The ADSL connection works properly under Windoze. Could anyone help me. If somebody knows of a page or text explaining everything that needs to be installed/configured please tell me. Thanks for your time. --- Thierry.Coutelier at prophecy.lu (Belgarath on Prophecy MUD) WEB: http://www.prophecy.lu MUD: telnet://mud.prophecy.lu:4000 Visit: http://www.mud.lu and http://www.linux.lu From thorax at telenet.ru Wed Jul 7 09:40:46 1999 From: thorax at telenet.ru (Thorax Embalmer) Date: Wed Jul 7 09:40:46 1999 Subject: [pptp-server] Re: [pptp-server] RE: [pptp-server] pptpd & mschap-v2 In-Reply-To: References: Message-ID: <6849.990707@telenet.ru> Hello David, ???????, 3 ???? 1999 ?., you wrote: DMS> # Secrets for authentication using CHAP DMS> # client server secret IP DMS> addresses DMS> workgroup\\user server password * i use pptp client 1.0.2 , when starting : pptp server debug name workgroup\\user remotename server get receive message : "peer authentication required but no suitable secret(s) found" ps : debian linux 2.1, ppp 2.3.5 ,remote server: RAS NT 4.0 sp4 ... H? p?? ??? ?p?????, ????? ?? ?? ??????????? ?? ??? ????. Best regards, Thorax mailto:thorax at telenet.ru Linux user #107279 From mgorsuch at mmcable.com Wed Jul 7 09:41:05 1999 From: mgorsuch at mmcable.com (Mike Gorsuch) Date: Wed Jul 7 09:41:05 1999 Subject: [pptp-server] Got the patched ppp to compile, now what? Message-ID: <000501bec886$be0a46f0$470110ac@mike.mmcable.com> Hey everyone, I patched, compiled, and did a "make install" with the ppp-2.3.8 source. So, what is the next step I need to complete in order to allow it to support the encrypted data? Is there some way to pass the parameters? Thanks a lot Mike Gorsuch PC Technician Multimedia Cablevision 820 W. Irish Lane Edmond, OK 73003 mgorsuch at mmcable.com (405) 348-5750 ext. 856 From tmk at netmagic.net Wed Jul 7 11:35:43 1999 From: tmk at netmagic.net (tmk) Date: Wed Jul 7 11:35:43 1999 Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] RE: [pptp-server] pptpd & mschap-v2 References: <6849.990707@telenet.ru> Message-ID: <002301bec897$114c9100$011c0fc0@lala.net> you probably need 4 \'s (ie workgroup\\\\user because \ is the escape char) Kevin ----- Original Message ----- From: Thorax Embalmer To: David M. Straitiff Cc: Sent: Wednesday, July 07, 1999 7:22 AM Subject: [pptp-server] Re: [pptp-server] RE: [pptp-server] pptpd & mschap-v2 > Hello David, > > qsaanr`, 3 h~k 1999 c., you wrote: > > DMS> # Secrets for authentication using CHAP > DMS> # client server secret IP > DMS> addresses > DMS> workgroup\\user server password * > > i use pptp client 1.0.2 , when starting : > > pptp server debug name workgroup\\user remotename server > > get receive message : "peer authentication required but no suitable > secret(s) found" > > ps : debian linux 2.1, ppp 2.3.5 ,remote server: RAS NT 4.0 sp4 > > ... He pni ls dpscnls, wrna{ nm me hqonk|gnb`k ee j`j njno. > Best regards, > Thorax mailto:thorax at telenet.ru > Linux user #107279 > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From mgorsuch at mmcable.com Wed Jul 7 11:36:53 1999 From: mgorsuch at mmcable.com (Mike Gorsuch) Date: Wed Jul 7 11:36:53 1999 Subject: [pptp-server] /etc/ppp/options Message-ID: <000601bec896$e9c3de90$470110ac@mike.mmcable.com> Would anyone mind letting me see thier /etc/ppp/options file for MS MPPE configuration? I can't seem to get it right. All I'm trying to do is have a Win 98 box connect to the PoPToP server, but it HAS to be able to encrypt data. Please let me know if you have a solution. Mike Gorsuch PC Technician Multimedia Cablevision 820 W. Irish Lane Edmond, OK 73003 mgorsuch at mmcable.com (405) 348-5750 ext. 856 From mgorsuch at mmcable.com Wed Jul 7 12:07:33 1999 From: mgorsuch at mmcable.com (Mike Gorsuch) Date: Wed Jul 7 12:07:33 1999 Subject: [pptp-server] RE: Got the patched ppp to compile, now what? Message-ID: <000701bec89b$37daba00$470110ac@mike.mmcable.com> Never mind, I figured that one out *blushes* Now I just need to figure out what I'm doing wrong with my /etc/ppp/options file, and I'll be good to go.. Sorry for my ignorance, I'm learning ;-) Mike Gorsuch PC Technician Multimedia Cablevision 820 W. Irish Lane Edmond, OK 73003 mgorsuch at mmcable.com (405) 348-5750 ext. 856 -----Original Message----- From: Mike Gorsuch [mailto:mgorsuch at mmcable.com] Sent: Wednesday, July 07, 1999 9:41 AM To: 'pptp-server at lists.schulte.org' Subject: Got the patched ppp to compile, now what? Hey everyone, I patched, compiled, and did a "make install" with the ppp-2.3.8 source. So, what is the next step I need to complete in order to allow it to support the encrypted data? Is there some way to pass the parameters? Thanks a lot Mike Gorsuch PC Technician Multimedia Cablevision 820 W. Irish Lane Edmond, OK 73003 mgorsuch at mmcable.com (405) 348-5750 ext. 856 From mals at home.com Wed Jul 7 12:30:02 1999 From: mals at home.com (Malay Shah) Date: Wed Jul 7 12:30:02 1999 Subject: [pptp-server] PoPToP Question Message-ID: <37838E52.566A4897@home.com> Hi, I was wondering if it's possible to use poptop to obtain a real ip instead of a fake one. Right now I'm running IP Masquerading and I can't run some IP applications with it, even with portforwarding. So if I dialin to PoPToP, could I obtain a real ip and then would I be able to use some of the applications that I can't run through masquerading? Malay Shah From luyer at ucs.uwa.edu.au Wed Jul 7 12:55:22 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jul 7 12:55:22 1999 Subject: [pptp-server] Re: [pptp-server] PoPToP Question In-Reply-To: Your message of "Wed, 07 Jul 1999 13:28:50 -0400." <37838E52.566A4897@home.com> Message-ID: <199907071755.BAA17816@typhaon.ucs.uwa.edu.au> > Hi, I was wondering if it's possible to use poptop to obtain a real ip > instead of a fake one. Right now I'm running IP Masquerading and I > can't run some IP applications with it, even with portforwarding. So if > I dialin to PoPToP, could I obtain a real ip and then would I be able to > use some of the applications that I can't run through masquerading? As long as you can set up routing appropriately, yes you can. I'm using PoPToP to provide dialup-equivalent access to on-campus restricted networks at UWA, allocating real addresses out of the dialup pool and managing the routing with gated. David. From mgorsuch at mmcable.com Wed Jul 7 16:14:09 1999 From: mgorsuch at mmcable.com (Mike Gorsuch) Date: Wed Jul 7 16:14:09 1999 Subject: [pptp-server] Using Windows 98 with the MPPE encryption? Message-ID: <000501bec8bd$998caca0$470110ac@mike.mmcable.com> Hello, well, I've got everything up and running, and all clients can use PoPToP just fine without encryption. I built the newest version of PPP, and now Windows 95 clients will authenticate and connect using the MPPE encryption. But, I cannot get Windows 98 or Windows NT to work with the MPPE. Has anyone out thier figured it out? Thanks a bunch, Mike Gorsuch PC Technician Multimedia Cablevision 820 W. Irish Lane Edmond, OK 73003 mgorsuch at mmcable.com (405) 348-5750 ext. 856 From matthewr at moreton.com.au Wed Jul 7 18:33:57 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Jul 7 18:33:57 1999 Subject: [pptp-server] installing MSCHAP/MPPE PPPD patch Message-ID: <3783E292.8BE96F24@moreton.com.au> This is cut out of the poptop howto/faq.. the howto is not finished.. at the moment it is a big mess. any feedback on these instructions most welcome. also i'd like to hear about anyone having success with this under win98 and NT. see below! -matt 3.1 Installing MSCHAP/MPPE PPPD Patch Grab yourself a clean copy of the PPP deamon version 2.3.8 (ppp-2.3.8). I usually go here for my PPP files: ftp://cs.anu.edu.au/pub/software/ppp/ Grab youself the MSCHAP/MPPE diff files and the RC4 files Follow these instructions: Note: [] are example commands to run * extract the archive to your local file system [tar xvzf ppp-2.3.8.tgz]. * copy the MSCHAP/MPPE diff file to ppp-2.3.8/ * copy the RC4 files (rc4.h and rc4_enc.c) to ppp-2.3.8/linux/ * [cd ppp-2.3.8] * extract the diff file [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] * patch the diff [patch -p1 < ppp-2.3.8-mppe-others-norc4_TH7.diff] * [./configure] * [cd linux] * [./kinstall.sh] * [cd ..] * [make] * make a backup of your pppd if your so inclined * copy the new pppd over the old one [cat pppd/pppd > `which pppd`] * [cd /usr/src/linux] * [make modules SUBDIRS=drivers/net] * [make modules_install] * [rmmod ppp] * [insmod ppp] * [insmod ppp_mppe] Here is an example PPP options file (/etc/ppp/options): lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless Here is an example chap-secrets file (/etc/ppp/chap-secrets) username * password * Setup your Windows client to support data encryption. Run PoPToP and connect! From mattd at marketinsights.nctda.org Wed Jul 7 20:12:45 1999 From: mattd at marketinsights.nctda.org (Matt Drake) Date: Wed Jul 7 20:12:45 1999 Subject: [pptp-server] Off Topic: anyone have fixes for ms win95/98 pptp client bugs? Message-ID: <003e01bec8df$83219170$1300a8c0@mongoose.persimmon.com> Hi, I am sorry that this is a little off topic but I was wondering if anyone has run into win95/98 PPTP client bugs and received a fix from MS. I am very interested in fixes (if available) for the following two "issues" and would love to get the fix from someone so I don't have to run around in circles talking to MS and Dell. The bugs are.. Slow DNS Name Resolution When Using PPTP Connection Article ID: Q193456 http://support.microsoft.com/support/kb/articles/q193/4/56.asp TCP/IP Host Name Resolution Takes a Long Time on PPTP Connection Article ID: Q193878 http://support.microsoft.com/support/kb/articles/q193/8/78.asp Due to the way in which my environment is setup (don't ask) I have big problems with the bug 'Q193456' on both win95 and win98 machines. Has anyone else seen similar problems on win98 machines? I have not had much luck finding information on these problems so if you have any suggestions please let me know. Oh, I tried editing the c:\windows\hosts.sam file but that didn't seem to do anything. Thanks, Matthias pptpd 0.9.2 pppd 2.3.7 red hat linux 6.0 From pgrace at temp555.com Wed Jul 7 21:10:45 1999 From: pgrace at temp555.com (Peter Grace) Date: Wed Jul 7 21:10:45 1999 Subject: [pptp-server] Problems with pptp In-Reply-To: <003e01bec8df$83219170$1300a8c0@mongoose.persimmon.com> Message-ID: Hello, When my windows clients connect to the PoPToP server, the server sets the gateway ip in windows to the same ip as the windows machine (i.e. if ip address is set to 192.168.1.50, poptop sets gateway to 192.168.1.50 as well) I think this is the primary reason why I cannot do anything on the VPN connection asides from ping the ip it is given; Any suggestions as to how I can make poptop set the info correctly? Docs need to be a bit more informative, I feel.... --- /----------------------------------------------------------- | Peter Grace | e-mail: km at temp555.com | ICQ: #3697256 IRC: km- | HAM: kb3dfq at w3ch.#sepa.pa.usa.noam AIM: KaiKnight \----------------------------------------------------------- From tmk at netmagic.net Thu Jul 8 02:13:23 1999 From: tmk at netmagic.net (tmk) Date: Thu Jul 8 02:13:23 1999 Subject: [pptp-server] Re: [pptp-server] Problems with pptp References: Message-ID: <000b01bec911$c0f71d80$011c0fc0@lala.net> You probably need to enable IP forwarding in the kernel (echo "1" > /proc/sys/net/ipv4/ip_forward) it's not a poptop issue, it's a routing issue :) Kevin ----- Original Message ----- From: Peter Grace To: Sent: Wednesday, July 07, 1999 7:09 PM Subject: [pptp-server] Problems with pptp > Hello, > > When my windows clients connect to the PoPToP server, the server sets > the gateway ip in windows to the same ip as the windows machine (i.e. if ip > address is set to 192.168.1.50, poptop sets gateway to 192.168.1.50 as well) > > I think this is the primary reason why I cannot do anything on the VPN > connection asides from ping the ip it is given; Any suggestions as to how I > can make poptop set the info correctly? > > Docs need to be a bit more informative, I feel.... > > > --- > /----------------------------------------------------------- > | Peter Grace > | e-mail: km at temp555.com > | ICQ: #3697256 IRC: km- > | HAM: kb3dfq at w3ch.#sepa.pa.usa.noam AIM: KaiKnight > \----------------------------------------------------------- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From amacc at mailer.org Thu Jul 8 04:44:31 1999 From: amacc at mailer.org (Andrew McRory) Date: Thu Jul 8 04:44:31 1999 Subject: [pptp-server] Re: [pptp-server] Problems with pptp In-Reply-To: Message-ID: On Wed, 7 Jul 1999, Peter Grace wrote: > Hello, > > When my windows clients connect to the PoPToP server, the > server sets the gateway ip in windows to the same ip as the windows > machine (i.e. if ip address is set to 192.168.1.50, poptop sets > gateway to 192.168.1.50 as well) > > I think this is the primary reason why I cannot do anything on the VPN > connection asides from ping the ip it is given; Any suggestions as to > how I can make poptop set the info correctly? > I seem to have a similar problem... I've verified the kernel is configured to forward and have gone as far as to disable the firewall and set all policies to accept. I can see the client talk to the server using tcpdump and can browse/access files on that samba server but when I try to access any other machines on the remote network tcpdump shows a brodcast attempt to which there is no reply. Interesting thing is I can ping any machine on the remote subnet all day long with no errors! Any ideas? Andrew McRory - amacc at linuxsys.com *********************************** Linux Systems Engineers / The PC Doctors * 3009-C West Tharpe Street - Tallahassee, FL 32303 * Voice 850.575.7213 *************************************************** From Daniel.sarnstrom at securenet.se Thu Jul 8 09:39:41 1999 From: Daniel.sarnstrom at securenet.se (=?iso-8859-1?Q?Daniel_S=E4rnstr=F6m?=) Date: Thu Jul 8 09:39:41 1999 Subject: [pptp-server] pptp advanced help request! Message-ID: <9FCEF83E8C13D311BAA900A0C9822DD23CA1@net1.securenet.se> I have succesfully installed pptp and I would like to run a client side script when connected. Is there any way to start a bat-file for windows-clients after connected to pptp. Thankful for help. //Daniel Sarnstrom ----------------------------- Securenet AB For a 5 mb virtual harddrive for free, visit http://www.fileme.com. From pgrace at rtdcs.com Thu Jul 8 09:57:57 1999 From: pgrace at rtdcs.com (Peter Grace) Date: Thu Jul 8 09:57:57 1999 Subject: [pptp-server] Re: [pptp-server] Problems with pptp Message-ID: On Thu, 8 Jul 1999, tmk wrote: > You probably need to enable IP forwarding in the kernel (echo "1" > > /proc/sys/net/ipv4/ip_forward) > > it's not a poptop issue, it's a routing issue :) > > Kevin Well, I'd be working on this problem except a seperate problem has popped up.. I installed pppd-2.3.8 thinking that that might fix my gatewaying problem (the ip_forward is set, btw) but it hasn't. Also, the ppp connection dies after about 15 seconds and pptp has this to say: Jul 8 10:49:15 messiah pptpd[26825]: CTRL: local address = 192.100.200.104 Jul 8 10:49:15 messiah pptpd[26825]: CTRL: remote address = 192.100.200.156 Jul 8 10:49:15 messiah pppd[26826]: pppd 2.3.8 started by root, uid 0 Jul 8 10:49:15 messiah pppd[26826]: Using interface ppp1 Jul 8 10:49:15 messiah pppd[26826]: Connect: ppp1 <--> /dev/ttyp1 Jul 8 10:49:17 messiah pppd[26826]: local IP address 192.100.200.104 Jul 8 10:49:17 messiah pppd[26826]: remote IP address 192.100.200.156 Jul 8 10:49:17 messiah pppd[26826]: Script /etc/ppp/ip-up started (pid 26827) Jul 8 10:49:22 messiah pppd[26826]: Script /etc/ppp/ip-up finished (pid 26827), status = 0x0 Jul 8 10:49:46 messiah pptpd[26825]: GRE: xmit failed from decaps_hdlc Jul 8 10:49:46 messiah pptpd[26825]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Jul 8 10:49:46 messiah pptpd[26825]: CTRL: Client 207.29.206.116 control connection finished Jul 8 10:49:46 messiah pptpd[26825]: CTRL: Exiting now If any of you can shed some light onto the subject in regards to why the xmit is failing on decaps_hdlc and the ptyread/grewrite stuff, I'd be most appreciative. I checked the permissions on /dev/ptyp0: crw-rw-rw- 1 root tty 2, 0 Jul 8 10:36 /dev/ptyp0 I don't know if its a pty problem or not. Thanks, Peter From mattd at marketinsights.nctda.org Thu Jul 8 10:19:26 1999 From: mattd at marketinsights.nctda.org (Matt Drake) Date: Thu Jul 8 10:19:26 1999 Subject: [pptp-server] Summary: Off Topic:anyone have fixes for ms win95/98 pptp client bugs? Message-ID: <005d01bec955$d10a2a20$1300a8c0@mongoose.persimmon.com> I would like to thank Geoff Nordli and Neil Helsley for pointing out the error in my ways... Doah! Geoff and Neil reminded me that the c:\windows\hosts.sam file is just a sample hosts file and that unless it is named just 'hosts' nothing will happen. I will try this and see if it helps out my situation. However, I would like to give a big thanks to Ron MacNeil for passing along the MS bug fix. Hopefully this patch will solve my problems without resorting to passing around an edited 'hosts' file to all my users. Thanks again for the timely feedback. My original message is below for those that missed it the first time around. Matthias (too many people named Matt on this list) Original message ---------------------------------------------------------------------------- ------------- Hi, I am sorry that this is a little off topic but I was wondering if anyone has run into win95/98 PPTP client bugs and received a fix from MS. I am very interested in fixes (if available) for the following two "issues" and would love to get the fix from someone so I don't have to run around in circles talking to MS and Dell. The bugs are.. Slow DNS Name Resolution When Using PPTP Connection Article ID: Q193456 http://support.microsoft.com/support/kb/articles/q193/4/56.asp TCP/IP Host Name Resolution Takes a Long Time on PPTP Connection Article ID: Q193878 http://support.microsoft.com/support/kb/articles/q193/8/78.asp Due to the way in which my environment is setup (don't ask) I have big problems with the bug 'Q193456' on both win95 and win98 machines. Has anyone else seen similar problems on win98 machines? I have not had much luck finding information on these problems so if you have any suggestions please let me know. Oh, I tried editing the c:\windows\hosts.sam file but that didn't seem to do anything. Thanks, Matthias pptpd 0.9.2 pppd 2.3.7 red hat linux 6.0 From Jim at Morris.net Thu Jul 8 12:02:44 1999 From: Jim at Morris.net (Jim Morris) Date: Thu Jul 8 12:02:44 1999 Subject: [pptp-server] Using PPTPD & Linux PPTP to setup VPN In-Reply-To: <3783E292.8BE96F24@moreton.com.au> References: <3783E292.8BE96F24@moreton.com.au> Message-ID: <5494.990708@Morris.net> Hi All, I am trying to setup a "Virtual Private Network" across the Internet, between my home LAN and the office LAN. Both ends use Linux servers and IP masquerading to connect to the Internet. I use the DYNIP.COM service to associate a known DNS name with the office network. Before anyone suggests alternative methods to setup a VPN, let me say that I am trying it with PPTPD because it seems to be the only possibility I've thought of that does not require a known *FIXED* IP address on both ends of the VPN. So far, PPTPD works great to let me dialup my local ISP using my Win98 PC, and then use a PPTP adapter to connect to the office LAN. However, it seems to me that if I use the PPTP program under Linux, I should be able to connect *ALL* my home PC's (3) to the office LAN, at the same time that I am doing IP Masquerading to the Internet on both ends. So far, I've tried to do this with limited success. I can ping a machine the internel network at the office from a PC on my LAN at home. However, anything beyond that is pretty flakey. I.e. stuff like telnet works somewhat, but for the most part, I can establish a connection, but as soon as I try anything that transfers much data (like even doing an "ls" in ftp), the connection dies, and ftp or telnet exit. I somehow think this is related to my firewall rules for Masquerading and forwarding. If I look at the active masquerading connections here at home, using "ipchains -M -L", it shows the ftp or telnet connection - whereas I would think that should not be masquerading. I have setup routes to the 2 networks manually, if that matters. My goal is to write some kind of script that will automate this on both ends somehow. I.e. the client side connects to the PPTPD server system on the Internet by running a script that sets up the routes, etc, for both ends (possibly using rcmd or something to do the server side route). Has anyone set anything like this up? If so, I would be interesting in seeing how you setup the firewall/masquerading rules using ipchains or ipfwadm (I have Linux 2.2 at home, but Linux 2.0.36 at work). If this is impossible, I would like to know that too! ;-) Thanks! And I can provide more info if need be. -- A nuclear war can ruin your whole day. -- -- /------------------------------------------------\ | Jim Morris | Business: jmorris at rtc-group.com | | | Personal: Jim at Morris.net | |------------------------------------------------| | World Wide Web: http://Jim.Morris.net | | AOL Instant Messenger: JFM2001 | \------------------------------------------------/ From tmk at netmagic.net Thu Jul 8 14:08:47 1999 From: tmk at netmagic.net (tmk) Date: Thu Jul 8 14:08:47 1999 Subject: [pptp-server] Re: [pptp-server] Using PPTPD & Linux PPTP to setup VPN In-Reply-To: <5494.990708@Morris.net> Message-ID: without reading in detail (i'm an expert, right? ;) it looks like you want to do the following: connect your home box to your work box via pptp (working already) connect the 2 networks together (not working too well) here's what you need to do. turn on ip_forwarding (should already be on if you're masqing) set up a NON-masq'd route from your local net to your work net set up a NON-masq'd route from your work net to your local net let the computers on BOTH networks know that the linux boxes are gateways (also probably already done) some specifics: say your home ip's are 10.0.0.x and work ips are 192.168.0.x, both linux boxes are x.x.x.1, both netmasks are 24bit (255.255.255.0) also, let's say that for your pptp connection, the servers have their respective x.x.x.2 ip addrs for the remote/local ip so we do a route add -net 10.0.0.0 netmask 255.255.255.0 gw 192.168.0.2 on the work box and route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.2 on the home box make sure that those routes are NOT masq'd this is untested, but sounds right :) if it doesn't work let me know and i'll figure it out. one thing to try might be switching the gateway ip's Kevin On Thu, 8 Jul 1999, Jim Morris wrote: > Hi All, > > I am trying to setup a "Virtual Private Network" across the Internet, > between my home LAN and the office LAN. Both ends use Linux servers > and IP masquerading to connect to the Internet. I use the DYNIP.COM > service to associate a known DNS name with the office network. > > Before anyone suggests alternative methods to setup a VPN, let me say > that I am trying it with PPTPD because it seems to be the only > possibility I've thought of that does not require a known *FIXED* IP > address on both ends of the VPN. > > So far, PPTPD works great to let me dialup my local ISP using my Win98 > PC, and then use a PPTP adapter to connect to the office LAN. > However, it seems to me that if I use the PPTP program under Linux, I > should be able to connect *ALL* my home PC's (3) to the office LAN, at > the same time that I am doing IP Masquerading to the Internet on both > ends. > > So far, I've tried to do this with limited success. I can ping a > machine the internel network at the office from a PC on my LAN at > home. However, anything beyond that is pretty flakey. I.e. stuff like > telnet works somewhat, but for the most part, I can establish a > connection, but as soon as I try anything that transfers much data > (like even doing an "ls" in ftp), the connection dies, and ftp or > telnet exit. > > I somehow think this is related to my firewall rules for Masquerading > and forwarding. If I look at the active masquerading connections here > at home, using "ipchains -M -L", it shows the ftp or telnet connection > - whereas I would think that should not be masquerading. I have setup > routes to the 2 networks manually, if that matters. My goal is to > write some kind of script that will automate this on both ends > somehow. I.e. the client side connects to the PPTPD server system on > the Internet by running a script that sets up the routes, etc, for > both ends (possibly using rcmd or something to do the server side > route). > > Has anyone set anything like this up? If so, I would be interesting > in seeing how you setup the firewall/masquerading rules using ipchains > or ipfwadm (I have Linux 2.2 at home, but Linux 2.0.36 at work). > > If this is impossible, I would like to know that too! ;-) > > Thanks! And I can provide more info if need be. > > > -- > A nuclear war can ruin your whole day. > -- > -- > /------------------------------------------------\ > | Jim Morris | Business: jmorris at rtc-group.com | > | | Personal: Jim at Morris.net | > |------------------------------------------------| > | World Wide Web: http://Jim.Morris.net | > | AOL Instant Messenger: JFM2001 | > \------------------------------------------------/ > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From ahall at mirapoint.com Thu Jul 8 14:55:12 1999 From: ahall at mirapoint.com (Adrian Hall) Date: Thu Jul 8 14:55:12 1999 Subject: [pptp-server] Solaris Connectivity to the Office LAN Message-ID: <009b01bec97b$d14430a0$ca00a8c0@mirapoint.com> Good Morning all, Apologies if this is on an FAQ that I haven't seen as yet. I have a PPTP service at work for doing VPN. Using the VPN stuff supplied with Windows 98 works good. I would like to do the same thing to connect my Sparcstation running Solaris 2.7 to my office LAN. The connectivity on my sparc end is Ethernet with a static IP address. Can someone please give me pointers to get this set up, including software required, and configuration? Thanks Adrian -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Adrian E Hall.vcf Type: text/x-vcard Size: 423 bytes Desc: not available URL: From matthewr at moreton.com.au Thu Jul 8 20:39:26 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu Jul 8 20:39:26 1999 Subject: [pptp-server] pptpv2 cryptanalysis Message-ID: <37855191.D2BD651D@moreton.com.au> saw this on the vpn mailing list: http://www.counterpane.com/pptpv2-paper.html -matt From m.horne at comnet.co.nz Fri Jul 9 01:19:30 1999 From: m.horne at comnet.co.nz (Michael Horne) Date: Fri Jul 9 01:19:30 1999 Subject: [pptp-server] Errors: 650, 629, 640 Message-ID: <001c01bec9d3$8bf1e1c0$1719cb83@MichaelHorne.comnet.co.nz> We have started trialing VPN software to overcome security problems raised by the use of global roaming dial-up software. We were having the problems that people were discussing in the June mailing list archive with 650 errors, and 645 errors. we tried some of the things mentioned on the mailing list archive, but with out much success. We eventually got rid of the problem by installing another Microsoft Dial-up Adapter. When we installed another dial-up adapter and then listed the adapters available, the new dial-up adapter came up "Dial-up Adapter #2 (VPN Support)" After that we had no problems connecting and authenticating to the VPN server. Thought I should send this to the mailing list, in case it helps any one else out. \_, Michael Horne ComNet Technologies Limited Message-ID: <199907090633.OAA07907@typhaon.ucs.uwa.edu.au> > Jul 8 10:49:46 messiah pptpd[26825]: GRE: xmit failed from decaps_hdlc > If any of you can shed some light onto the subject in regards to why the > xmit is failing on decaps_hdlc and the ptyread/grewrite stuff, I'd be most > appreciative. > I don't know if its a pty problem or not. I'd say not, since it's writing to the network (GRE) descriptor which failed. This is very strange. Could it be being blocked by a firewall rule on the local host? Could it be that there is no route to the host in question? I'll add some more debugging but I can't commit to CVS for a little as I've made many changes in my source tree which I don't want to commit before I've tested them (there are some reasonably bad bugs in the current version I've fixed in my tree, but I've made such changes that I've potentially introduced more). David. From m.horne at comnet.co.nz Fri Jul 9 01:37:20 1999 From: m.horne at comnet.co.nz (Michael Horne) Date: Fri Jul 9 01:37:20 1999 Subject: [pptp-server] Routing down VPN link Message-ID: <001d01bec9d6$0e50c030$1719cb83@MichaelHorne.comnet.co.nz> We have set up the PPTP server on FreeBSD. We have gotten the authentication to work. For some reason the routing on the client machine is not quite right. Connecting with the Client to a Microsoft PPTP server works fine, so we believe it is something that we are not doing correctly with respects to the configuration on the FreeBSD system. When we ping the VPN server, the packets travel over the dial-up connection as expected. When we ping the other end of the VPN link, the packets travel over the VPN link. When we do a traceroute from the client the packets do not report a first hop. We have tried doing a traceroute from the other side. From a remote location on our network we attempt a traceroute to the VPN client. The traffic goes to the VPN server, but no further hops are reported back. Has anyone else faced this problem? Any suggestions? Thanks, \_, Michael Horne ComNet Technologies Limited Message-ID: <199907090648.OAA08149@typhaon.ucs.uwa.edu.au> > When we ping the VPN server, the packets travel over the dial-up connection > as expected. When we ping the other end of the VPN link, the packets travel > over the VPN link. When we do a traceroute from the client the packets do > not report a first hop. This could be your firewalling on the FreeBSD system. Have you checked that? Have you tried replacing the firewalling temporarily with a rule to permit everything? One thing to remember is that traceroute uses UDP packets. (the best way to safely change FreeBSD ipfw rules is in a script run once from cron - then you're 100% sure the script won't be killed when it tries to print output just after it does an ipfw flush [at which point writing any network packet will cause a problem]) David. From charis at chariscomp.com Fri Jul 9 08:44:51 1999 From: charis at chariscomp.com (Charis Computer Services) Date: Fri Jul 9 08:44:51 1999 Subject: [pptp-server] Setting up PPTP Message-ID: <000001beca11$22416b40$0100a8c0@joshua.iol19.com> I am trying to set up the pptp server. This is my first time to do it and I am getting stuck. I have installed it and am running it on a Red Hat 6.0 system using ppp 2.3.7 and pptp 0.9.4. I can connect from a win95 or win98 clients, but once I connect I can see nothing in the Network Neighborhood. (Perhaps I am misunderstanding what this is supposed to do?) My /etc/ppp/options file is as follows: Charis Computer Services www.chariscomp.com charis at chariscomp.com From charis at chariscomp.com Fri Jul 9 09:00:31 1999 From: charis at chariscomp.com (Charis Computer Services) Date: Fri Jul 9 09:00:31 1999 Subject: [pptp-server] Setting up PPTP - try #2 Message-ID: <000101beca13$4d8fed60$0100a8c0@joshua.iol19.com> I accidentally sent my message before it was complete. The message follows: I am trying to set up the pptp server. This is my first time to do it and I am getting stuck (I am a relative Linux newbie). I have installed it and am running it on a Red Hat 6.0 system using ppp 2.3.7 and pptp 0.9.4. I can connect from a win95 or win98 clients, but once I connect I can see nothing in the Network Neighborhood. (Perhaps I am misunderstanding what this is supposed to do? How can I tell if it is working?) My /etc/ppp/options file is as follows: lock debug name gateway auth require-chap proxyarp My /etc/pptpd.conf is as follows: speed 115200 localip 206.96.206.143 remoteip 192.168.0.245-254 The log file from my last connection reads as follows: Jul 9 03:38:53 gateway pptpd[1608]: CTRL: Client 209.113.110.17 control connection started Jul 9 03:38:54 gateway pptpd[1608]: CTRL: Starting call (launching pppd, opening GRE) Jul 9 03:38:54 gateway pppd[1609]: pppd 2.3.7 started by root, uid 0 Jul 9 03:38:54 gateway pppd[1609]: Using interface ppp0 Jul 9 03:38:54 gateway pppd[1609]: Connect: ppp0 <--> /dev/pts/1 Jul 9 03:38:54 gateway pppd[1609]: sent [LCP ConfReq id=0x1 ] Jul 9 03:38:55 gateway pppd[1609]: rcvd [LCP ConfReq id=0x1 ] Jul 9 03:38:55 gateway pppd[1609]: sent [LCP ConfRej id=0x1 ] Jul 9 03:38:55 gateway pppd[1609]: rcvd [LCP ConfAck id=0x1 ] Jul 9 03:38:55 gateway pppd[1609]: rcvd [LCP ConfReq id=0x2 ] Jul 9 03:38:55 gateway pppd[1609]: sent [LCP ConfAck id=0x2 ] Jul 9 03:38:55 gateway pppd[1609]: sent [CHAP Challenge id=0x1 , name = "gateway"] Jul 9 03:38:56 gateway pppd[1609]: rcvd [CHAP Response id=0x1 <1842b6ab9e58fbaaa5e3474777dd2d87>, name = "billy"] Jul 9 03:38:56 gateway pppd[1609]: sent [CHAP Success id=0x1 "Welcome to gateway.tca.net."] Jul 9 03:38:56 gateway pppd[1609]: sent [IPCP ConfReq id=0x1 ] Jul 9 03:38:56 gateway modprobe: can't locate module ppp-compress-21 Jul 9 03:38:56 gateway modprobe: can't locate module ppp-compress-26 Jul 9 03:38:56 gateway modprobe: can't locate module ppp-compress-24 Jul 9 03:38:56 gateway pppd[1609]: CHAP peer authentication succeeded for billy Jul 9 03:38:56 gateway pppd[1609]: rcvd [IPCP ConfReq id=0x1 ] Jul 9 03:38:56 gateway pppd[1609]: sent [IPCP ConfRej id=0x1 ] Jul 9 03:38:56 gateway pppd[1609]: rcvd [CCP ConfReq id=0x1 < 12 06 01 00 00 01> < 11 05 00 01 04>] Jul 9 03:38:57 gateway modprobe: can't locate module ppp-compress-21 Jul 9 03:38:57 gateway modprobe: can't locate module ppp-compress-26 Jul 9 03:38:57 gateway modprobe: can't locate module ppp-compress-24 Jul 9 03:38:57 gateway pppd[1609]: sent [CCP ConfReq id=0x1] Jul 9 03:38:57 gateway pppd[1609]: sent [CCP ConfRej id=0x1 < 12 06 01 00 00 01> < 11 05 00 01 04>] Jul 9 03:38:57 gateway pppd[1609]: rcvd [IPCP ConfAck id=0x1 ] Jul 9 03:38:57 gateway pppd[1609]: rcvd [IPCP ConfReq id=0x2 ] Jul 9 03:38:57 gateway pppd[1609]: sent [IPCP ConfNak id=0x2 ] Jul 9 03:38:58 gateway pppd[1609]: rcvd [CCP ConfAck id=0x1] Jul 9 03:38:58 gateway pppd[1609]: rcvd [CCP ConfReq id=0x2] Jul 9 03:38:58 gateway pppd[1609]: sent [CCP ConfAck id=0x2] Jul 9 03:38:58 gateway pppd[1609]: rcvd [IPCP ConfReq id=0x3 ] Jul 9 03:38:58 gateway pppd[1609]: sent [IPCP ConfAck id=0x3 ] Jul 9 03:38:58 gateway pppd[1609]: Cannot determine ethernet address for proxy ARP Jul 9 03:38:58 gateway pppd[1609]: local IP address 206.96.206.143 Jul 9 03:38:58 gateway pppd[1609]: remote IP address 192.168.0.2 Jul 9 03:38:58 gateway pppd[1609]: Script /etc/ppp/ip-up started; pid = 1619 Jul 9 03:38:58 gateway pppd[1609]: rcvd [CCP TermReq id=0x3] Jul 9 03:38:58 gateway pppd[1609]: CCP terminated by peer Jul 9 03:38:58 gateway pppd[1609]: sent [CCP TermAck id=0x3] Jul 9 03:38:58 gateway pppd[1609]: Compression disabled by peer. Jul 9 03:38:59 gateway pppd[1609]: Script /etc/ppp/ip-up finished (pid 1619), status = 0x0 Jul 9 03:39:23 gateway pppd[1609]: rcvd [LCP TermReq id=0x3] Jul 9 03:39:23 gateway pppd[1609]: LCP terminated by peer Jul 9 03:39:23 gateway pppd[1609]: Script /etc/ppp/ip-down started; pid = 1648 Jul 9 03:39:23 gateway pppd[1609]: sent [LCP TermAck id=0x3] Jul 9 03:39:23 gateway pppd[1609]: Script /etc/ppp/ip-down finished (pid 1648), status = 0x0 Jul 9 03:39:24 gateway pptpd[1608]: CTRL: Client 209.113.110.17 control connection finished Jul 9 03:39:24 gateway pppd[1609]: Modem hangup Jul 9 03:39:24 gateway pppd[1609]: Connection terminated. Jul 9 03:39:24 gateway pppd[1609]: Connect time 0.5 minutes. Jul 9 03:39:24 gateway pppd[1609]: Sent 359 bytes, received 5822 bytes. Jul 9 03:39:24 gateway pppd[1609]: Exit. I am trying to set this up to allow someone to access an internal database across the Internet. The client will be win98. I get the same results with either a win95 or win98 client. Also, my win95 setup is set to no compression, no encryption, only TCP/IP. Any help would be appreciated! Sincerely, Joshua D. Cook Charis Computer Services www.chariscomp.com charis at chariscomp.com From Jim at Morris.net Fri Jul 9 09:16:51 1999 From: Jim at Morris.net (Jim Morris) Date: Fri Jul 9 09:16:51 1999 Subject: [pptp-server] Re[2]: [pptp-server] Using PPTPD & Linux PPTP to setup VPN In-Reply-To: References: Message-ID: <12384.990709@Morris.net> Hi tmk, Ok, I *think* I had done most of that, but what looks a little different might be the IP addresses of the Gateways on both routes. I'll check that out. Also, I am unclear how exactly I ensure that the routes between the networks are not masq'ed. Do I have to use ipchains or ipfwadm to somehow EXCLUDE the network on the other end from the default masquerading setup, which is to send stuff for ALL remote nets to the Internet, via masquerading. Thanks! -- /------------------------------------------------\ | Jim Morris | Business: jmorris at rtc-group.com | | | Personal: Jim at Morris.net | |------------------------------------------------| | World Wide Web: http://Jim.Morris.net | | AOL Instant Messenger: JFM2001 | \------------------------------------------------/ From epadin at wagweb.com Fri Jul 9 09:42:00 1999 From: epadin at wagweb.com (Ed Padin) Date: Fri Jul 9 09:42:00 1999 Subject: [pptp-server] RE: [pptp-server] pptpv2 cryptanalysis Message-ID: This looks like a much better encryption than plain ol' chap. Is there a PPP patch that supports this yet? > -----Original Message----- > From: Matthew Ramsay [mailto:matthewr at moreton.com.au] > Sent: Thursday, July 08, 1999 9:34 PM > To: poptop > Subject: [pptp-server] pptpv2 cryptanalysis > > > saw this on the vpn mailing list: > > http://www.counterpane.com/pptpv2-paper.html > > -matt > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From sam at linuxtec.com Sat Jul 10 13:20:18 1999 From: sam at linuxtec.com (Samuel Gonzalez, Jr.) Date: Sat Jul 10 13:20:18 1999 Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] Problems with pptp References: Message-ID: <378780E2.DD1EF4EE@linuxtec.com> Andrew, I am also having the same problem with connecting to shares on servers other than the firewall itself. Has anyone found an answer to this issue? I know that proxyarp is working, according to the syslog. I even get the browse list of the internal network, however when I try to browse that server, the network path is unavailable. Clues anyone? Sam Andrew McRory wrote: > On Wed, 7 Jul 1999, Peter Grace wrote: > > > Hello, > > > > When my windows clients connect to the PoPToP server, the > > server sets the gateway ip in windows to the same ip as the windows > > machine (i.e. if ip address is set to 192.168.1.50, poptop sets > > gateway to 192.168.1.50 as well) > > > > I think this is the primary reason why I cannot do anything on the VPN > > connection asides from ping the ip it is given; Any suggestions as to > > how I can make poptop set the info correctly? > > > > I seem to have a similar problem... I've verified the kernel is configured > to forward and have gone as far as to disable the firewall and set all > policies to accept. I can see the client talk to the server using tcpdump > and can browse/access files on that samba server but when I try to access > any other machines on the remote network tcpdump shows a brodcast attempt > to which there is no reply. Interesting thing is I can ping any machine on > the remote subnet all day long with no errors! > > Any ideas? > > Andrew McRory - amacc at linuxsys.com *********************************** > Linux Systems Engineers / The PC Doctors * > 3009-C West Tharpe Street - Tallahassee, FL 32303 * > Voice 850.575.7213 *************************************************** > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- ****************************************** Samuel Gonzalez, Jr. SGI Consulting Houston, Texas 281-687-9286 www.linuxtec.com ****************************************** From sam at linuxtec.com Sat Jul 10 14:38:08 1999 From: sam at linuxtec.com (Samuel Gonzalez, Jr.) Date: Sat Jul 10 14:38:08 1999 Subject: [pptp-server] Re: [pptp-server] Re[2]: [pptp-server] Using PPTPD & Linux PPTP to setup VPN References: <12384.990709@Morris.net> Message-ID: <37879323.80195237@linuxtec.com> Jim, If you are using the newer 2.2.x kernels then you use ipchains. Otherwise you use ipfwadm. I recently had to set up a vpn between 2 networks and had to figure out how to tell the masquerading firewall to only mask the traffic out to the internet, but leave the internal stuff alone. I accomplished that with the following command; ipfwadm -F -f ipfwadm -F -p accept ipfwadm -F -a m -S -D 0.0.0.0/0 -W eth1 the interface after the "-W" is the default gateway interface. Hope this helps Sam Jim Morris wrote: > Hi tmk, > > Ok, I *think* I had done most of that, but what looks a little > different might be the IP addresses of the Gateways on both routes. > I'll check that out. > > Also, I am unclear how exactly I ensure that the routes between the > networks are not masq'ed. Do I have to use ipchains or ipfwadm to > somehow EXCLUDE the network on the other end from the default > masquerading setup, which is to send stuff for ALL remote nets to the > Internet, via masquerading. > > Thanks! > > -- > /------------------------------------------------\ > | Jim Morris | Business: jmorris at rtc-group.com | > | | Personal: Jim at Morris.net | > |------------------------------------------------| > | World Wide Web: http://Jim.Morris.net | > | AOL Instant Messenger: JFM2001 | > \------------------------------------------------/ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- ****************************************** Samuel Gonzalez, Jr. SGI Consulting Houston, Texas 281-687-9286 www.linuxtec.com ****************************************** From christopher at schulte.org Sat Jul 10 18:35:24 1999 From: christopher at schulte.org (Christopher Schulte) Date: Sat Jul 10 18:35:24 1999 Subject: [pptp-server] list software upgraded Message-ID: <4.2.0.58.19990710182759.00bb6220@pop.schulte.org> Just a simple FYI: Today an update was released for the software that is used to run the pptp-server mailing list. The most important issue I see addressed was the "[pptp-server] Re: [pptp-server] Re: [pptp-server]" bug where the list software would not strip the leading RE:'s from incoming messages. For this reason alone I decided to put the update into production right away. Hopefully the new version will fix that somewhat annoying problem. Nothing else has changed. Later, -- NAME: Christopher Schulte LOVE: techno crap, pizza SITE: http://www.schulte.org/ MAIL: christopher at schulte.org "My whole existence is flawed." --Trent Reznor, Nine Inch Nails HALO 8 From sam at linuxtec.com Sat Jul 10 20:41:50 1999 From: sam at linuxtec.com (Samuel Gonzalez, Jr.) Date: Sat Jul 10 20:41:50 1999 Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] Problems with pptp References: <378780E2.DD1EF4EE@linuxtec.com> Message-ID: <3787E861.35824B94@linuxtec.com> Hello All, Just a quick update on the browsing problem. I am using a WINS server on another subnet, I remembered the most basic thing about wins is that when a client uses wins, it also registers itself with the wins server. I told the machine that I was trying to get to to use the wins server as a client and I was able to resolve the netbios name from my laptop using pptp. Hope this helps Sam "Samuel Gonzalez, Jr." wrote: > Andrew, > I am also having the same problem with connecting to shares on > servers other than the firewall itself. Has anyone found an answer to this > issue? I know that proxyarp is working, according to the syslog. I even get > the browse list of the internal network, however when I try to browse that > server, the network path is unavailable. Clues anyone? > > Sam > > Andrew McRory wrote: > > > On Wed, 7 Jul 1999, Peter Grace wrote: > > > > > Hello, > > > > > > When my windows clients connect to the PoPToP server, the > > > server sets the gateway ip in windows to the same ip as the windows > > > machine (i.e. if ip address is set to 192.168.1.50, poptop sets > > > gateway to 192.168.1.50 as well) > > > > > > I think this is the primary reason why I cannot do anything on the VPN > > > connection asides from ping the ip it is given; Any suggestions as to > > > how I can make poptop set the info correctly? > > > > > > > I seem to have a similar problem... I've verified the kernel is configured > > to forward and have gone as far as to disable the firewall and set all > > policies to accept. I can see the client talk to the server using tcpdump > > and can browse/access files on that samba server but when I try to access > > any other machines on the remote network tcpdump shows a brodcast attempt > > to which there is no reply. Interesting thing is I can ping any machine on > > the remote subnet all day long with no errors! > > > > Any ideas? > > > > Andrew McRory - amacc at linuxsys.com *********************************** > > Linux Systems Engineers / The PC Doctors * > > 3009-C West Tharpe Street - Tallahassee, FL 32303 * > > Voice 850.575.7213 *************************************************** > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > -- > ****************************************** > Samuel Gonzalez, Jr. > SGI Consulting > Houston, Texas > 281-687-9286 > www.linuxtec.com > ****************************************** > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- ****************************************** Samuel Gonzalez, Jr. SGI Consulting Houston, Texas 281-687-9286 www.linuxtec.com ****************************************** From chris at brainplay.com Sat Jul 10 22:33:48 1999 From: chris at brainplay.com (Chris Dos) Date: Sat Jul 10 22:33:48 1999 Subject: [pptp-server] Problems with Subnet mask Message-ID: <37881090.21255CF3@brainplay.com> In this file: /etc/pptpd.conf speed 115200 localip 192.168.0.234-238 remoteip 192.168.1.234-238 It doesnt tell you how to specifiy a subnet mask. The client is getting a 255.255.0.0 instead of 255.255.255.0 subnet mask. What is the correct syntax of this file so the client gets the correct subnet mask. -- Chris Dos BrainPlay.com.com Corporate Administrator email: chris at brainplay.com From tmk at netmagic.net Sat Jul 10 23:14:17 1999 From: tmk at netmagic.net (tmk) Date: Sat Jul 10 23:14:17 1999 Subject: [pptp-server] Problems with Subnet mask References: <37881090.21255CF3@brainplay.com> Message-ID: <004501becb54$01ca9e60$011c0fc0@lala.net> the subnet mask is set by pppd. use the "netmask xxx.xxx.xxx.xxx" command in your ppp options file if that doesn't work (i've heard reports that pppd doesn't always do as it's told) you can add some code to do it for you in /etc/ppp/ip-up Kevin ----- Original Message ----- From: Chris Dos To: Sent: Saturday, July 10, 1999 8:33 PM Subject: [pptp-server] Problems with Subnet mask > In this file: > > /etc/pptpd.conf > > speed 115200 > localip 192.168.0.234-238 > remoteip 192.168.1.234-238 > > It doesnt tell you how to specifiy a subnet mask. The client is getting a > 255.255.0.0 instead of 255.255.255.0 subnet mask. What is the correct syntax > of this file so the client gets the correct subnet mask. > > -- > Chris Dos > BrainPlay.com.com Corporate Administrator > email: chris at brainplay.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From chris at brainplay.com Sun Jul 11 09:38:05 1999 From: chris at brainplay.com (Chris Dos) Date: Sun Jul 11 09:38:05 1999 Subject: [pptp-server] Problems with Subnet mask References: <37881090.21255CF3@brainplay.com> <004501becb54$01ca9e60$011c0fc0@lala.net> Message-ID: <3788AC27.6C7ACB85@brainplay.com> Well it seems that pppd isn't sending the subnet mask. Do you know of a link of what I need to add to ip-up to make this work. This shouldn't be this difficult. tmk wrote: > > the subnet mask is set by pppd. use the "netmask xxx.xxx.xxx.xxx" command in > your ppp options file > > if that doesn't work (i've heard reports that pppd doesn't always do as it's > told) you can add some code to do it for you in /etc/ppp/ip-up > > Kevin > ----- Original Message ----- > From: Chris Dos > To: > Sent: Saturday, July 10, 1999 8:33 PM > Subject: [pptp-server] Problems with Subnet mask > > > In this file: > > > > /etc/pptpd.conf > > > > speed 115200 > > localip 192.168.0.234-238 > > remoteip 192.168.1.234-238 > > > > It doesnt tell you how to specifiy a subnet mask. The client is getting a > > 255.255.0.0 instead of 255.255.255.0 subnet mask. What is the correct > syntax > > of this file so the client gets the correct subnet mask. > > > > -- > > Chris Dos > > BrainPlay.com.com Corporate Administrator > > email: chris at brainplay.com > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > -- Chris Dos KBkids.com Corporate Administrator email: chris at kbkids.com Phone: 303-226-6262 Fax: 303-382-1185 Pager: 303-281-0448 Cell: 303-949-8805 From amacc at mailer.org Sun Jul 11 10:48:49 1999 From: amacc at mailer.org (Andrew McRory) Date: Sun Jul 11 10:48:49 1999 Subject: [pptp-server] Problems with Subnet mask In-Reply-To: <3788AC27.6C7ACB85@brainplay.com> Message-ID: On Sun, 11 Jul 1999, Chris Dos wrote: > Well it seems that pppd isn't sending the subnet mask. Do you know of a link > of what I need to add to ip-up to make this work. This shouldn't be this > difficult. try the pppd man page? > tmk wrote: > > > > the subnet mask is set by pppd. use the "netmask xxx.xxx.xxx.xxx" command in > > your ppp options file > > > > if that doesn't work (i've heard reports that pppd doesn't always do as it's > > told) you can add some code to do it for you in /etc/ppp/ip-up > > > > Kevin > > ----- Original Message ----- > > From: Chris Dos > > To: > > Sent: Saturday, July 10, 1999 8:33 PM > > Subject: [pptp-server] Problems with Subnet mask > > > > > In this file: > > > > > > /etc/pptpd.conf > > > > > > speed 115200 > > > localip 192.168.0.234-238 > > > remoteip 192.168.1.234-238 > > > > > > It doesnt tell you how to specifiy a subnet mask. The client is getting a > > > 255.255.0.0 instead of 255.255.255.0 subnet mask. What is the correct > > syntax > > > of this file so the client gets the correct subnet mask. > > > > > > -- > > > Chris Dos > > > BrainPlay.com.com Corporate Administrator > > > email: chris at brainplay.com > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulte.org! > > > > > -- > Chris Dos > KBkids.com Corporate Administrator > email: chris at kbkids.com > Phone: 303-226-6262 Fax: 303-382-1185 > Pager: 303-281-0448 Cell: 303-949-8805 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > Andrew McRory - amacc at linuxsys.com *********************************** Linux Systems Engineers / The PC Doctors * 3009-C West Tharpe Street - Tallahassee, FL 32303 * Voice 850.575.7213 *************************************************** From chris at brainplay.com Sun Jul 11 11:20:26 1999 From: chris at brainplay.com (Chris Dos) Date: Sun Jul 11 11:20:26 1999 Subject: [pptp-server] Problems with Subnet mask References: Message-ID: <3788C41F.DCC638C4@brainplay.com> The ip-up file is actually a script file that is executed after the link has been established. To me, this seems to late to fix the subnet mask problem. But I'm not an expert in pppd. Andrew McRory wrote: > > On Sun, 11 Jul 1999, Chris Dos wrote: > > > Well it seems that pppd isn't sending the subnet mask. Do you know of a link > > of what I need to add to ip-up to make this work. This shouldn't be this > > difficult. > > try the pppd man page? > > > > tmk wrote: > > > > > > the subnet mask is set by pppd. use the "netmask xxx.xxx.xxx.xxx" command in > > > your ppp options file > > > > > > if that doesn't work (i've heard reports that pppd doesn't always do as it's > > > told) you can add some code to do it for you in /etc/ppp/ip-up > > > > > > Kevin > > > ----- Original Message ----- > > > From: Chris Dos > > > To: > > > Sent: Saturday, July 10, 1999 8:33 PM > > > Subject: [pptp-server] Problems with Subnet mask > > > > > > > In this file: > > > > > > > > /etc/pptpd.conf > > > > > > > > speed 115200 > > > > localip 192.168.0.234-238 > > > > remoteip 192.168.1.234-238 > > > > > > > > It doesnt tell you how to specifiy a subnet mask. The client is getting a > > > > 255.255.0.0 instead of 255.255.255.0 subnet mask. What is the correct > > > syntax > > > > of this file so the client gets the correct subnet mask. > > > > > > > > -- > > > > Chris Dos > > > > BrainPlay.com.com Corporate Administrator > > > > email: chris at brainplay.com > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulte.org! > > > > > > > > -- > > Chris Dos > > KBkids.com Corporate Administrator > > email: chris at kbkids.com > > Phone: 303-226-6262 Fax: 303-382-1185 > > Pager: 303-281-0448 Cell: 303-949-8805 > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > Andrew McRory - amacc at linuxsys.com *********************************** > Linux Systems Engineers / The PC Doctors * > 3009-C West Tharpe Street - Tallahassee, FL 32303 * > Voice 850.575.7213 *************************************************** > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- Chris Dos KBkids.com Corporate Administrator email: chris at kbkids.com Phone: 303-226-6262 Fax: 303-382-1185 Pager: 303-281-0448 Cell: 303-949-8805 From tmk at netmagic.net Sun Jul 11 11:39:15 1999 From: tmk at netmagic.net (tmk) Date: Sun Jul 11 11:39:15 1999 Subject: [pptp-server] Problems with Subnet mask References: <37881090.21255CF3@brainplay.com> <004501becb54$01ca9e60$011c0fc0@lala.net> <3788AC27.6C7ACB85@brainplay.com> Message-ID: <001401becbbc$524caf00$011c0fc0@lala.net> ahh, so pppd is sending the wrong netmask as well as using it locally. I see. Just so we're clear, you DID try the netmask pppd option right? Kevin ----- Original Message ----- From: Chris Dos Cc: Sent: Sunday, July 11, 1999 7:37 AM Subject: Re: [pptp-server] Problems with Subnet mask > Well it seems that pppd isn't sending the subnet mask. Do you know of a link > of what I need to add to ip-up to make this work. This shouldn't be this > difficult. > > tmk wrote: > > > > the subnet mask is set by pppd. use the "netmask xxx.xxx.xxx.xxx" command in > > your ppp options file > > > > if that doesn't work (i've heard reports that pppd doesn't always do as it's > > told) you can add some code to do it for you in /etc/ppp/ip-up > > > > Kevin > > ----- Original Message ----- > > From: Chris Dos > > To: > > Sent: Saturday, July 10, 1999 8:33 PM > > Subject: [pptp-server] Problems with Subnet mask > > > > > In this file: > > > > > > /etc/pptpd.conf > > > > > > speed 115200 > > > localip 192.168.0.234-238 > > > remoteip 192.168.1.234-238 > > > > > > It doesnt tell you how to specifiy a subnet mask. The client is getting a > > > 255.255.0.0 instead of 255.255.255.0 subnet mask. What is the correct > > syntax > > > of this file so the client gets the correct subnet mask. > > > > > > -- > > > Chris Dos > > > BrainPlay.com.com Corporate Administrator > > > email: chris at brainplay.com > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulte.org! > > > > > -- > Chris Dos > KBkids.com Corporate Administrator > email: chris at kbkids.com > Phone: 303-226-6262 Fax: 303-382-1185 > Pager: 303-281-0448 Cell: 303-949-8805 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From chris at brainplay.com Mon Jul 12 01:13:10 1999 From: chris at brainplay.com (Chris Dos) Date: Mon Jul 12 01:13:10 1999 Subject: [pptp-server] Problems with Subnet mask References: <37881090.21255CF3@brainplay.com> <004501becb54$01ca9e60$011c0fc0@lala.net> <3788AC27.6C7ACB85@brainplay.com> <001401becbbc$524caf00$011c0fc0@lala.net> Message-ID: <37898768.8CC7C6D3@brainplay.com> Oh yes I tried putting the mask option in pppd options file. Had zero effect. The server's nick is set correctly. It's using a 255.255.255.0 mask. But I can't seem to make pppd send the correct one. As a matter of fact, I was browsing through the archived mail from this list, and someone was having a problem getting the mast to set correctly. His kept showing up as a 255.0.0.0 mask when he wanted a 255.255.255.0 mask. He was using the 10.0.0.0 address range. No one was able to find a solution to his problem then either. I'm using the 172.16.0.0 range. Is there something hard coded into pppd that screws up if you use 10.0.0.0 or 172.16.0.0. I don't think anyone has had problems using the 192.168.0.0 range. Arrggg... Something that is so simple shouldn't be so difficult. And above all, I don't want to set up a NT server to do this. NT is just bad news. Chris tmk wrote: > > ahh, so pppd is sending the wrong netmask as well as using it locally. I > see. Just so we're clear, you DID try the netmask pppd option right? > > Kevin > ----- Original Message ----- > From: Chris Dos > Cc: > Sent: Sunday, July 11, 1999 7:37 AM > Subject: Re: [pptp-server] Problems with Subnet mask > > > Well it seems that pppd isn't sending the subnet mask. Do you know of a > link > > of what I need to add to ip-up to make this work. This shouldn't be this > > difficult. > > > > tmk wrote: > > > > > > the subnet mask is set by pppd. use the "netmask xxx.xxx.xxx.xxx" > command in > > > your ppp options file > > > > > > if that doesn't work (i've heard reports that pppd doesn't always do as > it's > > > told) you can add some code to do it for you in /etc/ppp/ip-up > > > > > > Kevin > > > ----- Original Message ----- > > > From: Chris Dos > > > To: > > > Sent: Saturday, July 10, 1999 8:33 PM > > > Subject: [pptp-server] Problems with Subnet mask > > > > > > > In this file: > > > > > > > > /etc/pptpd.conf > > > > > > > > speed 115200 > > > > localip 192.168.0.234-238 > > > > remoteip 192.168.1.234-238 > > > > > > > > It doesnt tell you how to specifiy a subnet mask. The client is > getting a > > > > 255.255.0.0 instead of 255.255.255.0 subnet mask. What is the correct > > > syntax > > > > of this file so the client gets the correct subnet mask. > > > > > > > > -- > > > > Chris Dos > > > > BrainPlay.com.com Corporate Administrator > > > > email: chris at brainplay.com > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulte.org! > > > > > > > > -- > > Chris Dos > > KBkids.com Corporate Administrator > > email: chris at kbkids.com > > Phone: 303-226-6262 Fax: 303-382-1185 > > Pager: 303-281-0448 Cell: 303-949-8805 > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > -- Chris Dos KBkids.com Corporate Administrator email: chris at kbkids.com Phone: 303-226-6262 Fax: 303-382-1185 Pager: 303-281-0448 Cell: 303-949-8805 From matthewr at moreton.com.au Mon Jul 12 02:36:52 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Jul 12 02:36:52 1999 Subject: [pptp-server] v0.9.5 released Message-ID: <378999F1.AC63E045@moreton.com.au> PoPToP v0.9.5 has been released! Grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html Here's the ChangeLog: v0.9.4 -> v0.9.5 12 July, 1999 - bad sequence number message made to detect duplicates and out of order and report appropriately - show if libwrap is selected in configure script output - completely re-did connection termination to match draft spec (unfortunately generates a warning when talking to Win98) - changed capabilities to be more realistic - fixed echo reply processing (should prevent death when idle) - made call id handling more sane - made us always use the right call id in the right place - print errno on GRE write failures - bind GRE to address connection was received on From luyer at ucs.uwa.edu.au Mon Jul 12 04:01:55 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Mon Jul 12 04:01:55 1999 Subject: [pptp-server] v0.9.5 released In-Reply-To: Your message of "Mon, 12 Jul 1999 07:32:01 GMT." <378999F1.AC63E045@moreton.com.au> Message-ID: <199907120901.RAA17138@typhaon.ucs.uwa.edu.au> Just to warn everyone - this new one generates a little more syslogging on connection close. It appears that by making it behave according to the PPTP draft says it should, it doesn't really interact with Win98 properly. The bug fixes and improvements are definitely worth the slight increase in syslog messages. I'd appreciate feedback on what happens when a connection is closed, either manually at the server end (kill -15 process-id) or from the client end (by clicking disconnect) on Win95, 98 and NT. Please send directly to me, rather than to the list, to avoid spamming everyone else. David. From whamilton at wmrls.org Mon Jul 12 12:07:57 1999 From: whamilton at wmrls.org (Wes Hamilton) Date: Mon Jul 12 12:07:57 1999 Subject: [pptp-server] Problems with Subnet mask In-Reply-To: <37898768.8CC7C6D3@brainplay.com> Message-ID: <000a01becc89$33c9c680$cbf4d5cc@whamilton.wmrls.org> I too am using 255.255.255.0, and have set the netmask option in ppp -- and even though it doesn't seem to have any effect shown in the routing table, it seems to be working: redhat 5.2 (kernel 2.036, pppd 2.3.5, pptpd 0.91) server 10.0.1.1/24 local ip 10.0.1.2 remote ips 10.0.1.3-10 Client Win95 w/MSDUN1.3: I connect and receive ip 10.0.1.3 (255.0.0.0 in routing table), yet I can ping another host on the internal network (say 10.0.1.11/24) with no problems. Traceroute shows hop of 10.0.1.2. (from the other direction, traceroute shows hop of 10.0.1.1). Of course, if you have another internal 10.x.x.x network, then you have a problem. Wes -------------------------------------------------------------------- Wes Hamilton WESTERN MASSACHUSETTS Technical Specialist whamilton at wmrls.org REGIONAL LIBRARY SYSTEM (413) 247-9306 x126 -------------------------------------------------------------------- > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Chris Dos > Sent: Monday, July 12, 1999 2:13 AM > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Problems with Subnet mask > > > Oh yes I tried putting the mask option in pppd options file. Had zero > effect. The server's nick is set correctly. It's using a 255.255.255.0 > mask. But I can't seem to make pppd send the correct one. As a matter of > fact, I was browsing through the archived mail from this list, and someone > was having a problem getting the mast to set correctly. His kept > showing up > as a 255.0.0.0 mask when he wanted a 255.255.255.0 mask. He was using the > 10.0.0.0 address range. No one was able to find a solution to his problem > then either. I'm using the 172.16.0.0 range. Is there something > hard coded > into pppd that screws up if you use 10.0.0.0 or 172.16.0.0. I don't think > anyone has had problems using the 192.168.0.0 range. Arrggg... Something > that is so simple shouldn't be so difficult. And above all, I > don't want to > set up a NT server to do this. NT is just bad news. > > Chris > > tmk wrote: > > > > ahh, so pppd is sending the wrong netmask as well as using it locally. I > > see. Just so we're clear, you DID try the netmask pppd option right? > > > > Kevin From cybear at pacbell.net Mon Jul 12 13:25:26 1999 From: cybear at pacbell.net (Matt Templeton) Date: Mon Jul 12 13:25:26 1999 Subject: [pptp-server] pptp over dialup to internet Message-ID: <378A36A2.2455914B@pacbell.net> I have a Linux server connected via DSL to the internet using ipchains to masquerade. On this server I have pptpd setup. I can dial the internet and connect and telnet to the pptpd server no problem. When I launch VPN form windows98 I get a message: Error 645: The Microsoft Dial-Up Adapter is in use or not responding properly. Disconnect other connections and then try again. If this problem persists, shut down and restart your computer. Grrr, the only other connection is the dial up to the internet. If I disconnect that, the VPN connection would be worthless. Can anyone help me out with this??? Thanks, Matt From tmk at netmagic.net Mon Jul 12 15:35:24 1999 From: tmk at netmagic.net (tmk) Date: Mon Jul 12 15:35:24 1999 Subject: [pptp-server] pptp over dialup to internet In-Reply-To: <378A36A2.2455914B@pacbell.net> Message-ID: this error usually means you're running an older version of Dial up networking.. get one of the updates and make sure you have a vpn adapter set up. Since you run win98 though, that is a wierd error to be getting. Re-create all your dial up stuff and see if that works. Make sure the right dial up device (ie modem vs vpn adapter) is selected. Kevin On Mon, 12 Jul 1999, Matt Templeton wrote: > I have a Linux server connected via DSL to the internet using ipchains > to masquerade. On this server I have pptpd setup. I can dial the > internet and connect and telnet to the pptpd server no problem. When I > launch VPN form windows98 I get a message: > > Error 645: The Microsoft Dial-Up Adapter is in use or not responding > properly. > Disconnect other connections and then try again. > If this problem persists, shut down and restart your computer. > > > Grrr, the only other connection is the dial up to the internet. If I > disconnect that, the VPN connection would be worthless. Can anyone help > me out with this??? > > > Thanks, Matt > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From mattd at marketinsights.nctda.org Mon Jul 12 17:32:42 1999 From: mattd at marketinsights.nctda.org (Matt Drake) Date: Mon Jul 12 17:32:42 1999 Subject: [pptp-server] pptp over dialup to internet Message-ID: <018f01beccb7$0f62fea0$1300a8c0@mongoose.persimmon.com> I ran into the same problem on a win98 machine. Re-installing the MS VPN software will definitely fix your problem. I did read a newsgroup posting via dejanews where someone said to remove the VPN software via the Add/Remove Programs control panel instead of the Network control panel but I don't know if that really makes a difference or not. Here is a web page that has screen shots if you want to check your install procedures (scroll down for win98 info).. http://network.fament.com/helmig/j_helmig/vpn95ins.htm Matthias -----Original Message----- From: tmk To: Matt Templeton Cc: pptp-server at lists.schulte.org Date: Monday, July 12, 1999 4:31 PM Subject: Re: [pptp-server] pptp over dialup to internet >this error usually means you're running an older version of Dial up >networking.. get one of the updates and make sure you have a vpn adapter >set up. Since you run win98 though, that is a wierd error to be getting. >Re-create all your dial up stuff and see if that works. Make sure the >right dial up device (ie modem vs vpn adapter) is selected. > >Kevin > >On Mon, 12 Jul 1999, Matt Templeton wrote: > >> I have a Linux server connected via DSL to the internet using ipchains >> to masquerade. On this server I have pptpd setup. I can dial the >> internet and connect and telnet to the pptpd server no problem. When I >> launch VPN form windows98 I get a message: >> >> Error 645: The Microsoft Dial-Up Adapter is in use or not responding >> properly. >> Disconnect other connections and then try again. >> If this problem persists, shut down and restart your computer. >> >> >> Grrr, the only other connection is the dial up to the internet. If I >> disconnect that, the VPN connection would be worthless. Can anyone help >> me out with this??? >> >> >> Thanks, Matt >> >> _______________________________________________ >> pptp-server maillist - pptp-server at lists.schulte.org >> http://lists.schulte.org/mailman/listinfo/pptp-server >> List services provided by www.schulte.org! >> > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! From matthewr at moreton.com.au Mon Jul 12 19:34:10 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Jul 12 19:34:10 1999 Subject: [pptp-server] howto/faq Message-ID: <378A880B.177D0E1@moreton.com.au> I've posted a very messy howto/faq to the web page (http://www.moretonbay.com/vpn/releases/HOWTO-PoPToP-pre3.txt.gz). It needs help :-).. but it's a start for now.. it's basically a quick guide to get poptop running.. and also a massive cut-n-paste job from the archives. -matt From cybear at pacbell.net Mon Jul 12 21:09:59 1999 From: cybear at pacbell.net (Matt Templeton) Date: Mon Jul 12 21:09:59 1999 Subject: [pptp-server] routeing through VPN Message-ID: <378AA389.B0E07E4E@pacbell.net> Ok, making progress, Thanks Matt Drake! From a windows98 box I can now connect to a linux box running pptpd and get the VPN connection to connect. It does not seem to route to the 192.168.2.0 network that is connected to the pptpd server. I currently do not have any gateway address set on the windows box. If I try to telnet to the Linux box from the W98 box, it uses the internet route, not the VPN route. Any clues?? Thanks again Matt PS, (showing my UNIX background) how do I find out what address the windows box is using??? From tmk at netmagic.net Mon Jul 12 21:29:48 1999 From: tmk at netmagic.net (tmk) Date: Mon Jul 12 21:29:48 1999 Subject: [pptp-server] routeing through VPN References: <378AA389.B0E07E4E@pacbell.net> Message-ID: <003801beccd7$f59266c0$011c0fc0@lala.net> > connected to the pptpd server. I currently do not have any gateway > address set on the windows box. If I try to telnet to the Linux box from > the W98 box, it uses the internet route, not the VPN route. Any clues?? You need to telnet to the ip address of the linux box that is on the private network (192.168.2.x ?) The gate way gets set by the pptp connection (run route print on the windows box) > PS, (showing my UNIX background) how do I find out what address the > windows box is using??? run winipcfg or use netstat Kevin From maillist at profuso.com Tue Jul 13 04:06:29 1999 From: maillist at profuso.com (Giuseppe Zanetti) Date: Tue Jul 13 04:06:29 1999 Subject: [pptp-server] I'm crazy with pptpd Message-ID: <199907130917.LAA02468@freddy.profuso.com> Hello, I try pptpd between Linux (redhat 6.x with 2.2. kernel and pptpd 0.9.5) and Windows 98. My configuration is: ========= my LAN | Linx BOX ----ISP 1 --- INTERNET ---ISP 2 ---- Win 98 I use two phone lines (Linux is ISDN, Win 98 is POTS) for testing pourposes. The Win 98 machine is connected via ethernet on the same net as the Linux box., but the ethernet board was disabled iusing the control panel (and some reboots :-( If I user Linux as client (with pptp-linux-1.0.2) it works ! When the windows machine makes the connection it fails with error 645 and I have these messages in the log. Can anyone help me ? I'me desperate. thank'you, Giuseppe Jul 13 10:57:30 fire pptpd[486]: MGR: Launching /usr/local/bin/pptpctrl to handle client Jul 13 10:57:30 fire pptpd[486]: CTRL: local address = 192.168.0.234 Jul 13 10:57:30 fire pptpd[486]: CTRL: remote address = 192.168.1.234 Jul 13 10:57:30 fire pptpd[486]: CTRL: pppd speed = 115200 Jul 13 10:57:30 fire pptpd[486]: CTRL: pppd options file = /etc/ppp/pptpoptions Jul 13 10:57:30 fire pptpd[486]: CTRL: Client 195.45.22.57 control connection started Jul 13 10:57:30 fire pptpd[486]: CTRL: Received PPTP Control Message (type: 1) Jul 13 10:57:30 fire pptpd[486]: CTRL: Made a START CTRL CONN RPLY packet Jul 13 10:57:30 fire pptpd[486]: CTRL: I wrote 156 bytes to the client. Jul 13 10:57:30 fire pptpd[486]: CTRL: Sent packet to client Jul 13 10:57:30 fire pptpd[486]: CTRL: Received PPTP Control Message (type: 7) Jul 13 10:57:30 fire pptpd[486]: CTRL: Made a OUT CALL RPLY packet Jul 13 10:57:30 fire pptpd[486]: CTRL: Starting call (launching pppd, opening GRE) Jul 13 10:57:30 fire pptpd[486]: CTRL: pty_fd = 5 Jul 13 10:57:30 fire pptpd[486]: CTRL: tty_fd = 6 Jul 13 10:57:30 fire pptpd[487]: CTRL (PPPD Launcher): Connection speed = 115200 Jul 13 10:57:30 fire pptpd[487]: CTRL (PPPD Launcher): local address = 192.168.0.234 Jul 13 10:57:30 fire pptpd[487]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Jul 13 10:57:30 fire pptpd[486]: CTRL: I wrote 32 bytes to the client. Jul 13 10:57:30 fire pptpd[486]: CTRL: Sent packet to client Jul 13 10:57:30 fire pppd[487]: pppd 2.3.7 started by root, uid 0 Jul 13 10:57:30 fire pppd[487]: Using interface ppp0 Jul 13 10:57:30 fire pppd[487]: Connect: ppp0 <--> /dev/pts/0 Jul 13 10:57:30 fire pppd[487]: sent [LCP ConfReq id=0x1 ] Jul 13 10:57:32 fire pptpd[486]: CTRL: Received PPTP Control Message (type: 12) Jul 13 10:57:32 fire pptpd[486]: CTRL: Made a CALL DISCONNECT RPLY packet Jul 13 10:57:32 fire pptpd[486]: CTRL: Received CALL CLR request (closing call) Jul 13 10:57:32 fire pptpd[486]: CTRL: I wrote 148 bytes to the client. Jul 13 10:57:32 fire pptpd[486]: CTRL: Sent packet to client Jul 13 10:57:32 fire pptpd[486]: CTRL: Error with select(), quitting Jul 13 10:57:32 fire pptpd[486]: CTRL: Client 195.45.22.57 control connection finished Jul 13 10:57:32 fire pptpd[486]: CTRL: Exiting now Jul 13 10:57:32 fire pptpd[480]: MGR: Reaped child 486 Jul 13 10:57:32 fire pppd[487]: Modem hangup Jul 13 10:57:32 fire pppd[487]: Connection terminated. Jul 13 10:57:32 fire pppd[487]: Connect time 0.1 minutes. Jul 13 10:57:32 fire pppd[487]: Exit. Jul 13 11:05:21 fire ipppd[412]: Terminating on signal 15. Jul 13 11:05:21 fire ipppd[412]: sent [0][LCP TermReq id=0x3 6c 69 6e 6b 20 63 6c 6f 73 65 64] Jul 13 11:05:21 fire ipppd[412]: LCP is down Jul 13 11:05:21 fire ipppd[412]: link 0 closed , linkunit: 0 Jul 13 11:05:21 fire ipppd[412]: Exit. -- Giuseppe Zanetti beppe at profuso.com http://www.profuso.com/ From tmk at netmagic.net Tue Jul 13 10:33:37 1999 From: tmk at netmagic.net (tmk) Date: Tue Jul 13 10:33:37 1999 Subject: [pptp-server] I'm crazy with pptpd References: <199907130917.LAA02468@freddy.profuso.com> Message-ID: <001c01becd45$476b3b80$011c0fc0@lala.net> You're having ppp connection problems. Make sure encryption is of and try playing with the dial up adapter settings Kevin ----- Original Message ----- From: Giuseppe Zanetti To: Sent: Tuesday, July 13, 1999 2:17 AM Subject: [pptp-server] I'm crazy with pptpd > Hello, > > I try pptpd between Linux (redhat 6.x with 2.2. kernel and pptpd 0.9.5) and > Windows 98. My configuration is: > > ========= my LAN > | > Linx BOX ----ISP 1 --- INTERNET ---ISP 2 ---- Win 98 > > I use two phone lines (Linux is ISDN, Win 98 is POTS) for testing pourposes. > The Win 98 machine is connected via ethernet on the same net as the Linux box., > but the ethernet board was disabled iusing the control panel (and some reboots > :-( > > If I user Linux as client (with pptp-linux-1.0.2) it works ! > > When the windows machine makes the connection it fails with error 645 and I > have these messages in the log. > > Can anyone help me ? I'me desperate. > > thank'you, > > Giuseppe > > Jul 13 10:57:30 fire pptpd[486]: MGR: Launching /usr/local/bin/pptpctrl to handle client > Jul 13 10:57:30 fire pptpd[486]: CTRL: local address = 192.168.0.234 > Jul 13 10:57:30 fire pptpd[486]: CTRL: remote address = 192.168.1.234 > Jul 13 10:57:30 fire pptpd[486]: CTRL: pppd speed = 115200 > Jul 13 10:57:30 fire pptpd[486]: CTRL: pppd options file = /etc/ppp/pptpoptions > Jul 13 10:57:30 fire pptpd[486]: CTRL: Client 195.45.22.57 control connection started > Jul 13 10:57:30 fire pptpd[486]: CTRL: Received PPTP Control Message (type: 1) > Jul 13 10:57:30 fire pptpd[486]: CTRL: Made a START CTRL CONN RPLY packet > Jul 13 10:57:30 fire pptpd[486]: CTRL: I wrote 156 bytes to the client. > Jul 13 10:57:30 fire pptpd[486]: CTRL: Sent packet to client > Jul 13 10:57:30 fire pptpd[486]: CTRL: Received PPTP Control Message (type: 7) > Jul 13 10:57:30 fire pptpd[486]: CTRL: Made a OUT CALL RPLY packet > Jul 13 10:57:30 fire pptpd[486]: CTRL: Starting call (launching pppd, opening GRE) > Jul 13 10:57:30 fire pptpd[486]: CTRL: pty_fd = 5 > Jul 13 10:57:30 fire pptpd[486]: CTRL: tty_fd = 6 > Jul 13 10:57:30 fire pptpd[487]: CTRL (PPPD Launcher): Connection speed = 115200 > Jul 13 10:57:30 fire pptpd[487]: CTRL (PPPD Launcher): local address = 192.168.0.234 > Jul 13 10:57:30 fire pptpd[487]: CTRL (PPPD Launcher): remote address = 192.168.1.234 > Jul 13 10:57:30 fire pptpd[486]: CTRL: I wrote 32 bytes to the client. > Jul 13 10:57:30 fire pptpd[486]: CTRL: Sent packet to client > Jul 13 10:57:30 fire pppd[487]: pppd 2.3.7 started by root, uid 0 > Jul 13 10:57:30 fire pppd[487]: Using interface ppp0 > Jul 13 10:57:30 fire pppd[487]: Connect: ppp0 <--> /dev/pts/0 > Jul 13 10:57:30 fire pppd[487]: sent [LCP ConfReq id=0x1 ] > Jul 13 10:57:32 fire pptpd[486]: CTRL: Received PPTP Control Message (type: 12) > Jul 13 10:57:32 fire pptpd[486]: CTRL: Made a CALL DISCONNECT RPLY packet > Jul 13 10:57:32 fire pptpd[486]: CTRL: Received CALL CLR request (closing call) > Jul 13 10:57:32 fire pptpd[486]: CTRL: I wrote 148 bytes to the client. > Jul 13 10:57:32 fire pptpd[486]: CTRL: Sent packet to client > Jul 13 10:57:32 fire pptpd[486]: CTRL: Error with select(), quitting > Jul 13 10:57:32 fire pptpd[486]: CTRL: Client 195.45.22.57 control connection finished > Jul 13 10:57:32 fire pptpd[486]: CTRL: Exiting now > Jul 13 10:57:32 fire pptpd[480]: MGR: Reaped child 486 > Jul 13 10:57:32 fire pppd[487]: Modem hangup > Jul 13 10:57:32 fire pppd[487]: Connection terminated. > Jul 13 10:57:32 fire pppd[487]: Connect time 0.1 minutes. > Jul 13 10:57:32 fire pppd[487]: Exit. > Jul 13 11:05:21 fire ipppd[412]: Terminating on signal 15. > Jul 13 11:05:21 fire ipppd[412]: sent [0][LCP TermReq id=0x3 6c 69 6e 6b 20 63 6c 6f 73 65 64] > Jul 13 11:05:21 fire ipppd[412]: LCP is down > Jul 13 11:05:21 fire ipppd[412]: link 0 closed , linkunit: 0 > Jul 13 11:05:21 fire ipppd[412]: Exit. > > -- > Giuseppe Zanetti beppe at profuso.com > http://www.profuso.com/ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From cybear at pacbell.net Tue Jul 13 15:32:13 1999 From: cybear at pacbell.net (Matt Templeton) Date: Tue Jul 13 15:32:13 1999 Subject: [pptp-server] Ipchains -- Message-ID: <378BA5E6.B10A0D4F@pacbell.net> I have pptpd running on a Linux server that is also running ipchains to masquerade. I was wondering if I need any special ipchains configurations? Thanks matt From menders at hotmail.com Tue Jul 13 21:46:46 1999 From: menders at hotmail.com (Max Enders) Date: Tue Jul 13 21:46:46 1999 Subject: [pptp-server] Linux PPTP client and WatchGuard FireBox II firewall Message-ID: <19990714024635.72704.qmail@hotmail.com> Greetings, I've been trying for a few hours now to get the Linux PPTP client to work. I'm connecting to a WatchGuard FireBox II...a firewall that has a PPTP daemon. It supports MS-CHAPv2, MPPE, and all that other stuff. I get connected fine using 1.0.2 of the client and ppp 2.3.8, patched. Below, you can see a snippit of my ifconfig, some logs, and my routing table. I'm connecting using the following command line: pptp name remotename watchguard It gets connected, but I'm not able to ping 192.168.42.70. It gives me some errors in the logs about unsupported protocols and I also get a lot of discarded GRE warnings from the PPTP client. I'm just connecting to the Internet with a 33.6 modem -- it's been working for everything else. Also, I should mention that the Windows 98 PPTP client functions with this same dial-up account to the same firewall. Anyhow, let me know if there's anything else you need to know. Snippit from ifconfig: ppp1 Link encap:Point-to-Point Protocol inet addr:192.168.42.72 P-t-P:192.168.42.70 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:338 Metric:1 RX packets:312 errors:0 dropped:0 overruns:0 frame:0 TX packets:313 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 Snippit from /var/log/messages: Jul 13 19:31:02 gateway (unknown)[828]: log[pptp_dispatch_ctrl_packet:pptp_ctrl. c:637]: Outgoing call established. Jul 13 19:31:03 gateway pppd[833]: pppd 2.3.8 started by root, uid 0 Jul 13 19:31:03 gateway pppd[833]: Using interface ppp1 Jul 13 19:31:03 gateway pppd[833]: Connect: ppp1 <--> /dev/ttya0 Jul 13 19:31:07 gateway pppd[833]: Remote message: S=8018413c6d2de418f47843c4886 b9d4182a5a1ef Jul 13 19:31:08 gateway modprobe: can't locate module ppp-compress-18 Jul 13 19:31:09 gateway last message repeated 2 times Jul 13 19:31:09 gateway pppd[833]: local IP address 192.168.42.72 Jul 13 19:31:09 gateway pppd[833]: remote IP address 192.168.42.70 Jul 13 19:31:09 gateway modprobe: can't locate module ppp-compress-18 Jul 13 19:31:28 gateway last message repeated 37 times Jul 13 19:31:28 gateway pppd[833]: Protocol-Reject for unsupported protocol 0x21 45 Jul 13 19:31:29 gateway modprobe: can't locate module ppp-compress-18 Snippit from route: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 209.162.144.5 * 255.255.255.255 UH 0 0 0 ppp0 192.168.42.70 * 255.255.255.255 UH 0 0 0 ppp1 10.0.0.254 * 255.255.255.255 UH 0 0 0 eth0 10.0.0.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 209.162.144.5 0.0.0.0 UG 0 0 0 ppp0 Warnings from the client: warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order warn[decaps_gre:pptp_gre.c:239]: discarding out-of-order Thanks! Max Enders menders at hotmail.com _______________________________________________________________ Get Free Email and Do More On The Web. Visit http://www.msn.com From luyer at ucs.uwa.edu.au Wed Jul 14 00:42:23 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jul 14 00:42:23 1999 Subject: [pptp-server] Ipchains -- In-Reply-To: Your message of "Tue, 13 Jul 1999 20:47:34 GMT." <378BA5E6.B10A0D4F@pacbell.net> Message-ID: <199907140542.NAA08148@typhaon.ucs.uwa.edu.au> > I have pptpd running on a Linux server that is also running ipchains to > masquerade. I was wondering if I need any special ipchains > configurations? Make sure _port_ 1723 and _protocol_ 47 are permitted to connect without having masquerade do anything weird to them. David. From luyer at ucs.uwa.edu.au Wed Jul 14 00:43:53 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jul 14 00:43:53 1999 Subject: [pptp-server] Linux PPTP client and WatchGuard FireBox II firewall In-Reply-To: Your message of "Tue, 13 Jul 1999 19:46:34 PDT." <19990714024635.72704.qmail@hotmail.com> Message-ID: <199907140543.NAA08176@typhaon.ucs.uwa.edu.au> Sorry - this mailing list is about the Linux PPTP _server_ not _client_. Someone can probably point you elsewhere for the client mailing list. David. From cybear at pacbell.net Wed Jul 14 10:45:31 1999 From: cybear at pacbell.net (Matt Templeton) Date: Wed Jul 14 10:45:31 1999 Subject: [pptp-server] Can not log on to MS domain Message-ID: <378CB438.C6725396@pacbell.net> OK, I've finally gotten logged in and can route to the network through pptpd. Now, when I try to login to the MS domain, I get an error message: "No domain services was available to validate account". Is their a trick to how to get this to work?? my /etc/ppp/options file looks like this: lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp Thanks all for the help so far... Matt From tmk at netmagic.net Wed Jul 14 11:56:45 1999 From: tmk at netmagic.net (tmk) Date: Wed Jul 14 11:56:45 1999 Subject: [pptp-server] Can not log on to MS domain In-Reply-To: <378CB438.C6725396@pacbell.net> Message-ID: Is there a WINS server on the remote network? if there is, i think there's a ms-wins x.x.x.x option for pppd, that should solve most of your problems. I have a feeling your subnet mask is probably not right (pppd is horrible about that) and as a result your broadcast addr is wrong. So when you box asks for a server on the broadcast ip for its subnet, no one answers.. a wins server should fix that though. Kevin On Wed, 14 Jul 1999, Matt Templeton wrote: > OK, I've finally gotten logged in and can route to the network through > pptpd. Now, when I try to login to the MS domain, I get an error > message: "No domain services was available to validate account". Is > their a trick to how to get this to work?? > > my /etc/ppp/options file looks like this: > > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > proxyarp > > Thanks all for the help so far... > > > Matt > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From bdupras at bigfoot.com Wed Jul 14 14:39:32 1999 From: bdupras at bigfoot.com (Brian Dupras) Date: Wed Jul 14 14:39:32 1999 Subject: [pptp-server] pppd netmask problem - can we track it down? References: Message-ID: <378CE775.6D8252B0@bigfoot.com> tmk wrote: > I have a feeling your subnet mask is probably not right (pppd is > horrible about that) and as a result your broadcast addr is wrong. I'm not a system level programmer for linux, but I think we've either run into a bug in pppd, or we've run into a case of mass confusion about a "feature". Isn't this where the open source in us should be cracking the code open for pppd and seeing what's going on? From allanc at sco.com Wed Jul 14 15:06:01 1999 From: allanc at sco.com (Allan Clark) Date: Wed Jul 14 15:06:01 1999 Subject: [pptp-server] pppd netmask problem - can we track it down? References: <378CE775.6D8252B0@bigfoot.com> Message-ID: <378CED8C.F275C39D@sco.com> In the words of "Mr Burns" from "The Simpsons": "Smithers! Release the Hounds!" We could track it down, and if we wanted to, release a ppp-poptop version. Brian Dupras wrote: > I'm not a system level programmer for linux, but I think we've either run into > a bug in pppd, or we've run into a case of mass confusion about a "feature". > Isn't this where the open source in us should be cracking the code open for > pppd and seeing what's going on? > > >From the pppd man page: > > netmask n > Set the interface netmask to n, a 32 bit netmask in > "decimal dot" notation (e.g. 255.255.255.0). If > this option is given, the value specified is ORed > with the default netmask[ ... ] > > I think it is this OR operation that is either flawed, or we just don't > understand what it's doing properly. It would seem that pppd is trying to be > smart about the netmask setting, but something's not right. The code you've provided seems to determine the user-specified netmask, but doesn't do any OR. Near the end, after it has determined a netmask in "mask" (and converted to network byte-order): > if (*p != 0 || (netmask & ~mask) != 0) { > option_error("invalid netmask value '%s'", *argv); > return 0; > } Right there it seems to check (*p == 0) for a bad entry value, then it checks an OR: (netmask & ~mask) == 0 is ~(~netmask | mask) == 0 The following part: > netmask = mask; > return (1); > } .. sets the netmask, and returns -- it sets the user-specified netmask. Unless I'm missing something, this code is not using the "class of the IP address" in determining the effective netmask -- it's check the user-supplied one, but it seems to be only checking to see if it's LESS RESTRICTIVE than the existing one ===>> ((netmask & ~mask) == 0) is a check for less-restrictive netmask I think. Does this function return an error indicating an improper netmask? Or is it silently ignored ? Allan From tmk at netmagic.net Wed Jul 14 17:22:02 1999 From: tmk at netmagic.net (tmk) Date: Wed Jul 14 17:22:02 1999 Subject: [pptp-server] pppd netmask problem - can we track it down? In-Reply-To: <378CED8C.F275C39D@sco.com> Message-ID: > The code you've provided seems to determine the user-specified netmask, but > doesn't do any OR. Near the end, after it has determined a netmask in "mask" (and > converted to network byte-order): sure it does an OR ..check out the part where it does something like a |= b; that's a = a | b; which of course is an OR :) I guess i'll take a look at that code, since it seems to be causing so many problems. Kevin From tmk at netmagic.net Wed Jul 14 17:43:11 1999 From: tmk at netmagic.net (tmk) Date: Wed Jul 14 17:43:11 1999 Subject: [pptp-server] pppd netmask problem - can we track it down? In-Reply-To: <378CE775.6D8252B0@bigfoot.com> Message-ID: I looked at the code, and there's nothing wrong with it. I took the liberty of commenting it fully and attaching it to this message. I fear that the problem with the ppp netmask is that this particlar bit of code isn't getting called, or the results aren't being used. What seems to happen is that a netmask of 255.255.0.0 is usually given out, no matter what you tell it to do. It supposedly guesses the netmask based on the ip you give it (ie 172.16.x.x gives 255.255.0.0 because that's how the reserved IP RFC tells it) but that feature seems broken. anyhow, for your learning pleasure ;) the explained code you sent earlier is attached. Kevin -------------- next part -------------- /* * setnetmask - set the netmask to be used on the interface. */ static int setnetmask(argv) char **argv; { u_int32_t mask, b; int n, ok; char *p, *endp; /* * Unfortunately, if we use inet_addr, we can't tell whether * a result of all 1s is an error or a valid 255.255.255.255. */ p = *argv; ok = 0; mask = 0; for (n = 3;; --n) { //returns the first section of an IP (ie x in x.y.z.a) and sets // endp to the dot after the x. b = strtoul(p, &endp, 0); if (endp == p) break; //invalid string if (b < 0 || b > 255) { //this case the user gave the netmask in hex if (n == 3) { /* accept e.g. 0xffffff00 */ p = endp; mask = b; } break; } mask |= b << (n * 8); //shift and OR the number with the netmask p = endp; if (*p != '.' || n == 0) //get ready for the next one break; ++p; } mask = htonl(mask); //p must point to the null terminator of the string, and // the bits of netmask (whatever that is) must intersect with the // bits of the user defined one, or else error. if (*p != 0 || (netmask & ~mask) != 0) { option_error("invalid netmask value '%s'", *argv); return 0; } netmask = mask; return (1); } From shelly at lv.org Wed Jul 14 21:23:09 1999 From: shelly at lv.org (Michele Adams) Date: Wed Jul 14 21:23:09 1999 Subject: [pptp-server] ipx-node option in ppp Message-ID: <005001bece68$f8bd2aa0$0a85850a@lv.org> This is more of a pppd than a PoPToP thing. My Linux box sits on a cable modem (eth1) with the LAN on eth0. All networking options are built-in to the kernel (i.e. not modules). The only way I've been able to get an ipx-node value passed to a client is by putting it in /etc/ppp/options. The problem is when a client takes on that node value, no other clients can also have that same value. I've messed with trying to pass it in /etc/ppp/options.ppp? and /etc/ppp/options.eth? to no avail. I've also tried putting multiple ipx-node lines in /etc/ppp/options but only the last one is parsed. Any ideas how to pass on unique ipx-node numbers to the clients? -------------- next part -------------- An HTML attachment was scrubbed... URL: From mals at home.com Wed Jul 14 21:58:58 1999 From: mals at home.com (Malay Shah) Date: Wed Jul 14 21:58:58 1999 Subject: [pptp-server] ipx-node option in ppp References: <005001bece68$f8bd2aa0$0a85850a@lv.org> Message-ID: <378D4E6D.F5895256@home.com> Hi, I think you can try to name your files like options.ttyS1. ttyS1 is for a serial port. I'm not really sure what is used for pptp. I have a question of my own, have you gotten pppd to work with ipx? I've tried but for some reason my linux machine isn't routing the packets or something like that. Malay Shah Michele Adams wrote: > This is more of a pppd than a PoPToP thing. My Linux box sits on a > cable modem (eth1) with the LAN on eth0. All networking options are > built-in to the kernel (i.e. not modules). The only way I've been able > to get an ipx-node value passed to a client is by putting it in > /etc/ppp/options. The problem is when a client takes on that node > value, no other clients can also have that same value. I've messed > with trying to pass it in /etc/ppp/options.ppp? and > /etc/ppp/options.eth? to no avail. I've also tried putting multiple > ipx-node lines in /etc/ppp/options but only the last one is > parsed. Any ideas how to pass on unique ipx-node numbers to the > clients? -------------- next part -------------- An HTML attachment was scrubbed... URL: From L.Lanik at kommunalkredit.at Thu Jul 15 02:05:53 1999 From: L.Lanik at kommunalkredit.at (L.Lanik at kommunalkredit.at) Date: Thu Jul 15 02:05:53 1999 Subject: [pptp-server] Will this configuration work ? Message-ID: <412567AF.002C7978.00@dagobert.kommunalkredit.at> Hi everybody ! I am new to this list and I hope my questions are not too silly .... I have to install home working for some people of a big company. This company is permanently connected to the internet. Most people of this company have got a permanent internet connection via TV cable at home (yes we have got this in Vienna/Austria !). The company is running various Microsoft products (Authentification via NT Domain, Pathworks and NT file services, Exchange Server, etc.) and some Unix hosts (and still some Vax's). The home workers have to access all this from home, as they were sitting in the office. The company is running some private network addresses inside their LAN (resp. WAN). The people are running Win95, Win98 or WinNT at home. So, my suggestion is the following: Install a linux server connected to the Internet with an official IP-address and to the LAN with a private one. Install PPTP on linux. Insert an entry in /etc/ppp/chap-secrets for every user. Install Microsoft VPN on the home pc's with the linux box's ip address as vpn server. ------------------------------------- That was my theory. ------------------------------------- Now to you (-> the experts): Will this configuration work ? Wil there be any difference for the people between office and home ? Can they connect drives to NT server etc. ? Do I have to install any extra software on client side - What about "Dial Up Networking Update 1.3" (On which OS I have to install this patch: Win98, Win95/OSR2, Win95/OSR1 ?) If there is a firewall between, is it enough to only open port 1723 ? If the TV cable company does block port 1723, is it possible to use another port ? How to configure on linux resp. WinXX ? P.S.: I tried this configuration. I could ping every PC over the tunnel, but I was not able to browse any NT server ? Best regards Laurenz Lanik IntelliNet EDV-Dienstleistungsges.m.b.H. ------------------------------------------------------------- Telefon: +43/1/5952388/21 Mobil: +43/664/432 5571 Fax: +43/1/5952390 E-Mail: L.Lanik at IntelliNet.at WWW: http://www.intellinet.at/intellinet From tmk at netmagic.net Thu Jul 15 02:35:03 1999 From: tmk at netmagic.net (tmk) Date: Thu Jul 15 02:35:03 1999 Subject: [pptp-server] ipx-node option in ppp In-Reply-To: <005001bece68$f8bd2aa0$0a85850a@lv.org> Message-ID: Try making a /etc/ppp/options. where tty are the tty's your system chooses. You coul also try letting pppd choose ipx addrs by itself :) in order to route IPX, you need the ipx routing package.. i've never used it tho. Kevin > This is more of a pppd than a PoPToP thing. My Linux box sits on a > cable modem (eth1) with the LAN on eth0. All networking options are > built-in to the kernel (i.e. not modules). > > The only way I've been able to get an ipx-node value passed to a client > is by putting it in /etc/ppp/options. The problem is when a client > takes on that node value, no other clients can also have that same > value. I've messed with trying to pass it in /etc/ppp/options.ppp? and > /etc/ppp/options.eth? to no avail. I've also tried putting multiple > ipx-node lines in /etc/ppp/options but only the last one is parsed. > > Any ideas how to pass on unique ipx-node numbers to the clients? > From tmk at netmagic.net Thu Jul 15 02:51:32 1999 From: tmk at netmagic.net (tmk) Date: Thu Jul 15 02:51:32 1999 Subject: [pptp-server] Will this configuration work ? In-Reply-To: <412567AF.002C7978.00@dagobert.kommunalkredit.at> Message-ID: Yes, that config is the right way to do it. linux doens't care what port you use, so if they block 1723 it would still work with a minor change to on eof teh source code files, but windows unfortunately must use port 1723.. sorry As for your browsing problems: 1. check to make sure that IP forwarding is enabled in the kernel. To do this, "echo 1 > /proc/sys/net/ipv4/ip_forward" That will enable IP forawrding. You might also want to use the proxyarp option in pppd. 2. you will probably want to install all the latest patches and whatnot on the clinet and server machines. this means the dun1.3 patch for win95 and i think there's one for win98 too. Service pack 5 for nt machines, and install the pppd 2.8 patch for encryption in linux (get it on the pptpd download page) 3. EXTERNALLY ONLY it's ok to block everything but 1723 (but internally you need to be more open) 4. If you have a wins server at work on the private network, send that to the clinets (there's a pppd option for that) and that should fix most browsing problems, along with enabling ip_forwarding as described above. 5. if you can ping the other computers, try accessing them directly via Start->run->\\computername instead of browsing via network neighborhood. the browsing problem is most likely due to an incorrect subnet mask being passed by pppd. This screws up the broadcast packets which are used to browse the network. A wins server is a good solution, and i bet setting up a proper samba (smbd and nmbd) server on the host linux box would work too. We're trying to figure out a way to fix the netmask problem. It seems like all of our big problems are pppd related :) Kevin On Thu, 15 Jul 1999 L.Lanik at kommunalkredit.at wrote: > Hi everybody ! > > I am new to this list and I hope my questions are not too silly .... > > > I have to install home working for some people of a big company. > This company is permanently connected to the internet. Most people of this > company have got a permanent internet connection via TV cable at home (yes we > have got this in Vienna/Austria !). > The company is running various Microsoft products (Authentification via NT > Domain, Pathworks and NT file services, Exchange Server, etc.) and some Unix > hosts (and still some Vax's). > The home workers have to access all this from home, as they were sitting in the > office. > The company is running some private network addresses inside their LAN (resp. > WAN). > The people are running Win95, Win98 or WinNT at home. > > So, my suggestion is the following: > > Install a linux server connected to the Internet with an official IP-address and > to the LAN with a private one. > Install PPTP on linux. > Insert an entry in /etc/ppp/chap-secrets for every user. > > Install Microsoft VPN on the home pc's with the linux box's ip address as vpn > server. > ------------------------------------- > That was my theory. > ------------------------------------- > Now to you (-> the experts): > > Will this configuration work ? > Wil there be any difference for the people between office and home ? > Can they connect drives to NT server etc. ? > Do I have to install any extra software on client side - What about "Dial Up > Networking Update 1.3" (On which OS I have to install this patch: Win98, > Win95/OSR2, Win95/OSR1 ?) > If there is a firewall between, is it enough to only open port 1723 ? > If the TV cable company does block port 1723, is it possible to use another port > ? How to configure on linux resp. WinXX ? > > P.S.: I tried this configuration. I could ping every PC over the tunnel, but I > was not able to browse any NT server ? > > > Best regards > > Laurenz Lanik > IntelliNet EDV-Dienstleistungsges.m.b.H. > ------------------------------------------------------------- > Telefon: +43/1/5952388/21 > Mobil: +43/664/432 5571 > Fax: +43/1/5952390 > E-Mail: L.Lanik at IntelliNet.at > WWW: http://www.intellinet.at/intellinet > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Thu Jul 15 02:54:22 1999 From: tmk at netmagic.net (tmk) Date: Thu Jul 15 02:54:22 1999 Subject: [pptp-server] ipx-node option in ppp In-Reply-To: <378D4E6D.F5895256@home.com> Message-ID: Linux doesn't route IPX by default, it is more a client implementation. I think i've seen some IPX firewalling/routing stuff for the 2.0.xx series kernels. Read the IPX howto at your favorite LDP mirror. Kevin On Wed, 14 Jul 1999, Malay Shah wrote: > Hi, I think you can try to name your files like options.ttyS1. ttyS1 is > for a serial port. I'm not really sure what is used for pptp. I have a > question of my own, have you gotten pppd to work with ipx? I've tried > but for some reason my linux machine isn't routing the packets or > something like that. > > Malay Shah > > > Michele Adams wrote: > > > This is more of a pppd than a PoPToP thing. My Linux box sits on a > > cable modem (eth1) with the LAN on eth0. All networking options are > > built-in to the kernel (i.e. not modules). The only way I've been able > > to get an ipx-node value passed to a client is by putting it in > > /etc/ppp/options. The problem is when a client takes on that node > > value, no other clients can also have that same value. I've messed > > with trying to pass it in /etc/ppp/options.ppp? and > > /etc/ppp/options.eth? to no avail. I've also tried putting multiple > > ipx-node lines in /etc/ppp/options but only the last one is > > parsed. Any ideas how to pass on unique ipx-node numbers to the > > clients? > From paolo at schema.co.il Thu Jul 15 05:57:00 1999 From: paolo at schema.co.il (Paolo Supino) Date: Thu Jul 15 05:57:00 1999 Subject: [pptp-server] newbies questions Message-ID: Hi 1. The html install says to make sure that: pptpmanager, pptpd and pptpctrl and pptpgre exist /usr/local/bin, what I have there is only pptpctrl and pptpd. pptpmanager and pptpgre weren't linked (I can see the object file in the source directory. 2. It also says to make sure that my kernel has pty support. I'm installing it on an OpenBSD box so I don't know if it's supported. 3. I personally think that the binaries should go to $prefix/sbin, only root should be able to have them in them in the path (though anyone can alter their path or just write the full path). any help/comments will be appriciated. Paolo From luyer at ucs.uwa.edu.au Thu Jul 15 06:03:25 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jul 15 06:03:25 1999 Subject: [pptp-server] newbies questions In-Reply-To: Your message of "Thu, 15 Jul 1999 12:49:21 +0300." Message-ID: <199907151103.TAA26733@typhaon.ucs.uwa.edu.au> > > > Hi > > 1. The html install says to make sure that: pptpmanager, pptpd and > pptpctrl and pptpgre exist /usr/local/bin, what I have there is only > pptpctrl and pptpd. pptpmanager and pptpgre weren't linked (I can see > the object file in the source directory. pptpmanager and pptpgre don't exist as separate binaries anymore. > 2. It also says to make sure that my kernel has pty support. I'm > installing it on an OpenBSD box so I don't know if it's supported. It's very rare that it isn't, it's just something to check if it doesn't work. > 3. I personally think that the binaries should go to $prefix/sbin, only > root should be able to have them in them in the path (though anyone can > alter their path or just write the full path). They possibly should be there, but they aren't. I might change this soon since I agree completely that these belong in sbin in the modern interpretation of sbin (I much preferred /sbin = statically linked binaries for use when /usr isn't available or in emergencies, /bin symlink to /usr/bin containing everything... so much simpler). David. From kev at WPI.EDU Fri Jul 16 16:36:43 1999 From: kev at WPI.EDU (Kevin Amorin) Date: Fri Jul 16 16:36:43 1999 Subject: [pptp-server] NT 2000 Message-ID: Has anyone looked into using NT2k beta with poptop? I've been running Beta 3 and having problems connecting. Thanks Kev From paolo at schema.co.il Sat Jul 17 10:46:50 1999 From: paolo at schema.co.il (Paolo Supino) Date: Sat Jul 17 10:46:50 1999 Subject: [pptp-server] Problems under OpenBSD Message-ID: Hi I'm trying to run poptop on a openbsd box and it doesn't work. Here is the log: Jul 17 18:34:42 mustang pptpd[1840]: CTRL: Client 192.168.1.131 control connecti on started Jul 17 18:34:42 mustang pptpd[1840]: CTRL: Starting call (launching pppd, openin g GRE) Jul 17 18:34:42 mustang pptpd[1840]: GRE: bind() failed: errno = 49 Jul 17 18:34:42 mustang pppd[22938]: pppd 2.3.5 started by marco, uid 0 Jul 17 18:34:42 mustang pppd[22938]: Using interface ppp0 Jul 17 18:34:42 mustang pppd[22938]: Connect: ppp0 <--> /dev/ttyp2 Jul 17 18:34:42 mustang pptpd[1840]: GRE: xmit failed from decaps_hdlc: errno = 9 Jul 17 18:34:42 mustang pptpd[1840]: CTRL: PTY read or GRE write failed (pty,gre)=(4,-1) Jul 17 18:34:42 mustang pptpd[1840]: CTRL: Client 192.168.1.131 control connection finished Jul 17 18:34:42 mustang pppd[22938]: Modem hangup Jul 17 18:34:42 mustang pppd[22938]: Connection terminated. Jul 17 18:34:42 mustang pppd[22938]: Exit. What am I doing wrong? Paolo From cybear at pacbell.net Sun Jul 18 19:10:25 1999 From: cybear at pacbell.net (Matt Templeton) Date: Sun Jul 18 19:10:25 1999 Subject: [pptp-server] Can't brouse MS network. Message-ID: <37927084.937CB1E6@pacbell.net> OK, I'm inching along. I added "ms-wins = nnn.nnn.nnn.nnn" to my options file and I can now login to the network. But, once logged in, I can't browse the network. I get an error about 'no domain server found' If I go into the windows client and edit the VPN dialup to point to a wins server, then I can't even log into the network... Any advice??? From luyer at ucs.uwa.edu.au Sun Jul 18 21:04:18 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun Jul 18 21:04:18 1999 Subject: [pptp-server] Problems under OpenBSD In-Reply-To: Your message of "Sat, 17 Jul 1999 17:39:19 +0300." Message-ID: <199907190204.KAA19216@typhaon.ucs.uwa.edu.au> > I'm trying to run poptop on a openbsd box and it doesn't work. Here is > the log: > Jul 17 18:34:42 mustang pptpd[1840]: GRE: bind() failed: errno = 49 Could you find what error number 49 is in /usr/include/.../errno.h where ... is something like sys, asm, or maybe just directly in /usr/include? Is this possibly caused by firewall rules? Does anyone else have OpenBSD + the latest PoPToP working? The bind() was only introduced recently and is confirmed to fix problems with multi-homed boxes so I'd like to keep it in as many cases as we can. David. From mis at seiden.com Sun Jul 18 21:54:08 1999 From: mis at seiden.com (Mark Seiden) Date: Sun Jul 18 21:54:08 1999 Subject: [pptp-server] Problems under OpenBSD In-Reply-To: <199907190204.KAA19216@typhaon.ucs.uwa.edu.au>; from David Luyer on Mon, Jul 19, 1999 at 10:04:14AM +0800 References: <199907190204.KAA19216@typhaon.ucs.uwa.edu.au> Message-ID: <19990718195253.B13768@seiden.com> i haven't tried getting it working, but man 2 intro says 49 EADDRNOTAVAIL Cannot assign requested address. Normally results from an attempt to create a socket with an address not on this ma- chine. On Mon, Jul 19, 1999 at 10:04:14AM +0800, David Luyer wrote: > > I'm trying to run poptop on a openbsd box and it doesn't work. Here is > > the log: > > > Jul 17 18:34:42 mustang pptpd[1840]: GRE: bind() failed: errno = 49 > > Could you find what error number 49 is in /usr/include/.../errno.h > where ... is something like sys, asm, or maybe just directly in > /usr/include? > > Is this possibly caused by firewall rules? > > Does anyone else have OpenBSD + the latest PoPToP working? The bind() > was only introduced recently and is confirmed to fix problems with > multi-homed boxes so I'd like to keep it in as many cases as we can. > > David. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- mark seiden, mis at seiden.com, 1-(650) 592 8559 (voice) Pacific Time Zone From luyer at ucs.uwa.edu.au Sun Jul 18 21:56:11 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun Jul 18 21:56:11 1999 Subject: [pptp-server] Problems under OpenBSD In-Reply-To: Your message of "Sun, 18 Jul 1999 19:52:53 MST." <19990718195253.B13768@seiden.com> Message-ID: <199907190256.KAA20206@typhaon.ucs.uwa.edu.au> > i haven't tried getting it working, but > man 2 intro > says > > 49 EADDRNOTAVAIL Cannot assign requested address. Normally results from > an attempt to create a socket with an address not on this ma- > chine. Interesting. I'd really like to see a trace of what's happening in the getsockname() and bind() as well as what addresses are physically on the machine. David. From Tavis at PCMSITE.COM Mon Jul 19 02:27:47 1999 From: Tavis at PCMSITE.COM (Tavis) Date: Mon Jul 19 02:27:47 1999 Subject: [pptp-server] Error 629 on NT Message-ID: Can someone help me out with this error. Log and config files follow. The "The remote system is required to authenticate itself but I couldn't find any suitable secret (password) for it to use to do so." error seems to indicate that something is wrong with the chap-secrets file but I have checked and double checked it. I even tried using the "billy servername bob *" from the setup instructions but to no avail. Any help would be appreciated. /etc/ppp/options debug name fire auth require-chap proxyarp /var/log/pptpd.log Jul 19 03:10:15 fire pptpd[2984]: MGR: Launching /usr/local/bin/pptpctrl to handle client Jul 19 03:10:15 fire pptpd[2984]: CTRL: local address = 172.16.11.200 Jul 19 03:10:15 fire pptpd[2984]: CTRL: remote address = 172.16.11.211 Jul 19 03:10:15 fire pptpd[2984]: CTRL: pppd speed = 115200 Jul 19 03:10:15 fire pptpd[2984]: CTRL: Client 216.99.105.55 control connection started Jul 19 03:10:15 fire pptpd[2984]: CTRL: Received PPTP Control Message (type: 1) Jul 19 03:10:15 fire pptpd[2984]: CTRL: Made a START CTRL CONN RPLY packet Jul 19 03:10:15 fire pptpd[2984]: CTRL: I wrote 156 bytes to the client. Jul 19 03:10:15 fire pptpd[2984]: CTRL: Sent packet to client Jul 19 03:10:15 fire pptpd[2984]: CTRL: Received PPTP Control Message (type: 7) Jul 19 03:10:15 fire pptpd[2984]: CTRL: Made a OUT CALL RPLY packet Jul 19 03:10:15 fire pptpd[2984]: CTRL: Starting call (launching pppd, opening GRE) Jul 19 03:10:15 fire pptpd[2984]: CTRL: pty_fd = 4 Jul 19 03:10:15 fire pptpd[2984]: CTRL: tty_fd = 5 Jul 19 03:10:15 fire pptpd[2984]: CTRL: I wrote 32 bytes to the client. Jul 19 03:10:15 fire pptpd[2984]: CTRL: Sent packet to client Jul 19 03:10:15 fire pptpd[2985]: CTRL (PPPD Launcher): Connection speed = 115200 Jul 19 03:10:15 fire pptpd[2985]: CTRL (PPPD Launcher): local address = 172.16.11.200 Jul 19 03:10:15 fire pptpd[2985]: CTRL (PPPD Launcher): remote address = 172.16.11.211 Jul 19 03:10:16 fire pptpd[2984]: CTRL: Received PPTP Control Message (type: 15) Jul 19 03:10:16 fire pptpd[2984]: CTRL: Got a SET LINK INFO packet with standard ACCMs Jul 19 03:10:16 fire pptpd[2984]: GRE: read(fd=4,buffer=804d320,len=8196) from PTY failed: status = -1 errno = 5 Jul 19 03:10:16 fire pptpd[2984]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jul 19 03:10:16 fire pptpd[2984]: CTRL: Client 216.99.105.55 control connection finished Jul 19 03:10:16 fire pptpd[2984]: CTRL: Exiting now Jul 19 03:10:16 fire pppd[2985]: The remote system is required to authenticate itself but I Jul 19 03:10:16 fire pppd[2985]: couldn't find any suitable secret (password) for it to use to do so. Jul 19 03:10:16 fire pptpd[2958]: MGR: Reaped child 2984 Regards, Tavis Wordley Technical Director Path Communications Management P#519.858.9922 F#519.858.9551 tavis at pcmsite.com From matthewr at moreton.com.au Mon Jul 19 02:36:36 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Jul 19 02:36:36 1999 Subject: [pptp-server] Error 629 on NT References: Message-ID: <3792D446.6B8A4370@moreton.com.au> try: DOMAIN\\username servername password * in chap-secrets.. where domain is your domain :-) -matt Tavis wrote: > > Can someone help me out with this error. Log and config files follow. The > "The remote system is required to authenticate itself but I couldn't find > any suitable secret (password) for it to use to do so." error seems to > indicate that something is wrong with the chap-secrets file but I have > checked and double checked it. I even tried using the "billy servername > bob *" from the setup instructions but to no avail. Any help would be > appreciated. > > /etc/ppp/options > > debug > name fire > auth > require-chap > proxyarp From Tavis at PCMSITE.COM Mon Jul 19 02:58:35 1999 From: Tavis at PCMSITE.COM (Tavis) Date: Mon Jul 19 02:58:35 1999 Subject: [pptp-server] Error 629 on NT Message-ID: Matt, Tried that. No go any other ideas? Is there supposed to be a tab or space between DOMAIN\\ and username? Also is DOMAIN\\ case sensitive? Where does servername figure in and how does the pptp server check that name. Obviously it isn't a netbios name (at least i can't see how it could be). Hostname maybe? They match in my case but of course the netbios name is uppercase and hostname is lowercase. Is this entry case sensitive? Should each of the fields be separated by tabs or spaces or does it matter? Lastly but probably most importantly do you have to apply the MS patch to this to get NT working as a client i.e. does MS WINNT support chap with the "accept only encrypted authentication" option selected? Regards, Tavis Wordley Technical Director Path Communications Management P#519.858.9922 F#519.858.9551 tavis at pcmsite.com -----Original Message----- From: Matthew Ramsay [mailto:matthewr at moreton.com.au] Sent: Monday, July 19, 1999 3:31 AM To: Tavis Cc: 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] Error 629 on NT try: DOMAIN\\username servername password * in chap-secrets.. where domain is your domain :-) -matt Tavis wrote: > > Can someone help me out with this error. Log and config files follow. The > "The remote system is required to authenticate itself but I couldn't find > any suitable secret (password) for it to use to do so." error seems to > indicate that something is wrong with the chap-secrets file but I have > checked and double checked it. I even tried using the "billy servername > bob *" from the setup instructions but to no avail. Any help would be > appreciated. > > /etc/ppp/options > > debug > name fire > auth > require-chap > proxyarp _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From alex at nauta.it Mon Jul 19 03:13:15 1999 From: alex at nauta.it (Alessandro Iob) Date: Mon Jul 19 03:13:15 1999 Subject: [pptp-server] PPTP crypto and management Problems Message-ID: <3792DE0C.68E9B3C9@nauta.it> Two questions: 1 - I patched ppp-2.3.8 with the MPPE patch and the RC4 sources from OpenSSL-0.9.3a distribution, recompiled the kernel and all the other things. When I connect to the pptpd linux server with "Require encrypted data" option enabled I get a sequence of errors like the ones below (for each transmitted packet,I suppose). The server works fine with no data encryption. Jul 19 09:41:00 fw pppd[1517]: Unsupported protocol (0x30d) received Jul 19 09:41:00 fw pppd[1517]: sent [LCP ProtRej id=0xe 03 0d df f5 e4 78 38 4e 8d 66 3f c8 f0 e2 f8 ef cb f1 c5 00 13 45 5b 3f 40 d5 22 63 bd c8 6d 1c b1 e4 77 01 11 5d 51 4c 0a 0e c5 0c d7 93 58 b5 b7 de d3 27 99 36 89 e3 78 d5 47 71 44 b c a8 75 2d f8 16 df b4 86 c2 31 75 ab c9 f3 f8 Jul 19 09:41:00 fw pppd[1517]: rcvd [proto=0x82e7] 22 71 6d 16 1f 9d 3b 02 13 a3 ae bd 3f c9 d9 5b b4 b9 b0 40 a1 31 11 e1 82 71 6a b5 e9 9b f6 ad ... Jul 19 09:41:00 fw pppd[1517]: Unsupported protocol (0x82e7) received Jul 19 09:41:00 fw pppd[1517]: sent [LCP ProtRej id=0xf 82 e7 22 71 6d 16 1f 9d 3b 02 13 a3 ae bd 3f c9 d9 5b b4 b9 b0 40 a1 31 11 e1 82 71 6a b5 e9 9b f6 ad c9 40 51 1a 9a 90 ff 98 3f b3 f4 23 9a e5 7a f7 34 b5 aa a7 86 2b 4e 36 e4 b9 65 7 c df fc fa 7c c0 54 ce 96 dc c8 64 be 12 43 e4 Jul 19 09:41:00 fw kernel: ip_fw_demasq_gre(): Inbound from 194.21.179.133 has n o masq table entry. My ppp options file is: name 194.21.179.140 ms-dns 192.168.0.1 lock local debug auth require-chap #proxyarp hide-password noipx lcp-echo-interval 30 lcp-echo-failure 4 asyncmap 0 +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless Any suggestion? 2 - How can I assign fixed IP addresses to PPTP clients? Thank You Alessandro Iob alex at nauta.it From apenwarr at Mitel.COM Mon Jul 19 03:31:11 1999 From: apenwarr at Mitel.COM (Avery Pennarun) Date: Mon Jul 19 03:31:11 1999 Subject: [pptp-server] Problems under OpenBSD In-Reply-To: <199907190204.KAA19216@typhaon.ucs.uwa.edu.au>; from David Luyer on Mon, Jul 19, 1999 at 10:04:14AM +0800 References: <199907190204.KAA19216@typhaon.ucs.uwa.edu.au> Message-ID: <19990718225725.A15549@worldvisions.ca> On Mon, Jul 19, 1999 at 10:04:14AM +0800, David Luyer wrote: > > I'm trying to run poptop on a openbsd box and it doesn't work. Here is > > the log: > > > Jul 17 18:34:42 mustang pptpd[1840]: GRE: bind() failed: errno = 49 > > Could you find what error number 49 is in /usr/include/.../errno.h > where ... is something like sys, asm, or maybe just directly in > /usr/include? Why doesn't pptpd use strerror() to get the string corresponding to the error? Just printing the errno doesn't really help much. Have fun, Avery From pspinto at srd.pt Mon Jul 19 12:09:25 1999 From: pspinto at srd.pt (Paulo Pinto) Date: Mon Jul 19 12:09:25 1999 Subject: [pptp-server] DTE problems with PoPToP ? Message-ID: <3.0.6.32.19990719181144.00794810@homero.srd.pt> Hi there. I'm having some real *weird* problems with PoPToP. The setup is a Win95 machine with MSDun1.3 and a RedHat 6.0 Linux box (ppp 2.3.8, plain vannilla pptp.conf and /etc/ppp/options - i.e., like in the howto examples except for the IP's of course.) Using ethernet (100Mb) I am able to connect to the Linux box using PPTP. Disconnecting the Win95 machine from the ethernet and using a Internet connection, the PPTP seems to get stuck ... a sample from the log : Jul 19 18:38:29 mts01lin02 pptpd[5339]: CTRL: Client 195.22.18.131 control connection started Jul 19 18:38:30 mts01lin02 pptpd[5339]: CTRL: Starting call (launching pppd, opening GRE) Jul 19 18:38:30 mts01lin02 pppd[5340]: pppd 2.3.8 started by root, uid 0 Jul 19 18:38:30 mts01lin02 pppd[5340]: Using interface ppp0 Jul 19 18:38:30 mts01lin02 pppd[5340]: Connect: ppp0 <--> /dev/pts/4 Jul 19 18:38:30 mts01lin02 pppd[5340]: sent [LCP ConfReq id=0x1 ] Jul 19 18:38:36 mts01lin02 last message repeated 2 times Jul 19 18:38:39 mts01lin02 pptpd[5339]: CTRL: Error with select(), quitting Jul 19 18:38:39 mts01lin02 pptpd[5339]: CTRL: Client 195.22.18.131 control connection finished Jul 19 18:38:39 mts01lin02 pppd[5340]: Modem hangup Jul 19 18:38:39 mts01lin02 pppd[5340]: Connection terminated. Jul 19 18:38:39 mts01lin02 pppd[5340]: Exit. Sometimes (this is the *funny* part), changing the DTE speed on the modem from, for example, 115200 to 57600 or to 19200 I am able to log in ... but only sometimes. I can't seem to find a pattern here... any clues ? BTW.. is the line 'CTRL: Error with select(), quitting' something of concern ? or is it just an effect of this error ? P.S. the boss mumbled something about 'the alternative is goin' to N(o)T(rust)' ... help PLEASE ;) Paulo Pinto SRD - Sonae Redes de Dados pspinto at srd.pt From paolo at schema.co.il Mon Jul 19 12:31:35 1999 From: paolo at schema.co.il (Paolo Supino) Date: Mon Jul 19 12:31:35 1999 Subject: [pptp-server] Problems under OpenBSD In-Reply-To: <199907190256.KAA20206@typhaon.ucs.uwa.edu.au> Message-ID: On Mon, 19 Jul 1999, David Luyer wrote: > > i haven't tried getting it working, but > > man 2 intro > > says > > > > 49 EADDRNOTAVAIL Cannot assign requested address. Normally results from > > an attempt to create a socket with an address not on this ma- > > chine. > > Interesting. I'd really like to see a trace of what's happening in the > getsockname() and bind() as well as what addresses are physically on the > machine. > How can I trace it, so I can send enough debug information to find the clurpit? Paolo > David. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From mis at seiden.com Mon Jul 19 12:39:15 1999 From: mis at seiden.com (Mark Seiden) Date: Mon Jul 19 12:39:15 1999 Subject: [pptp-server] Problems under OpenBSD In-Reply-To: ; from Paolo Supino on Mon, Jul 19, 1999 at 07:23:10PM +0300 References: <199907190256.KAA20206@typhaon.ucs.uwa.edu.au> Message-ID: <19990719103820.G13796@seiden.com> usually ktrace -p pid or ktrace command will create a binary file called ktrace.out you need to use kdump to decode the file to human-readable form. On Mon, Jul 19, 1999 at 07:23:10PM +0300, Paolo Supino wrote: > > > On Mon, 19 Jul 1999, David Luyer wrote: > > > > i haven't tried getting it working, but > > > man 2 intro > > > says > > > > > > 49 EADDRNOTAVAIL Cannot assign requested address. Normally results from > > > an attempt to create a socket with an address not on this ma- > > > chine. > > > > Interesting. I'd really like to see a trace of what's happening in the > > getsockname() and bind() as well as what addresses are physically on the > > machine. > > > How can I trace it, so I can send enough debug information to find the > clurpit? > > > > > Paolo > > > > > > > David. > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > -- mark seiden, mis at seiden.com, 1-(650) 592 8559 (voice) Pacific Time Zone From naclos at swbell.net Mon Jul 19 15:55:11 1999 From: naclos at swbell.net (Andy Carlson) Date: Mon Jul 19 15:55:11 1999 Subject: [pptp-server] MPPE in PPPD in Linux Message-ID: I was trying to install he MPPE patch in PPP 2.3.8. Everything compiled cleanly. When I try to insmod ppp_mppe, I get the message: lib/modules/2.2.9/net/ppp_mppe.o: unresolved symbol RC4_set_key What does this mean? Is there a library or a step that I need to complete to do this? Thanks for any info. Andy Carlson |\ _,,,---,,_ naclos at swbell.net ZZZzz /,`.-'`' -. ;-;;,_ BJC Health System |,4- ) )-,_. ,\ ( `'-' St. Louis, Missouri '---''(_/--' `-'_) Cat Pics: http://andyc.dyndns.org From matthewr at moreton.com.au Mon Jul 19 18:00:59 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Jul 19 18:00:59 1999 Subject: [pptp-server] Error 629 on NT References: Message-ID: <3793ACEE.4E00F08C@moreton.com.au> Hi Tavis, did u get the same error when u added DOMAIN\\username servername password * ? this really should work.. try again.. in the options file you use for pptpd you should have: name servername remotename DOMAIN\\username auth require-chap debug and maybe others... in your chap-secrets DOMAIN\\username servername password * You must replace DOMAIN with your domain obviously.. actually.. ppp looks in the options file.. sees 'name servername' then matches 'servername' in your chap-secrets file.. hence so long as you have servername in both options and chap-secrets it shouldn't matter... also CHAP is considered 'encrypted authentication' so u should be able to check that.. finally turn of IP header compression and software compression.. if this doesn't work.. (and it should :-) send to me personally (ie. not to the mailing list) a copy of all your config files and a debug dump. -matt > Tried that. No go any other ideas? Is there supposed to be a tab or space > between DOMAIN\\ and username? Also is DOMAIN\\ case sensitive? Where does > servername figure in and how does the pptp server check that name. > Obviously it isn't a netbios name (at least i can't see how it could be). > Hostname maybe? They match in my case but of course the netbios name is > uppercase and hostname is lowercase. Is this entry case sensitive? Should > each of the fields be separated by tabs or spaces or does it matter? Lastly > but probably most importantly do you have to apply the MS patch to this to > get NT working as a client i.e. does MS WINNT support chap with the "accept > only encrypted authentication" option selected? > > Regards, > > Tavis Wordley > Technical Director > Path Communications Management > P#519.858.9922 > F#519.858.9551 > tavis at pcmsite.com > -----Original Message----- > From: Matthew Ramsay [mailto:matthewr at moreton.com.au] > Sent: Monday, July 19, 1999 3:31 AM > To: Tavis > Cc: 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] Error 629 on NT > > try: > > DOMAIN\\username servername password * > > in chap-secrets.. where domain is your domain :-) > > -matt > > Tavis wrote: > > > > Can someone help me out with this error. Log and config files follow. The > > "The remote system is required to authenticate itself but I couldn't find > > any suitable secret (password) for it to use to do so." error seems to > > indicate that something is wrong with the chap-secrets file but I have > > checked and double checked it. I even tried using the "billy servername > > bob *" from the setup instructions but to no avail. Any help would be > > appreciated. > > > > /etc/ppp/options > > > > debug > > name fire > > auth > > require-chap > > proxyarp > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From matthewr at moreton.com.au Mon Jul 19 18:06:09 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Jul 19 18:06:09 1999 Subject: [pptp-server] PPTP crypto and management Problems References: <3792DE0C.68E9B3C9@nauta.it> Message-ID: <3793AE28.FAC691E7@moreton.com.au> Did u 'insmod ppp_mppe'? Alessandro Iob wrote: > > Two questions: > > 1 - > > I patched ppp-2.3.8 with the MPPE patch and the RC4 sources from > OpenSSL-0.9.3a distribution, recompiled the kernel and all the other > things. > When I connect to the pptpd linux server with "Require encrypted data" > option enabled I get a sequence of errors like the ones below (for each > transmitted packet,I suppose). > The server works fine with no data encryption. > > Jul 19 09:41:00 fw pppd[1517]: Unsupported protocol (0x30d) received > Jul 19 09:41:00 fw pppd[1517]: sent [LCP ProtRej id=0xe 03 0d df f5 e4 > 78 38 4e > 8d 66 3f c8 f0 e2 f8 ef cb f1 c5 00 13 45 5b 3f 40 d5 22 63 bd c8 6d 1c > b1 e4 77 > 01 11 5d 51 4c 0a 0e c5 0c d7 93 58 b5 b7 de d3 27 99 36 89 e3 78 d5 47 > 71 44 b > c a8 75 2d f8 16 df b4 86 c2 31 75 ab c9 f3 f8 > Jul 19 09:41:00 fw pppd[1517]: rcvd [proto=0x82e7] 22 71 6d 16 1f 9d 3b > 02 13 a3 > ae bd 3f c9 d9 5b b4 b9 b0 40 a1 31 11 e1 82 71 6a b5 e9 9b f6 ad ... > Jul 19 09:41:00 fw pppd[1517]: Unsupported protocol (0x82e7) received > Jul 19 09:41:00 fw pppd[1517]: sent [LCP ProtRej id=0xf 82 e7 22 71 6d > 16 1f 9d > 3b 02 13 a3 ae bd 3f c9 d9 5b b4 b9 b0 40 a1 31 11 e1 82 71 6a b5 e9 9b > f6 ad c9 > 40 51 1a 9a 90 ff 98 3f b3 f4 23 9a e5 7a f7 34 b5 aa a7 86 2b 4e 36 e4 > b9 65 7 > c df fc fa 7c c0 54 ce 96 dc c8 64 be 12 43 e4 > Jul 19 09:41:00 fw kernel: ip_fw_demasq_gre(): Inbound from > 194.21.179.133 has n > o masq table entry. > > My ppp options file is: > > name 194.21.179.140 > ms-dns 192.168.0.1 > > lock > local > debug > auth > require-chap > > #proxyarp > hide-password > noipx > lcp-echo-interval 30 > lcp-echo-failure 4 > asyncmap 0 > > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > Any suggestion? > > 2 - > > How can I assign fixed IP addresses to PPTP clients? > > Thank You > > Alessandro Iob > alex at nauta.it > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From pspinto at srd.pt Tue Jul 20 06:01:37 1999 From: pspinto at srd.pt (Paulo Pinto) Date: Tue Jul 20 06:01:37 1999 Subject: [pptp-server] DTE problems with PoPToP ? In-Reply-To: <3793AE9C.F00EDC52@sco.com> References: <3.0.6.32.19990719181144.00794810@homero.srd.pt> Message-ID: <3.0.6.32.19990720120254.00799c10@homero.srd.pt> At 07:02 PM 7/19/99 -0400, you wrote: >Paulo; > >If success is reached by changing the DTE speed, this could be a case of >buffer/FIFO overflow. > >What are the UARTs on the boxes (both client and server) ? >Internal or external modems? > Hi. Erm... nops.. Remember one thing... I *sometimes* have success changing the DTE speed, not always. Another thing is the fact of sometimes *increasing* the DTE speed I have success... Really weird, han ? In this case, this is the hardware envolved: Linux Box: RedHat 6.0 (kernel 2.2.5-15) IBM Netfinity 5500 (Rackmount) PII-450Mhz 256MB Ram 27Gb HD (RAID 5 .. comes down to +/- 18Gb) Fast Ethernet Client box: Compaq Deskpro 6350 (PII-350) Win95 w/ MSDun 1.3 Modem - USRobotics Sportster 56k (External) (can get 50 to 53kbps connections to the net) Honestly I don't think it is an HW problem. One other thing... the linux box is inside a Firewall (Checkpoint's Firewall One), configured whith NAT, but with no restricting policies, i.e., all ports & protocols available for the linux box address. I'm thinking on putting the machine outside the FW for testing purposes... but for the PPTP idea to work, it_must_be inside the FW.. Still needing help on the DTE problem :/ Paulo Pinto Sonae Redes de Dados pspinto at srd.pt From john at scl.co.uk Tue Jul 20 07:17:20 1999 From: john at scl.co.uk (John Sutton) Date: Tue Jul 20 07:17:20 1999 Subject: [pptp-server] DTE problems with PoPToP ? In-Reply-To: <3.0.6.32.19990719181144.00794810@homero.srd.pt> Message-ID: <3.0.6.32.19990720141732.00890780@mail.scl.co.uk> Hi Paulo This looks like the same problem that I've been having for about 2 months ;-( I've given up for the moment and am content with watching this list to see if anything turns up. My scenario is: PPTP over local LAN works, over dialup connection fails. I was also sitting behind a firewall so I eliminated this but it made no difference. I also had intermittent results, I think on one occasion it did work (but it's all a bit hazy now ;-). I used the linux pptp client to try to get a handle on the problem and found that the LCP requests sent by the server are received and replied to, but these replies never get back to the server. Perhaps you could try with the linux client and see if you get the same result? I never tried messing with the DTE speed (seems *too* wacky to be relevant) but I'll have a go at this when I get the chance. At 18:11 19/07/99 +0100, Paulo Pinto wrote: >Hi there. > >I'm having some real *weird* problems with PoPToP. >The setup is a Win95 machine with MSDun1.3 and a RedHat 6.0 Linux box (ppp >2.3.8, plain vannilla pptp.conf and /etc/ppp/options - i.e., like in the >howto examples except for the IP's of course.) >Using ethernet (100Mb) I am able to connect to the Linux box using PPTP. >Disconnecting the Win95 machine from the ethernet and using a Internet >connection, the PPTP seems to get stuck ... a sample from the log : > >Jul 19 18:38:29 mts01lin02 pptpd[5339]: CTRL: Client 195.22.18.131 control >connection started >Jul 19 18:38:30 mts01lin02 pptpd[5339]: CTRL: Starting call (launching >pppd, opening GRE) >Jul 19 18:38:30 mts01lin02 pppd[5340]: pppd 2.3.8 started by root, uid 0 >Jul 19 18:38:30 mts01lin02 pppd[5340]: Using interface ppp0 >Jul 19 18:38:30 mts01lin02 pppd[5340]: Connect: ppp0 <--> /dev/pts/4 >Jul 19 18:38:30 mts01lin02 pppd[5340]: sent [LCP ConfReq id=0x1 0x0> ] >Jul 19 18:38:36 mts01lin02 last message repeated 2 times >Jul 19 18:38:39 mts01lin02 pptpd[5339]: CTRL: Error with select(), quitting >Jul 19 18:38:39 mts01lin02 pptpd[5339]: CTRL: Client 195.22.18.131 control >connection finished >Jul 19 18:38:39 mts01lin02 pppd[5340]: Modem hangup >Jul 19 18:38:39 mts01lin02 pppd[5340]: Connection terminated. >Jul 19 18:38:39 mts01lin02 pppd[5340]: Exit. > >Sometimes (this is the *funny* part), changing the DTE speed on the modem >from, for example, 115200 to 57600 or to 19200 I am able to log in ... but >only sometimes. >I can't seem to find a pattern here... any clues ? > >BTW.. is the line 'CTRL: Error with select(), quitting' something of >concern ? or is it just an effect of this error ? > >P.S. the boss mumbled something about 'the alternative is goin' to >N(o)T(rust)' ... help PLEASE ;) > >Paulo Pinto >SRD - Sonae Redes de Dados >pspinto at srd.pt > > > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > *************************************************** John Sutton SCL Computer Services URL http://www.scl.co.uk/ Tel. +44 (0) 1239 621021 *************************************************** From edison at xwd.com Tue Jul 20 11:27:30 1999 From: edison at xwd.com (Aydelott, Ryan) Date: Tue Jul 20 11:27:30 1999 Subject: [pptp-server] PopTop and Windows 2000 Message-ID: <6FFEC516CDF6D211AB7700805F65699E096A90@xwd.ih.lucent.com> Windows 2000 Proffesional (RC-1) Clients cannot connect. It dies with both chap, and no authentication. The log I am handing you is with no authentication.. If you really need to see one with chap (same except for chap) Then I will post them. FYI, windows95/98 and pptp client for linux are all able to connect (with no auth and chap) I tried playing with various settings in the win2000 pptp client, but no avail.. I don't know why he doesn't like the request.. If anyone has any ideas they would be appreciated! At any rate, here it is: Jul 20 11:43:30 supercd pptpd[5775]: MGR: Launching /usr/local/bin/pptpctrl to handle client Jul 20 11:43:30 supercd pptpd[5775]: CTRL: local address = 209.108.213.169 Jul 20 11:43:30 supercd pptpd[5775]: CTRL: remote address = 209.108.213.170 Jul 20 11:43:30 supercd pptpd[5775]: CTRL: pppd speed = 115200 Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Client 135.253.114.126 control connection started Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Received PPTP Control Message (type:1) Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Made a START CTRL CONN packet Jul 20 11:43:30 supercd pptpd[5775]: CTRL: I wrote 156 bytes to the client. Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Sent packet to client Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Received PPTP Control Message (type:7) Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Made a OUT CALL RPLY packet Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Starting call (launching pppd, opening GRE) Jul 20 11:43:31 supercd pptpd[5775]: CTRL: pty_fd = 4 Jul 20 11:43:31 supercd pptpd[5775]: CTRL: tty_fd = 5 Jul 20 11:43:31 supercd pptpd[5775]: CTRL: I wrote 32 bytes to the client. Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Sent packet to client Jul 20 11:43:31 supercd pptpd[5776]: CTRL (PPPD Launcher): Connection speed = 115200 Jul 20 11:43:31 supercd pptpd[5776]: CTRL (PPPD Launcher): local address = 209.108.213.169 Jul 20 11:43:31 supercd pptpd[5776]: CTRL (PPPD Launcher): remote address = 209.108.213.170 Jul 20 11:43:31 supercd pppd[5776]: pppd 2.3.7 started by root, uid 0 Jul 20 11:43:31 supercd pppd[5776]: Using interface ppp0 Jul 20 11:43:31 supercd pppd[5776]: Connect: ppp0 <--> /dev/pts/1 Jul 20 11:43:31 supercd pppd[5776]: sent [LCP ConfReq id=0x1 ] Jul 20 11:43:34 supercd pppd[5776]: sent [LCP ConfReq id=0x1 ] Jul 20 11:43:35 supercd pptpd[5775]: CTRL: Received PPTP Control Message (type:3) Jul 20 11:43:35 supercd pptpd[5775]: CTRL: PPTP Control Message type 3 not supported. Jul 20 11:43:35 supercd pptpd[5775]: CTRL: I wrote 32 bytes to the client. Jul 20 11:43:35 supercd pptpd[5775]: CTRL: Sent packet to client Jul 20 11:43:37 supercd pppd[5776]: sent [LCP ConfReq id=0x1 ] etc., etc., etc. till client times out.. Version is 9.0.1 if I remember correctly.. If anyone needs anything else, configs, whatever.. let me know.. thanks... Thanks, Ryan From tmk at netmagic.net Tue Jul 20 19:06:42 1999 From: tmk at netmagic.net (tmk) Date: Tue Jul 20 19:06:42 1999 Subject: [pptp-server] PopTop and Windows 2000 References: <6FFEC516CDF6D211AB7700805F65699E096A90@xwd.ih.lucent.com> Message-ID: <001301bed30d$57f40cc0$011c0fc0@lala.net> It looks like the PPP portion is not working. Have you applied the encryption patch for poptop (or disabled encryption on the client)? It would be nice to have the logs from the NT (tell it to record a log file for the connection.. i think it puts the file in c:\windows\ppplog.txt) The ctrl type 3 message is an end call req... so as soon as that comes, NT thinks it's done we don't support it yet, but i may put that in as a synonym for end call.. Kevin ----- Original Message ----- From: Aydelott, Ryan To: Sent: Tuesday, July 20, 1999 9:25 AM Subject: [pptp-server] PopTop and Windows 2000 > Windows 2000 Proffesional (RC-1) Clients cannot connect. It dies with both > chap, and no authentication. The log I am handing you is with no > authentication.. If you really need to see one with chap (same except for > chap) Then I will post them. > FYI, windows95/98 and pptp client for linux are all able to connect (with no > auth and chap) I tried playing with various settings in the win2000 pptp > client, but no avail.. I don't know why he doesn't like the request.. If > anyone has any ideas they would be appreciated! > > At any rate, here it is: > > Jul 20 11:43:30 supercd pptpd[5775]: MGR: Launching /usr/local/bin/pptpctrl > to handle client > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: local address = 209.108.213.169 > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: remote address = 209.108.213.170 > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: pppd speed = 115200 > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Client 135.253.114.126 control > connection started > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Received PPTP Control Message > (type:1) > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Made a START CTRL CONN packet > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: I wrote 156 bytes to the client. > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Sent packet to client > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Received PPTP Control Message > (type:7) > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Made a OUT CALL RPLY packet > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Starting call (launching pppd, > opening GRE) > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: pty_fd = 4 > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: tty_fd = 5 > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: I wrote 32 bytes to the client. > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Sent packet to client > Jul 20 11:43:31 supercd pptpd[5776]: CTRL (PPPD Launcher): Connection speed > = 115200 > Jul 20 11:43:31 supercd pptpd[5776]: CTRL (PPPD Launcher): local address = > 209.108.213.169 > Jul 20 11:43:31 supercd pptpd[5776]: CTRL (PPPD Launcher): remote address = > 209.108.213.170 > Jul 20 11:43:31 supercd pppd[5776]: pppd 2.3.7 started by root, uid 0 > Jul 20 11:43:31 supercd pppd[5776]: Using interface ppp0 > Jul 20 11:43:31 supercd pppd[5776]: Connect: ppp0 <--> /dev/pts/1 > Jul 20 11:43:31 supercd pppd[5776]: sent [LCP ConfReq id=0x1 > ] > Jul 20 11:43:34 supercd pppd[5776]: sent [LCP ConfReq id=0x1 > ] > Jul 20 11:43:35 supercd pptpd[5775]: CTRL: Received PPTP Control Message > (type:3) > Jul 20 11:43:35 supercd pptpd[5775]: CTRL: PPTP Control Message type 3 not > supported. > Jul 20 11:43:35 supercd pptpd[5775]: CTRL: I wrote 32 bytes to the client. > Jul 20 11:43:35 supercd pptpd[5775]: CTRL: Sent packet to client > Jul 20 11:43:37 supercd pppd[5776]: sent [LCP ConfReq id=0x1 > ] > > etc., etc., etc. till client times out.. Version is 9.0.1 if I remember > correctly.. If anyone needs anything else, configs, whatever.. let me know.. > thanks... > > Thanks, > Ryan > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Tue Jul 20 19:09:42 1999 From: tmk at netmagic.net (tmk) Date: Tue Jul 20 19:09:42 1999 Subject: [pptp-server] PopTop and Windows 2000 References: <6FFEC516CDF6D211AB7700805F65699E096A90@xwd.ih.lucent.com> Message-ID: <001f01bed30d$c8ffde80$011c0fc0@lala.net> Since we are having so many NT 5 problems, i'd like to ask for a volunteer to try and connect to my pptp server and i will troubleshoot things with them and hopefully add NT 5 to the supported clients list. Please email me privately (ie not the pptp list) if you're interested Kevin ----- Original Message ----- From: Aydelott, Ryan To: Sent: Tuesday, July 20, 1999 9:25 AM Subject: [pptp-server] PopTop and Windows 2000 > Windows 2000 Proffesional (RC-1) Clients cannot connect. It dies with both > chap, and no authentication. The log I am handing you is with no > authentication.. If you really need to see one with chap (same except for > chap) Then I will post them. > FYI, windows95/98 and pptp client for linux are all able to connect (with no > auth and chap) I tried playing with various settings in the win2000 pptp > client, but no avail.. I don't know why he doesn't like the request.. If > anyone has any ideas they would be appreciated! > > At any rate, here it is: > > Jul 20 11:43:30 supercd pptpd[5775]: MGR: Launching /usr/local/bin/pptpctrl > to handle client > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: local address = 209.108.213.169 > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: remote address = 209.108.213.170 > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: pppd speed = 115200 > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Client 135.253.114.126 control > connection started > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Received PPTP Control Message > (type:1) > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Made a START CTRL CONN packet > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: I wrote 156 bytes to the client. > Jul 20 11:43:30 supercd pptpd[5775]: CTRL: Sent packet to client > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Received PPTP Control Message > (type:7) > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Made a OUT CALL RPLY packet > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Starting call (launching pppd, > opening GRE) > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: pty_fd = 4 > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: tty_fd = 5 > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: I wrote 32 bytes to the client. > Jul 20 11:43:31 supercd pptpd[5775]: CTRL: Sent packet to client > Jul 20 11:43:31 supercd pptpd[5776]: CTRL (PPPD Launcher): Connection speed > = 115200 > Jul 20 11:43:31 supercd pptpd[5776]: CTRL (PPPD Launcher): local address = > 209.108.213.169 > Jul 20 11:43:31 supercd pptpd[5776]: CTRL (PPPD Launcher): remote address = > 209.108.213.170 > Jul 20 11:43:31 supercd pppd[5776]: pppd 2.3.7 started by root, uid 0 > Jul 20 11:43:31 supercd pppd[5776]: Using interface ppp0 > Jul 20 11:43:31 supercd pppd[5776]: Connect: ppp0 <--> /dev/pts/1 > Jul 20 11:43:31 supercd pppd[5776]: sent [LCP ConfReq id=0x1 > ] > Jul 20 11:43:34 supercd pppd[5776]: sent [LCP ConfReq id=0x1 > ] > Jul 20 11:43:35 supercd pptpd[5775]: CTRL: Received PPTP Control Message > (type:3) > Jul 20 11:43:35 supercd pptpd[5775]: CTRL: PPTP Control Message type 3 not > supported. > Jul 20 11:43:35 supercd pptpd[5775]: CTRL: I wrote 32 bytes to the client. > Jul 20 11:43:35 supercd pptpd[5775]: CTRL: Sent packet to client > Jul 20 11:43:37 supercd pppd[5776]: sent [LCP ConfReq id=0x1 > ] > > etc., etc., etc. till client times out.. Version is 9.0.1 if I remember > correctly.. If anyone needs anything else, configs, whatever.. let me know.. > thanks... > > Thanks, > Ryan > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Tue Jul 20 19:41:55 1999 From: tmk at netmagic.net (tmk) Date: Tue Jul 20 19:41:55 1999 Subject: [pptp-server] DTE problems with PoPToP ? References: <3.0.6.32.19990719181144.00794810@homero.srd.pt> Message-ID: <009401bed312$44f60b00$011c0fc0@lala.net> Check Netstat -a on your linux box when the connection is being attempted. I'll wager your ISP blocks TCP protocol 47, so the GRE link never comes up Same thing happened to me.. try a different ISP if you can. Kevin ----- Original Message ----- From: Paulo Pinto To: Sent: Monday, July 19, 1999 10:11 AM Subject: [pptp-server] DTE problems with PoPToP ? > Hi there. > > I'm having some real *weird* problems with PoPToP. > The setup is a Win95 machine with MSDun1.3 and a RedHat 6.0 Linux box (ppp > 2.3.8, plain vannilla pptp.conf and /etc/ppp/options - i.e., like in the > howto examples except for the IP's of course.) > Using ethernet (100Mb) I am able to connect to the Linux box using PPTP. > Disconnecting the Win95 machine from the ethernet and using a Internet > connection, the PPTP seems to get stuck ... a sample from the log : > > Jul 19 18:38:29 mts01lin02 pptpd[5339]: CTRL: Client 195.22.18.131 control > connection started > Jul 19 18:38:30 mts01lin02 pptpd[5339]: CTRL: Starting call (launching > pppd, opening GRE) > Jul 19 18:38:30 mts01lin02 pppd[5340]: pppd 2.3.8 started by root, uid 0 > Jul 19 18:38:30 mts01lin02 pppd[5340]: Using interface ppp0 > Jul 19 18:38:30 mts01lin02 pppd[5340]: Connect: ppp0 <--> /dev/pts/4 > Jul 19 18:38:30 mts01lin02 pppd[5340]: sent [LCP ConfReq id=0x1 0x0> ] > Jul 19 18:38:36 mts01lin02 last message repeated 2 times > Jul 19 18:38:39 mts01lin02 pptpd[5339]: CTRL: Error with select(), quitting > Jul 19 18:38:39 mts01lin02 pptpd[5339]: CTRL: Client 195.22.18.131 control > connection finished > Jul 19 18:38:39 mts01lin02 pppd[5340]: Modem hangup > Jul 19 18:38:39 mts01lin02 pppd[5340]: Connection terminated. > Jul 19 18:38:39 mts01lin02 pppd[5340]: Exit. > > Sometimes (this is the *funny* part), changing the DTE speed on the modem > from, for example, 115200 to 57600 or to 19200 I am able to log in ... but > only sometimes. > I can't seem to find a pattern here... any clues ? > > BTW.. is the line 'CTRL: Error with select(), quitting' something of > concern ? or is it just an effect of this error ? > > P.S. the boss mumbled something about 'the alternative is goin' to > N(o)T(rust)' ... help PLEASE ;) > > Paulo Pinto > SRD - Sonae Redes de Dados > pspinto at srd.pt > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Tue Jul 20 19:47:44 1999 From: tmk at netmagic.net (tmk) Date: Tue Jul 20 19:47:44 1999 Subject: [pptp-server] PPTP crypto and management Problems References: <3792DE0C.68E9B3C9@nauta.it> Message-ID: <009e01bed313$14396e20$011c0fc0@lala.net> 1: You're MASQing pptp packets. Don't. =) 2: Static IPs can be assigned using the ppp option ipcp-accept-remote ppp option and telling the windows box (manually)it's own local ip addr. Kevin ----- Original Message ----- From: Alessandro Iob To: Sent: Monday, July 19, 1999 1:13 AM Subject: [pptp-server] PPTP crypto and management Problems > Two questions: > > 1 - > > I patched ppp-2.3.8 with the MPPE patch and the RC4 sources from > OpenSSL-0.9.3a distribution, recompiled the kernel and all the other > things. > When I connect to the pptpd linux server with "Require encrypted data" > option enabled I get a sequence of errors like the ones below (for each > transmitted packet,I suppose). > The server works fine with no data encryption. > > Jul 19 09:41:00 fw pppd[1517]: Unsupported protocol (0x30d) received > Jul 19 09:41:00 fw pppd[1517]: sent [LCP ProtRej id=0xe 03 0d df f5 e4 > 78 38 4e > 8d 66 3f c8 f0 e2 f8 ef cb f1 c5 00 13 45 5b 3f 40 d5 22 63 bd c8 6d 1c > b1 e4 77 > 01 11 5d 51 4c 0a 0e c5 0c d7 93 58 b5 b7 de d3 27 99 36 89 e3 78 d5 47 > 71 44 b > c a8 75 2d f8 16 df b4 86 c2 31 75 ab c9 f3 f8 > Jul 19 09:41:00 fw pppd[1517]: rcvd [proto=0x82e7] 22 71 6d 16 1f 9d 3b > 02 13 a3 > ae bd 3f c9 d9 5b b4 b9 b0 40 a1 31 11 e1 82 71 6a b5 e9 9b f6 ad ... > Jul 19 09:41:00 fw pppd[1517]: Unsupported protocol (0x82e7) received > Jul 19 09:41:00 fw pppd[1517]: sent [LCP ProtRej id=0xf 82 e7 22 71 6d > 16 1f 9d > 3b 02 13 a3 ae bd 3f c9 d9 5b b4 b9 b0 40 a1 31 11 e1 82 71 6a b5 e9 9b > f6 ad c9 > 40 51 1a 9a 90 ff 98 3f b3 f4 23 9a e5 7a f7 34 b5 aa a7 86 2b 4e 36 e4 > b9 65 7 > c df fc fa 7c c0 54 ce 96 dc c8 64 be 12 43 e4 > Jul 19 09:41:00 fw kernel: ip_fw_demasq_gre(): Inbound from > 194.21.179.133 has n > o masq table entry. > > My ppp options file is: > > name 194.21.179.140 > ms-dns 192.168.0.1 > > lock > local > debug > auth > require-chap > > #proxyarp > hide-password > noipx > lcp-echo-interval 30 > lcp-echo-failure 4 > asyncmap 0 > > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > Any suggestion? > > 2 - > > How can I assign fixed IP addresses to PPTP clients? > > > > Thank You > > Alessandro Iob > alex at nauta.it > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From alex at nauta.it Wed Jul 21 03:51:07 1999 From: alex at nauta.it (Alessandro Iob) Date: Wed Jul 21 03:51:07 1999 Subject: [pptp-server] Crypted PPTP problems. continued... Message-ID: <379589E1.E3F6C33E@nauta.it> As suggested, I've removed MASQerading (for pptp packets and for all packets), but the problem remains :( at connection time the server logs that an unsupported protocol is used ( Unsupported protocol (0x30d) received ) I'm using linux kernel 2.0.37 with ipfwadm, ppp-2.3.8 with the MPPE patch and the RC4 sources from OpenSSL-0.9.3a distribution. Any new suggestions? Alex Iob alex at nauta.it From daved at crl.dec.com Wed Jul 21 08:46:32 1999 From: daved at crl.dec.com (Dave DeChellis) Date: Wed Jul 21 08:46:32 1999 Subject: [pptp-server] Relay for PPTP server? Message-ID: Hello, I would like to have external clients connect through our firewall to an internal PPTP server. I would also like to have a relay of some sort on the external network and just have one trusting rule through the firewall to the PPTP server. However, this is tricker since there are multiple protocols to deal with as opposed to a true TCP/IP establishment. Is there such an animal which runs under various flavors of UNIX? I could deal with a Linux guy. Thanks for any info, Dave DeChellis daved at crl.dec.com From tmk at netmagic.net Wed Jul 21 10:10:14 1999 From: tmk at netmagic.net (tmk) Date: Wed Jul 21 10:10:14 1999 Subject: [pptp-server] Relay for PPTP server? References: Message-ID: <002801bed38b$7d8c1580$011c0fc0@lala.net> Try this: assuming you have the firewall on a separate machine from the pptp server: allow/forward port 1723 to the pptp server allow (or masq if the pptp server has a "fake" IP addr) outgoing connections from the pptp server to anywhere that should do it Kevin ----- Original Message ----- From: Dave DeChellis To: Sent: Wednesday, July 21, 1999 6:45 AM Subject: [pptp-server] Relay for PPTP server? > Hello, > > I would like to have external clients connect through our firewall to an > internal PPTP server. I would also like to have a relay > of some sort on the external network and just have one trusting rule through > the firewall to the PPTP server. > > However, this is tricker since there are multiple protocols to deal with as > opposed to a true TCP/IP establishment. > > Is there such an animal which runs under various flavors of UNIX? I could > deal with a Linux guy. > > Thanks for any info, > Dave DeChellis > daved at crl.dec.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Wed Jul 21 10:17:55 1999 From: tmk at netmagic.net (tmk) Date: Wed Jul 21 10:17:55 1999 Subject: [pptp-server] Crypted PPTP problems. continued... References: <379589E1.E3F6C33E@nauta.it> Message-ID: <003c01bed38c$7ac70ca0$011c0fc0@lala.net> A couple of things: Make sure you are using the version of pppd you compiled with the patch, and if you have ppp support as a module, that you rmmod it then insmod it, and also insmod the ppp_mppe module A *gasp* reboot might be the best course of action. Also, more complete logs would be nice. The log you posted before had only the pppd output, and only from the start of the errors. We really need the "whole story" in order to solve problems. Kevin ----- Original Message ----- From: Alessandro Iob To: Sent: Wednesday, July 21, 1999 1:50 AM Subject: [pptp-server] Crypted PPTP problems. continued... > As suggested, I've removed MASQerading (for pptp packets and for all > packets), but the problem remains > > at connection time the server logs that an unsupported protocol is used > ( Unsupported protocol (0x30d) received ) > > I'm using linux kernel 2.0.37 with ipfwadm, ppp-2.3.8 with the MPPE > patch and the RC4 sources from OpenSSL-0.9.3a distribution. > > Any new suggestions? > > Alex Iob > alex at nauta.it > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From daved at crl.dec.com Wed Jul 21 10:20:26 1999 From: daved at crl.dec.com (Dave DeChellis) Date: Wed Jul 21 10:20:26 1999 Subject: [pptp-server] Relay for PPTP server? Message-ID: So the GRE is only used one the inital TCP negotiation is used? Basically these are my needs; a simple relay should do the trick. 1) Basically RFC 1918 assigned PPTP server 2) Firewall machine between private/public IP network 3) A "relay" machine on the public network. -IP client connects from ISP to the pseudo-PPTP server, the relay. -Relay then forwards traffic to PPTP server to inside the firewall (relay knows the private route to get to the real PPTP server -PPTP authenticates the client, looking like the client is the relay -The relay handles the connectivity to the real clients, yadda yadda yadda This way, I can allow all traffic between the PPTP server and the relay. So, I need a relay machine which can forward GRE (not so easy) and TCP (easy) Thanks, Dave P.S. I thought I remembered seeing a Linux PPTP relay for this sorta thing from someone at MIT -----Original Message----- From: tmk [mailto:tmk at netmagic.net] Sent: Wednesday, July 21, 1999 11:13 AM To: Dave DeChellis; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Relay for PPTP server? Try this: assuming you have the firewall on a separate machine from the pptp server: allow/forward port 1723 to the pptp server allow (or masq if the pptp server has a "fake" IP addr) outgoing connections from the pptp server to anywhere that should do it Kevin ----- Original Message ----- From: Dave DeChellis To: Sent: Wednesday, July 21, 1999 6:45 AM Subject: [pptp-server] Relay for PPTP server? > Hello, > > I would like to have external clients connect through our firewall to an > internal PPTP server. I would also like to have a relay > of some sort on the external network and just have one trusting rule through > the firewall to the PPTP server. > > However, this is tricker since there are multiple protocols to deal with as > opposed to a true TCP/IP establishment. > > Is there such an animal which runs under various flavors of UNIX? I could > deal with a Linux guy. > > Thanks for any info, > Dave DeChellis > daved at crl.dec.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Wed Jul 21 11:15:06 1999 From: tmk at netmagic.net (tmk) Date: Wed Jul 21 11:15:06 1999 Subject: [pptp-server] Relay for PPTP server? In-Reply-To: Message-ID: > -IP client connects from ISP to the pseudo-PPTP server, the relay. > -Relay then forwards traffic to PPTP server to inside the firewall (relay > knows the private route > to get to the real PPTP server > -PPTP authenticates the client, looking like the client is the relay > -The relay handles the connectivity to the real clients, yadda yadda yadda > > This way, I can allow all traffic between the PPTP server and the relay. > > So, I need a relay machine which can forward GRE (not so easy) and TCP > (easy) There IS a pptp proxy/masq module for the kernel, but i'm not sure if that would suit your needs.. From a few logs i've seen, gre uses TCP protocol 47, and port 65535 (or 0? could be irrelevant) Kevin From allanc at sco.com Wed Jul 21 11:45:27 1999 From: allanc at sco.com (Allan Clark) Date: Wed Jul 21 11:45:27 1999 Subject: [pptp-server] Relay for PPTP server? References: Message-ID: <3795F914.2436CB9@sco.com> Dave DeChellis wrote: > Basically these are my needs; a simple relay should do the trick. > > 1) Basically RFC 1918 assigned PPTP server > 2) Firewall machine between private/public IP network > 3) A "relay" machine on the public network. > > -IP client connects from ISP to the pseudo-PPTP server, the relay. > -Relay then forwards traffic to PPTP server to inside the firewall (relay > knows the private route > to get to the real PPTP server > -PPTP authenticates the client, looking like the client is the relay > -The relay handles the connectivity to the real clients, yadda yadda yadda This may sound far-fetched, but what is we rebuilt the pppd so that it included support for Socks/Dante (RFC 192[89]), thereby automatically able to connect through an industry-standard proxy protocol ? With the tools that socks includes, I had the impression this is almost as trivial as a set of #define macros, and a rebuild, something like: make CFLAGS ='-Dconnect=rconnect -Dlisten=rlisten' > This way, I can allow all traffic between the PPTP server and the relay. > > So, I need a relay machine which can forward GRE (not so easy) and TCP > (easy) > > Thanks, > Dave > > P.S. I thought I remembered seeing a Linux PPTP relay for this sorta thing > from someone > at MIT > > -----Original Message----- > From: tmk [mailto:tmk at netmagic.net] > Sent: Wednesday, July 21, 1999 11:13 AM > To: Dave DeChellis; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Relay for PPTP server? > > Try this: > > assuming you have the firewall on a separate machine from the pptp server: > > allow/forward port 1723 to the pptp server > allow (or masq if the pptp server has a "fake" IP addr) outgoing connections > from the pptp server to anywhere > > that should do it > Kevin > > ----- Original Message ----- > From: Dave DeChellis > To: > Sent: Wednesday, July 21, 1999 6:45 AM > Subject: [pptp-server] Relay for PPTP server? > > > Hello, > > > > I would like to have external clients connect through our firewall to an > > internal PPTP server. I would also like to have a relay > > of some sort on the external network and just have one trusting rule > through > > the firewall to the PPTP server. > > > > However, this is tricker since there are multiple protocols to deal with > as > > opposed to a true TCP/IP establishment. > > > > Is there such an animal which runs under various flavors of UNIX? I could > > deal with a Linux guy. > > > > Thanks for any info, > > Dave DeChellis > > daved at crl.dec.com > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -------------- next part -------------- A non-text attachment was scrubbed... Name: allanc.vcf Type: text/x-vcard Size: 319 bytes Desc: Card for Allan Clark URL: From max.enders at watchguard.com Wed Jul 21 11:53:30 1999 From: max.enders at watchguard.com (Max Enders) Date: Wed Jul 21 11:53:30 1999 Subject: [pptp-server] Relay for PPTP server? Message-ID: Does SOCKS support IP protocols like GRE? Max Enders WatchGuard Technologies Inc. Technical Support Representative http://www.watchguard.com max.enders at watchguard.com 206-521-8375 -----Original Message----- From: Allan Clark [mailto:allanc at sco.com] Sent: Wednesday, July 21, 1999 9:45 AM To: Dave DeChellis Cc: 'tmk'; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Relay for PPTP server? Dave DeChellis wrote: > Basically these are my needs; a simple relay should do the trick. > > 1) Basically RFC 1918 assigned PPTP server > 2) Firewall machine between private/public IP network > 3) A "relay" machine on the public network. > > -IP client connects from ISP to the pseudo-PPTP server, the relay. > -Relay then forwards traffic to PPTP server to inside the firewall (relay > knows the private route > to get to the real PPTP server > -PPTP authenticates the client, looking like the client is the relay > -The relay handles the connectivity to the real clients, yadda yadda yadda This may sound far-fetched, but what is we rebuilt the pppd so that it included support for Socks/Dante (RFC 192[89]), thereby automatically able to connect through an industry-standard proxy protocol ? With the tools that socks includes, I had the impression this is almost as trivial as a set of #define macros, and a rebuild, something like: make CFLAGS ='-Dconnect=rconnect -Dlisten=rlisten' > This way, I can allow all traffic between the PPTP server and the relay. > > So, I need a relay machine which can forward GRE (not so easy) and TCP > (easy) > > Thanks, > Dave > > P.S. I thought I remembered seeing a Linux PPTP relay for this sorta thing > from someone > at MIT > > -----Original Message----- > From: tmk [mailto:tmk at netmagic.net] > Sent: Wednesday, July 21, 1999 11:13 AM > To: Dave DeChellis; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Relay for PPTP server? > > Try this: > > assuming you have the firewall on a separate machine from the pptp server: > > allow/forward port 1723 to the pptp server > allow (or masq if the pptp server has a "fake" IP addr) outgoing connections > from the pptp server to anywhere > > that should do it > Kevin > > ----- Original Message ----- > From: Dave DeChellis > To: > Sent: Wednesday, July 21, 1999 6:45 AM > Subject: [pptp-server] Relay for PPTP server? > > > Hello, > > > > I would like to have external clients connect through our firewall to an > > internal PPTP server. I would also like to have a relay > > of some sort on the external network and just have one trusting rule > through > > the firewall to the PPTP server. > > > > However, this is tricker since there are multiple protocols to deal with > as > > opposed to a true TCP/IP establishment. > > > > Is there such an animal which runs under various flavors of UNIX? I could > > deal with a Linux guy. > > > > Thanks for any info, > > Dave DeChellis > > daved at crl.dec.com > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From tmk at netmagic.net Wed Jul 21 13:23:03 1999 From: tmk at netmagic.net (tmk) Date: Wed Jul 21 13:23:03 1999 Subject: [pptp-server] Relay for PPTP server? In-Reply-To: <3795F914.2436CB9@sco.com> Message-ID: > This may sound far-fetched, but what is we rebuilt the pppd so that it included > support for Socks/Dante (RFC 192[89]), thereby automatically able to connect > through an industry-standard proxy protocol ? With the tools that socks > includes, I had the impression this is almost as trivial as a set of #define > macros, and a rebuild, something like: > make CFLAGS ='-Dconnect=rconnect -Dlisten=rlisten' i don't think a socks proxy would work for what we want. At first i thought it was a great idea, but here's the trouble: there are 3 types of connection problems (well, more, but 3 basic types) 1) Firewall/Proxy: pptp is tricky to let through 2) ISP doesn't allow GRE packets 3) Client is unable to use GRE (slirp accounts) 1) socks would work IF client supported it. None do. If the server supported it, we'd have to make outgoing calls to the client (most don't support this) This problem compounds itself because when behind a proxy. Proxy servers tell the pptp server that they are the client, and forward the packets. Poptop would need some way to find out the true ip of the client in order to make the GRE connection. 2,3) proxy wouldn't help. GRE packets are GRE packets whether they come from the server or from the proxy server > > > This way, I can allow all traffic between the PPTP server and the relay. > > > > So, I need a relay machine which can forward GRE (not so easy) and TCP > > (easy) > > > > Thanks, > > Dave > > > > P.S. I thought I remembered seeing a Linux PPTP relay for this sorta thing > > from someone > > at MIT > > > > -----Original Message----- > > From: tmk [mailto:tmk at netmagic.net] > > Sent: Wednesday, July 21, 1999 11:13 AM > > To: Dave DeChellis; pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Relay for PPTP server? > > > > Try this: > > > > assuming you have the firewall on a separate machine from the pptp server: > > > > allow/forward port 1723 to the pptp server > > allow (or masq if the pptp server has a "fake" IP addr) outgoing connections > > from the pptp server to anywhere > > > > that should do it > > Kevin > > > > ----- Original Message ----- > > From: Dave DeChellis > > To: > > Sent: Wednesday, July 21, 1999 6:45 AM > > Subject: [pptp-server] Relay for PPTP server? > > > > > Hello, > > > > > > I would like to have external clients connect through our firewall to an > > > internal PPTP server. I would also like to have a relay > > > of some sort on the external network and just have one trusting rule > > through > > > the firewall to the PPTP server. > > > > > > However, this is tricker since there are multiple protocols to deal with > > as > > > opposed to a true TCP/IP establishment. > > > > > > Is there such an animal which runs under various flavors of UNIX? I could > > > deal with a Linux guy. > > > > > > Thanks for any info, > > > Dave DeChellis > > > daved at crl.dec.com > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulte.org! > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > From daved at crl.dec.com Wed Jul 21 13:35:24 1999 From: daved at crl.dec.com (Dave DeChellis) Date: Wed Jul 21 13:35:24 1999 Subject: [pptp-server] Relay for PPTP server? Message-ID: Thanks, I found the application I was looking for -- IPfwd @ http://www.pdos.lcs.mit.edu/~cananian/Projects/IPfwd/ Thanks for all the help, Dave -----Original Message----- From: Max Enders [mailto:max.enders at watchguard.com] Sent: Wednesday, July 21, 1999 12:53 PM To: 'Allan Clark'; Dave DeChellis Cc: 'tmk'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Relay for PPTP server? Does SOCKS support IP protocols like GRE? Max Enders WatchGuard Technologies Inc. Technical Support Representative http://www.watchguard.com max.enders at watchguard.com 206-521-8375 -----Original Message----- From: Allan Clark [mailto:allanc at sco.com] Sent: Wednesday, July 21, 1999 9:45 AM To: Dave DeChellis Cc: 'tmk'; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Relay for PPTP server? Dave DeChellis wrote: > Basically these are my needs; a simple relay should do the trick. > > 1) Basically RFC 1918 assigned PPTP server > 2) Firewall machine between private/public IP network > 3) A "relay" machine on the public network. > > -IP client connects from ISP to the pseudo-PPTP server, the relay. > -Relay then forwards traffic to PPTP server to inside the firewall (relay > knows the private route > to get to the real PPTP server > -PPTP authenticates the client, looking like the client is the relay > -The relay handles the connectivity to the real clients, yadda yadda yadda This may sound far-fetched, but what is we rebuilt the pppd so that it included support for Socks/Dante (RFC 192[89]), thereby automatically able to connect through an industry-standard proxy protocol ? With the tools that socks includes, I had the impression this is almost as trivial as a set of #define macros, and a rebuild, something like: make CFLAGS ='-Dconnect=rconnect -Dlisten=rlisten' > This way, I can allow all traffic between the PPTP server and the relay. > > So, I need a relay machine which can forward GRE (not so easy) and TCP > (easy) > > Thanks, > Dave > > P.S. I thought I remembered seeing a Linux PPTP relay for this sorta thing > from someone > at MIT > > -----Original Message----- > From: tmk [mailto:tmk at netmagic.net] > Sent: Wednesday, July 21, 1999 11:13 AM > To: Dave DeChellis; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Relay for PPTP server? > > Try this: > > assuming you have the firewall on a separate machine from the pptp server: > > allow/forward port 1723 to the pptp server > allow (or masq if the pptp server has a "fake" IP addr) outgoing connections > from the pptp server to anywhere > > that should do it > Kevin > > ----- Original Message ----- > From: Dave DeChellis > To: > Sent: Wednesday, July 21, 1999 6:45 AM > Subject: [pptp-server] Relay for PPTP server? > > > Hello, > > > > I would like to have external clients connect through our firewall to an > > internal PPTP server. I would also like to have a relay > > of some sort on the external network and just have one trusting rule > through > > the firewall to the PPTP server. > > > > However, this is tricker since there are multiple protocols to deal with > as > > opposed to a true TCP/IP establishment. > > > > Is there such an animal which runs under various flavors of UNIX? I could > > deal with a Linux guy. > > > > Thanks for any info, > > Dave DeChellis > > daved at crl.dec.com > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From daved at crl.dec.com Wed Jul 21 15:03:53 1999 From: daved at crl.dec.com (Dave DeChellis) Date: Wed Jul 21 15:03:53 1999 Subject: [pptp-server] PPTP and DUNIX Message-ID: I was looking and noticed that PPTP has been "ported" to Digital UNIX 4.X (Tru64) and I was curious to know if anyone had additional information regarding necessary system configs, i.e. the loading of GRE and or necessary IP in IP configs. Thanks! Dave daved at crl.dec.com From tmk at netmagic.net Wed Jul 21 20:41:47 1999 From: tmk at netmagic.net (tmk) Date: Wed Jul 21 20:41:47 1999 Subject: [pptp-server] poptop and NT 5 (windows 2000) References: Message-ID: <002601bed3e3$b4bee980$011c0fc0@lala.net> After testing out the latest version of poptop, and installing the mppe patch, I'm happy to report that both work. If you are using an older version of poptop, a few config problems prevent it from working with NT 5, but as of v0.9.5 poptop and NT5 work just fine together. Kevin For those of you new to the list, here's a repost of the steps you need to take to get encryption working [edited a bit in light of my experience]: Installing MSCHAP/MPPE PPPD Patch Grab yourself a clean copy of the PPP deamon version 2.3.8 (ppp-2.3.8). Iusually go here for my PPP files: ftp://cs.anu.edu.au/pub/software/ppp/ Grab youself the MSCHAP/MPPE diff files and the RC4 files [instructions for obtaining RC4 files will be in the file README.MPPE after you apply the diff to pppd ] -tmk [note: if you get them from the SSL site, they are actually IN the ssl archive file.. not floating around on the ftp] -tmk Follow these instructions: Note: [] are example commands to run * extract the archive to your local file system [tar xvzf ppp-2.3.8.tgz]. * copy the MSCHAP/MPPE diff file to ppp-2.3.8/ * extract the diff file [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] * patch the diff [patch -p1 < ppp-2.3.8-mppe-others-norc4_TH7.diff] * copy the RC4 files (rc4.h and rc4_enc.c) to ppp-2.3.8/linux/ * [cd ppp-2.3.8] * [./configure] * [cd linux] * [./kinstall.sh] or "make kernel" * [cd ..] * [make] * make a backup of your pppd if your so inclined * copy the new pppd over the old one [cat pppd/pppd > `which pppd`] or do "make install" * [cd /usr/src/linux] * [make modules SUBDIRS=drivers/net] * [make modules_install] You may have to copy the rc4 files to /usr/src/linux/drivers/net and\or /usr/src/linux/include/linux * [rmmod ppp] * [insmod ppp] above 2 lines if you installed ppp as a module * [insmod ppp_mppe] Here is an example PPP options file (/etc/ppp/options): lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless Here is an example chap-secrets file (/etc/ppp/chap-secrets) username * password * this allows username to log in to any host(server) with password and any ip address -tmk Setup your Windows client to support data encryption. Run PoPToP and connect! From matthewr at moreton.com.au Wed Jul 21 23:21:08 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Jul 21 23:21:08 1999 Subject: [pptp-server] v0.9.6 released Message-ID: <37969AF3.2D455BDA@moreton.com.au> hiya all, PoPToP v0.9.6 has been released. You can grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html Important Note: This release installs binaries to /usr/local/sbin/. Previous versions of PoPToP installed to /usr/local/bin/. You will need to delete any old binaries (pptpd and pptpctrl) from /usr/local/bin/. that's all for now! -PoPToP Development Team. From luyer at ucs.uwa.edu.au Thu Jul 22 00:09:10 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jul 22 00:09:10 1999 Subject: [pptp-server] PPTP and DUNIX In-Reply-To: Your message of "Wed, 21 Jul 1999 16:02:16 -0400." Message-ID: <199907220508.NAA29626@typhaon.ucs.uwa.edu.au> > I was looking and noticed that PPTP has been "ported" to Digital UNIX 4.X > (Tru64) and I was curious to know if anyone > had additional information regarding necessary system configs, i.e. the > loading of GRE and or necessary IP in IP configs. Unfortunately it's better on 3.X, or I'd be running our production server on Digital Unix; 4.X has more 'tightly integrated' ppp which means you can't compile the standard pppd for it anymore so it's harder to do custom mods. You can try it out of the box on 4.X and see how it goes. I haven't tried it there for some time. David. From daved at crl.dec.com Thu Jul 22 08:42:19 1999 From: daved at crl.dec.com (Dave DeChellis) Date: Thu Jul 22 08:42:19 1999 Subject: [pptp-server] PPTP and DUNIX Message-ID: David, Thanks for the info. I don't really care about customized crap with PPPD, so is it possible to use the PPTP server with the 'tightly integrated' PPP with 4.X? Also, could you give me a brief "checklist" on how to set it up for DUNIX? The HOWTO is mainly geared towards Linux, and it would nice to try it under DUNIX. Thanks, DAve -----Original Message----- From: David Luyer [mailto:luyer at ucs.uwa.edu.au] Sent: Thursday, July 22, 1999 1:09 AM To: Dave DeChellis Cc: 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] PPTP and DUNIX > I was looking and noticed that PPTP has been "ported" to Digital UNIX 4.X > (Tru64) and I was curious to know if anyone > had additional information regarding necessary system configs, i.e. the > loading of GRE and or necessary IP in IP configs. Unfortunately it's better on 3.X, or I'd be running our production server on Digital Unix; 4.X has more 'tightly integrated' ppp which means you can't compile the standard pppd for it anymore so it's harder to do custom mods. You can try it out of the box on 4.X and see how it goes. I haven't tried it there for some time. David. From naclos at swbell.net Thu Jul 22 09:10:08 1999 From: naclos at swbell.net (Andy Carlson) Date: Thu Jul 22 09:10:08 1999 Subject: [pptp-server] [PPTP] Fixed my problem with ppp_mppe.o Message-ID: I fixed my problem with ppp_mppe.o, though I am still not sure why I had problems, and others seem not to. The instructions call for copying rc4.h and rc4_enc.c, but I also had to copy rc4_locl.h. I found the header for RC4_set_key in rc4_skey.c, so I copied that file, and added an include for it in ppp_mppe.c. Andy Carlson |\ _,,,---,,_ naclos at swbell.net ZZZzz /,`.-'`' -. ;-;;,_ BJC Health System |,4- ) )-,_. ,\ ( `'-' St. Louis, Missouri '---''(_/--' `-'_) Cat Pics: http://andyc.dyndns.org From matthewr at moreton.com.au Thu Jul 22 19:58:08 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu Jul 22 19:58:08 1999 Subject: [pptp-server] PoPToP v0.9.7 Message-ID: <3797BCDF.7A6A62C9@moreton.com.au> PoPToP v0.9.7 has been released! Grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html Minor doc and error logging changes. -PoPToP Development Team. From marco at init.co.il Fri Jul 23 13:49:52 1999 From: marco at init.co.il (Marco Supino) Date: Fri Jul 23 13:49:52 1999 Subject: [pptp-server] Fw: OpenBSD Message-ID: <002901bed555$790d3e00$6701a8c0@init.co.il> Hi. After Paolo Supino posted a mail about the OpenBSD error and didnt get any solve for this i will post it again : this is the log of the messages ... i am using OpenBSD 2.5 and pppd 2.3.5 Jul 23 21:37:37 mustang pptpd[12465]: MGR: Max connections reached, extra IP add resses ignored Jul 23 21:37:37 mustang pptpd[12465]: MGR: Max connections reached, extra IP add resses ignored Jul 23 21:37:50 mustang pptpd[4036]: GRE: bind() failed: Can't assign requested address Jul 23 21:37:50 mustang pppd[16169]: pppd 2.3.5 started by marco, uid 0 Jul 23 21:37:50 mustang pppd[16169]: Connect: ppp0 <--> /dev/ttyp1 Jul 23 21:37:50 mustang pptpd[4036]: GRE: xmit failed from decaps_hdlc: Bad file descriptor Jul 23 21:37:50 mustang pptpd[4036]: CTRL: PTY read or GRE write failed (pty,gre )=(4,-1) Jul 23 21:37:50 mustang pppd[16169]: Modem hangup Jul 23 21:37:50 mustang pppd[16169]: Connection terminated. I have no idea whats wrong.. any ideas ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From walterm at Gliatech.com Fri Jul 23 14:08:06 1999 From: walterm at Gliatech.com (Michael Walter) Date: Fri Jul 23 14:08:06 1999 Subject: [pptp-server] Problems logging into an NT domain Message-ID: Hello all, I have been struggling through setting up a VPN to support remote users logging into our companies NT domain. I'm not sure that this matters but the vpn is currently running ftpd, httpd, samba, and swat daemons in addition to the pppd and pptpd. Anyway, the vpn itself is a member of the domain and is able to nmblookup addresses and create shares. I am using windows98(through a cable modem) as a test client and am able to connect to the vpn with no problems or errors. However, all traffic from the client is still routed through the standard connection rather than the VPN connection. As such I cannot browse/ping/traceroute anything on the remote domain through the vpn. The vpn has a direct internet connection. I was just wondering if anyone could tell if my problem is with my client setup or the vpn server or give me an idea where I should be looking. Here is the server information: Thanks in advance... os redhat 6.0 kernel 2.2.5-15 pptpd 0.9.5 ppp 2.3.8 etc/pptpd.conf speed 115200 localip 192.0.0.96 192.0.0.122-127 remoteip 206.68.8.7-206.68.8.12 etc/ppp/options lock debug auth name gliatechusa5 +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless netmask 255.255.255.0 ms-wins 192.0.0.99 proxyarp etc/sysconfig/network NETWORKING=yes FORWARD_IPV4="yes" HOSTNAME="gliatechusa5.gliatech.com" DOMAINNAME=gliatech.com GATEWAY="206.68.8.1" GATEWAYDEV="eth1" Michael Walter walterm at gliatech.com From tmk at netmagic.net Fri Jul 23 15:47:36 1999 From: tmk at netmagic.net (tmk) Date: Fri Jul 23 15:47:36 1999 Subject: [pptp-server] Problems logging into an NT domain In-Reply-To: Message-ID: alright.. let's see if we can get you up and running. > addition to the pppd and pptpd. Anyway, the vpn itself is a member of the > domain and is able to nmblookup addresses and create shares. I am using I'll assume you mean the client is a member of the domain? or do you mean the server.. > windows98(through a cable modem) as a test client and am able to connect to > the vpn with no problems or errors. However, all traffic from the client is > still routed through the standard connection rather than the VPN connection. ok, so the little VPN modem lights don't blink at all? Sounds like a win98 routing problem, but we'll come back to that. > As such I cannot browse/ping/traceroute anything on the remote domain > through the vpn. The vpn has a direct internet connection. I was just > wondering if anyone could tell if my problem is with my client setup or the > vpn server or give me an idea where I should be looking. Here is the server > information: Thanks in advance... > os redhat 6.0 > kernel 2.2.5-15 > pptpd 0.9.5 > ppp 2.3.8 looks ok.. > etc/pptpd.conf > speed 115200 > localip 192.0.0.96 192.0.0.122-127 shouldn't it be localip 192.0.0.96,192.0.0.122-127 > remoteip 206.68.8.7-206.68.8.12 Unfortunately, since it's a network connectivity issue (not a connecting to the server issue) it takes different info to get a handle on the problem.. try the following: 1) connect to the pptp server 2) post dumps of "route print" (type at dos prompt) 2a) post the info for the VPN adapter as listed in winipcfg (or ipconfing in dos) 3) post all lines from /var/log/messages that pertain to that connection (ok to omit paswords if they're there ;) 4) post teh route table from linux afte rthe connection is on 5) describe your network numbers (private subnet, "real" ip of server, client's ip, etc) 6) answer questions from earlier in this message please send it to me personally, as you probably don't want your network info posted to the list.. Kevin From jason at centaurus.com Fri Jul 23 18:18:55 1999 From: jason at centaurus.com (Jason Shelton) Date: Fri Jul 23 18:18:55 1999 Subject: [pptp-server] Route problems? Message-ID: <001201bed561$df7ce1c0$0201a8c0@centaurus.com> Well, routing is my best guess anyway. I can connect to the pptpd server no problem, but then on the client I open network neighborhood, I can see all the computers on my intranet, but can only access the gateway/pptpd server. from the intranet side, I can see the client machine (in network neighborhood) but cannot ping it or access it. The gateway/server can ping the client. Anyone have any ideas? Jason Shelton From vanbaren at umich.edu Fri Jul 23 21:10:32 1999 From: vanbaren at umich.edu (Patricia Van Baren) Date: Fri Jul 23 21:10:32 1999 Subject: [pptp-server] PPTP crypto and management Problems Message-ID: <000001bed579$a5a3ff20$2801a8c0@bud.mw.mediaone.net> I had the same problem with my Win98 machines when I tried to add the encryption support to pppd. For me, the connection appeared to connect properly, but no traffic was allowed through the connection. Installing the "Microsoft Windows98 Dial-Up Networking Security Upgrade" solved the problem. http://support.microsoft.com/support/downloads/DP3268.ASP or ftp://ftp.microsoft.com/softlib/mslfiles/dun40.exe They have a knowledge base article about this update at: http://support.microsoft.com/support/kb/articles/q237/6/91.ASP > I patched ppp-2.3.8 with the MPPE patch and the RC4 sources from > OpenSSL-0.9.3a distribution, recompiled the kernel and all the other > things. > When I connect to the pptpd linux server with "Require encrypted data" > option enabled I get a sequence of errors like the ones below (for each > transmitted packet,I suppose). > The server works fine with no data encryption. > > Jul 19 09:41:00 fw pppd[1517]: Unsupported protocol (0x30d) received > Jul 19 09:41:00 fw pppd[1517]: sent [LCP ProtRej id=0xe 03 0d df f5 e4 > Jul 19 09:41:00 fw pppd[1517]: rcvd [proto=0x82e7] 22 71 6d 16 1f 9d 3b > Jul 19 09:41:00 fw pppd[1517]: Unsupported protocol (0x82e7) received > Jul 19 09:41:00 fw pppd[1517]: sent [LCP ProtRej id=0xf 82 e7 22 71 6d From phil at vibrationresearch.com Fri Jul 23 22:00:22 1999 From: phil at vibrationresearch.com (Philip Van Baren) Date: Fri Jul 23 22:00:22 1999 Subject: [pptp-server] Performance degradation from 0.9.4 to 0.9.5 In-Reply-To: Message-ID: <000101bed580$a366b520$2801a8c0@bud.mw.mediaone.net> I had pptpd version 0.9.4 installed and working well. Then I installed version 0.9.6, and the performance seemed to drop significantly. I did some benchmarks using netperf (http://netperf.org/netperf/NetperfPage.html) and found that the transfer rates from the Win98 machine to the Linux machine for versions 0.9.5, 0.9.6, and 0.9.7 are nearly half what I get with 0.9.4. My configuration is: pptpd server: Pentium/150 running RedHat 5.2, kernel 2.0.36, connected to the ISP via pppd over a 64kbps ISDN line. This machine is running IP-Masq for the local network. I tried both pppd 2.3.5 and 2.3.8, and with and without MPPE, with the same results. My configuration files are standard (I added the mppe-* stuff to pppd options when I tried with MPPE enabled, but the behavior is the same with and without that). VPN dial-up machine: Pentium-III/500 running Windows 98 connected to the ISP via Dial-up Networking through an ADSL modem. VPN support running on a second dial-up connection running overtop the first dialup connection. (I also tried this on a Win98 Pentium/233 connected to the ISP via an ethernet card and cable modem, with similar results) Anyone run into similar problems, or have possible explainations for this change? Phil VanBaren phil at vibrationresearch.com My results are (netperf running on the Win98 machine, netserver running on the Linux machine) netperf -H 192.168.1.1 -l 60 -t UDP_STREAM -f k -- -m 512 ( UDP stream test with 512-byte messages for 60 seconds ) with version 0.9.4: transmitted 540 messages, received 538 messages, receive rate: 36130 bits/second with version 0.9.5 (same with 0.9.6, 0.9.7) transmitted 270 messages, received 260 messages, receive rate: 17730 bits/second netperf -H 192.168.1.1 -f k -- -m 512 ( TCP stream test with 512-byte messages for 10 seconds ) with version 0.9.4: 32080 bits/second with version 0.9.5: 19900 bits/second From jason at centaurus.com Sat Jul 24 08:37:23 1999 From: jason at centaurus.com (Jason Shelton) Date: Sat Jul 24 08:37:23 1999 Subject: [pptp-server] Route problems? References: <001201bed561$df7ce1c0$0201a8c0@centaurus.com> <001701bed59f$8701a1a0$011c0fc0@lala.net> Message-ID: <001d01bed5d9$87294180$0201a8c0@themadhouse.cx> > make sure ip forwarding is enabled > > "echo 1 > /proc/sys/net/ipv4/ip_forward" > > Kevin Well, the server is a masq gateway for the office, so I know for a fact that ip forwarding is enabled. Jason Shelton From daniel at netwise.net.au Sat Jul 24 10:04:33 1999 From: daniel at netwise.net.au (Daniel Quinlan) Date: Sat Jul 24 10:04:33 1999 Subject: [pptp-server] test, sorry In-Reply-To: <001d01bed5d9$87294180$0201a8c0@themadhouse.cx>; from Jason Shelton on Sat, Jul 24, 1999 at 06:36:26AM -0700 References: <001201bed561$df7ce1c0$0201a8c0@centaurus.com> <001701bed59f$8701a1a0$011c0fc0@lala.net> <001d01bed5d9$87294180$0201a8c0@themadhouse.cx> Message-ID: <19990725010423.B23675@mage.netwise.net.au> testing the mail2news gateway From cybear at pacbell.net Sat Jul 24 19:29:13 1999 From: cybear at pacbell.net (Matt Templeton) Date: Sat Jul 24 19:29:13 1999 Subject: [Fwd: [pptp-server] Can't brouse MS network.] Message-ID: <379A5DF2.F4A5FB16@pacbell.net> OK, How can I set the netmask??? It always seems to get set at 255.255.255.255 I think I want 255.255.255.0... -------------- next part -------------- An embedded message was scrubbed... From: "tmk" Subject: Re: [pptp-server] Can't brouse MS network. Date: Sun, 18 Jul 1999 23:44:05 -0700 Size: 2233 URL: From cybear at pacbell.net Sat Jul 24 21:05:08 1999 From: cybear at pacbell.net (Matt Templeton) Date: Sat Jul 24 21:05:08 1999 Subject: [pptp-server] netmask Message-ID: <379A7469.13E1AF0A@pacbell.net> Thanks tmk, My Linux netmask for eth1 is 255.255.255.0 the ppp0 connection is 255.255.255.255... Is this correct??? I can route TCP over eth1 via ipchains Masquerading so I know I am forwarding across the DSL link, but nothing seems to route across the VPN link From cybear at pacbell.net Sun Jul 25 09:51:22 1999 From: cybear at pacbell.net (Matt Templeton) Date: Sun Jul 25 09:51:22 1999 Subject: [pptp-server] Net mask problems, still Message-ID: <379B280B.12A97AAA@pacbell.net> I am still having net mask problems. I have attached a file that has the output of ifconfig from Linux and ipconfig from windows. The windows side has a net mask of 255.255.255.0 while the Linux side has a net mask of 255.255.255.255. I can connect and log into the MS network but can not browse the MS network. The only way I can log into the MS network is to have "use IP header compression" and "use default gw on remote network" turned ON! I know this is not what the documentation states but it is the ONLY way I can see the Domain Controller to log on. Thanks, matt -------------- next part -------------- Windows 98 IP Configuration 0 Ethernet adapter : IP Address. . . . . . . . . : 206.170.1.168 Subnet Mask . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . : 206.170.1.168 1 Ethernet adapter : IP Address. . . . . . . . . : 192.169.6.235 Subnet Mask . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . : 192.169.6.235 2 Ethernet adapter : IP Address. . . . . . . . . : 169.254.219.217 Subnet Mask . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . : ###Linux eth0 Link encap:Ethernet HWaddr 00:C0:F0:14:36:10 inet addr:192.168.2.26 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7588 errors:0 dropped:0 overruns:0 frame:0 TX packets:5583 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:9 Base address:0xf880 eth1 Link encap:Ethernet HWaddr C0:00:2D:F0:F7:EE inet addr:216.102.91.87 Bcast:216.102.91.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16178 errors:0 dropped:0 overruns:0 frame:0 TX packets:14503 errors:0 dropped:0 overruns:0 carrier:0 collisions:1 txqueuelen:100 Interrupt:10 Base address:0xfc00 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:363 errors:0 dropped:0 overruns:0 frame:0 TX packets:363 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:192.169.6.34 P-t-P:192.169.6.235 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:85 errors:0 dropped:0 overruns:0 frame:0 TX packets:59 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 From brian at eplazaonline.com Sun Jul 25 15:32:06 1999 From: brian at eplazaonline.com (Brian west) Date: Sun Jul 25 15:32:06 1999 Subject: [pptp-server] Help Compiling with RC4 Message-ID: <000901bed6db$de280860$0200a8c0@bkw.org> I have tried and tried to get the kernel mods to compile and keep getting errors!! Is their an EXACT way to go about getting the correct files to compile the whole thing! I have collected the rc4 files from openssl-0.9.3a but I have yet to have any luck getting this to work * copy the new pppd over the old one [cat pppd/pppd > `which pppd`] * [cd /usr/src/linux] * [make modules SUBDIRS=drivers/net] * [make modules_install] * [rmmod ppp] * [insmod ppp] * [insmod ppp_mppe] Any help would be appreciated Thanks, Brian From tmk at netmagic.net Sun Jul 25 15:53:38 1999 From: tmk at netmagic.net (tmk) Date: Sun Jul 25 15:53:38 1999 Subject: [pptp-server] Help Compiling with RC4 References: <000901bed6db$de280860$0200a8c0@bkw.org> Message-ID: <005901bed6e0$3012a820$011c0fc0@lala.net> so everything compiled ok? did you add those lines to your ppp options file? A little more detail as to what the problem is and what you've tried would be great. Kevin ----- Original Message ----- From: Brian west To: Sent: Sunday, July 25, 1999 1:25 PM Subject: [pptp-server] Help Compiling with RC4 > I have tried and tried to get the kernel mods to compile and keep getting > errors!! Is their an EXACT way to go about getting the correct files to > compile the whole thing! I have collected the rc4 files from openssl-0.9.3a > but I have yet to have any luck getting this to work > > * copy the new pppd over the old one [cat pppd/pppd > `which pppd`] > * [cd /usr/src/linux] > * [make modules SUBDIRS=drivers/net] > * [make modules_install] > * [rmmod ppp] > * [insmod ppp] > * [insmod ppp_mppe] > > > Any help would be appreciated > Thanks, > Brian > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From srhodes at cpinternet.com Sun Jul 25 16:04:09 1999 From: srhodes at cpinternet.com (Steve Rhodes) Date: Sun Jul 25 16:04:09 1999 Subject: [pptp-server] MPPE encryption on pptpd Message-ID: <379B6D20.433B7E53@cpinternet.com> I am having a problem using the mppe encryption. Whenever I attempt to send data over the pptp connection, the transmission fails, and a the /var/log/messages entry reads "Unsupported protocol (0xZZZZ) received", where (0xZZZZ) is some random hex number. I can find these numbers buried within the GRE encapsulated packets, but I'll be darned if I can figure out what they mean. I have tried several configurations of kernels, Stock RedHat 5.2 (2.0.36-0.7), 2.2.4 and 2.2.9. I am always using the 2.3.8 pppd with the ppp-2.3.8-mppe-others-norc4_TH7.diff patch. I am using SSLeay-0.6.6b. The connection works flawlessly without any encryption applied, and I can successfully connect and transmit with just encrypted password set. Only when I specify data encryption required on the client, the connection completes, but no data will transmit. I have tried turning off IP header compression and default gateway selections to no avail. The only thing I have found where I differ from the instructions in the HOWTO is that I have to manually copy the rc4.h and rc4_enc.c files to the linux source tree to successfully compile the modules. I am assuming this is an oversight on the instructions. Any suggestions to get me pointed in the right direction would be greatly appreciated. Regards, Steve Rhodes From marclee at mgmt.utoronto.ca Sun Jul 25 16:05:10 1999 From: marclee at mgmt.utoronto.ca (Marcus Lee) Date: Sun Jul 25 16:05:10 1999 Subject: [pptp-server] Help Compiling with RC4 In-Reply-To: <000901bed6db$de280860$0200a8c0@bkw.org> Message-ID: On Sun, 25 Jul 1999, Brian west wrote: > I have tried and tried to get the kernel mods to compile and keep getting > errors!! Is their an EXACT way to go about getting the correct files to > compile the whole thing! I have collected the rc4 files from openssl-0.9.3a > but I have yet to have any luck getting this to work Hi Brian, I had problems with this until I read Andy Carlson's post in the pptp-server mailing list archives... http://lists.schulte.org/pipermail/pptp-server/1999-July/000443.html Basically, you need more than just rc4.h and rc4_enc.c from openssl. 1. copy rc4.h, rc4_enc.c rc4_locl.h, rc4_skey.c to both .../ppp-2.3.8/linux/ and /usr/src/linux/drivers/net/ 2. edit both "ppp_mppe.c" files and add the following line at the end of the set of #include lines at the top of the file... #include "rc4_skey.c" ... the rest of the standard instructions are fine. Also, you might want to execute a "depmod -a" to update the dependencies. I hope this helps. marc -- Marcus Lee marclee at mgmt.utoronto.ca Rotman School of Management, University of Toronto [check http://mgmt.utoronto.ca/~marclee/ for my PGP Public Key] From srhodes at cpinternet.com Sun Jul 25 17:20:40 1999 From: srhodes at cpinternet.com (Steve Rhodes) Date: Sun Jul 25 17:20:40 1999 Subject: [pptp-server] Re:MPPE encryption on pptpd Message-ID: <379B7F0A.7DBC32B2@cpinternet.com> I have found the answer to my problem. It's a Win 98 bug, of all things.... I noticed a number of people have what appears to be the same issue. Many Thanks to Patricia Van Baren for this info! http://lists.schulte.org/pipermail/pptp-server/1999-July/000449.html From marclee at mgmt.utoronto.ca Sun Jul 25 17:27:32 1999 From: marclee at mgmt.utoronto.ca (Marcus Lee) Date: Sun Jul 25 17:27:32 1999 Subject: [pptp-server] Help Compiling with RC4 In-Reply-To: <001f01bed6ea$88c425c0$0200a8c0@bkw.org> Message-ID: On Sun, 25 Jul 1999, Brian west wrote: > Ok I have done everything Marcus and every else has said but this is what I > get when I do "make modules SUBDIRS=drivers/net" > > Any Ideas? > > rc4.h:70: openssl/opensslconf.h: No such file or directory Hi Brian, I have the following RPM packages installed on my rh6.0: openssl-0.9.3a-3 openssl-devel-0.9.3a-3 Can you check that you have openssl-devel installed? marc -- Marcus Lee marclee at mgmt.utoronto.ca Rotman School of Management, University of Toronto [check http://mgmt.utoronto.ca/~marclee/ for my PGP Public Key] From rpotter at rpcs.net Sun Jul 25 19:56:02 1999 From: rpotter at rpcs.net (Richard Potter) Date: Sun Jul 25 19:56:02 1999 Subject: [pptp-server] Route problems? In-Reply-To: <001201bed561$df7ce1c0$0201a8c0@centaurus.com> Message-ID: On Fri, 23 Jul 1999, Jason Shelton wrote: > Well, routing is my best guess anyway. I can connect to the pptpd server no > problem, but then on the client I open network neighborhood, I can see all > the computers on my intranet, but can only access the gateway/pptpd server. I'm having the exact same problem. Anyone care to assist me here? Cheers!, -- Richard Potter Re/Max Team ideal Realty Inc. Kingston, ON CANADA http://www.kingston-realestate.com From sam at linuxtec.com Sun Jul 25 23:16:08 1999 From: sam at linuxtec.com (Samuel Gonzalez, Jr.) Date: Sun Jul 25 23:16:08 1999 Subject: [pptp-server] Route problems? References: Message-ID: <379BD2E0.C762CF90@linuxtec.com> What does your syslog say about proxyarp when you make the connection? There should be no routing problem if you are issuing an IP Address on the same subnet as your LAN. I am connecting to my linux server and issuing my laptop an IP address the same as the subnet of the lan. I understand you may want to issue different IP addresses to your clients connecting through pptpd, but get it working first in it's most simple form first. Sam Richard Potter wrote: > On Fri, 23 Jul 1999, Jason Shelton wrote: > > > Well, routing is my best guess anyway. I can connect to the pptpd server no > > problem, but then on the client I open network neighborhood, I can see all > > the computers on my intranet, but can only access the gateway/pptpd server. > > I'm having the exact same problem. > > Anyone care to assist me here? > > Cheers!, > -- > Richard Potter > Re/Max Team ideal Realty Inc. > Kingston, ON CANADA http://www.kingston-realestate.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- ****************************************** Samuel Gonzalez, Jr. SGI Consulting Houston, Texas 281-687-9286 www.linuxtec.com ****************************************** From marclee at mgmt.utoronto.ca Sun Jul 25 23:17:29 1999 From: marclee at mgmt.utoronto.ca (Marcus Lee) Date: Sun Jul 25 23:17:29 1999 Subject: [pptp-server] Help Compiling with RC4 In-Reply-To: <000501bed6ef$1ee1e0c0$0200a8c0@bkw.org> Message-ID: On Sun, 25 Jul 1999, Brian west wrote: > ... Well I got it to compile but I get this when trying to connect: > Jul 25 12:45:00 www modprobe: can't locate module ppp-compress-21 > Jul 25 12:45:00 www modprobe: can't locate module ppp-compress-21 > : > : > Jul 25 12:45:00 www pppd[7342]: MPPE 40 bit, stateless compression enabled > Jul 25 12:45:01 www pppd[7342]: Unsupported protocol (0x1bfc) received > Jul 25 12:45:01 www snmpd: Connection from 127.0.0.1 > Jul 25 12:45:04 www pppd[7342]: Unsupported protocol (0xd1c8) received > Jul 25 12:45:07 www pppd[7342]: Unsupported protocol (0xf142) received > ... whats the unsupported protocol stuff??? hmmm Hi Brian, I looked through my logs, and it seems that only after I unchecked (in the network protocols dialog box under dial-up networking)... 1. IPX/SPX compatible protocol support 2. NetBEUI protocol support ...did the error message stop. I know that pppd supports IPX, but I haven't gotten around to configuring it. ;-) Try connecting with only TCP/IP checked in the network protocols dialog box and see if you still get this error. Also, from the HOWTO-PoPToP-pre3 document, you can get rid of the "can't locate module ppp-compress-21" error if you manually load "bsd_comp" and "ppp_deflate". i.e. insmod bsd_comp insmod ppp_deflate ... I'm sure there is a way to automate this, but I'm not terribly familiar with the kernel module stuff. marc -- Marcus Lee marclee at mgmt.utoronto.ca Rotman School of Management, University of Toronto [check http://mgmt.utoronto.ca/~marclee/ for my PGP Public Key] From luyer at ucs.uwa.edu.au Mon Jul 26 01:43:58 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Mon Jul 26 01:43:58 1999 Subject: [pptp-server] Fw: OpenBSD In-Reply-To: Your message of "Fri, 23 Jul 1999 21:51:05 GMT." <002901bed555$790d3e00$6701a8c0@init.co.il> Message-ID: <199907260643.OAA16548@typhaon.ucs.uwa.edu.au> (copied to Theo de Raadt - I don't have "sendbug" since I don't have OpenBSD myself) > After Paolo Supino posted a mail about the OpenBSD error and didnt get > any solve for this i will post it again: I asked for further details such as system call and library traces for a few specific calls, but no details were forthcoming. So I didn't follow it up. > this is the log of the messages ... i am using OpenBSD 2.5 and pppd 2.3.5 Is this the latest OpenBSD kernel? If not, you might want to upgrade and see if the problem is fixed by a later kernel. It appears to be the latest to me and I don't see anything on their errata page. > Jul 23 21:37:50 mustang pptpd[4036]: GRE: bind() failed: Can't assign requested address This is the error. Probably an OpenBSD kernel bug - but you'd have to check with an OpenBSD person. As a temporary workaround only, delete line 68 in pptpgre.c ("return -1;"). Send this code and comment to an OpenBSD kernel person and ask them if they think it's a kernel bug, mention that it works on other OS's; inet_addrs[0] = returned from earlier getsockname() on a connected TCP socket inet_addrs[1] = returned from earlier getpeername() on a connected TCP socket PPTP_PROTO = 47 struct sockaddr_in addr; int gre_fd; /* Open IP protocol socket */ gre_fd = socket(AF_INET, SOCK_RAW, PPTP_PROTO); if (gre_fd < 0) { syslog(LOG_ERR, "GRE: socket() failed"); return -1; } addr.sin_family = AF_INET; addr.sin_addr = inetaddrs[0]; addr.sin_port = 0; if (bind(gre_fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { syslog(LOG_ERR, "GRE: bind() failed: %s", strerror(errno)); return -1; } addr.sin_family = AF_INET; addr.sin_addr = inetaddrs[1]; addr.sin_port = 0; if (connect(gre_fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { syslog(LOG_ERR, "GRE: connect() failed: %s", strerror(errno)); return -1; } The bind() is returning can't assign requested address. We need to bind() so that the outgoing packets go out the interface the TCP socket is established to. > Jul 23 21:37:50 mustang pptpd[4036]: GRE: xmit failed from decaps_hdlc: Bad file descriptor > Jul 23 21:37:50 mustang pptpd[4036]: CTRL: PTY read or GRE write failed (pty,gre)=(4,-1) This last bit is a pptpd bug - not properly handling the failed pptp_gre_init call. David. From luyer at ucs.uwa.edu.au Mon Jul 26 03:14:17 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Mon Jul 26 03:14:17 1999 Subject: [pptp-server] Fw: OpenBSD In-Reply-To: Your message of "Mon, 26 Jul 1999 14:43:26 +0800." <199907260643.OAA16548@typhaon.ucs.uwa.edu.au> Message-ID: <199907260814.QAA17625@typhaon.ucs.uwa.edu.au> OK, someone with OpenBSD please try (without the removing return -1 change) adding: memset(&addr, 0, sizeof(addr)); on line 62 of pptpgre.c, and tell me if it helps. Thanks, David. From Steve.Cowles at gte.net Mon Jul 26 05:32:56 1999 From: Steve.Cowles at gte.net (Cowles, Steve) Date: Mon Jul 26 05:32:56 1999 Subject: [pptp-server] Help Compiling with RC4 Message-ID: <31361954B2ADD2118B0900A0C90AFC3E210D@defiant> >Also, from the HOWTO-PoPToP-pre3 document, you can get rid of the "can't >locate module ppp-compress-21" error if you manually load "bsd_comp" and >"ppp_deflate". i.e. > > insmod bsd_comp > insmod ppp_deflate > >... I'm sure there is a way to automate this, but I'm not terribly >familiar with the kernel module stuff. As a matter of fact... there is a way to automate the above. Add the following to /etc/conf.modules. I'm running RH6.0. I found this info a few months ago on one of the search engines. The only confusing part was some folks said to alias ppp-compress-21 and 24 to bsd_comp and others used slhc for 21. I'm not an expert with pppd, but my log files seem to indicate that the modules are being properly loaded using slhc when I connect to my Linux box over dialup using my laptop (NT40). Same results using PopTop. It would be nice to understand which combination is correct!! Anyway, hope this helps Steve Cowles alias ppp-compress-21 slhc alias ppp-compress-24 bsd_comp alias ppp-compress-26 ppp_deflate From rpotter at rpcs.net Mon Jul 26 07:25:10 1999 From: rpotter at rpcs.net (Richard Potter) Date: Mon Jul 26 07:25:10 1999 Subject: [pptp-server] Route problems? In-Reply-To: <379BD2E0.C762CF90@linuxtec.com> Message-ID: On Sun, 25 Jul 1999, Samuel Gonzalez, Jr. wrote: > What does your syslog say about proxyarp when you make the connection? There > should be no routing problem if you are issuing an IP Address on the same subnet > as your LAN. I am connecting to my linux server and issuing my laptop an IP > address the same as the subnet of the lan. I understand you may want to issue > different IP addresses to your clients connecting through pptpd, but get it > working first in it's most simple form first. Thanks for the reply. It seems proxyarp is OK, from the logs: "found interface eth0 for proxy arp" But.. here's something from the server's logs that I need help with: "ip_fw_demasq_gre(): Inbound from 24.x.x.28 has no masq table entry." Any ideas on waht that means?? The server internal network is on 192.168.1. and I'm issuing an IP address of 192.168.1.1 for local ip and 192.168.1.200-249 for remoteip. Cheers!, -- Richard Potter Re/Max Team ideal Realty Inc. Kingston, ON CANADA http://www.kingston-realestate.com From grule at esupportnow.com Mon Jul 26 17:32:40 1999 From: grule at esupportnow.com (Gary Rule) Date: Mon Jul 26 17:32:40 1999 Subject: [pptp-server] PoPToP and Slackware problems Message-ID: Ok, I must be doing something really stupid here. I cannot get all of the programs to compile in Slackware Linux with kernel 2.0.36. I'm only able to get pptp and pptpctrl. I can't be the only one. Can someone give me a hand on this one? Or point me to where an answer has been posted before? Thanks. ------------------------------------------------------------------------ Gary Rule -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmk at netmagic.net Mon Jul 26 21:07:38 1999 From: tmk at netmagic.net (tmk) Date: Mon Jul 26 21:07:38 1999 Subject: [pptp-server] PoPToP and Slackware problems References: Message-ID: <001b01bed7d5$4de65860$011c0fc0@lala.net> ok, what DOESN'T compile.. that would be more helpful (btw, i think those are the only two executables anyways) Kevin ----- Original Message ----- From: Gary Rule To: pptp-server at lists.schulte.org Sent: Monday, July 26, 1999 3:33 PM Subject: [pptp-server] PoPToP and Slackware problems Ok, I must be doing something really stupid here. I cannot get all of the programs to compile in Slackware Linux with kernel 2.0.36. I'm only able to get pptp and pptpctrl. I can't be the only one. Can someone give me a hand on this one? Or point me to where an answer has been posted before? Thanks. ------------------------------------------------------------------------ Gary Rule -------------- next part -------------- An HTML attachment was scrubbed... URL: From luyer at ucs.uwa.edu.au Tue Jul 27 00:13:37 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Tue Jul 27 00:13:37 1999 Subject: [pptp-server] PoPToP and Slackware problems In-Reply-To: Your message of "Mon, 26 Jul 1999 18:33:09 -0400." Message-ID: <199907270513.NAA30165@typhaon.ucs.uwa.edu.au> > Ok, > I must be doing something really stupid here. I cannot get all of the > programs to compile in Slackware Linux with kernel 2.0.36. I'm only able to > get pptp and pptpctrl. I can't be the only one. Can someone give me a hand > on this one? Or point me to where an answer has been posted before? Thanks. The problem is old documentation :-) There is now only pptpctrl and pptpd. David. From matthewr at moreton.com.au Tue Jul 27 00:49:36 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Jul 27 00:49:36 1999 Subject: [pptp-server] v0.9.8 released Message-ID: <379D46F7.65D68EDB@moreton.com.au> Folks, PoPToP v0.9.8 has been released. Grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html -PoPToP Development Team. From kev at WPI.EDU Tue Jul 27 02:01:07 1999 From: kev at WPI.EDU (Kevin Amorin) Date: Tue Jul 27 02:01:07 1999 Subject: [pptp-server] NT Domain Auth Message-ID: Does anyone know if it is possible to authenticate to a NT Domain, as of now I have all users in the chap secrets file. Thanks Kevin From Tavis at PCMSITE.COM Tue Jul 27 13:49:35 1999 From: Tavis at PCMSITE.COM (Tavis) Date: Tue Jul 27 13:49:35 1999 Subject: [pptp-server] pppd/pptp problems under RH5.2 Message-ID: Hello all, Whenever i try and run pptpd the pppd gives the following errors. It appears it cannot find the modules for ppp-compress. I compiled support for ppp directly into the kernel( so i can't see why there should be any requirement for modules at all). Kernel 2.2.10, the newest ppp rpm i could find for 5.2 i.e. ppp-2.3.5-1.i386.rpm. The ppp-2.3.7-2.i386.rpm for RH6.0 will not install as it requires new GLIBC_2.1. Thanx for any help in advance. Jul 27 10:22:18 smifire pptpd[21043]: CTRL: Client 216.99.106.11 control connection started Jul 27 10:22:18 smifire pptpd[21043]: CTRL: Starting call (launching pppd, opening GRE) Jul 27 10:22:18 smifire pppd[21044]: pppd 2.3.5 started by root, uid 0 Jul 27 10:22:18 smifire pppd[21044]: Using interface ppp0 Jul 27 10:22:18 smifire pppd[21044]: Connect: ppp0 <--> /dev/ttyp1 Jul 27 10:22:19 smifire pptpd[21043]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Jul 27 10:22:23 smifire modprobe: can't locate module ppp-compress-21 Jul 27 10:22:23 smifire modprobe: can't locate module ppp-compress-26 Jul 27 10:22:23 smifire modprobe: can't locate module ppp-compress-24 Jul 27 10:22:23 smifire pppd[21044]: CHAP peer authentication succeeded for mccg Jul 27 10:22:24 smifire pppd[21044]: Unsupported protocol (0x803f) received Jul 27 10:22:23 smifire modprobe: can't locate module ppp-compress-21 Jul 27 10:22:24 smifire pppd[21044]: Received bad configure-ack: fe 02 Jul 27 10:22:23 smifire modprobe: can't locate module ppp-compress-26 Jul 27 10:22:24 smifire pppd[21044]: found interface eth1 for proxy arp Jul 27 10:22:24 smifire pppd[21044]: local IP address 172.16.0.201 Jul 27 10:22:24 smifire pppd[21044]: remote IP address 172.16.0.212 Jul 27 10:22:24 smifire modprobe: can't locate module ppp-compress-24 Jul 27 10:22:25 smifire pppd[21044]: ioctl(SIOCDARP): No such file or directory(2) Jul 27 10:22:26 smifire pppd[21044]: local IP address 172.16.0.201 Jul 27 10:22:26 smifire pppd[21044]: remote IP address 172.16.0.212 Jul 27 10:22:28 smifire pppd[21044]: ioctl(SIOCDARP): No such file or directory(2) Jul 27 10:22:28 smifire pppd[21044]: local IP address 172.16.0.201 Jul 27 10:22:28 smifire pppd[21044]: remote IP address 172.16.0.212 Jul 27 10:22:32 smifire pppd[21044]: ioctl(SIOCDARP): No such file or directory(2) Jul 27 10:22:32 smifire pppd[21044]: local IP address 172.16.0.201 Jul 27 10:22:32 smifire pppd[21044]: remote IP address 172.16.0.212 Jul 27 10:22:36 smifire pppd[21044]: ioctl(SIOCDARP): No such file or directory(2) Jul 27 10:22:36 smifire pppd[21044]: local IP address 172.16.0.201 Jul 27 10:22:36 smifire pppd[21044]: remote IP address 172.16.0.212 Jul 27 10:22:40 smifire pppd[21044]: ioctl(SIOCDARP): No such file or directory(2) Jul 27 10:22:40 smifire pptpd[21043]: CTRL: Error with select(), quitting Jul 27 10:22:40 smifire pptpd[21043]: CTRL: Client 216.99.106.11 control connection finished Jul 27 10:22:40 smifire pppd[21044]: Modem hangup Jul 27 10:22:40 smifire pppd[21044]: Connection terminated. Jul 27 10:22:40 smifire pppd[21044]: ioctl(SIOCDARP): No such file or directory(2) Jul 27 10:22:40 smifire pppd[21044]: Exit. Tavis Wordley Technical Director Path Communications Management P#519.858.9922 F#519.858.9551 tavis at pcmsite.com From tmk at netmagic.net Tue Jul 27 14:02:17 1999 From: tmk at netmagic.net (tmk) Date: Tue Jul 27 14:02:17 1999 Subject: [pptp-server] pppd/pptp problems under RH5.2 In-Reply-To: Message-ID: just insmod the bsd_comp.o and ppp_compress.o (or something like that) that will fix your problem. A description of a more permant fix is on the ppp-howto Kevin On Tue, 27 Jul 1999, Tavis wrote: > Hello all, > > Whenever i try and run pptpd the pppd gives the following errors. It > appears it cannot find the modules for ppp-compress. I compiled support for > ppp directly into the kernel( so i can't see why there should be any > requirement for modules at all). Kernel 2.2.10, the newest ppp rpm i could > find for 5.2 i.e. ppp-2.3.5-1.i386.rpm. The ppp-2.3.7-2.i386.rpm for RH6.0 > will not install as it requires new GLIBC_2.1. Thanx for any help in > advance. > > Jul 27 10:22:18 smifire pptpd[21043]: CTRL: Client 216.99.106.11 control > connection started > Jul 27 10:22:18 smifire pptpd[21043]: CTRL: Starting call (launching pppd, > opening GRE) > Jul 27 10:22:18 smifire pppd[21044]: pppd 2.3.5 started by root, uid 0 > Jul 27 10:22:18 smifire pppd[21044]: Using interface ppp0 > Jul 27 10:22:18 smifire pppd[21044]: Connect: ppp0 <--> /dev/ttyp1 > Jul 27 10:22:19 smifire pptpd[21043]: CTRL: Ignored a SET LINK INFO packet > with real ACCMs! > Jul 27 10:22:23 smifire modprobe: can't locate module ppp-compress-21 > Jul 27 10:22:23 smifire modprobe: can't locate module ppp-compress-26 > Jul 27 10:22:23 smifire modprobe: can't locate module ppp-compress-24 > Jul 27 10:22:23 smifire pppd[21044]: CHAP peer authentication succeeded for > mccg > Jul 27 10:22:24 smifire pppd[21044]: Unsupported protocol (0x803f) received > Jul 27 10:22:23 smifire modprobe: can't locate module ppp-compress-21 > Jul 27 10:22:24 smifire pppd[21044]: Received bad configure-ack: fe 02 > Jul 27 10:22:23 smifire modprobe: can't locate module ppp-compress-26 > Jul 27 10:22:24 smifire pppd[21044]: found interface eth1 for proxy arp > Jul 27 10:22:24 smifire pppd[21044]: local IP address 172.16.0.201 > Jul 27 10:22:24 smifire pppd[21044]: remote IP address 172.16.0.212 > Jul 27 10:22:24 smifire modprobe: can't locate module ppp-compress-24 > Jul 27 10:22:25 smifire pppd[21044]: ioctl(SIOCDARP): No such file or > directory(2) > Jul 27 10:22:26 smifire pppd[21044]: local IP address 172.16.0.201 > Jul 27 10:22:26 smifire pppd[21044]: remote IP address 172.16.0.212 > Jul 27 10:22:28 smifire pppd[21044]: ioctl(SIOCDARP): No such file or > directory(2) > Jul 27 10:22:28 smifire pppd[21044]: local IP address 172.16.0.201 > Jul 27 10:22:28 smifire pppd[21044]: remote IP address 172.16.0.212 > Jul 27 10:22:32 smifire pppd[21044]: ioctl(SIOCDARP): No such file or > directory(2) > Jul 27 10:22:32 smifire pppd[21044]: local IP address 172.16.0.201 > Jul 27 10:22:32 smifire pppd[21044]: remote IP address 172.16.0.212 > Jul 27 10:22:36 smifire pppd[21044]: ioctl(SIOCDARP): No such file or > directory(2) > Jul 27 10:22:36 smifire pppd[21044]: local IP address 172.16.0.201 > Jul 27 10:22:36 smifire pppd[21044]: remote IP address 172.16.0.212 > Jul 27 10:22:40 smifire pppd[21044]: ioctl(SIOCDARP): No such file or > directory(2) > Jul 27 10:22:40 smifire pptpd[21043]: CTRL: Error with select(), quitting > Jul 27 10:22:40 smifire pptpd[21043]: CTRL: Client 216.99.106.11 control > connection finished > Jul 27 10:22:40 smifire pppd[21044]: Modem hangup > Jul 27 10:22:40 smifire pppd[21044]: Connection terminated. > Jul 27 10:22:40 smifire pppd[21044]: ioctl(SIOCDARP): No such file or > directory(2) > Jul 27 10:22:40 smifire pppd[21044]: Exit. > > Tavis Wordley > Technical Director > Path Communications Management > P#519.858.9922 > F#519.858.9551 > tavis at pcmsite.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From cybear at pacbell.net Tue Jul 27 17:41:05 1999 From: cybear at pacbell.net (Matt Templeton) Date: Tue Jul 27 17:41:05 1999 Subject: [pptp-server] Starting over - proxy arp Message-ID: <379E392E.73D0ECC9@pacbell.net> I have started over... from windows98 second addition, I can establish a VPN session that allows full routing if IP packets. I can login to any server I want as long as I have ms-wins set to that server in the options file. I can not browse the network, the network not available or some such nonsense. I have proxyarp in the options file. in my messages file on the server that pptpd is running on, I get the messages: CHAP peer authentication succeeded for Cannot determine ethernet address for proxy ARP followed by messages showing my local and remote IP addresses being set right...I have a feeling that this proxy arp thing may be the problems I have been having all along. Anyone have any suggestions??? Matt From tmk at netmagic.net Tue Jul 27 17:45:36 1999 From: tmk at netmagic.net (tmk) Date: Tue Jul 27 17:45:36 1999 Subject: [pptp-server] Starting over - proxy arp In-Reply-To: <379E392E.73D0ECC9@pacbell.net> Message-ID: the proxy arp message indicates that the remote (aka client) and the local (aka server) ppp addresses are on different subnets, and proxyarp can't be used. Try changing the remote ip to one on the same subnet as the network you want to browse. That will probably solve both problems. Kevin On Tue, 27 Jul 1999, Matt Templeton wrote: > I have started over... from windows98 second addition, I can establish a > VPN session that allows full routing if IP packets. I can login to any > server I want as long as I have ms-wins set to that server in the > options file. I can not browse the network, the network not available or > some such nonsense. I have proxyarp in the options file. > > in my messages file on the server that pptpd is running on, I get the > messages: > > CHAP peer authentication succeeded for > Cannot determine ethernet address for proxy ARP > > followed by messages showing my local and remote IP addresses being set > right...I have a feeling that this proxy arp thing may be the problems I > have been having all along. Anyone have any suggestions??? > > Matt > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From wherbert at earthlink.net Tue Jul 27 22:04:52 1999 From: wherbert at earthlink.net (william herbert) Date: Tue Jul 27 22:04:52 1999 Subject: [pptp-server] FreeBSD and pptpd? Message-ID: <002301bed841$2ad30960$1902a8c0@thor.digiden.net> Anyone have any luck running this on freeBSD 3.1 stable? When I initially compiled 0.9.8 I got some errors in pptpctrl.c:28: /usr/include/libutil.h:55: parse error before `pid_t' /usr/include/libutil.h:56: parse error before `uid_t' so I commented those lines out to get it to Make. Heres what my logs say, it looks like it almost wants to work... : maine pptpd[3541]: CTRL: Client 38.26.65.218 control connection started Jul 27 23:01:50 maine pptpd[3541]: CTRL: Starting call (launching pppd, opening GRE) Jul 27 23:01:50 maine pppd[3542]: pppd 2.3.5 started by bill, uid 0 Jul 27 23:01:50 maine pppd[3542]: Using interface ppp0 Jul 27 23:01:50 maine pppd[3542]: Connect: ppp0 <--> /dev/ttyp2 Jul 27 23:01:50 maine pppd[3542]: sent [LCP ConfReq id=0x1 ] Jul 27 23:02:17 maine last message repeated 9 times Jul 27 23:02:20 maine pppd[3542]: LCP: timeout sending Config-Requests Jul 27 23:02:20 maine pppd[3542]: Connection terminated, connected for 1 minutes Jul 27 23:02:20 maine pppd[3542]: Exit. Jul 27 23:02:20 maine pptpd[3541]: GRE: read(fd=4,buffer=804cd58,len=8196) from PTY failed: status = 0 error = No error Jul 27 23:02:20 maine pptpd[3541]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jul 27 23:02:20 maine pptpd[3541]: CTRL: Client 38.26.65.218 control connection finished my win98 VPN addapter is configured per web page instructions, just kinda weary about /etc/ppp/options file not being exactly like Linux's , as well as the bad compile, im not a programmer but the lines that where commented out: int uu_lock_txfr __P((const char *_ttyname, pid_t _pid)); int _secure_path __P((const char *_path, uid_t _uid, gid_t _gid)); look hairy for authentications sake... thanks for any and all advice. wherbert at earthlink.net From tmk at netmagic.net Tue Jul 27 22:39:13 1999 From: tmk at netmagic.net (tmk) Date: Tue Jul 27 22:39:13 1999 Subject: [pptp-server] FreeBSD and pptpd? References: <002301bed841$2ad30960$1902a8c0@thor.digiden.net> Message-ID: <036101bed8ab$16ae9520$011c0fc0@lala.net> when i get that error (on linux mind you ) it is because the gre like failed to go through, so ppp had no one to talk to. Check that your client supports pptp from his/her location and that you don't have any wierd firewalling going on. Kevin ----- Original Message ----- From: william herbert To: Sent: Tuesday, July 27, 1999 8:03 AM Subject: [pptp-server] FreeBSD and pptpd? > Anyone have any luck running this on freeBSD 3.1 stable? > When I initially compiled 0.9.8 I got some errors in pptpctrl.c:28: > /usr/include/libutil.h:55: parse error before `pid_t' > /usr/include/libutil.h:56: parse error before `uid_t' > > so I commented those lines out to get it to Make. > Heres what my logs say, it looks like it almost wants to work... : > > maine pptpd[3541]: CTRL: Client 38.26.65.218 control connection started > Jul 27 23:01:50 maine pptpd[3541]: CTRL: Starting call (launching pppd, > opening GRE) > Jul 27 23:01:50 maine pppd[3542]: pppd 2.3.5 started by bill, uid 0 > Jul 27 23:01:50 maine pppd[3542]: Using interface ppp0 > Jul 27 23:01:50 maine pppd[3542]: Connect: ppp0 <--> /dev/ttyp2 > Jul 27 23:01:50 maine pppd[3542]: sent [LCP ConfReq id=0x1 > ] > Jul 27 23:02:17 maine last message repeated 9 times > Jul 27 23:02:20 maine pppd[3542]: LCP: timeout sending Config-Requests > Jul 27 23:02:20 maine pppd[3542]: Connection terminated, connected for 1 > minutes > Jul 27 23:02:20 maine pppd[3542]: Exit. > Jul 27 23:02:20 maine pptpd[3541]: GRE: read(fd=4,buffer=804cd58,len=8196) > from PTY failed: status = 0 error = No error > Jul 27 23:02:20 maine pptpd[3541]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jul 27 23:02:20 maine pptpd[3541]: CTRL: Client 38.26.65.218 control > connection finished > > my win98 VPN addapter is configured per web page instructions, just kinda > weary about > /etc/ppp/options file not being exactly like Linux's , as well as the bad > compile, im not a programmer but the lines that where commented out: > > int uu_lock_txfr __P((const char *_ttyname, pid_t _pid)); > int _secure_path __P((const char *_path, uid_t _uid, gid_t _gid)); > > look hairy for authentications sake... > thanks for any and all advice. > wherbert at earthlink.net > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From mals at home.com Tue Jul 27 23:31:03 1999 From: mals at home.com (Malay Shah) Date: Tue Jul 27 23:31:03 1999 Subject: [pptp-server] PoPToP Question Message-ID: <379E8758.7FC61FEA@home.com> Hi, I was wondering how I would setup PoPToP to assign a real ip to the remote host instead of a fake ip. I want to do this to allow computers inside my firewall to access the internet without using masquerading. What else would i require to get it working? Malay Shah From luyer at ucs.uwa.edu.au Wed Jul 28 02:26:40 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jul 28 02:26:40 1999 Subject: [pptp-server] FreeBSD and pptpd? In-Reply-To: Your message of "Tue, 27 Jul 1999 20:41:32 MST." <036101bed8ab$16ae9520$011c0fc0@lala.net> Message-ID: <199907280726.PAA11807@typhaon.ucs.uwa.edu.au> > when i get that error (on linux mind you ) it is because the gre like failed > to go through, so ppp had no one to talk to. Check that your client supports > pptp from his/her location and that you don't have any wierd firewalling > going on. I've also had it due to the Win98 network stack on the client being fried, and due to errors in ppp configuration. Turning up ppp debugging can help. > Kevin > ----- Original Message ----- > From: william herbert > To: > Sent: Tuesday, July 27, 1999 8:03 AM > Subject: [pptp-server] FreeBSD and pptpd? > > > > Anyone have any luck running this on freeBSD 3.1 stable? > > When I initially compiled 0.9.8 I got some errors in pptpctrl.c:28: > > /usr/include/libutil.h:55: parse error before `pid_t' > > /usr/include/libutil.h:56: parse error before `uid_t' > > > so I commented those lines out to get it to Make. Should be OK that you commented them out, but would be better to fix the problem :-) Tell me if it works if you uncomment them and edit pptpctrl.c such that #ifdef HAVE_OPENPTY #ifdef HAVE_PTY_H #include #endif #ifdef HAVE_LIBUTIL_H #include #endif #endif is moved to the line below #include (more important that it's below the block containing ) This should fix the compile problem. It won't actually affect the problem you're having which is probably with pppd or firewalling. David. From luyer at ucs.uwa.edu.au Wed Jul 28 02:30:32 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jul 28 02:30:32 1999 Subject: [pptp-server] PoPToP Question In-Reply-To: Your message of "Wed, 28 Jul 1999 00:30:16 -0400." <379E8758.7FC61FEA@home.com> Message-ID: <199907280730.PAA11840@typhaon.ucs.uwa.edu.au> > Hi, I was wondering how I would setup PoPToP to assign a real ip to the > remote host instead of a fake ip. I want to do this to allow computers > inside my firewall to access the internet without using masquerading. > What else would i require to get it working? Depends on your setup. Consult your local network/routing expert :-) I'm using gated to export routes for connected clients (I'd much prefer to use zebra or routed but neither of them can currently do the interface rescanning properly so I'm stuck with gated). You may be able to use proxy arp if you are making the hosts appear on your local ethernet. Basically, it all depends on your setup, consult your local network/routing expert. It's not really much different to giving out "fake" ips except that you may have to get the routes to propagate further. David. From wherbert at earthlink.net Wed Jul 28 09:15:46 1999 From: wherbert at earthlink.net (wherbert) Date: Wed Jul 28 09:15:46 1999 Subject: [pptp-server] FreeBSD and pptpd? Message-ID: <001c01bed903$32f07020$6f01a8c0@billh.60north.net> SUCCESS! Thank you this fixed the compile time error with pptpctrl. As well , my previous messages concerning unable to get GRE from the debug log was do to my oversight. I was attempting to attach VPN through a firewall/nat configuration. (Silly me). Now im testing the BSD Userland PPP switch from ./configure --with-bsdppp. Everything seems to configure properly & the actual build goes ok however I recieve the message: BSD user level ppp currently requires PPPd IP allocation. Does this mean that user ppp is in the works/doesnt work rite now or that I just need to specify local/remote from /etc/ppp/options or pptp.conf ? thanks wherbert at earthlink.net -----Original Message----- From: David Luyer To: tmk Cc: william herbert ; pptp-server at lists.schulte.org Date: Wednesday, July 28, 1999 3:30 AM Subject: Re: [pptp-server] FreeBSD and pptpd? >> when i get that error (on linux mind you ) it is because the gre like failed >> to go through, so ppp had no one to talk to. Check that your client supports >> pptp from his/her location and that you don't have any wierd firewalling >> going on. > >I've also had it due to the Win98 network stack on the client being fried, and >due to errors in ppp configuration. Turning up ppp debugging can help. > >> Kevin >> ----- Original Message ----- >> From: william herbert >> To: >> Sent: Tuesday, July 27, 1999 8:03 AM >> Subject: [pptp-server] FreeBSD and pptpd? >> >> >> > Anyone have any luck running this on freeBSD 3.1 stable? >> > When I initially compiled 0.9.8 I got some errors in pptpctrl.c:28: >> > /usr/include/libutil.h:55: parse error before `pid_t' >> > /usr/include/libutil.h:56: parse error before `uid_t' >> >> > so I commented those lines out to get it to Make. > >Should be OK that you commented them out, but would be better to fix >the problem :-) > >Tell me if it works if you uncomment them and edit pptpctrl.c such that > >#ifdef HAVE_OPENPTY >#ifdef HAVE_PTY_H >#include >#endif >#ifdef HAVE_LIBUTIL_H >#include >#endif >#endif > >is moved to the line below >#include >(more important that it's below the block containing ) > >This should fix the compile problem. It won't actually affect the problem >you're having which is probably with pppd or firewalling. > >David. > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > From luyer at ucs.uwa.edu.au Wed Jul 28 09:48:37 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jul 28 09:48:37 1999 Subject: [pptp-server] FreeBSD and pptpd? Message-ID: <199907281448.WAA01403@libretto.ucs.uwa.edu.au> > Now im testing the BSD Userland PPP switch from ./configure --with-bsdppp. [...] You have to use --with-bsdppp --with-pppd-ip-alloc Then you specify the IP addresses in /etc/ppp/options. or equivalent for that ppp daemon. The only reason for this restriction is that nobody has told me how to specify IP addresses on the command line to the BSD userspace PPPd, or if it is possible. David. From bens at saber.net Wed Jul 28 09:58:29 1999 From: bens at saber.net (Benjamin Smith) Date: Wed Jul 28 09:58:29 1999 Subject: [pptp-server] PPTP vs IPsec Message-ID: <99072807582200.11749@bug1.lookuplaw.com> OK, I'm setting up remote access via modem to a small network of about 12 PCs. What I want to do is to provide access to the local machines remotely, using remote control software. (VNC, ATT's Virtual Network Computer stuff) This avoids the extreme frustration of loading a 2 MB .EXE file over a modem, and as well provides for a single data source to backup. Security has been presented as an issue. Which is better? Using IPsec, as mentioned at http://securityportal.com/direct.cgi?/coverstory/19990726.html , or PoPToP? Has anybody tried setting up IPsec on a Linux server, and Windows clients? I can see from watching this list for a while, that many of you have found success with PPTP. Thanks in advance, -- ("`-''-/").___..--''"`-._ (Simba) `@_ @ ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' ((().-'' ((().' (((.-' Benjamin Smith From walterm at Gliatech.com Wed Jul 28 10:33:22 1999 From: walterm at Gliatech.com (Michael Walter) Date: Wed Jul 28 10:33:22 1999 Subject: [pptp-server] RPM's and MPPE 40-128 bit RC4 encryption Message-ID: Hello, Does anyone know if there is a way to implement mppe 40 and 128 bit encryption into pppd without compiling it into the kernel. Perhaps through an rpm? If not, could someone post the location of a working set of the rc4.h and rc4_enc.c files? Thanks, Michael Walter walterm at gliatech.com From mals at home.com Wed Jul 28 10:51:54 1999 From: mals at home.com (Malay Shah) Date: Wed Jul 28 10:51:54 1999 Subject: [pptp-server] RPM's and MPPE 40-128 bit RC4 encryption References: Message-ID: <379F26F3.E906506A@home.com> Michael, You'll have to download the SSLeay 0.6.6 package from ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ It should contain the rc4.h and rc4_enc.c Malay Shah Michael Walter wrote: > Hello, > Does anyone know if there is a way to implement mppe 40 and 128 bit > encryption into pppd without compiling it into the kernel. Perhaps through > an rpm? If not, could someone post the location of a working set of the > rc4.h and rc4_enc.c files? > Thanks, > Michael Walter > walterm at gliatech.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From matthewr at moreton.com.au Wed Jul 28 18:55:56 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Jul 28 18:55:56 1999 Subject: [pptp-server] PPTP vs IPsec References: <99072807582200.11749@bug1.lookuplaw.com> Message-ID: <379F9759.1033B8CD@moreton.com.au> Ben, The difference between PoPToP and IPsec is that PoPToP is ready NOW.. and requires *no* third party software on the Windows client end (Windows comes with a free PPTP client). PoPToP is a completely *free* solution. PoPToP can be integrated with the latest PPPD patches that take advantage of MSCHAPv2 and MPPE (Microsoft encryption using RC4 - 40/128 bits). Anyone else have anything to add? Cheers, Matt. > What I want to do is to provide access to the local machines remotely, using > remote control software. (VNC, ATT's Virtual Network Computer stuff) > > This avoids the extreme frustration of loading a 2 MB .EXE file over a modem, > and as well provides for a single data source to backup. > > Security has been presented as an issue. > > Which is better? Using IPsec, as mentioned at > http://securityportal.com/direct.cgi?/coverstory/19990726.html , or PoPToP? > > Has anybody tried setting up IPsec on a Linux server, and Windows clients? I > can see from watching this list for a while, that many of you have found > success with PPTP. From mdfranz at txdirect.net Wed Jul 28 19:40:06 1999 From: mdfranz at txdirect.net (Matthew Franz) Date: Wed Jul 28 19:40:06 1999 Subject: [pptp-server] PPTP vs IPsec In-Reply-To: <379F9759.1033B8CD@moreton.com.au> Message-ID: On Wed, 28 Jul 1999, Matthew Ramsay wrote: > Ben, > > The difference between PoPToP and IPsec is that PoPToP is ready NOW.. > and requires *no* third party software on the Windows client end > (Windows comes with a free PPTP client). > > PoPToP is a completely *free* solution. > > PoPToP can be integrated with the latest PPPD patches that take > advantage of MSCHAPv2 and MPPE (Microsoft encryption using RC4 - 40/128 > bits). > > Anyone else have anything to add? > Although PPTP sgenerally gets a bad rap from the engineers where I work (probably due to its relative immaturity and the well-published flaws in Microsoft's implementation), PoPTop is probably the only cross-platform solution for Linux. It is also generally acknowledged that PPTP is better for client <-> network VPN solutions where IPSEC is better for network <-> network VPNs. -mdf ________________________________________________________________________ Matthew D. Franz mdfranz at txdirect.net http://www.trinux.org Trinux: A Linux Security Toolkit http://www.opensec.net OpenSEC: Open Security Solutions http://www.tds.com Trident Data Systems From srhodes at cpinternet.com Thu Jul 29 00:46:16 1999 From: srhodes at cpinternet.com (Steve Rhodes) Date: Thu Jul 29 00:46:16 1999 Subject: [pptp-server] PoPTop, Samba, Windows and Firewalls (Oh My!) Message-ID: <379FDC8F.6F0A33CF@cpinternet.com> INTRODUCTION After spending the better part of two weeks developing my configuration for a pptp sever for remote file access by Windows(tm) clients, I thought I would pass along these notes to those who may be interested. The basic configuration involves a Samba/PoPToP server behind a firewall, through which clients using Win98 machines will connect using the VPN facility built into that OS. This is diagrammed below. _____ ___ ______ ______ | | | \ | fire | | file | | win | ---> / net \ ---> | wall | ---> | srvr | |_____| \__/\_/ |______| |______| The components of the system consist of the Win98 clients running the built-in VPN facility dialing in to their ISP's and connecting through the firewall to the Samba server on the internal network using the pptp protocol. The firewall uses Network Address Translation to convert an open Internet IP address to an internal one. Sounds simple enough right? SIMPLE TEST SETUP As a starting point, I configured a Win98 box to connect directly to a PoPToP server without any authentication or encryption. This was just to get a feel for how pptp works and verify the setup. Using the pre-packaged rpm's was a big help here. You just rpm the thing onto the system and fire it up, and you're in business. The diagram below represents this simple system. 192.168.56.142 192.168.56.11 _____ ______ | | | file | | win | ------------------> | srvr | |_____| |______| Emboldend by my success, I set out to turn on MS authentication and encrytion, and this is where the fun started. AUTHENTICATION AND ENCRYPTION This is an area where Microsoft really shows its true colors. Turning on password and data encryption on the Win98 VPN server configuration was quite the eye opening experience. First with the authentication, you will have to go through a somewhat difficult compilation of the ppp-2.3.8 package. The worst part here is getting all the pieces together, namely the rc4 files. This process is well documented in this archive, so I won't go into it here. The next realization is that Microsoft prepends the domain name to the user name when submitting the login credentials. For example, srhodes is now DBNET\\srhodes. If that wasn't bad enough, I found that the domain wasn't even the one I was logged into. My best guess is that the first domain that the computer ever logs into is stuck with it for ever. This is a real problem if you have multiple domains that you log into. I modified the pppd.c code to strip out the domain on MSCHAP logins, but you can just set the user name in chap-secrets to match the windows version. Then I spent a whole day trying to figure out why data encryption does not work. I tried just about everything I could think of that could be wrong. That's when I discovered this archive, for which I am truly grateful. It turns out that the Win98 implementation of encrytpion is FUBAR! You have to download one of those patches from Microsoft, DUN40.exe to get the thing to work. This is for 40 bit encryption. Don't hold your breath waiting for 128 bit. ftp://ftp.microsoft.com/softlib/mslfiles/dun40.exe FIREWALL CONFIGURATION The issue with a firewall in this setup is that you need to cover two types of protocol communication. There is one connection which is a tcp connection on port 1723 that handles the control functions and another connection using IP type 47, or GRE, which handles the actual data communication. This second connection presents a problem for the convention linux firewall, ipfwadm. You see, its only set up to handle tcp, udp and icmp protocols. It doesn't know about GRE. The trick around this block is to use one of the new 2.2 kernels, which employ a new firewall called ipchains. This tool willl handle arbitrary protocols, which can be specified by their numbers. 192.168.2.142 192.168.56.11 _____ ______ ______ | | | fire | 192.168.56.1 | file | | win | --------------->| wall | --------------> | srvr | |_____| 192.168.2.1 |______| |______| You need to remember a few things before getting too deep into this. The default gateway on win is set to 192.168.2.1, and the default gateway on file srvr is set to 192.168.56.1. The firewall has the two network interfaces spanning the two subnets and is configured for IP forwarding. If you have not yet applied any firewall rules, this configuration will work as before. The interesing part is to block out all other access to file srvr by implementing ipchains rules. The short story is: ipchains -F ipchains -P forward DENY ipchains -I forward -p tcp -d 192.168.56.11 1723 -j ACCEPT ipchains -A forward -p tcp -s 192.168.56.11 1723 -j ACCEPT ipchains -A forward -p 47 -d 192.168.56.11 -j ACCEPT ipchains -A forward -p 47 -s 192.168.56.11 -j ACCEPT NETWORK ADDRESS TRANSLATION The next hurdle is to configure the firewall so that it can run an open internet IP address on the outside and allow access to an internal address on the inside. NAT is very well suited to this task, although you may hear otherwise from knowledgable sources. It happens to be my preference, though certainly not the only way to skin this cat. You can obtain the NAT software and some detailed information from http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html But again, there is a problem with the GRE protocol of type 47. The tool for configuring NAT, ipnatadm, like its half-brother ipfwadm, is not set up to handle arbitrary protocols. Unfortunately, you'll have to go into the code and make a slight modification if you want to use it for this purpose. There is a procedure called parse_protocol in the file routines.c that discriminates the type of protocol to be filtered. The basic idea is to accept a string representing a number and use that as the filter. Since you have to recompile the kernel anyway to get the NAT functionality, maybe it's not so horrible, relatively speaking. For those ambitous enough, here is the diff for the routines file, copy this into a file called routines.diff and use the command patch -p0 < routines.diff from within the same directory. --- routines.c Thu Mar 25 15:41:58 1999 +++ /mnt/zip/nat/routines.c Wed Jul 21 21:09:28 1999 @@ -112,11 +112,18 @@ else if (strncmp("icmp", s, strlen(s)) == 0) nat_set.nat.protocol = IPPROTO_ICMP; else { + int number; + char * end; + number = (int)strtol(s, &end, 10); + nat_set.nat.protocol = number; + } + /* + else { fprintf(stderr, "ipnatadm: invalid protocol \"%s\" specified\n", s); exit_tryhelp(2); - /* make the compiler happy... */ return; } + */ } void parse_hostnetworkmask(char *name, struct in_addr **addrpp, __u32 *maskp, int *naddrs) The patch is actually lifted from ipchains, which was derived from ipfwadm, which provides the basis for ipnatadm. Once you've got all that running, what you want to do is to set up the NAT rules so that the incoming client thinks its talking to the firewall, as does the outgoing file server. The short of it is: ipnatadm -F ipnatadm -I -i -P 6 -D 192.168.2.1 1723 -N 192.168.56.11 1723 ipnatadm -O -i -P 6 -S 192.168.56.11 1723 -M 192.168.2.1 1723 ipnatadm -I -i -P 47 -D 192.168.2.1 -N 192.168.56.11 ipnatadm -O -i -P 47 -S 192.168.56.11 -M 192.168.2.1 Here, the -P argument sets the protocol, 6 is tcp and 47 is GRE. PPTP packets targeting the firewall are translated to the internal host inbound and vice-versa on the way out. Very slick. SAMBA Here's a subject so complex you could probably devote a whole career to it. We don't want to get too bogged down, so I'll be brief. Samba implements the NetBIOS protocol, which has more quirks than you can shake a stick at. One of the biggest problems is the use of subnet broadcasting. Suffice it to say, if you want the best results, you should set your PoPToP IP addresses to reside within the subnet on which the file server ethernet is located. I choose 192.168.56.12 for the server address, and it hands out IP's from 192.168.13-127. Setting the IP forwarding on the file server to true will give you access to other machines on the internal network. When you go at the samba sever from Win98, you have to use encrypted password. Look at smbpasswd and related stuff. Finding shares on the server is not so easy. The short story here is that browsing is implemented via broadcast packets, and broadcast packets will not travel down a PPP link. The only way to get browsing to work over pptp is to set Samba up as a WINS server and a Domain login server, and configure the clients to use that WINS server and force them to login to that Domain. Believe me, I tried just about everything to avoid that. You will also want to set the samba server as the domain master and preferred master for the browsing. If you can't do that, you can set the ppp/options file to include a ms-wins setting for the samba server. This will set the client up so they can at least resolve host names. The only way to find a share under this configuration is to name it explicitly. You can use the tools menu from the Win98 file browser and say find -> computer and enter in the name of the samba server and it will be found. I have found that setting domain master = yes and preferred master = yes gives a rather nice boost to the speed of name lookups on the network. Here is my abbreviated smb.conf [global] workgroup = VAULT server string = acer log file = /var/log/samba/log.%m max log size = 50 security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY domain master = yes preferred master = yes domain logons = yes wins support = yes dns proxy = no [homes] comment = Home Directories browseable = no writable = yes You should also use the lmhosts option for nmbd (-H) and set up an lmhosts file on the samba server. Make sure also the the samba server can resolve its own name, through either /etc/hosts or DNS. In all honesty , I went through the same simple test setup with samba as I did for PoPToP, although its not shown here explicitly. CONCLUSION PoPToP is a good program, as is Samba. This configuration can work if you put a little effort into it. I have seen a lot of questions here and in other places about these types of systems, so I would think that there is some demand on the part of users who want this type of functionality. I hope these notes are useful to you if this is what you want to do. Regards, Steve Rhodes From luyer at ucs.uwa.edu.au Thu Jul 29 02:34:46 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jul 29 02:34:46 1999 Subject: [pptp-server] PPTP vs IPsec In-Reply-To: Your message of "Wed, 28 Jul 1999 23:50:49 GMT." <379F9759.1033B8CD@moreton.com.au> Message-ID: <199907290717.PAA23177@typhaon.ucs.uwa.edu.au> > Ben, > > The difference between PoPToP and IPsec is that PoPToP is ready NOW.. > and requires *no* third party software on the Windows client end > (Windows comes with a free PPTP client). > > PoPToP is a completely *free* solution. Unfortunately not true for Mac clients though. The Mac client software is around $400 US a copy. I'm interested in doing some Mac client side work to create a free client but I'm not interested in paying large amounts of money for developers docs or commercial compilers. David. From luyer at ucs.uwa.edu.au Thu Jul 29 03:15:56 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jul 29 03:15:56 1999 Subject: [pptp-server] FreeBSD and pptpd? In-Reply-To: Your message of "Wed, 28 Jul 1999 10:12:15 -0400." <001c01bed903$32f07020$6f01a8c0@billh.60north.net> Message-ID: <199907290815.QAA24078@typhaon.ucs.uwa.edu.au> > BSD user level ppp currently requires PPPd IP allocation. Add the relevant config option (see configure --help). I'll make it simply force the option and give a warning if it doesn't already. > Does this mean that user ppp is in the works/doesnt work rite now or that I > just need to specify local/remote from /etc/ppp/options or pptp.conf ? You specify the IP addresses in the chap secrets file using the BSD user-mode ppp. /etc/ppp/options isn't used by that variant of pppd. David. From luyer at ucs.uwa.edu.au Thu Jul 29 03:27:07 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jul 29 03:27:07 1999 Subject: [pptp-server] FreeBSD and pptpd? In-Reply-To: Your message of "Thu, 29 Jul 1999 16:15:37 +0800." <199907290815.QAA24078@typhaon.ucs.uwa.edu.au> Message-ID: <199907290826.QAA24270@typhaon.ucs.uwa.edu.au> OK, 0.9.9 is now in the CVS and does the things I've said I'd do over the past couple of days. I assume Matt Ramsay will release it soon. David. From matthewr at moreton.com.au Thu Jul 29 03:44:08 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu Jul 29 03:44:08 1999 Subject: [pptp-server] v0.9.9 released Message-ID: <37A0131F.D78B106A@moreton.com.au> PoPToP v0.9.9 has been released! You can grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html ChangeLog for this release: v0.9.8 -> v0.9.9 29 July, 1999 - move libutil.h to after sys/types.h (FreeBSD 3.1) - add option file passing to SLIRP - reduce the number of variables used for option parsing/storage - add option to set local address to bind to ("listen") - configure script forces pppd ip allocation when needed, rather than exiting on an error -PoPToP Development Team From Bjoern at CHYBA.at Thu Jul 29 06:39:56 1999 From: Bjoern at CHYBA.at (CB) Date: Thu Jul 29 06:39:56 1999 Subject: [pptp-server] firewall, pppd options, callback Message-ID: <199907291139.NAA21314@stud4.tuwien.ac.at> hi is it possible to put MS-like callback options to the pppd? my isp is banning pptp connections, so i have to stay with old fashioned dial modems to test poptop. or does anybody have a clou to trick out my isp's firewall. i can connect to my poptop server but a few seconds later it's being rejected due to an error. poptop IS well configured, that's for sure. CB From EMIR.TOKTAR at bra.xerox.com Thu Jul 29 08:26:34 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Thu Jul 29 08:26:34 1999 Subject: [pptp-server] PPTP vs IPsec Message-ID: <51E5E026247AD2118CDD0008C74CC2DD34187E@BRA0070MS1> Neither network layer-based (L2TP, PPTP,...)nor application layer-based (IPSec,SSL,SSH) security techniques are the best choice for all situations. There will be trade-offs. Net work layer security protects the information created by upper layer protocols, but it requires that IPSec be implemented in the communications stack. With network layer security, there is no need to modify existing upper layer applications. On the other hand, if security features are already imbedded within a given application, then the data for that specific application will be protected while it is in transit, even in the absence of network layer security. Therefore security functions must be imbedded on a per-application basis. There are still other considerations: . Authentication is provided only for the identity of tunnel endpoints , but not for each individual packet that flows inside the tunnel. This can expose the tunnel to man-in-the-middle and spoofing attacks. ? Network layer security gives ?blanket protection?, but this may not be as fine-grained as would be desired for a given application. It protects all traffic and is transparent to users and applications. ? Network layer security does not provide protection once the datagram has arrived at its destination host. That is, it is vulnerable to attack within the upper layers of the protocol stack at the destination machine. ? Application layer security can protect the information that has been generated within the upper layers of the stack, but it offers no protection against several common network layer attacks while the datagram is in transit. For example, a datagram in transit would be vulnerable to spoofing attacks against its source or destination address. ? Application layer security is more intelligent (as it knows the application) but also more complex and slower. . IPSec provides for tunnel authentication, while PPTP does not. . Layer 2 tunneling protocols inherit the user authentication schemes of PPP, including the EAP methods discussed below. Many Layer 3 tunneling schemes assume that the endpoints were well known (and authenticated) before the tunnel was established. An exception to this is IPSec ISAKMP negotiation, which provides mutual authentication of the tunnel endpoints. (Note that most IPSec implementations support machine-based certificates only, rather than user certificates. As a result, any user with access to one of the endpoint machines can use the tunnel. This potential security weakness can be eliminated when IPSec is paired with a Layer 2 protocol such as L2TP.) . Using the Extensible Authentication Protocol (EAP), Layer 2 tunneling protocols can support a wide variety of authentication methods, including one-time passwords, cryptographic calculators, and smart cards. Layer 3 tunneling protocols (IPSec) can use similar methods; for example, IPSec defines public key certificate authentication in its ISAKMP/Oakley negotiation. . Layer 2 tunneling supports dynamic assignment of client addresses based on the Network Control Protocol (NCP) negotiation mechanism. Generally, Layer 3 tunneling schemes assume that an address has already been assigned prior to initiation of the tunnel. Schemes for assignment of addresses in IPSec tunnel mode are currently under development and are not yet available. Layer 2 tunneling protocols support PPP-based compression schemes. For example, the Microsoft implementations of both PPTP and L2TP use Microsoft Point-to-Point Compression (MPPC). The IETF is investigating similar mechanisms (such as IP Compression) for the Layer 3 tunneling protocols. . Layer 2 tunneling protocols support PPP-based data encryption mechanisms. Microsoft's implementation of PPTP supports optional use of Microsoft Point-to-Point Encryption (MPPE), based on the RSA/RC4 algorithm. Layer 3 tunneling protocols can use similar methods; for example, IPSec defines several optional data encryption methods which are negotiated during the ISAKMP/Oakley exchange. . MPPE, a Layer 2 protocol, relies on the initial key generated during user authentication, and then refreshes it periodically. IPSec, explicitly negotiates a common key during the ISAKMP exchange, and also refreshes it periodically. . Layer 2 tunneling supports multiple payload protocols, which makes it easy for tunneling clients to access their corporate networks using IP, IPX, NetBEUI, and so forth. In contrast, Layer 3 tunneling protocols, such as IPSec tunnel mode, typically support only target networks that use the IP protocol. IPSec is not multi-protocol. IPSec will be suported by windows 2000, or W2K :) Many cases can occur, each of which needs to be examined on its own merit. It may be desirable to employ a mix of both network layer security techniques and application layer techniques to achieve the desired overall level of protection. For example, you could use an upper layer mechanism such as Secure Sockets Layer (SSL) to encrypt upper layer data. SSL could then be supplemented with IPSec? s AH protocol at the network layer to provide per-packet data origin authentication and protection against spoofing attacks. Regards, Emir Toktar Tel : +55 **41 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br A Comprehensive Guide to Virtual Private Networks, IBM Virtual Private Networking: An Overview White Paper - DRAFT, 3/18/98 Microsoft. Others... -----Original Message----- From: Matthew Ramsay [mailto:matthewr at moreton.com.au] Sent: Wednesday, July 28, 1999 8:51 PM To: bens at saber.net Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPTP vs IPsec Ben, The difference between PoPToP and IPsec is that PoPToP is ready NOW.. and requires *no* third party software on the Windows client end (Windows comes with a free PPTP client). PoPToP is a completely *free* solution. PoPToP can be integrated with the latest PPPD patches that take advantage of MSCHAPv2 and MPPE (Microsoft encryption using RC4 - 40/128 bits). Anyone else have anything to add? Cheers, Matt. -------------- next part -------------- A non-text attachment was scrubbed... Name: Emir Toktar.vcf Type: application/octet-stream Size: 420 bytes Desc: not available URL: From jcaspen at ittc.ukans.edu Fri Jul 30 00:53:18 1999 From: jcaspen at ittc.ukans.edu (Carlos Castro Pena) Date: Fri Jul 30 00:53:18 1999 Subject: [pptp-server] Connecting a LINUX PPTP client (1.0.2) and POPTOP (Last Version) Message-ID: <37A13DBF.9E75D2C7@ittc.ukans.edu> I have been trying to establish a connection between a Linux client and a Linux server on the same LAN, but I was not successful. I have been reading the FAQ and the docs I found, but I couldn't solve the problem. /var/log/pptp.log of the server says: pptpd: Client a.b.c.d control connection started pptpd: EOF or bad error reading ctrl packet length pptpd: couldn't read packet header (exit) pptpd: CTRL read failed pptpd: CLient a.b.c.d control connection finished The client displays: warn[open_inetsock:pptp_callmgr.c:287]: connect: Connection refused fatal [callmgr_main:pptp_callmgr.c:122]: Could not open control connection to a.b.c.d fatal [launch_callmgr:pptp.c:213]: Call manager exited with error 256 In some place I read that 'tunneling' must be compiled in the client. Can it be the reason? I don't have it compiled in the client. From water at labj.com Fri Jul 30 16:56:08 1999 From: water at labj.com (water at labj.com) Date: Fri Jul 30 16:56:08 1999 Subject: [pptp-server] PopTop w/ MPPE dosen't work with NT4 client? Message-ID: <199907302147.OAA02085@newyork.labj.com> Has anybody tried PopTop w/ MPPE against WinNT clients? I tried, but no luck. The connection can be successfully established, but both ends just don't understand the encrypted frames from the other. Any hints to solve this problem? Thanks Jim From srhodes at cpinternet.com Sat Jul 31 07:51:23 1999 From: srhodes at cpinternet.com (root) Date: Sat Jul 31 07:51:23 1999 Subject: [pptp-server] PopTop w/ MPPE dosen't work with NT4 client? References: <199907302147.OAA02085@newyork.labj.com> Message-ID: <37A2E32C.A8463390@cpinternet.com> I don't have an NT machine to test with, but I suspect that this is an issue similar to what happened with Windows 98. You have to run an upgrade against the machine to get the encryption working. Seems like the original version of PPTP from Microsoft was not implemented properly, and they went through an iteration to get it write. The most promising lead I found on the Microsoft site: http://support.microsoft.com/support/kb/articles/Q167/0/40.ASP