From matthewr at moreton.com.au Tue Jun 1 01:06:03 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue, 01 Jun 1999 06:06:03 +0000 Subject: [pptp-server] v0.8.7 released Message-ID: <3753784B.38418FEE@moreton.com.au> Hiya all, PoPToP v0.8.7 has been released... You can download it here: http://www.moretonbay.com/vpn/download_pptp.html Important notes: It seems NT client support is broken... I'm not sure exactly what version broke this. If anyone can prove me wrong though please do tell (my testing is done with 98). To address some issues Seth brought up: v0.8.7 does not yet add much in the way of localip configuration support (sorry Seth.. it's on its way soon). David Luyer submitted a patch with many bug fixes... but also added support for PPPD to be responsible for the local/remote ip definitions.. this may help. Kevin has added more support to clean up stray CTRL connections. Solaris/Slirp port has been patched in as well... although i may have broken that a bit too (Harald?). OpenBSD port is probably still broken (Peter?) The complete ChangeLog is below. v0.8.6 -> v0.8.7 1st June, 1999 - GRE seperated from pptpctrl to support vforking - adds link status detection (ie if a link goes down, we can figure it out and deal with it) (Kevin) - Solaris/Slirp port (Harald Vogt) - cleaned up comments a lot (move towards C style to permit compiling in older compilers/increase portablity) - standardized #ifndef #define #endif defines in header files - stop inststr from nuking environment (hopefully) - use longer argv[0] in exec()s to make inststr much nicer - make inststr wipe args other than argv[0] - #define to remove some debugging (PPTPD_DEBUG) and to remove the IP address allocation code so PPPD can be used to allocate IP addresses (INTERNAL_IP_ALLOCATION) - in pptpctrl.c, main()'s addrlen was uninitialized - yuck, was causing random variable overwriting - clean up some wasteful memory copying and so on, as well as remove some copies into small static buffers - clean up some blank lines - increasing the amount of code visible one screen is good if it can be done without making the formatting ugly. - use exit() not _exit() in pptpd - the fear of this closing fork()d filedescriptors is wrong. both have the same file descriptor closing properties. - remove a potential leak of 2 filedescriptors in option parsing (checks of optional file names). - miscellaneous EMBED support for syslog etc. - many other misc changes. That is all for now. Cheers, Matt. From matthewr at moreton.com.au Tue Jun 1 02:08:24 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue, 01 Jun 1999 07:08:24 +0000 Subject: [pptp-server] NT problem SOLVED Message-ID: <375386E8.7BF66F15@moreton.com.au> Thanks to Brad Davis who just dropped me a note on NT. If you take header and software compression off it will work. I tested this and I have my NT box connecting to PoPToP again. It's a simple client side configuration problem. :-) Cheers, Matt. From Peter.Galbavy at knowledge.com Tue Jun 1 03:13:47 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Tue, 1 Jun 1999 09:13:47 +0100 Subject: [pptp-server] v0.8.7 released In-Reply-To: <3753784B.38418FEE@moreton.com.au>; from Matthew Ramsay on Tue, Jun 01, 1999 at 06:06:03AM +0000 References: <3753784B.38418FEE@moreton.com.au> Message-ID: <19990601091347.C27627@office.knowledge.com> On Tue, Jun 01, 1999 at 06:06:03AM +0000, Matthew Ramsay wrote: > OpenBSD port is probably still broken (Peter?) Yes. Sorry. I will get some free time this week to work on it. Paying work for my company takes priority :) Regards, -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From Jim at Morris.net Tue Jun 1 11:34:12 1999 From: Jim at Morris.net (Jim Morris) Date: Tue, 1 Jun 1999 11:34:12 -0500 Subject: [pptp-server] v0.8.7 released In-Reply-To: <3753784B.38418FEE@moreton.com.au> References: <3753784B.38418FEE@moreton.com.au> Message-ID: <11482.990601@Morris.net> Hi Matthew, Here on a Redhat 5.1 system, PoPToP v0.8.7 no longer builds - the last one I build was v0.8.4. Something in the make/autoconf setup has broken (at least for Redhat 5.1) since v0.8.4.... Running "configure" is successful, but I get the following output, which I've not had time to debug, upon typing "make": [jim at darkstar pptpd-0.8.7]$ make cd . && autoheader /usr/bin/autoheader: Symbol `PACKAGE' is not covered by /usr/lib/autoconf/acconf ig.h /usr/bin/autoheader: Symbol `VERSION' is not covered by /usr/lib/autoconf/acconf ig.h make: *** [stamp-h.in] Error 1 I verified that the source I have for PoPToP 0.8.4 does indeed configure and make successfully. -- "But I don't like Spam!!!!" -- /------------------------------------------------\ | Jim Morris | Business: jmorris at rtc-group.com | | | Personal: Jim at Morris.net | |------------------------------------------------| | World Wide Web: http://Jim.Morris.net | \------------------------------------------------/ From allanc at sco.com Tue Jun 1 12:00:50 1999 From: allanc at sco.com (Allan Clark) Date: Tue, 01 Jun 1999 13:00:50 -0400 Subject: [pptp-server] v0.8.7 released References: <3753784B.38418FEE@moreton.com.au> <11482.990601@Morris.net> Message-ID: <375411C2.FA56804F@sco.com> I had this problem from older versions of automake/autoconf. Jim, What are your versions of automake and autoconf? Probably this would give me exactly what I'm looking for: rpm -q -a | grep auto Allan Jim Morris wrote: > Hi Matthew, > > Here on a Redhat 5.1 system, PoPToP v0.8.7 no longer builds - the last > one I build was v0.8.4. Something in the make/autoconf setup has > broken (at least for Redhat 5.1) since v0.8.4.... > > Running "configure" is successful, but I get the following output, > which I've not had time to debug, upon typing "make": > > [jim at darkstar pptpd-0.8.7]$ make > cd . && autoheader > /usr/bin/autoheader: Symbol `PACKAGE' is not covered by /usr/lib/autoconf/acconf > ig.h > /usr/bin/autoheader: Symbol `VERSION' is not covered by /usr/lib/autoconf/acconf > ig.h > make: *** [stamp-h.in] Error 1 > > I verified that the source I have for PoPToP 0.8.4 does indeed > configure and make successfully. From Jim at Morris.net Tue Jun 1 12:34:59 1999 From: Jim at Morris.net (Jim Morris) Date: Tue, 1 Jun 1999 12:34:59 -0500 Subject: [pptp-server] Re[2]: [pptp-server] v0.8.7 released In-Reply-To: <375411C2.FA56804F@sco.com> References: <375411C2.FA56804F@sco.com> Message-ID: <11524.990601@Morris.net> Hi Allan, The Redhat 5.1 system I administer is running autoconf 2.12, and automake 1.3. This system is pretty much stock Redhat 5.1, with updates applied. Note that pptpd 0.8.4 does build - so its something that has been added to the autoconf stuff since that time that has broken it. I would debug it myself... but although I've done a lot of Unix development (commercial development for SCO OpenServer 5.0.5 most recently, noting your Email address!), autoconf is not something I've ever had the time to learn... it might make my life easier in the long run, I guess! ;-) I've got both Redhat 6.0 and Caldera OpenServer 2.2 here, but really don't need to run the VPN stuff on them at this point - just on the RH 5.1 box.... Thanks! -- It's reassuring to know that if you behave strangely enough, society will take full responsibility for you. -- /------------------------------------------------\ | Jim Morris | Business: jmorris at rtc-group.com | | | Personal: Jim at Morris.net | |------------------------------------------------| | World Wide Web: http://Jim.Morris.net | \------------------------------------------------/ From Jim at Morris.net Tue Jun 1 14:13:16 1999 From: Jim at Morris.net (Jim Morris) Date: Tue, 1 Jun 1999 14:13:16 -0500 Subject: [pptp-server] Re: Earlier PoPToP questions Message-ID: <13592.990601@Morris.net> Hi Guys, Belay my one question about the options file for pppd - I goofed, and somehow missed the support that is already in there for that! ;-) -- A commune is where people join together to share their lack of wealth. -- R. Stallman -- /------------------------------------------------\ | Jim Morris | Business: jmorris at rtc-group.com | | | Personal: Jim at Morris.net | |------------------------------------------------| | World Wide Web: http://Jim.Morris.net | \------------------------------------------------/ From tmk at netmagic.net Tue Jun 1 15:27:44 1999 From: tmk at netmagic.net (tmk) Date: Tue, 1 Jun 1999 13:27:44 -0700 (PDT) Subject: [pptp-server] Re[2]: [pptp-server] v0.8.7 released In-Reply-To: <11524.990601@Morris.net> Message-ID: hey, i had the same problem, you just need to update your autoconf/automake/libtool stuff to the latest. the vers that come with rh 6 work find on my 5.1 box Kevin On Tue, 1 Jun 1999, Jim Morris wrote: > Hi Allan, > > The Redhat 5.1 system I administer is running autoconf 2.12, and > automake 1.3. This system is pretty much stock Redhat 5.1, with > updates applied. Note that pptpd 0.8.4 does build - so its something > that has been added to the autoconf stuff since that time that has > broken it. I would debug it myself... but although I've done a lot of > Unix development (commercial development for SCO OpenServer 5.0.5 most > recently, noting your Email address!), autoconf is not something I've > ever had the time to learn... it might make my life easier in the > long run, I guess! ;-) > > I've got both Redhat 6.0 and Caldera OpenServer 2.2 here, but really > don't need to run the VPN stuff on them at this point - just on the RH > 5.1 box.... > > Thanks! > > -- > It's reassuring to know that if you behave strangely enough, > society will take full responsibility for you. > -- > /------------------------------------------------\ > | Jim Morris | Business: jmorris at rtc-group.com | > | | Personal: Jim at Morris.net | > |------------------------------------------------| > | World Wide Web: http://Jim.Morris.net | > \------------------------------------------------/ > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From spencer.leung at utoronto.ca Tue Jun 1 16:19:30 1999 From: spencer.leung at utoronto.ca (spencer.leung at utoronto.ca) Date: Tue, 1 Jun 1999 17:19:30 -0400 (EDT) Subject: [pptp-server] Samba and pptpd Message-ID: Hi, Anyone has configured Samba with PPTPD? I was able to get them working together with 0.8.4 but have no luck since then. Spencer From skvidal at skyrunner.net Tue Jun 1 16:22:38 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Tue, 1 Jun 1999 17:22:38 -0400 (EDT) Subject: [pptp-server] Samba and pptpd In-Reply-To: Message-ID: > Hi, > > Anyone has configured Samba with PPTPD? I was able to get them working > together with 0.8.4 but have no luck since then. yep. samba on a separate machine or on the pptpd server? is samba configured as a pdc or what? what version of samba? what does the bind interfaces only parameter say? what does the interfaces parameter say? -sv From matthewr at moreton.com.au Wed Jun 2 02:05:22 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed, 02 Jun 1999 07:05:22 +0000 Subject: [pptp-server] pppd 2.2.0 Message-ID: <3754D7B2.9174A153@moreton.com.au> I know it's a long shot.... but, has anyone had PoPToP going with a real old version of pppd? more specifically pppd 2.2.0? Cheers, Matt. From luyer at ucs.uwa.edu.au Wed Jun 2 04:14:53 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed, 02 Jun 1999 17:14:53 +0800 Subject: [pptp-server] Re[2]: [pptp-server] v0.8.7 released In-Reply-To: Your message of "Tue, 01 Jun 1999 12:34:59 EST." <11524.990601@Morris.net> Message-ID: <199906020914.RAA06702@typhaon.ucs.uwa.edu.au> > Hi Allan, > > The Redhat 5.1 system I administer is running autoconf 2.12, and [...] You need 2.13. It is in RedHat 6.0 or Debian "potato", and both packages work without upgrading the rest of the system. I did commit a patch which said this, but the Makefile.in is auto-generated from Makefile.am and hence looses the patch :-( David. From ducati at desmodue.com Wed Jun 2 16:09:27 1999 From: ducati at desmodue.com (Ducati) Date: Wed, 02 Jun 1999 14:09:27 -0700 Subject: [pptp-server] PPTP behind firewall Message-ID: <37559D87.5CF7110F@desmodue.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* Can someone help me as far as setting up a pptp client, Linux BTW, behind a firewall, also Linux. I would like to access a NT Server at work from home and have a @Home cable connection with a 2.0.36 masquerading firewall so I can use my laptop from home. I have seem some things on IP port 137 and udp port 17, from memory. Anyone got a FAQ or mini-HOWTO? Thanks, Rod From skvidal at skyrunner.net Wed Jun 2 23:26:32 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Thu, 3 Jun 1999 00:26:32 -0400 (EDT) Subject: [pptp-server] PPTP behind firewall In-Reply-To: <37559D87.5CF7110F@desmodue.com> Message-ID: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Can someone help me as far as setting up a pptp client, Linux BTW, > behind a firewall, also Linux. I would like to access a NT Server at > work from home and have a @Home cable connection with a 2.0.36 > masquerading firewall so I can use my laptop from home. I have seem > some things on IP port 137 and udp port 17, from memory. Anyone got a > FAQ or mini-HOWTO? you'll need to get the pptp client patch for masquerading (it uses ipportfw is I remember correctly) then you'll need to setup the pptp client on your linux machine and the tunnelling server on your NT machine (is the NT machine behind a Linux server?) if it is then you'll need pptpd on the linux machine (and nothing on the NT box) and you just connect from the linux machine at home (via the pptp client) to the linux firewall at work (the pptpd server) and then you're done. (sounds easy right?) :) there was a brief how to posted here a day or so ago. you can check the archives or whatever. -sv From skvidal at skyrunner.net Thu Jun 3 09:12:51 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Thu, 3 Jun 1999 10:12:51 -0400 (EDT) Subject: [pptp-server] network map for pptpd Message-ID: I drew this up to help explain what the tunnelled connection is doing. its crude but I think it good enough for the explanation the blue lines are internet (external network) connections the red lines are intranet (internal network) connections and the green lines are tunnelled connections. hope this helps at all. -sv -------------- next part -------------- A non-text attachment was scrubbed... Name: pptpd.gif Type: image/gif Size: 4692 bytes Desc: URL: From wfaulk at totalsports.net Thu Jun 3 12:02:41 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Thu, 3 Jun 1999 13:02:41 -0400 (EDT) Subject: [pptp-server] pptpd still not handling dropped connections properly? Message-ID: None of the following connections are actually up, but the pppds are still running, and the interfaces that are associated with them are still up as well. Is there any way I can help debug this? sprawl% ps ax | grep -i pp 6284 ? S 0:00 PPTP Manager 6439 ? S 0:00 PPTP GRE 14 12 13 6440 ttya0 S 0:00 /usr/sbin/pppd /dev/ttya0 local 115200 172.17.0.1:172 7222 ? S 0:00 PPTP GRE 20 18 19 7223 ttya2 S 0:00 /usr/sbin/pppd /dev/ttya2 local 115200 172.17.0.2:172 7262 ? S 0:00 PPTP GRE 21 19 20 7263 ttya1 S 0:00 /usr/sbin/pppd /dev/ttya1 local 115200 172.17.0.1:172 7445 ? S 0:00 PPTP GRE 23 21 22 7446 ttya3 S 0:00 /usr/sbin/pppd /dev/ttya3 local 115200 172.17.0.2:172 8758 ? S 0:00 PPTP GRE 32 30 31 8759 ttya4 S 0:00 /usr/sbin/pppd /dev/ttya4 local 115200 172.17.0.2:172 8772 ? S 0:00 PPTP GRE 34 32 33 8773 ttya5 S 0:00 /usr/sbin/pppd /dev/ttya5 local 115200 172.17.0.3:172 8793 ? S 0:00 PPTP GRE 36 34 35 8794 ttya6 S 0:00 /usr/sbin/pppd /dev/ttya6 local 115200 172.17.0.4:172 8840 ? S 0:00 PPTP CTRL Connection 8843 ? S 0:00 PPTP GRE 36 34 35 8844 ttya7 S 0:00 /usr/sbin/pppd /dev/ttya7 local 115200 172.17.0.2:172 8903 ? S 0:00 PPTP GRE 41 39 40 8904 ttya8 S 0:00 /usr/sbin/pppd /dev/ttya8 local 115200 172.17.0.3:172 -Bitt From skvidal at skyrunner.net Thu Jun 3 13:56:34 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Thu, 3 Jun 1999 14:56:34 -0400 (EDT) Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: Message-ID: > running, and the interfaces that are associated with them are still up as > well. Is there any way I can help debug this? > > sprawl% ps ax | grep -i pp > 6284 ? S 0:00 PPTP Manager > 6439 ? S 0:00 PPTP GRE 14 12 13 > 6440 ttya0 S 0:00 /usr/sbin/pppd /dev/ttya0 local 115200 > 172.17.0.1:172 > 7222 ? S 0:00 PPTP GRE 20 18 19 > 7223 ttya2 S 0:00 /usr/sbin/pppd /dev/ttya2 local 115200 > 172.17.0.2:172 > 7262 ? S 0:00 PPTP GRE 21 19 20 > 7263 ttya1 S 0:00 /usr/sbin/pppd /dev/ttya1 local 115200 > 172.17.0.1:172 > 7445 ? S 0:00 PPTP GRE 23 21 22 > 7446 ttya3 S 0:00 /usr/sbin/pppd /dev/ttya3 local 115200 > 172.17.0.2:172 > 8758 ? S 0:00 PPTP GRE 32 30 31 > 8759 ttya4 S 0:00 /usr/sbin/pppd /dev/ttya4 local 115200 > 172.17.0.2:172 > 8772 ? S 0:00 PPTP GRE 34 32 33 > 8773 ttya5 S 0:00 /usr/sbin/pppd /dev/ttya5 local 115200 > 172.17.0.3:172 > 8793 ? S 0:00 PPTP GRE 36 34 35 > 8794 ttya6 S 0:00 /usr/sbin/pppd /dev/ttya6 local 115200 > 172.17.0.4:172 > 8840 ? S 0:00 PPTP CTRL Connection > 8843 ? S 0:00 PPTP GRE 36 34 35 > 8844 ttya7 S 0:00 /usr/sbin/pppd /dev/ttya7 local 115200 > 172.17.0.2:172 > 8903 ? S 0:00 PPTP GRE 41 39 40 > 8904 ttya8 S 0:00 /usr/sbin/pppd /dev/ttya8 local 115200 > 172.17.0.3:172 what does your /etc/ppp/options file look like? mine has been dropping connections a-ok since I made some changes. -sv From wfaulk at totalsports.net Thu Jun 3 14:14:43 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Thu, 3 Jun 1999 15:14:43 -0400 (EDT) Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: Message-ID: On Thu, 3 Jun 1999, Seth Vidal wrote: > > what does your /etc/ppp/options file look like? debug name 216.2.60.227 auth require-chap > mine has been dropping connections a-ok since I made some changes. Why do I get the uneasy feeling that I am missing something really obvious now? -Bitt From skvidal at skyrunner.net Thu Jun 3 14:15:06 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Thu, 3 Jun 1999 15:15:06 -0400 (EDT) Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: Message-ID: > debug > name 216.2.60.227 > > auth > require-chap you'll definitely want proxyarp in there but other than that you're ok. what version of ppp are you using. what type of clients are the ones connecting? (win98,nt,linux) > Why do I get the uneasy feeling that I am missing something really obvious > now? not neccessarily. occassionally extra PPTP CTRL processes do hang around but the pppd processes should die. -sv From wfaulk at totalsports.net Thu Jun 3 14:45:03 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Thu, 3 Jun 1999 15:45:03 -0400 (EDT) Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: Message-ID: On Thu, 3 Jun 1999, Seth Vidal wrote: > > > debug > > name 216.2.60.227 > > > > auth > > require-chap > > you'll definitely want proxyarp in there but other than that you're ok. > > what version of ppp are you using. 2.3.6 > what type of clients are the ones connecting? (win98,nt,linux) Mostly win95 w/ MSDUN13.EXE installed, probably some win98, probably no NT, definitely no linux. 100% idiots, though. > > Why do I get the uneasy feeling that I am missing something really obvious > > now? > > not neccessarily. > > occassionally extra PPTP CTRL processes do hang around but the pppd > processes should die. I've actually never seen the CTRLs hang around, but the pppds certainly do. Maybe I've made some sort of logical mistake. Here's how I have it configured: /etc/pptpd.conf: speed 115200 localip 172.17.0.1-100 remoteip 172.17.1.1-100 So a PTP is made between those two IPs and then (magically on the remote side) a route is created to my routable network on that same server that allows the VPN to happen. It seems to work fine until the pppds decide not to die, and then pptpd decides to reallocate those IPs and, apparently the old pppds confilct with the routing. If there's a better, more stable way to set this up, let me know. I just need to have definable IPs for my remote users. Thanks -Bitt PS: I'd like to point out that this is still infinitely more stable than the NT server I tried to configure to do this, which either crashed when a connection was made, or would immediately close the connection. From bdupras at bigfoot.com Thu Jun 3 14:47:48 1999 From: bdupras at bigfoot.com (Brian Dupras) Date: Thu, 03 Jun 1999 13:47:48 -0600 Subject: [pptp-server] Slightly off topic? References: Message-ID: <3756DBE4.317F2105@bigfoot.com> Hello all, thanks for allowing me to lurk and learn more about pptp. :) I've a problem that's effecting both my pptp and my ppp connections. I'm inclined to thing it's a general ppp problem. When I dial into my linux server (vanilla RH5.2) and connect via ppp, *or* when I dial into an ISP and use pptp to connect to the server, I can't seem to get the right netmask. I want the netmask to be 255.255.255.0 - pretty standard. However, no matter where I put the netmask I want, I always get 255.0.0.0 from the server. I've put "netmask 255.255.255.0" in /etc/ppp/options, and in options.tty* I've even turned off auth for the time being to troubleshoot the prblem. Ergh... Any ideas why pppd would ignore my netmask setting and use 255.0.0.0? I'm about to pull out my hair. Brian Seth Vidal wrote: > I drew this up to help explain what the tunnelled connection is doing. > > its crude but I think it good enough for the explanation > > the blue lines are internet (external network) connections > the red lines are intranet (internal network) connections > and the green lines are tunnelled connections. > > hope this helps at all. > > -sv > > > > ------------------------------------------------------------------------ > Name: pptpd.gif > pptpd.gif Type: GIF Image (IMAGE/gif) > Encoding: BASE64 From skvidal at skyrunner.net Thu Jun 3 15:31:43 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Thu, 3 Jun 1999 16:31:43 -0400 (EDT) Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: Message-ID: > Mostly win95 w/ MSDUN13.EXE installed, probably some win98, probably no > NT, definitely no linux. > > 100% idiots, though. cute. hope they don't read this mailing list. we all have them though. > I've actually never seen the CTRLs hang around, but the pppds certainly > do. > Maybe I've made some sort of logical mistake. Here's how I have it > configured: > > /etc/pptpd.conf: > > speed 115200 > localip 172.17.0.1-100 > remoteip 172.17.1.1-100 are these /24 (255.255.255.0) subnets or /16 (255.255.0.0) > So a PTP is made between those two IPs and then (magically on the remote > side) a route is created to my routable network on that same server that > allows the VPN to happen. not really magically it just adds a route for the network and proxyarp allows users to find your users on the other side proxyarp Add an entry to this system's ARP [Address Resolu? tion Protocol] table with the IP address of the peer and the Ethernet address of this system. This will have the effect of making the peer appear to other systems to be on the local ethernet. > It seems to work fine until the pppds decide > not to die, and then pptpd decides to reallocate those IPs and, apparently > the old pppds confilct with the routing. If there's a better, more stable > way to set this up, let me know. I just need to have definable IPs for my > remote users. how many users? what version of pptpd? Matt, Kevin, is pptpd ok for > 50 users. I noticed some potential leak fixes in the last changelog. Would this many users eat up the system resources? How well does it scale? Anybody know? is ppp the out of the box version or did you recompile it? -sv From skvidal at skyrunner.net Thu Jun 3 15:33:37 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Thu, 3 Jun 1999 16:33:37 -0400 (EDT) Subject: [pptp-server] Slightly off topic? In-Reply-To: <3756DBE4.317F2105@bigfoot.com> Message-ID: > Hello all, thanks for allowing me to lurk and learn more about pptp. :) > > I've a problem that's effecting both my pptp and my ppp connections. I'm > inclined to thing it's a general ppp problem. > > When I dial into my linux server (vanilla RH5.2) and connect via ppp, *or* > when I dial into an ISP and use pptp to connect to the server, I can't seem to > get the right netmask. > > I want the netmask to be 255.255.255.0 - pretty standard. However, no matter > where I put the netmask I want, I always get 255.0.0.0 from the server. > > I've put "netmask 255.255.255.0" in /etc/ppp/options, and in options.tty* > I've even turned off auth for the time being to troubleshoot the prblem. > Ergh... > Any ideas why pppd would ignore my netmask setting and use 255.0.0.0? I'm > about to pull out my hair. if the server end is setting it that way it will ignore your end. what ip range is it in? 10.x.x.x? are you running on kernel ver 2.2.X at home. do you have the auto-add routes "feature" built in? (it comes on by default on the new kernels) -sv From wfaulk at totalsports.net Thu Jun 3 16:36:01 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Thu, 3 Jun 1999 17:36:01 -0400 (EDT) Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: Message-ID: Okay, we're getting off on a tangent here, so smoke 'em if you've got 'em. On Thu, 3 Jun 1999, Seth Vidal wrote: > > > Maybe I've made some sort of logical mistake. Here's how I have it > > configured: > > > > /etc/pptpd.conf: > > > > speed 115200 > > localip 172.17.0.1-100 > > remoteip 172.17.1.1-100 > are these /24 (255.255.255.0) subnets or /16 (255.255.0.0) Hmm. Interesting question. They exist solely for the benefit of pptp. I'll get back to this in a minute. > > So a PTP is made between those two IPs and then (magically on the remote > > side) a route is created to my routable network on that same server that > > allows the VPN to happen. > not really magically it just adds a route for the network and proxyarp > allows users to find your users on the other side > > proxyarp > Add an entry to this system's ARP [Address Resolu? > tion Protocol] table with the IP address of the > peer and the Ethernet address of this system. This > will have the effect of making the peer appear to > other systems to be on the local ethernet. That's not really what I meant. The network they're connecting to via the VPN is, let's say, 192.168.128.0/23 They use the arbitrary (and unroutable) 172.17.1.(0-100)<->172.17.0.(0-100) as the connection to the pptp server and for no other reason. This assigns 172.17.1.x to the remote user, which, importantly (and obviously), is in a range that I know prior to their connection. The route to these addresses is on my local network, so any machine here can route back to the remote users vi that IP properly. Most importantly, an application server can now authorize them by IP address. There is a route created for the Point-to-Point connection, and then another one seems to be created to the network on the other side of the server. When I ran netstat -rn on the client, I did not see a route to that network, and therefore should have gone over the machine's default route, but it went over the VPN anyway. Maybe I just missed the line, but that's what I meant by magic. That, and the fact that the protocol (apparently?) inserts this by itself. I tend to like to do things by hand so I know what's going on. Proxyarp just prevents arp requests from being transmitted over that relatively-expensive VPN connection, when the server knows it just as well. Nothing to do with routing, at least not on the IP level. Let me know if I am an idiot with that. There may well be something else going on I don't understand. And I don't think that proxyarp is beneficial to this setup because I don't think anyone needs to know MAC addresses because everything is P-t-P. Right? Not that it's harmful. Also, keep in mind that all of the routing and whatnot seems to work fine until the connection goes away. If you look back at my initial ps output, you'll see that there are mulitple pppds running trying to access the same IPs. Hmmm. Now that I think about it, I assumed that the ones that were duplicating the server-side IPs were duplicating the client-side IPs as well. Now that I think about it, I don't know that that's true. I'll have to revierify that. > > It seems to work fine until the pppds decide > > not to die, and then pptpd decides to reallocate those IPs and, apparently > > the old pppds confilct with the routing. If there's a better, more stable > > way to set this up, let me know. I just need to have definable IPs for my > > remote users. > > how many users? I upped the max limit to 100 as an arbitrary number greater than 10. I probably have about 25-30 folks who need to use it, but no more than 5 or 6 have connected at a time so far. > what version of pptpd? The just-released version, PoPToP v0.8.7 > Matt, Kevin, is pptpd ok for > 50 users. I noticed some potential leak > fixes in the last changelog. Would this many users eat up the system > resources? How well does it scale? Anybody know? > > is ppp the out of the box version or did you recompile it? PPP is out ot the box, but I have had no other problems with it. At the same time, I have not pressure-tested it, but I have used it, and am, in fact, using it for another VPN underneath ssh. That's been running for days with no problem, but again, the problem seems to be in stopping. -Bitt PS: Whew... From bdupras at bigfoot.com Thu Jun 3 17:29:02 1999 From: bdupras at bigfoot.com (Brian Dupras) Date: Thu, 03 Jun 1999 16:29:02 -0600 Subject: [pptp-server] Slightly off topic? References: Message-ID: <375701AE.91EA7F3F@bigfoot.com> I guess I wasn't very descriptive about my problem. :) The ppp / pptp server is a vanila RH5.2 (kernel 2.0.36) The clients are mixed Win98 and soon RH6 The clients are set t obtain IP info automatically. The server is set to hand out 10.0.0.x for an IP and 255.255.255.0 as a netmask. The problem is that the server seems to be ignoring the netmask setting and is sending out 255.0.0.0 every time. This happens when dial in via ppp, or when I connect via pptp. Server PPP version is 2.3.5-1 Server PPTP version is 0.8.6-1 from the rpm Client currently is Win98 w/ PPTP Seth Vidal wrote: > > Hello all, thanks for allowing me to lurk and learn more about pptp. :) > > > > I've a problem that's effecting both my pptp and my ppp connections. I'm > > inclined to thing it's a general ppp problem. > > > > When I dial into my linux server (vanilla RH5.2) and connect via ppp, *or* > > when I dial into an ISP and use pptp to connect to the server, I can't seem to > > get the right netmask. > > > > I want the netmask to be 255.255.255.0 - pretty standard. However, no matter > > where I put the netmask I want, I always get 255.0.0.0 from the server. > > > > I've put "netmask 255.255.255.0" in /etc/ppp/options, and in options.tty* > > I've even turned off auth for the time being to troubleshoot the prblem. > > Ergh... > > > Any ideas why pppd would ignore my netmask setting and use 255.0.0.0? I'm > > about to pull out my hair. > > if the server end is setting it that way it will ignore your end. > > what ip range is it in? 10.x.x.x? > are you running on kernel ver 2.2.X at home. > do you have the auto-add routes "feature" built in? > (it comes on by default on the new kernels) > > -sv > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From tmk at netmagic.net Thu Jun 3 18:08:51 1999 From: tmk at netmagic.net (tmk) Date: Thu, 3 Jun 1999 16:08:51 -0700 Subject: [pptp-server] Slightly off topic? References: <375701AE.91EA7F3F@bigfoot.com> Message-ID: <002801beae16$0d8cd700$011c0fc0@lala.net> after reading the manpage for pppd, here's what i found for netmask netmask n Set the interface netmask to n, a 32 bit netmask in "decimal dot" notation (e.g. 255.255.255.0). If this option is given, the value specified is ORed with the default netmask. The default netmask is chosen based on the negotiated remote IP address; it is the appropriate network mask for the class of the remote IP address, ORed with the netmasks for any non point-to-point network interfaces in the system which are on the same network. (Note: on some platforms, pppd will always use 255.255.255.255 for the netmask, if that is the only appropriate value for a point-to-point inter- face.) so the 10.x.x.x is definitely the source of your strange netmask, and i bet you have an older version of pppd and mabye this is broken? latest is 2.3.8 and it works with kernel 2.0.36. ----- Original Message ----- From: Brian Dupras To: Sent: Thursday, June 03, 1999 3:29 PM Subject: Re: [pptp-server] Slightly off topic? > I guess I wasn't very descriptive about my problem. :) > > The ppp / pptp server is a vanila RH5.2 (kernel 2.0.36) > The clients are mixed Win98 and soon RH6 > > The clients are set t obtain IP info automatically. > The server is set to hand out 10.0.0.x for an IP and 255.255.255.0 as a netmask. > > The problem is that the server seems to be ignoring the netmask setting and is > sending out 255.0.0.0 every time. This happens when dial in via ppp, or when I > connect via pptp. > > > > Server PPP version is 2.3.5-1 > Server PPTP version is 0.8.6-1 from the rpm > Client currently is Win98 w/ PPTP > > > Seth Vidal wrote: > > > > Hello all, thanks for allowing me to lurk and learn more about pptp. :) > > > > > > I've a problem that's effecting both my pptp and my ppp connections. I'm > > > inclined to thing it's a general ppp problem. > > > > > > When I dial into my linux server (vanilla RH5.2) and connect via ppp, *or* > > > when I dial into an ISP and use pptp to connect to the server, I can't seem to > > > get the right netmask. > > > > > > I want the netmask to be 255.255.255.0 - pretty standard. However, no matter > > > where I put the netmask I want, I always get 255.0.0.0 from the server. > > > > > > I've put "netmask 255.255.255.0" in /etc/ppp/options, and in options.tty* > > > I've even turned off auth for the time being to troubleshoot the prblem. > > > Ergh... > > > > > Any ideas why pppd would ignore my netmask setting and use 255.0.0.0? I'm > > > about to pull out my hair. > > > > if the server end is setting it that way it will ignore your end. > > > > what ip range is it in? 10.x.x.x? > > are you running on kernel ver 2.2.X at home. > > do you have the auto-add routes "feature" built in? > > (it comes on by default on the new kernels) > > > > -sv > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Thu Jun 3 18:20:42 1999 From: tmk at netmagic.net (tmk) Date: Thu, 3 Jun 1999 16:20:42 -0700 Subject: [pptp-server] pptpd still not handling dropped connectionsproperly? References: Message-ID: <004f01beae17$b48ef0a0$011c0fc0@lala.net> > Matt, Kevin, is pptpd ok for > 50 users. I noticed some potential leak > fixes in the last changelog. Would this many users eat up the system > resources? How well does it scale? Anybody know? pptpd should scale really well. It simply creates a new pppd, gre, and pptpctrl process for each call, so as long as your system can handle that load, everything should be peachy. I haven't done any sort of memory usage anaylysis on any of our programs, but they seem to be fairly small. The only thing that would slow us down is that most older (2.0.x?) kernels only support 64 network devices (ie ppp?, eth0, etc) so keep that in mind. i have been planning on optimizing the ctrlpacket.c section of code to use (much) less processor power, at the expense of more memory. Is that a reasonable trade off or do we want more free memory and a heavier load on the cpu? i'm open to comments. Also, the latest versions of pptpd should have some built-in link status detection and such, so if the link goes down, it should AT LEAST kill off gre. So to Bitt, download the latest ver of pptpd and see if that solves your problem. Last thing is we don't have a really clean way to kill a pppd connection. anyone know of a way to do it? the problem is that pptpd daemonizes itself and gets a new pid, leaving us with no way to kill it. we could get the pid from the lockfile, or we might be able to use nodetach, but there must be a better way. thanks for helping out. I'm surprised to hear that our product is working better than NT. I know the win9x pptp client has real problems, but i figured NT would be better. Go opensource :) Kevin From gavinroy at nextpath.com Thu Jun 3 18:32:45 1999 From: gavinroy at nextpath.com (Gavin M. Roy) Date: Thu, 03 Jun 1999 16:32:45 -0700 Subject: [pptp-server] PPTPD Troubles Message-ID: <3757109D.C4ADC575@nextpath.com> Hello, I looked through the archives, and the docs, but was unable to figure this out so... :) I am trying to get PPTPD to work as a PPTP server on my Slackware box. I have compiled successfully, PPP is included in my kernel, and I have copied the default configuration files over, and modified the IP addresses. Im sorry if I am an idiot, but just to make sure what is the context of the localip and remoteip settings? Is localip the ip addrs to assign to the vpn client? and is remoteip the ipaddrs of allowable vpn clients trying to get in? I am getting an Error #629 in the Win98 client. Any suggestions? Thanks in advance, Gavin From tmk at netmagic.net Thu Jun 3 18:32:33 1999 From: tmk at netmagic.net (tmk) Date: Thu, 3 Jun 1999 16:32:33 -0700 Subject: [pptp-server] PPTPD Troubles References: <3757109D.C4ADC575@nextpath.com> Message-ID: <007801beae19$5c5a74c0$011c0fc0@lala.net> local ip is the ip the client will have on the "private" network(usually the same as the linux box), remote ip is the address the client thinks it has. what is err 629 (ie the words that go with it) Kevin ----- Original Message ----- From: Gavin M. Roy To: Sent: Thursday, June 03, 1999 4:32 PM Subject: [pptp-server] PPTPD Troubles > Hello, I looked through the archives, and the docs, but was unable to > figure this out so... :) > > I am trying to get PPTPD to work as a PPTP server on my Slackware box. > I have compiled successfully, PPP is included in my kernel, and I have > copied the default configuration files over, and modified the IP > addresses. Im sorry if I am an idiot, but just to make sure what is the > context of the localip and remoteip settings? Is localip the ip addrs > to assign to the vpn client? and is remoteip the ipaddrs of allowable > vpn clients trying to get in? > > I am getting an Error #629 in the Win98 client. > > Any suggestions? > > Thanks in advance, > > Gavin > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From wfaulk at totalsports.net Thu Jun 3 18:51:17 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Thu, 3 Jun 1999 19:51:17 -0400 (EDT) Subject: [pptp-server] pptpd still not handling dropped connectionsproperly? In-Reply-To: <004f01beae17$b48ef0a0$011c0fc0@lala.net> Message-ID: On Thu, 3 Jun 1999, tmk wrote: > > Also, the latest versions of pptpd should have some built-in link status > detection and such, so if the link goes down, it should AT LEAST kill off > gre. So to Bitt, download the latest ver of pptpd and see if that solves > your problem. I'm running v0.8.7 already. > Last thing is we don't have a really clean way to kill a pppd connection. > anyone know of a way to do it? the problem is that pptpd daemonizes itself > and gets a new pid, leaving us with no way to kill it. we could get the pid > from the lockfile, or we might be able to use nodetach, but there must be a > better way. I would be inclined to use nodetach. I haven't really delved into your code, but there's another guy out there who has some info on a non-standards-based VPN that runs pppd over an ssh connection. He uses a home-grown program called pty-redir to grab both ends of a pseudo-terminal, and you guys might find that code useful, or not. Also, it doesn't work at all under (at least) Solaris, due to some differences in pty implementation. (http://metalab.unc.edu/mdw/HOWTO/mini/VPN.html) Also, I'm sure you're aware that pppd writes its pid in /var/run/ppp?.pid under linux, and that you can't figure a clean way to grab the right one, but, then again, maybe that was the one piece of informtaion you needed. > thanks for helping out. I'm surprised to hear that our product is working > better than NT. I know the win9x pptp client has real problems, but i > figured NT would be better. Go opensource :) _Been_ opensource. If I had more time, I'd be helping more than just submitting bug reports. And nothing about NT not working properly surprises me. -Bitt From matthewr at moreton.com.au Thu Jun 3 19:49:58 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Fri, 04 Jun 1999 00:49:58 +0000 Subject: [pptp-server] v0.8.8 released Message-ID: <375722B6.B2C408E9@moreton.com.au> Hiya all, PoPToP v0.8.8 has been released! Download here: http://www.moretonbay.com/vpn/pptp.html Mainly a bug/portability/resource fix release.. see changelog below. Cheers, Matt. Hackers ChangeLog: v0.8.7 -> v0.8.8 4th June, 1999 - increased MAX number of clients to 100 - layout and comments have been tidied up extensively throughout code - new function in ctrlpacket.c for making Control Message headers - openBSD fixes - many other minor bug fixes - some portability issues addressed - accept() moved into pptpmanager. - pptpmanager closes one side of socketpair server fd and passes client fd other side of socketpair to pptpctrl. - pptpmanager main loop changed to select without timeout and made to watch ALL appropriate file descriptors. - also made resiliant against some potential error modes, eg, if we are full don't select on new connections descriptor, if accept() fails ignore it cleanly, etc. - should be more 'resource friendly' now. - Make error state filename instead of just CONFIG FILE: file not found. - Limit packet size to PACKET_MAX instead of permitting 4 more if no ACK is bundled (for consistency of packet size limit). From Peter.Galbavy at knowledge.com Fri Jun 4 03:44:33 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Fri, 4 Jun 1999 09:44:33 +0100 Subject: [pptp-server] v0.8.8 released In-Reply-To: <375722B6.B2C408E9@moreton.com.au>; from Matthew Ramsay on Fri, Jun 04, 1999 at 12:49:58AM +0000 References: <375722B6.B2C408E9@moreton.com.au> Message-ID: <19990604094432.C5021@office.knowledge.com> On Fri, Jun 04, 1999 at 12:49:58AM +0000, Matthew Ramsay wrote: > - openBSD fixes But don;t try it yet - it will not work. There are a few more changes/test I have to get through before I will say it is even alpha for OpenBSD. If anyone using any other BSD would like to get involved, please do so :) -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From root at diva.scl.co.uk Fri Jun 4 06:56:42 1999 From: root at diva.scl.co.uk (root) Date: Fri, 4 Jun 1999 12:56:42 +0100 Subject: [pptp-server] Nearly there... Message-ID: <199906041156.MAA00788@diva.scl.co.uk> Hi I'm having fun with pptpd and pptp-linux-1.0.2 client. I don't know which end is the problem but what is particularly frustrating is that I *had* this going. I then *must* have changed something and despite starting over and reinstalling everything from scratch, I can't get back to where I was! I had it going with pptpd 0.8.4. I then tried 0.8.7 and from that point on I've been getting nowhere. It didn't particularly surprise me that 0.8.7 didn't work because I had to hack autoconf to get it to build at all, so I've reverted to 0.8.4 but get the same problem! The client reports: warn[open_unixsock:pptp_callmgr.c:308]: Call manager for 192.168.1.5 is already running. fatal[callmgr_main:pptp_callmgr.c:124]: Could not open unix socket for 192.168.1.5 fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256 and in the pptpd log (this is 0.8.4) I get: [12:43:02 04/06/99] PPTPD says 'Hello!' [12:43:02 04/06/99] PPTPD CTRL->PPTPD Pipe file descriptor [0] = 4 [12:43:02 04/06/99] PPTPD CTRL->PPTPD Pipe file descriptor [1] = 5 [12:43:02 04/06/99] PPTPD Manager: waiting for CTRL session to get a new connection [12:43:02 04/06/99] PPTPD About to execute the CTRL binary... [12:43:02 04/06/99] PPTPD CTRL: debuglevel=1, loggiven=1 [12:43:02 04/06/99] PPTPD CTRL: argv[0]=4, argv[1]=5 [12:43:02 04/06/99] PPTPD CTRL: loggiven=1, logstr=/var/log/pptpd [12:43:02 04/06/99] PPTPD CTRL: CTRL connection listening on port 1723 Here is where I try to connect with the client: [12:44:51 04/06/99] PPTPD ***** ctrl_message BYTE DUMP: ffff [12:44:51 04/06/99] PPTPD Waiting for IP address of the connecting client to be sent to us [12:44:51 04/06/99] PPTPD ***** IP address of client we got from the CTRL binary BYTE DUMP: c0a80101 and thats all - pptpd does not spawn a pppd. However, if I now try the client for a second time, I get exactly the same response from the client, but this time pptpd does spawn a pppd: [12:59:04 04/06/99] PPTPD ***** CALL_ID for this session BYTE DUMP: ffff [12:59:04 04/06/99] PPTPD ttydev = /dev/ttya0 [12:59:04 04/06/99] PPTPD Waiting for the child to terminate [12:59:04 04/06/99] PPTPD launching PPPD... [12:59:04 04/06/99] PPTPD Using pppd option file = /etc/ppp/pptpd-options [12:59:04 04/06/99] PPTPD PPPD: Connection speed = 115200 [12:59:04 04/06/99] PPTPD local=192.168.1.50, remote=192.168.1.40 [12:59:04 04/06/99] PPTPD PPPD: PPP local/remote interface IP addresses = 192.168.1.50:192.168.1.40 [12:59:05 04/06/99] PPTPD Launching GRE connection server.. [12:59:05 04/06/99] PPTPD Entering GRE dispatch loop [12:59:05 04/06/99] PPTPD Closing IP connection... [12:59:05 04/06/99] PPTPD Closing PTY_FD... [12:59:05 04/06/99] PPTPD GRE connection finished.. [12:59:05 04/06/99] PPTPD Manager: waiting for CTRL session to get a new connection [12:59:05 04/06/99] PPTPD ***** ctrl_message BYTE DUMP: c0a8 [12:59:05 04/06/99] PPTPD Manager: communication failure with CTRL session [12:59:05 04/06/99] PPTPD Manager: waiting for CTRL session to get a new connection [12:59:05 04/06/99] PPTPD ***** ctrl_message BYTE DUMP: 0101 [12:59:05 04/06/99] PPTPD Manager: communication failure with CTRL session [12:59:05 04/06/99] PPTPD Manager: waiting for CTRL session to get a new connect which eventually timesout because the client has died: Jun 4 12:59:05 masq pppd[616]: pppd 2.3.5 started by root, uid 0 Jun 4 12:59:05 masq pppd[616]: Using interface ppp0 Jun 4 12:59:05 masq pppd[616]: Connect: ppp0 <--> /dev/ttya0 Jun 4 12:59:35 masq pppd[616]: LCP: timeout sending Config-Requests Jun 4 12:59:35 masq pppd[616]: Connection terminated. Any ideas? TIA John Sutton From skvidal at skyrunner.net Fri Jun 4 07:56:50 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Fri, 4 Jun 1999 08:56:50 -0400 (EDT) Subject: [pptp-server] Nearly there... In-Reply-To: <199906041156.MAA00788@diva.scl.co.uk> Message-ID: > warn[open_unixsock:pptp_callmgr.c:308]: Call manager for 192.168.1.5 is already running. > fatal[callmgr_main:pptp_callmgr.c:124]: Could not open unix socket for 192.168.1.5 > fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256 > yep. go to /var/run/pptp/ and look for a socket named =192.168.1.5 remove it and try it again. I had the same problem before. if you look through the source you can see where it writes this file. -sv From luyer at ucs.uwa.edu.au Fri Jun 4 08:09:12 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri, 04 Jun 1999 21:09:12 +0800 Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: Your message of "Thu, 03 Jun 1999 16:31:43 -0400." Message-ID: <199906041309.VAA25376@typhaon.ucs.uwa.edu.au> > Matt, Kevin, is pptpd ok for > 50 users. I noticed some potential leak > fixes in the last changelog. Would this many users eat up the system > resources? How well does it scale? Anybody know? I'd expect it to handle about 100 just fine, but not 200 yet. Next week I'll try and make it to the point where it can theoretically do 200 on a pretty standard kernel. Each connection requires 3 processes (GRE, PPTP Ctrl, pppd). I hope to make this 2 processes some time next week (put the GRE and Ctrl into the one event loop/process - not trivial, but definitely doable). Default Linux limit is 512 processes, but this can safely be increased to around 4000 by just increasing a constant in the kernel. The next limit you'll hit is the file descriptor limit. The manager process needs 1 file descriptor per child. Default Linux limit is 256. This can be relatively painlessly (with kernel patching) expanded to 1024 and painfully (with kernel patching and re-compilation of programs and libraries) expanded to 3072 and beyond. David. From luyer at ucs.uwa.edu.au Fri Jun 4 08:14:34 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri, 04 Jun 1999 21:14:34 +0800 Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: Your message of "Thu, 03 Jun 1999 15:15:06 -0400." Message-ID: <199906041314.VAA25438@typhaon.ucs.uwa.edu.au> > you'll definitely want proxyarp in there but other than that you're ok. Unless you're advertising routes for the new addresses rather than proxy arping for them (which is how I'm doing things). At present I'm using a highly hacked routed, but I hope to move to using zebra, if I can't then I'll move to gated. BTW - I'm using an erpcd-enabled ppp-daemon (local patch), pptpd and a modified routed to do reverse VPN - on-campus or resident college users connect to the PPTP server with their dialup username and password and then default route through it, allowing us to do traffic accounting and assign privileges as per normal (all staff/students here have static IP addresses for dialup). Using PAP authentication and having the (modified) PPPd allocate the IP addresses - not concerned about the security since the access is considered to be over a secured network. It seems to work, but I haven't moved a large number of users on to it yet due to some issues with the routed. Some changes I have planned are to work a bit more on resource issues and possibly to add TCP wrapper support, among other things. David. From skvidal at skyrunner.net Fri Jun 4 08:20:49 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Fri, 4 Jun 1999 09:20:49 -0400 (EDT) Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: <199906041314.VAA25438@typhaon.ucs.uwa.edu.au> Message-ID: > Unless you're advertising routes for the new addresses rather than proxy > arping for them (which is how I'm doing things). At present I'm using > a highly hacked routed, but I hope to move to using zebra, if I can't then > I'll move to gated. have you looked at mrtd (its a routing daemon for linux and others) http://www.mrtd.net/ > BTW - I'm using an erpcd-enabled ppp-daemon (local patch), pptpd and a > modified routed to do reverse VPN reverse vpn? Exactly how do you reverse a vpn? if you mean by using the vpn as your defaultroute so it can keep track of accesses thats one thing but what could/would a "Reverse" vpn do? (be an npv) > with the routed. what issues? -sv From Jim at Morris.net Fri Jun 4 08:54:41 1999 From: Jim at Morris.net (Jim Morris) Date: Fri, 4 Jun 1999 08:54:41 -0500 Subject: [pptp-server] Setting up a true VPN Message-ID: <1371.990604@Morris.net> Hi All, I will have the need by month end to implement a true VPN between two offices - one in Atlanta, and one in Orlando. I've got a lot of options here, including going with Frame relay, and setting it up as a true WAN. But my first preference is to setup an actual VPN across the Internet. Most of what needs to go across this (hopefully encrypted) tunnel is maybe email, and most importantly, TCP/IP client connections to an AS/400 on the other end of the link, using IBM's Client Access. And using pptpd or something similar only seems to make sense, since I will have both offices setup using diald and IP masquerading to have Internet access via cheap 56K dialup. I've gotten this to work from my home office, using the Win98 PPTPD/VPN adapter, connecting to the existing office in Atlanta. I use the dynip.com service to associate a known DNS name with the Linux network server that dials in. I guess my question is, is using pptpd on the Atlanta server, and the pptp client for Linux the way to go with this? Will I be able to setup routes such that the machines on each LAN can see the machines on the other LAN, with the PPTP connection between the two Linux boxes? From skvidal at skyrunner.net Fri Jun 4 09:10:24 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Fri, 4 Jun 1999 10:10:24 -0400 (EDT) Subject: [pptp-server] Setting up a true VPN In-Reply-To: <1371.990604@Morris.net> Message-ID: > I will have the need by month end to implement a true VPN between two > offices - one in Atlanta, and one in Orlando. I've got a lot of > options here, including going with Frame relay, and setting it up as a > true WAN. But my first preference is to setup an actual VPN across > the Internet. Most of what needs to go across this (hopefully > encrypted) tunnel is maybe email, and most importantly, TCP/IP client > connections to an AS/400 on the other end of the link, using IBM's > Client Access. And using pptpd or something similar only seems to > make sense, since I will have both offices setup using diald and IP > masquerading to have Internet access via cheap 56K dialup. > > I've gotten this to work from my home office, using the Win98 > PPTPD/VPN adapter, connecting to the existing office in Atlanta. I > use the dynip.com service to associate a known DNS name with the Linux > network server that dials in. > > I guess my question is, is using pptpd on the Atlanta server, and the > pptp client for Linux the way to go with this? Will I be able to > setup routes such that the machines on each LAN can see the machines > on the other LAN, with the PPTP connection between the two Linux > boxes? > > >From my home Linux server, I've tried using stuff like tunneling with > pppd over an encrypted ssh connection (as described in the Linux VPN > Mini HOWTO) - and found that I was lucky to get 9600bps throughput > going that route. I tried the TCP/IP tunnel module in the Linux > kernel, and with the lack of documentation, was never able to get that > to work at all. I've not tried pptp-client yet, and though I would > ask this list first. > if you're going from linux-box to linux-box check out cipe or vpnd they both support encryption and pptpd does not, as yet, support it. -sv From klawson at dementia.dynip.com Fri Jun 4 11:17:31 1999 From: klawson at dementia.dynip.com (Keith Lawson) Date: Fri, 4 Jun 1999 11:17:31 -0500 (EST) Subject: [pptp-server] Setting up a true VPN In-Reply-To: Message-ID: > if you're going from linux-box to linux-box check out cipe or vpnd > > they both support encryption and pptpd does not, as yet, support it. > > -sv > Sorry for the ignorance here but if I have a connection from a win95/98 machine to a Linux PPTP server that data is then encrypted is is not?? 40-bit encryption? Keith. From skvidal at skyrunner.net Fri Jun 4 10:21:30 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Fri, 4 Jun 1999 11:21:30 -0400 (EDT) Subject: [pptp-server] Setting up a true VPN In-Reply-To: Message-ID: > > > > they both support encryption and pptpd does not, as yet, support it. > > > > -sv > > > > Sorry for the ignorance here but if I have a connection from a win95/98 > machine to a Linux PPTP server that data is then encrypted is is not?? > 40-bit encryption? no encryption on the pptp server end. so no encryption -sv From wfaulk at totalsports.net Fri Jun 4 14:02:44 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Fri, 4 Jun 1999 15:02:44 -0400 (EDT) Subject: [pptp-server] Trivial yet major bug Message-ID: The config file is never really read in: *** configfile.c Fri Jun 4 15:00:15 1999 --- configfile.c.orig Fri Jun 4 15:02:12 1999 *************** *** 58,64 **** buffer[len - 1] = '\0'; /* short-circuit comments */ ! if(buffer[0] == '#') continue; /* check if it's what we want */ --- 58,64 ---- buffer[len - 1] = '\0'; /* short-circuit comments */ ! if(buffer[0] = '#') continue; /* check if it's what we want */ Oops. -Bitt From luyer at ucs.uwa.edu.au Sat Jun 5 01:00:42 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sat, 05 Jun 1999 14:00:42 +0800 Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: Your message of "Fri, 04 Jun 1999 09:20:49 -0400." Message-ID: <199906050600.OAA29501@typhaon.ucs.uwa.edu.au> > have you looked at mrtd (its a routing daemon for linux and others) > http://www.mrtd.net/ Will look. > > BTW - I'm using an erpcd-enabled ppp-daemon (local patch), pptpd and a > > modified routed to do reverse VPN > reverse vpn? Exactly how do you reverse a vpn? if you mean by using the vpn > as your defaultroute so it can keep track of accesses thats one thing but > what could/would a "Reverse" vpn do? (be an npv) Well, it's the reverse in that people are connecting over a trusted network in order to default route through the VPN, and using an insecure (PAP) authentication protocol in the process - basically the opposite of verything VPN is about. > > with the routed. > what issues? Well, I made the PPP interfaces passive and forced it to scan for new interfaces with minor changes, but making it drop old interfaces looks harder. David. From luyer at ucs.uwa.edu.au Sat Jun 5 01:05:36 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sat, 05 Jun 1999 14:05:36 +0800 Subject: [pptp-server] Trivial yet major bug In-Reply-To: Your message of "Fri, 04 Jun 1999 15:02:44 -0400." Message-ID: <199906050605.OAA29555@typhaon.ucs.uwa.edu.au> > The config file is never really read in: > ! if(buffer[0] == '#') > ! if(buffer[0] = '#') Oops, sorry, embarrassing :-( I noticed buggy code commented out (if(buffer[0] = "#")) and fixed the obvious " should have been ' but missed the other problem. Fixed now in CVS. Maybe we should try to get it compiling with -Wall which picks up things like this. David. From Peter.Galbavy at knowledge.com Sat Jun 5 02:46:58 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Sat, 5 Jun 1999 08:46:58 +0100 Subject: [pptp-server] Trivial yet major bug In-Reply-To: <199906050605.OAA29555@typhaon.ucs.uwa.edu.au>; from David Luyer on Sat, Jun 05, 1999 at 02:05:36PM +0800 References: <199906050605.OAA29555@typhaon.ucs.uwa.edu.au> Message-ID: <19990605084658.A18159@office.knowledge.com> On Sat, Jun 05, 1999 at 02:05:36PM +0800, David Luyer wrote: > Oops, sorry, embarrassing :-( I noticed buggy code commented out > (if(buffer[0] = "#")) and fixed the obvious " should have been ' but missed > the other problem. Fixed now in CVS. Maybe we should try to get it compiling > with -Wall which picks up things like this. Can I recommend -Wall -Werror -Wmissing-prototypes ? Regards, -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From luyer at ucs.uwa.edu.au Sat Jun 5 03:08:20 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sat, 05 Jun 1999 16:08:20 +0800 Subject: [pptp-server] Trivial yet major bug In-Reply-To: Your message of "Sat, 05 Jun 1999 08:46:58 +0100." <19990605084658.A18159@office.knowledge.com> Message-ID: <199906050808.QAA01081@typhaon.ucs.uwa.edu.au> > Can I recommend -Wall -Werror -Wmissing-prototypes ? I chose -Wall -ansi -pedantic and the current CVS under Linux is now cleanly compiling with that. David. From Peter.Galbavy at knowledge.com Sat Jun 5 03:22:19 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Sat, 5 Jun 1999 09:22:19 +0100 Subject: [pptp-server] Trivial yet major bug In-Reply-To: <199906050808.QAA01081@typhaon.ucs.uwa.edu.au>; from David Luyer on Sat, Jun 05, 1999 at 04:08:20PM +0800 References: <19990605084658.A18159@office.knowledge.com> <199906050808.QAA01081@typhaon.ucs.uwa.edu.au> Message-ID: <19990605092219.A9519@office.knowledge.com> On Sat, Jun 05, 1999 at 04:08:20PM +0800, David Luyer wrote: > > Can I recommend -Wall -Werror -Wmissing-prototypes ? > > I chose -Wall -ansi -pedantic and the current CVS under Linux is now cleanly > compiling with that. I found the compile message later, but (wait for this!), under OpenBSD -ansi causes me problems with the macros that contribute to htons(). Rather than start on getting the header files changed to check for __STRICT_ANSI__ at this stage (later maybe), I have pulled -ansi out of my Makefile.am. I notice it is commented out anyway. My Makefile.am reads: CFLAGS = -Wall -Wmissing-prototypes -pedantic -Werror and I will work through the code with that this morning. Can a Makefile.am have conditional logic in it ? Regards, -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From Peter.Galbavy at knowledge.com Sat Jun 5 03:25:29 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Sat, 5 Jun 1999 09:25:29 +0100 Subject: [pptp-server] Trivial yet major bug In-Reply-To: <19990605092219.A9519@office.knowledge.com>; from Peter Galbavy on Sat, Jun 05, 1999 at 09:22:19AM +0100 References: <19990605084658.A18159@office.knowledge.com> <199906050808.QAA01081@typhaon.ucs.uwa.edu.au> <19990605092219.A9519@office.knowledge.com> Message-ID: <19990605092529.A1517@office.knowledge.com> On Sat, Jun 05, 1999 at 09:22:19AM +0100, Peter Galbavy wrote: > CFLAGS = -Wall -Wmissing-prototypes -pedantic -Werror Which should of course have read... CFLAGS = -Wall -Wmissing-prototypes -ansi -Werror -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From Peter.Galbavy at knowledge.com Sat Jun 5 03:36:23 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Sat, 5 Jun 1999 09:36:23 +0100 Subject: [pptp-server] prototypes... Message-ID: <19990605093623.A7176@office.knowledge.com> This is unlikely to make any *real* difference, but I noticed that a number of prototypes are declared in the .c files under the comment /* local function prototypes */. To allow the compiler to be our friend, I am goind to do a couple of things this morning; 1. Make *all* "local" functions static 2. Depending on the results of this (I can only check the OpenBSD compile at this time) I will move prototypes into .h files as appropriate. (Just notices that launch_ppp() was declared but never defined or used in pptpmanager.c - legacy I guess, but still...) Regards, -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From luyer at ucs.uwa.edu.au Sat Jun 5 04:18:31 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sat, 05 Jun 1999 17:18:31 +0800 Subject: [pptp-server] Trivial yet major bug In-Reply-To: Your message of "Sat, 05 Jun 1999 09:22:19 +0100." <19990605092219.A9519@office.knowledge.com> Message-ID: <199906050918.RAA01715@typhaon.ucs.uwa.edu.au> > I found the compile message later, but (wait for this!), under OpenBSD > -ansi causes me problems with the macros that contribute to htons(). Annoying. Keeping ansi-clean code is really good for portability to platforms without needing gcc (eg, on OSF/1, IRIX or Solaris without gcc). I'll put in the "static" on all the things -Wmissing-prototypes picks up (if you haven't already). > Can a Makefile.am have conditional logic in it ? From Peter.Galbavy at knowledge.com Sat Jun 5 04:22:34 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Sat, 5 Jun 1999 10:22:34 +0100 Subject: [pptp-server] Trivial yet major bug In-Reply-To: <199906050918.RAA01715@typhaon.ucs.uwa.edu.au>; from David Luyer on Sat, Jun 05, 1999 at 05:18:31PM +0800 References: <19990605092219.A9519@office.knowledge.com> <199906050918.RAA01715@typhaon.ucs.uwa.edu.au> Message-ID: <19990605102234.A3009@office.knowledge.com> On Sat, Jun 05, 1999 at 05:18:31PM +0800, David Luyer wrote: > Annoying. Keeping ansi-clean code is really good for portability to platforms > without needing gcc (eg, on OSF/1, IRIX or Solaris without gcc). as I mentioned in my follow up - or at least hinted - it was the -pendantic tht got me. -ansi is fine. ... > So it can be taught to do so, and could be made to -Wall -ansi -pedantic > under Linux gcc and do whatever is appropriate on other platforms. Don't > know how though, since I haven't used automake in any other projects. We will need that so hide the gcc specific options at some point. I will read up. Regards, -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From Peter.Galbavy at knowledge.com Sat Jun 5 04:37:42 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Sat, 5 Jun 1999 10:37:42 +0100 Subject: [pptp-server] linux question... Message-ID: <19990605103742.B7061@office.knowledge.com> I am not (yet) a linux developer and my reference Linux box (aka my girlfriend's) is off ari at the moment, so a question to the linux folks: Is setproctitle() a normal function, as the functionality provided by the initstr() code is already there in many OSes through setproctitle(). I defined a test for it some time back in configure.in, but I am wary of making the chande since it may stop the Linux folks working. If "man setproctitle" gives back a function like: void setproctitle(const char *fmt, ...); then I will go ahead... Regards, -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From luyer at ucs.uwa.edu.au Sat Jun 5 05:06:11 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sat, 05 Jun 1999 18:06:11 +0800 Subject: [pptp-server] linux question... In-Reply-To: Your message of "Sat, 05 Jun 1999 10:37:42 +0100." <19990605103742.B7061@office.knowledge.com> Message-ID: <199906051006.SAA03072@typhaon.ucs.uwa.edu.au> > Is setproctitle() a normal function, as the functionality provided by > the initstr() code is already there in many OSes through > setproctitle(). setproctitle() is missing under Linux, at least it is under mine (which is an extremely recent glibc-2.1), and I don't know that it's ever been there. I think you should wrap inststr with a check of HAVE_SETPROCTITLE and only use it in the case it's missing (ie, Linux). David. From luyer at ucs.uwa.edu.au Sat Jun 5 06:51:57 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sat, 05 Jun 1999 19:51:57 +0800 Subject: [pptp-server] pptpd still not handling dropped connections properly? In-Reply-To: Your message of "Fri, 04 Jun 1999 09:20:49 -0400." Message-ID: <199906051151.TAA04236@typhaon.ucs.uwa.edu.au> > have you looked at mrtd (its a routing daemon for linux and others) > http://www.mrtd.net/ RIPv1 is 'long term todo', and it seems to be from merit (the same people gated was from - and the problems with gated, licensing, code quality, etc mean that I think that's a good enough reason to discount it entirely). zebra is GPL and much cooler/better, and supports RIPv1 (didn't actually work when I downloaded it but was very little work to fix). However interface rescanning is not supported :-( Looks like modifying routed further is the only easy option. David. From john at scl.co.uk Fri Jun 4 14:12:52 1999 From: john at scl.co.uk (John Sutton) Date: Fri, 04 Jun 1999 20:12:52 +0100 Subject: [pptp-server] Errors 650 629 645 Message-ID: <2.2.16.19990604191252.3037a6a8@mail.scl.co.uk> Has anyone got a solution to this hideous problem? It runs as follows: kernel 2.0.36 pptpd 0.8.7 pppd 2.3.7 Win95 + DUN 1.3 (get the latter from: http://www.microsoft.com/ntserver/nts/downloads/recommended/dun13win95/dun13sites.asp I had very little success at all before I installed this.) First case is where the PPTP connection is over a LAN. Using the Microsoft VPN adapter, the first time you attempt to connect you get: Error 650: The computer you're dialling in to does not respond to a network request. If you immediately try again, you get: Error 629: You have been disconnected from the computer you dialled. And you get this repeatedly. Examination of the pptpd debug log would seem to indicate that the client makes absolutely no attempt to reconnect to the server. Guessing here (and what else can you do with Windows?), it appears that the client notices that the socket which it established on the first attempt is still ESTABLISHED and so announces just the opposite - "You have been disconnected..." - classic stuff really. The "solution" is to kill the pppd after you've got the 650 and then retry. This works providing you retry *before* the connection to port 1723 timesout. If you leave it too long, you'll be back at the 650 stage or stuck in permanent 629 state which can only be resolved with a reboot... Well, after many hours of testing, that's my best effort at a description of the situation. Second case is when the PPTP connection is over a dialup. In this case instead of the 650 you get a 645: Error 645: The Microsoft Dial-Up Adapter is in use or not responding properly. On retrying you get the 629 as before. But the so-called "solution" above does not work in this case. I can't get it to work at all... Here is the log from the LAN case: PPTPD [1515]: dots=192 168 2 30-33 PPTPD [1515]: dots=192 168 2 40-43 PPTPD [1515]: Manager Started PPTPD [1520]: launching PPTPCTRL... PPTPD [1520]: CTRL: I got a valid PPTP packet with control type 1 PPTPD [1520]: CTRL: I've made a suitable START_CTRL_CONN_RPLY.. PPTPD [1520]: CTRL: I wrote 156 bytes to the client. PPTPD [1520]: CTRL: sent packet to client PPTPD [1520]: MSG TYPE READ = 1, stat2 (send) = 156 PPTPD [1520]: CTRL: I got a valid PPTP packet with control type 7 PPTPD [1520]: CTRL: I've made a suitable OUT_CALL_RPLY.. PPTPD [1520]: CTRL: I wrote 32 bytes to the client. PPTPD [1520]: CTRL: sent packet to client PPTPD [1520]: CTRL: permission to launch pppd/gre granted PPTPD [1520]: MSG TYPE READ = 7, stat2 (send) = 32 PPTPD [1521]: CTRL: Calling startCall PPTPD [1521]: CTRL: ttydev = /dev/ttya0 PPTPD [1522]: launching PPPD... PPTPD [1523]: CTRL: pty_fd = 10 PPTPD [1523]: CTRL: ctrl_gre_fd = 8, 9 PPTPD [1523]: CTRL: callid = 0x0000 PPTPD [1523]: CTRL: inet_addr = 0xc0a80101 PPTPD [1523]: Launcher: ptyfd=10 PPTPD [1523]: Launcher: fd1=8 PPTPD [1523]: Launcher: fd2=9 PPTPD [1523]: GRE manager running PPTPD [1523]: GRE: ctrl_gre_fd = 8, 9 PPTPD [1523]: GRE: ptyfd = 10 PPTPD [1523]: Entering GRE dispatch loop pppd[1527]: sent [LCP ConfReq id=0x1 ] PPTPD [1523]: Closing IP connection... PPTPD [1523]: Closing PTY_FD... [ Is this the problem (above)? The IP connection has been closed before the pppd dialog has had a chance? ] pppd[1527]: sent [LCP ConfReq id=0x1 ] last message repeated 8 times PPTPD [1520]: CTRL: I got a valid PPTP packet with control type 12 PPTPD [1520]: CTRL: I've made a suitable CALL DISCONNECT reply packet.. PPTPD [1520]: CTRL: I wrote 148 bytes to the client. PPTPD [1520]: CTRL: sent packet to client PPTPD [1520]: We have told the client we r disconnecting... PPTPD [1520]: MSG TYPE READ = 12, stat2 (send) = 148 PPTPD [1520]: CTRL: this CTRL session finished... PPTPD [1520]: CTRL: manger has been informed of our death [ Here is where I kill the outstanding pppd and retry ] PPTPD [1529]: launching PPTPCTRL... PPTPD [1529]: CTRL: I got a valid PPTP packet with control type 1 PPTPD [1529]: CTRL: I've made a suitable START_CTRL_CONN_RPLY.. PPTPD [1529]: CTRL: I wrote 156 bytes to the client. PPTPD [1529]: CTRL: sent packet to client PPTPD [1529]: MSG TYPE READ = 1, stat2 (send) = 156 PPTPD [1529]: CTRL: I got a valid PPTP packet with control type 7 PPTPD [1529]: CTRL: I've made a suitable OUT_CALL_RPLY.. PPTPD [1529]: CTRL: I wrote 32 bytes to the client. PPTPD [1529]: CTRL: sent packet to client PPTPD [1529]: CTRL: permission to launch pppd/gre granted PPTPD [1529]: MSG TYPE READ = 7, stat2 (send) = 32 PPTPD [1530]: CTRL: Calling startCall PPTPD [1530]: CTRL: ttydev = /dev/ttya0 PPTPD [1531]: launching PPPD... PPTPD [1532]: CTRL: pty_fd = 11 PPTPD [1532]: CTRL: ctrl_gre_fd = 9, 10 PPTPD [1532]: CTRL: callid = 0x0000 PPTPD [1532]: CTRL: inet_addr = 0xc0a80101 PPTPD [1532]: Launcher: ptyfd=11 PPTPD [1532]: Launcher: fd1=9 PPTPD [1532]: Launcher: fd2=10 PPTPD [1532]: GRE manager running pppd[1533]: sent [LCP ConfReq id=0x1 ] pppd[1533]: rcvd [LCP ConfAck id=0x1 ] So now it's talking. Is all of this peculiar to Win95 and fixable by changing to Win98? TIA John Sutton *************************************************** John Sutton SCL Computer Services URL http://www.scl.co.uk/ Tel. +44 (0) 1239 621021 *************************************************** From luyer at ucs.uwa.edu.au Sun Jun 6 01:57:11 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun, 06 Jun 1999 14:57:11 +0800 Subject: [pptp-server] Errors 650 629 645 In-Reply-To: Your message of "Fri, 04 Jun 1999 20:12:52 +0100." <2.2.16.19990604191252.3037a6a8@mail.scl.co.uk> Message-ID: <199906060657.OAA15517@typhaon.ucs.uwa.edu.au> Please try using the latest CVS version. I fixed a rather serious bug in there with the pppd's hanging around after other stuff is gone (since file descriptors weren't being closed before exec'ing the pppd, this included keeping open a copy of the network socket, both halves of the pty/tty pair, a socketpair intended for communication between some other processes and so on). This could quite possibly solve your problem. David. From luyer at ucs.uwa.edu.au Sun Jun 6 04:14:43 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun, 06 Jun 1999 17:14:43 +0800 Subject: [pptp-server] New feature: libwrap support Message-ID: <199906060914.RAA28997@typhaon.ucs.uwa.edu.au> I've put optional libwrap (tcp_wrappers) support into the cvs. Run configure with --with-libwrap if you want it, and then configure access control as per normal for tcp_wrappers, in /etc/hosts.allow and /etc/hosts.deny (or elsewhere if you have a strange libwrap). Also, the latest CVS contains the fix I mentioned earlier for making sure the pppd's die when they should. David. From luyer at ucs.uwa.edu.au Sun Jun 6 06:16:35 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun, 06 Jun 1999 19:16:35 +0800 Subject: [pptp-server] Big changes... no more separate GRE process Message-ID: <199906061116.TAA02354@typhaon.ucs.uwa.edu.au> I've merged the GRE and CTRL event loops, which should mean a significant improvement in the number of clients which can be simultaneously handled (instead of launching 3 processes [GRE,CTRL,pppd] per client it is now only two [CTRL,pppd]). So, I'd like to hear if I've introduced any new problems. David. From john at scl.co.uk Sat Jun 5 11:05:12 1999 From: john at scl.co.uk (John Sutton) Date: Sat, 05 Jun 1999 17:05:12 +0100 Subject: [pptp-server] Errors 650 629 645 Message-ID: <2.2.16.19990605160512.3467db84@mail.scl.co.uk> Hi David I've downloaded and built the latest CVS 0.8.9pre and things are looking up! Unfortunately the connection over a dialup (which is of course the one I'm interested in ;-) is still not working ;-( Here are the results. Clean boot client, LAN connection: Jun 6 13:59:18 masq PPTPD [4189]: starting PPTPCTRL to handle client Jun 6 13:59:18 masq PPTPD [4189]: clientSocket = 7 Jun 6 13:59:18 masq PPTPD [4189]: Control Pipe = 6 Jun 6 13:59:18 masq PPTPD [4189]: local IP = 192.168.2.30 Jun 6 13:59:18 masq PPTPD [4189]: remote IP = 192.168.2.40 Jun 6 13:59:18 masq PPTPD [4189]: pppd speed = 115200 Jun 6 13:59:18 masq PPTPD [4189]: CTRL_PIPE = 6 Jun 6 13:59:18 masq PPTPD [4189]: Extracting the IP of the client... Jun 6 13:59:18 masq PPTPD [4189]: CTRL: Now attempting to handle PPTP control connection. Jun 6 13:59:18 masq PPTPD [4189]: CTRL: I've made a suitable START_CTRL_CONN_RPLY.. Jun 6 13:59:18 masq PPTPD [4189]: CTRL: I've made a suitable OUT_CALL_RPLY.. Jun 6 13:59:18 masq PPTPD [4189]: CTRL: permission to launch pppd/gre granted Jun 6 13:59:18 masq PPTPD [4189]: CTRL: Calling startCall() Jun 6 13:59:18 masq PPTPD [4189]: CTRL: ttydev = /dev/ttya0 Jun 6 13:59:18 masq PPTPD [4189]: CTRL: ptydev = /dev/ptya0 Jun 6 13:59:18 masq PPTPD [4190]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 6 13:59:19 masq PPTPD [4189]: CTRL: this session finished... Jun 6 13:59:19 masq PPTPD [4189]: CTRL: manger has been informed of our death At this point the client has thrown a 629 (note: not a 650 as before with 0.8.7) which I have not as yet OK'd. So I OK it (nothing results in the log) and then retry. This usually succeeds but if you wait too long it *sometimes* does the same as above again. So this is usable (albeit a bit messy) because there is no need to kill anything on the server. However, the situation when the connection is over a dialup is still unusable (but we're getting close ;-) : Clean boot client, dialup connection: Jun 6 13:39:20 masq PPTPD [4103]: dots=192 168 2 30-33 Jun 6 13:39:20 masq PPTPD [4103]: dots=192 168 2 40-43 Jun 6 13:39:20 masq PPTPD [4103]: Manager Started Jun 6 13:40:59 masq PPTPD [4106]: starting PPTPCTRL to handle client Jun 6 13:40:59 masq PPTPD [4106]: clientSocket = 7 Jun 6 13:40:59 masq PPTPD [4106]: Control Pipe = 6 Jun 6 13:40:59 masq PPTPD [4106]: local IP = 192.168.2.30 Jun 6 13:40:59 masq PPTPD [4106]: remote IP = 192.168.2.40 Jun 6 13:40:59 masq PPTPD [4106]: pppd speed = 115200 Jun 6 13:40:59 masq PPTPD [4106]: CTRL_PIPE = 6 Jun 6 13:40:59 masq PPTPD [4106]: Extracting the IP of the client... Jun 6 13:40:59 masq PPTPD [4106]: CTRL: Now attempting to handle PPTP control c onnection. Jun 6 13:40:59 masq PPTPD [4106]: CTRL: I've made a suitable START_CTRL_CONN_RP LY.. Jun 6 13:41:00 masq PPTPD [4106]: CTRL: I've made a suitable OUT_CALL_RPLY.. Jun 6 13:41:00 masq PPTPD [4106]: CTRL: permission to launch pppd/gre granted Jun 6 13:41:00 masq PPTPD [4106]: CTRL: Calling startCall() Jun 6 13:41:00 masq PPTPD [4106]: CTRL: ttydev = /dev/ttya0 Jun 6 13:41:00 masq PPTPD [4106]: CTRL: ptydev = /dev/ptya0 Jun 6 13:41:00 masq PPTPD [4107]: CTRL (PPPD Launcher): Connection speed = 1152 00 Jun 6 13:41:00 masq PPTPD [4106]: CTRL: this session finished... Jun 6 13:41:00 masq PPTPD [4106]: CTRL: manger has been informed of our death So on this first attempt the client has thrown a 645 *and* cleared the connection before I have OK'ed the "Error: 645" dialogue and before the pppd has had chance to send anything at all. This is exactly the same debug trace as with the "LAN first attempt" case except that we get a 645 rather than a 629. But on subsequent attempts: Jun 6 13:41:31 masq PPTPD [4113]: starting PPTPCTRL to handle client Jun 6 13:41:31 masq PPTPD [4113]: clientSocket = 7 Jun 6 13:41:31 masq PPTPD [4113]: Control Pipe = 6 Jun 6 13:41:31 masq PPTPD [4113]: local IP = 192.168.2.30 Jun 6 13:41:31 masq PPTPD [4113]: remote IP = 192.168.2.40 Jun 6 13:41:31 masq PPTPD [4113]: pppd speed = 115200 Jun 6 13:41:31 masq PPTPD [4113]: CTRL_PIPE = 6 Jun 6 13:41:31 masq PPTPD [4113]: Extracting the IP of the client... Jun 6 13:41:31 masq PPTPD [4113]: CTRL: Now attempting to handle PPTP control c onnection. Jun 6 13:41:31 masq PPTPD [4113]: CTRL: I've made a suitable START_CTRL_CONN_RP LY.. Jun 6 13:41:31 masq PPTPD [4113]: CTRL: I've made a suitable OUT_CALL_RPLY.. Jun 6 13:41:31 masq PPTPD [4113]: CTRL: permission to launch pppd/gre granted Jun 6 13:41:31 masq PPTPD [4113]: CTRL: Calling startCall() Jun 6 13:41:31 masq PPTPD [4113]: CTRL: ttydev = /dev/ttya0 Jun 6 13:41:31 masq PPTPD [4113]: CTRL: ptydev = /dev/ptya0 Jun 6 13:41:31 masq PPTPD [4114]: CTRL (PPPD Launcher): Connection speed = 1152 00 Jun 6 13:41:32 masq pppd[4115]: sent [LCP ConfReq id=0x1 ] The client again throws a 645 but the connection stays open until (at some point) I OK the "Error: 645" dialogue: Jun 6 13:41:44 masq last message repeated 4 times Jun 6 13:41:45 masq PPTPD [4113]: CTRL: I've made a suitable CALL DISCONNECT re ply packet.. Jun 6 13:41:45 masq PPTPD [4113]: We have told the client we are disconnecting. .. Jun 6 13:41:45 masq PPTPD [4113]: CTRL: this session finished... Jun 6 13:41:45 masq PPTPD [4113]: CTRL: manger has been informed of our death If instead I wait for the LCP "negotiation" (well, not exactly that since the other end is not talking ;-) to timeout before OK'ing the dialogue I get: Jun 6 14:16:20 masq last message repeated 9 times Jun 6 14:16:23 masq PPTPD [4296]: CTRL: this session finished... Jun 6 14:16:23 masq PPTPD [4296]: CTRL: manger has been informed of our death I can then OK the 645 and nothing happens in the log. Subsequent attempts follow the same course. I pretty desperate to get this going! If there is any further testing I can do, please let me know. Thanks for your efforts this far. John At 14:57 06/06/99 +0800, you wrote: > >Please try using the latest CVS version. I fixed a rather serious bug in >there with the pppd's hanging around after other stuff is gone (since file >descriptors weren't being closed before exec'ing the pppd, this included >keeping open a copy of the network socket, both halves of the pty/tty pair, >a socketpair intended for communication between some other processes and >so on). This could quite possibly solve your problem. > >David. *************************************************** John Sutton SCL Computer Services URL http://www.scl.co.uk/ Tel. +44 (0) 1239 621021 *************************************************** From luyer at ucs.uwa.edu.au Sun Jun 6 09:14:45 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun, 06 Jun 1999 22:14:45 +0800 Subject: [pptp-server] Errors 650 629 645 In-Reply-To: Your message of "Sat, 05 Jun 1999 17:05:12 +0100." <2.2.16.19990605160512.3467db84@mail.scl.co.uk> Message-ID: <199906061414.WAA04167@typhaon.ucs.uwa.edu.au> I think you have a pppd problem rather than a PoPToP problem. What is the client? What is your pppd config file like? Here is my (working) pppd config file, but this is being used over a secure network for a different purpose than 'standard' VPN: === ms-dns 1.2.3.4 ms-dns 5.6.7.8 asyncmap 0 auth local lock hide-password netmask 255.255.255.255 +pap -chap debug erpcd 1.2.3.4 192.168.111.111: lcp-echo-interval 30 lcp-echo-failure 4 noipx === (IP addresses changed, except for 192.168.11.111 which is actually what I use as the local end of the pptpd connections; it turned out if I used the eth0: address, Win95/98 were fine but Linux clients got totally confused routing tables for obvious reasons) I am using the PoPToP configuration option --with-pppd-ip-alloc (and --with-libwrap), and a modified pppd (gets IP addresses from an erpcd). My Win98 LAN clients work from a clean boot with no problem. Ditto Win95 (with DUN update 1.3 + sockets fix, etc). Trying it from a dialup here would be.. interesting.. since the same IP address is allocated to dialup connections as to PPTP connections for a given username (and all my test accounts are dialed up or connected testing things anyway...). Probably insignificant, but what MTU is your dialup connection using? More significantly, are you aware of any firewalling between where you dial up to and the VPN server? David. From martin at simpli.net Sun Jun 6 10:51:47 1999 From: martin at simpli.net (martin at simpli.net) Date: Sat, 6 Jun 1999 11:51:47 -0400 Subject: [pptp-server] proxyarp Message-ID: <003201bd9163$036b5ec0$ea03a8c0@simpli.net> Anyone can tell me why I get this when I put proxyarp in my options file : Jun 6 11:44:24 server pppd[11158]: Cannot determine ethernet address for proxy ARP Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From Peter.Galbavy at knowledge.com Sun Jun 6 13:17:06 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Sun, 6 Jun 1999 19:17:06 +0100 Subject: [pptp-server] proposed changes to sources Message-ID: <19990606191706.A13078@office.knowledge.com> After starting to read the source, to try to understand what it is actually *doign* (as opposed to compile-run-debug-etc.) I noticed that pptpd.c and in turn pptpd doesn't do much except daemononize itself and then exec pptpmanager. I propose to merge these together, so that there are only two binaries pptpd and pptpctrl. Eventually, we should be able to merge these two into one binary that just internally forks and calls a control session instead of needing another binary. Ultimately (sp!) we could view having the entire thing threaded, with a need to only exec external ppp(d) processes, and the rest of it could run as a single monolithic threaded pptpd process. Since I have very little real experience with POSIX threads, I will leave it to pother to comment on the viability. Meanwhile, unless someone can explain why pptpd.c exists as a program and not just a daemon() function, I will go ahead and merge them. BSD has a daemon() function that I would like to use if available, and I will provide a slightly modified version of the code in pptpd.c to simulate it where not available. I think it is likely that we are goign to need a compat/ directory for code which is OS dependent, and build that into a .a file which is likned against the main program - mainly to help us in debugging and to stop code pollution. Thoughts ? Almost done, but who knows about the EMBED code and its uses ? BTW - last one - can someone who knows the GNU libs better pull in a version of getopt_long() for just this purpose, since BSD's don't carry one :( Regards, -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From Peter.Galbavy at knowledge.com Sun Jun 6 13:26:51 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Sun, 6 Jun 1999 19:26:51 +0100 Subject: [pptp-server] proposed changes to sources In-Reply-To: <19990606191706.A13078@office.knowledge.com>; from Peter Galbavy on Sun, Jun 06, 1999 at 07:17:06PM +0100 References: <19990606191706.A13078@office.knowledge.com> Message-ID: <19990606192651.A10660@office.knowledge.com> On Sun, Jun 06, 1999 at 07:17:06PM +0100, Peter Galbavy wrote: > actually *doign* (as opposed to compile-run-debug-etc.) I noticed Sad really - here I am trying to highlight a word, then I prove both incapable of spelling it, but worse, incapable of seeing the obvious mistake. "doing" of course... -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From john at scl.co.uk Sat Jun 5 18:25:13 1999 From: john at scl.co.uk (John Sutton) Date: Sun, 06 Jun 1999 00:25:13 +0100 Subject: [pptp-server] Errors 650 629 645 Message-ID: <2.2.16.19990605232513.2d6f2bc8@mail.scl.co.uk> David At 22:14 06/06/99 +0800, you wrote: >I think you have a pppd problem rather than a PoPToP problem. > >What is the client? What is your pppd config file like? Client? Win95 DUN1.3? My pppd config file on the linux server is: asyncmap 0 local lock mru 552 (I've varied these between 296 and 1500) mtu 552 proxyarp debug kdebug 1 auth require-chap name masq >My Win98 LAN clients work from a clean boot with no problem. Ditto Win95 >(with DUN update 1.3 + sockets fix, etc). Trying it from a dialup here Eek! What is "sockets fix"? >would be.. interesting.. since the same IP address is allocated to dialup >connections as to PPTP connections for a given username (and all my test >accounts are dialed up or connected testing things anyway...). > >Probably insignificant, but what MTU is your dialup connection using? >More significantly, are you aware of any firewalling between where you dial >up to and the VPN server? What I've done now is gone back to the linux-pptp client (v1.0.2) to try and get a handle on this problem. And in fact this suffers from exactly the same problem as the Win95 client when used over the dialup connection. And both wotk fine over the LAN connection. So I think that rules out it being a Microsoft "feature"... (phew). So I'm now using the same linux client pppd to establish a dialup connection and to do the pptp client connection. And the former is solid as a rock. You suggest it is either a firewall issue or a pppd issue. Re firewall, yes, there is a masquerading router between the linux server and the internet. This is configured to forward any unmatched incoming connections to the linux box. And this works fine for ssh, ftp etc. If I do a netstat on the linux box when a LAN pptp session is in progress, I get: tcp 0 0 192.168.1.5:1723 192.168.1.1:1050 ESTABLISHED So pptp is a simple single socket protocol, yes? So I can't see why it should not be treated like any other such protocol? And the fact that this socket does get established when using a dialup connection, at least temporarily, surely indicates that this is not the source of the problem? Here is a trace on the server: Sun Jun 6 21:58:47 BST 1999 Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 1 192.168.2.2:1723 212.38.64.125:1077 SYN_RECV Sun Jun 6 21:58:47 BST 1999 Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.2.2:1723 212.38.64.125:1077 ESTABLISHED Stays up for a couple of secs... Sun Jun 6 21:58:49 BST 1999 Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 1 192.168.2.2:1723 212.38.64.125:1077 FIN_WAIT1 Sun Jun 6 21:58:49 BST 1999 Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.2.2:1723 212.38.64.125:1077 FIN_WAIT2 which corresponds to: Jun 6 21:58:47 masq PPTPD [14430]: starting PPTPCTRL to handle client ...2 secs... Jun 6 21:58:49 masq PPTPD [14430]: CTRL: this session finished... Re pppd, I have done extensive testing changing the MTU of the dialup connection and the MTU of the pppd-in-pptp connection. I found all this extremely difficult because even though I am running everything as root (on both server and client ends), it seems to me that you cannot override some of the settings in /etc/ppp/options either on the command line or in a "file /blah/blah" option? This has been driving me nuts! On the client end, I have to establish the dialup connection using my chosen options in /etc/ppp/otions, and then ovewrite this file with the client options I want before kicking off the pptp client... Have I missed something here? Anyway, the upshot is this. The best I have got is where the server sends an LCP request, the client receives it and sends the ACK, and the client also sends its own request. This happens 10 times. However, never but never, have I managed to get the server to receive anything from the client... and sometimes the server does not even send a request because the connection has already terminated. Any ideas... This is so damn close I could scream. Indeed, I've done quite a bit of that today! Regards John *************************************************** John Sutton SCL Computer Services URL http://www.scl.co.uk/ Tel. +44 (0) 1239 621021 *************************************************** From john at scl.co.uk Sat Jun 5 18:30:02 1999 From: john at scl.co.uk (John Sutton) Date: Sun, 06 Jun 1999 00:30:02 +0100 Subject: [pptp-server] proxyarp Message-ID: <2.2.16.19990605233002.37ffc296@mail.scl.co.uk> Because there is no ether interface on the same network as the peer? At 11:51 06/06/98 -0400, you wrote: >Anyone can tell me why I get this when I put proxyarp in my options file : > >Jun 6 11:44:24 server pppd[11158]: Cannot determine ethernet address for proxy ARP *************************************************** John Sutton SCL Computer Services URL http://www.scl.co.uk/ Tel. +44 (0) 1239 621021 *************************************************** From matthewr at moreton.com.au Sun Jun 6 20:08:06 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon, 07 Jun 1999 01:08:06 +0000 Subject: [pptp-server] v0.8.9 released Message-ID: <375B1B76.A0BD8D69@moreton.com.au> Hiya all, PoPToP v0.8.9 has been released! Grab a copy here: http://www.moretonbay.com/vpn/download_pptp.html This release has a *lot* of fixes from David and Peter. Many thanks to them. Here's the ChangeLog: v0.8.8 -> v0.8.9 7th June, 1999 - unified CTRL and GRE processes (removed pptpgre), without the vfork problem since this is not forking - changed process name for child processes to pptpd [ip.address.here] - moved INTERNAL_IP_ALLOCATION to a configure option (see configure --help) - added support for libwrap tcp wrappers - made sure pppd doesn't get copies of file descriptors it shouldn't, so it closes down properly - ****lots**** of other misc fixes Have fun! -matt. From martin at simpli.net Sun Jun 6 21:16:44 1999 From: martin at simpli.net (martin at simpli.net) Date: Sat, 6 Jun 1999 22:16:44 -0400 Subject: [pptp-server] 629 error Message-ID: <002501bd91ba$5466a6c0$ea03a8c0@simpli.net> Anyone can tell me why I get a error 629 the first time I try to connect to the pptpd server from my windows 98 but after all conenction are ok ? Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From martin at simpli.net Sun Jun 6 21:21:58 1999 From: martin at simpli.net (martin at simpli.net) Date: Sat, 6 Jun 1999 22:21:58 -0400 Subject: [pptp-server] Can't surf the web when connected to pptpd server Message-ID: <003001bd91bb$0c6ca300$ea03a8c0@simpli.net> Anyone can help with this issue when I am connected to the pptpd server I can't not access the web (passing by a proxy) but all other stuff work (irc, ftp, email...) this things are not passing by a proxy! but for the web my provider force me to use a web proxy any issue about that I am on a windows 98 station and if I disconnect the pptp connection well I can access the web everything come back! Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From luyer at ucs.uwa.edu.au Mon Jun 7 00:18:50 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Mon, 07 Jun 1999 13:18:50 +0800 Subject: [pptp-server] proposed changes to sources In-Reply-To: Your message of "Sun, 06 Jun 1999 19:17:06 +0100." <19990606191706.A13078@office.knowledge.com> Message-ID: <199906070518.NAA09387@typhaon.ucs.uwa.edu.au> > After starting to read the source, to try to understand what it is > actually *doign* (as opposed to compile-run-debug-etc.) I noticed > that pptpd.c and in turn pptpd doesn't do much except daemononize > itself and then exec pptpmanager. I like the current model, and the reason for it has been explained by Matt R; for uClinux where fork() is not available (must vfork()). Also, keeping pptpd and pptpmanager separate means that you have a smaller binary actually being executed, the pptpd bit is thrown away on startup. > I propose to merge these together, so that there are only two > binaries pptpd and pptpctrl. Eventually, we should be able to merge > these two into one binary that just internally forks and calls a > control session instead of needing another binary. As above. If we want to merge into one binary, the squid model would be better. See also my direct mail to you about resource limits bottlenecks. I'm not sure about the non-Linux limits for all of this though. fork() without exec() tends to not be a good idea as it makes programs more confusing (eg, variables which become out of date but remain accessible) without a real gain, when there are so many other models to choose from. It can also be horribly inefficient (keeping a copy of unused parts of the dataset around as at each fork()). > Ultimately (sp!) we > could view having the entire thing threaded [...] Not sure how well this would work, and whether the locking overheads and code complexity would be worth it. It is worth consideration, but I'd prefer the single process model (even with the file descriptors issue it would introduce; threading would introduce the same issue but not achieve the same performance). > Meanwhile, unless someone can explain why pptpd.c exists as a program > and not just a daemon() function, I will go ahead and merge them. See Matt R's e-mail/my attempt to explain above. > BSD has a daemon() function that I would like to use if available, and > I will provide a slightly modified version of the code in pptpd.c to > simulate it where not available. Linux should definitely be using setsid() as it presently does. > I think it is likely that we are goign to need a compat/ directory for > code which is OS dependent, and build that into a .a file which is > likned against the main program - mainly to help us in debugging and > to stop code pollution. Thoughts ? I think that's excessive at present - the code is relatively small and generally tries to be POSIX. But if we start building a lot of extra bits for other operating systems, it's probably worth it. For now a simple 'compat.c' with the relevant stuff in it would probably do it. > Almost done, but who knows about the EMBED code and its uses ? It's because the pptpd was originally written for the coldfire uClinux port, which, for example, doesn't have a fork() call. > BTW - last one - can someone who knows the GNU libs better pull in a > version of getopt_long() for just this purpose, since BSD's don't > carry one :( You could install libiberty and link with -liberty, to be freed of your OS's restrictions :-) I'll try to merge in a getopt_long() today. If pptpd gets demand on other OS's, we'll also need things like inet_ntoa(), strdup(), etc, which aren't fully portable to be built. I guess these do probably belong in a compat library. Hmm... how does pptpd go under cygwin32? As an option for people who don't want to pay for a client access license for every VPN user on NT. David. From luyer at ucs.uwa.edu.au Mon Jun 7 00:22:08 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Mon, 07 Jun 1999 13:22:08 +0800 Subject: [pptp-server] Can't surf the web when connected to pptpd server In-Reply-To: Your message of "Sat, 06 Jun 1999 22:21:58 -0400." <003001bd91bb$0c6ca300$ea03a8c0@simpli.net> Message-ID: <199906070522.NAA09427@typhaon.ucs.uwa.edu.au> > Anyone can help with this issue when I am connected to the pptpd server = > I can't not access the web (passing by a proxy) but all other stuff work = > (irc, ftp, email...) this things are not passing by a proxy! but for the = > web my provider force me to use a web proxy any issue about that I am on = > a windows 98 station and if I disconnect the pptp connection well I can = > access the web everything come back! I'd suggest that it's something like that your IP address when using pptp is not permitted access to the proxy you're trying to access, or on the path between the pptp server and the proxy a firewall is stopping port 80 traffic. I suspect it's not a pptpd issue. David. From luyer at ucs.uwa.edu.au Mon Jun 7 00:23:07 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Mon, 07 Jun 1999 13:23:07 +0800 Subject: [pptp-server] 629 error In-Reply-To: Your message of "Sat, 06 Jun 1999 22:16:44 -0400." <002501bd91ba$5466a6c0$ea03a8c0@simpli.net> Message-ID: <199906070523.NAA09443@typhaon.ucs.uwa.edu.au> > Anyone can tell me why I get a error 629 the first time I try to connect = > to the pptpd server from my windows 98 but after all conenction are ok ? Is this the first time after you start pptpd, the first time after you reboot the client (Windows) machine or the first time after you reboot the server (Linux) machine? David. From luyer at ucs.uwa.edu.au Mon Jun 7 00:36:51 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Mon Jun 7 00:36:51 1999 Subject: [pptp-server] Errors 650 629 645 In-Reply-To: Your message of "Sun, 06 Jun 1999 00:25:13 +0100." <2.2.16.19990605232513.2d6f2bc8@mail.scl.co.uk> Message-ID: <199906070536.NAA09626@typhaon.ucs.uwa.edu.au> > >My Win98 LAN clients work from a clean boot with no problem. Ditto Win95 > >(with DUN update 1.3 + sockets fix, etc). Trying it from a dialup here > > Eek! What is "sockets fix"? Unrelated to the problem (I hope). However when I asked a group on campus who are already doing VPN under NT what was needed for a Win95 client, they told me to install DUN update 1.3 followed by sockets fix; I think that's also known as 'ws2setup'. Don't have a URL for it except intranet ones. I think it's just a generally recommended thing for anyone still running Win95. > You suggest it is either a firewall issue or a pppd issue. Re firewall, > yes, there is a masquerading router between the linux server and the internet. > > tcp 0 0 192.168.1.5:1723 192.168.1.1:1050 ESTABLISHED > > So pptp is a simple single socket protocol, yes? No. Look at the entry further down in netstat -na called "raw". > So I can't see why it should not be treated like any other such protocol? Because you're looking at the TCP control connection. PPTP uses more than just that connection. Look at pptpgre.c. > And the fact that this socket does get established when using a dialup > connection, at least temporarily, surely indicates that this is not the > source of the problem? [...] The control connection gets established, the real data connection doesn't I suspect. Your masquerading probably can't handle GRE. From john at scl.co.uk Mon Jun 7 05:41:55 1999 From: john at scl.co.uk (John Sutton) Date: Mon Jun 7 05:41:55 1999 Subject: [pptp-server] Errors 650 629 645 Message-ID: <2.2.16.19990606130938.344ff9a8@mail.scl.co.uk> At 13:36 07/06/99 +0800, you wrote: > >> >My Win98 LAN clients work from a clean boot with no problem. Ditto Win95 >> >(with DUN update 1.3 + sockets fix, etc). Trying it from a dialup here >> >> Eek! What is "sockets fix"? > >Unrelated to the problem (I hope). However when I asked a group on campus >who are already doing VPN under NT what was needed for a Win95 client, they >told me to install DUN update 1.3 followed by sockets fix; I think that's >also known as 'ws2setup'. Don't have a URL for it except intranet ones. >I think it's just a generally recommended thing for anyone still running Win95. I'll look that up. Maybe it's related... >> You suggest it is either a firewall issue or a pppd issue. Re firewall, >> yes, there is a masquerading router between the linux server and the internet. >> >> tcp 0 0 192.168.1.5:1723 192.168.1.1:1050 ESTABLISHED >> >> So pptp is a simple single socket protocol, yes? > >No. Look at the entry further down in netstat -na called "raw". > >> So I can't see why it should not be treated like any other such protocol? > >Because you're looking at the TCP control connection. PPTP uses more than just >that connection. Look at pptpgre.c. > >> And the fact that this socket does get established when using a dialup >> connection, at least temporarily, surely indicates that this is not the >> source of the problem? [...] > >The control connection gets established, the real data connection doesn't I >suspect. Your masquerading probably can't handle GRE. > >>From pptpgre.c: > >gre_fd = socket(AF_INET, SOCK_RAW, PPTP_PROTO); >connect(gre_fd, (struct sockaddr *) &src_addr, sizeof(src_addr)); > >PPTP_PROTO is protocol 47. If you want to watch the pptp packets, >try 'tcpdump proto 47' (but tcpdump doesn't understand them much = >you just get meaningless stuff out of it). Fool I am. I now remember seeing mention of protocol 47. However, I'm still not sure that this is the issue. Two things: 1) The router in question is an Eicon Diva LAN ISDN Modem which proudly announces on the box that it supports PPTP. Does this protocol use ports? With the first word "source port/dest port" as with TCP & UDP? Maybe it's flunking the masquerade? I'll do a tcp dump as you suggest on the client and see what's happening. 2) If I make a direct ISDN call (and thereby can switch off masquerading) I get the same result. I've only done this so far with the Win95 client so I can't see anything happening beyond the error 645 as before, but I'm seeing exactly the same in the pptpd log as before - it sends the LCP and gets nothing back. I'll try it with the linux client and see what's going on. I'll also try and get some info from Eicon! Thanks for your help. I'll report back if I make any progress. John *************************************************** John Sutton SCL Computer Services URL http://www.scl.co.uk/ Tel. +44 (0) 1239 621021 *************************************************** From wfaulk at totalsports.net Mon Jun 7 18:27:25 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Mon Jun 7 18:27:25 1999 Subject: [pptp-server] v0.8.9 released In-Reply-To: <375B1B76.A0BD8D69@moreton.com.au> Message-ID: On Mon, 7 Jun 1999, Matthew Ramsay wrote: > > PoPToP v0.8.9 has been released! Hmm. The addition of -ansi and -Wmissing-prototypes has caused some problems for me. The header files on my system claim that strdup does not exist in ansi specification. I don't really know if this is the case or not. Also, declaring '_BSD_SOURCE' (in pptpdcmds.c, for linux) causes some problems in my setjmp.h. It turns out that _BSD_SOURCE, in turn, defines __FAVOR_BSD, which eventually leads to typedef sigjmp_buf jmp_buf; and sigjmp_buf is declared only if __USE_POSIX is. This may well be an error in my includes, but maybe not. Also, there exist some things in my header files that seem to have no prototypes (errors, etc at bottom). In addition, my system does not declare a socklen_t. It simply uses 'int'. After removing -ansi and -Wmissing-prototypes and defining socklen_t, everything seems to be okay. -Bitt PS: Here's the missing prototypes stuff: sprawl% gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -Wall -Wmissing-prototypes -Werror -c pptpdcmds.c cc1: warnings being treated as errors In file included from /usr/include/linux/byteorder/little_endian.h:11, from /usr/include/asm/byteorder.h:45, from /usr/include/linux/in.h:173, from /usr/include/netinet/in.h:79, from pptpdcmds.c:55: /usr/include/linux/byteorder/swab.h:100: warning: no previous prototype for `__fswab16' /usr/include/linux/byteorder/swab.h:104: warning: no previous prototype for `__swab16p' /usr/include/linux/byteorder/swab.h:108: warning: no previous prototype for `__swab16s' /usr/include/linux/byteorder/swab.h:113: warning: no previous prototype for `__fswab32' /usr/include/linux/byteorder/swab.h:117: warning: no previous prototype for `__swab32p' /usr/include/linux/byteorder/swab.h:121: warning: no previous prototype for `__swab32s' /usr/include/linux/byteorder/swab.h:127: warning: no previous prototype for `__fswab64' /usr/include/linux/byteorder/swab.h:137: warning: no previous prototype for `__swab64p' /usr/include/linux/byteorder/swab.h:141: warning: no previous prototype for `__swab64s' From martin at simpli.net Mon Jun 7 19:14:45 1999 From: martin at simpli.net (martin at simpli.net) Date: Mon Jun 7 19:14:45 1999 Subject: [pptp-server] PPTP Setup Message-ID: <199906080017.UAA01300@server.simpli.net> Hi well I need a bit help ok I need information about my setup: I have a Linux server with pptpd server: my local adress are 192.168.2.1 .2 .3 .4 (for local network) domain name simplinet-main what I need to know if what I will set for remote ip in pptpd.conf file to make enable a windows nt server connect via pptp with domain simplinet- bcp1 so how I will set that that when windows nt server is connected he will see the station on my linux lan and linux will see the nt server ... do I need special route, is it possible with 2 domains name ? Martin --------------------------------------------- Ce message ? ?t? transmit ? l'aide du syst?me de messagerie de Simplinet http://www.simpli.net/ From martin at simpli.net Mon Jun 7 22:26:51 1999 From: martin at simpli.net (martin at simpli.net) Date: Mon Jun 7 22:26:51 1999 Subject: [pptp-server] routing??? Message-ID: <001001bd928e$02479960$0202a8c0@simpli.net> Hi well I just set up my vpn network ok when Im on the NT I see all the network of the linux Server, workstation ... but I can only access the server, when I try the other station I get cant connect .... and if I try to make a ping to the server it work but to the station it fail so I guess it a routing issue anyone have a answer ? Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From luyer at ucs.uwa.edu.au Tue Jun 8 01:19:47 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Tue Jun 8 01:19:47 1999 Subject: [pptp-server] v0.8.9 released In-Reply-To: Your message of "Mon, 07 Jun 1999 19:30:11 -0400." Message-ID: <199906080619.OAA12257@typhaon.ucs.uwa.edu.au> > On Mon, 7 Jun 1999, Matthew Ramsay wrote: > > > > PoPToP v0.8.9 has been released! > > Hmm. The addition of -ansi and -Wmissing-prototypes has caused some > problems for me. > > The header files on my system claim that strdup does not exist in ansi > specification. I don't really know if this is the case or not. It's true - that's why _BSD_SOURCE is there on Linux, and __EXTENSIONS__ on Solaris. It's a BSD extension, but it's available pretty much everywhere. > Also, > declaring '_BSD_SOURCE' (in pptpdcmds.c, for linux) causes some problems > in my setjmp.h. > This may well be an error > in my includes, but maybe not. It is. But we may be able to work around it, I'll change _BSD_SOURCE to _GNU_SOURCE on Linux and see if that makes everything happy - _GNU_SOURCE I believe includes POSIX and BSD code. > Also, there exist some things in my header files that seem to have no > prototypes (errors, etc at bottom). OK, guess we should drop -Wmissing-prototypes by default, and just use it for developers. Done in CVS. > In addition, my system does not declare a socklen_t. It simply uses > 'int'. Should be fixed in latest CVS (autoconf check). [.. about bad kernel source ...] > Doesn't like it if I remove the extern either. But I can slap some > prototypes in there and it works okay. You should declare it 'static' most likely. David. From luyer at ucs.uwa.edu.au Tue Jun 8 01:23:57 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Tue Jun 8 01:23:57 1999 Subject: [pptp-server] routing??? In-Reply-To: Your message of "Sun, 07 Jun 1998 23:32:05 -0400." <001001bd928e$02479960$0202a8c0@simpli.net> Message-ID: <199906080623.OAA12331@typhaon.ucs.uwa.edu.au> Either you need to give remote addresses on the same network as your local ethernet and use proxy arp, or you need to actually route the addresses. I use RIP here and gated; here is my gated.conf: rip yes { broadcast; interface all noripin noripout; interface eth ripin ripout version 1; }; This will advertise host routes for all connected PPTP clients. David. From matthewr at moreton.com.au Tue Jun 8 02:40:47 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Jun 8 02:40:47 1999 Subject: [pptp-server] v0.8.10 released! Message-ID: <375CC7E6.223D1DB4@moreton.com.au> Hiya all, PoPToP v0.8.10 has been released! Download your copy here: http://www.moretonbay.com/vpn/download_pptp.html This will probably be the last v0.8.* release. We would *really* appreciate it if *you* would download this version of PoPToP and give it a thrashing on your system. This should be the most stable version of PoPToP yet. Many, many thanks to David Luyer who has spent quite some time recently weeding out countless problems and solving them all. Given that no-one has any major problems with this version of PoPToP, v0.9.0 will be released in a day or so. See the TODO file (http://www.moretonbay.com/vpn/releases/TODO.txt) for where we plan on going from here. Here is the ChangeLog: v0.8.9 -> v0.8.10 8th June, 1999 - added getopt_long() from GNU libc for use on non-Linux platforms - fixed compilation on FreeBSD, Digital Unix and Solaris - replaced PPTPD_DEBUG define with configuration option (debug) and command line option (-d/--debug) - minor fixes from mailing list For all those who do put some time back into PoPToP and test this release -- Thankyou! Cheers, Matt. From rfox at aloha.com Tue Jun 8 04:39:04 1999 From: rfox at aloha.com (Ronald L Fox) Date: Tue Jun 8 04:39:04 1999 Subject: [pptp-server] v0.8.10 doesn't compile for me on Red Hat Linux 5.0 Message-ID: <375CE6A2.D5C83391@aloha.com> Versions 0.8.6 and 0.8.8 do compile just fine though. Output from make is attached for compilations of 0.8.8 and 0.8.10. I'm not a C programmer and so can't offer any clues as to what's going wrong. I'm looking forward to trying this out with some Win95 and Linux clients. Regards, Ron -- Ronald L Fox Email: rfox at dls.queens.org Diagnostic Laboratory Services Phone: (808) 589-5172 Honolulu, Hawaii -------------- next part -------------- make all-recursive make[1]: Entering directory `/home/rfox/pptpd/pptpd-0.8.8' make[2]: Entering directory `/home/rfox/pptpd/pptpd-0.8.8' gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -g -O2 -c pptpd.c gcc -g -O2 -o pptpd pptpd.o gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -g -O2 -c pptpdcmds.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -g -O2 -c configfile.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -g -O2 -c pptpmanager.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -g -O2 -c inststr.c gcc -g -O2 -o pptpmanager pptpdcmds.o configfile.o pptpmanager.o inststr.o gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -g -O2 -c pptpctrl.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -g -O2 -c ctrlpacket.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -g -O2 -c pty.c gcc -g -O2 -o pptpctrl pptpctrl.o ctrlpacket.o inststr.o pty.o gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -g -O2 -c pptpgre.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -g -O2 -c ppphdlc.c gcc -g -O2 -o pptpgre pptpgre.o inststr.o ppphdlc.o make[2]: Leaving directory `/home/rfox/pptpd/pptpd-0.8.8' make[1]: Leaving directory `/home/rfox/pptpd/pptpd-0.8.8' -------------- next part -------------- make all-recursive make[1]: Entering directory `/home/rfox/pptpd/pptpd-0.8.10' make[2]: Entering directory `/home/rfox/pptpd/pptpd-0.8.10' gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -fno-builtin -Wall -ansi -c pptpd.c gcc -fno-builtin -Wall -ansi -o pptpd pptpd.o gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -fno-builtin -Wall -ansi -c pptpdcmds.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -fno-builtin -Wall -ansi -c configfile.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -fno-builtin -Wall -ansi -c pptpmanager.c In file included from pptpmanager.c:22: /usr/include/arpa/inet.h:46: parse error before `__net' In file included from /usr/include/sys/time.h:25, from pptpmanager.c:26: /usr/include/sys/select.h:82: warning: `struct timespec' declared inside parameter list /usr/include/sys/select.h:82: warning: its scope is only this definition or declaration, /usr/include/sys/select.h:82: warning: which is probably not what you want. /usr/include/sys/select.h:85: warning: `struct timespec' declared inside parameter list make[2]: *** [pptpmanager.o] Error 1 make[2]: Leaving directory `/home/rfox/pptpd/pptpd-0.8.10' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/rfox/pptpd/pptpd-0.8.10' make: *** [all-recursive-am] Error 2 From haas at softwired-inc.com Tue Jun 8 08:51:23 1999 From: haas at softwired-inc.com (Thomas Haas) Date: Tue Jun 8 08:51:23 1999 Subject: [pptp-server] v0.8.10 released! References: <375CC7E6.223D1DB4@moreton.com.au> Message-ID: <375D1FC6.6460CBED@softwired-inc.com> Hi Using NT as client I am still getting the following error: 737 loopback detected I have Windows NT SP 5. It used to work with Win98 clients. All Win98 are out of town right now, so I cannot test the new release yet. - tom Matthew Ramsay wrote: > Hiya all, > > PoPToP v0.8.10 has been released! Download your copy here: > http://www.moretonbay.com/vpn/download_pptp.html > > This will probably be the last v0.8.* release. We would *really* > appreciate it if *you* would download this version of PoPToP and give it > a thrashing on your system. > > This should be the most stable version of PoPToP yet. Many, many thanks > to David Luyer who has spent quite some time recently weeding out > countless problems and solving them all. > > Given that no-one has any major problems with this version of PoPToP, > v0.9.0 will be released in a day or so. > > See the TODO file (http://www.moretonbay.com/vpn/releases/TODO.txt) for > where we plan on going from here. > > Here is the ChangeLog: > v0.8.9 -> v0.8.10 > 8th June, 1999 > > - added getopt_long() from GNU libc for use on non-Linux platforms > - fixed compilation on FreeBSD, Digital Unix and Solaris > - replaced PPTPD_DEBUG define with configuration option (debug) and > command line option (-d/--debug) > - minor fixes from mailing list > > For all those who do put some time back into PoPToP and test this > release -- Thankyou! > > Cheers, > Matt. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- * Thomas Haas * SoftWired AG * Technoparkstr. 1 *** CH-8005 Zurich *** +41-1-4452370 From mis at seiden.com Tue Jun 8 09:35:51 1999 From: mis at seiden.com (Mark Seiden) Date: Tue Jun 8 09:35:51 1999 Subject: [pptp-server] pptpd 8.10 problems compiling on openbsd 2.5 Message-ID: <19990608073536.A28731@seiden.com> for openbsd 2.5, gmake must be used (rather than the default make) due to the use of -include you need to #define HAVE_STRLCPY 1 in config.h this is not autoconfigured at present and there's a conflicting definition in compat.h, already configurable around. i'm not an autoconf wizard. doubtless each of these is a 2-liner in configure.in. -- mark seiden, mis at seiden.com, 1-(650) 592 8559 (voice) Pacific Time Zone From matthewr at moreton.com.au Tue Jun 8 18:32:10 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Jun 8 18:32:10 1999 Subject: [pptp-server] v0.8.10 released! References: <375CC7E6.223D1DB4@moreton.com.au> <375D1FC6.6460CBED@softwired-inc.com> Message-ID: <375DA693.CEE14254@moreton.com.au> > Using NT as client I am still getting the following error: 737 loopback > detected > I have Windows NT SP 5. Make sure both IP header compression and software compression is turned OFF for NT clients. Cheers, Matt. From luyer at ucs.uwa.edu.au Wed Jun 9 01:45:45 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jun 9 01:45:45 1999 Subject: [pptp-server] pptpd 8.10 problems compiling on openbsd 2.5 In-Reply-To: Your message of "Tue, 08 Jun 1999 07:35:36 MST." <19990608073536.A28731@seiden.com> Message-ID: <199906090645.OAA08444@typhaon.ucs.uwa.edu.au> > for openbsd 2.5, > > gmake must be used (rather than the default make) due to the use of > -include Fixed (dependencies are done differently now). > you need to > #define HAVE_STRLCPY 1 > in config.h > > this is not autoconfigured at present and there's a conflicting > definition in compat.h, already configurable around. Fixed in CVS, I hope. David. From matthewr at moreton.com.au Wed Jun 9 02:55:31 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Jun 9 02:55:31 1999 Subject: [pptp-server] v0.8.11 released! Message-ID: <375E1C88.D2B9CFD7@moreton.com.au> Hiya all, PoPToP v0.8.11 has been released. You can download it here: http://www.moretonbay.com/vpn/download_pptp.html I seem to recall saying that v0.8.10 would be the last in the .8 series :-)... This version has a couple more fixes from David and Peter. Here's the ChangeLog: - now only two executables, pptpd and pptpctrl - re-did dependency generation - minor include cleanups Cheers, Matt. From rfox at aloha.com Wed Jun 9 05:36:09 1999 From: rfox at aloha.com (Ronald L Fox) Date: Wed Jun 9 05:36:09 1999 Subject: [pptp-server] v0.8.11 compiles cleanly on Red Hat Linux 5.0 Message-ID: <375E4583.2A868A57@aloha.com> Thanks David et.al. Regards, Ron -- Ronald L Fox Email: rfox at dls.queens.org Diagnostic Laboratory Services Phone: (808) 589-5172 Honolulu, Hawaii FAX: (808) 593-8357 From rfox at aloha.com Wed Jun 9 06:23:29 1999 From: rfox at aloha.com (Ronald L Fox) Date: Wed Jun 9 06:23:29 1999 Subject: [pptp-server] Is encryption of PPP with MPPE sufficient to encrypt PPTP? Message-ID: <375E50AA.381E8D8@aloha.com> Aloha, According to the TODO list, encryption of PPTP is one of the remaining tasks. To guarantee interoperability with Microsoft clients and servers, you have to play by Microsoft's rules which means supporting MPPE (Microsoft Point to Point Encryption). I've looked at the specification of MPPE as found at the IETF's Point to Point Extensions Working Group's charter page at: http://www.ietf.org/html.charters/pppext-charter.html and the work by ?rp?d Magos?nyi (author of the Linux VPN mini howto) to add MPPE to PPP 2.3.0 as found at: http://www.hal.vein.hu/~mag/works/RAS/ Is it an over-simplification to say that patching pppd to include MPPE in this fashion would accomplish adding encryption to PPTP that is as good as Microsoft's and that will work with Microsoft clients and servers? Regards, Ron -- Ronald L Fox Email: rfox at dls.queens.org Diagnostic Laboratory Services Phone: (808) 589-5172 Honolulu, Hawaii FAX: (808) 593-8357 From andrew at ibi.co.za Wed Jun 9 06:41:49 1999 From: andrew at ibi.co.za (Andrew Cameron) Date: Wed Jun 9 06:41:49 1999 Subject: [pptp-server] Control Messages Message-ID: <375E542F.E5DF9BD6@ibi.co.za> Hi, When trying to connect my connection is failing. The log reports that message type 9 and 13 are not implemented. Are these types going to be implements? Regards Andrew -- ----------------------------------------------------------------------------- Andrew Cameron Internet: andrew at ibi.co.za Internet: apcameron at intch.co.za ----------------------------------------------------------------------------- From wfaulk at totalsports.net Wed Jun 9 18:39:04 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Wed Jun 9 18:39:04 1999 Subject: [pptp-server] some more notes/questions In-Reply-To: Message-ID: On Mon, 31 May 1999, Seth Vidal wrote: > > I need some way of writing the pppd data to wtmp/utmp. I remembered reading this post a while back and just now stumbled across the answer: From matthewr at moreton.com.au Wed Jun 9 18:52:05 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Jun 9 18:52:05 1999 Subject: [pptp-server] Is encryption of PPP with MPPE sufficient to encrypt PPTP? References: <375E50AA.381E8D8@aloha.com> Message-ID: <375EFD1B.9F9E2A81@moreton.com.au> Ronald, > remaining tasks. To guarantee interoperability with Microsoft clients > and servers, you have to play by Microsoft's rules which means > supporting MPPE (Microsoft Point to Point Encryption). I've looked correct. > and the work by ?rp?d Magos?nyi (author of the Linux VPN mini howto) > to add MPPE to PPP 2.3.0 as found at: > http://www.hal.vein.hu/~mag/works/RAS/ I've tried to get that working.. but failed. :-) Also have a look at this link: ftp://ftp.east.telecom.kz/pub/src/networking/ppp/multilink/ppp-2.3.5-mp.tgz apparently this is a modified ppp-2.3.5 with MSCHAPv2 and MPPE support. > Is it an over-simplification to say that patching pppd to include > MPPE in this fashion would accomplish adding encryption to PPTP that > is as good as Microsoft's and that will work with Microsoft clients > and servers? basically this is all that needs doing -- so YES! I think the PPP part of the kernel will need slight RC4 modification too for the actual packet encryption...? unsure. I am actually hoping someone will email me tomorrow telling me they tried the above ppp patches and successfully got poptop working with microsoft encryption :-) It is a high priority on my agenda at any rate. Cheers, Matt. From wfaulk at totalsports.net Wed Jun 9 21:35:02 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Wed Jun 9 21:35:02 1999 Subject: [pptp-server] Is encryption of PPP with MPPE sufficient to encrypt PPTP? In-Reply-To: <375EFD1B.9F9E2A81@moreton.com.au> Message-ID: On Wed, 9 Jun 1999, Matthew Ramsay wrote: > > I've tried to get that working.. but failed. :-) Also have a look at > this link: > ftp://ftp.east.telecom.kz/pub/src/networking/ppp/multilink/ppp-2.3.5-mp.tgz > > apparently this is a modified ppp-2.3.5 with MSCHAPv2 and MPPE support. > > I am actually hoping someone will email me tomorrow telling me they > tried the above ppp patches and successfully got poptop working with > microsoft encryption :-) I tried the above ppp daemon, and it doesn't work. From his README.MSCHAP80 file: I've managed to get a client-only implementation of MS-CHAP working; it will authenticate itself to another system using MS-CHAP, but if you're using PPPD as a dial-in server, you won't be able to use MS-CHAP to authenticate the clients. This would not be a lot of extra work given that the framework is in place, but I didn't need it myself so I didn't implement it. Of course, this just means that MSCHAP80 won't work. CHAP should still work, and MPPE might not, but.... He managed to break IP Address wildcards in chap-secrets. It looks like a bug, but I can't imagine how it happened. After I fixed that (removed lines 1286,7 from pppd/auth.c), I never could get MPPE working. Sorry. -Bitt From teott at innova.net Wed Jun 9 23:20:02 1999 From: teott at innova.net (Tim Ott) Date: Wed Jun 9 23:20:02 1999 Subject: [pptp-server] Help Message-ID: <375F3D20.CB6653A4@innova.net> Maybe you can help me. I am looking to set up a VPN Server that can handle 5000 concurrent conections. The information is not HTTP but small packets of about 500-1k bytes with full 128 bit encryption needed and talking to NT client. Do you think that Linux could handle this. I am currently running NT Server with a limit of 255 concurrent VPN's (meaning 20 boxes) and have been quoted ~ 27k per box for a tunneling router that can handle 2000 VPN connections. I would love to have something a little more home grown. Thanks. -Tim Ott tott at qs1.com From tmk at netmagic.net Wed Jun 9 23:37:49 1999 From: tmk at netmagic.net (tmk) Date: Wed Jun 9 23:37:49 1999 Subject: [pptp-server] Help References: <375F3D20.CB6653A4@innova.net> Message-ID: <007e01beb2fb$153ce3c0$011c0fc0@lala.net> we have had some discussions recently on just how many connections linux can handle, and i think the max number was 1024 (well, 2048 concurrent processes, each pptp connection uses 2, so say 1000 taking for graned that some system processes will be lying around.. The default limit is 256 processes, more requires a kernel recompile) and that is just process limits, i'm not sure how many ppp? devices linux allows. Maybe if you had external ppp devices, or something compatible you could get around those limits. The type of data going across the server is largely irrelevant; conciveably you could tunnel any sort of packet you want (ppp is the standard for pptp, but with the GRE channel set up as it is, we could just as easily tunnel any stream-based network protocol) however, encryption doesn't work yet (though it is [and has been] a major goal for quite some time), so you'll either have to wait or shell out the big bucks for other solutions. sorry Kevin ----- Original Message ----- From: Tim Ott To: Sent: Wednesday, June 09, 1999 9:20 PM Subject: [pptp-server] Help > Maybe you can help me. I am looking to set up a VPN Server that can > handle 5000 concurrent conections. The information is not HTTP but > small packets of about 500-1k bytes with full 128 bit encryption needed > and talking to NT client. Do you think that Linux could handle this. I > am currently running NT Server with a limit of 255 concurrent VPN's > (meaning 20 boxes) and have been quoted ~ 27k per box for a tunneling > router that can handle 2000 VPN connections. I would love to have > something a little more home grown. Thanks. > -Tim Ott > tott at qs1.com > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From skvidal at skyrunner.net Wed Jun 9 23:39:19 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Wed Jun 9 23:39:19 1999 Subject: [pptp-server] Help In-Reply-To: <375F3D20.CB6653A4@innova.net> Message-ID: > Maybe you can help me. I am looking to set up a VPN Server that can > handle 5000 concurrent conections. The information is not HTTP but > small packets of about 500-1k bytes with full 128 bit encryption needed > and talking to NT client. Do you think that Linux could handle this. I > am currently running NT Server with a limit of 255 concurrent VPN's > (meaning 20 boxes) and have been quoted ~ 27k per box for a tunneling > router that can handle 2000 VPN connections. I would love to have > something a little more home grown. Thanks. > -Tim Ott > tott at qs1.com are you sure its a vpn server you want and not some sort of modified apache SSL server if its large enough and with some kernel tweaks it should be able to handle that sort of simulataneous load.. what sort of data is being sent. is it protocol or client specific? can you webify it? if you can then I'd say forget VPNing anything and setup a password protected SSL server. Are you really trying to extend the internal network around these users or are you just trying to give them access to some of the data? -sv From luyer at ucs.uwa.edu.au Thu Jun 10 00:21:20 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jun 10 00:21:20 1999 Subject: [pptp-server] some more notes/questions In-Reply-To: Your message of "Wed, 09 Jun 1999 19:42:07 -0400." Message-ID: <199906100520.NAA05189@typhaon.ucs.uwa.edu.au> > On Mon, 31 May 1999, Seth Vidal wrote: > > > > I need some way of writing the pppd data to wtmp/utmp. > > I remembered reading this post a while back and just now stumbled across > the answer: > > From pppd(8): > > login Use the system password database for authenticating > the peer using PAP, and record the user in the sys- > tem wtmp file. Note that the peer must have an > entry in the /etc/ppp/pap-secrets file as well as > the system password database to be allowed access. > > I see no other reference to wtmp, but maybe it'll work for CHAP anyway. > (This jives with my lack of CHAP knowledge. The password is probably > transmitted in an incompatibly encrypted manner, huh?) If not, surely it > would be an easy hack to copy over the wtmp-specific stuff, since it's > already there. Well, you can use PAP, it means the passwords go over the wire unencrypted, but it works with all the clients that I've tried. The wtmp entries made by the login option are only done with PAP. However if you want to use CHAP and want wtmp entries, you could modify pppd to make it record the logins in wtmp; it's a fairly trivial change in pppd/auth.c; grab some of the code out of plogin (eg, around the call to logwtmp and the logged_in = 1) and put it in to the CHAP code path. Slightly harder if you're using PAM but not much more so. David. From luyer at ucs.uwa.edu.au Thu Jun 10 00:42:28 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jun 10 00:42:28 1999 Subject: [pptp-server] Help In-Reply-To: Your message of "Wed, 09 Jun 1999 21:38:25 MST." <007e01beb2fb$153ce3c0$011c0fc0@lala.net> Message-ID: <199906100542.NAA05624@typhaon.ucs.uwa.edu.au> Actually, the limits under Linux are: per-process filedescriptors - up until a few minutes ago, one per client (would limit clients to 256 by default, or 1024 with kernel recompile, or more with major libc/kernel hackery) - now, no relevant limit ttys - currently, with a standard kernel, 256 clients - with Unix98 ptys and a small amount of coding, 2048 ppp devices - no limit in kernel source for ppp - limit of 100 in dev_alloc_name() in 2.2.x for(i=0;i<100;i++) { sprintf(dev->name,name,i); if(dev_get(dev->name)==NULL) return i; } best fix is probably to keep a static int ppp_maxdev so you don't end up doing 2000 dev_get's to allocated the 2001'th device. processes - 2 per client plus system processes - standard kernel max = 512 processes, ie 256 clients - i386 max = 4096 processes, ie 2048 clients So it seems that 2048 will be the limit, if you fix a few things and with a minor kernel mod (I could do all of these pretty easily and send you a trivial kernel patch). To go above 2048 the easiest approach would be to combine pptpctrl and pppd in one process, which would get you to 4096. Beyond there, you need to go for a select() based model, which would be significant coding effort and require large fd-set sizes and so on. So 4096 is the practical limit, and 2048 the easy limit. David. From matthewr at moreton.com.au Thu Jun 10 02:46:47 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu Jun 10 02:46:47 1999 Subject: [pptp-server] v0.8.12 released Message-ID: <375F6C50.25A32448@moreton.com.au> Hiya all, PoPToP v0.8.12 has been released! Download here: http://www.moretonbay.com/vpn/download_pptp.html Here's the ChangeLog: v0.8.11 -> v0.8.12 10th June, 1999 - made autoconf actually check the relevant headers - made config.embed.h and removed most #if EMBED in favour of using this - fixed some includes and re-arranged things to be a bit cleaner - minor cosmetic fixes - fixed compilation on StarOS 4 (and hence SunOS 4) - documentation on running from ientd - removed ctrl-manager pipe by default Cheers, Matt. From luyer at ucs.uwa.edu.au Thu Jun 10 06:38:12 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jun 10 06:38:12 1999 Subject: [pptp-server] Current CVS Message-ID: <199906101137.TAA15976@typhaon.ucs.uwa.edu.au> I've made large-ish code changes in the current CVS - no actual bug fixes, but performance improvements, protection against bad configuration, restructuring, etc. Here's the changelog: - removed ctrl-manager pipe completely - moved awareness of pppd-ip-alloc option to manager only - made pptpctrl able to have a none, one or both of local/remote addresses rather than only both or none - great code simplicication - re-did IP parser; less potential segfaults from bad config - correctly calculate max connections based on number of IP addresses given and statically configured maximum - properly permit hostnames in IP parser - always use fd 0 for network connection - note - this changes run from inetd options. re-read README.inetd if you use it I expect there could be problems, as this touched a lot of the code, that's why I asked Matt to not wait for me to do my changes before he pushed 0.8.12 out... and unfortunately I've got to go for today now, leaving this completely untested. If you want to help, try out the CVS version and tell me (us) how it goes; if you want something which will definitely work, use 0.8.12. David. From guinan at bluebutton.com Thu Jun 10 11:01:30 1999 From: guinan at bluebutton.com (Jamie Guinan) Date: Thu Jun 10 11:01:30 1999 Subject: [pptp-server] Win9x setup URL? Message-ID: The URL for Win9x setup is either incorrect or missing: http://www.moretonbay.com/vpn/win98.html Anyone have the correct link? Or maybe fix the referring url: http://www.moretonbay.com/vpn/setup_pptp_server.html BTW, PoPToP [0.8.10] plus C. Ananian's PPTP-Linux works great for me for Linux-to-Linux tunneling. I spent a week trying to coerce FreeS/WAN to work but to no avail. I know PoPToP doesn't have encryption yet, but its very easy to set up and doesn't require any kernel hackery, which makes deploying it much easier. Nice work guys! -Jamie ================================================================ Jamie Guinan Blue Button Solutions, Inc. guinan at bluebutton.com http://www.bluebutton.com ================================================================ From luyer at ucs.uwa.edu.au Thu Jun 10 11:28:39 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jun 10 11:28:39 1999 Subject: [pptp-server] 0.8.12 & CVS Message-ID: <199906101628.AAA18082@typhaon.ucs.uwa.edu.au> Damn. I think I got the return code for waitpid() wrong. I'll try to commit a fix to CVS soon (the fix is trivial, commiting it may not be...). David. From luyer at ucs.uwa.edu.au Thu Jun 10 11:30:59 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jun 10 11:30:59 1999 Subject: [pptp-server] Fix for bulk CPU usage of 0.8.12 & CVS Message-ID: <199906101630.AAA18126@typhaon.ucs.uwa.edu.au> change the line in pptpmanager.c with waitpid() on it from != -1 to > 0. Or wait for ym cvs commit. David. From rfox at dls.queens.org Thu Jun 10 11:55:09 1999 From: rfox at dls.queens.org (Ronald L Fox) Date: Thu Jun 10 11:55:09 1999 Subject: [pptp-server] Win9x setup URL? In-Reply-To: Message-ID: <3.0.3.32.19990610065417.05111120@kahala.dlabs.com> At 12:01 PM 6/10/99 -0400, Jamie Guinan wrote: > >The URL for Win9x setup is either incorrect or missing: > > http://www.moretonbay.com/vpn/win98.html > >Anyone have the correct link? Or maybe fix the referring >url: > > http://www.moretonbay.com/vpn/setup_pptp_server.html Jamie, Matt Ramsay posted the guide to this list on 1 June so you can find that version in the list archives at: http://lists.schulte.org/pipermail/pptp-server/1999-June/000062.html Another link that is broken on the web site is the one to Seth Vidal's network diagram which he posted to the list on 3 June and which you can find at: http://lists.schulte.org/pipermail/pptp-server/1999-June/000078.html The broken link is http://www.moretonbay.com/vpn/pptp.gif Referring page is http://www.moretonbay.com/vpn/pptp.html I've notified the webmaster at www.moretonbay.com of these 2 broken links. Regards, Ron > >BTW, PoPToP [0.8.10] plus C. Ananian's PPTP-Linux works great for me >for Linux-to-Linux tunneling. I spent a week trying to coerce FreeS/WAN >to work but to no avail. I know PoPToP doesn't have encryption yet, but >its very easy to set up and doesn't require any kernel hackery, which >makes deploying it much easier. > >Nice work guys! > >-Jamie > >================================================================ >Jamie Guinan Blue Button Solutions, Inc. >guinan at bluebutton.com http://www.bluebutton.com >================================================================ -- Ronald L Fox E-mail: rfox at dls.queens.org Diagnostic Laboratory Services Phone: (808) 589-5172 Honolulu, Hawaii From leibig at interfaze.net Thu Jun 10 15:58:54 1999 From: leibig at interfaze.net (Ben Leibig) Date: Thu Jun 10 15:58:54 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. Message-ID: <000001beb383$f2fff160$32b4aecf@tritium.interfaze.net> I was wondering if anyone could help me. I don't have a real good understanding of PPTP, it seems very complicated, I'd be interested in sources of more information. Regardless it seems fairly easy to setup and I just want to get it to work.. I think a lot of people would be interested in my application and I'd be happy to share my success story once I get it working.... I own a Compaq Microcom 4000. This modem pool supports ISDN over a PRI t1, however it insists on using PPTP to do so. I'm not really sure how this works as the Compaq docs are very unclear. I would assume it basically builds a tunnel for each ISDN connection to the server and then connects with them using standard PPP. My problem is. It seems like ISDN users would be dialing in via PAP, not CHAP... Is there any support in the PPTP daemon for chap, or is this solely the duty of pppd in which case this won't be a problem. More over, and I realize this may be more hardware specific. Is there anyway I can tell if a user is connecting with one channel(64k) or two(128k). Any advice would be greatly appreciated. My main question is wether I can use PoPToP with PAP. Thank you for your time, Ben Leibig Technical Director Interfaze Computer Solutions From mals at home.com Thu Jun 10 16:51:53 1999 From: mals at home.com (Malay Shah) Date: Thu Jun 10 16:51:53 1999 Subject: [pptp-server] IPX & PPTP Message-ID: <3760334E.52895DA8@home.com> Hi, I'm wondering if it is possible to setup PoPToP to use the IPX protocol with Win95 based machines. Malay Shah From skvidal at skyrunner.net Thu Jun 10 17:02:53 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Thu Jun 10 17:02:53 1999 Subject: [pptp-server] IPX & PPTP In-Reply-To: <3760334E.52895DA8@home.com> Message-ID: > Hi, I'm wondering if it is possible to setup PoPToP to use the IPX > protocol with Win95 based machines. if you turn on ipx routing in the ppp setup it should be possible. -sv From mals at home.com Thu Jun 10 17:08:33 1999 From: mals at home.com (Malay Shah) Date: Thu Jun 10 17:08:33 1999 Subject: [pptp-server] IPX & PPTP References: Message-ID: <3760373B.ACD46F14@home.com> I have IPX routing enabled in the ppp and the Win95 machine detects the protocol being used but for some reason I can't ping the node on the ppp interface using the ipxping application. When I try to ping (ipxping) the other machine, it just gives me a request timed out error, but if I change the node address by one number, I get a reply. Seth Vidal wrote: > > Hi, I'm wondering if it is possible to setup PoPToP to use the IPX > > protocol with Win95 based machines. > > if you turn on ipx routing in the ppp setup it should be possible. > > -sv > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From luyer at ucs.uwa.edu.au Thu Jun 10 22:27:48 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jun 10 22:27:48 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: Your message of "Thu, 10 Jun 1999 14:58:10 CST." <000001beb383$f2fff160$32b4aecf@tritium.interfaze.net> Message-ID: <199906110327.LAA21922@typhaon.ucs.uwa.edu.au> > My problem is. It seems like ISDN users > would be dialing in via PAP, not CHAP... Is there any support in the PPTP > daemon for chap, or is this solely the duty of pppd in which case this won't > be a problem. PoPToP can be used with PAP quite happily. It's completely up to the PPPd what it does (I use PAP here). David. From luyer at ucs.uwa.edu.au Thu Jun 10 22:28:39 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jun 10 22:28:39 1999 Subject: [pptp-server] IPX & PPTP In-Reply-To: Your message of "Thu, 10 Jun 1999 18:07:55 -0400." <3760373B.ACD46F14@home.com> Message-ID: <199906110328.LAA21944@typhaon.ucs.uwa.edu.au> > I have IPX routing enabled in the ppp and the Win95 machine detects the > protocol being used but for some reason I can't ping the node on the ppp > interface using the ipxping application. When I try to ping (ipxping) > the other machine, it just gives me a request timed out error, but if I > change the node address by one number, I get a reply. Personally I think it sounds like a pppd problem - have you tried connecting a modem to the machine and dialing it? David. From andrew at ibi.co.za Fri Jun 11 01:25:46 1999 From: andrew at ibi.co.za (Andrew Cameron) Date: Fri Jun 11 01:25:46 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: <000001beb383$f2fff160$32b4aecf@tritium.interfaze.net> Message-ID: Hi, I have the same problem. As of 0.8.12 it does not work. I complains about message type 9 not being implemented. Regards Andrew On Thu, 10 Jun 1999, Ben Leibig wrote: > I was wondering if anyone could help me. > > I don't have a real good understanding of PPTP, it seems very complicated, > I'd be interested in sources of more information. Regardless it seems > fairly easy to setup and I just want to get it to work.. I think a lot of > people would be interested in my application and I'd be happy to share my > success story once I get it working.... > > I own a Compaq Microcom 4000. This modem pool supports ISDN over a PRI t1, > however it insists on using PPTP to do so. I'm not really sure how this > works as the Compaq docs are very unclear. I would assume it basically > builds a tunnel for each ISDN connection to the server and then connects > with them using standard PPP. My problem is. It seems like ISDN users > would be dialing in via PAP, not CHAP... Is there any support in the PPTP > daemon for chap, or is this solely the duty of pppd in which case this won't > be a problem. > > More over, and I realize this may be more hardware specific. Is there > anyway I can tell if a user is connecting with one channel(64k) or > two(128k). Any advice would be greatly appreciated. My main question is > wether I can use PoPToP with PAP. > > > Thank you for your time, > Ben Leibig > Technical Director > Interfaze Computer Solutions > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > ----------------------------------------------------------------------------- Andrew Cameron Internet: andrew at ibi.co.za Internet: apcameron at intch.co.za ----------------------------------------------------------------------------- From luyer at ucs.uwa.edu.au Fri Jun 11 01:55:46 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Jun 11 01:55:46 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: Your message of "Sat, 11 Jun 1999 08:25:36 +0200." Message-ID: <199906110655.OAA03004@typhaon.ucs.uwa.edu.au> > > Hi, > > I have the same problem. As of 0.8.12 it does not work. I complains about > message type 9 not being implemented. Message type 9 is an 'incoming call request'. It is sent from the PNS (PPTP Network Server, ie, pptpd) to the PAC (PPTP Access Concentrator, ie, Win98 client) in order to request that the PAC initiate an incoming call (or connection) to the PNS. Hence it shouldn't be implemented in pptpd, since pptpd is a server not a client. David. From andrew at ibi.co.za Fri Jun 11 02:18:04 1999 From: andrew at ibi.co.za (Andrew Cameron) Date: Fri Jun 11 02:18:04 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: <199906110655.OAA03004@typhaon.ucs.uwa.edu.au> Message-ID: Hi, In this case the message was received by the PPTP network Server. This Setup works 100% using NT PPTP and RAS, Thus I believe that it is a valid way of working. Regards Andrew On Fri, 11 Jun 1999, David Luyer wrote: > > > > Hi, > > > > I have the same problem. As of 0.8.12 it does not work. I complains about > > message type 9 not being implemented. > > Message type 9 is an 'incoming call request'. > > It is sent from the PNS (PPTP Network Server, ie, pptpd) to the PAC (PPTP > Access Concentrator, ie, Win98 client) in order to request that the PAC > initiate an incoming call (or connection) to the PNS. Hence it shouldn't > be implemented in pptpd, since pptpd is a server not a client. > > David. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > ----------------------------------------------------------------------------- Andrew Cameron Internet: andrew at ibi.co.za Internet: apcameron at intch.co.za ----------------------------------------------------------------------------- From matthewr at moreton.com.au Fri Jun 11 03:21:25 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Fri Jun 11 03:21:25 1999 Subject: [pptp-server] Test PoPToP Message-ID: <3760C5F4.7BC88EDD@moreton.com.au> Hiya all, I have a test for anyone who has time/interest. I have setup PoPToP on one of my machines. The IP address is 203.24.151.237. This machine is also connected to my private network. I have a linux machine on my private network with IP address 192.168.1.2. Connect to my PoPToP Server (username: pptpd, password: pptpd1234) ping 192.168.1.2 If you can reach that address telnet to it: telnet 192.168.1.2 username: pptpd password: pptpd1234 then do a 'cat README' and tell me the phrase so I can be sure you logged in ok. (Do not mail the answer to the mailing list.. but me personally :-) Given that nothing unexpected happens (power failure, computer failure, etc.) you shouldn't have a problem. A couple of people have already verified it works. I will only leave this running for a few days. Cheers, Matt. From matthewr at moreton.com.au Fri Jun 11 03:41:03 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Fri Jun 11 03:41:03 1999 Subject: [pptp-server] v0.8.13 released! Message-ID: <3760CA92.7C328BE7@moreton.com.au> Hiya all, PoPToP v0.8.13 has been released! You can download it here: http://www.moretonbay.com/vpn/download_pptp.html Another bunch of fixes from David. All the credit to him! Here is the ChangeLog: - removed ctrl-manager pipe completely - moved awareness of pppd-ip-alloc option to manager only - if using pppd-ip-alloc, manager runs more efficiently - made pptpctrl able to have a none, one or both of local/remote addresses rather than only both or none - great code simplicication - re-did IP parser; less potential segfaults from bad config - correctly calculate max connections based on number of IP addresses given and statically configured maximum - no max connections for the pppd-ip-alloc case - properly permit hostnames in IP parser - always use fd 0 for network connection - fixed -c option - note - this version changes the 'run from inetd' options. re-read README.inetd if you use it Cheers, Matt. From luyer at ucs.uwa.edu.au Fri Jun 11 04:46:43 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Jun 11 04:46:43 1999 Subject: [pptp-server] v0.8.13 released! In-Reply-To: Your message of "Fri, 11 Jun 1999 08:36:34 GMT." <3760CA92.7C328BE7@moreton.com.au> Message-ID: <199906110946.RAA02783@typhaon.ucs.uwa.edu.au> And I was just a few minutes too late testing my fix for the 629-on-startup. The following patch might fix the error 629 on startup and after pppd hasn't been run a long time, which turns out to be due to reading from/writing to the pty before pppd has got a chance configure it properly (if it is recently invoked, then it is in memory, so it doesn't have a problem). I'd like someone who can reboot their machine a bit more often than I can to test it; rebooting to get the debug traces to decide that's the probable problem was enough of a problem :-( David. Index: pptpctrl.c =================================================================== RCS file: /cvs/pptpd/pptpd/pptpctrl.c,v retrieving revision 1.50 diff -u -r1.50 pptpctrl.c --- pptpctrl.c 1999/06/10 11:33:49 1.50 +++ pptpctrl.c 1999/06/11 09:43:43 @@ -178,6 +178,8 @@ int stat2 = 0; /* # of bytes we successfully wrote to the client */ + int init = 0; + unsigned char packet[PPTP_MAX_CTRL_PCKT_SIZE]; unsigned char rply_packet[PPTP_MAX_CTRL_PCKT_SIZE]; @@ -194,7 +196,7 @@ FD_SET (clientSocket, &fds); if(pty_fd != -1) FD_SET (pty_fd, &fds); - if(gre_fd != -1) + if(gre_fd != -1 && init) FD_SET (gre_fd, &fds); /* set timeout */ @@ -244,6 +246,9 @@ break; } + /* detect startup of pppd */ + if (!init && pty_fd != -1 && FD_ISSET(pty_fd, &fds)) + init = 1; /* handle actual packets */ From andrew at ibi.co.za Fri Jun 11 05:20:13 1999 From: andrew at ibi.co.za (Andrew Cameron) Date: Fri Jun 11 05:20:13 1999 Subject: [pptp-server] v0.8.13 released! In-Reply-To: <199906110946.RAA02783@typhaon.ucs.uwa.edu.au> Message-ID: Hi, Any Idea on how seen message type 9 will be added. 2.9. Incoming-Call-Request (Message type 9 from draft-ietf-pppext-pptp-10.txt) The Incoming-Call-Request is a PPTP control message sent by the PAC to the PNS to indicate that an inbound call is to be established from the PAC. This request provides the PNS with parameter information for the incoming call. This message is the first in the "three-way handshake" used by PPTP for establishing incoming calls. The PAC may defer answering the call until it has received an Incoming-Call-Reply from the PNS indicating that the call should be established. This mechanism allows the PNS to obtain sufficient information about the call before it is answered to determine whether the call should be answered or not. . . . On Fri, 11 Jun 1999, David Luyer wrote: > And I was just a few minutes too late testing my fix for the 629-on-startup. > > The following patch might fix the error 629 on startup and after pppd hasn't > been run a long time, which turns out to be due to reading from/writing to > the pty before pppd has got a chance configure it properly (if it is recently > invoked, then it is in memory, so it doesn't have a problem). > > I'd like someone who can reboot their machine a bit more often than I can > to test it; rebooting to get the debug traces to decide that's the probable > problem was enough of a problem :-( > > David. > > Index: pptpctrl.c > =================================================================== > RCS file: /cvs/pptpd/pptpd/pptpctrl.c,v > retrieving revision 1.50 > diff -u -r1.50 pptpctrl.c > --- pptpctrl.c 1999/06/10 11:33:49 1.50 > +++ pptpctrl.c 1999/06/11 09:43:43 > @@ -178,6 +178,8 @@ > > int stat2 = 0; /* # of bytes we successfully wrote to the client */ > > + int init = 0; > + > unsigned char packet[PPTP_MAX_CTRL_PCKT_SIZE]; > unsigned char rply_packet[PPTP_MAX_CTRL_PCKT_SIZE]; > > @@ -194,7 +196,7 @@ > FD_SET (clientSocket, &fds); > if(pty_fd != -1) > FD_SET (pty_fd, &fds); > - if(gre_fd != -1) > + if(gre_fd != -1 && init) > FD_SET (gre_fd, &fds); > > /* set timeout */ > @@ -244,6 +246,9 @@ > break; > } > > + /* detect startup of pppd */ > + if (!init && pty_fd != -1 && FD_ISSET(pty_fd, &fds)) > + init = 1; > > /* handle actual packets */ > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > ----------------------------------------------------------------------------- Andrew Cameron Internet: andrew at ibi.co.za Internet: apcameron at intch.co.za ----------------------------------------------------------------------------- From luyer at ucs.uwa.edu.au Fri Jun 11 05:29:36 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Jun 11 05:29:36 1999 Subject: [pptp-server] v0.8.13 released! In-Reply-To: Your message of "Sat, 11 Jun 1999 12:18:47 +0200." Message-ID: <199906111029.SAA03347@typhaon.ucs.uwa.edu.au> > Any Idea on how seen message type 9 will be added. > > 2.9. Incoming-Call-Request (Message type 9 from > draft-ietf-pppext-pptp-10.txt) > > The Incoming-Call-Request is a PPTP control message sent by the PAC to > the PNS to indicate that an inbound call is to be established from the > PAC. This request provides the PNS with parameter information for the > incoming call. From andrew at ibi.co.za Fri Jun 11 05:37:23 1999 From: andrew at ibi.co.za (Andrew Cameron) Date: Fri Jun 11 05:37:23 1999 Subject: [pptp-server] v0.8.13 released! In-Reply-To: <199906111029.SAA03347@typhaon.ucs.uwa.edu.au> Message-ID: Hi, The Draft Defines the following Network Access Server (NAS) A device providing temporary, on-demand network access to users. This access is point-to-point using PSTN or ISDN lines. PPTP Access Concentrator (PAC) A device attached to one or more PSTN or ISDN lines capable of PPP operation and of handling the PPTP protocol. The PAC need only implement TCP/IP to pass traffic to one or more PNSs. It may also tunnel non-IP protocols. PPTP Network Server (PNS) A PNS is envisioned to operate on general-purpose computing/server platforms. The PNS handles the server side of the PPTP protocol. Since PPTP relies completely on TCP/IP and is independent of the interface hardware, the PNS may use any combination of IP interface hardware including LAN and WAN devices. The PPTP Server is Clearly the PNS and NOT the PAC Regards Andrew On Fri, 11 Jun 1999, David Luyer wrote: > > > Any Idea on how seen message type 9 will be added. > > > > 2.9. Incoming-Call-Request (Message type 9 from > > draft-ietf-pppext-pptp-10.txt) > > > > The Incoming-Call-Request is a PPTP control message sent by the PAC to > > the PNS to indicate that an inbound call is to be established from the > > PAC. This request provides the PNS with parameter information for the > > incoming call. > > >From my interpretation, we respond to Outgoing-Call-Requests, which means > we are a PAC not a PNS and hence we shouldn't respond to > Incoming-Call-Requests. The whole draft itself is confusing as it seems to > be written with different goals it mind (specifically, with ISDN calls and > so on being established which have nothing to do with PPTP as we know it). > > 2.7. Outgoing-Call-Request > > The Outgoing-Call-Request is a PPTP control message sent by the PNS to > the PAC to indicate that an outbound call from the PAC is to be > established. This request provides the PAC with information required to > make the call. It also provides information to the PAC that is used to > regulate the transmission of data to the PNS for this session once it is > established. > > David. > ----------------------------------------------------------------------------- Andrew Cameron Internet: andrew at ibi.co.za Internet: apcameron at intch.co.za ----------------------------------------------------------------------------- From mals at home.com Fri Jun 11 07:13:41 1999 From: mals at home.com (Malay Shah) Date: Fri Jun 11 07:13:41 1999 Subject: [pptp-server] IPX & PPTP References: <199906110328.LAA21944@typhaon.ucs.uwa.edu.au> Message-ID: <3760FD4E.D28A763D@home.com> I haven't tried it but I think I will. PPTP only sets up a ppp connection on port TCP/1723 and all protocols are handled by pppd, is that how it works? David Luyer wrote: > > I have IPX routing enabled in the ppp and the Win95 machine detects the > > protocol being used but for some reason I can't ping the node on the ppp > > interface using the ipxping application. When I try to ping (ipxping) > > the other machine, it just gives me a request timed out error, but if I > > change the node address by one number, I get a reply. > > Personally I think it sounds like a pppd problem - have you tried connecting a > modem to the machine and dialing it? > > David. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From martin at simpli.net Fri Jun 11 07:51:00 1999 From: martin at simpli.net (martin at simpli.net) Date: Fri Jun 11 07:51:00 1999 Subject: [pptp-server] MGR: No more free connection slots! Message-ID: <002e01beb409$d47204a0$0a02a8c0@simpli.net> Look I just test poptop 0.8.13 on redhat 6.0 and when a host connect I get that on the linux box Jun 11 08:29:04 server pptpd[4875]: MGR: No more free connection slots! what that mean (but the connection work ... no problem with it only get this warning!) Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From luyer at ucs.uwa.edu.au Fri Jun 11 09:36:22 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Jun 11 09:36:22 1999 Subject: [pptp-server] IPX & PPTP In-Reply-To: Your message of "Fri, 11 Jun 1999 08:13:02 -0400." <3760FD4E.D28A763D@home.com> Message-ID: <199906111435.WAA05158@typhaon.ucs.uwa.edu.au> > I haven't tried it but I think I will. PPTP only sets up a ppp connection on port > TCP/1723 and all protocols are handled by pppd, is that how it works? Not quite. The TCP/1723 is the control connection which handles all kinds of things.. in the greater scheme of things it's meant to handle things including setting up ISDN calls between two boxes as the transport layer. In the current implementation, it handles setting up a GRE connection between the two IP addresses which already have the TCP connection between them. The data is transferred over the internet using protocol 47. Then, the pptpd converts between GRE packets and the frames the pppd expects to see and relays between the two; all the protocol support, etc, is done by the pppd. So, it's almost as you expected, just that TCP isn't the transport, GRE is (protocol 47). David. From luyer at ucs.uwa.edu.au Fri Jun 11 09:41:08 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Jun 11 09:41:08 1999 Subject: [pptp-server] MGR: No more free connection slots! In-Reply-To: Your message of "Fri, 11 Jun 1999 08:56:32 -0400." <002e01beb409$d47204a0$0a02a8c0@simpli.net> Message-ID: <199906111440.WAA05259@typhaon.ucs.uwa.edu.au> > Look I just test poptop 0.8.13 on redhat 6.0 and when a host connect I = > get > that on the linux box > > Jun 11 08:29:04 server pptpd[4875]: MGR: No more free connection slots! > > what that mean (but the connection work ... no problem with it only get = > this > warning!) I'd say at a guess you've only configured one IP address and you have connected a client, and as such there are no more free connection slots should any more clients wish to connect. David. From tmk at netmagic.net Fri Jun 11 13:14:54 1999 From: tmk at netmagic.net (tmk) Date: Fri Jun 11 13:14:54 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: Message-ID: i think the problem you are experiencing is that the pptp box you are using uses the "official" way of initiating a pptp connection, namely using an in_call_req. However, all the clients we tested did things the wrong way, but since ALL the clients did it, we didn't bother implementing the right way. All that needs to be done is put in handlers for the IN_CALL_REQ style of call initiation. It should be done soon. Kevin On Fri, 11 Jun 1999, Andrew Cameron wrote: > > Hi, > > I have the same problem. As of 0.8.12 it does not work. I complains about > message type 9 not being implemented. > > Regards > Andrew > > On Thu, 10 Jun 1999, Ben Leibig wrote: > > > I was wondering if anyone could help me. > > > > I don't have a real good understanding of PPTP, it seems very complicated, > > I'd be interested in sources of more information. Regardless it seems > > fairly easy to setup and I just want to get it to work.. I think a lot of > > people would be interested in my application and I'd be happy to share my > > success story once I get it working.... > > > > I own a Compaq Microcom 4000. This modem pool supports ISDN over a PRI t1, > > however it insists on using PPTP to do so. I'm not really sure how this > > works as the Compaq docs are very unclear. I would assume it basically > > builds a tunnel for each ISDN connection to the server and then connects > > with them using standard PPP. My problem is. It seems like ISDN users > > would be dialing in via PAP, not CHAP... Is there any support in the PPTP > > daemon for chap, or is this solely the duty of pppd in which case this won't > > be a problem. > > > > More over, and I realize this may be more hardware specific. Is there > > anyway I can tell if a user is connecting with one channel(64k) or > > two(128k). Any advice would be greatly appreciated. My main question is > > wether I can use PoPToP with PAP. > > > > > > Thank you for your time, > > Ben Leibig > > Technical Director > > Interfaze Computer Solutions > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > ----------------------------------------------------------------------------- > > Andrew Cameron > Internet: andrew at ibi.co.za > Internet: apcameron at intch.co.za > > ----------------------------------------------------------------------------- > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Fri Jun 11 13:21:24 1999 From: tmk at netmagic.net (tmk) Date: Fri Jun 11 13:21:24 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: <199906110655.OAA03004@typhaon.ucs.uwa.edu.au> Message-ID: > Message type 9 is an 'incoming call request'. > > It is sent from the PNS (PPTP Network Server, ie, pptpd) to the PAC (PPTP > Access Concentrator, ie, Win98 client) in order to request that the PAC > initiate an incoming call (or connection) to the PNS. Hence it shouldn't > be implemented in pptpd, since pptpd is a server not a client. quite the opposite, actually. According to the pptp internet draft: (http://search.ietf.org/internet-drafts/draft-ietf-pppext-pptp-10.txt) The Incoming-Call-Request is a PPTP control message sent by the PAC to the PNS to indicate that an inbound call is to be established from the PAC. This request provides the PNS with parameter information for the incoming call. There was some debate early on as to whether we should disallow out_call_requests and only answer in_call_requests, but it was decided that since no known clients used in_call_requests, and they all seemed to use out_call_requests, that we wouldn't need in_call_requests at that point. As i've stated, one of my goals for v1.0 is to implement full RFC(internet draft actually) compliance, so this issue should be dealt with before too long. Kevin From luyer at ucs.uwa.edu.au Fri Jun 11 14:23:53 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Jun 11 14:23:53 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. Message-ID: <199906111923.DAA09326@typhaon.ucs.uwa.edu.au> PPTP can also be used to tunnel a PPP session over an IP network. In this configuration the PPTP tunnel and the PPP session runs between the same two machines with the caller acting as a PNS. (above 3 lines from the IETF draft spec for PPTP) therefore, we act as a PAC and don't have to implement message type 9 incoming. If we want to do more than PPTP tunnel over IP, then we would be a PNS. David. From guinan at bluebutton.com Fri Jun 11 14:48:42 1999 From: guinan at bluebutton.com (Jamie Guinan) Date: Fri Jun 11 14:48:42 1999 Subject: [pptp-server] Samba and pptpd In-Reply-To: Message-ID: I thought I'd jump into this thread as I'm having similar problems talking to a Samba server from a Win98 client. Here is my setup: Win98 client [192.168.1.226 assigned by PPTPD] | (PPP) | [216.67.x.x external PPP address] ISP---Internet---ISP2--(PPP)--Gateway [192.168.1.1 internal address] | [192.168.1.221 PPTP local address] | +-- Samba server [192.168.1.2 internal] (excuse my lame art) Notes: . my LAN uses 192.168.1.x IP addresses . In pptp.conf I use, localip 192.168.1.221-225 remoteip 192.168.1.226-230 . the Win98-side ISP is AOL. I have no trouble establishing the PPTP connection between Win98 client and Gateway. And I can telnet to Samba server from Win98 client, and likewise ping Win98 client from Samba server. But trying to map volumes from the Samba server fails with something like "The connection cannot be made permanent". Even if I try '\\192.168.1.2\sharename' it still doesn't connect. I'll answer Seth's questions here: > samba on a separate machine or on the pptpd server? Separate machine as illustrated. > is samba configured as a pdc or what? No. Uses /etc/smbpassswd and security=user. > what version of samba? 2.0.3 (stock RH 5.2). > what does the bind interfaces only parameter say? Not set. > what does the interfaces parameter say? Not set. I've been reading the Samba docs and the SMB and NetBIOS stuff looks fairly complicated. Do I need to set up broadcast forwarding or something? Thanks in advance if anyone has any tips. -Jamie From skvidal at skyrunner.net Fri Jun 11 15:02:52 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Fri Jun 11 15:02:52 1999 Subject: [pptp-server] Samba and pptpd In-Reply-To: Message-ID: > I'll answer Seth's questions here: > > > samba on a separate machine or on the pptpd server? > > Separate machine as illustrated. > > > is samba configured as a pdc or what? > > No. Uses /etc/smbpassswd and security=user. > > > what version of samba? > > 2.0.3 (stock RH 5.2). > > > what does the bind interfaces only parameter say? > > Not set. > > > what does the interfaces parameter say? > > Not set. > > I've been reading the Samba docs and the SMB and NetBIOS > stuff looks fairly complicated. > > Do I need to set up broadcast forwarding or something? > > Thanks in advance if anyone has any tips. > -Jamie try setting wins support= yes on the samba server and set your wins server on the pptp on the win9X machine to be 192.168.1.2 or make an lmhosts setting for your win9X machine that says 192.168.1.2 sambaserver (put lmhosts in c:\windows) see if that helps. -sv From epadin at wagweb.com Fri Jun 11 15:16:22 1999 From: epadin at wagweb.com (Ed Padin) Date: Fri Jun 11 15:16:22 1999 Subject: [pptp-server] PPTP Data Encryption Message-ID: Hello all, I've been able to connect to Mathew Ramsey's test poptop server (thank, Mathew.) using the Win95 DUN 1.3 VPN client. It works pretty well. I did notice, while doing a tcpdump, that the data is not encrypted. Is it possible to do some form of encryption of the data flow. I have some clients that are hungry for a good VPN server-to-windows client solution but they absolutely require encryption. When I tried to enable encryption the DUN client told me that the remote server does not support it. Any help would be greatly appreciated. Thanks. From tmk at netmagic.net Fri Jun 11 15:27:12 1999 From: tmk at netmagic.net (tmk) Date: Fri Jun 11 15:27:12 1999 Subject: [pptp-server] PPTP Data Encryption In-Reply-To: Message-ID: We know that there is no encryption, and we are working on adding encryption in, but it is a tricky problem, as the encryption must be done by pppd, which is not our project. It will take some time to discover how pppd works, and how best to add encryption in. Kevin On Fri, 11 Jun 1999, Ed Padin wrote: > Hello all, > > I've been able to connect to Mathew Ramsey's test poptop server (thank, > Mathew.) using the Win95 DUN 1.3 VPN client. It works pretty well. > > I did notice, while doing a tcpdump, that the data is not encrypted. Is it > possible to do some form of encryption of the data flow. I have some clients > that are hungry for a good VPN server-to-windows client solution but they > absolutely require encryption. > > When I tried to enable encryption the DUN client told me that the remote > server does not support it. > > Any help would be greatly appreciated. > > Thanks. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Fri Jun 11 15:50:32 1999 From: tmk at netmagic.net (tmk) Date: Fri Jun 11 15:50:32 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: <199906111923.DAA09326@typhaon.ucs.uwa.edu.au> Message-ID: > therefore, we act as a PAC and don't have to implement message type 9 > incoming. well, technically we don't HAVE to implement those messages, but it's a pretty easy hack, and obviously SOME clinets are confused about how things work, so wy not support them? I dont think there are any security problems with implementing those 3 control types, so I say we do it. Kevin From guinan at bluebutton.com Fri Jun 11 16:43:21 1999 From: guinan at bluebutton.com (Jamie Guinan) Date: Fri Jun 11 16:43:21 1999 Subject: [pptp-server] Samba and pptpd In-Reply-To: Message-ID: On Fri, 11 Jun 1999, Seth Vidal wrote: > try setting > wins support= yes > on the samba server > and set your wins server on the pptp on the win9X machine to be 192.168.1.2 Still not connecting, but thanks for the tip. I'm going to also add, domain master = yes preferred master = yes (there are no NT servers on my network). I had the following in nmbd.log: [1999/06/11 17:22:18, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fa il(362) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name MYWG<1b> for the workgroup MYWG. Unable to sync browse lists in this workgroup -Jamie From guinan at bluebutton.com Fri Jun 11 17:23:20 1999 From: guinan at bluebutton.com (Jamie Guinan) Date: Fri Jun 11 17:23:20 1999 Subject: [pptp-server] Samba and pptpd In-Reply-To: Message-ID: Ok I set up Samba server with, domain master = yes preferred master = yes And the nmbd log looks happier now: Samba name server SERVER is now a local master browser for workgroup MYWG on subnet 192.168.1.2 I set up the DNS and WINS servers in the VPN "Server Types" dialog, and winipcfg displays the correct IP addresses for them once I bring up the VPN link. But when trying to mount a drive I still get, The following error occured while trying to connect F: to \\SERVER\username The network is not accesssible. For more informantion, look in the Help Index at the topic 'Network Troubleshooter'. I'm puzzled. I noticed that in MS VPN Adapter Properties, under Bindings it has "[x] NDISWAN -> ...". Should this be unchecked? Q: Is there an equivalent to "nslookup" for testing WINS name resolution? -Jamie From skvidal at skyrunner.net Fri Jun 11 18:12:21 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Fri Jun 11 18:12:21 1999 Subject: [pptp-server] Samba and pptpd In-Reply-To: Message-ID: > Ok I set up Samba server with, > domain master = yes > preferred master = yes > > And the nmbd log looks happier now: > > Samba name server SERVER is now a local master browser for workgroup > MYWG on subnet 192.168.1.2 > > I set up the DNS and WINS servers in the VPN "Server Types" dialog, > and winipcfg displays the correct IP addresses for them once I bring > up the VPN link. > > But when trying to mount a drive I still get, > > The following error occured while trying to connect > F: to \\SERVER\username > > The network is not accesssible. > For more informantion, look in the Help Index > at the topic 'Network Troubleshooter'. > > I'm puzzled. > > I noticed that in MS VPN Adapter Properties, under > Bindings it has "[x] NDISWAN -> ...". Should this > be unchecked? > > Q: Is there an equivalent to "nslookup" for testing > WINS name resolution? yeah net view \\servername dumb question. do you have the client for ms networks installed? -sv From guinan at bluebutton.com Fri Jun 11 18:39:29 1999 From: guinan at bluebutton.com (Jamie Guinan) Date: Fri Jun 11 18:39:29 1999 Subject: [pptp-server] Samba and pptpd In-Reply-To: Message-ID: On Fri, 11 Jun 1999, Seth Vidal wrote: > > Q: Is there an equivalent to "nslookup" for testing > > WINS name resolution? > > yeah net view \\servername Thanks I'll try that. > do you have the client for ms networks installed? Yep, that's the only client software on the Win98 machine. No NetBEUI, no IPX, and not the other one ("file and print sharing for microsoft networks" or whatever). The machine talks fine when its on the LAN on its PCMCIA ethernet card (which I "stop" and remove before trying the AOL/PPP/VPN connection). I'll report back if/when I get things working Monday, I'm off for the weekend... -Jamie From matthewr at moreton.com.au Sat Jun 12 20:58:50 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Sat Jun 12 20:58:50 1999 Subject: [pptp-server] Test finished Message-ID: <37630F3C.89878D0C@moreton.com.au> Hiya all, I've turned PoPToP *off* my server now. You will not be able to access my private network anymore. I haven't had a look at the logs or anything yet, but from all my emails a large number of people (over 20) read the "no secrets" phrase. Thanks to all those who tested it out. It has run for 2 days without any supervision.. and never crashed :-) A quick note: To those commenting on the speed.. My server was attached to a 28.8k modem in Australia... I hope to get a cable modem or something a bit faster soon :-) Now... I'm off to cut another release.. maybe v0.9... Cheers, Matt. From matthewr at moreton.com.au Sat Jun 12 21:39:08 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Sat Jun 12 21:39:08 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. References: Message-ID: <376318CB.32CB39B@moreton.com.au> > > therefore, we act as a PAC and don't have to implement message type 9 > > incoming. > > well, technically we don't HAVE to implement those messages, but it's a > pretty easy hack, and obviously SOME clinets are confused about how things > work, so wy not support them? I dont think there are any security problems > with implementing those 3 control types, so I say we do it. Since the PPTP client and server are somewhat similar... would there be any disadvantages to rolling PPTP client support into PoPToP? pppd acts as both a client and a server.. why not poptop? maybe a compile option? any comments/issues? Cheers, Matt. From luyer at ucs.uwa.edu.au Sun Jun 13 18:31:34 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun Jun 13 18:31:34 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: Your message of "Sun, 13 Jun 1999 02:34:51 GMT." <376318CB.32CB39B@moreton.com.au> Message-ID: <199906132331.HAA05555@typhaon.ucs.uwa.edu.au> > Since the PPTP client and server are somewhat similar... would there be > any disadvantages to rolling PPTP client support into PoPToP? pppd acts > as both a client and a server.. why not poptop? maybe a compile option? > any comments/issues? My opinion - it would be nice to get v1.0 out as a fully RFC compliant IP tunneling PPTP PAC end, and then post-v1.0 we can start thinking about adding PNS support and going beyond just IP tunneling (setting up ISDN calls), etc. David. From luyer at ucs.uwa.edu.au Sun Jun 13 21:32:12 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun Jun 13 21:32:12 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: Your message of "Sat, 11 Jun 1999 09:17:11 +0200." Message-ID: <199906140231.KAA10407@typhaon.ucs.uwa.edu.au> I've been thinking more about acting as a PAC and PNS. While it is possible there are issues which mean it's probably best as a compile time option to be one or the other. One issue is that I've just chopped some code which we might need to put back :-) But I will re-write or resurrect it if we get to the point we need it, and there's much more code needed for that bit to actually be useful. That is the multiple calls on one connection - not needed while we're acting as an IP tunnelling PAC, but needed if we become a full-blown PNS. Basically, we work as a PAC since IP tunnelling clients act as a PNS. But if we want to be able to do the PPTP back-end work for PACs we need to act as a PNS and to accept multiple calls from one PAC. However, the Start Control Connection Reply will have to be different if we're acting as a PAC or PNS (eg, max channels = 0 for PNS but = 1 for us as a PAC). I currently see this as post-1.0 development but I guess it depends if people are going to work on it now or not. The actual amount of code needed isn't too severe, and should all be wrapped with something like #if PNS_MODE. David. From luyer at ucs.uwa.edu.au Sun Jun 13 22:51:09 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun Jun 13 22:51:09 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: Your message of "Sat, 11 Jun 1999 09:17:11 +0200." Message-ID: <199906140350.LAA12186@typhaon.ucs.uwa.edu.au> I'm working on some very preliminary work for PoPToP to be able to act as a PNS. It will require to use the pppd-ip-alloc option in order to work in this way and I can't really see a way around that - except for bringing back the control-manager pipe in this case, but this is the very case where we will expect to be having high numbers of clients and hence don't want the cost of those pipes. So, at least initially, that is going to be one of the restrictions. I don't intend to implement the PNS side of the PPTP interaction, just the basic structure required for it (multiple call support to one address and so on) as a compile time option. David. From Peter.Galbavy at knowledge.com Mon Jun 14 02:36:15 1999 From: Peter.Galbavy at knowledge.com (Peter Galbavy) Date: Mon Jun 14 02:36:15 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: <199906140231.KAA10407@typhaon.ucs.uwa.edu.au>; from David Luyer on Mon, Jun 14, 1999 at 10:31:48AM +0800 References: <199906140231.KAA10407@typhaon.ucs.uwa.edu.au> Message-ID: <19990614083601.A9320@office.knowledge.com> On Mon, Jun 14, 1999 at 10:31:48AM +0800, David Luyer wrote: > Basically, we work as a PAC since IP tunnelling clients act as a PNS. But if > we want to be able to do the PPTP back-end work for PACs we need to act as a > PNS and to accept multiple calls from one PAC. Erm, I have not read the RFCs, but from all the marketing bull etc. I always thought the 'NS' in PNS stood for Network Server. I thought that the Windoze box was the PAC ? Help. :) Oh, is 'AC' -> Access Controller ? -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/ From luyer at ucs.uwa.edu.au Mon Jun 14 05:06:13 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Mon Jun 14 05:06:13 1999 Subject: [pptp-server] FW: PPTP. PAP. and the compaq Microcom. In-Reply-To: Your message of "Mon, 14 Jun 1999 08:36:01 +0100." <19990614083601.A9320@office.knowledge.com> Message-ID: <199906141005.SAA20192@typhaon.ucs.uwa.edu.au> > On Mon, Jun 14, 1999 at 10:31:48AM +0800, David Luyer wrote: > > Basically, we work as a PAC since IP tunnelling clients act as a PNS. But if > > we want to be able to do the PPTP back-end work for PACs we need to act as a > > PNS and to accept multiple calls from one PAC. > > Erm, I have not read the RFCs, but from all the marketing bull etc. I > always thought the 'NS' in PNS stood for Network Server. I thought > that the Windoze box was the PAC ? Help. :) Oh, is 'AC' -> Access > Controller ? From klawson at dementia.dynip.com Mon Jun 14 07:45:41 1999 From: klawson at dementia.dynip.com (Keith Lawson) Date: Mon Jun 14 07:45:41 1999 Subject: [pptp-server] Connecting through Linux Firewall Message-ID: Hello, I am trying to connect to a server from a win95 machine which is Masqed behind a Linux firewall. Should this work okay or does it require extra configuration on the firewall? Regards, Keith Lawson. From anders.vannman at nyavf.se Mon Jun 14 10:14:19 1999 From: anders.vannman at nyavf.se (=?iso-8859-1?Q?Anders_V=E4nnman?=) Date: Mon Jun 14 10:14:19 1999 Subject: [pptp-server] dont disconnect Message-ID: Hi Ive installed pptpd on my linuxbox. It works fine - although a bit slow since i havent got the compression to work with DozeNT. My problem is when I disconnect from the pptpd it doesnt kill the pppd or the pptpd control connection. I have to do a manual "kill" for it to go down. Im not sure if its a pptp problem or a ppp-problem. Any clues? Anders From epadin at wagweb.com Mon Jun 14 11:12:07 1999 From: epadin at wagweb.com (Ed Padin) Date: Mon Jun 14 11:12:07 1999 Subject: [pptp-server] Connecting through Linux Firewall Message-ID: I tried this and it did not work I was able to connect outside the MASQed server. You may be able to do it if you employ a 1 to 1 NAT configuration on your firewall (see http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html ) or if you use masq module. I know that there is an FTP masq module to contend with the fact that active FTP tries to connect back to you. I think that pptp is doing the same. I know that there is a masquerading module made for this. I think IPAUTOFW might help. Anyone solved this one yet? > -----Original Message----- > From: Keith Lawson [mailto:klawson at dementia.dynip.com] > Sent: Monday, June 14, 1999 9:42 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Connecting through Linux Firewall > > > Hello, > > I am trying to connect to a server from a win95 machine which > is Masqed > behind a Linux firewall. Should this work okay or does it > require extra > configuration on the firewall? > > Regards, > Keith Lawson. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From matthewr at moreton.com.au Mon Jun 14 20:52:36 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon Jun 14 20:52:36 1999 Subject: [pptp-server] v0.9 released! Message-ID: <3765B0D2.B5DDC8B8@moreton.com.au> hiya all, PoPToP v0.9.0 has been released... finally. You can download it here: http://www.moretonbay.com/vpn/download_pptp.html This release fixes all the *known* bugs to date. Development continues... Here is the ChangeLog from v0.8.13: See the ChangeLog (http://www.moretonbay.com/vpn/releases/ChangeLog.txt) for all the changes since v0.8. v0.8.13 -> v0.9.0 11th June, 1999 - possibly fixed the 'error 629 on startup' bug. this fix is incompatible with the 'silent' option of pppd, so don't use the 'silent' option. - support a single localip with a range of remoteip's - new, small, fast, simple get_call_id() function - removed a few hardcoded values in ctrlpacket and replaced with defines - new pptp_read_header() - slightly more 'expensive' but should be much more robust - use openpty() if possible, internalize tty opening, startCall much more simple Cheers, PoPToP Development Team. From anders.vannman at nyavf.se Tue Jun 15 01:29:51 1999 From: anders.vannman at nyavf.se (=?iso-8859-1?Q?Anders_V=E4nnman?=) Date: Tue Jun 15 01:29:51 1999 Subject: [pptp-server] dont disconnect Message-ID: I used the .rpm that was on the pptpd-homepage, I got an advice from David Luyer to use a newer, and when I did - it works! Linux is just great!! This is my first installation in a production environment and it meet all my expectations. In just a couple of days ive gotten it fully functional including services ive never tried before! -----Original Message----- From: Matthew Ramsay [mailto:matthewr at moreton.com.au] Sent: Tuesday, June 15, 1999 2:35 AM To: Anders V?nnman Subject: Re: [pptp-server] dont disconnect hmm.. i thought this was fixed...... i'm looking into it -matt Anders V?nnman wrote: > > Hi > > Ive installed pptpd on my linuxbox. It works fine - although a bit slow > since i havent got the compression to work with DozeNT. > > My problem is when I disconnect from the pptpd it doesnt kill the pppd or > the pptpd control connection. I have to do a manual "kill" for it to go > down. Im not sure if its a pptp problem or a ppp-problem. > > Any clues? > > Anders > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From noddson at opentext.com Tue Jun 15 16:56:57 1999 From: noddson at opentext.com (Nicholas Oddson) Date: Tue Jun 15 16:56:57 1999 Subject: [pptp-server] Dumb newbie question... Message-ID: <4.1.19990615174903.047dfdc0@mail.opentext.com> If I want to run PPTPD on my Linux box (which is also my firewall) such that I can connect from a (windows) machine at work and get into my home private network (to get files, whatever) - do I need more than one IP address on my external interface of my Linux box? i.e. I have one external IP address I have several internal IP addresses (192.168.1.x) I keep getting the error "No free connection slots or IPs available - no more clients can connect!" Jun 15 17:53:25 cr136376-A pptpd[12027]: MGR: Manager process started Jun 15 17:53:36 cr136376-A pptpd[12027]: MGR: No free connection slots or IPs - no more clients can connect! Jun 15 17:53:36 cr136376-A pptpd[12028]: CTRL: Client 204.138.115.3 control connection started Jun 15 17:53:36 cr136376-A pptpd[12028]: CTRL: Starting call (launching pppd, opening GRE) Jun 15 17:53:37 cr136376-A pptpd[12028]: CTRL: Ignored a SET LINK INFO packet Jun 15 17:53:37 cr136376-A pppd[12029]: pppd 2.3.5 started by root, uid 0 Jun 15 17:53:37 cr136376-A pppd[12029]: Using interface ppp0 Jun 15 17:53:37 cr136376-A pppd[12029]: Connect: ppp0 <--> /dev/ttyp2 Jun 15 17:53:37 cr136376-A pppd[12029]: sent [LCP ConfReq id=0x1 ] Jun 15 17:54:04 cr136376-A last message repeated 9 times Jun 15 17:54:07 cr136376-A pppd[12029]: LCP: timeout sending Config-Requests Jun 15 17:54:07 cr136376-A pptpd[12028]: GRE: read() from PTY failed: errno = 0 Jun 15 17:54:07 cr136376-A pptpd[12028]: CTRL: PTY read failed Jun 15 17:54:07 cr136376-A pptpd[12028]: CTRL: Client 204.138.115.3 control connection finished Jun 15 17:54:07 cr136376-A pppd[12029]: Connection terminated. Jun 15 17:54:07 cr136376-A pppd[12029]: Exit. This is RH5.2 using pptp 0.9.0 and ppp 2.3.5 Ideas? - Nick From tmk at netmagic.net Tue Jun 15 17:21:58 1999 From: tmk at netmagic.net (tmk) Date: Tue Jun 15 17:21:58 1999 Subject: [pptp-server] Dumb newbie question... In-Reply-To: <4.1.19990615174903.047dfdc0@mail.opentext.com> Message-ID: Ignore that error, it just means that you have used up all the IPs you allocated in your /etc/pptpd.conf file *AFTER* the client connected. the client has already connected just fine. As far as ips go, the "best" way to set things up is to make ALL local ip addresses the same as your linux box (it won't hurt anything) and make the remote ip addresses unique, but on the same subnet as your linux box. You can then use the proxyarp ppp option (if you'd like) for example: assuming your linux box is 192.168.1.1 and 192.168.1.100 through 192.168.1.255 are free you tell the pptp client to go to your remote ip. tell pptpd that local ips are 192.168.1.1 and remote ips are 192.168.1.100-255 and if you like, use the proxyarp option in your pppd options file Kevin On Tue, 15 Jun 1999, Nicholas Oddson wrote: > If I want to run PPTPD on my Linux box (which is also my firewall) such > that I can connect from a (windows) machine at work and get into my home > private network (to get files, whatever) - do I need more than one IP > address on my external interface of my Linux box? > > i.e. I have one external IP address > I have several internal IP addresses (192.168.1.x) > > I keep getting the error "No free connection slots or IPs available - no > more clients can connect!" > > Jun 15 17:53:25 cr136376-A pptpd[12027]: MGR: Manager process started > Jun 15 17:53:36 cr136376-A pptpd[12027]: MGR: No free connection slots or > IPs - no more clients can connect! > Jun 15 17:53:36 cr136376-A pptpd[12028]: CTRL: Client 204.138.115.3 control > connection started > Jun 15 17:53:36 cr136376-A pptpd[12028]: CTRL: Starting call (launching > pppd, opening GRE) > Jun 15 17:53:37 cr136376-A pptpd[12028]: CTRL: Ignored a SET LINK INFO packet > Jun 15 17:53:37 cr136376-A pppd[12029]: pppd 2.3.5 started by root, uid 0 > Jun 15 17:53:37 cr136376-A pppd[12029]: Using interface ppp0 > Jun 15 17:53:37 cr136376-A pppd[12029]: Connect: ppp0 <--> /dev/ttyp2 > Jun 15 17:53:37 cr136376-A pppd[12029]: sent [LCP ConfReq id=0x1 05> ] > Jun 15 17:54:04 cr136376-A last message repeated 9 times > Jun 15 17:54:07 cr136376-A pppd[12029]: LCP: timeout sending Config-Requests > Jun 15 17:54:07 cr136376-A pptpd[12028]: GRE: read() from PTY failed: errno = 0 > Jun 15 17:54:07 cr136376-A pptpd[12028]: CTRL: PTY read failed > Jun 15 17:54:07 cr136376-A pptpd[12028]: CTRL: Client 204.138.115.3 control > connection finished > Jun 15 17:54:07 cr136376-A pppd[12029]: Connection terminated. > Jun 15 17:54:07 cr136376-A pppd[12029]: Exit. > > This is RH5.2 using pptp 0.9.0 and ppp 2.3.5 > > Ideas? > > - Nick > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From noddson at opentext.com Tue Jun 15 17:44:57 1999 From: noddson at opentext.com (Nicholas Oddson) Date: Tue Jun 15 17:44:57 1999 Subject: [pptp-server] Dumb newbie question... In-Reply-To: References: <4.1.19990615174903.047dfdc0@mail.opentext.com> Message-ID: <4.1.19990615182525.04853880@mail.opentext.com> I will ensure that my Linux box is setup as you specified. I assume that I should use an internet address (such as 204.138.115.3) since the Linux box is multihomed (being both the internet address as 192.168.1.1). I have always had the proxyarp option in my /etc/ppp/options file. Oh - ok - that makes more sense now... so then my connection problem would be PPP related (and not PPTP) - it seems that PPP fails to read the data for authentication. Is there a reason why my ppp would be timing out and unable to read the connection? My ifcfg-ppp0 was original configured for a modem and I'm not sure I know what to change appropriately for use with PPTP. Thanks for your responsive feedback. - Nick At 06:27 PM 6/15/99 , tmk wrote: >Ignore that error, it just means that you have used up all the IPs you >allocated in your /etc/pptpd.conf file *AFTER* the client connected. the >client has already connected just fine. > >As far as ips go, the "best" way to set things up is to make ALL local ip >addresses the same as your linux box (it won't hurt anything) and make the >remote ip addresses unique, but on the same subnet as your linux box. You >can then use the proxyarp ppp option (if you'd like) > >for example: > >assuming your linux box is 192.168.1.1 and 192.168.1.100 through >192.168.1.255 are free >you tell the pptp client to go to your remote ip. >tell pptpd that local ips are 192.168.1.1 and remote ips are >192.168.1.100-255 > >and if you like, use the proxyarp option in your pppd options file > >Kevin > >On Tue, 15 Jun 1999, Nicholas Oddson wrote: > >> If I want to run PPTPD on my Linux box (which is also my firewall) such >> that I can connect from a (windows) machine at work and get into my home >> private network (to get files, whatever) - do I need more than one IP >> address on my external interface of my Linux box? >> >> i.e. I have one external IP address >> I have several internal IP addresses (192.168.1.x) >> >> I keep getting the error "No free connection slots or IPs available - no >> more clients can connect!" >> >> Jun 15 17:53:25 cr136376-A pptpd[12027]: MGR: Manager process started >> Jun 15 17:53:36 cr136376-A pptpd[12027]: MGR: No free connection slots or >> IPs - no more clients can connect! >> Jun 15 17:53:36 cr136376-A pptpd[12028]: CTRL: Client 204.138.115.3 control >> connection started >> Jun 15 17:53:36 cr136376-A pptpd[12028]: CTRL: Starting call (launching >> pppd, opening GRE) >> Jun 15 17:53:37 cr136376-A pptpd[12028]: CTRL: Ignored a SET LINK INFO packet >> Jun 15 17:53:37 cr136376-A pppd[12029]: pppd 2.3.5 started by root, uid 0 >> Jun 15 17:53:37 cr136376-A pppd[12029]: Using interface ppp0 >> Jun 15 17:53:37 cr136376-A pppd[12029]: Connect: ppp0 <--> /dev/ttyp2 >> Jun 15 17:53:37 cr136376-A pppd[12029]: sent [LCP ConfReq id=0x1 > 05> ] >> Jun 15 17:54:04 cr136376-A last message repeated 9 times >> Jun 15 17:54:07 cr136376-A pppd[12029]: LCP: timeout sending Config-Requests >> Jun 15 17:54:07 cr136376-A pptpd[12028]: GRE: read() from PTY failed: >errno = 0 >> Jun 15 17:54:07 cr136376-A pptpd[12028]: CTRL: PTY read failed >> Jun 15 17:54:07 cr136376-A pptpd[12028]: CTRL: Client 204.138.115.3 control >> connection finished >> Jun 15 17:54:07 cr136376-A pppd[12029]: Connection terminated. >> Jun 15 17:54:07 cr136376-A pppd[12029]: Exit. >> >> This is RH5.2 using pptp 0.9.0 and ppp 2.3.5 >> >> Ideas? >> >> - Nick From tmk at netmagic.net Tue Jun 15 17:56:57 1999 From: tmk at netmagic.net (tmk) Date: Tue Jun 15 17:56:57 1999 Subject: [pptp-server] Dumb newbie question... In-Reply-To: <4.1.19990615182525.04853880@mail.opentext.com> Message-ID: > I will ensure that my Linux box is setup as you specified. I assume that I > should use an internet address (such as 204.138.115.3) since the Linux box > is multihomed (being both the internet address as 192.168.1.1). I have > always had the proxyarp option in my /etc/ppp/options file. so you have 2 network cards (or interfaces) one in the 204.x.x.x range and one in the 192.x.x.x range. I will assume that the 204 range is the internet, and the 192 range is your private network. looking at your logs, it would seem that what you have is indeed a ppp problem. Post (or send directly too me) your pppd options file, you might have some conflicting options in there. If you haven't already, read the setup tips that come with the distribution. Kevin > > Oh - ok - that makes more sense now... so then my connection problem > would be PPP related (and not PPTP) - it seems that PPP fails to read the > data for authentication. > > Is there a reason why my ppp would be timing out and unable to read the > connection? My ifcfg-ppp0 was original configured for a modem and I'm not > sure I know what to change appropriately for use with PPTP. > > Thanks for your responsive feedback. > > - Nick > > At 06:27 PM 6/15/99 , tmk wrote: > >Ignore that error, it just means that you have used up all the IPs you > >allocated in your /etc/pptpd.conf file *AFTER* the client connected. the > >client has already connected just fine. > > > >As far as ips go, the "best" way to set things up is to make ALL local ip > >addresses the same as your linux box (it won't hurt anything) and make the > >remote ip addresses unique, but on the same subnet as your linux box. You > >can then use the proxyarp ppp option (if you'd like) > > > >for example: > > > >assuming your linux box is 192.168.1.1 and 192.168.1.100 through > >192.168.1.255 are free > >you tell the pptp client to go to your remote ip. > >tell pptpd that local ips are 192.168.1.1 and remote ips are > >192.168.1.100-255 > > > >and if you like, use the proxyarp option in your pppd options file > > > >Kevin > > > >On Tue, 15 Jun 1999, Nicholas Oddson wrote: > > > >> If I want to run PPTPD on my Linux box (which is also my firewall) such > >> that I can connect from a (windows) machine at work and get into my home > >> private network (to get files, whatever) - do I need more than one IP > >> address on my external interface of my Linux box? > >> > >> i.e. I have one external IP address > >> I have several internal IP addresses (192.168.1.x) > >> > >> I keep getting the error "No free connection slots or IPs available - no per per > >> more clients can connect!" > >> > >> Jun 15 17:53:25 cr136376-A pptpd[12027]: MGR: Manager process started > >> Jun 15 17:53:36 cr136376-A pptpd[12027]: MGR: No free connection slots or > >> IPs - no more clients can connect! > >> Jun 15 17:53:36 cr136376-A pptpd[12028]: CTRL: Client 204.138.115.3 control > >> connection started > >> Jun 15 17:53:36 cr136376-A pptpd[12028]: CTRL: Starting call (launching > >> pppd, opening GRE) > >> Jun 15 17:53:37 cr136376-A pptpd[12028]: CTRL: Ignored a SET LINK INFO > packet > >> Jun 15 17:53:37 cr136376-A pppd[12029]: pppd 2.3.5 started by root, uid 0 > >> Jun 15 17:53:37 cr136376-A pppd[12029]: Using interface ppp0 > >> Jun 15 17:53:37 cr136376-A pppd[12029]: Connect: ppp0 <--> /dev/ttyp2 > >> Jun 15 17:53:37 cr136376-A pppd[12029]: sent [LCP ConfReq id=0x1 >> 05> ] > >> Jun 15 17:54:04 cr136376-A last message repeated 9 times > >> Jun 15 17:54:07 cr136376-A pppd[12029]: LCP: timeout sending Config-Requests > >> Jun 15 17:54:07 cr136376-A pptpd[12028]: GRE: read() from PTY failed: > >errno = 0 > >> Jun 15 17:54:07 cr136376-A pptpd[12028]: CTRL: PTY read failed > >> Jun 15 17:54:07 cr136376-A pptpd[12028]: CTRL: Client 204.138.115.3 control > >> connection finished > >> Jun 15 17:54:07 cr136376-A pppd[12029]: Connection terminated. > >> Jun 15 17:54:07 cr136376-A pppd[12029]: Exit. > >> > >> This is RH5.2 using pptp 0.9.0 and ppp 2.3.5 > >> > >> Ideas? > >> > >> - Nick > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Tue Jun 15 19:57:16 1999 From: tmk at netmagic.net (tmk) Date: Tue Jun 15 19:57:16 1999 Subject: [pptp-server] Your suggestions wanted References: <4.1.19990615174903.047dfdc0@mail.opentext.com> Message-ID: <005201beb793$443ee280$011c0fc0@lala.net> Hey everyone, I'm going to be putting together a GUI control-panel for poptop and I'd like to know what sort of features and properties you'd like it to have. Currently here's what's on the agenda: GUI: both a GTK and a console version (not ncurses, just plain text) Features: * status listing * increase/decrease max calls * block new connections * disconnect clients * ppp stats (usage graphs, packet counters, error count, etc) * change ip addresses of unused call slots * close down pptpd Things that probably won't be possible: * identify user names of connections If you can suggest other options that would be great. If you think some of that is unncessary, let me know. Kevin From martin at simpli.net Tue Jun 15 22:55:53 1999 From: martin at simpli.net (martin at simpli.net) Date: Tue Jun 15 22:55:53 1999 Subject: [pptp-server] Any help please Message-ID: <000e01beb7ac$ef590880$0202a8c0@simpli.net> Hi I will appreciate if any one can help ok look at this, when I use pptp with pptpd I can only ping the server 192.168.2.1 when connected but no other host (192.168.2.2, 192.168.2.3...) that are on the pptpd network but I see all the stations in the network neiberhood. ok when I connect directly to my linux box in ppp it work I can ping every host and access them! on both case I use proxyarp... here the route from the windows station: PPTP CONNECTION Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.11 192.168.2.11 1 0.0.0.0 0.0.0.0 216.46.7.163 216.46.7.163 2 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 2 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 1 192.168.2.0 255.255.255.0 192.168.2.11 192.168.2.11 1 192.168.2.11 255.255.255.255 127.0.0.1 127.0.0.1 1 209.226.106.112 255.255.255.255 216.46.7.163 216.46.7.163 1 216.46.7.0 255.255.255.0 216.46.7.163 216.46.7.163 2 216.46.7.163 255.255.255.255 127.0.0.1 127.0.0.1 1 216.46.7.255 255.255.255.255 216.46.7.163 216.46.7.163 1 224.0.0.0 224.0.0.0 192.168.0.1 192.168.0.1 1 224.0.0.0 224.0.0.0 192.168.2.11 192.168.2.11 1 224.0.0.0 224.0.0.0 216.46.7.163 216.46.7.163 1 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1 =========================================================================== PPP CONNECTION Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.5 192.168.2.5 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 2 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 1 192.168.2.0 255.255.255.0 192.168.2.5 192.168.2.5 1 192.168.2.5 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.2.255 255.255.255.255 192.168.2.5 192.168.2.5 1 224.0.0.0 224.0.0.0 192.168.0.1 192.168.0.1 1 224.0.0.0 224.0.0.0 192.168.2.5 192.168.2.5 1 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1 =========================================================================== options file for ppp: name server auth require-chap ms-wins 192.168.2.1 ms-wins 192.168.2.1 ms-dns 204.101.251.1 ms-dns 204.101.251.2 asyncmap 0 lock modem passive netmask 255.255.255.0 proxyarp :192.168.2.5 options for pptp: name server auth require-chap ms-wins 192.168.2.1 ms-wins 192.168.2.1 ms-dns 204.101.251.1 ms-dns 204.101.251.2 asyncmap 0 lock local hide-password netmask 255.255.255.0 lcp-echo-interval 30 lcp-echo-failure 4 noipx proxyarp well I guess someone can help thanks ! Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmk at netmagic.net Tue Jun 15 23:10:02 1999 From: tmk at netmagic.net (tmk) Date: Tue Jun 15 23:10:02 1999 Subject: [pptp-server] Re: [pptp-server] Any help please References: <000e01beb7ac$ef590880$0202a8c0@simpli.net> Message-ID: <008601beb7ae$2a84eea0$011c0fc0@lala.net> how are you connected to the internet? (assuming you use the net to get to the pptp server) in some cases when you use an ethernet interface to the internet, windows refuses to route pings through the pptp tunnel and tries to send them through the net. Watch your modem lights when you are pinging to see if pptp is sending anything through the tunnel. Kevin ----- Original Message ----- From: martin at simpli.net To: pptp-server at lists.schulte.org Sent: Tuesday, June 15, 1999 9:01 PM Subject: [pptp-server] Any help please Hi I will appreciate if any one can help ok look at this, when I use pptp with pptpd I can only ping the server 192.168.2.1 when connected but no other host (192.168.2.2, 192.168.2.3...) that are on the pptpd network but I see all the stations in the network neiberhood. ok when I connect directly to my linux box in ppp it work I can ping every host and access them! on both case I use proxyarp... here the route from the windows station: PPTP CONNECTION Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.11 192.168.2.11 1 0.0.0.0 0.0.0.0 216.46.7.163 216.46.7.163 2 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 2 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 1 192.168.2.0 255.255.255.0 192.168.2.11 192.168.2.11 1 192.168.2.11 255.255.255.255 127.0.0.1 127.0.0.1 1 209.226.106.112 255.255.255.255 216.46.7.163 216.46.7.163 1 216.46.7.0 255.255.255.0 216.46.7.163 216.46.7.163 2 216.46.7.163 255.255.255.255 127.0.0.1 127.0.0.1 1 216.46.7.255 255.255.255.255 216.46.7.163 216.46.7.163 1 224.0.0.0 224.0.0.0 192.168.0.1 192.168.0.1 1 224.0.0.0 224.0.0.0 192.168.2.11 192.168.2.11 1 224.0.0.0 224.0.0.0 216.46.7.163 216.46.7.163 1 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1 =========================================================================== PPP CONNECTION Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.5 192.168.2.5 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 2 192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 1 192.168.2.0 255.255.255.0 192.168.2.5 192.168.2.5 1 192.168.2.5 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.2.255 255.255.255.255 192.168.2.5 192.168.2.5 1 224.0.0.0 224.0.0.0 192.168.0.1 192.168.0.1 1 224.0.0.0 224.0.0.0 192.168.2.5 192.168.2.5 1 255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1 =========================================================================== options file for ppp: name server auth require-chap ms-wins 192.168.2.1 ms-wins 192.168.2.1 ms-dns 204.101.251.1 ms-dns 204.101.251.2 asyncmap 0 lock modem passive netmask 255.255.255.0 proxyarp :192.168.2.5 options for pptp: name server auth require-chap ms-wins 192.168.2.1 ms-wins 192.168.2.1 ms-dns 204.101.251.1 ms-dns 204.101.251.2 asyncmap 0 lock local hide-password netmask 255.255.255.0 lcp-echo-interval 30 lcp-echo-failure 4 noipx proxyarp well I guess someone can help thanks ! Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: From skvidal at skyrunner.net Tue Jun 15 23:57:05 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Tue Jun 15 23:57:05 1999 Subject: [pptp-server] Re: [pptp-server] Any help please In-Reply-To: <000e01beb7ac$ef590880$0202a8c0@simpli.net> Message-ID: > > Hi I will appreciate if any one can help ok look at this, when I use pptp with pptpd I can only ping the server 192.168.2.1 when connected but no other host (192.168.2.2, 192.168.2.3...) that are on the pptpd network but I see all the stations in the network neiberhood. ok when I connect directly to my linux box in ppp it work I can ping every host and access them! on both case I use proxyarp... what does a traceroute look like. -sv From luyer at ucs.uwa.edu.au Wed Jun 16 03:45:48 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jun 16 03:45:48 1999 Subject: [pptp-server] Re: [pptp-server] Dumb newbie question... In-Reply-To: Your message of "Tue, 15 Jun 1999 15:27:36 MST." Message-ID: <199906160845.QAA16167@typhaon.ucs.uwa.edu.au> > assuming your linux box is 192.168.1.1 and 192.168.1.100 through > 192.168.1.255 are free > you tell the pptp client to go to your remote ip. > tell pptpd that local ips are 192.168.1.1 and remote ips are > 192.168.1.100-255 Actually, if you have any people using the Linux client, you don't want to tell them the local IP is the same as the IP they might use to connect to the Linux box running pptpd. It makes the routing table impossible. So I suggest using an unused address for localip too, eg, pptpd box: 192.168.1.1 unused: 192.168.1.100-254 configuration - localip 192.168.1.100 remoteip 192.168.1.101-254 David. From larrydog at coqui.net Wed Jun 16 10:10:10 1999 From: larrydog at coqui.net (Larry Rivera) Date: Wed Jun 16 10:10:10 1999 Subject: [pptp-server] 629 Error Message-ID: <3767B05E.AD20B41C@coqui.net> Hello: Getting 629 error from win9x machine after it states "verifying username & password" with the following out of my /var/log/pptpd.log Jun 16 10:42:40 merdist pptpd[13392]: CTRL: local address = 192.168.2.10 Jun 16 10:42:40 merdist pptpd[13392]: CTRL: remote address = 192.168.3.10 Jun 16 10:42:40 merdist pptpd[13392]: CTRL: pppd speed = 115200 Jun 16 10:42:40 merdist pptpd[13392]: CTRL: pppd options file = /etc/ppp/options pptpd Jun 16 10:42:40 merdist pptpd[13392]: CTRL: Client 196.42.47.178 control connect ion started Jun 16 10:42:40 merdist pptpd[13392]: CTRL: Received PPTP Control Message (type: 1) Jun 16 10:42:40 merdist pptpd[13392]: CTRL: Made a START CTRL CONN reply Jun 16 10:42:40 merdist pptpd[13392]: CTRL: I wrote 156 bytes to the client. Jun 16 10:42:40 merdist pptpd[13392]: CTRL: Sent packet to client Jun 16 10:42:41 merdist pptpd[13392]: CTRL: Received PPTP Control Message (type: 7) Jun 16 10:42:41 merdist pptpd[13392]: CTRL: Made a OUT CALL reply Jun 16 10:42:41 merdist pptpd[13392]: CTRL: Starting call (launching pppd, openi ng GRE) Jun 16 10:42:41 merdist pptpd[13392]: CTRL: pty_fd = 6 Jun 16 10:42:41 merdist pptpd[13392]: CTRL: tty_fd = 7 Jun 16 10:42:41 merdist pptpd[13392]: CTRL: I wrote 32 bytes to the client. Jun 16 10:42:41 merdist pptpd[13392]: CTRL: Sent packet to client Jun 16 10:42:41 merdist pptpd[13393]: CTRL (PPPD Launcher): Connection speed = 1 15200 Jun 16 10:42:41 merdist pptpd[13393]: CTRL (PPPD Launcher): local address = 192. 168.2.10 Jun 16 10:42:41 merdist pptpd[13393]: CTRL (PPPD Launcher): remote address = 192 .168.3.10 Jun 16 10:42:41 merdist pptpd[13392]: GRE: read() from PTY failed: errno = 0 Jun 16 10:42:41 merdist pptpd[13392]: CTRL: PTY read failed Jun 16 10:42:41 merdist pptpd[13392]: CTRL: Client 196.42.47.178 control connect ion finished Anyone have any insight on this? LR From nico at sonycom.com Wed Jun 16 11:06:39 1999 From: nico at sonycom.com (Nico De Ranter) Date: Wed Jun 16 11:06:39 1999 Subject: [pptp-server] couldn't find suitable secret Message-ID: <199906161605.QAA01172@oshima.sonytel.be> Howdy, I'm trying to make my Linux box talk to the poptop server. I managed to get the pptp connection up by doing something like: pptp pptp-server debug name nico remotename ndr I get a message stating both incoming and outgoing connections have been made. But when I do an ifconfig the ppp0 interface doesn't have an IP-address so I can't make a route to it. The USING file of pptp als gives a couple of IP-addresses as an argument to pptp, however in my case I can't choose the IP-addresses myself. How can I resolve this? Thanks in advance, Nico -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From christopherandrew at OU.EDU Wed Jun 16 12:53:17 1999 From: christopherandrew at OU.EDU (Andy Worthington) Date: Wed Jun 16 12:53:17 1999 Subject: [pptp-server] general help Message-ID: <006b01beb820$3efbb4a0$da7d0f81@sdfcdsf.occe.ou.edu> I have been playing around with pptpd for a while now. I have it setup on my home network and access it from my machine at work that is connected by way of network card to the internet. Everything works great there. Today I started setting pptpd up on a work server to start testing it out here. I can call the pptpd server and get connected and all but it doesn't seem like it is sending anything over the link. The network the pptpd is being setup on is a subnet of two class c's. The reason we are setting up the pptpd is to allow people on the road access to the intranet web server and the netware server which you must be on the local subnet to access. I am dialing into a local ISP and then connecting to the pptpd machine. Everything is fine but then if I telnet to the pptpd machine it appears to go through the original ppp connection and not the vpn connection. ie win95 does not report any traffic on the vpn connection. Any help would be appreciative. Thanks Andy Worthington CCE - University of Oklahoma From christopherandrew at ou.edu Wed Jun 16 14:21:06 1999 From: christopherandrew at ou.edu (Andy Worthington) Date: Wed Jun 16 14:21:06 1999 Subject: [pptp-server] Re: [pptp-server] general help Message-ID: <00a701beb82c$77ef5d00$da7d0f81@sdfcdsf.occe.ou.edu> -----Original Message----- From: Allan Clark To: Andy Worthington Date: Wednesday, June 16, 1999 1:23 PM Subject: Re: [pptp-server] general help >Before someone else asks, I'll ask the obvious questions (since we can't see >your screen from here) : > - what is your OS? RedHat 5.1 > - what version of pptpd ? v0.9 > - what version of pppd ? version 2.3 patch level 3 > >.. and my own questions ... >what IP is being handed out by the pptpd service? Is that the IP you're using >to connect? The ip of the machine is 129.15.124.49. The local is .30 and remote is .43 >what does the routing table look like on the windows client ? Network Address Netmask Gateway Address Interface Metric 0.0.0.0 0.0.0.0 129.15.124.43 129.15.124.43 1 0.0.0.0 0.0.0.0 38.193.69.16 38.193.69.16 2 38.0.0.0 255.0.0.0 38.193.69.16 38.193.69.16 2 38.193.69.16 255.255.255.255 127.0.0.1 127.0.0.1 1 38.255.255.255 255.255.255.255 38.193.69.16 38.193.69.16 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 129.15.0.0 255.255.0.0 129.15.124.43 129.15.124.43 1 129.15.124.43 255.255.255.255 127.0.0.1 127.0.0.1 1 129.15.124.49 255.255.255.255 38.193.69.16 38.193.69.16 1 224.0.0.0 224.0.0.0 38.193.69.16 38.193.69.16 1 224.0.0.0 224.0.0.0 129.15.124.43 129.15.124.43 1 255.255.255.255 255.255.255.255 38.193.69.16 38.193.69.16 1 >what is your pptpd config and pppd config ? > pppd config: debug name tel.occe.ou.edu auth require-chap proxyarp pptpd config: speed 115200 localip 129.15.124.30 remoteip 129.15.124.43 >Allan > > 129.15 is for the whole university our subnet is comprised of 129.15.124 and .125 with netmask of 255.255.254.0 since I dont see that netmask anywhere in the win95 routing table could that be where the problem lies? Thanks Andy Worthington CCE - University of Oklahoma >Andy Worthington wrote: > >> I have been playing around with pptpd for a while now. I have it setup on >> my home network and access it from my machine at work that is connected by >> way of network card to the internet. Everything works great there. Today I >> started setting pptpd up on a work server to start testing it out here. I >> can call the pptpd server and get connected and all but it doesn't seem like >> it is sending anything over the link. The network the pptpd is being setup >> on is a subnet of two class c's. The reason we are setting up the pptpd is >> to allow people on the road access to the intranet web server and the >> netware server which you must be on the local subnet to access. I am >> dialing into a local ISP and then connecting to the pptpd machine. >> Everything is fine but then if I telnet to the pptpd machine it appears to >> go through the original ppp connection and not the vpn connection. ie win95 >> does not report any traffic on the vpn connection. Any help would be >> appreciative. >> >> Thanks >> Andy Worthington >> CCE - University of Oklahoma >> >> _______________________________________________ >> pptp-server maillist - pptp-server at lists.schulte.org >> http://lists.schulte.org/mailman/listinfo/pptp-server >> List services provided by www.schulte.org! > From luyer at ucs.uwa.edu.au Wed Jun 16 23:02:45 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jun 16 23:02:45 1999 Subject: [pptp-server] Re: [pptp-server] 629 Error In-Reply-To: Your message of "Wed, 16 Jun 1999 11:10:38 -0300." <3767B05E.AD20B41C@coqui.net> Message-ID: <199906170402.MAA26923@typhaon.ucs.uwa.edu.au> > Jun 16 10:42:41 merdist pptpd[13392]: GRE: read() from PTY failed: errno > = 0 It sounds like pppd isn't starting up properly - look at your pppd logs. If you get 'errno = 0' that's how I've logged end of file conditions. David. From matthewr at moreton.com.au Thu Jun 17 02:34:21 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu Jun 17 02:34:21 1999 Subject: [pptp-server] v0.9.1 released! Message-ID: <3768A3CE.62B90A3C@moreton.com.au> Hiya all, PoPToP v0.9.1 has been released! You can grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html This release features some performance speedups from David and a few minor bug fixes. If someone has some spare time can they write a PoPToP FAQ/HOWTO (from the PoPToP mailing archives). The current documentation for PoPToP is very limited... Here is the changelog: v0.9.0 -> v0.9.1 17th June, 1999 - made a few minor changes for slirp - added macros for PPTP packet creation and removed memcpy() where simple assignment is sufficient; CPU usage should be lower - cleaned up call_id to always be passed around as a network byte order u_int16_t - added some missing ntoh32() in pptpgre.c (currently no effect as ack_recv is ignored) - speedups in GRE routines - no longer close stderr (fd 2) in pptpctrl.c to overcome problems where syslog() is absent - increased debugging in openpty() Cheers, Matt. From skvidal at new-era.com Thu Jun 17 07:11:39 1999 From: skvidal at new-era.com (Seth Vidal) Date: Thu Jun 17 07:11:39 1999 Subject: [pptp-server] Re: [pptp-server] v0.9.1 released! In-Reply-To: <3768A3CE.62B90A3C@moreton.com.au> Message-ID: > Hiya all, > > PoPToP v0.9.1 has been released! You can grab your copy here: > http://www.moretonbay.com/vpn/download_pptp.html > > This release features some performance speedups from David and a few > minor bug fixes. > > If someone has some spare time can they write a PoPToP FAQ/HOWTO (from > the PoPToP mailing archives). The current documentation for PoPToP is > very limited... I'll start working on it soon I think. My boss likes everything to be documented for what I setup so I'll give it a whirl. As soon as I get it posted I'll drop it off here for comments/suggestions/fixes. -sv From andrewh at nextpath.com Thu Jun 17 11:55:30 1999 From: andrewh at nextpath.com (Andrew Hydle) Date: Thu Jun 17 11:55:30 1999 Subject: [pptp-server] Undefined referance to gettext Message-ID: <37692821.16F9DF76@nextpath.com> I am running Slackware 4.0 w/ kernel versio 2.3.6..... Everytime I compile pptp versions 0.8.10 - 0.9.1, I get the error " undefined referance to gettext " in the file getopt.o. Can anyone help? From wfaulk at totalsports.net Thu Jun 17 16:38:27 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Thu Jun 17 16:38:27 1999 Subject: [pptp-server] Re: [pptp-server] Undefined referance to gettext In-Reply-To: <37692821.16F9DF76@nextpath.com> Message-ID: On Thu, 17 Jun 1999, Andrew Hydle wrote: > > I am running Slackware 4.0 w/ kernel versio 2.3.6..... Everytime I > compile pptp versions 0.8.10 - 0.9.1, I get the error " undefined > referance to gettext " in the file getopt.o. Can anyone help? It checks for libintl.h to determine whether or not to use gettext. Just comment out the shole shebang around line 91 and replace it with a simple #define _(msgid) (msgid) Unless you need internationalization, I guess, in which case you need to install some more stuff. -Bitt From toktar at per.com.br Thu Jun 17 20:59:42 1999 From: toktar at per.com.br (Emir Toktar) Date: Thu Jun 17 20:59:42 1999 Subject: [pptp-server] Fw: Error 629 with client Windows NT Message-ID: <00d401beb92f$a2fa59b0$0101a8c0@toktar.intratoktar> OK Matthew, I'm attached two log files. I'm new in Linux and I have doubts. Please, be patient !! Resume : .... Jun 16 22:16:44 devel1 pptpd[1222]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Jun 16 22:16:44 devel1 pppd[1222]: The remote system is required to authenticate itself but I Jun 16 22:16:44 devel1 pppd[1222]: couldn't find any suitable secret (password) for it to use to do so. Jun 16 22:16:44 devel1 pptpd[1221]: GRE: read() from PTY failed: errno = 0 .... I have a doubt to fill the file /etc/ppp/options ================= options ================== ## lock ## turn pppd syslog debugging on ## Changed by Emir on Jun,10 ## change 'servername' to whatever you specify as your server name in chap-secrets * ## debug name sol ## machine "sol", it's have users accounts in the network auth require-chap ## Is optional ??? default is pap ??? proxyarp ============ end options =================== * NAME SERVERNAME (??) It's name NetBIOS (computer name) like in NT? a) In my configuration, how Can I do the host "devel1" (pptpd server) be a server working in chap-secrets? Have I to do any accounts to new users and add in chap-secrets file? b) If the "sol" machine is chap-secrets, must I fill the records in files" and ? c) I have users accounting in the main computer host "sol". This host must be a server to chap-secrets or I can setup to host "devel1" to be chap-secrets? d) At the file "chap-secrets", it's right fill the records like it under example if the "sol" machine is Main Sever accounts? ======chap-secrets================= # Secrets for authentication using PAP # client server secret IP addresses lagre\\user1 obelix passw1 lagre\\user2 xyz passw2 =================================== i.e. { remote machine => client over LAN, machine name "obelix", xxxx and yyyy are others machines that I will records } Domain Network : lagre Domain DNS : ppgia.pucpr.br e) Is it possible only I add { user_name, name_machine(NetBIOS), password, blank IP} in chap-secrets? ==========chap-secrets================= # Secrets for authentication using PAP # client server secret IP addresses user1 obelix passw1 =================================== f) The password (question d & e) is used to authenticate client -to-VPN Server across one chap-secret or pap-secret server like "sol" or "devel1", right?? In this case, if "devel1" pptpd server after the authentication, the client will see the internal network and will be necessary one new authentication. It's possible when the client be authenticate by VPN Server automatically log to the Network without a new log to any server in the network? g) If the clients make a conection to pptpd Server "devel1", the user accounting will be necessary exist to use or it's necessary only the name the users on pap or chap-secrets files. Regard's Emir Toktar toktar at per.com.br toktar at ppgia.pucpr.br -------------------------------------- >Can you send me a fresh log file from the poptop machine *with* ppp debug >info in there as well. (ie. turn on syslogging for DAEMON||DEBUG to a >file and make sure you specify -d on the pptpd command line and also >have debug in your ppp options file) >cheers, >matt ---------------------- > > Emir Toktar wrote: > Matthew Ramsay, what happens when you try and redial? same error loopback? A. Yes, for many times. ---------------------- > Now, I update with pptpd-0.9.0.tgz and there is a new message: > 1- Verifying username and password ...... > 2- Disconnected. > Error 629: The data link was terminated by the remote machine. > > Dial-up Opitons [EDIT PHONE BOOK ENTRY] > SERVER: > enable software compress =enable or disable (don?t make diference) > SERVER / PPP TCP/IP Settings : > Use IP header compression = disable > Server assigned IP adress = enable > Server assigned name server adress = enable > > SECURITY: > Accept any authentication including clear text = enable > > Regards > Emir Toktar -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 18260 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pptpd.log Type: application/octet-stream Size: 2015 bytes Desc: not available URL: From matthewr at moreton.com.au Thu Jun 17 21:15:14 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu Jun 17 21:15:14 1999 Subject: [pptp-server] Re: Fw: Error 629 with client Windows NT References: <00d401beb92f$a2fa59b0$0101a8c0@toktar.intratoktar> Message-ID: <3769AAA3.C4F39105@moreton.com.au> Hi Emir, let me try and help. > Jun 16 22:16:44 devel1 pptpd[1221]: GRE: read() from PTY failed: errno > = 0 This error means u setup PPPD wrong *not* PPTPD.. therefore it is a PPPD problem you are having. On the machine where PoPToP is going to run: This is what you should have in /etc/ppp/options debug require-chap name billybob #### it really doesn't matter.. so long as it matches in chap-secrets auth proxyarp In your /etc/ppp/chap-secrets username billybob password * That is all you need!! Now, if your PoPToP server machine is also connected to a private network any connecting clients will have access to the private network. I hope this helps cheers, matt. From anders.vannman at nyavf.se Fri Jun 18 04:08:04 1999 From: anders.vannman at nyavf.se (=?iso-8859-1?Q?Anders_V=E4nnman?=) Date: Fri Jun 18 04:08:04 1999 Subject: [pptp-server] GRE: Discarding out of order packet Message-ID: I have problem with the following message: GRE: Discarding out of order packet, with heavy pptdp usage my log is filled with these messages. Any clues? Anders From Koester-EDV at t-online.de Fri Jun 18 04:40:34 1999 From: Koester-EDV at t-online.de (Boris Koester) Date: Fri Jun 18 04:40:34 1999 Subject: [pptp-server] Newbie-Question References: <00d401beb92f$a2fa59b0$0101a8c0@toktar.intratoktar> <3769AAA3.C4F39105@moreton.com.au> Message-ID: <376A0EE4.A30B8373@t-online.de> Hi there outside.. I am new with things like ppp and pptp. What is the job of your pptp-server? What can be done with it? Regards Boris > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From guinan at bluebutton.com Fri Jun 18 08:34:24 1999 From: guinan at bluebutton.com (Jamie Guinan) Date: Fri Jun 18 08:34:24 1999 Subject: [pptp-server] Re: [pptp-server] PPTP behind firewall In-Reply-To: Message-ID: On Thu, 3 Jun 1999, Seth Vidal wrote: > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Can someone help me as far as setting up a pptp client, Linux BTW, > > behind a firewall, also Linux. I would like to access a NT Server at > > work from home and have a @Home cable connection with a 2.0.36 > > masquerading firewall so I can use my laptop from home. I have seem > > some things on IP port 137 and udp port 17, from memory. Anyone got a > > FAQ or mini-HOWTO? > you'll need to get the pptp client patch for masquerading (it uses ipportfw > is I remember correctly) Is there such a patch? I didn't see one on Ananian's web site. I'm basically having the same problem. host1 masqhost remotehost | | | +------------+ - - - - - - - - - -+-----... I N T E R N E T host1 is an x86 running Linux 2.2.9, I run the pptp client there. masqhost is a NetWinder running 2.0.35 with ip masquerading. remotehost is an x86 running 2.0.36, PoPToP runs there. The pppd's on both ends come up fine, but after about 30 seconds host1's log reports, Jun 18 09:08:28 tiger pppd[604]: LCP: timeout sending Config-Requests Immediately before that log message appears, tcpdump (on host1) showed, 09:08:00.680401 gre-proto-0x880B (gre encap) 09:08:01.700434 gre-proto-0x880B (gre encap) 09:08:04.710534 gre-proto-0x880B (gre encap) 09:08:07.720634 gre-proto-0x880B (gre encap) 09:08:10.730734 gre-proto-0x880B (gre encap) 09:08:13.740834 gre-proto-0x880B (gre encap) 09:08:16.750934 gre-proto-0x880B (gre encap) 09:08:19.761034 gre-proto-0x880B (gre encap) 09:08:22.771134 gre-proto-0x880B (gre encap) 09:08:25.781234 gre-proto-0x880B (gre encap) Are these broadcast packets? Are they normally outside the TCP 1723 port connection? Do I need to forward them through masqhost? Thanks, -Jamie From luyer at ucs.uwa.edu.au Fri Jun 18 18:37:24 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Jun 18 18:37:24 1999 Subject: [pptp-server] Re: [pptp-server] GRE: Discarding out of order packet In-Reply-To: Your message of "Fri, 18 Jun 1999 11:07:43 +0200." Message-ID: <199906182337.HAA22512@typhaon.ucs.uwa.edu.au> > I have problem with the following message: GRE: Discarding out of order > packet, with heavy pptdp usage my log is filled with these messages. Any > clues? We could move it to being a debugging mode only message - are you confident that the pptpd is working properly and these are real out of order packets? (do you have dual links or some network structure that makes them common?) David. From luyer at ucs.uwa.edu.au Fri Jun 18 18:39:14 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Jun 18 18:39:14 1999 Subject: [pptp-server] Re: [pptp-server] Newbie-Question In-Reply-To: Your message of "Fri, 18 Jun 1999 11:18:28 +0200." <376A0EE4.A30B8373@t-online.de> Message-ID: <199906182339.HAA22535@typhaon.ucs.uwa.edu.au> > Hi there outside.. > > I am new with things like ppp and pptp. What is the job of your pptp-server? > What can be done with it? pptp-server is used as a server to PPTP clients under Linux, Win95 and NT to provide the clients with authenticated access to a network connected to the server. It can also be used for a variety of other purposes, such as a general purpose IP tunnel. David. From luyer at ucs.uwa.edu.au Fri Jun 18 18:43:04 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Fri Jun 18 18:43:04 1999 Subject: [pptp-server] Re: [pptp-server] Fw: Error 629 with client Windows NT In-Reply-To: Your message of "Thu, 17 Jun 1999 23:09:44 -0300." <00d401beb92f$a2fa59b0$0101a8c0@toktar.intratoktar> Message-ID: <199906182342.HAA22590@typhaon.ucs.uwa.edu.au> > Jun 16 22:16:44 devel1 pppd[1222]: The remote system is required to > authenticate itself but I > Jun 16 22:16:44 devel1 pppd[1222]: couldn't find any suitable secret > (password) for it to use to do so. The above is the error, a pppd problem not a pptpd problem. > # Secrets for authentication using PAP > # client server secret IP addresses > lagre\\user1 obelix passw1 > lagre\\user2 xyz passw2 The problem could easily be the \\'s. You might need to use \\\\ or something like that as \ is the traditional Unix quote character so \\ is probably needed to indicate \. You can just use 'simple' usernames if you want, like user1 and user2, but if your clients are used to the lagre\\user1 format then I guess it's best to stay consistent. David. From anders.vannman at nyavf.se Sat Jun 19 01:23:06 1999 From: anders.vannman at nyavf.se (=?iso-8859-1?Q?Anders_V=E4nnman?=) Date: Sat Jun 19 01:23:06 1999 Subject: [pptp-server] RE: [pptp-server] GRE: Discarding out of order packet Message-ID: Hi, The pptpd is working fine, Im using it daily from my home to connect to our internal network. At my apartment I have a TP with direct access to internet, the same is for my work. I dont think there are any special network structures there; at work there is just a cisco between the pptp and the internet. Is there any real problem with this message, does it slow down the link - ie does the packet that's out of order has to be resent? >> I have problem with the following message: GRE: Discarding out of order >> packet, with heavy pptdp usage my log is filled with these messages. Any >> clues? >We could move it to being a debugging mode only message - are you confident >that the pptpd is working properly and these are real out of order packets? >(do you have dual links or some network structure that makes them common?) >David. From luyer at ucs.uwa.edu.au Sat Jun 19 02:49:14 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sat Jun 19 02:49:14 1999 Subject: [pptp-server] Re: [pptp-server] RE: [pptp-server] GRE: Discarding out of order packet In-Reply-To: Your message of "Sat, 19 Jun 1999 08:22:54 +0200." Message-ID: <199906190749.PAA25981@typhaon.ucs.uwa.edu.au> > Hi, > > The pptpd is working fine, Im using it daily from my home to connect to our > internal > network. At my apartment I have a TP with direct access to internet, the > same is for > my work. I dont think there are any special network structures there; at > work there is just > a cisco between the pptp and the internet. > > Is there any real problem with this message, does it slow down the link - ie > does the packet that's out of order has to be resent? Out of order packets are discarded. If the traffic inside the tunnel is UDP, this means the packet will be dropped. If the traffic inside the tunnel is TCP, this means the packet will be re-transmitted by the TCP layer. > >> I have problem with the following message: GRE: Discarding out of order > >> packet, with heavy pptdp usage my log is filled with these messages. Any > >> clues? > > >We could move it to being a debugging mode only message - are you confident > >that the pptpd is working properly and these are real out of order packets? > >(do you have dual links or some network structure that makes them common?) David. From skvidal at skyrunner.net Sun Jun 20 09:27:17 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Sun Jun 20 09:27:17 1999 Subject: [pptp-server] docs etc. Message-ID: I was on a short vacation since thursday but I jotted down some simple howto information. I'm going to post them up here once I get them typed up. (and check them to make sure I'm not crazy) I'd appreciate any comments/suggestions on them. -sv From christopherandrew at ou.edu Sun Jun 20 11:30:17 1999 From: christopherandrew at ou.edu (Andy Worthington) Date: Sun Jun 20 11:30:17 1999 Subject: [pptp-server] Fw: [pptp-server] Re: [pptp-server] general help Message-ID: <005201bebb3a$c1425640$0a01a8c0@aworthin.occe.ou.edu> Sorry about resending this but I don't know if it actually made it too the list because I got some messages a postmaster saying the message failed so here it is again. The original message is at the bottom. Thanks Andy Worthington -----Original Message----- From: Andy Worthington To: Allan Clark Cc: pptp-server at lists.schulte.org Date: Wednesday, June 16, 1999 2:22 PM Subject: [pptp-server] Re: [pptp-server] general help > >-----Original Message----- >From: Allan Clark >To: Andy Worthington >Date: Wednesday, June 16, 1999 1:23 PM >Subject: Re: [pptp-server] general help > > >>Before someone else asks, I'll ask the obvious questions (since we can't >see >>your screen from here) : >> - what is your OS? > >RedHat 5.1 >> - what version of pptpd ? >v0.9 >> - what version of pppd ? >version 2.3 patch level 3 >> >>.. and my own questions ... >>what IP is being handed out by the pptpd service? Is that the IP you're >using >>to connect? > >The ip of the machine is 129.15.124.49. The local is .30 and remote is .43 >>what does the routing table look like on the windows client ? >Network Address Netmask Gateway Address Interface >Metric >0.0.0.0 0.0.0.0 129.15.124.43 >129.15.124.43 1 >0.0.0.0 0.0.0.0 38.193.69.16 >38.193.69.16 2 >38.0.0.0 255.0.0.0 38.193.69.16 >38.193.69.16 2 >38.193.69.16 255.255.255.255 127.0.0.1 >127.0.0.1 1 >38.255.255.255 255.255.255.255 38.193.69.16 38.193.69.16 >1 >127.0.0.0 255.0.0.0 127.0.0.1 >127.0.0.1 1 >129.15.0.0 255.255.0.0 129.15.124.43 >129.15.124.43 1 >129.15.124.43 255.255.255.255 127.0.0.1 127.0.0. 1 >1 >129.15.124.49 255.255.255.255 38.193.69.16 38.193.69.16 >1 >224.0.0.0 224.0.0.0 38.193.69.16 >38.193.69.16 1 >224.0.0.0 224.0.0.0 129.15.124.43 >129.15.124.43 1 >255.255.255.255 255.255.255.255 38.193.69.16 38.193.69.16 >1 > >>what is your pptpd config and pppd config ? >> >pppd config: >debug >name tel.occe.ou.edu >auth >require-chap >proxyarp > >pptpd config: >speed 115200 >localip 129.15.124.30 >remoteip 129.15.124.43 >>Allan >> >> > >129.15 is for the whole university >our subnet is comprised of 129.15.124 and .125 with netmask of 255.255.254.0 >since I dont see that netmask anywhere in the win95 routing table could that >be where the problem lies? > >Thanks >Andy Worthington >CCE - University of Oklahoma > >>Andy Worthington wrote: >> >>> I have been playing around with pptpd for a while now. I have it setup >on >>> my home network and access it from my machine at work that is connected >by >>> way of network card to the internet. Everything works great there. >Today I >>> started setting pptpd up on a work server to start testing it out here. >I >>> can call the pptpd server and get connected and all but it doesn't seem >like >>> it is sending anything over the link. The network the pptpd is being >setup >>> on is a subnet of two class c's. The reason we are setting up the pptpd >is >>> to allow people on the road access to the intranet web server and the >>> netware server which you must be on the local subnet to access. I am >>> dialing into a local ISP and then connecting to the pptpd machine. >>> Everything is fine but then if I telnet to the pptpd machine it appears >to >>> go through the original ppp connection and not the vpn connection. ie >win95 >>> does not report any traffic on the vpn connection. Any help would be >>> appreciative. >>> >>> Thanks >>> Andy Worthington >>> CCE - University of Oklahoma >>> >>> _______________________________________________ >>> pptp-server maillist - pptp-server at lists.schulte.org >>> http://lists.schulte.org/mailman/listinfo/pptp-server >>> List services provided by www.schulte.org! >> > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > From cgalpin at lighthouse-software.com Mon Jun 21 14:15:56 1999 From: cgalpin at lighthouse-software.com (Charles Galpin) Date: Mon Jun 21 14:15:56 1999 Subject: [pptp-server] newbie problems with pptp-linux client Message-ID: Hi I'm trying to use pptp-linux to connect to a VPN that Is iether NT based, or uses NT authentication. Anyway, I have an IP a.b.c.d, a NT domain MYDOM, and a user and password to work with. I want to connect to the VPN while already conencted to the 'net via dedicated DSL connection. I cannot get it to work. I have enabled pppd debug logging. I have put the following in both /etc/ppp/[chap|pap]-secrets MYDOM\\cgalpin a.b.c.d passwd When I try the following invocation of pptp-linux [root at pooh /etc]# /tmp/pptp-linux-1.0.2/pptp a.b.c.d debug name MYDOM\\cgalpin remotename cgalpin (unknown)[10342]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection established. (unknown)[10342]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. I get the following in pppd.log Jun 21 13:58:00 pooh a.b.c.d[9557]: log[pptp_conn_close:pptp_ctrl.c:275]: Closing PPTP connection Jun 21 14:50:52 pooh (unknown)[10342]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection established. Jun 21 14:50:53 pooh (unknown)[10342]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. Jun 21 14:50:54 pooh pppd[10347]: pppd 2.3.3 started by root, uid 0 Jun 21 14:50:54 pooh pppd[10347]: Using interface ppp0 Jun 21 14:50:54 pooh pppd[10347]: Connect: ppp0 <--> /dev/ttya0 Jun 21 14:50:54 pooh pppd[10347]: sent [LCP ConfReq id=0x1 ] Jun 21 14:51:21 pooh last message repeated 9 times Jun 21 14:51:24 pooh pppd[10347]: LCP: timeout sending Config-Requests Jun 21 14:51:24 pooh pppd[10347]: Connection terminated. Jun 21 14:51:25 pooh pppd[10347]: Exit. And all I get from a ps is root 10342 0.0 0.3 792 420 p3 S 14:50 0:00 pptp: call manager for a.b.c.d Can anyone tell me what 'm doing wrong? thanks charles From geo at fretim.dnttm.ro Tue Jun 22 00:27:39 1999 From: geo at fretim.dnttm.ro (Pop George) Date: Tue Jun 22 00:27:39 1999 Subject: [pptp-server] Re: [pptp-server] newbie problems with pptp-linux client In-Reply-To: Message-ID: On Mon, 21 Jun 1999, Charles Galpin wrote: > Hi > > I'm trying to use pptp-linux to connect to a VPN that Is iether NT based, > or uses NT authentication. Anyway, I have an IP a.b.c.d, a NT domain > MYDOM, and a user and password to work with. > > I want to connect to the VPN while already conencted to the 'net via > dedicated DSL connection. I cannot get it to work. I have enabled pppd > debug logging. > > I have put the following in both /etc/ppp/[chap|pap]-secrets > MYDOM\\cgalpin a.b.c.d passwd > > When I try the following invocation of pptp-linux > > [root at pooh /etc]# /tmp/pptp-linux-1.0.2/pptp a.b.c.d debug name > MYDOM\\cgalpin remotename cgalpin > (unknown)[10342]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client > connection established. > (unknown)[10342]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing > call established. > > I get the following in pppd.log > > Jun 21 13:58:00 pooh a.b.c.d[9557]: > log[pptp_conn_close:pptp_ctrl.c:275]: Closing PPTP connection > Jun 21 14:50:52 pooh (unknown)[10342]: > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection > established. > Jun 21 14:50:53 pooh (unknown)[10342]: > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. > Jun 21 14:50:54 pooh pppd[10347]: pppd 2.3.3 started by root, uid 0 > Jun 21 14:50:54 pooh pppd[10347]: Using interface ppp0 > Jun 21 14:50:54 pooh pppd[10347]: Connect: ppp0 <--> /dev/ttya0 > Jun 21 14:50:54 pooh pppd[10347]: sent [LCP ConfReq id=0x1 0xffff04ab> ] > Jun 21 14:51:21 pooh last message repeated 9 times > Jun 21 14:51:24 pooh pppd[10347]: LCP: timeout sending Config-Requests > Jun 21 14:51:24 pooh pppd[10347]: Connection terminated. > Jun 21 14:51:25 pooh pppd[10347]: Exit. > > And all I get from a ps is > > root 10342 0.0 0.3 792 420 p3 S 14:50 0:00 pptp: call > manager for a.b.c.d > > Can anyone tell me what 'm doing wrong? > > thanks > charles > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > Hy , I had similar problems and I solved them this way: 1.Kernel must be compiled with the option tunneling 2.Before running pptp client modules new_tunnel and ipip must be inserted in the kernel. 3.The server side must have dial-in permision granted to the account that you use( This is mostly the problem when message like outgoing call established... and client connection established and then closing whithout any explanations...) 4.And if possible checking the authentification methods on the NT server side . What is strange is that it is using ppp0. I assume that your ppp conection to your ISP must be on ppp0. The pptp connection then takes ppp1,ppp2.. I hope this helps a bit. George From nico at sonycom.com Tue Jun 22 04:45:04 1999 From: nico at sonycom.com (Nico De Ranter) Date: Tue Jun 22 04:45:04 1999 Subject: [pptp-server] pptpd on Solaris? Message-ID: <199906220944.JAA12138@oshima.sonytel.be> Does anybody have any experience with setting up pptpd on a SUN running solaris 2.6? Nico -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From cgalpin at lighthouse-software.com Tue Jun 22 05:41:55 1999 From: cgalpin at lighthouse-software.com (Charles Galpin) Date: Tue Jun 22 05:41:55 1999 Subject: [pptp-server] Re: [pptp-server] newbie problems with pptp-linux client In-Reply-To: Message-ID: Hi George On Tue, 22 Jun 1999, Pop George wrote: > > 1.Kernel must be compiled with the option tunneling > 2.Before running pptp client modules new_tunnel and ipip must be inserted > in the kernel. I'm using the pptp client because I thought I wouldn't have to recompile the kernel. If I have to recompile the kernel, I'd rather setup pptp masquerading. Are you sure I need to recompile the kernel to use this? > 3.The server side must have dial-in permision granted to the account that > you use( This is mostly the problem when message like outgoing call > established... and client connection established and then closing > whithout any explanations...) But I'm not actually dialing in. I'm already connected to the net, and just want to join this VPN out there > 4.And if possible checking the authentification methods on the NT server > side . The guy on the other end doesn't know much :) He's not even sure if it's an NT box, or a cisco using NT authentication. I don't know much either :) All I can tell you is that this supposedly works out of the box with the win98 vpn adapter. > > What is strange is that it is using ppp0. I assume that your ppp conection > to your ISP must be on ppp0. The pptp connection then takes ppp1,ppp2.. No, I'm connected to the net via eth1. I do have an old config setup for ppp0 which I used to use for dialup - could this be causing problems? I really want to get this working. I have a 768/768 DSL connection now, yet I have to dialup at 33.6 to work!! thanks charles > > On Mon, 21 Jun 1999, Charles Galpin wrote: > > > Hi > > > > I'm trying to use pptp-linux to connect to a VPN that Is iether NT based, > > or uses NT authentication. Anyway, I have an IP a.b.c.d, a NT domain > > MYDOM, and a user and password to work with. > > > > I want to connect to the VPN while already conencted to the 'net via > > dedicated DSL connection. I cannot get it to work. I have enabled pppd > > debug logging. > > > > I have put the following in both /etc/ppp/[chap|pap]-secrets > > MYDOM\\cgalpin a.b.c.d passwd > > > > When I try the following invocation of pptp-linux > > > > [root at pooh /etc]# /tmp/pptp-linux-1.0.2/pptp a.b.c.d debug name > > MYDOM\\cgalpin remotename cgalpin > > (unknown)[10342]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client > > connection established. > > (unknown)[10342]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing > > call established. > > > > I get the following in pppd.log > > > > Jun 21 13:58:00 pooh a.b.c.d[9557]: > > log[pptp_conn_close:pptp_ctrl.c:275]: Closing PPTP connection > > Jun 21 14:50:52 pooh (unknown)[10342]: > > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection > > established. > > Jun 21 14:50:53 pooh (unknown)[10342]: > > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. > > Jun 21 14:50:54 pooh pppd[10347]: pppd 2.3.3 started by root, uid 0 > > Jun 21 14:50:54 pooh pppd[10347]: Using interface ppp0 > > Jun 21 14:50:54 pooh pppd[10347]: Connect: ppp0 <--> /dev/ttya0 > > Jun 21 14:50:54 pooh pppd[10347]: sent [LCP ConfReq id=0x1 > 0xffff04ab> ] > > Jun 21 14:51:21 pooh last message repeated 9 times > > Jun 21 14:51:24 pooh pppd[10347]: LCP: timeout sending Config-Requests > > Jun 21 14:51:24 pooh pppd[10347]: Connection terminated. > > Jun 21 14:51:25 pooh pppd[10347]: Exit. > > > > And all I get from a ps is > > > > root 10342 0.0 0.3 792 420 p3 S 14:50 0:00 pptp: call > > manager for a.b.c.d From pspinto at esoterica.pt Tue Jun 22 08:29:30 1999 From: pspinto at esoterica.pt (pspinto at esoterica.pt) Date: Tue Jun 22 08:29:30 1999 Subject: [pptp-server] Security ? Message-ID: <199906221430.PAA13918@beleriand.esoterica.pt> Hi there :) I'm kind'a new on this and not a real 'expert' in Linux, so forgive my possible errors (and btw the poor english also ;) ). I'm starting to deploy (in fact just still planning to) some kind of access to our corporate network (NT) using the internet. As our firewall is a Linux box (running RH6), I was considering using the PPTPD, as it is more simple to have just one machine connected to the net (er.. and I don't like Neanderthal Technology, also ;) ). Ok.. enough talk.. the problem is that I'm concerned about security, and I've read an article ( http://www.counterpane.com/pptp.html ) that points out some security issues on PPTP. The question is: does PoPToP suffer from the same issues ? or it's only the WinNT Server version of PPTP that's vulnerable ? Hugz to all Paulo Pinto pspinto at esoterica.pt From hamilton at twopoint.com Tue Jun 22 10:15:28 1999 From: hamilton at twopoint.com (Hamilton Hoover) Date: Tue Jun 22 10:15:28 1999 Subject: [pptp-server] Re: [pptp-server] Security ? References: <199906221430.PAA13918@beleriand.esoterica.pt> Message-ID: <376FA76D.ADF2E78A@twopoint.com> The question is: does PoPToP suffer from the same issues ? or it's only the WinNT Server version of PPTP that's vulnerable ?>> If you look on the faq page they claim that the crack is only effective on WinNT. -------------- next part -------------- A non-text attachment was scrubbed... Name: hamilton.vcf Type: text/x-vcard Size: 384 bytes Desc: Card for Hamilton Hoover URL: From allanc at sco.com Tue Jun 22 10:38:59 1999 From: allanc at sco.com (Allan Clark) Date: Tue Jun 22 10:38:59 1999 Subject: [pptp-server] Re: [pptp-server] Security ? References: <199906221430.PAA13918@beleriand.esoterica.pt> Message-ID: <376FADAE.C3AB690C@sco.com> Is this something we should ask the authors of the report to consider, or look at it ourselves? I haven't done crypto since university... I could take a look, make some suggestions, but I doubt I would be much help. Perhaps these guys (Bruce Schneier and Mudge) could make a better suggestion than I could. They may just say "go to IPsec" though... (BTW Paulo, your english is better than I hear around here...) Allan pspinto at esoterica.pt (Paulo) wrote: > [ ... ] the problem is that I'm concerned about security, > and I've read an article ( http://www.counterpane.com/pptp.html ) that > points out some security issues on PPTP. > > The question is: does PoPToP suffer from the same issues ? or it's only > the WinNT Server version of PPTP that's vulnerable ? From allanc at sco.com Tue Jun 22 11:02:08 1999 From: allanc at sco.com (Allan Clark) Date: Tue Jun 22 11:02:08 1999 Subject: [pptp-server] Re: [pptp-server] Security ? References: <199906221430.PAA13918@beleriand.esoterica.pt> <376FA76D.ADF2E78A@twopoint.com> Message-ID: <376FB2D9.53C6D4C8@sco.com> An initial look at the article suggests that what the authors hammered was not the PPTP protocol, but the authentication that the PPTP VPN servers on NT offered access to via open internet. PPTP seems initially to be just the path to the weakness, not the weakness itself. Part of their observance of weakness deals with use of poor passwords as well, a cheap component, simple enough to fix. > While no flaws were found in > PPTP itself, several serious flaws were found in the Microsoft implementation of it. > (http://www.counterpane.com/pptp-pressrel.html) The authors do not specifically say "this is ONLY effective against NT", just that NT is affected. This implies that they do not recognize PoPToP, and it may be included. The fact that PoPToP has to interOp with MS DUN's VPN client means that it will have the same weaknesses. It can only protect itself from DoS attacks, have immediate response to out-of-sequence packets or illogical packets, etc. The protocol is not considered weak in this analysis, but the weaknesses have to be replicated in apparent behavior by PoPToP. The only thing the developers can do with PoPToP is make it a stronger server per se -- more able to handle the attacks when the come. A significant issue is that one or both authors have built a commercially-available tool, "l0phtcrack", which will apparently detect the weak passwords in your system. The commercial gain of such a research paper is to be considered, but not as a discredit to their work. FYC Allan Hamilton Hoover wrote: > The question is: does PoPToP suffer from the same issues ? or it's only > the WinNT Server version of PPTP that's vulnerable ?>> > > If you look on the faq page they claim that the crack is only effective > on WinNT. From hamilton at twopoint.com Tue Jun 22 11:40:17 1999 From: hamilton at twopoint.com (Hamilton Hoover) Date: Tue Jun 22 11:40:17 1999 Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] Security ? References: <199906221430.PAA13918@beleriand.esoterica.pt> <376FA76D.ADF2E78A@twopoint.com> <376FB2D9.53C6D4C8@sco.com> Message-ID: <376FBB7D.FD9E2ECE@twopoint.com> I stand corrected. I think it very important that the exact nature of this bug be disclosed. For those running MS PPTP, they have a very very serious possibility of a breach. For what I can make of the press release and faq page is that the security hazard is limited to only machine implementing MS PPTP. And that the problem itself is not within PPTP but the way that MS PPTP encryption. For those running PPTP on other flavors there is no suggestion that the encryption flaw that MS has caries over. 1. What did Bruce Schneier and Mudge actually do? They found security flaws in Microsoft PPTP that allow attacks to sniff passwords across the network, break the encryption scheme and read confidential data, and mount denial of service attacks against PPTP servers. They did not find flaws in PPTP, only in Microsoft's implementation of it. I assumed from the statement below that the problem was limited to the server. After review I retract that statement. 2. What is PPTP? PPTP stands for point-to-point tunneling protocol. It is an Internet protocol commonly used in Virtual Private Network (VPN) products. Windows NT supports PPTP server, and both Windows NT and Windows 95 support PPTP client. I'd love to hear more ideas and find out more about this problem. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: hamilton.vcf Type: text/x-vcard Size: 384 bytes Desc: Card for Hamilton Hoover URL: From tmk at netmagic.net Tue Jun 22 13:39:15 1999 From: tmk at netmagic.net (tmk) Date: Tue Jun 22 13:39:15 1999 Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] Re: [pptp-server] Security ? In-Reply-To: <376FBB7D.FD9E2ECE@twopoint.com> Message-ID: As I understand it, the security problems are: 1. Bad encryption/password transmission 2. Insecure control connection 3. Hijack link? 1. Anytime we start using MS encryption or MS-CHAP (not sure if ms-chap2 is any better) the risk is there for someone to decode our packets (note that any kind of encryption is better than NO encryption) 2. Control connections are based on TCP connections, so if someone has decent spoofing software, and knows the client's IP, They can send an "end call request" to the server and disconnect the client. 3. I guess it is possible if someone is REALLY good to completely hijack a connection (would require killing the client and having the ability to join in a gre/ppp link mid stream - not an easy task) and thereby gain access to the internal network. This is not much of a threat in my opinion, but it is a threat nonetheless. From anders.vannman at nyavf.se Tue Jun 22 14:01:54 1999 From: anders.vannman at nyavf.se (=?iso-8859-1?Q?Anders_V=E4nnman?=) Date: Tue Jun 22 14:01:54 1999 Subject: [pptp-server] GRE out of order again... Message-ID: Hi, Wrote some days ago about GRE-packets out of order; ive changed some in the syslog to see what the problem is: Jun 22 20:42:11 vf pptpd[21742]: GRE: Discarding out of order packet 135 - 134 Jun 22 20:42:11 vf pptpd[21742]: GRE: Discarding out of order packet 137 - 136 Jun 22 20:42:12 vf pptpd[21742]: GRE: Discarding out of order packet 157 - 156 Jun 22 20:42:13 vf pptpd[21742]: GRE: Discarding out of order packet 159 - 158 Jun 22 20:42:13 vf pptpd[21742]: GRE: Discarding out of order packet 163 - 162 Jun 22 20:42:13 vf pptpd[21742]: GRE: Discarding out of order packet 167 - 166 Jun 22 20:42:13 vf pptpd[21742]: GRE: Discarding out of order packet 187 - 186 Jun 22 20:42:14 vf pptpd[21742]: GRE: Discarding out of order packet 209 - 208 Jun 22 20:42:23 vf pptpd[21742]: GRE: Discarding out of order packet 272 - 271 Jun 22 20:42:24 vf pptpd[21742]: GRE: Discarding out of order packet 282 - 281 where the first is gre.seq_recv, and the second is seq. It seems like it's always one thats differing, as far as I understand the code the gre.seq_recv is containing whats expected, ie last recieved, and the seq is what was recieved. When I have these problems my pptp is awful slow, remoteadmin is faster trough a 28k modem then via the 256kbs internet that our office have (I have 5mbs at home) Dont really understand why its a problem.... the only socket that shows up in netstat is the raw-socket that pptpd makes. Could it be a problem with my NT VPN that keeps sending wrong packets? Perhaps... found some information on www.macrosoft.com about Fragmentation and Performance Issues with PPTP Connections... as always they say that one should apply the latest servicepack :-) Or could it be the Internet that's dropping some of the packets? Anders From edison at xwd.com Tue Jun 22 17:46:11 1999 From: edison at xwd.com (Aydelott, Ryan) Date: Tue Jun 22 17:46:11 1999 Subject: [pptp-server] PopTop and Wintel Connections Message-ID: <6FFEC516CDF6D211AB7700805F65699E096A78@wdserver.ih.lucent.com> Greets, I am currently running poptop .9 and am having difficulty with connectivity. Perhaps somebody on this list can help. Authentication and all things seem to work fine, PopTop appears to be doing it's job. Under ifconfig I get the local and remote addresses showing up ok. As the pptp client (wintel) I can always connect to the local ip addresses on my machine. And connect to the pptp server local address, and of course myself (remote address). But when trying to connect to machines other then the pop-top machine and self all fails. From remote machines I can get to the local IP addresses. (poptop and regular ip's) but cannot get to the remote ip assigned to the connected caller. (Even when adding a host route on the machine to the local address on the poptop machine.) If anyone has experienced similiar behavior, please let me know.. Thanks.. FYI: redhat6,poptop : win98,dun1.3 From tmk at netmagic.net Tue Jun 22 18:14:41 1999 From: tmk at netmagic.net (tmk) Date: Tue Jun 22 18:14:41 1999 Subject: [pptp-server] Re: [pptp-server] PopTop and Wintel Connections References: <6FFEC516CDF6D211AB7700805F65699E096A78@wdserver.ih.lucent.com> Message-ID: <001001bebd03$da51d460$011c0fc0@lala.net> > myself (remote address). But when trying to connect to machines other then > the pop-top machine and self all fails. From remote machines I can get to > the local IP addresses. (poptop and regular ip's) but cannot get to the > remote ip assigned to the connected caller. (Even when adding a host route > on the machine to the local address on the poptop machine.) If your client machine's IP is not in the same subnet as the server, IP forwarding must be on in the kernel (echo "1" > /proc/sys/net/ipv4/ip_forward) to forward packets (ie route) and you might have to enable proxyarp in a similar fashon. Be sure that the client (remote) machine's IP is on the same subnet as the rest of the computers (i usually set the local ip to the linux machine) if you use proxy arp. Also check your firewalling rules just in case. Kevin From edison at xwd.com Tue Jun 22 18:55:50 1999 From: edison at xwd.com (edison at xwd.com) Date: Tue Jun 22 18:55:50 1999 Subject: [pptp-server] PopTop, and that problem Message-ID: <376F6AC8.7FF32265@xwd.com> Thanks for the reply, I thought about that and it didn't seem to matter to me because I couldn't get to machines that were on the same subnet.. Then I went ahead and turned on forwarding anyways, and it worked out fine! There were some other interesting things though concerning how the route tables on the client had to be setup. But then again the linux box (poptop) gets out through yet another tunnel.. (one over a wireless link no-less) But it's working now, which is good! Thanks, All! From matthewr at moreton.com.au Tue Jun 22 20:12:29 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Jun 22 20:12:29 1999 Subject: [pptp-server] poptop encryption and security issues Message-ID: <37703312.DB5AB502@moreton.com.au> Hiya all, Yesterday, with the help of others, I successfully connected a win98 PPTP client to my PoPToP server with 40 bit RC4 Microsoft data encryption :-) This was with a pppd patch which supports MSCHAP/MSCHAPv2/40 bit MPPE/128 bit MPPE. Now to address some security issues: First of all PoPToP relies on authentication and encryption FROM PPP!!! none of this comes from poptop itself. This addresses Bruce Schneier's page: (http://www.counterpane.com/pptp-pressrel.html) So what are the problems? from the press release page: 1. password hashing -- weak algorithms allow eavesdroppers to learn the user's password 2. Challenge/Reply Authentication Protocol -- a design flaw allows an attacker to masquerade as the server 3. encryption -- implementation mistakes allow encrypted data to be recovered 4. encryption key -- common passwords yield breakable keys, even for 128-bit encryption 5. control channel -- unauthenticated messages let attackers crash PPTP servers 1&2 are authentication issues.. MSCHAP is hopeless.. Windows clients support PAP/CHAP/MSCHAP and in the latest releases MSCHAPv2. MSCHAPv2 supposedly *fixes* a lot of MSCHAP problems (i haven't heard much about it yet tho..?). The pppd patch i mentioned above supports MSCHAPv2. If you want MS Windows clients without extra 3rd party *EXPENSIVE* VPN clients this is as good as you get.... could MSCHAPv2 possible be secure though....? Anyone know much about MSCHAPv2's strengths (or weaknesses :-). 3&4 address encryption issues. the pppd patch above supports 40 and 128 bit microsoft compatible encryption. I'm unsure on what implementation mistakes MS made?? anyone? the pppd patch follows the MPPE IETFs as far as i am aware... which are open for public scrutiny. Does the pppd patch suffer from the same problems.. dun know.. 5 is a shocker and an obvious problem and exists in the current poptop implementation.. bad luck for now. IMO this is the only real problem with poptop. poptop is better than the NT pptp server.. but it does suffer from some of the same problems. It's good enough for me though.. i started poptop to do what it does right now! (i fear it wouldn't have got this far without Kevin and David though :-) I doubt we will be able to improve poptop without breaking windows client support. Comments on MSCHAPv2 and MPPE encryption sought after. cheers, -matt From matthewr at moreton.com.au Tue Jun 22 23:47:45 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Jun 22 23:47:45 1999 Subject: [pptp-server] v0.9.2 released! Message-ID: <377065DE.34A58BDF@moreton.com.au> Folks, PoPToP v0.9.2 has been released! Grab your copy here: http://www.moretonbay.com/vpn/download_pptp.html A few minor bug fixes and some other minor changes outlined in the ChangeLog below. v0.9.1 -> v0.9.2 23rd June, 1999 - made usage info not show details which aren't relevant to current config - made configure force pppd-ip-alloc on systems where we don't yet support passing IP addresses to pppd (SLIRP, BSDUSER_PPP) - minor slirp fix for pppd startup detection tis all for now! -PoPToP development team. From luyer at ucs.uwa.edu.au Wed Jun 23 02:54:11 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jun 23 02:54:11 1999 Subject: [pptp-server] Re: [pptp-server] GRE out of order again... In-Reply-To: Your message of "Tue, 22 Jun 1999 21:01:47 +0200." Message-ID: <199906230753.PAA20276@typhaon.ucs.uwa.edu.au> > Dont really understand why its a problem.... the only socket that shows up > in netstat is the raw-socket that pptpd makes. Could it be a problem with my > NT VPN > that keeps sending wrong packets? No, it will be sending them in the correct order I'd expect, there are sometimes issues with packet re-ordering on heavily loaded interfaces but it should be rare. > Or could it be the Internet that's dropping some of the packets? It's not dropped packets, but out of order ones. Basically, the problem is most likely related to having multiple paths or multilink connections between where you are connecting from and to. The packets which turn up after the packet which is sequenced after them must be dropped (since PPP depends on only getting frames in order, it's ok to drop some but not OK to send them out of order). ie: packet 1 arrives, we send it to pppd packet 3 arrives, we send it to pppd packet 2 arrives, we must drop packet 2 From anders.vannman at nyavf.se Wed Jun 23 03:15:10 1999 From: anders.vannman at nyavf.se (=?iso-8859-1?Q?Anders_V=E4nnman?=) Date: Wed Jun 23 03:15:10 1999 Subject: [pptp-server] SV: [pptp-server] GRE out of order again... Message-ID: Hi, Ok, since I have no control over the path between my home and office, i've run a traceroute and it turns out that the packets travels first from Umea to Stockholm, and then back again - since at work we have one provider and at home im connected to the university backbone. So.. there might be lots of things happening on the way :-) It might not be a real problem - except regarding performance - since the tcp-protocol should take care of any packetlosses. Anders From ronmacneil at home.com Wed Jun 23 07:06:46 1999 From: ronmacneil at home.com (Ron MacNeil) Date: Wed Jun 23 07:06:46 1999 Subject: [pptp-server] RE: [pptp-server] poptop encryption and security issues In-Reply-To: <37703312.DB5AB502@moreton.com.au> Message-ID: <000101bebd70$2a58c4c0$c7564118@mtmk1.on.wave.home.com> So where can we find this wonderful patch? Do you have any helpful hits or tips regarding the installation of this patch? Thank you, Ron MacNeil -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Matthew Ramsay Sent: June 22, 1999 9:06 PM To: poptop Subject: [pptp-server] poptop encryption and security issues Hiya all, Yesterday, with the help of others, I successfully connected a win98 PPTP client to my PoPToP server with 40 bit RC4 Microsoft data encryption :-) This was with a pppd patch which supports MSCHAP/MSCHAPv2/40 bit MPPE/128 bit MPPE. Now to address some security issues: First of all PoPToP relies on authentication and encryption FROM PPP!!! none of this comes from poptop itself. This addresses Bruce Schneier's page: (http://www.counterpane.com/pptp-pressrel.html) So what are the problems? from the press release page: 1. password hashing -- weak algorithms allow eavesdroppers to learn the user's password 2. Challenge/Reply Authentication Protocol -- a design flaw allows an attacker to masquerade as the server 3. encryption -- implementation mistakes allow encrypted data to be recovered 4. encryption key -- common passwords yield breakable keys, even for 128-bit encryption 5. control channel -- unauthenticated messages let attackers crash PPTP servers 1&2 are authentication issues.. MSCHAP is hopeless.. Windows clients support PAP/CHAP/MSCHAP and in the latest releases MSCHAPv2. MSCHAPv2 supposedly *fixes* a lot of MSCHAP problems (i haven't heard much about it yet tho..?). The pppd patch i mentioned above supports MSCHAPv2. If you want MS Windows clients without extra 3rd party *EXPENSIVE* VPN clients this is as good as you get.... could MSCHAPv2 possible be secure though....? Anyone know much about MSCHAPv2's strengths (or weaknesses :-). 3&4 address encryption issues. the pppd patch above supports 40 and 128 bit microsoft compatible encryption. I'm unsure on what implementation mistakes MS made?? anyone? the pppd patch follows the MPPE IETFs as far as i am aware... which are open for public scrutiny. Does the pppd patch suffer from the same problems.. dun know.. 5 is a shocker and an obvious problem and exists in the current poptop implementation.. bad luck for now. IMO this is the only real problem with poptop. poptop is better than the NT pptp server.. but it does suffer from some of the same problems. It's good enough for me though.. i started poptop to do what it does right now! (i fear it wouldn't have got this far without Kevin and David though :-) I doubt we will be able to improve poptop without breaking windows client support. Comments on MSCHAPv2 and MPPE encryption sought after. cheers, -matt _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From ronmacneil at home.com Wed Jun 23 07:08:26 1999 From: ronmacneil at home.com (Ron MacNeil) Date: Wed Jun 23 07:08:26 1999 Subject: [pptp-server] RE: [Pptp] List moved to opensource.captech.com In-Reply-To: Message-ID: <000201bebd70$68cffac0$c7564118@mtmk1.on.wave.home.com> Could someone update the Poptop web page with this info. Any new subscribers will miss this. Thanks, Ron MacNeil -----Original Message----- From: pptp-admin at opensource.captech.com [mailto:pptp-admin at opensource.captech.com] On Behalf Of Christoph Lameter Sent: June 21, 1999 4:58 PM To: pptp at opensource.captech.com Subject: [Pptp] List moved to opensource.captech.com The pptp list has been moved to pptp at opensource.captech.com for help on how to subscribe/unsubscribe etc send a request with "help" in the body to pptp-request at opensource.captech.com Web Interface is available at http://opensource.captech.com/mailman/listinfo/pptp Connectivity and support have been vastly improved. In my new position as the Manager for Open Systems Technology at CapTech I have resources available to make sure that future operations will be much smoother in the future. More announcements to follow. Mail to pptp at debs.fuller.edu will be forwarded to pptp at opensource.captech.com but it is not clear how long the system will stay in place since I will be no longer maintaining the system. Please update the locations of the mailing list and how to subscribe/unsubscribe whereever necessary. Christoph Lameter _______________________________________________ Pptp mailing list - Pptp at opensource.captech.com http://opensource.captech.com/mailman/listinfo/pptp From dnewton at wkc.org Wed Jun 23 12:20:20 1999 From: dnewton at wkc.org (Derek Newton) Date: Wed Jun 23 12:20:20 1999 Subject: [pptp-server] Newbie question... Message-ID: Could someone please describe to me exactly what local ips and remote ips setting in the pptpd.conf file does. I can't find any information in the documentation on this and am a little confused. Thanks for your help! Derek Newton dnewton at wkc.org From tmk at netmagic.net Wed Jun 23 13:17:39 1999 From: tmk at netmagic.net (tmk) Date: Wed Jun 23 13:17:39 1999 Subject: [pptp-server] Re: [pptp-server] Newbie question... References: Message-ID: <001901bebda2$835b4160$011c0fc0@lala.net> they set the local and remote ip that pppd will use. Local IP should be your linux box's ip (just giving one is fine) and remote ip should be a bunch of ips to give the clients when they call in. Kevin ----- Original Message ----- From: Derek Newton To: Sent: Wednesday, June 23, 1999 10:24 AM Subject: [pptp-server] Newbie question... > Could someone please describe to me exactly what local ips and remote ips > setting in the pptpd.conf file does. I can't find any information in the > documentation on this and am a little confused. > > Thanks for your help! > > Derek Newton > dnewton at wkc.org > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From christopher at schulte.org Wed Jun 23 16:31:55 1999 From: christopher at schulte.org (Christopher Schulte) Date: Wed Jun 23 16:31:55 1999 Subject: [pptp-server] Re: [pptp-server] RE: [Pptp] List moved to opensource.captech.com In-Reply-To: <000201bebd70$68cffac0$c7564118@mtmk1.on.wave.home.com> References: Message-ID: <4.2.0.56.19990623161801.00bd0ba0@pop.schulte.org> The pptp mailing list has NOT been moved. I am not sure why a message stating otherwise was posted. I have been in communication with Christoph Lameter, but he has not been able to explain to my satisfaction why this message was posted. He claims to have set this list up in the first place (not true) and he claims that I have been hijacking his subscribers (not true). Please ignore the previous message on this subject and all further which may come, unless from Matthew Ramsay or myself. Matthew has the final say of matters of this nature. I'm really sorry for any confusion this may have caused. I wish I could explain why it happened. At 08:03 AM 6/23/99 -0400, you wrote: >Could someone update the Poptop web page with this info. Any new >subscribers will miss this. > >Thanks, >Ron MacNeil > >-----Original Message----- >From: pptp-admin at opensource.captech.com >[mailto:pptp-admin at opensource.captech.com] On Behalf Of Christoph Lameter >Sent: June 21, 1999 4:58 PM >To: pptp at opensource.captech.com >Subject: [Pptp] List moved to opensource.captech.com > >The pptp list has been moved to > >pptp at opensource.captech.com > >for help on how to subscribe/unsubscribe etc send a request with "help" in >the body to pptp-request at opensource.captech.com > >Web Interface is available at > >http://opensource.captech.com/mailman/listinfo/pptp > >Connectivity and support have been vastly improved. In my new position as >the Manager for Open Systems Technology at CapTech I have resources >available to make sure that future operations will be much smoother in the >future. More announcements to follow. > >Mail to pptp at debs.fuller.edu will be forwarded to >pptp at opensource.captech.com but it is not clear how long the system will >stay in place since I will be no longer maintaining the system. > >Please update the locations of the mailing list and how to >subscribe/unsubscribe whereever necessary. > >Christoph Lameter -- Christopher Schulte WEB: http://www.schulte.org/ EMAIL: christopher at schulte.org "The more I give to you, the more I die!" (the perfect drug) --Trent Reznor, Nine Inch Nails HALO 11 From matthewr at moreton.com.au Wed Jun 23 18:26:53 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Jun 23 18:26:53 1999 Subject: [pptp-server] mailing list confusion References: <4.2.0.56.19990623161801.00bd0ba0@pop.schulte.org> Message-ID: <37716C27.40F335A@moreton.com.au> Hiya all, The list has not moved and will not move. Someone is playing games. I (with the help of Chris Schulte) set up this mailing list to serve the needs of the growing PoPToP following. Cheers, Matt. > The pptp mailing list has NOT been moved. I am not sure why a message > stating otherwise was posted. I have been in communication with Christoph > Lameter, but he has not been able to explain to my satisfaction why this > message was posted. He claims to have set this list up in the first place > (not true) and he claims that I have been hijacking his subscribers (not true). > > Please ignore the previous message on this subject and all further which > may come, unless from Matthew Ramsay or myself. Matthew has the final say > of matters of this nature. > > I'm really sorry for any confusion this may have caused. I wish I could > explain why it happened. From matthewr at moreton.com.au Wed Jun 23 19:58:11 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Jun 23 19:58:11 1999 Subject: [pptp-server] Re: [pptp-server] poptop encryption and security issues References: <000001bebd6f$9eda9fe0$c7564118@mtmk1.on.wave.home.com> Message-ID: <37718190.1D2F93FC@moreton.com.au> the initial code came from here: ftp://ftp.east.telecom.kz/pub/src/networking/ppp/multilink/ documentation and tips on setting this up do not exist yet (that i know of).. i hope to have something organised soon. -matt > So where can we find this wonderful patch? Do you have any helpful hits or > tips regarding the installation of this patch? > > Thank you, > Ron MacNeil > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Matthew Ramsay > Sent: June 22, 1999 9:06 PM > To: poptop > Subject: [pptp-server] poptop encryption and security issues > > Hiya all, > > Yesterday, with the help of others, I successfully connected a win98 > PPTP client to my PoPToP server with 40 bit RC4 Microsoft data > encryption :-) This was with a pppd patch which supports > MSCHAP/MSCHAPv2/40 bit MPPE/128 bit MPPE. > > Now to address some security issues: > First of all PoPToP relies on authentication and encryption FROM PPP!!! > none of this comes from poptop itself. > > This addresses Bruce Schneier's page: > (http://www.counterpane.com/pptp-pressrel.html) > > So what are the problems? from the press release page: > 1. password hashing -- weak algorithms allow eavesdroppers to learn the > user's password > 2. Challenge/Reply Authentication Protocol -- a design flaw allows an > attacker to masquerade as the server > 3. encryption -- implementation mistakes allow encrypted data to be > recovered > 4. encryption key -- common passwords yield breakable keys, even for > 128-bit encryption > 5. control channel -- unauthenticated messages let attackers crash PPTP > servers > > 1&2 are authentication issues.. MSCHAP is hopeless.. Windows clients > support PAP/CHAP/MSCHAP and in the latest releases MSCHAPv2. MSCHAPv2 > supposedly *fixes* a lot of MSCHAP problems (i haven't heard much about > it yet tho..?). The pppd patch i mentioned above supports MSCHAPv2. If > you want MS Windows clients without extra 3rd party *EXPENSIVE* VPN > clients this is as good as you get.... could MSCHAPv2 possible be secure > though....? Anyone know much about MSCHAPv2's strengths (or weaknesses > :-). > > 3&4 address encryption issues. the pppd patch above supports 40 and 128 > bit microsoft compatible encryption. I'm unsure on what implementation > mistakes MS made?? anyone? the pppd patch follows the MPPE IETFs as far > as i am aware... which are open for public scrutiny. Does the pppd patch > suffer from the same problems.. dun know.. > > 5 is a shocker and an obvious problem and exists in the current poptop > implementation.. bad luck for now. IMO this is the only real problem > with poptop. > > poptop is better than the NT pptp server.. but it does suffer from some > of the same problems. It's good enough for me though.. i started poptop > to do what it does right now! (i fear it wouldn't have got this far > without Kevin and David though :-) I doubt we will be able to improve > poptop without breaking windows client support. > > Comments on MSCHAPv2 and MPPE encryption sought after. > > cheers, > -matt > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From pnb at rla.com.au Wed Jun 23 21:04:00 1999 From: pnb at rla.com.au (Peter Brooks) Date: Wed Jun 23 21:04:00 1999 Subject: [pptp-server] Is PopTop for me? Message-ID: <01BEBE35.64E7A780.pnb@rla.com.au> Hello. I would like to provide a encrypted POP connection between Win95/98 clients and a Linux POP server, all of which are part of our small TCP/IP ethernet connected LAN. Is Poptop able to provide this capability, ie PPTP service over an ethernet LAN connection rather than a PPP link? How would it be configured to do so? Does PopTop encryption function? Peter Brooks Research Labs of Australia. From haim at bailard.com Thu Jun 24 00:04:37 1999 From: haim at bailard.com (Haim Lensky) Date: Thu Jun 24 00:04:37 1999 Subject: [pptp-server] Windows 2000 Message-ID: Hello All I have problem to connect Windows 2000 server (beta3) to Poptop. Any ideas? Is it compatible at all? Thanks Haim From pnb at rla.com.au Thu Jun 24 02:22:54 1999 From: pnb at rla.com.au (Peter Brooks) Date: Thu Jun 24 02:22:54 1999 Subject: [pptp-server] RE: [pptp-server] Is PopTop for me? Message-ID: <01BEBE61.F1452BE0.pnb@rla.com.au> The advantages of using PPTP over those other solutions is that WIN95/98 can do PPTP at zero cost, the client setup is simple and the result is fully integrated and transparent to the user. The disadvantage is that it's not particularly secure, but for our LAN usage it would suffice. The question is, can Poptop do PPTP over ethernet? If it can't, then I will have to consider other (expensive) alternatives such as SSH. Peter. -----Original Message----- From: Nico De Ranter [SMTP:nico at sonycom.com] Sent: Thursday, 24 June 1999 3:42 To: Peter Brooks Subject: Re: [pptp-server] Is PopTop for me? > Hello. > I would like to provide a encrypted POP connection between Win95/98 clients > and a Linux POP server, all of which are part of our small TCP/IP ethernet > connected LAN. Is Poptop able to provide this capability, ie PPTP service > over an ethernet LAN connection rather than a PPP link? How would it be > configured to do so? Does PopTop encryption function? Have a look at Secure Shell (SSH) or APOP (Authenticated POP, I don't know whether this encrypts everything however). I think those would be more suitable in this case as pptp. Nico > > Peter Brooks > Research Labs of Australia. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From nico at sonycom.com Thu Jun 24 02:29:04 1999 From: nico at sonycom.com (Nico De Ranter) Date: Thu Jun 24 02:29:04 1999 Subject: [pptp-server] poptop on Solaris Message-ID: <199906240728.HAA01421@oshima.sonytel.be> I'm trying to setup Poptop on a SUN running Solaris 2.6. I managed to compile and install the pptpd server but I have no clue how to setup the pppd (it seems to be completely different as the one from Linux). Is there anybody who has experience with setting up poptop on a SUN. Is it advisable to compile my own pppd? Thanks in advance, Nico -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From ronmacneil at home.com Thu Jun 24 06:56:49 1999 From: ronmacneil at home.com (Ron MacNeil) Date: Thu Jun 24 06:56:49 1999 Subject: [pptp-server] RE: [pptp-server] mailing list confusion - final In-Reply-To: <37716C27.40F335A@moreton.com.au> Message-ID: <000601bebe38$538195c0$c7564118@mtmk1.on.wave.home.com> I'm so sorry, it was my mistake. I'm subscribed to both this list and to the other and got the two crossed. It was never my intention to create this mass confusion. Please accept my apology. Ron MacNeil -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of Matthew Ramsay Sent: June 23, 1999 7:22 PM To: pptp-server at lists.schulte.org Cc: Christopher Schulte Subject: [pptp-server] mailing list confusion Hiya all, The list has not moved and will not move. Someone is playing games. I (with the help of Chris Schulte) set up this mailing list to serve the needs of the growing PoPToP following. Cheers, Matt. From pnb at rla.com.au Thu Jun 24 07:29:38 1999 From: pnb at rla.com.au (Peter Brooks) Date: Thu Jun 24 07:29:38 1999 Subject: [pptp-server] RE: [pptp-server] Is PopTop for me? Message-ID: <01BEBE8C.3F151E00@NORMAN> That's what I wanted to hear. Is there any special configuration for PopTop to operate over a LAN. The installation notes sound as though it's going to fire up pppd no matter what and that seems unnecessary considering there won't be any communication on any serial port. Peter -----Original Message----- From: Nico De Ranter [SMTP:nico at sonycom.com] Sent: Thursday, 24 June 1999 5:44 To: Peter Brooks Subject: Re: [pptp-server] RE: [pptp-server] Is PopTop for me? Ah, I see. Poptop can definitely work on a LAN. I'm using it that way now. You might have routing problems however if all your hosts are in the same network segment, I'm not sure about that. I'm currently setting up pptp for my homeusers who dial into the company via an ISDN router (so for them it's just a network connection). I succeeded in using NT4, Win95 and Win98 without problems (although I do have the impression that the pptp server is not 100% stable, I tend to get problems when a client drops a connection and then tries to reestablish it). I'm still working on the Linux clients. Nico > The advantages of using PPTP over those other solutions is that WIN95/98 > can do PPTP at zero cost, the client setup is simple and the result is > fully integrated and transparent to the user. The disadvantage is that it's > not particularly secure, but for our LAN usage it would suffice. > The question is, can Poptop do PPTP over ethernet? If it can't, then I will > have to consider other (expensive) alternatives such as SSH. > > Peter. > > -----Original Message----- > From: Nico De Ranter [SMTP:nico at sonycom.com] > Sent: Thursday, 24 June 1999 3:42 > To: Peter Brooks > Subject: Re: [pptp-server] Is PopTop for me? > > > Hello. > > I would like to provide a encrypted POP connection between Win95/98 > clients > > and a Linux POP server, all of which are part of our small TCP/IP > ethernet > > connected LAN. Is Poptop able to provide this capability, ie PPTP service > > > over an ethernet LAN connection rather than a PPP link? How would it be > > configured to do so? Does PopTop encryption function? > > Have a look at Secure Shell (SSH) or APOP (Authenticated POP, I don't know > whether this encrypts everything however). I think those would be more > suitable in this case as pptp. > > Nico > > > > > Peter Brooks > > Research Labs of Australia. > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > > -- > -------------------------------------------------------- > How do you tell when you run out of invisible ink? > -------------------------------------------------------- > Nico De Ranter > Sony Service Center (SUPC-E/NSSE) > Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) > 1130 Brussel (Bruxelles), Belgium, Europe, Earth > Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 > e-mail: nico.deranter at sonycom.com > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From signal at shreve.net Thu Jun 24 07:57:07 1999 From: signal at shreve.net (Brian) Date: Thu Jun 24 07:57:07 1999 Subject: [pptp-server] PPTP Server Configuration Questions Message-ID: I am going to attempt to connect a PPTP session between a 3Com Total Control Hub (NAS box), and Linux running pptpd. If anyone has done this, please let me know. The 3Com box supports PPTP. On the 3Com box, I have configured via RADIUS a user like: demo Auth-Type = "Unix-PW" Service-Type = "Framed-User", Framed-Protocol = "PPP", Framed-Routing = "None", Framed-Compression = "Van-Jacobson-TCP-IP", Tunnel-Type = "PPTP", Tunnel-Server-Endpoint = "208.206.76.27" I am not using any authentication for the tunnel, and I am not doing any assignment of IP's ( I am letting the pptpd server do that ). The "Tunnel-Server-Endpoint" is my Linux pptpd box, which is configured like this: debug 1 pptpdlog /var/log/pptpd.log option /etc/ppp/options localip 208.214.45.1-254 remoteip 192.168.99.1-254 Does this look sound? My understanding is that users should be given IP's on their end (assigned from the pptpd) from the "remoteip" pool. The Tunnel server then connects this ip to one of the ip's in the localip pool, thus establishing the tunnel. The remote clients are just running Windows and have no idea they are being tunneled, they are running normal Dialup Networking. The actual tunnel is created between the 3Com NAS and the Linux pptpd. Does anyone see any problems I may run into? Brian ----------------------------------------------------- Brian Feeny (BF304) signal at shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) From skvidal at skyrunner.net Thu Jun 24 08:12:47 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Thu Jun 24 08:12:47 1999 Subject: [pptp-server] Re: [pptp-server] PPTP Server Configuration Questions In-Reply-To: Message-ID: > I am going to attempt to connect a PPTP session between a 3Com Total > Control Hub (NAS box), and Linux running pptpd. If anyone has done this, > please let me know. The 3Com box supports PPTP. > > On the 3Com box, I have configured via RADIUS a user like: > > demo Auth-Type = "Unix-PW" > Service-Type = "Framed-User", > Framed-Protocol = "PPP", > Framed-Routing = "None", > Framed-Compression = "Van-Jacobson-TCP-IP", > Tunnel-Type = "PPTP", > Tunnel-Server-Endpoint = "208.206.76.27" > > I am not using any authentication for the tunnel, and I am not doing any > assignment of IP's ( I am letting the pptpd server do that ). > > The "Tunnel-Server-Endpoint" is my Linux pptpd box, which is configured > like this: > > debug 1 > pptpdlog /var/log/pptpd.log > option /etc/ppp/options > localip 208.214.45.1-254 > remoteip 192.168.99.1-254 > > Does this look sound? My understanding is that users should be given IP's > on their end (assigned from the pptpd) from the "remoteip" pool. The > Tunnel server then connects this ip to one of the ip's in the localip > pool, thus establishing the tunnel. > > The remote clients are just running Windows and have no idea they are > being tunneled, they are running normal Dialup Networking. The actual > tunnel is created between the 3Com NAS and the Linux pptpd. Does anyone > see any problems I may run into? I don't see anything wrong with it but what exactly is the point? if the tunnel doesn't exist anywhere but between the NAS and the linux box what added security do you get? are default routing them on their dial-up connection? -sv From skvidal at skyrunner.net Thu Jun 24 08:15:27 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Thu Jun 24 08:15:27 1999 Subject: [pptp-server] Re: [pptp-server] Windows 2000 In-Reply-To: Message-ID: > Hello All > I have problem to connect Windows 2000 server (beta3) to Poptop. > > Any ideas? > Is it compatible at all? what are your settings in DUN? -sv From luyer at ucs.uwa.edu.au Thu Jun 24 08:40:57 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jun 24 08:40:57 1999 Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] PPTP Server Configuration Questions In-Reply-To: Your message of "Thu, 24 Jun 1999 09:12:20 -0400." Message-ID: <199906241340.VAA05918@typhaon.ucs.uwa.edu.au> > I am going to attempt to connect a PPTP session between a 3Com Total > Control Hub (NAS box), and Linux running pptpd. If anyone has done this, > please let me know. The 3Com box supports PPTP. I think you need a PNS not a PAC. In the IP tunneling sense, the server acts as a PAC and the client as a PNS and only a single call is established per PAC-PNS pair. As a real PAC, we need a lot more logic in the pptpd, for multi-call support. To do it efficiently is quite complex. I did one implementation but completely threw it away as it would have been very inefficient. I worked out plans for a second implementation but have become very busy now and may never actually implement them unfortunately :-( Depends on a number of factors which I'll know more about in 2 weeks time. If you are a good programmer and want to work on it earlier than that, e-mail me and I'll describe the structure. David. From signal at shreve.net Thu Jun 24 09:05:56 1999 From: signal at shreve.net (Brian) Date: Thu Jun 24 09:05:56 1999 Subject: [pptp-server] Re: [pptp-server] PPTP Server Configuration Questions In-Reply-To: Message-ID: > > I don't see anything wrong with it but what exactly is the point? > if the tunnel doesn't exist anywhere but between the NAS and the linux box > what added security do you get? > > are default routing them on their dial-up connection? > Not all tunnels are built for security. The output of the NAS boxes goes into a L4 switch, which transparently redirects all web (port 80) requests to our squid cache. Some people don't want this, so I was going to tunnel them thru the switch...........its really academic at this point. > -sv > ----------------------------------------------------- Brian Feeny (BF304) signal at shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) From signal at shreve.net Thu Jun 24 10:05:46 1999 From: signal at shreve.net (Brian) Date: Thu Jun 24 10:05:46 1999 Subject: [pptp-server] PPTP problem Message-ID: I am trying to get pptpd up and running on a test box. Box is Redhat 5.2 based, with a 2.2.5 kernel. PPP compiled into the kernel. [mars:~]# cat /etc/pptpd.conf debug 1 localip 192.168.98.1 remoteip 192.168.99.1 [mars:~]# pptpd [mars:~]# createHostSocket: Address already in use [mars:~]# tail /var/log/pptpd.log Jun 24 10:04:34 mars pptpd[861]: MGR: Manager process started Jun 24 10:04:34 mars pptpd[861]: MGR: Couldn't create host socket The address is not in use though. I can put any address in "localip" and "remoteip" and it tells me the address is in use. Anyone have any thoughts? Brian ----------------------------------------------------- Brian Feeny (BF304) signal at shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) From signal at shreve.net Thu Jun 24 10:14:15 1999 From: signal at shreve.net (Brian) Date: Thu Jun 24 10:14:15 1999 Subject: [pptp-server] PPTP: error in documentation? Message-ID: The documentation on installing PPTPD on http://www.moretonbay.com/vpn/setup_pptp_server.html states: check that there is pptpmanager, pptpd and pptpctrl and pptpgre in /usr/local/bin/. Yet after I do "make", "make install" for pptpd-0.9.2, I don't get all those in there, yet I get no errors either: [mars:/usr/src/pptpd-0.9.2]# make make all-recursive make[1]: Entering directory `/usr/src/pptpd-0.9.2' make[2]: Entering directory `/usr/src/pptpd-0.9.2' gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c pptpd.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c configfile.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c pptpmanager.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c compat.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c getopt.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c getopt1.c gcc -O2 -fno-builtin -Wall -ansi -o pptpd pptpd.o configfile.o pptpmanager.o compat.o getopt.o getopt1.o gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c pptpctrl.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c ctrlpacket.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c inststr.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c pptpgre.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c ppphdlc.c gcc -O2 -fno-builtin -Wall -ansi -o pptpctrl pptpctrl.o ctrlpacket.o inststr.o compat.o pptpgre.o ppphdlc.o -lutil make[2]: Leaving directory `/usr/src/pptpd-0.9.2' make[1]: Leaving directory `/usr/src/pptpd-0.9.2' [mars:/usr/src/pptpd-0.9.2]# make install make[1]: Entering directory `/usr/src/pptpd-0.9.2' make[2]: Entering directory `/usr/src/pptpd-0.9.2' /bin/sh ./mkinstalldirs /usr/local/bin /usr/bin/install -c pptpd /usr/local/bin/pptpd /usr/bin/install -c pptpctrl /usr/local/bin/pptpctrl make[2]: Nothing to be done for `install-data-am'. make[2]: Leaving directory `/usr/src/pptpd-0.9.2' make[1]: Leaving directory `/usr/src/pptpd-0.9.2' [mars:/usr/src/pptpd-0.9.2]# ls -al /usr/local/bin/ total 40 drwxr-xr-x 3 root root 1024 Jun 24 10:11 . drwxr-xr-x 18 root root 1024 Apr 8 20:10 .. -rwxr-xr-x 1 root root 18623 Jun 24 10:11 pptpctrl -rwxr-xr-x 1 root root 16000 Jun 24 10:11 pptpd Am I suppose to have a "pptpmanager" and "pptpgre" or no? ----------------------------------------------------- Brian Feeny (BF304) signal at shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) From dnewton at wkc.org Thu Jun 24 10:18:36 1999 From: dnewton at wkc.org (Derek Newton) Date: Thu Jun 24 10:18:36 1999 Subject: [pptp-server] RE: [pptp-server] PPTP: error in documentation? In-Reply-To: Message-ID: No, that was in the old version (v.8). The new version only has pptpd and pptpctrl. You'll notice on the documentation page it says this documentation is for the v.8. Hope this helps, Derek Newton dnewton at wkc.org -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Brian Sent: Thursday, June 24, 1999 9:14 AM To: PPTP-Server Mailing List Subject: [pptp-server] PPTP: error in documentation? The documentation on installing PPTPD on http://www.moretonbay.com/vpn/setup_pptp_server.html states: check that there is pptpmanager, pptpd and pptpctrl and pptpgre in /usr/local/bin/. Yet after I do "make", "make install" for pptpd-0.9.2, I don't get all those in there, yet I get no errors either: [mars:/usr/src/pptpd-0.9.2]# make make all-recursive make[1]: Entering directory `/usr/src/pptpd-0.9.2' make[2]: Entering directory `/usr/src/pptpd-0.9.2' gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c pptpd.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c configfile.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c pptpmanager.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c compat.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c getopt.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c getopt1.c gcc -O2 -fno-builtin -Wall -ansi -o pptpd pptpd.o configfile.o pptpmanager.o compat.o getopt.o getopt1.o gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c pptpctrl.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c ctrlpacket.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c inststr.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c pptpgre.c gcc -DHAVE_CONFIG_H -I. -I. -I. -I. -O2 -fno-builtin -Wall -ansi -c ppphdlc.c gcc -O2 -fno-builtin -Wall -ansi -o pptpctrl pptpctrl.o ctrlpacket.o inststr.o compat.o pptpgre.o ppphdlc.o -lutil make[2]: Leaving directory `/usr/src/pptpd-0.9.2' make[1]: Leaving directory `/usr/src/pptpd-0.9.2' [mars:/usr/src/pptpd-0.9.2]# make install make[1]: Entering directory `/usr/src/pptpd-0.9.2' make[2]: Entering directory `/usr/src/pptpd-0.9.2' /bin/sh ./mkinstalldirs /usr/local/bin /usr/bin/install -c pptpd /usr/local/bin/pptpd /usr/bin/install -c pptpctrl /usr/local/bin/pptpctrl make[2]: Nothing to be done for `install-data-am'. make[2]: Leaving directory `/usr/src/pptpd-0.9.2' make[1]: Leaving directory `/usr/src/pptpd-0.9.2' [mars:/usr/src/pptpd-0.9.2]# ls -al /usr/local/bin/ total 40 drwxr-xr-x 3 root root 1024 Jun 24 10:11 . drwxr-xr-x 18 root root 1024 Apr 8 20:10 .. -rwxr-xr-x 1 root root 18623 Jun 24 10:11 pptpctrl -rwxr-xr-x 1 root root 16000 Jun 24 10:11 pptpd Am I suppose to have a "pptpmanager" and "pptpgre" or no? ----------------------------------------------------- Brian Feeny (BF304) signal at shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From anders.vannman at nyavf.se Thu Jun 24 11:05:15 1999 From: anders.vannman at nyavf.se (=?iso-8859-1?Q?Anders_V=E4nnman?=) Date: Thu Jun 24 11:05:15 1999 Subject: [pptp-server] Problem connecting Win98 Message-ID: I wrote yesterday about problem connecting Win98 -> Pptpd, that I solved. Now I still got problem, when I connect I get the following: I think that Ive configured the Win98 according to all rules. Tried different machines from different places... Any clues? Jun 24 13:11:15 gatekeeper kernel: PPP: version 2.3.7 (demand dialling) Jun 24 13:11:15 gatekeeper kernel: PPP line discipline registered. Jun 24 13:11:15 gatekeeper kernel: registered device ppp0 Jun 24 13:11:15 gatekeeper pppd[26274]: pppd 2.3.8 started by root, uid 0 Jun 24 13:11:15 gatekeeper pppd[26274]: Using interface ppp0 Jun 24 13:11:15 gatekeeper pppd[26274]: Connect: ppp0 <--> /dev/pts/12 Jun 24 13:11:45 gatekeeper pptpd[26273]: GRE: read(fd=5,buffer=804c8e0,len=8196\ ) from PTY failed: status = -1 errno = 5 Jun 24 13:11:45 gatekeeper pptpd[26273]: CTRL: PTY read or GRE write failed (pt\ y,gre)=(5,6)) Jun 24 13:11:45 gatekeeper pptpd[26273]: CTRL: Client 10.0.2.35 control connect\ ion finished Jun 24 13:11:45 gatekeeper pppd[26274]: LCP: timeout sending Config-Requests Jun 24 13:11:45 gatekeeper pppd[26274]: Connection terminated. Jun 24 13:11:45 gatekeeper pppd[26274]: Exit. From haim at bailard.com Thu Jun 24 12:04:44 1999 From: haim at bailard.com (Haim Lensky) Date: Thu Jun 24 12:04:44 1999 Subject: [pptp-server] RE: [pptp-server] Windows 2000 Message-ID: Here is settings on Windows 2000: SECURITY tab-> security options: typical-> require secured passwords NETWORKING tab -> Type of dial-up server.. -> Automatic Installed components -> TCP/IP (checked) File and Printer Sharing for Microsoft Networks(unchecked) Client for Microsoft Network (unchecked) Under TCP/IP settings - obtain IP and DNS automatically Here is log from linux box: Jun 24 09:59:05 adsl-XXX-XXX-XXX-XXX pptpd[594]: MGR: Manager process started Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: Client ZZZ.ZZZ.ZZZ.ZZZ control connection started Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: Starting call (launching pppd, opening GRE) Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: CSLIP: code copyright 1989 Regents of the University of California Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: PPP: version 2.3.3 (demand dialling) Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: PPP line discipline registered. Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: registered device ppp0 Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pppd[602]: pppd 2.3.8 started by root, uid 0 Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pppd[602]: Using interface ppp0 Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pppd[602]: Connect: ppp0 <--> /dev/ttyp0 Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: LCP: timeout sending Config-Requests Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pptpd[597]: GRE: read() from PTY failed: errno = 0 Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: PTY read failed Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: Client ZZZ.ZZZ.ZZZ.ZZZ control connection finished Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: Connection terminated. Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: tcflush failed: Invalid argument Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: Hangup (SIGHUP) Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: Exit. I am able to connect using Windows 95/95, but can not with Windows 2000. Thanks Haim -----Original Message----- From: Seth Vidal [mailto:skvidal at skyrunner.net] Sent: Thursday, June 24, 1999 6:15 AM To: Haim Lensky Cc: 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] Windows 2000 > Hello All > I have problem to connect Windows 2000 server (beta3) to Poptop. > > Any ideas? > Is it compatible at all? what are your settings in DUN? -sv From skvidal at skyrunner.net Thu Jun 24 12:26:54 1999 From: skvidal at skyrunner.net (Seth Vidal) Date: Thu Jun 24 12:26:54 1999 Subject: [pptp-server] RE: [pptp-server] Windows 2000 In-Reply-To: Message-ID: > Here is settings on Windows 2000: > > SECURITY tab-> > security options: typical-> require secured passwords > > NETWORKING tab -> > Type of dial-up server.. -> Automatic what other options are available here. A friend of mine tried from a win2k and could connect but I'm not sure what release it was. > Installed components -> TCP/IP (checked) > File and Printer Sharing for Microsoft Networks(unchecked) > Client for Microsoft Network (unchecked) > > Under TCP/IP settings - obtain IP and DNS automatically > > > Here is log from linux box: > > Jun 24 09:59:05 adsl-XXX-XXX-XXX-XXX pptpd[594]: MGR: Manager process > started > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: Client > ZZZ.ZZZ.ZZZ.ZZZ control connection started > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: Starting call > (launching pppd, opening GRE) > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: CSLIP: code copyright 1989 > Regents of the University of California > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: PPP: version 2.3.3 (demand > dialling) > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: PPP line discipline registered. > > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: registered device ppp0 > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pppd[602]: pppd 2.3.8 started by root, > uid 0 > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pppd[602]: Using interface ppp0 > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pppd[602]: Connect: ppp0 <--> > /dev/ttyp0 > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: LCP: timeout sending > Config-Requests > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pptpd[597]: GRE: read() from PTY > failed: errno = 0 > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: PTY read failed > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: Client > ZZZ.ZZZ.ZZZ.ZZZ control connection finished > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: Connection terminated. > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: tcflush failed: Invalid > argument > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: Hangup (SIGHUP) > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: Exit. > > > I am able to connect using Windows 95/95, but can not with Windows 2000. > Thanks > Haim > > > > > > > -----Original Message----- > From: Seth Vidal [mailto:skvidal at skyrunner.net] > Sent: Thursday, June 24, 1999 6:15 AM > To: Haim Lensky > Cc: 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] Windows 2000 > > > > Hello All > > I have problem to connect Windows 2000 server (beta3) to Poptop. > > > > Any ideas? > > Is it compatible at all? > > what are your settings in DUN? > > -sv > From tmk at netmagic.net Thu Jun 24 20:12:45 1999 From: tmk at netmagic.net (tmk) Date: Thu Jun 24 20:12:45 1999 Subject: [pptp-server] Re: [pptp-server] RE: [pptp-server] Windows 2000 References: Message-ID: <000d01bebea6$8fb05860$011c0fc0@lala.net> Try it without secured passwords. The current release of poptop doesn't support encryption.. and i bet that NT5 (i refuse to call it win2k) is trying to use chapv2 to authenticate itself, which won't work. Use the require-chap and auth options in your pppd options file to set "use secure passwords" Kevin ----- Original Message ----- From: Haim Lensky To: Seth Vidal Cc: Sent: Thursday, June 24, 1999 10:09 AM Subject: [pptp-server] RE: [pptp-server] Windows 2000 > Here is settings on Windows 2000: > > SECURITY tab-> > security options: typical-> require secured passwords > > NETWORKING tab -> > Type of dial-up server.. -> Automatic > > Installed components -> TCP/IP (checked) > File and Printer Sharing for Microsoft Networks(unchecked) > Client for Microsoft Network (unchecked) > > Under TCP/IP settings - obtain IP and DNS automatically > > > Here is log from linux box: > > Jun 24 09:59:05 adsl-XXX-XXX-XXX-XXX pptpd[594]: MGR: Manager process > started > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: Client > ZZZ.ZZZ.ZZZ.ZZZ control connection started > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: Starting call > (launching pppd, opening GRE) > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: CSLIP: code copyright 1989 > Regents of the University of California > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: PPP: version 2.3.3 (demand > dialling) > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: PPP line discipline registered. > > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX kernel: registered device ppp0 > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pppd[602]: pppd 2.3.8 started by root, > uid 0 > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pppd[602]: Using interface ppp0 > Jun 24 09:59:44 adsl-XXX-XXX-XXX-XXX pppd[602]: Connect: ppp0 <--> > /dev/ttyp0 > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: LCP: timeout sending > Config-Requests > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pptpd[597]: GRE: read() from PTY > failed: errno = 0 > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: PTY read failed > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pptpd[597]: CTRL: Client > ZZZ.ZZZ.ZZZ.ZZZ control connection finished > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: Connection terminated. > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: tcflush failed: Invalid > argument > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: Hangup (SIGHUP) > Jun 24 10:00:14 adsl-XXX-XXX-XXX-XXX pppd[602]: Exit. > > > I am able to connect using Windows 95/95, but can not with Windows 2000. > Thanks > Haim > > > > > > > -----Original Message----- > From: Seth Vidal [mailto:skvidal at skyrunner.net] > Sent: Thursday, June 24, 1999 6:15 AM > To: Haim Lensky > Cc: 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] Windows 2000 > > > > Hello All > > I have problem to connect Windows 2000 server (beta3) to Poptop. > > > > Any ideas? > > Is it compatible at all? > > what are your settings in DUN? > > -sv > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From luyer at ucs.uwa.edu.au Thu Jun 24 22:38:23 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jun 24 22:38:23 1999 Subject: [pptp-server] Re: [pptp-server] PPTP problem In-Reply-To: Your message of "Thu, 24 Jun 1999 10:05:41 EST." Message-ID: <199906250338.LAA13079@typhaon.ucs.uwa.edu.au> > [mars:~]# pptpd > [mars:~]# createHostSocket: Address already in use > The address is not in use though. I can put any address in "localip" and > "remoteip" and it tells me the address is in use. Anyone have any > thoughts? Address already in use in createHostSocket means something is already using TCP port 1723 - maybe another pptp daemon is running. David. From luyer at ucs.uwa.edu.au Thu Jun 24 22:42:44 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Thu Jun 24 22:42:44 1999 Subject: [pptp-server] Re: [pptp-server] Problem connecting Win98 In-Reply-To: Your message of "Thu, 24 Jun 1999 18:05:00 +0200." Message-ID: <199906250342.LAA13126@typhaon.ucs.uwa.edu.au> > I think that Ive configured the Win98 according to all rules. Tried > different machines from different places... > > Any clues? I noticed your trace was using Unix98 pty's. I've never actually tested using them, it's possible they have slightly different semantics on read/select() on PTY before TTY is open. I'm hoping not though. Does your pppd properly support Unix98 pty's? The other thing I noticed is that you're up to a pty >= 10, which means the name is longer than a traditional pty device name. Since pptpd never sees the actual PTY name if it's using the OS openpty() this shouldn't be an issue though. It might be a problem in pppd having an issue with Unix98 pty's - I've never tested it. David. From anders.vannman at nyavf.se Fri Jun 25 01:15:31 1999 From: anders.vannman at nyavf.se (=?iso-8859-1?Q?Anders_V=E4nnman?=) Date: Fri Jun 25 01:15:31 1999 Subject: [pptp-server] RE: [pptp-server] Problem connecting Win98 Message-ID: >I noticed your trace was using Unix98 pty's. I've never actually tested using >them, it's possible they have slightly different semantics on read/select() on >PTY before TTY is open. I'm hoping not though. > Does your pppd properly support Unix98 pty's? I think so -- when I connect from my WinNT at home it works just fine, right now connected via pptpd, /dev/pts/11. Anders From pspinto at esoterica.pt Fri Jun 25 12:37:18 1999 From: pspinto at esoterica.pt (Paulo Pinto) Date: Fri Jun 25 12:37:18 1999 Subject: [pptp-server] PPTP and Dial up PoPToP server Message-ID: <4.1.19990625182034.009387d0@mail.copivista.pt> Hi again. I was doing some testing on PPTP with a friend over the net. I was using Win95 / MsDun 1.3 connected via modem and he was on a Linux box. His config follows: -S.O. Linux Slackware 3.6 -Kernel 2.2.9 -pppd version 2.3.7 -pptpd - PoPToP v0.9.1 Contents of pptpd.conf speed 38400 option /etc/ppp/vpn/options2 debug localip 192.168.0.4-5 remoteip 192.168.1.6-7 Contents of /etc/ppp/vpn/options2 : debug chap-secrets name Betelgeuse auth require-chap proxyarp OK... now the log ... (sorry the flood .... ) Jun 25 11:56:14 Betelgeuse pptpd[10481]: MGR: Launching /usr/local/bin/pptpctrl to handle client Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: local address = 192.168.0.5 Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: remote address = 192.168.1.7 Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: pppd speed = 38400 Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: pppd options file = /etc/ppp/vpn/options2 Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Client 192.168.0.2 control connection started Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Received PPTP Control Message (type: 1) Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Made a START CTRL CONN packet Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: I wrote 156 bytes to the client. Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Sent packet to client Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Received PPTP Control Message (type: 7) Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Made a OUT CALL RPLY packet Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Starting call (launching pppd, opening GRE) Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Allocating pty/tty pair Jun 25 11:56:14 Betelgeuse pptpd[10464]: MGR: Reaped child 10481 Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Allocated pty/tty pair (/dev/ptyp2,/dev/ttyp2) Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: pty_fd = 6 Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: tty_fd = 7 Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: I wrote 32 bytes to the client. Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Sent packet to client Jun 25 11:56:14 Betelgeuse pptpd[10482]: CTRL (PPPD Launcher): Connection speed = 38400 Jun 25 11:56:14 Betelgeuse pptpd[10482]: CTRL (PPPD Launcher): local address = 192.168.0.5 Jun 25 11:56:14 Betelgeuse pptpd[10482]: CTRL (PPPD Launcher): remote address = 192.168.1.7 Jun 25 11:56:15 Betelgeuse pppd[10483]: pppd 2.3.7 started by root, uid 0 watch this... there's a lock on ttyS1 because .... PPTP would send down the existing PPPD Jun 25 11:56:15 Betelgeuse pppd[10483]: Device ttyS1 is locked by pid 10441 Jun 25 11:56:15 Betelgeuse pppd[10483]: Exit. Jun 25 11:56:14 Betelgeuse pptpd[10481]: GRE: read(fd=6,buffer=804c718,len=8196) from PTY failed: status = -1 errno = 5 Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)) Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Client 192.168.0.2 control connection finished Jun 25 11:56:14 Betelgeuse pptpd[10481]: CTRL: Exiting now The questions: - Is this 'normal' ?? shouldn't PPTP 'see' that PPPD is already up ? - Is there a way to workaround this ? I mean, is it possible to have a PoPToP server running over a dial up connection ? Thx :) Paulo Pinto pspinto at esoterica.pt From mals at home.com Fri Jun 25 16:34:55 1999 From: mals at home.com (Malay Shah) Date: Fri Jun 25 16:34:55 1999 Subject: [pptp-server] IPX & PPP Message-ID: <3773F5DD.669DD80C@home.com> Hi, I was wondering if anybody here has gotten a ppp connection working with IPX. I can get it to connect and on the win98 machine, it detects the IPX/SPX protocol being used but for some reason, it doesn't route the packets to the other interface. If anyone has gotten this working, could you please give me a hand, thanks. Malay Shah From tmk at netmagic.net Fri Jun 25 17:10:14 1999 From: tmk at netmagic.net (tmk) Date: Fri Jun 25 17:10:14 1999 Subject: [pptp-server] Re: [pptp-server] IPX & PPP In-Reply-To: <3773F5DD.669DD80C@home.com> Message-ID: you need to set up ipx routing for linux. There's special programs you need to run. I don't have that info but I think it's in the ppp howto. Kevin On Fri, 25 Jun 1999, Malay Shah wrote: > Hi, I was wondering if anybody here has gotten a ppp connection working > with IPX. I can get it to connect and on the win98 machine, it detects > the IPX/SPX protocol being used but for some reason, it doesn't route > the packets to the other interface. If anyone has gotten this working, > could you please give me a hand, thanks. > > Malay Shah > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From mals at home.com Fri Jun 25 17:15:54 1999 From: mals at home.com (Malay Shah) Date: Fri Jun 25 17:15:54 1999 Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] IPX & PPP References: Message-ID: <3773FF72.96C54555@home.com> Yeah I've used ipxripd but it still doesn't work. I'm using pppd-2.3.8 & poptop 0.92. I'm also using a 2.2.4 kernel which has full ipx support built in. Malay Shah tmk wrote: > you need to set up ipx routing for linux. There's special programs you > need to run. I don't have that info but I think it's in the ppp howto. > > Kevin > > On Fri, 25 Jun 1999, Malay Shah wrote: > > > Hi, I was wondering if anybody here has gotten a ppp connection working > > with IPX. I can get it to connect and on the win98 machine, it detects > > the IPX/SPX protocol being used but for some reason, it doesn't route > > the packets to the other interface. If anyone has gotten this working, > > could you please give me a hand, thanks. > > > > Malay Shah > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From tmk at netmagic.net Fri Jun 25 18:36:13 1999 From: tmk at netmagic.net (tmk) Date: Fri Jun 25 18:36:13 1999 Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] Re: [pptp-server] IPX & PPP References: <3773FF72.96C54555@home.com> Message-ID: <004f01bebf62$3f56b5a0$011c0fc0@lala.net> there might be a kernel flag that needs to be set to enable routing.. check the /proc/sys/net tree for somthing like that. for IP routing to work the file /proc/sys/net/ipv4/ip_forward has to contain "1".. ipx probably has something similar Kevin ----- Original Message ----- From: Malay Shah To: tmk Cc: Sent: Friday, June 25, 1999 3:15 PM Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] IPX & PPP > Yeah I've used ipxripd but it still doesn't work. I'm using pppd-2.3.8 & > poptop 0.92. I'm also using a 2.2.4 kernel which has full ipx support built > in. > > Malay Shah > > tmk wrote: > > > you need to set up ipx routing for linux. There's special programs you > > need to run. I don't have that info but I think it's in the ppp howto. > > > > Kevin > > > > On Fri, 25 Jun 1999, Malay Shah wrote: > > > > > Hi, I was wondering if anybody here has gotten a ppp connection working > > > with IPX. I can get it to connect and on the win98 machine, it detects > > > the IPX/SPX protocol being used but for some reason, it doesn't route > > > the packets to the other interface. If anyone has gotten this working, > > > could you please give me a hand, thanks. > > > > > > Malay Shah > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulte.org! > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From geoff at gnaa.net Sat Jun 26 18:10:42 1999 From: geoff at gnaa.net (Geoff Nordli) Date: Sat Jun 26 18:10:42 1999 Subject: [pptp-server] PoPToP stability Message-ID: <000101bec028$f0b45ed0$010a10ac@gnaa.net> I just finished setting up PoPToP (ver. 0.9.2 on a Linux box running 2.2.9. The question I have is about stability. It will be used in a production environment supporting 15-20 simultaneous client connections. Just a note it would be great to have a searchable mail archive. It took me about 2 hours to figure out that pptpmanager was incorporated into the pptpd. You guys are doing great work. This was a much-needed solution for Linux Any comments about stability appreciated. Geoff Nordli MCT, MCSE, Master CNE, MCP G Nordli and Associates 749 Robson Dr. Kamloops BC, V2E 2G7 250-314-7354 (phone) e-mail to pager 2503147354 at pcs.cantelatt.com e-mail: geoff at gnaa.net From geoff at gnaa.net Sat Jun 26 21:48:58 1999 From: geoff at gnaa.net (Geoff Nordli) Date: Sat Jun 26 21:48:58 1999 Subject: [pptp-server] pptp with ipchains Message-ID: <000001bec047$6ec221e0$010a10ac@gnaa.net> Does anyone have a ipchains script that will work with PPTP. I would like to set it up so they can only be restricted to one machine with a couple of ports--after they get authenticated. So inbound on external interface from PPTP client to TCP port 1723 Outbound 1024> on external interface to PPTP client once they get connected. Outbound on internal interface to internal server 172.16.10.9 TCP port 1494 Inbound on internal interface from internal server 172.16.10.9 TCP port 1024> It would save me a lot of time. I think ipfwadm was a lot easier to work with. Geoff Nordli MCT, MCSE, Master CNE, MCP G Nordli and Associates 749 Robson Dr. Kamloops BC, V2E 2G7 250-314-7354 (phone) e-mail to pager 2503147354 at pcs.cantelatt.com e-mail: geoff at gnaa.net From tmk at netmagic.net Sat Jun 26 22:54:18 1999 From: tmk at netmagic.net (tmk) Date: Sat Jun 26 22:54:18 1999 Subject: [pptp-server] Re: [pptp-server] pptp with ipchains References: <000001bec047$6ec221e0$010a10ac@gnaa.net> Message-ID: <00aa01bec04f$53a31a60$011c0fc0@lala.net> Just restrict the client's ip.. or ip range (aka remote IP) if you have it set up that way.. if your remote ips are 192.168.0.10-40 use ipchains to prevent 192.168.0.10-40 from going where you don't want them. ipchains is pretty much just like ipfwadm.. ipchains -A input -p tcp -s 192.168.0.10/27 -d /32 -j DENY -A input = add rule to input chain.. might want to use -A output or -A forward instead -p tcp = protocol tcp (allows ports to be filtered) -s / = source ip /subnet mask -d .. = same as -s -j DENY = don't let em through Kevin ----- Original Message ----- From: Geoff Nordli To: Pptp Listserver (E-mail) Sent: Saturday, June 26, 1999 7:47 PM Subject: [pptp-server] pptp with ipchains > Does anyone have a ipchains script that will work with PPTP. > > I would like to set it up so they can only be restricted to one machine with > a > couple of ports--after they get authenticated. > > So inbound on external interface from PPTP client to TCP port 1723 > Outbound 1024> on external interface to PPTP client > > once they get connected. > > Outbound on internal interface to internal server 172.16.10.9 TCP port 1494 > Inbound on internal interface from internal server 172.16.10.9 TCP port > 1024> > > It would save me a lot of time. > > I think ipfwadm was a lot easier to work with. > > Geoff Nordli MCT, MCSE, Master CNE, MCP > G Nordli and Associates > 749 Robson Dr. > Kamloops BC, V2E 2G7 > 250-314-7354 (phone) > e-mail to pager 2503147354 at pcs.cantelatt.com > e-mail: geoff at gnaa.net > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From luyer at ucs.uwa.edu.au Sun Jun 27 23:51:58 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun Jun 27 23:51:58 1999 Subject: [pptp-server] Re: [pptp-server] PoPToP stability In-Reply-To: Your message of "Sat, 26 Jun 1999 16:08:22 MST." <000101bec028$f0b45ed0$010a10ac@gnaa.net> Message-ID: <199906280451.MAA12552@typhaon.ucs.uwa.edu.au> > I just finished setting up PoPToP (ver. 0.9.2 on a Linux box running 2.2.9. > > The question I have is about stability. > > It will be used in a production environment supporting 15-20 simultaneous > client connections. I believe it to be stable and am using it in production with currently approx 10 simultaneous connections, which should go much higher during semester. This is with clients who are ethernet-connected; clients over the Internet may have problems since we don't do packet re-ordering and don't do congestion control, among other things. David. From luyer at ucs.uwa.edu.au Sun Jun 27 23:54:59 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Sun Jun 27 23:54:59 1999 Subject: [pptp-server] Re: [pptp-server] PPTP and Dial up PoPToP server In-Reply-To: Your message of "Fri, 25 Jun 1999 18:32:35 +0100." <4.1.19990625182034.009387d0@mail.copivista.pt> Message-ID: <199906280454.MAA12595@typhaon.ucs.uwa.edu.au> > The questions: > - Is this 'normal' ?? shouldn't PPTP 'see' that PPPD is already up ? The different pppd's should be independent. > - Is there a way to workaround this ? I mean, is it possible to have a > PoPToP server running over a dial up connection ? It should just work. The pppd on ttyp2 shouldn't care that there's a pppd on ttyS1. Have you accidentally left the device name specified in a config file somewhere, so it tries to use ttyS1? David. From grewer at grewer.flf.lu Tue Jun 29 09:30:17 1999 From: grewer at grewer.flf.lu (Niklas Hoglund) Date: Tue Jun 29 09:30:17 1999 Subject: [pptp-server] windows 2000 and pptpd Message-ID: Anyone managed to get windows2000 and pptpd work? =) I get basicly the same error all the time, seems lika pptpd sends out some "lcp req" that it doesnt get any response to. I've been looking in LanWatch and I can see that w2k is sending out some kind of response...but pptpd doesnt like it or something... anyone else got it working? Maybe the problem has something todo with: Jun 29 16:36:01 cool pptpd[5667]: CTRL: PPTP Control Message type 3 not supported. ??? Heres some logg, please give me some ideas! =) Jun 29 16:32:14 cool pptpd[4996]: CTRL: Client 192.168.1.101 control connection started Jun 29 16:32:14 cool pptpd[4996]: CTRL: Starting call (launching pppd, opening GRE) Jun 29 16:32:14 cool pptpd[4996]: CTRL: Allocating pty/tty pair Jun 29 16:32:14 cool pptpd[4996]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/dev/ttyp0) Jun 29 16:32:14 cool pppd[4997]: pppd 2.3.5 started by root, uid 0 Jun 29 16:32:14 cool pppd[4997]: Using interface ppp0 Jun 29 16:32:14 cool pppd[4997]: Connect: ppp0 <--> /dev/ttyp0 Jun 29 16:32:14 cool pppd[4997]: sent [LCP ConfReq id=0x1 ] Jun 29 16:32:41 cool last message repeated 9 times Jun 29 16:32:44 cool pptpd[4996]: GRE: read(fd=5,buffer=804c7e0,len=8196) from PTY failed: status = -1 errno = 5 Jun 29 16:32:44 cool pptpd[4996]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Jun 29 16:32:44 cool pptpd[4996]: CTRL: Client 192.168.1.101 control connection finished Jun 29 16:32:44 cool pppd[4997]: LCP: timeout sending Config-Requests Jun 29 16:32:44 cool pppd[4997]: Connection terminated. Jun 29 16:32:44 cool pppd[4997]: Exit. //Regards, Niklas From allanc at sco.com Tue Jun 29 09:46:30 1999 From: allanc at sco.com (Allan Clark) Date: Tue Jun 29 09:46:30 1999 Subject: [pptp-server] Re: [pptp-server] windows 2000 and pptpd References: Message-ID: <3778DBED.FE27B2F@sco.com> Niklas; If you add some (ack! ) pppd options "kdebug 6", I believe you will get a (long) log of packets to/from the pppd. It is the pppd that does Link Config (LC of LCP). Adding this option will show you all received and sent packets, giving some indication of what the error might be. kdebug 2 -- received packets kdebug 4 -- sent packets (bitmask; sum them) I can't necessarily help, but this might get the info these guys need to help. Allan Niklas Hoglund wrote: > Anyone managed to get windows2000 and pptpd work? =) > I get basicly the same error all the time, seems lika pptpd sends out some > "lcp req" that it doesnt get any response to. > I've been looking in LanWatch and I can see that w2k is sending out some > kind of response...but pptpd doesnt like it or something... anyone else > got it working? > > Maybe the problem has something todo with: > Jun 29 16:36:01 cool pptpd[5667]: CTRL: PPTP Control Message type 3 not > supported. > > ??? > > Heres some logg, please give me some ideas! =) > > Jun 29 16:32:14 cool pptpd[4996]: CTRL: Client 192.168.1.101 control > connection > started > Jun 29 16:32:14 cool pptpd[4996]: CTRL: Starting call (launching pppd, > opening GRE) > Jun 29 16:32:14 cool pptpd[4996]: CTRL: Allocating pty/tty pair > Jun 29 16:32:14 cool pptpd[4996]: CTRL: Allocated pty/tty pair > (/dev/ptyp0,/dev/ttyp0) > Jun 29 16:32:14 cool pppd[4997]: pppd 2.3.5 started by root, uid 0 > Jun 29 16:32:14 cool pppd[4997]: Using interface ppp0 > Jun 29 16:32:14 cool pppd[4997]: Connect: ppp0 <--> /dev/ttyp0 > Jun 29 16:32:14 cool pppd[4997]: sent [LCP ConfReq id=0x1 > 0xda9f4f62> ] > Jun 29 16:32:41 cool last message repeated 9 times > Jun 29 16:32:44 cool pptpd[4996]: GRE: read(fd=5,buffer=804c7e0,len=8196) > from PTY failed: status = -1 errno = 5 > Jun 29 16:32:44 cool pptpd[4996]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Jun 29 16:32:44 cool pptpd[4996]: CTRL: Client 192.168.1.101 control > connection > finished > Jun 29 16:32:44 cool pppd[4997]: LCP: timeout sending Config-Requests > Jun 29 16:32:44 cool pppd[4997]: Connection terminated. > Jun 29 16:32:44 cool pppd[4997]: Exit. > > //Regards, > Niklas > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From luyer at ucs.uwa.edu.au Tue Jun 29 09:57:00 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Tue Jun 29 09:57:00 1999 Subject: [pptp-server] Re: [pptp-server] windows 2000 and pptpd In-Reply-To: Your message of "Tue, 29 Jun 1999 16:30:08 +0200." Message-ID: <199906291456.WAA07415@typhaon.ucs.uwa.edu.au> > Maybe the problem has something todo with: > Jun 29 16:36:01 cool pptpd[5667]: CTRL: PPTP Control Message type 3 not > supported. No, that's not going to be it. Control message type 3 is to do with closing the control connection, something win2k is probably doing after it decides the link has failed. David. From randal at cs.uregina.ca Tue Jun 29 13:14:46 1999 From: randal at cs.uregina.ca (Dee Jay Randall) Date: Tue Jun 29 13:14:46 1999 Subject: [pptp-server] PPTP error: "PTY read or GRE write failed" Message-ID: I get the following error when I try to get PoPToP to run as pptp server to a winNT client. The NT side looks like it is doing the right thing, but the third line from the bottom of /var/adm/pptpd.log shows the server cutting the connection, which the NT machine then pops up an error that it got cut off. I am running debian linux, kernel 2.0.29 and pppd 2.2.0f and pptp 0.9.2 Any suggestions? Dee Jay Randall _-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_ randal at cs.uregina.ca | This above all: "to thine own self be true. | { } And it must follow as the night the day, { } _-__-_ ouch, { } thou canst not then be false to any man." { } > < that hurt | William Shakespeare, Hamlet | _) chomp (___________ ~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~-_-~ Jun 25 16:22:54 quasit pptpd[21098]: MGR: Launching /usr/local/bin/pptpctrl to h andle client In file /etc/ppp/options: unrecognized command require-chap Jun 25 16:22:54 quasit pptpd[21098]: CTRL: local address = 192.168.32.1 Jun 25 16:22:54 quasit pptpd[21098]: CTRL: remote address = 192.168.32.10 Jun 25 16:22:54 quasit pptpd[21098]: CTRL: pppd speed = 115200 Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Client 142.3.xxx.xx control connectio n started Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Received PPTP Control Message (type: 1) Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Made a START CTRL CONN packet Jun 25 16:22:54 quasit pptpd[21098]: CTRL: I wrote 156 bytes to the client. Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Sent packet to client Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Received PPTP Control Message (type: 7) Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Made a OUT CALL RPLY packet Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Starting call (launching pppd, openin g GRE) Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Allocating pty/tty pair Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Allocated pty/tty pair (/dev/ptyp0,/d ev/ttyp0) Jun 25 16:22:54 quasit pptpd[21098]: CTRL: pty_fd = 5 Jun 25 16:22:54 quasit pptpd[21098]: CTRL: tty_fd = 6 Jun 25 16:22:54 quasit pptpd[21098]: CTRL: I wrote 32 bytes to the client. Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Sent packet to client Jun 25 16:22:54 quasit pptpd[21099]: CTRL (PPPD Launcher): Connection speed = 11 5200 Jun 25 16:22:54 quasit pptpd[21099]: CTRL (PPPD Launcher): local address = 192.1 68.32.1 Jun 25 16:22:54 quasit pptpd[21099]: CTRL (PPPD Launcher): remote address = 192. 168.32.10 Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Received PPTP Control Message (type: 15) Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Ignored a SET LINK INFO packet Jun 25 16:22:54 quasit pptpd[21098]: CTRL: I wrote 32 bytes to the client. Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Sent packet to client Jun 25 16:22:55 quasit pptpd[21064]: MGR: Reaped child 21098 Jun 25 16:22:54 quasit pptpd[21098]: GRE: read(fd=5,buffer=804c7e0,len=8196) fro m PTY failed: status = -1 errno = 5 Jun 25 16:22:54 quasit pptpd[21098]: CTRL: PTY read or GRE write failed (pty,gre )=(5,6) Jun 25 16:22:55 quasit pptpd[21098]: CTRL: Client 142.3.xxx.xx control connectio n finished Jun 25 16:22:55 quasit pptpd[21098]: CTRL: Exiting now From matthewr at moreton.com.au Tue Jun 29 21:11:48 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Tue Jun 29 21:11:48 1999 Subject: [pptp-server] MSCHAPv2 and RC4 pppd patch Message-ID: <37797BBD.24006FC8@moreton.com.au> Hiya all, Thanks to ?rp?d Magos?nyi and Tim Hockin you can grab a pppd-2.3.8 patch that adds support for MSCHAPv2 authentication and Microsoft compatible encryption. The encryption is RC4 and is **not** included in the patch for obvious reasons... You can grab the RC4 files from somewhere else though (see the README.MPPE). You can download the patch from here: http://www.moretonbay.com/vpn/download_pptp.html (You will also need clean ppp-2.3.8 sources) Cheers, Matt. From luyer at ucs.uwa.edu.au Wed Jun 30 02:08:03 1999 From: luyer at ucs.uwa.edu.au (David Luyer) Date: Wed Jun 30 02:08:03 1999 Subject: [pptp-server] Re: [pptp-server] PPTP error: "PTY read or GRE write failed" In-Reply-To: Your message of "Tue, 29 Jun 1999 12:14:31 CST." Message-ID: <199906300707.PAA13686@typhaon.ucs.uwa.edu.au> > > I get the following error when I try to get PoPToP to run > as pptp server to a winNT client. The NT side looks like it is > doing the right thing, but the third line from the bottom of > /var/adm/pptpd.log shows the server cutting the connection, > which the NT machine then pops up an error that it got cut off. > > I am running debian linux, kernel 2.0.29 and pppd 2.2.0f and pptp 0.9.2 Does it work with Win98 clients? My first suspicion is a mis-configured PPPd. However if it _does_ work with Win98 clients, then my second suspicion is that we need to process the set link info packet which we currently ignore. > Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Ignored a SET LINK INFO packet > Jun 25 16:22:54 quasit pptpd[21098]: CTRL: I wrote 32 bytes to the client. > Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Sent packet to client > Jun 25 16:22:55 quasit pptpd[21064]: MGR: Reaped child 21098 > Jun 25 16:22:54 quasit pptpd[21098]: GRE: read(fd=5,buffer=804c7e0,len=8196) fro > m PTY failed: status = -1 errno = 5 David. From tmk at netmagic.net Wed Jun 30 02:27:11 1999 From: tmk at netmagic.net (tmk) Date: Wed Jun 30 02:27:11 1999 Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] PPTP error: "PTY read or GRE write failed" References: <199906300707.PAA13686@typhaon.ucs.uwa.edu.au> Message-ID: <002501bec2c8$68643d00$011c0fc0@lala.net> It works on 98. That's what i use to test. As far as i know we've been ignoring set_link_info packets forever and it's never broken things before. 90% of poptop problems are pppd / windows ppp misconfiguration issues. make sure encryption is off on 98 for example... Kevin ----- Original Message ----- From: David Luyer To: Dee Jay Randall Cc: PoPToP List Sent: Wednesday, June 30, 1999 12:07 AM Subject: [pptp-server] Re: [pptp-server] PPTP error: "PTY read or GRE write failed" > > > > I get the following error when I try to get PoPToP to run > > as pptp server to a winNT client. The NT side looks like it is > > doing the right thing, but the third line from the bottom of > > /var/adm/pptpd.log shows the server cutting the connection, > > which the NT machine then pops up an error that it got cut off. > > > > I am running debian linux, kernel 2.0.29 and pppd 2.2.0f and pptp 0.9.2 > > Does it work with Win98 clients? > > My first suspicion is a mis-configured PPPd. However if it _does_ work with > Win98 clients, then my second suspicion is that we need to process the set > link info packet which we currently ignore. > > > Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Ignored a SET LINK INFO packet > > Jun 25 16:22:54 quasit pptpd[21098]: CTRL: I wrote 32 bytes to the client. > > Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Sent packet to client > > Jun 25 16:22:55 quasit pptpd[21064]: MGR: Reaped child 21098 > > Jun 25 16:22:54 quasit pptpd[21098]: GRE: read(fd=5,buffer=804c7e0,len=8196) fro > > m PTY failed: status = -1 errno = 5 > > David. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From john at scl.co.uk Wed Jun 30 06:33:27 1999 From: john at scl.co.uk (John Sutton) Date: Wed Jun 30 06:33:27 1999 Subject: [pptp-server] PPTP over dialup Message-ID: <3.0.6.32.19990630102441.0087b8c0@mail.scl.co.uk> Hi I first tried to get poptop going some weeks ago with limited success but am now trying again. The server is: kernel 2.0.36 pptpd 0.8.9pre pppd 2.3.7 Clients are: MS VPN adapter on Win95 + DUN 1.3 pptp-linux 1.0.2 My problem is that it works fine over a LAN connection with either client, but fails with both clients when used over a dialup connection. From looking at the debug traces on the server and the linux client, I can see that the server is sending the LCP requests and the client receives these and responds by sending the LCP acks, and its own LCP requests, BUT these are never received by the server. The server just sends 10 requests and having got nothing back, times out. This is not a firewall issue (I've eliminated the firewall for the purpose of trying to get this going) so what is it? How do I get a handle on it? More generally, what is the relevance of the speed parameter in the pptpd.conf file? Is this just something to keep pppd happy but otherwise of no significance? I can't see what sense it makes because pppd is not handling a real serial line? Any help greatly appreciated! John Sutton *************************************************** John Sutton SCL Computer Services URL http://www.scl.co.uk/ Tel. +44 (0) 1239 621021 *************************************************** From nico at sonycom.com Wed Jun 30 07:54:55 1999 From: nico at sonycom.com (Nico De Ranter) Date: Wed Jun 30 07:54:55 1999 Subject: [pptp-server] pptpd on MkLinux anyone? Message-ID: <199906301254.MAA29207@oshima.sonytel.be> Howdy, did anybody succeed in getting PoPToP to work on a Mac running MkLinux (as a server)? (I have a number of SUNs and Macintoshes available but no PC Linux, but I don't succeed in getting poptop to run either one of them :-( Nico -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From anders.vannman at nyavf.se Wed Jun 30 09:00:54 1999 From: anders.vannman at nyavf.se (=?iso-8859-1?Q?Anders_V=E4nnman?=) Date: Wed Jun 30 09:00:54 1999 Subject: [pptp-server] Re: [pptp-server] Re: [pptp-server] PPTP error: "PTY read or GRE write failed" Message-ID: -----Original Message----- From: Anders V?nnman Sent: den 30 juni 1999 15:54 To: 'tmk' Subject: RE: [pptp-server] Re: [pptp-server] Re: [pptp-server] PPTP error: "PTY read or GRE write failed" I have a similar problem. Have it working from a WinNT 4.0 and from one Win98 on the local network. When I try connecting a Win98 via internet it doesnt work. As far as I see it the Win98 is correct configured (no encr, req pass, no compr, only tcp/ip and so on). The Win98 disconnects after a while trying to auth. My only thought right now is that the remote Win98's firewall thats filtering out packets so that they never reach us. Could it be that they don't allow RAW?? Jun 30 15:35:34 gatekeeper pppd[14244]: Connect: ppp0 <--> /dev/pts/6 Jun 30 15:36:04 gatekeeper pptpd[14243]: GRE: read(fd=5,buffer=804c8e0,len=8196\ ) from PTY failed: status = -1 errno = 5 Jun 30 15:36:04 gatekeeper pptpd[14243]: CTRL: PTY read or GRE write failed (pt\ y,gre)=(5,6)) Jun 30 15:36:04 gatekeeper pptpd[14243]: CTRL: Client XXX.XXX.XXX.XXX control con\ nection finished Jun 30 15:36:04 gatekeeper pppd[14244]: LCP: timeout sending Config-Requests Jun 30 15:36:04 gatekeeper pppd[14244]: Connection terminated. >It works on 98. That's what i use to test. As far as i know we've been ignoring set_link_info packets forever and it's never broken things before. 90% of poptop problems are pppd / windows ppp misconfiguration issues. make sure encryption is off on 98 for example... Kevin ----- Original Message ----- From: David Luyer To: Dee Jay Randall Cc: PoPToP List Sent: Wednesday, June 30, 1999 12:07 AM Subject: [pptp-server] Re: [pptp-server] PPTP error: "PTY read or GRE write failed" > > > > I get the following error when I try to get PoPToP to run > > as pptp server to a winNT client. The NT side looks like it is > > doing the right thing, but the third line from the bottom of > > /var/adm/pptpd.log shows the server cutting the connection, > > which the NT machine then pops up an error that it got cut off. > > > > I am running debian linux, kernel 2.0.29 and pppd 2.2.0f and pptp 0.9.2 > > Does it work with Win98 clients? > > My first suspicion is a mis-configured PPPd. However if it _does_ work with > Win98 clients, then my second suspicion is that we need to process the set > link info packet which we currently ignore. > > > Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Ignored a SET LINK INFO packet > > Jun 25 16:22:54 quasit pptpd[21098]: CTRL: I wrote 32 bytes to the client. > > Jun 25 16:22:54 quasit pptpd[21098]: CTRL: Sent packet to client > > Jun 25 16:22:55 quasit pptpd[21064]: MGR: Reaped child 21098 > > Jun 25 16:22:54 quasit pptpd[21098]: GRE: read(fd=5,buffer=804c7e0,len=8196) fro > > m PTY failed: status = -1 errno = 5 > > David. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From nico at sonycom.com Wed Jun 30 10:08:07 1999 From: nico at sonycom.com (Nico De Ranter) Date: Wed Jun 30 10:08:07 1999 Subject: [pptp-server] "SLIRP mode currently requires PPPd IP allocation. Message-ID: <199906301507.PAA00080@oshima.sonytel.be> Howdy, I'm trying to compile pptp with slirp support. I compiled and installed slirp without problems, but when I try to configure pptpd 0.9.2 I get: #./configure --prefix=/usr/local.host/pptp-0.9.2/ --with-libwrap --with-slirp loading cache ./config.cache checking for a BSD compatible install... /usr/local/bin/install -c checking whether build environment is sane... yes ... checking for gethostbyname in -lnsl... yes checking for openpty in -lutil... no SLIRP mode currently requires PPPd IP allocation. I tried adding "--with-pppd-ip-alloc" but that didn't work either. How can I make configure work? Nico -- -------------------------------------------------------- How do you tell when you run out of invisible ink? -------------------------------------------------------- Nico De Ranter Sony Service Center (SUPC-E/NSSE) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: nico.deranter at sonycom.com From wfaulk at totalsports.net Wed Jun 30 12:47:21 1999 From: wfaulk at totalsports.net (Bitt Faulk) Date: Wed Jun 30 12:47:21 1999 Subject: [pptp-server] PPTP routing Message-ID: I know that this is not really on topic, but you guys might know anyway. Here's my setup: Users dial up to local ISP. Users make PPTP connection to a machine on my local network. The IP address that they are assigned is in the net 172.31.0 The IP address that the server is assigned is in 172.31.1 My local net is 216.2.60/23 Now, all of the computers that dial up seem to route to my local network via the PPTP connection, not that it seems to add that to the routing table printed by 'route print'. Some of the computers seem to route everything else via the normal dialup connection. Others seem to route everything via the VPN. Does anyone have any idea why this might be the case, or how to fix it? I was trying to avoid allocating addresses on my local network to get it to function properly, but I can. Maybe the reason it works sometimes is due to some Microsoft nondeterministic magic. Would everyone suggest that I use addresses on my local network? -Bitt From rgotty at mars.ikvus.com Wed Jun 30 14:07:19 1999 From: rgotty at mars.ikvus.com (Rod Gotty) Date: Wed Jun 30 14:07:19 1999 Subject: [pptp-server] PTY?? Message-ID: The documentation says that I need to make sure my kernel is compiled with PTY support. What is PTY support and what options in the kernel do I need to modify. I'm using the kernel that came with RedHat-6.0 - do I need to change the config and recompile or is there a system configuration I need to worry about? Also, after running pptpd and monitoring its log file and seeing that it failed to open ttyp1 - I chmod +rw /dev/ttyp[0-9] and it seemed to work somewhat. But, after I rebooted, I had to do this again. Is this normal? Thanks -Rod