From mcarvajal at msn.com Mon Nov 1 20:31:58 1999 From: mcarvajal at msn.com (Miguel Carvajal) Date: Mon Nov 1 20:31:58 1999 Subject: [pptp-server] ppp_mppe Error Message-ID: <014401bf24d1$b7e3fd00$02cac7c8@carvajal.com> Hi there, I'am running Redhat 6.0. I'am having trouble installing the ppp_mppe modules. When I type: /sbin/insmod /lib/modules/2.2.5-15/net/ppp_mppe.o it returns: /lib/modules/2.2.5-15/net/ppp_mppe.o: can't handle sections of type 16777216 Does anyone know what's happening? Thanks in advance, Miguel Carvajal -------------- next part -------------- An HTML attachment was scrubbed... URL: From P.J.Reid at earthling.net Tue Nov 2 04:14:10 1999 From: P.J.Reid at earthling.net (Patrick Reid) Date: Tue Nov 2 04:14:10 1999 Subject: [pptp-server] Error 742 In-Reply-To: <381BCEAE.18D6F023@wt.net> Message-ID: <000001bf251a$a34d6900$0200a8c0@Reidworld.dynip.com> Thanks: that was the problem (at least adding "alias ppp-compress-18 ppp_mppe" to my etc/conf.modules file - I hadn't done the others till I got your message, but I added the ones you suggested as well) Just a question: is it a typo or am I really supposed to list ppp_deflate twice? Or should it be another module listed for either ppp-compress-24 or -26? Now I've just got to figure out some way to get my SaMBa server to even see log on requests from a VPN-connected client. I don't know what is wrong there, as I am handing out IP addresses within the same subnet as I connect from internally (different from those of machines which are already connected, of course). But the "logging on to network" just sits there for about a minute, then the DUN says it is connected, but I cant see any shares and my nmbd logs don't even show logon requests, nor do any of the smbd logs show any activity. Patrick Reid - mailto:P.J.Reid at earthling.net ALARA Research, Inc. Communication Centre: http://www.mirabilis.com/1052176 -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of G.L.G. Sent: Sunday, October 31, 1999 1:08 AM To: tmk Cc: Patrick Reid; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Error 742 well, don't know if this will fix all your probs, but your certainly not finding your /lib/moduels/* you need to add the following lines to your /etc/conf.modules file (you probably have rh): alias ppp-compress-18 (i'm not sure on this one, but go search in dejanews.com) alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate this will get you the proper names of the modules so that they can be picked up (assuming you've built'em) Gary tmk wrote: > did you add the encryption stuff to the ppp options file? you need to do > that > > might be complaining about the lack of compression (does mppe need this?) > make sure to insmod the various compression modules. > > Kevin > ----- Original Message ----- > From: Patrick Reid > To: > Sent: Saturday, October 30, 1999 7:31 PM > Subject: [pptp-server] Error 742 > > > I have installed pppd version 2.3.8, with the patches for encrypted > > connections. I have also uninstalled VPN support from Win98, re-installed > > and then run DUN40.EXE. But when I try to connect, I get error 742: The > > computer you are dialling in to does not support the data encryption > > requirements specified. > > > > My pptpd.log contains the following: > > > > Oct 30 23:27:05 Black pptpd[26567]: CTRL: Client 192.168.0.2 control > > connection started > > Oct 30 23:27:05 Black pptpd[26567]: CTRL: Starting call (launching pppd, > > opening GRE) > > Oct 30 23:27:06 Black pppd[26568]: pppd 2.3.8 started by root, uid 0 > > Oct 30 23:27:06 Black pppd[26568]: Using interface ppp0 > > Oct 30 23:27:06 Black pppd[26568]: Connect: ppp0 <--> /dev/pts/6 > > Oct 30 23:27:06 Black pppd[26568]: sent [LCP ConfReq id=0x1 > > ] > > Oct 30 23:27:07 Black pppd[26568]: rcvd [LCP ConfReq id=0x1 0xa61eb> > > ] > > Oct 30 23:27:07 Black pppd[26568]: sent [LCP ConfAck id=0x1 0xa61eb> > > ] > > Oct 30 23:27:09 Black pppd[26568]: sent [LCP ConfReq id=0x1 > > ] > > Oct 30 23:27:09 Black pppd[26568]: rcvd [LCP ConfAck id=0x1 > > ] > > Oct 30 23:27:09 Black pppd[26568]: sent [CHAP Challenge id=0x1 > > <363eb2bb527e8bf1b18ebc45e181bddb>, name = "Black"] > > Oct 30 23:27:09 Black pppd[26568]: rcvd [CHAP Response id=0x1 > > > <112d52d249dd55d10666e18e7ed22a6f0000000000000000512f364cbc6e9c4a5cea4964d66 > > 6a5c9be22490207aa3d5c04>, name = "REID\\patrick"] > > Oct 30 23:27:09 Black pppd[26568]: Warning - secret file > > /etc/ppp/chap-secrets has world and/or group access > > Oct 30 23:27:09 Black pppd[26568]: sent [CHAP Success id=0x1 > > "S=1EC5F7E12C5FAA97120862370BDD3745D90D09AA"] > > Oct 30 23:27:09 Black pppd[26568]: sent [IPCP ConfReq id=0x1 > 192.168.0.101> ] > > Oct 30 23:27:09 Black modprobe: can't locate module ppp-compress-21 > > Oct 30 23:27:09 Black modprobe: can't locate module ppp-compress-18 > > Oct 30 23:27:09 Black modprobe: can't locate module ppp-compress-26 > > Oct 30 23:27:10 Black modprobe: can't locate module ppp-compress-24 > > Oct 30 23:27:10 Black pppd[26568]: MSCHAP-v2 peer authentication succeeded > > for REID\\patrick > > Oct 30 23:27:10 Black pppd[26568]: rcvd [IPCP ConfReq id=0x1 0.0.0.0> > >

] > > Oct 30 23:27:10 Black pppd[26568]: sent [IPCP ConfRej id=0x1 > 0.0.0.0>

] > > Oct 30 23:27:10 Black pppd[26568]: rcvd [CCP ConfReq id=0x1 31> > > ] > > Oct 30 23:27:10 Black modprobe: can't locate module ppp-compress-21 > > Oct 30 23:27:10 Black modprobe: can't locate module ppp-compress-18 > > Oct 30 23:27:10 Black modprobe: can't locate module ppp-compress-26 > > Oct 30 23:27:10 Black modprobe: can't locate module ppp-compress-24 > > Oct 30 23:27:10 Black pppd[26568]: sent [CCP ConfReq id=0x1] > > Oct 30 23:27:11 Black modprobe: can't locate module ppp-compress-18 > > Oct 30 23:27:11 Black pppd[26568]: sent [CCP ConfRej id=0x1 20> > > ] > > Oct 30 23:27:11 Black pppd[26568]: rcvd [IPCP ConfRej id=0x1 0f > > 01>] > > Oct 30 23:27:11 Black pppd[26568]: sent [IPCP ConfReq id=0x2 > 192.168.0.101>] > > Oct 30 23:27:11 Black pppd[26568]: rcvd [IPCP ConfReq id=0x2 0.0.0.0>] > > Oct 30 23:27:11 Black pppd[26568]: sent [IPCP ConfNak id=0x2 > 192.168.0.201>] > > Oct 30 23:27:11 Black pppd[26568]: rcvd [CCP ConfAck id=0x1] > > Oct 30 23:27:11 Black pppd[26568]: rcvd [CCP ConfReq id=0x2] > > Oct 30 23:27:11 Black pppd[26568]: sent [CCP ConfAck id=0x2] > > Oct 30 23:27:11 Black pppd[26568]: rcvd [IPCP ConfAck id=0x2 > 192.168.0.101>] > > Oct 30 23:27:11 Black pppd[26568]: rcvd [IPCP ConfReq id=0x3 > 192.168.0.201>] > > Oct 30 23:27:11 Black pppd[26568]: sent [IPCP ConfAck id=0x3 > 192.168.0.201>] > > Oct 30 23:27:11 Black pppd[26568]: found interface eth0 for proxy arp > > Oct 30 23:27:11 Black pppd[26568]: local IP address 192.168.0.101 > > Oct 30 23:27:11 Black pppd[26568]: remote IP address 192.168.0.201 > > Oct 30 23:27:11 Black pppd[26568]: Script /etc/ppp/ip-up started (pid > 26581) > > Oct 30 23:27:11 Black pppd[26568]: rcvd [CCP TermReq id=0x3] > > Oct 30 23:27:11 Black pppd[26568]: CCP terminated by peer > > Oct 30 23:27:11 Black pppd[26568]: sent [CCP TermAck id=0x3] > > Oct 30 23:27:11 Black pppd[26568]: Compression disabled by peer. > > Oct 30 23:27:11 Black pppd[26568]: Script /etc/ppp/ip-up finished (pid > > 26581), status = 0x0 > > Oct 30 23:27:47 Black pppd[26568]: rcvd [LCP TermReq id=0x2] > > Oct 30 23:27:47 Black pppd[26568]: LCP terminated by peer > > Oct 30 23:27:47 Black pppd[26568]: Script /etc/ppp/ip-down started (pid > > 26611) > > Oct 30 23:27:47 Black pppd[26568]: sent [LCP TermAck id=0x2] > > Oct 30 23:27:47 Black pptpd[26567]: CTRL: Error with select(), quitting > > Oct 30 23:27:47 Black pptpd[26567]: CTRL: Client 192.168.0.2 control > > connection finished > > Oct 30 23:27:47 Black pppd[26568]: Modem hangup > > Oct 30 23:27:47 Black pppd[26568]: Connection terminated. > > Oct 30 23:27:47 Black pppd[26568]: Connect time 0.7 minutes. > > Oct 30 23:27:47 Black pppd[26568]: Sent 477 bytes, received 439 bytes. > > Oct 30 23:27:47 Black pppd[26568]: Waiting for 1 child processes... > > Oct 30 23:27:47 Black pppd[26568]: script /etc/ppp/ip-down, pid 26611 > > Oct 30 23:27:47 Black pppd[26568]: Script /etc/ppp/ip-down finished (pid > > 26611), status = 0x0 > > Oct 30 23:27:47 Black pppd[26568]: Exit. > > > > Any idea what I am missing? Connections with no encryption work fine. > > > > Patrick Reid - mailto:P.J.Reid at earthling.net > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From vish at gn.gtsl.co.in Tue Nov 2 05:37:18 1999 From: vish at gn.gtsl.co.in (Vishwanath Paranjape) Date: Tue Nov 2 05:37:18 1999 Subject: [pptp-server] (no subject) Message-ID: <1.5.4.32.19991102172336.00686540@95.45.5.77> hi i am using WINNT VPN server with 8 simultaneous inbound connections at present i am using ip pool from my legal addresses so wating 9 ip addresses is there any way i can use my 192.168.0.x addresses ? i tried the same but was not successful i cannot place the server behind my firewall as the firewall is not giving me access for the pptp protocol can somebody help me? vishwanath From tmk at netmagic.net Tue Nov 2 09:37:42 1999 From: tmk at netmagic.net (tmk) Date: Tue Nov 2 09:37:42 1999 Subject: [pptp-server] (no subject) References: <1.5.4.32.19991102172336.00686540@95.45.5.77> Message-ID: <002301bf2548$9ab6af80$071c0fc0@lala.net> This is the Linux pptp server mailing list. The only way to use 192.168 addresses with NT that i know of (and have them work on the net) is to assign them those addresses then tell them their default gateway is a win98 box with a real IP address that is running win98's internet connection sharing. There may be other 3d party software for nt that you can use, but i dont know what it is. you have to set your firewall to allow GRE packets (ip protocol 47) and incoming connections on port 1723 if you want to allow pptp stuff through Kevin ----- Original Message ----- From: Vishwanath Paranjape To: Sent: Tuesday, November 02, 1999 9:23 AM Subject: [pptp-server] (no subject) > hi > i am using WINNT VPN server with 8 simultaneous inbound connections > at present i am using ip pool from my legal addresses so wating 9 ip addresses > is there any way i can use my 192.168.0.x addresses ? > > i tried the same but was not successful > i cannot place the server behind my firewall as the firewall is not giving > me access for the pptp protocol > > can somebody help me? > > vishwanath > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From john_g11 at yahoo.com Tue Nov 2 13:15:24 1999 From: john_g11 at yahoo.com (John Green) Date: Tue Nov 2 13:15:24 1999 Subject: [pptp-server] Re: [pptp-server] Message-ID: <19991102192700.29234.rocketmail@web216.mail.yahoo.com> Which firewall are you using ? You need to allow to things on the firewall: first allow IP protocol Number 47 (which is GRE) and allow TCP port 1723. Ofcourse not all firewalls can understand other IP protocols. so which firewall are you using. If it is something personal then email me offline. The IP range 192.168 is private address range.... VPN------------Firewall---------Internet---- server | | Local Network Make the default gateway for all host in the local Network point to the VPN server box, in your case as you say is the Winnt Box and ie a PPTP server. I hope this helps and makes things easier. feel free to emai lme, as i have implemented this for my network. I did have problems with allowing the PPTP throught the firewall. But then this is part of our job and we learnt as well we progressed. --- Vishwanath Paranjape wrote: > hi > i am using WINNT VPN server with 8 simultaneous > inbound connections > at present i am using ip pool from my legal > addresses so wating 9 ip addresses > is there any way i can use my 192.168.0.x addresses > ? > > i tried the same but was not successful > i cannot place the server behind my firewall as the > firewall is not giving > me access for the pptp protocol > > can somebody help me? > > vishwanath > > > > > _______________________________________________ > pptp-server maillist - > pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > ===== __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com From mis at cindyrowe.com Wed Nov 3 09:07:01 1999 From: mis at cindyrowe.com (Matthew C. Grab) Date: Wed Nov 3 09:07:01 1999 Subject: [pptp-server] PPP 2.3.10 Message-ID: <008e01bf260d$2f0fd3e0$0200a8c0@mis> Hi, I have been following the PopTop Howto. In the PPP compile /install part, I am supposed to type "make modules SUBDIRS=drivers/net" while in the /usr/src/linux directory. I am getting this error message. Can anybody help point me in the right direction? I'm running RedHat 6.0, and I don't know much about compiling kernels or modules or where in linux source for anything is kept/installed. I would greatly appreciate any help you could offer. I started with PPP 2.3.8 and the mppe patch, but I couldn't get anywhere, so I moved to PPP 2.3.10 with the mppe patch. Thanks in advance, Matt Grab mis at cindyrowe.com [root at shop7 linux]# make modules SUBDIRS=drivers/net make -C drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 -malign-functio ns=2 -DCPU=586 -DMODULE -DMODVERSIONS -include /usr/src/linux-2.2.5/include/linu x/modversions.h" MAKING_MODULES=1 modules make[1]: Entering directory `/usr/src/linux-2.2.5/drivers/net' make[1]: *** No rule to make target `/usr/src/linux-2.2.5/include/linux/module.h ', needed by `ppp.o'. Stop. make[1]: Leaving directory `/usr/src/linux-2.2.5/drivers/net' make: *** [_mod_drivers/net] Error 2 [root at shop7 linux]# -------------- next part -------------- An HTML attachment was scrubbed... URL: From chrisk at ciris.net Wed Nov 3 11:06:31 1999 From: chrisk at ciris.net (Christopher Kuhl) Date: Wed Nov 3 11:06:31 1999 Subject: [pptp-server] Routing PPTP tunnels Message-ID: <00c601bf261d$ce3c2b20$02016f0a@tiger.ciris.net> I am having a problem with pptp tunnels when I connect from an LRP router to an LRP router. When the tunnel is made, I can ping each router, but nothing on the remote network. If I connect with a Windows machine it works fine. I added routes on both ends back to the other, and the routing table looks fine. I also tryed to masq the client router, but I keep getting TCP/UDP checksum errors(any help with this is welcome). I really need this to work soon. I want to just route the trafic on the tunnel, not masq it. I think the problem may be in my firewall script, but I am not sure. I have two rules, "ipfwadm -I -a accept -W ppp1", and "ipfwadm -O -a accept -W ppp1". If I am masq'ing trafic comes through, but I get a lot of checksum errors and my terminal apps stall for long periods of time. The part that stumps me is that a Windows (they do not get masg'ed by the way) machine has not trouble, and I can ping the local ip, remote ip, and the routers our ips from both sides. This leads me to believe that my firewall rules are OK. I am masq'ing the ppp connection to the internet, but not the second ppp connection from the tunnel. Has anyone got this working, and if so, how? Thanks, Chris Kuhl From EMIR.TOKTAR at bra.xerox.com Wed Nov 3 14:59:04 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Wed Nov 3 14:59:04 1999 Subject: [pptp-server] PPP 2.3.10 Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F1393@bra0070ms1.bra.xerox.com> When I installed the PoPToP, I follow the procedures HowTo/Faq and had any problems. I modifyed any procedures below and work fine. Procedures that I used for comments. (+) lines that I add .... (-) lines that I cut .... # not necessary # comment ****************************** PoPToP HOWTO/FAQ ---------------- Last Updated: 19990813 Maintained by: Matthew Ramsay HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP Mailing List (hosted by Christopher Schulte) by Matthew Ramsay. Large contributions from Steve Rhodes and Michael Walter. +++++++++++++++++++++ 3.0 PPP (and MSCHAP/MPPE) Installation -------------------------------------- It is only necessary to use PPP 2.3.8 if you want Microsoft compatible MSCHAPv2/MPPE authentication and encryption. The reason for this is that the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP 2.3.8. If you don't need Microsoft compatible authentication/encryption any 2.3.x PPP source will be fine. Assuming you want Microsoft compatible authentication/encryption follow these steps: Note: [] are example commands to run 1. Grab yourself a clean copy of the PPP deamon v2.3.8 (ppp-2.3.8.tar.gz). I usually go here for my PPP files: ftp://cs.anu.edu.au/pub/software/ppp/ Note: You must get the tarball (tar.gz) and *not* the RPM. 2. Grab youself the MSCHAP/MPPE diff file from: http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff. gz 3. Grab yourself the SSLeay-0.6.6b file from: ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz 4. You should now have 3 files: ppp-2.3.8.tar.gz ppp-2.3.8-mppe-others-norc4_TH7.diff.gz SSLeay-0.6.6b.tar.gz (+) ppp-2.3.8-patch1 ==>correction for IPX/SPX Copy these files to your preferred location (I prefer /usr/local/src/) #e.g. I uninstall previus ppp (+) rpm -e ppp-2.3.7-2 5. Assuming your files are in /usr/local/src/ and your current working directory is also /usr/local/src/ do the following: [tar zxvf ppp-2.3.8.tar.gz] [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] # e.g.. it's not gunzip... [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] [tar zxvf SSLeay-0.6.6b.tar.gz] [cp SSLeay-0.6.6b/crypto/rc4/rc4.h ppp-2.3.8/linux/] [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c ppp-2.3.8/linux/] (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/] (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c /usr/src/linux/drivers/net/] (+) [cp ppp-2.3.8-patch1 ppp-2.3.8/pppd] (+) [cd ppp-2.3.8/pppd] (+) [patch -p0 < ppp-2.3.8-patch1] (+) [cd /usr/local/src/] [patch -p0 < ppp-2.3.8-mppe-others-norc4_TH7.diff] [cd ppp-2.3.8] 6. The files should now all be in place and we are ready to compile PPP. Follow these steps to compile it: [./configure] (+) [make kernel] --> reference ppp-2.3.8 #e.g. It isen't necessary following lines below described in HOWTOFAQ... (-) [cd linux] # not necessary (-) [./kinstall.sh] # not necessary (-) [cd ..] # not necessary ## ## Read documentation in ppp-2.3.8 ### ## README.linux ##-----(if kernel < 2.2.8)---------### # e.g. Build the kernel when < Kernel 2.2.8 # kernel [cd /usr/src/linux/] [make menuconfig .....if necessary ...] [make dep] [make clean] [make bzImage] [make modules] [make modules_install] ###-----(endif kernel < 2.2.8)---------### [pwd] [usr/local/src/ppp-2.3.8] # be sure into ppp-2.3.8 dir [make] [cp pppd/pppd /usr/sbin/] (+) [make install] --> reference ppp-2.3.8 [cd /usr/src/linux] [make modules SUBDIRS=drivers/net] [make modules_install] [rmmod ppp] (+) [insmod slhc] (+) [insmod ppp] (+) [insmod bsd_comp] (+) [insmod ppp_deflate] (+) [insmod ppp_mppe] Emir Toktar +55 ** 41 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: Matthew C. Grab [mailto:mis at cindyrowe.com] Sent: Wednesday, November 03, 1999 1:08 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] PPP 2.3.10 Hi, I have been following the PopTop Howto. In the PPP compile /install part, I am supposed to type "make modules SUBDIRS=drivers/net" while in the /usr/src/linux directory. I am getting this error message. Can anybody help point me in the right direction? I'm running RedHat 6.0, and I don't know much about compiling kernels or modules or where in linux source for anything is kept/installed. I would greatly appreciate any help you could offer. I started with PPP 2.3.8 and the mppe patch, but I couldn't get anywhere, so I moved to PPP 2.3.10 with the mppe patch. Thanks in advance, Matt Grab mis at cindyrowe.com [root at shop7 linux]# make modules SUBDIRS=drivers/net make -C drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 -malign-functio ns=2 -DCPU=586 -DMODULE -DMODVERSIONS -include /usr/src/linux-2.2.5/include/linu x/modversions.h" MAKING_MODULES=1 modules make[1]: Entering directory `/usr/src/linux-2.2.5/drivers/net' make[1]: *** No rule to make target `/usr/src/linux-2.2.5/include/linux/module.h ', needed by `ppp.o'. Stop. make[1]: Leaving directory `/usr/src/linux-2.2.5/drivers/net' make: *** [_mod_drivers/net] Error 2 [root at shop7 linux]# From matthewr at moreton.com.au Wed Nov 3 17:40:43 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Wed Nov 3 17:40:43 1999 Subject: [pptp-server] PPP 2.3.10 References: <51E5E026247AD2118CDD0008C74CC2DD5F1393@bra0070ms1.bra.xerox.com> Message-ID: <99110409335001.02363@gibberling.moretonbay> I'll merge these changes into the current HOWTO -matt On Thu, 04 Nov 1999, Toktar, Emir wrote: >When I installed the PoPToP, I follow the procedures HowTo/Faq and had any >problems. > >I modifyed any procedures below and work fine. > >Procedures that I used for comments. >(+) lines that I add .... >(-) lines that I cut .... # not necessary ># comment >****************************** >PoPToP HOWTO/FAQ >---------------- >Last Updated: 19990813 >Maintained by: Matthew Ramsay >HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP Mailing List >(hosted by Christopher Schulte) by Matthew Ramsay. Large contributions from >Steve Rhodes and Michael Walter. >+++++++++++++++++++++ >3.0 PPP (and MSCHAP/MPPE) Installation >-------------------------------------- >It is only necessary to use PPP 2.3.8 if you want Microsoft compatible >MSCHAPv2/MPPE authentication and encryption. The reason for this is that >the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP 2.3.8. >If you don't need Microsoft compatible authentication/encryption any 2.3.x >PPP source will be fine. >Assuming you want Microsoft compatible authentication/encryption follow >these steps: >Note: [] are example commands to run >1. Grab yourself a clean copy of the PPP deamon v2.3.8 (ppp-2.3.8.tar.gz). > I usually go here for my PPP files: >ftp://cs.anu.edu.au/pub/software/ppp/ > Note: You must get the tarball (tar.gz) and *not* the RPM. >2. Grab youself the MSCHAP/MPPE diff file from: > >http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff. >gz >3. Grab yourself the SSLeay-0.6.6b file from: > ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz >4. You should now have 3 files: > ppp-2.3.8.tar.gz > ppp-2.3.8-mppe-others-norc4_TH7.diff.gz > SSLeay-0.6.6b.tar.gz > (+) ppp-2.3.8-patch1 ==>correction for IPX/SPX >Copy these files to your preferred location (I prefer /usr/local/src/) > #e.g. I uninstall previus ppp > (+) rpm -e ppp-2.3.7-2 >5. Assuming your files are in /usr/local/src/ and your current working >directory is also /usr/local/src/ do the following: > [tar zxvf ppp-2.3.8.tar.gz] > [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] > # e.g.. it's not gunzip... [gunzip >ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] > [tar zxvf SSLeay-0.6.6b.tar.gz] > [cp SSLeay-0.6.6b/crypto/rc4/rc4.h ppp-2.3.8/linux/] > [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c ppp-2.3.8/linux/] > (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/] > (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c /usr/src/linux/drivers/net/] > (+) [cp ppp-2.3.8-patch1 ppp-2.3.8/pppd] > (+) [cd ppp-2.3.8/pppd] > (+) [patch -p0 < ppp-2.3.8-patch1] > (+) [cd /usr/local/src/] > [patch -p0 < ppp-2.3.8-mppe-others-norc4_TH7.diff] > [cd ppp-2.3.8] > >6. The files should now all be in place and we are ready to compile PPP. >Follow these steps to compile it: > [./configure] > (+) [make kernel] --> reference ppp-2.3.8 > #e.g. It isen't necessary following lines below described in >HOWTOFAQ... > (-) [cd linux] # not necessary > (-) [./kinstall.sh] # not necessary > (-) [cd ..] # not necessary > > >## >## Read documentation in ppp-2.3.8 ### >## README.linux >##-----(if kernel < 2.2.8)---------### ># e.g. Build the kernel when < Kernel 2.2.8 ># kernel > [cd /usr/src/linux/] > [make menuconfig .....if necessary ...] > [make dep] > [make clean] > [make bzImage] > [make modules] > [make modules_install] >###-----(endif kernel < 2.2.8)---------### > [pwd] > [usr/local/src/ppp-2.3.8] # be sure into ppp-2.3.8 dir > [make] > [cp pppd/pppd /usr/sbin/] > (+) [make install] --> reference ppp-2.3.8 > [cd /usr/src/linux] > [make modules SUBDIRS=drivers/net] > [make modules_install] > [rmmod ppp] > (+) [insmod slhc] > (+) [insmod ppp] > (+) [insmod bsd_comp] > (+) [insmod ppp_deflate] > (+) [insmod ppp_mppe] > > From tlskinner at mail.mv.total-web.net Wed Nov 3 18:49:48 1999 From: tlskinner at mail.mv.total-web.net (Tony Skinner) Date: Wed Nov 3 18:49:48 1999 Subject: [pptp-server] PPP 2.3.10 In-Reply-To: <99110409335001.02363@gibberling.moretonbay> References: <51E5E026247AD2118CDD0008C74CC2DD5F1393@bra0070ms1.bra.xerox.com> Message-ID: <3.0.5.32.19991103184323.007ef100@mail.hendersontrucking.com> I believe kinstall.sh does everything your mentioning if I am not mistaken. I would have to look at the file first though. I followed the instructions given when i installed ppp-2.3.10 onto a 2.2.13 kernel setup. I ran into no problems whatsoever. Tony At 09:33 AM 11/4/99 +1000, you wrote: >I'll merge these changes into the current HOWTO > >-matt > >On Thu, 04 Nov 1999, Toktar, Emir wrote: >>When I installed the PoPToP, I follow the procedures HowTo/Faq and had any >>problems. >> >>I modifyed any procedures below and work fine. >> >>Procedures that I used for comments. >>(+) lines that I add .... >>(-) lines that I cut .... # not necessary >># comment >>****************************** >>PoPToP HOWTO/FAQ >>---------------- >>Last Updated: 19990813 >>Maintained by: Matthew Ramsay >>HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP Mailing List >>(hosted by Christopher Schulte) by Matthew Ramsay. Large contributions from >>Steve Rhodes and Michael Walter. >>+++++++++++++++++++++ >>3.0 PPP (and MSCHAP/MPPE) Installation >>-------------------------------------- >>It is only necessary to use PPP 2.3.8 if you want Microsoft compatible >>MSCHAPv2/MPPE authentication and encryption. The reason for this is that >>the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP 2.3.8. >>If you don't need Microsoft compatible authentication/encryption any 2.3.x >>PPP source will be fine. >>Assuming you want Microsoft compatible authentication/encryption follow >>these steps: >>Note: [] are example commands to run >>1. Grab yourself a clean copy of the PPP deamon v2.3.8 (ppp-2.3.8.tar.gz). >> I usually go here for my PPP files: >>ftp://cs.anu.edu.au/pub/software/ppp/ >> Note: You must get the tarball (tar.gz) and *not* the RPM. >>2. Grab youself the MSCHAP/MPPE diff file from: >> >>http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff. >>gz >>3. Grab yourself the SSLeay-0.6.6b file from: >> ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz >>4. You should now have 3 files: >> ppp-2.3.8.tar.gz >> ppp-2.3.8-mppe-others-norc4_TH7.diff.gz >> SSLeay-0.6.6b.tar.gz >> (+) ppp-2.3.8-patch1 ==>correction for IPX/SPX >>Copy these files to your preferred location (I prefer /usr/local/src/) >> #e.g. I uninstall previus ppp >> (+) rpm -e ppp-2.3.7-2 >>5. Assuming your files are in /usr/local/src/ and your current working >>directory is also /usr/local/src/ do the following: >> [tar zxvf ppp-2.3.8.tar.gz] >> [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] >> # e.g.. it's not gunzip... [gunzip >>ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] >> [tar zxvf SSLeay-0.6.6b.tar.gz] >> [cp SSLeay-0.6.6b/crypto/rc4/rc4.h ppp-2.3.8/linux/] >> [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c ppp-2.3.8/linux/] >> (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/] >> (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c /usr/src/linux/drivers/net/] >> (+) [cp ppp-2.3.8-patch1 ppp-2.3.8/pppd] >> (+) [cd ppp-2.3.8/pppd] >> (+) [patch -p0 < ppp-2.3.8-patch1] >> (+) [cd /usr/local/src/] >> [patch -p0 < ppp-2.3.8-mppe-others-norc4_TH7.diff] >> [cd ppp-2.3.8] >> >>6. The files should now all be in place and we are ready to compile PPP. >>Follow these steps to compile it: >> [./configure] >> (+) [make kernel] --> reference ppp-2.3.8 >> #e.g. It isen't necessary following lines below described in >>HOWTOFAQ... >> (-) [cd linux] # not necessary >> (-) [./kinstall.sh] # not necessary >> (-) [cd ..] # not necessary >> >> >>## >>## Read documentation in ppp-2.3.8 ### >>## README.linux >>##-----(if kernel < 2.2.8)---------### >># e.g. Build the kernel when < Kernel 2.2.8 >># kernel >> [cd /usr/src/linux/] >> [make menuconfig .....if necessary ...] >> [make dep] >> [make clean] >> [make bzImage] >> [make modules] >> [make modules_install] >>###-----(endif kernel < 2.2.8)---------### >> [pwd] >> [usr/local/src/ppp-2.3.8] # be sure into ppp-2.3.8 dir >> [make] >> [cp pppd/pppd /usr/sbin/] >> (+) [make install] --> reference ppp-2.3.8 >> [cd /usr/src/linux] >> [make modules SUBDIRS=drivers/net] >> [make modules_install] >> [rmmod ppp] >> (+) [insmod slhc] >> (+) [insmod ppp] >> (+) [insmod bsd_comp] >> (+) [insmod ppp_deflate] >> (+) [insmod ppp_mppe] >> >> > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > From EMIR.TOKTAR at bra.xerox.com Thu Nov 4 01:28:43 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Thu Nov 4 01:28:43 1999 Subject: [pptp-server] VPN Authentication with NIS Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F1390@bra0070ms1.bra.xerox.com> Hi, I?m using PoPToP and it is working fine and I?m doing performance tests via LAN to LAN with VPN over LAN. I have installed the following softwares: pptp-1.0.0 ppp-2.3.8 SSLeay-0.6.6b Red Hat 6.0 kernel 2.2.5-15 1)************************************************************ LAN configuration tested : | | LAN 200.170.98.* | Domain (DNS): puc.anydomain.edu | Server NIS : 200.170.98.147 | [NIS server on this LAN] | | Linux VPN | Host Name: "vpnlinux" | (eth1)Name : obelix.puc.anydomain.edu | (eth0)Name : vpnlinux.crypto.net | Samba server ok | |--------------------------| |-----|IP (eth1): 200.170.98.50 | |-----|IP (eth0): 172.16.0.2 | | TTTT|--------------------------| | T | T | T | T | T "VPN Tunnel" | T | T | T | T NT Server | T Host Name: "ntsrv" | T Network Domain (NT): DAEMON | T DNS Domain: crypto.net | TTTT|--------------------------| |-----|IP: 172.16.0.1 | | |--------------------------| | /etc/pptpd.conf speed 115200 localip 192.168.0.234-238 remoteip 192.168.1.234-238 /etc/ppp/options debug name vpnlinux.crypto.net auth require-chap proxyarp .... /etc/ppp/chap-secrets billy vpnlinux.crypto.net bob * 1)This configuration, the NT Server "ntsrv" (172.16.0.1) can?t ping or make telnet (of course!) to any adress 200.170.98.*, but browsing NT (by Network Neighborhood) list servers, domains and workgroups. [Linux,Solaris, NT and others]. e.g. Connectivity means that you have a physical network path between your local computer and a remote computer. BROWSING is the ability to search a local or remote network for resources. When I make a conection Dialup from VPN Server, the computer "ntsrv" receives a "remoteip" and I can see in Windows Explorer(via Samba). ______________________________________________________ +My Computer +Network Neighborhood DAEMON |- ntsrv\\shared (172.16.0.1) |- linuxvpn\\shared (172.16.0.2) |- linuxvpn\\shared (192.168.1.234) VPN conection (ask to login again) OTHERS WORKGROUPS .... ___________________________________________________ I can ping, open Telnet sessions in LAN 172.*** or 192.****, access files etc. I tested the performance by sending files in connections CHAP, MS-CHAP, encryption and more..., 2)*********PROBLEMS HERE*************************************** I changed LAN configuration to interconnect two LANs with VPN Linux dual-homed and now I have some problems: I split up the LAN phisically, as showed below and I did the setup from Linux VPN "vpn" host to NIS Server (secundary domain options in linuxconfig) | | LAN 200.170.98.* | Domain (DNS): puc.anydomain.edu | Server NIS : 200.170.98.147 | Host Name NIS: nis.puc.anydomani.edu | [NIS server on this LAN] | | | Linux VPN | Host Name: vpnlinux | (eth1)Name: obelix.puc.anydomain.edu | (eth0)Name: vpnlinux.crypto.net | primary server: 172.16.0.1 ## NT Server | secundary server: 200.170.98.147 ## Linux NIS | Samba server ok |----|--------------------------LAN 200.*** |IP (eth1): 200.170.98.50 | | | | | |----|IP (eth0): 172.16.0.2 | | TTT| |LAN 172.*** | T |-------------------------| | T | T | T | T "VPN Tunnel" | T | T | T | TTT NT Server |-----IP: 172.16.0.1 | Host Name: ntsrv | Network Domain (NT): DAEMON DNS Domain: crypto.net /etc/pptpd.conf speed 115200 localip 200.170.98.40 #free address remoteip 200.170.98.41-44 #range free address /etc/ppp/options debug name nis.puc.anydomani.edu #NIS Server from 200.*** auth require-chap proxyarp .... /etc/ppp/chap-secrets billy nis.puc.anydomani.edu bob * When I make a connection DUN to VPN Server (172.16.0.2), I receive a remoteip IP 200.170.98.41 and I can ping others computers in this network address, on the computer "ntsrv", I CAN?T SEE ANY LIST in Windows Explorer NT (via Samba - same situation): ______________________________________________________ +My Computer +Network Neighborhood DAEMON |- ntsrv\\shared (172.16.0.1) |- linuxvpn\\shared (172.16.0.2) | |-> "NO MORE BROWSE ANY DEVICE FROM NETWORK" ????? ______________________________________________________ A) What's wrong in this configuration that I can't see the browsing but what's says the box above? B) How Can I authenticate the user by using NIS Server to avoid having the name and password of the user recorded in /etc/ppp/chap-secrets? If the NIS Server makes users authentication, it can manager the passwords changes!! Regards Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br From pf at sxb.bsf.alcatel.fr Thu Nov 4 03:39:30 1999 From: pf at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Thu Nov 4 03:39:30 1999 Subject: [pptp-server] PoPToP and ISDN (ipppd) References: Message-ID: <382153B9.E1A0A93F@sxb.bsf.alcatel.fr> I search to know if PoPToP could work with ISDN. The true problem is that I must use ipppd instead of pppd. Is it possible ? Is someone already did that ? How ? Thanks, -- Pascal Fremaux, SSII Alten Study Engineer at Alcatel Telecom R&D, Illkirch, France From EMIR.TOKTAR at bra.xerox.com Thu Nov 4 07:38:27 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Thu Nov 4 07:38:27 1999 Subject: [pptp-server] PPP 2.3.10 Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F1396@bra0070ms1.bra.xerox.com> Yes, you?re right, but reading README.linux explains better why I did this when I installed ppp-2.3.8. ~/ppp-2.3.8 directory [./configure] [make kernel] ============I cut this text from README.linux========== ....Issue the command: [make kernel] from the top level directory. This will install the various include files and source files into the proper directories in the linux kernel source tree.If you don't have the kernel installed in the default /usr/src/kernel directory then it will not work. Instead it will print a message to the effect that you need to specify the kernel location on the kinstall command. The actual message will say: There appears to be no kernel source distribution in /usr/src/linux. Give the top-level kernel source directory as the argument to this script. usage: kinstall.sh [linux-source-directory] If, and only if, you receive this message, do the following: a. Change to the 'linux' directory with the command: [cd linux] b. Issue the command: [./kinstall.sh /usr/src/linux] or use the proper location for the kernel rather than /usr/src/linux. For example, if you have the kernel installed in /usr1/kernel then the command would be: [./kinstall.sh /usr1/kernel] The script will validate that the kernel is properly installed into that directory and check the level of the kernel. The installation will not be accepted if your kernel is too early. The installation procedure will copy only the files which are needed. It will not replace any file which should not be replaced. Please don't second-guess the installation script and attempt to do the procedure on your own. There are some very subtle dependencies and if you are not careful, the installation will not work. You are free to run the installation script as many times as you wish. The additional executions will only change the files which have not been changed. ================================================ One more observation before recompiling the kernel. _______________________________________________________ When you to install RedHat 6.0, avoid to use compat-egs ... files : -[o]Development/Languages -[o]Development/Libraries -[o]Development/Tools compat-egs compat-egs-c++ compat-egs-obj.... Compiler that can be used to generate binaries that will run on older Red Hat 5.2 or glib 2.0.X ##-----(if kernel < 2.2.8)---------### # e.g. Build the kernel when < Kernel 2.2.8 If you are using a kernel earlier than 2.2.8, you can either use the driver in this package or upgrade your kernel to 2.2.8. RedHat 6.0 - default kernel-headers-2.2.5-15 kernel-2.2.5-15 kernel-doc-2.2.5-15 kernel-pcmcia-cs-2.2.5-15 kernel-source-2.2.5-15 kernelcfg-0.5-5 [cd /usr/src/linux/] [make menuconfig .....if necessary ...] [make dep] [make clean] [make bzImage] # COMPILING the kernel [make modules] [make modules_install] 1. Make sure you have gcc-2.7.2 or newer available. It seems older gcc versions can have problems compiling newer versions of Linux. This is mainly because the older compilers can only generate "a.out"-format executables. 2. Do a "make zImage" to create a compressed kernel image. If your kernel is too large for "make zImage", use "make bzImage" instead. 3. If you configured any of the parts of the kernel as `modules' [M], you will have to do "make modules" followed by "make modules_install". 4. This probably is not necessary, but I always reboot here, type "shutdown -r now" ###-----(endif kernel < 2.2.8)---------### Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: Tony Skinner [mailto:tlskinner at mail.mv.total-web.net] Sent: Wednesday, November 03, 1999 10:43 PM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] PPP 2.3.10 I believe kinstall.sh does everything your mentioning if I am not mistaken. I would have to look at the file first though. I followed the instructions given when i installed ppp-2.3.10 onto a 2.2.13 kernel setup. I ran into no problems whatsoever. Tony At 09:33 AM 11/4/99 +1000, you wrote: >I'll merge these changes into the current HOWTO > >-matt > >On Thu, 04 Nov 1999, Toktar, Emir wrote: >>When I installed the PoPToP, I follow the procedures HowTo/Faq and had any >>problems. >> >>I modifyed any procedures below and work fine. >> >>Procedures that I used for comments. >>(+) lines that I add .... >>(-) lines that I cut .... # not necessary >># comment >>****************************** >>PoPToP HOWTO/FAQ >>---------------- >>Last Updated: 19990813 >>Maintained by: Matthew Ramsay >>HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP Mailing List >>(hosted by Christopher Schulte) by Matthew Ramsay. Large contributions from >>Steve Rhodes and Michael Walter. >>+++++++++++++++++++++ >>3.0 PPP (and MSCHAP/MPPE) Installation >>-------------------------------------- >>It is only necessary to use PPP 2.3.8 if you want Microsoft compatible >>MSCHAPv2/MPPE authentication and encryption. The reason for this is that >>the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP 2.3.8. >>If you don't need Microsoft compatible authentication/encryption any 2.3.x >>PPP source will be fine. >>Assuming you want Microsoft compatible authentication/encryption follow >>these steps: >>Note: [] are example commands to run >>1. Grab yourself a clean copy of the PPP deamon v2.3.8 (ppp-2.3.8.tar.gz). >> I usually go here for my PPP files: >>ftp://cs.anu.edu.au/pub/software/ppp/ >> Note: You must get the tarball (tar.gz) and *not* the RPM. >>2. Grab youself the MSCHAP/MPPE diff file from: >> >>http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.dif f. >>gz >>3. Grab yourself the SSLeay-0.6.6b file from: >> ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz >>4. You should now have 3 files: >> ppp-2.3.8.tar.gz >> ppp-2.3.8-mppe-others-norc4_TH7.diff.gz >> SSLeay-0.6.6b.tar.gz >> (+) ppp-2.3.8-patch1 ==>correction for IPX/SPX >>Copy these files to your preferred location (I prefer /usr/local/src/) >> #e.g. I uninstall previus ppp >> (+) rpm -e ppp-2.3.7-2 >>5. Assuming your files are in /usr/local/src/ and your current working >>directory is also /usr/local/src/ do the following: >> [tar zxvf ppp-2.3.8.tar.gz] >> [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] >> # e.g.. it's not gunzip... [gunzip >>ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] >> [tar zxvf SSLeay-0.6.6b.tar.gz] >> [cp SSLeay-0.6.6b/crypto/rc4/rc4.h ppp-2.3.8/linux/] >> [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c ppp-2.3.8/linux/] >> (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/] >> (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c /usr/src/linux/drivers/net/] >> (+) [cp ppp-2.3.8-patch1 ppp-2.3.8/pppd] >> (+) [cd ppp-2.3.8/pppd] >> (+) [patch -p0 < ppp-2.3.8-patch1] >> (+) [cd /usr/local/src/] >> [patch -p0 < ppp-2.3.8-mppe-others-norc4_TH7.diff] >> [cd ppp-2.3.8] >> >>6. The files should now all be in place and we are ready to compile PPP. >>Follow these steps to compile it: >> [./configure] >> (+) [make kernel] --> reference ppp-2.3.8 >> #e.g. It isen't necessary following lines below described in >>HOWTOFAQ... >> (-) [cd linux] # not necessary >> (-) [./kinstall.sh] # not necessary >> (-) [cd ..] # not necessary >> >> >>## >>## Read documentation in ppp-2.3.8 ### >>## README.linux >>##-----(if kernel < 2.2.8)---------### >># e.g. Build the kernel when < Kernel 2.2.8 >># kernel >> [cd /usr/src/linux/] >> [make menuconfig .....if necessary ...] >> [make dep] >> [make clean] >> [make bzImage] >> [make modules] >> [make modules_install] >>###-----(endif kernel < 2.2.8)---------### >> [pwd] >> [usr/local/src/ppp-2.3.8] # be sure into ppp-2.3.8 dir >> [make] >> [cp pppd/pppd /usr/sbin/] >> (+) [make install] --> reference ppp-2.3.8 >> [cd /usr/src/linux] >> [make modules SUBDIRS=drivers/net] >> [make modules_install] >> [rmmod ppp] >> (+) [insmod slhc] >> (+) [insmod ppp] >> (+) [insmod bsd_comp] >> (+) [insmod ppp_deflate] >> (+) [insmod ppp_mppe] >> >> > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From mis at cindyrowe.com Thu Nov 4 10:18:24 1999 From: mis at cindyrowe.com (Matthew C. Grab) Date: Thu Nov 4 10:18:24 1999 Subject: [pptp-server] PPP 2.3.10 References: <51E5E026247AD2118CDD0008C74CC2DD5F1393@bra0070ms1.bra.xerox.com> Message-ID: <005801bf26e0$45471780$0200a8c0@mis> Thank you for the instructions. I am running stock Red Hat 6.0. It tells me I have kernel 2.2.5-15. It appears I need to compile a newer kernel version, or maybe upgrade to Red Hat 6.1. Am I correct about this? Thank You, Matt Grab mis at cindyrowe.com ----- Original Message ----- From: Toktar, Emir To: 'Matthew C. Grab' ; Sent: Wednesday, November 03, 1999 3:49 PM Subject: RE: [pptp-server] PPP 2.3.10 > When I installed the PoPToP, I follow the procedures HowTo/Faq and had any > problems. > > I modifyed any procedures below and work fine. > > Procedures that I used for comments. > (+) lines that I add .... > (-) lines that I cut .... # not necessary > # comment > ****************************** > PoPToP HOWTO/FAQ > ---------------- > Last Updated: 19990813 > Maintained by: Matthew Ramsay > HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP Mailing List > (hosted by Christopher Schulte) by Matthew Ramsay. Large contributions from > Steve Rhodes and Michael Walter. > +++++++++++++++++++++ > 3.0 PPP (and MSCHAP/MPPE) Installation > -------------------------------------- > It is only necessary to use PPP 2.3.8 if you want Microsoft compatible > MSCHAPv2/MPPE authentication and encryption. The reason for this is that > the MSCHAPv2/MPPE patch currently supplied (19990813) is against PPP 2.3.8. > If you don't need Microsoft compatible authentication/encryption any 2.3.x > PPP source will be fine. > Assuming you want Microsoft compatible authentication/encryption follow > these steps: > Note: [] are example commands to run > 1. Grab yourself a clean copy of the PPP deamon v2.3.8 (ppp-2.3.8.tar.gz). > I usually go here for my PPP files: > ftp://cs.anu.edu.au/pub/software/ppp/ > Note: You must get the tarball (tar.gz) and *not* the RPM. > 2. Grab youself the MSCHAP/MPPE diff file from: > > http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4_TH7.diff. > gz > 3. Grab yourself the SSLeay-0.6.6b file from: > ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz > 4. You should now have 3 files: > ppp-2.3.8.tar.gz > ppp-2.3.8-mppe-others-norc4_TH7.diff.gz > SSLeay-0.6.6b.tar.gz > (+) ppp-2.3.8-patch1 ==>correction for IPX/SPX > Copy these files to your preferred location (I prefer /usr/local/src/) > #e.g. I uninstall previus ppp > (+) rpm -e ppp-2.3.7-2 > 5. Assuming your files are in /usr/local/src/ and your current working > directory is also /usr/local/src/ do the following: > [tar zxvf ppp-2.3.8.tar.gz] > [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] > # e.g.. it's not gunzip... [gunzip > ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] > [tar zxvf SSLeay-0.6.6b.tar.gz] > [cp SSLeay-0.6.6b/crypto/rc4/rc4.h ppp-2.3.8/linux/] > [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c ppp-2.3.8/linux/] > (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/] > (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c /usr/src/linux/drivers/net/] > (+) [cp ppp-2.3.8-patch1 ppp-2.3.8/pppd] > (+) [cd ppp-2.3.8/pppd] > (+) [patch -p0 < ppp-2.3.8-patch1] > (+) [cd /usr/local/src/] > [patch -p0 < ppp-2.3.8-mppe-others-norc4_TH7.diff] > [cd ppp-2.3.8] > > 6. The files should now all be in place and we are ready to compile PPP. > Follow these steps to compile it: > [./configure] > (+) [make kernel] --> reference ppp-2.3.8 > #e.g. It isen't necessary following lines below described in > HOWTOFAQ... > (-) [cd linux] # not necessary > (-) [./kinstall.sh] # not necessary > (-) [cd ..] # not necessary > > > ## > ## Read documentation in ppp-2.3.8 ### > ## README.linux > ##-----(if kernel < 2.2.8)---------### > # e.g. Build the kernel when < Kernel 2.2.8 > # kernel > [cd /usr/src/linux/] > [make menuconfig .....if necessary ...] > [make dep] > [make clean] > [make bzImage] > [make modules] > [make modules_install] > ###-----(endif kernel < 2.2.8)---------### > [pwd] > [usr/local/src/ppp-2.3.8] # be sure into ppp-2.3.8 dir > [make] > [cp pppd/pppd /usr/sbin/] > (+) [make install] --> reference ppp-2.3.8 > [cd /usr/src/linux] > [make modules SUBDIRS=drivers/net] > [make modules_install] > [rmmod ppp] > (+) [insmod slhc] > (+) [insmod ppp] > (+) [insmod bsd_comp] > (+) [insmod ppp_deflate] > (+) [insmod ppp_mppe] > > > > Emir Toktar > +55 ** 41 340-7157 > emir.toktar at bra.xerox.com > toktar at per.com.br > toktar at ppgia.pucpr.br > > > -----Original Message----- > From: Matthew C. Grab [mailto:mis at cindyrowe.com] > Sent: Wednesday, November 03, 1999 1:08 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] PPP 2.3.10 > > > Hi, I have been following the PopTop Howto. In the PPP compile /install > part, I am supposed to type "make modules SUBDIRS=drivers/net" while in the > /usr/src/linux directory. I am getting this error message. Can anybody > help point me in the right direction? I'm running RedHat 6.0, and I don't > know much about compiling kernels or modules or where in linux source for > anything is kept/installed. I would greatly appreciate any help you could > offer. I started with PPP 2.3.8 and the mppe patch, but I couldn't get > anywhere, so I moved to PPP 2.3.10 with the mppe patch. > > Thanks in advance, > Matt Grab > mis at cindyrowe.com > > > [root at shop7 linux]# make modules SUBDIRS=drivers/net > make -C drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2 > -fomit-frame-pointer > -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 > -malign-functio > ns=2 -DCPU=586 -DMODULE -DMODVERSIONS -include > /usr/src/linux-2.2.5/include/linu > x/modversions.h" MAKING_MODULES=1 modules > make[1]: Entering directory `/usr/src/linux-2.2.5/drivers/net' > make[1]: *** No rule to make target > `/usr/src/linux-2.2.5/include/linux/module.h > ', needed by `ppp.o'. Stop. > make[1]: Leaving directory `/usr/src/linux-2.2.5/drivers/net' > make: *** [_mod_drivers/net] Error 2 > [root at shop7 linux]# > From locutus at imsa.edu Thu Nov 4 16:03:06 1999 From: locutus at imsa.edu (locutus at imsa.edu) Date: Thu Nov 4 16:03:06 1999 Subject: [pptp-server] Encryption Problem Message-ID: <199911042202.QAA18614@pollux.imsa.edu> Hello all. I have successfully installed PoPToP 1.0.0 on a RedHat 6.0 (kernel 2.2.5) system. I can connect to it from any 98 host, and can communicate with any host on my private network. However, when I check "require encrypted authentication" within the DUN properties on the client, I am no longer able to communicate with the private network. The DUN connection can still be established, and the correct IP is assigned, but communication is impossible. I have installed the ppp-mppe patch, recompiled the kernel, and have loaded all of the necessary modules. I have also installed SSLeay 0.6.6b. In addition, I have installed the DUN 4.0 update per the HOWTO. This happens from multiple clients, some running 98 and some running 98se. None of these have helped. Here is what I find in /var/log/pptpd.log: pppd[1735]: MPPE 40 bit, stateless compression enabled pppd[1735]: Script /etc/ppp/ip-up finished (pid 1736), status = 0x0 pppd[1735]: rcvd [proto=0x4da7] cd 80 08 8a be c6 bc f1 4d 6e ad a5 04 2e 91 1f 96 1d b5 3d b0 f4 92 12 0c f9 a6 ce pppd[1735]: Unsupported protocol (0x4da7) received The last two lines continue, with a different set of numbers in the "unsupported protocol" line, until I disconnect. Here is my /etc/ppp/options: lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name punk require-chap proxyarp I have run out of ideas. Any suggestions? Thanks in advance. Michael Holl -- locutus at imsa.edu From walterm at Gliatech.com Thu Nov 4 16:16:06 1999 From: walterm at Gliatech.com (Michael Walter) Date: Thu Nov 4 16:16:06 1999 Subject: [pptp-server] Encryption Problem Message-ID: On the 98 clients, in the dial-up properties for the VPN connection: Have you disabled header compression? Have you disabled use default gateway on remote network? Have you disabled Netbeui? Have you disabled IPX/SPX(You may need this depending on your configuration)? Michael J. Walter mcse Gliatech, Inc. walterm at gliatech.com mwalter at drwalter.com On Thursday, November 04, 1999 5:03 PM, locutus at imsa.edu [SMTP:locutus at imsa.edu] wrote: > Hello all. > > I have successfully installed PoPToP 1.0.0 on a RedHat 6.0 (kernel 2.2.5) > system. I can connect to it from any 98 host, and can communicate with > any host on my private network. However, when I check "require encrypted > authentication" within the DUN properties on the client, I am no longer > able to communicate with the private network. The DUN connection can > still be established, and the correct IP is assigned, but communication > is impossible. I have installed the ppp-mppe patch, recompiled the kernel, > and have loaded all of the necessary modules. I have also installed SSLeay > 0.6.6b. In addition, I have installed the DUN 4.0 update per the HOWTO. > This happens from multiple clients, some running 98 and some running 98se. > None of these have helped. Here is what I find in /var/log/pptpd.log: > > pppd[1735]: MPPE 40 bit, stateless compression enabled > pppd[1735]: Script /etc/ppp/ip-up finished (pid 1736), status = 0x0 > pppd[1735]: rcvd [proto=0x4da7] cd 80 08 8a be c6 bc f1 4d 6e ad a5 04 2e > 91 1f 96 1d b5 3d b0 f4 92 12 0c f9 a6 ce > pppd[1735]: Unsupported protocol (0x4da7) received > > The last two lines continue, with a different set of numbers in the > "unsupported protocol" line, until I disconnect. Here is my /etc/ppp/options: > > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > name punk > require-chap > proxyarp > > I have run out of ideas. Any suggestions? > > Thanks in advance. > > Michael Holl > -- > locutus at imsa.edu > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From chrisk at ciris.net Thu Nov 4 19:08:53 1999 From: chrisk at ciris.net (Christopher Kuhl) Date: Thu Nov 4 19:08:53 1999 Subject: [pptp-server] Re: [LRP] cant ping the client and others Message-ID: <016001bf272a$60682190$02016f0a@tiger.ciris.net> Actually, I am connecting to an isp an each side, one with isdn, and the other just an analog modem. On the server side I start up popotop and wait for incoming GRE connections. On the client side I start a GRE session with the linux pptp client. The gre session is between the ip's that I get from my isp's. Once this tunnel is up, my poptop server starts a ppp session through the tunnel. This is how I can use the 10.111.XXX.XXX ip's, they are being encapsulated accross the net, so they are not vissible during transport. This is basicaly how vpn's work. The remote ip's I was referring to is the ip's that pppd assigns and passes to the ip-up and ip-down scripts. One the client side, I get a local and remote ip, the remote is my gateway back to the host poptop server, and the same goes for server side. The ip that it issues me is it's gateway back to my network. I am now considering running ciped on another port and use there ipip solution to see if I still have the same routing problems with another tunnel, and just use poptop for windows clients, which work fine right know. Thanks for the input, and let me know if you think of something. -----Original Message----- From: Ray Olszewski To: Christopher Kuhl ; linux-router at linuxrouter.org Date: Thursday, November 04, 1999 6:15 PM Subject: Re: [LRP] cant ping the client and others >Since you've posted this question several times without getting a response, >I assume there aren't any experts on this stuff hanging out on this list. >I'm no expert, but my next project will be to implement one of the VPN >technologies, so I took a little time to look over your setup. Bearing in >mind my limited expertise here, I have one thought ... > >How are these two routers actually connected? You show them as connected >through "internet", which I intrepret to mean that each connects to an ISP, >and the ISPs find a route between the two LANs. Under that assumption, what >is the "remote ip that is passed by pppd" address you are giving to the >client? I would normally think of this phrase as referring to the ISP's end >of the PPP connection to the client. If that is what you mean, why would >that host know how to route to your private subnet-10 network on the other >end? I would think that each of the routers needs the ppp address of the >other router here (or they need to be masq'd, which you say works, at least >after a fsahion). > >Apologies in advance if I've misinterpreted your posting. I'll be happy to >take a closer look at your configuration if you're interested, but pleas >understand that I'm offering because I need to figure this stuff out too, >not because I already have any great expertise in it. Good luck in any case. > >At 02:07 PM 11/4/99 -0600, Christopher Kuhl wrote [in part]: >My setup is this: >> >>private >>network(10.111.1.0/24)-----LRP+POPTOP(10.111.1.1)--------internet------LRP +P >>PTP client(10.111.200.1)-----private network(10.111.200.0/24) >> >>I am using poptop on one side and the linux pptp client on the other. When >>I connect to the Poptop server with a Windows machine I can ping and use the >>entire network fine. But from the linux pptp client, I can only ping the >>Poptop router(ping 10.111.1.1) and vice versa. I can not ping other >>machines on the remote network. I changed my ip-up and down scripts to add >>and delete routes like this >> >>Poptop side: >>route add -net 10.111.200.0 netmask 255.255.255.0 gw $5 $1 ; $5 is the ip >>address I am giving the client router. >> >>Cleint side: >>route add -net 10.111.1.0 netmask 255.255.255.0 gw $5 $1 ; $5 is the >>remote ip that is passed by pppd. >> >>I checked my routing tables, and they are correct. I also delete these >>routes when ip-down runs. >[rest deleted] > >------------------------------------"Never tell me the odds!"--- >Ray Olszewski -- Han Solo >Palo Alto, CA ray at comarre.com >---------------------------------------------------------------- > > From chrisk at ciris.net Thu Nov 4 19:16:44 1999 From: chrisk at ciris.net (Christopher Kuhl) Date: Thu Nov 4 19:16:44 1999 Subject: [pptp-server] Fw: [LRP] cant ping the client and others Message-ID: <017301bf272b$7405d700$02016f0a@tiger.ciris.net> I sorry for putting this on both lists, but I'm not sure which is causing the problem. >Below is a sample of my setup and my log files to see if anyone can see >anything. > > >-----Original Message----- >From: Christopher Kuhl >To: linux-router at linuxrouter.org >Date: Thursday, November 04, 1999 2:11 PM >Subject: Re: [LRP] cant ping the client and others > > >>I am having the same problem. I have asked for help serveral times with no >>results. My setup is this: >> >>private >>network(10.111.1.0/24)-----LRP+POPTOP(10.111.1.1)--------internet------LRP + >P >>PTP client(10.111.200.1)-----private network(10.111.200.0/24) >> >>I am using poptop on one side and the linux pptp client on the other. When >>I connect to the Poptop server with a Windows machine I can ping and use >the >>entire network fine. But from the linux pptp client, I can only ping the >>Poptop router(ping 10.111.1.1) and vice versa. I can not ping other >>machines on the remote network. I changed my ip-up and down scripts to add >>and delete routes like this >> >>Poptop side: >>route add -net 10.111.200.0 netmask 255.255.255.0 gw $5 $1 ; $5 is the >ip >>address I am giving the client router. >> >>Cleint side: >>route add -net 10.111.1.0 netmask 255.255.255.0 gw $5 $1 ; $5 is the >>remote ip that is passed by pppd. >> >>I checked my routing tables, and they are correct. I also delete these >>routes when ip-down runs. >> >>In my firewall scripts, I only masq connection going the ppp0 interface, no >>other interface. I added two rules to allow traffic on ppp0: >> >>ipfwadm -I -a accept -W ppp1 >>ipfwadm -O -a accept -Wppp1 >> >>Now, if I go back and masq this interface also, it does work fine, but I >get >>a lot of TCP/UDP checksum errors and makes things very, very unstable. >This >>does tell me however that my trafic is not being stopped by the firewall. >I >>do have ip forwarding enabled, and I tried using ips on the same subnet >with >>proxyarp, but I had the same results. I can post my firewall, ip-up, >>ip-down scripts, and anything else you might need, just let me know. I >just >>want you guys to realize that I am not looking to get someone to just do >>this for me, I have read everthing I can think of, I even tried gated. >> > >i ifconfig -a >lo Link encap:Local Loopback > inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 > UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 > RX packets:33 errors:0 dropped:0 overruns:0 frame:0 > TX packets:33 errors:0 dropped:0 overruns:0 carrier:0 > Collisions:0 > >eth0 Link encap:Ethernet HWaddr 00:C0:F0:44:5B:E7 > inet addr:10.111.1.1 Bcast:10.111.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:2228 errors:0 dropped:0 overruns:0 frame:0 > TX packets:8049 errors:0 dropped:0 overruns:0 carrier:0 > Collisions:0 > Interrupt:10 Base address:0x300 > >ppp0 Link encap:Point-to-Point Protocol > inet addr:207.51.XXX.XXX P-t-P:207.51.228.8 Mask:255.255.255.0 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:2632 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2270 errors:0 dropped:0 overruns:0 carrier:0 > Collisions:0 > >ppp2 Link encap:Point-to-Point Protocol > inet addr:10.111.1.10 P-t-P:10.111.1.29 Mask:255.255.255.0 > POINTOPOINT NOARP MULTICAST MTU:1500 Metric:1 > RX packets:27 errors:0 dropped:0 overruns:0 frame:0 > TX packets:28 errors:0 dropped:0 overruns:0 carrier:0 > Collisions:0 > >ppp1 Link encap:Point-to-Point Protocol > inet addr:10.111.1.10 P-t-P:10.111.1.29 Mask:255.255.255.0 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:17 errors:0 dropped:0 overruns:0 frame:0 > TX packets:19 errors:0 dropped:0 overruns:0 carrier:0 > Collisions:0 > >hrouter# route -n >Kernel IP routing table >Destination Gateway Genmask Flags Metric Ref Use >Iface >127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 2 lo >207.51.XXX.XXX 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 >207.51.XXX.XXX 0.0.0.0 255.255.255.255 UH 0 0 1 lo >10.111.1.29 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1 >10.111.1.10 0.0.0.0 255.255.255.255 UH 0 0 0 lo >10.111.1.0 0.0.0.0 255.255.255.0 U 0 0 11 eth0 >10.111.200.0 10.111.1.29 255.255.255.0 UG 0 0 1 ppp1 >0.0.0.0 207.51.XXX.XXX 0.0.0.0 UG 0 0 31 ppp0 > > >hrouter# cat /var/log/syslog >Nov 4 13:53:04 hrouter syslogd 1.3-3#31: restart. >Nov 4 13:53:04 hrouter kernel: klogd 1.3-3#31, log source = /proc/kmsg >started. >Nov 4 13:53:04 hrouter kernel: Cannot find map file. >Nov 4 13:53:04 hrouter kernel: Loaded 84 symbols from 15 modules. >Nov 4 13:53:04 hrouter kernel: Memory: sized by int13 088h >Nov 4 13:53:04 hrouter kernel: Console: 16 point font, 400 scans >Nov 4 13:53:04 hrouter kernel: Console: mono EGA+ 80x25, 1 virtual console >(max 63) >Nov 4 13:53:04 hrouter kernel: pcibios_init : BIOS32 Service Directory >structure at 0x000f5b20 >Nov 4 13:53:04 hrouter kernel: pcibios_init : BIOS32 Service Directory >entry at 0xfd1e4 >Nov 4 13:53:04 hrouter kernel: pcibios_init : PCI BIOS revision 2.10 entry >at 0xfce08 >Nov 4 13:53:04 hrouter kernel: Probing PCI hardware. >Nov 4 13:53:04 hrouter kernel: PCI bridge optimization. >Nov 4 13:53:04 hrouter kernel: Cache L2: Not supported. >Nov 4 13:53:04 hrouter kernel: CPU-PCI posted write: Not supported. >Nov 4 13:53:04 hrouter kernel: CPU-Memory posted write: Not supported. >Nov 4 13:53:04 hrouter kernel: PCI-Memory posted write: Not supported. >Nov 4 13:53:04 hrouter kernel: PCI burst: Not supported. >Nov 4 13:53:04 hrouter kernel: Calibrating delay loop.. ok - 49.87 BogoMIPS >Nov 4 13:53:04 hrouter kernel: Memory: 30108k/32768k available (652k kernel >code, 384k reserved, 812k data) >Nov 4 13:53:04 hrouter kernel: This processor honours the WP bit even when >in supervisor mode. Good. >Nov 4 13:53:04 hrouter kernel: Swansea University Computer Society NET3.035 >for Linux 2.0 >Nov 4 13:53:04 hrouter kernel: NET3: Unix domain sockets 0.13 for Linux >NET3.035. >Nov 4 13:53:04 hrouter kernel: Swansea University Computer Society TCP/IP >for NET3.034 >Nov 4 13:53:04 hrouter kernel: IP Protocols: IGMP, ICMP, UDP, TCP >Nov 4 13:53:04 hrouter kernel: Linux IP multicast router 0.07. >Nov 4 13:53:04 hrouter kernel: Checking 386/387 coupling... Ok, fpu using >exception 16 error reporting. >Nov 4 13:53:04 hrouter kernel: Checking 'hlt' instruction... Ok. >Nov 4 13:53:04 hrouter kernel: Linux version 2.0.36 (root at ccrouter) (gcc >version 2.7.2.3) #2 Wed Oct 27 14:24:53 CDT 1999 >Nov 4 13:53:04 hrouter kernel: Starting kswapd v 1.4.2.2 >Nov 4 13:53:04 hrouter kernel: Software Watchdog Timer: 0.04, timer margin: >60 sec >Nov 4 13:53:04 hrouter kernel: Real Time Clock Driver v1.09 >Nov 4 13:53:04 hrouter kernel: Ramdisk driver initialized : 16 ramdisks of >10240K size >Nov 4 13:53:04 hrouter kernel: loop: registered device at major 7 >Nov 4 13:53:04 hrouter kernel: hda: QUANTUM FIREBALL_TM1280A, 1222MB w/76kB >Cache, CHS=621/64/63 >Nov 4 13:53:04 hrouter kernel: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 >Nov 4 13:53:04 hrouter kernel: Floppy drive(s): fd0 is 1.44M >Nov 4 13:53:04 hrouter kernel: FDC 0 is a post-1991 82077 >Nov 4 13:53:04 hrouter kernel: Ethernet Bridge 002 for NET3.035 (Linux 2.0) >Nov 4 13:53:04 hrouter kernel: Partition check: >Nov 4 13:53:04 hrouter kernel: hda: hda1 hda2 < hda5 > >Nov 4 13:53:04 hrouter kernel: RAMDISK: Compressed image found at block 0 >Nov 4 13:53:04 hrouter kernel: RAMDISK: Auto Filesystem - minix: 3413i >10240bk 112fdz(112) 1024zs 2147483647ms >Nov 4 13:53:04 hrouter kernel: RAMDISK: Uncompressing root archive: done. >Nov 4 13:53:04 hrouter kernel: VFS: Mounted root (minix filesystem). >Nov 4 13:53:04 hrouter kernel: RAMDISK: Extracting root archive: done. >Nov 4 13:53:04 hrouter kernel: Serial driver version 4.13 with no serial >options enabled >Nov 4 13:53:04 hrouter kernel: tty01 at 0x02f8 (irq = 3) is a 16550A >Nov 4 13:53:04 hrouter kernel: ne.c:v1.10 9/23/94 Donald Becker >(becker at cesdis.gsfc.nasa.gov) >Nov 4 13:53:04 hrouter kernel: NE*000 ethercard probe at 0x300: 00 c0 f0 44 >5b e7 >Nov 4 13:53:04 hrouter kernel: eth0: NE2000 found at 0x300, using IRQ 10. >Nov 4 13:53:04 hrouter kernel: WAN Router v1.1 (c) 1995-1997 Sangoma >Technologies Inc. >Nov 4 13:53:04 hrouter kernel: CSLIP: code copyright 1989 Regents of the >University of California >Nov 4 13:53:04 hrouter kernel: PPP: version 2.3.8 (demand dialling) >Nov 4 13:53:04 hrouter kernel: PPP line discipline registered. >Nov 4 13:53:04 hrouter kernel: PPP BSD Compression module registered >Nov 4 13:53:04 hrouter kernel: PPP Deflate Compression module registered >Nov 4 13:53:04 hrouter kernel: PPP MPPE compression module registered >Nov 4 13:53:04 hrouter /usr/sbin/cron[697]: (CRON) STARTUP (fork ok) >Nov 4 13:53:05 hrouter gated[703]: Start gated[703] version 3-5-8 built Sun >Feb 15 03:50:14 GMT 1998 >Nov 4 13:53:05 hrouter gated[703]: trace_on: tracing to >"/var/log/gated.log" started >Nov 4 13:53:05 hrouter gated[703]: Commence routing updates >Nov 4 13:53:05 hrouter named[705]: starting. named 8.1.2-T3B Sun Jan 3 >23:06:10 MST 1999 > >^Ibdale at rover:/home/bdale/debian/bind-8.1.2/target/bin/named >Nov 4 13:53:05 hrouter named[705]: cache zone "" (IN) loaded (serial 0) >Nov 4 13:53:05 hrouter named[705]: master zone "localhost" (IN) loaded >(serial 1) >Nov 4 13:53:05 hrouter named[705]: master zone "0.0.127.in-addr.arpa" (IN) >loaded (serial 1) >Nov 4 13:53:05 hrouter named[705]: listening on [127.0.0.1].53 (lo) >Nov 4 13:53:05 hrouter named[705]: listening on [10.111.1.1].53 (eth0) >Nov 4 13:53:05 hrouter named[705]: Forwarding source address is >[0.0.0.0].1029 >Nov 4 13:53:05 hrouter named[706]: Ready to answer queries. >Nov 4 13:53:05 hrouter kernel: registered device ppp0 >Nov 4 13:53:05 hrouter pppd[712]: pppd 2.3.8 started by root, uid 0 >Nov 4 13:53:05 hrouter pptpd[715]: MGR: Manager process started >Nov 4 13:53:06 hrouter connect: Initializing Modem >Nov 4 13:53:07 hrouter connect: Dialing system >Nov 4 13:53:28 hrouter connect: Connected >Nov 4 13:53:28 hrouter connect: Loggin in >Nov 4 13:53:31 hrouter connect: Protocol started >Nov 4 13:53:31 hrouter pppd[712]: Serial connection established. >Nov 4 13:53:31 hrouter pppd[712]: Using interface ppp0 >Nov 4 13:53:31 hrouter pppd[712]: Connect: ppp0 <--> /dev/ttyS1 >Nov 4 13:53:32 hrouter pppd[712]: sent [LCP ConfReq id=0x1 > ] >Nov 4 13:53:32 hrouter pppd[712]: rcvd [LCP ConfAck id=0x1 > ] >Nov 4 13:53:34 hrouter pppd[712]: rcvd [LCP ConfReq id=0x2 > ] >Nov 4 13:53:34 hrouter pppd[712]: sent [LCP ConfAck id=0x2 > ] >Nov 4 13:53:34 hrouter pppd[712]: sent [IPCP ConfReq id=0x1 207.51.228.149> ] >Nov 4 13:53:34 hrouter pppd[712]: sent [CCP ConfReq id=0x1 > ] >Nov 4 13:53:34 hrouter pppd[712]: rcvd [IPCP ConfReq id=0x1 00> ] >Nov 4 13:53:34 hrouter pppd[712]: sent [IPCP ConfAck id=0x1 00> ] >Nov 4 13:53:34 hrouter pppd[712]: rcvd [IPCP ConfAck id=0x1 207.51.228.149> ] >Nov 4 13:53:34 hrouter pppd[712]: local IP address 207.51.XXX.XXX >Nov 4 13:53:34 hrouter pppd[712]: remote IP address 207.51.XXX.XXX >Nov 4 13:53:34 hrouter pppd[712]: Script /etc/ppp/ip-up started (pid 730) >Nov 4 13:53:34 hrouter pppd[712]: rcvd [LCP ProtRej id=0x3 80 fd 01 01 00 >0f 1a 04 78 00 18 04 78 00 15 03 2f] >Nov 4 13:53:34 hrouter ip-up: ppp0 /dev/ttyS1 38400 207.51.XXX.XXX >207.51.XXX.XXX >Nov 4 13:53:34 hrouter pppd[712]: Script /etc/ppp/ip-up finished (pid 730), >status = 0x0 >Nov 4 13:53:34 hrouter gated[703]: EVENT ppp0 index 3 PointToPoint Multicast> address 802.2 0:0:0:0:0:0 >Nov 4 13:53:34 hrouter gated[703]: EVENT Add ppp0 207.51.XXX.XXX -> >207.51.XXX.XXX >Nov 4 14:00:00 hrouter /USR/SBIN/CRON[738]: (root) CMD (/etc/multicron-p) >Nov 4 14:15:00 hrouter /USR/SBIN/CRON[751]: (root) CMD (/etc/multicron-p) >Nov 4 14:30:00 hrouter /USR/SBIN/CRON[756]: (root) CMD (/etc/multicron-p) >Nov 4 14:31:07 hrouter pptpd[760]: MGR: Launching /usr/local/sbin/pptpctrl >to handle client >Nov 4 14:31:07 hrouter pptpd[760]: CTRL: local address = 10.111.1.10 >Nov 4 14:31:07 hrouter pptpd[760]: CTRL: remote address = 10.111.1.20 >Nov 4 14:31:07 hrouter pptpd[760]: CTRL: pppd speed = 38400 >Nov 4 14:31:07 hrouter pptpd[760]: CTRL: pppd options file = >/etc/ppp/pptpd.options >Nov 4 14:31:07 hrouter pptpd[760]: CTRL: Client 12.73.237.96 control >connection started >Nov 4 14:31:07 hrouter pptpd[760]: CTRL: Received PPTP Control Message >(type: 1) >Nov 4 14:31:07 hrouter pptpd[760]: CTRL: Made a START CTRL CONN RPLY packet >Nov 4 14:31:07 hrouter pptpd[760]: CTRL: I wrote 156 bytes to the client. >Nov 4 14:31:07 hrouter pptpd[760]: CTRL: Sent packet to client >Nov 4 14:31:08 hrouter pptpd[760]: CTRL: Received PPTP Control Message >(type: 7) >Nov 4 14:31:08 hrouter pptpd[760]: CTRL: Set parameters to 152 maxbps, 3 >window size >Nov 4 14:31:08 hrouter pptpd[760]: CTRL: Made a OUT CALL RPLY packet >Nov 4 14:31:08 hrouter pptpd[760]: CTRL: Starting call (launching pppd, >opening GRE) >Nov 4 14:31:08 hrouter pptpd[760]: CTRL: pty_fd = 5 >Nov 4 14:31:08 hrouter pptpd[760]: CTRL: tty_fd = 6 >Nov 4 14:31:08 hrouter pptpd[760]: CTRL: I wrote 32 bytes to the client. >Nov 4 14:31:08 hrouter pptpd[760]: CTRL: Sent packet to client >Nov 4 14:31:08 hrouter pptpd[761]: CTRL (PPPD Launcher): Connection speed = >38400 >Nov 4 14:31:08 hrouter pptpd[761]: CTRL (PPPD Launcher): local address = >10.111.1.10 >Nov 4 14:31:08 hrouter pptpd[761]: CTRL (PPPD Launcher): remote address = >10.111.1.20 >Nov 4 14:31:09 hrouter pppd[761]: pppd 2.3.8 started by root, uid 0 >Nov 4 14:31:09 hrouter kernel: registered device ppp1 >Nov 4 14:31:09 hrouter pppd[761]: Using interface ppp1 >Nov 4 14:31:09 hrouter pppd[761]: Connect: ppp1 <--> /dev/ttyp0 >Nov 4 14:31:09 hrouter pppd[761]: sent [LCP ConfReq id=0x1 > > >] >Nov 4 14:31:12 hrouter pppd[761]: sent [LCP ConfReq id=0x1 > > >] >Nov 4 14:31:12 hrouter pptpd[760]: GRE: Discarding duplicate packet >Nov 4 14:31:12 hrouter pppd[761]: rcvd [LCP ConfReq id=0x1 > > >] >Nov 4 14:31:12 hrouter pppd[761]: sent [LCP ConfAck id=0x1 > > >] >Nov 4 14:31:15 hrouter pppd[761]: sent [LCP ConfReq id=0x1 > > >] >Nov 4 14:31:15 hrouter pppd[761]: rcvd [LCP ConfAck id=0x1 > > >] >Nov 4 14:31:21 hrouter pppd[761]: MSCHAP-v2 peer authentication succeeded >for ccrouter >Nov 4 14:31:22 hrouter pppd[761]: rcvd [IPCP ConfReq id=0x1 >] >Nov 4 14:31:22 hrouter pppd[761]: sent [IPCP ConfNak id=0x1 10.111.1.29>] >Nov 4 14:31:22 hrouter pppd[761]: rcvd [CCP ConfReq id=0x1 > ] >Nov 4 14:31:22 hrouter kernel: options are bad: 1a 4 >Nov 4 14:31:22 hrouter pppd[761]: sent [CCP ConfAck id=0x1 > ] >Nov 4 14:31:22 hrouter kernel: compress rejected: opt_len=17,o[0]=1a,o[1]=4 >Nov 4 14:31:22 hrouter pppd[761]: rcvd [IPCP ConfAck id=0x1 10.111.1.10> ] >Nov 4 14:31:22 hrouter pppd[761]: rcvd [CCP ConfAck id=0x1 > ] >Nov 4 14:31:22 hrouter pppd[761]: Deflate (15) compression enabled >Nov 4 14:31:22 hrouter pppd[761]: rcvd [IPCP ConfReq id=0x2 10.111.1.29> ] >Nov 4 14:31:22 hrouter pppd[761]: sent [IPCP ConfAck id=0x2 10.111.1.29> ] >Nov 4 14:31:22 hrouter pppd[761]: local IP address 10.111.1.10 >Nov 4 14:31:22 hrouter pppd[761]: remote IP address 10.111.1.29 >Nov 4 14:31:22 hrouter pppd[761]: Script /etc/ppp/ip-up started (pid 762) >Nov 4 14:31:22 hrouter ip-up: ppp1 /dev/ttyp0 38400 10.111.1.10 10.111.1.29 >Nov 4 14:31:22 hrouter pppd[761]: Script /etc/ppp/ip-up finished (pid 762), >status = 0x0 >Nov 4 14:31:34 hrouter gated[703]: EVENT ppp1 index 4 PointToPoint Multicast> address 802.2 0:0:0:0:0:0 >Nov 4 14:31:34 hrouter gated[703]: EVENT Add ppp1 10.111.1.10 -> >10.111.1.29 >Nov 4 14:32:09 hrouter pptpd[760]: CTRL: Received PPTP Control Message >(type: 5) >Nov 4 14:32:09 hrouter pptpd[760]: CTRL: Made a ECHO RPLY packet >Nov 4 14:32:09 hrouter pptpd[760]: CTRL: I wrote 20 bytes to the client. >Nov 4 14:32:09 hrouter pptpd[760]: CTRL: Sent packet to client >Nov 4 14:33:09 hrouter pptpd[760]: CTRL: Received PPTP Control Message >(type: 5) >Nov 4 14:33:09 hrouter pptpd[760]: CTRL: Made a ECHO RPLY packet >Nov 4 14:33:09 hrouter pptpd[760]: CTRL: I wrote 20 bytes to the client. >Nov 4 14:33:09 hrouter pptpd[760]: CTRL: Sent packet to client >Nov 4 14:34:14 hrouter pptpd[760]: CTRL: Sending ECHO REQ id 1 >Nov 4 14:34:14 hrouter pptpd[760]: CTRL: Made a ECHO REQ packet >Nov 4 14:34:14 hrouter pptpd[760]: CTRL: I wrote 16 bytes to the client. >Nov 4 14:34:14 hrouter pptpd[760]: CTRL: Sent packet to client >Nov 4 14:35:13 hrouter pptpd[770]: MGR: Launching /usr/local/sbin/pptpctrl >to handle client >Nov 4 14:35:13 hrouter pptpd[770]: CTRL: local address = 10.111.1.10 >Nov 4 14:35:13 hrouter pptpd[770]: CTRL: remote address = 10.111.1.21 >Nov 4 14:35:13 hrouter pptpd[770]: CTRL: pppd speed = 38400 >Nov 4 14:35:13 hrouter pptpd[770]: CTRL: pppd options file = >/etc/ppp/pptpd.options >Nov 4 14:35:13 hrouter pptpd[770]: CTRL: Client 12.73.237.69 control >connection started >Nov 4 14:35:13 hrouter pptpd[770]: CTRL: Received PPTP Control Message >(type: 1) >Nov 4 14:35:13 hrouter pptpd[770]: CTRL: Made a START CTRL CONN RPLY packet >Nov 4 14:35:13 hrouter pptpd[770]: CTRL: I wrote 156 bytes to the client. >Nov 4 14:35:13 hrouter pptpd[770]: CTRL: Sent packet to client >Nov 4 14:35:14 hrouter pptpd[770]: CTRL: Received PPTP Control Message >(type: 7) >Nov 4 14:35:14 hrouter pptpd[770]: CTRL: Set parameters to 152 maxbps, 3 >window size >Nov 4 14:35:14 hrouter pptpd[770]: CTRL: Made a OUT CALL RPLY packet >Nov 4 14:35:14 hrouter pptpd[770]: CTRL: Starting call (launching pppd, >opening GRE) >Nov 4 14:35:14 hrouter pptpd[770]: CTRL: pty_fd = 5 >Nov 4 14:35:14 hrouter pptpd[770]: CTRL: tty_fd = 6 >Nov 4 14:35:14 hrouter pptpd[770]: CTRL: I wrote 32 bytes to the client. >Nov 4 14:35:14 hrouter pptpd[771]: CTRL (PPPD Launcher): Connection speed = >38400 >Nov 4 14:35:14 hrouter pptpd[771]: CTRL (PPPD Launcher): local address = >10.111.1.10 >Nov 4 14:35:14 hrouter pptpd[771]: CTRL (PPPD Launcher): remote address = >10.111.1.21 >Nov 4 14:35:14 hrouter pptpd[770]: CTRL: Sent packet to client >Nov 4 14:35:14 hrouter pppd[771]: pppd 2.3.8 started by root, uid 0 >Nov 4 14:35:14 hrouter kernel: registered device ppp2 >Nov 4 14:35:14 hrouter pppd[771]: Using interface ppp2 >Nov 4 14:35:14 hrouter pppd[771]: Connect: ppp2 <--> /dev/ttyp1 >Nov 4 14:35:14 hrouter pppd[771]: sent [LCP ConfReq id=0x1 > > >] >Nov 4 14:35:16 hrouter pptpd[770]: GRE: Discarding duplicate packet >Nov 4 14:35:17 hrouter pppd[771]: sent [LCP ConfReq id=0x1 > > >] >Nov 4 14:35:17 hrouter pppd[771]: rcvd [LCP ConfAck id=0x1 > > >] >Nov 4 14:35:17 hrouter pppd[771]: rcvd [LCP ConfReq id=0x1 > > >] >Nov 4 14:35:17 hrouter pppd[771]: sent [LCP ConfAck id=0x1 > > >] >Nov 4 14:35:19 hrouter pptpd[760]: CTRL: Session timed out, ending call >Nov 4 14:35:19 hrouter pptpd[760]: CTRL: Client 12.73.237.96 control >connection finished >Nov 4 14:35:19 hrouter pptpd[760]: CTRL: Exiting with active call >Nov 4 14:35:19 hrouter pptpd[760]: CTRL: Made a CALL DISCONNECT RPLY packet >Nov 4 14:35:19 hrouter pptpd[760]: CTRL: I wrote 148 bytes to the client. >Nov 4 14:35:19 hrouter pptpd[760]: CTRL: Sent packet to client >Nov 4 14:35:19 hrouter pptpd[760]: CTRL: Made a STOP CTRL REQ packet >Nov 4 14:35:19 hrouter pptpd[760]: CTRL: I wrote 16 bytes to the client. >Nov 4 14:35:19 hrouter pptpd[760]: CTRL: Sent packet to client >Nov 4 14:35:19 hrouter pppd[761]: Modem hangup >Nov 4 14:35:19 hrouter pppd[761]: Script /etc/ppp/ip-down started (pid 772) >Nov 4 14:35:19 hrouter pppd[761]: Connection terminated. >Nov 4 14:35:19 hrouter pppd[761]: Connect time 4.2 minutes. >Nov 4 14:35:19 hrouter pppd[761]: Sent 1403 bytes, received 1617 bytes. >Nov 4 14:35:19 hrouter pppd[761]: Waiting for 1 child processes... >Nov 4 14:35:19 hrouter pppd[761]: script /etc/ppp/ip-down, pid 772 >Nov 4 14:35:19 hrouter ip-down: ppp1 /dev/ttyp0 38400 10.111.1.10 >10.111.1.29 >Nov 4 14:35:19 hrouter pppd[761]: Script /etc/ppp/ip-down finished (pid >772), status = 0x0 >Nov 4 14:35:19 hrouter pppd[761]: Exit. >Nov 4 14:35:19 hrouter gated[703]: EVENT ppp1 index 4 > address 802.2 0:0:0:0:0:0 >Nov 4 14:35:19 hrouter gated[703]: EVENT Delete UpDown ppp1 10.111.1.10 -> >10.111.1.29 >Nov 4 14:35:19 hrouter gated[703]: KRT SEND DELETE 10.111.1.10 mask >255.255.255.255 router 127.0.0.1 flags >HOST>7: No such process >Nov 4 14:35:21 hrouter pppd[771]: MSCHAP-v2 peer authentication succeeded >for ccrouter >Nov 4 14:35:21 hrouter pppd[771]: sent [IPCP ConfReq id=0x1 10.111.1.10> ] >Nov 4 14:35:21 hrouter pppd[771]: sent [CCP ConfReq id=0x1 > ] >Nov 4 14:35:21 hrouter pppd[771]: rcvd [IPCP ConfReq id=0x1 >] >Nov 4 14:35:21 hrouter pppd[771]: sent [IPCP ConfNak id=0x1 10.111.1.29>] >Nov 4 14:35:21 hrouter pppd[771]: rcvd [CCP ConfReq id=0x1 > ] >Nov 4 14:35:21 hrouter pppd[771]: sent [CCP ConfAck id=0x1 > ] >Nov 4 14:35:21 hrouter kernel: compress rejected: opt_len=17,o[0]=1a,o[1]=4 >Nov 4 14:35:22 hrouter pppd[771]: rcvd [IPCP ConfAck id=0x1 10.111.1.10> ] >Nov 4 14:35:22 hrouter kernel: options are bad: 1a 4 >Nov 4 14:35:22 hrouter pppd[771]: rcvd [CCP ConfAck id=0x1 > ] >Nov 4 14:35:22 hrouter pppd[771]: Deflate (15) compression enabled >Nov 4 14:35:22 hrouter pppd[771]: rcvd [IPCP ConfReq id=0x2 10.111.1.29> ] >Nov 4 14:35:22 hrouter pppd[771]: sent [IPCP ConfAck id=0x2 10.111.1.29> ] >Nov 4 14:35:22 hrouter pppd[771]: local IP address 10.111.1.10 >Nov 4 14:35:22 hrouter pppd[771]: remote IP address 10.111.1.29 >Nov 4 14:35:22 hrouter pppd[771]: Script /etc/ppp/ip-up started (pid 778) >Nov 4 14:35:22 hrouter ip-up: ppp2 /dev/ttyp1 38400 10.111.1.10 10.111.1.29 >Nov 4 14:35:22 hrouter pppd[771]: Script /etc/ppp/ip-up finished (pid 778), >status = 0x0 >Nov 4 14:35:24 hrouter pptpd[715]: MGR: Reaped child 760 >Nov 4 14:35:24 hrouter pptpd[760]: CTRL: Exiting now >Nov 4 14:35:34 hrouter gated[703]: EVENT ppp2 index 4 PointToPoint Multicast> address 802.2 0:0:0:0:0:0 >Nov 4 14:35:34 hrouter gated[703]: EVENT Add ppp2 10.111.1.10 -> >10.111.1.29 >Nov 4 14:47:17 hrouter pptpd[770]: CTRL: Received PPTP Control Message >(type: 5) >Nov 4 14:47:17 hrouter pptpd[770]: CTRL: Made a ECHO RPLY packet >Nov 4 14:47:17 hrouter pptpd[770]: CTRL: I wrote 20 bytes to the client. >Nov 4 14:47:17 hrouter pptpd[770]: CTRL: Sent packet to client >Nov 4 14:47:39 hrouter pppd[771]: rcvd [LCP TermReq id=0x2 "User request"] >Nov 4 14:47:39 hrouter pppd[771]: LCP terminated by peer (User request) >Nov 4 14:47:39 hrouter pppd[771]: Script /etc/ppp/ip-down started (pid 791) >Nov 4 14:47:39 hrouter pppd[771]: sent [LCP TermAck id=0x2] >Nov 4 14:47:39 hrouter ip-down: ppp2 /dev/ttyp1 38400 10.111.1.10 >10.111.1.29 >Nov 4 14:47:39 hrouter pptpd[715]: MGR: Reaped child 770 >Nov 4 14:47:39 hrouter pptpd[770]: CTRL: Received PPTP Control Message >(type: 12) >Nov 4 14:47:39 hrouter pptpd[770]: CTRL: Made a CALL DISCONNECT RPLY packet >Nov 4 14:47:39 hrouter pptpd[770]: CTRL: Received CALL CLR request (closing >call) >Nov 4 14:47:39 hrouter pptpd[770]: CTRL: I wrote 148 bytes to the client. >Nov 4 14:47:39 hrouter pptpd[770]: CTRL: Sent packet to client >Nov 4 14:47:39 hrouter pptpd[770]: CTRL: Error with select(), quitting >Nov 4 14:47:39 hrouter pptpd[770]: CTRL: Client 12.73.237.69 control >connection finished >Nov 4 14:47:39 hrouter pptpd[770]: CTRL: Exiting now >Nov 4 14:47:39 hrouter pppd[771]: Modem hangup >Nov 4 14:47:39 hrouter pppd[771]: Connection terminated. >Nov 4 14:47:39 hrouter pppd[771]: Connect time 12.5 minutes. >Nov 4 14:47:39 hrouter pppd[771]: Sent 1953 bytes, received 2518 bytes. >Nov 4 14:47:39 hrouter pppd[771]: Waiting for 1 child processes... >Nov 4 14:47:39 hrouter pppd[771]: script /etc/ppp/ip-down, pid 791 >Nov 4 14:47:39 hrouter pppd[771]: Script /etc/ppp/ip-down finished (pid >791), status = 0x0 >Nov 4 14:47:39 hrouter pppd[771]: Exit. > > > > >hrouter# cat /etc/ppp/ip-up >#!/bin/sh ># >PATH=/bin:/sbin:/usr/bin:/usr/sbin > >message () { > logger -p local2.info -t ip-up "$*" >} > >message "$1 $2 $3 $4 $5" ># When ip is up, these are the arguments pass on. ># Arg Name Example ># $1 interface name ppp0 ># $2 tty /dev/ttyS0 ># $3 speed 115200 ># $4 local ip ># $5 remote ip > >if [ "$5" = 10.111.1.29 ]; then > route add -net 10.111.200.0 netmask 255.255.255.0 gw $5 #1 >fi > > ># Keep a log of what happened. This log is also used by other script to ># determine which interface to shut down. > >PPP=$1 >TTY=$2 >SPEED=$3 >LOCAL_IP=$4 >REMOTE_IP=$5 > >set -- $(echo $2 | sed s/\\/\dev\\///) >TTY=$1 >LOG="/var/log/ppp/$TTY.log" > >/bin/cat << EOF > $LOG >PPP=$PPP >TTY=$TTY >SPEED=$SPEED >IPADDR=$LOCAL_IP >REMOTE_IP=$REMOTE_IP > >EOF > > > >ipdown script: > > >#!/bin/sh > >PATH=/bin:/sbin:/usr/bin:/usr/sbin >message () { > logger -p local2.info -t ip-down "$*" >} > >if [ -f /var/run/$1.pid ]; then > kill -INT cat `/var/run/$1.pid` > > rm /var/run/$1.pid > ifconfig $1 down >fi > >message "$1 $2 $3 $4 $5" > ># Restart dialer using the same ppp device name >set -- $(echo $2 | sed s/\\/\dev\\///) >TTY=$1 > >if [ "$5" = 10.111.1.29 ]; then > route del -net 10.111.200.0 netmask 255.255.255.0 gw $5 $1 >fi > >[ -f /var/log/ppp/$TTY.log ] && rm /var/log/ppp/$TTY.log > >if [ "$TTY" = "ttyS1" ]; then > /etc/init.d/ppp start $TTY >fi > > From locutus at imsa.edu Fri Nov 5 09:44:29 1999 From: locutus at imsa.edu (locutus at imsa.edu) Date: Fri Nov 5 09:44:29 1999 Subject: [pptp-server] Re: Encryption problem In-Reply-To: from "Michael Walter" at Nov 04, 1999 05:12:27 PM Message-ID: <199911051544.JAA20463@pollux.imsa.edu> Yes, I have disabled all of these with no effect. I am not using IPX/SPX. Michael Holl -- locutus at imsa.edu > On the 98 clients, in the dial-up properties for the VPN connection: > Have you disabled header compression? > Have you disabled use default gateway on remote network? > Have you disabled Netbeui? > Have you disabled IPX/SPX(You may need this depending on your > configuration)? > > On Thursday, November 04, 1999 5:03 PM, locutus at imsa.edu > [SMTP:locutus at imsa.edu] wrote: > > Hello all. > > > > I have successfully installed PoPToP 1.0.0 on a RedHat 6.0 (kernel 2.2.5) > > system. I can connect to it from any 98 host, and can communicate with > > any host on my private network. However, when I check "require encrypted > > authentication" within the DUN properties on the client, I am no longer > > able to communicate with the private network. The DUN connection can > > still be established, and the correct IP is assigned, but communication > > is impossible. I have installed the ppp-mppe patch, recompiled the > kernel, > > and have loaded all of the necessary modules. I have also installed > SSLeay > > 0.6.6b. In addition, I have installed the DUN 4.0 update per the HOWTO. > > This happens from multiple clients, some running 98 and some running 98se. > > None of these have helped. Here is what I find in /var/log/pptpd.log: > > > > pppd[1735]: MPPE 40 bit, stateless compression enabled > > pppd[1735]: Script /etc/ppp/ip-up finished (pid 1736), status = 0x0 > > pppd[1735]: rcvd [proto=0x4da7] cd 80 08 8a be c6 bc f1 4d 6e ad a5 04 2e > > 91 1f 96 1d b5 3d b0 f4 92 12 0c f9 a6 ce > > pppd[1735]: Unsupported protocol (0x4da7) received > > > > The last two lines continue, with a different set of numbers in the > > "unsupported protocol" line, until I disconnect. Here is my > /etc/ppp/options: > > > > lock > > debug > > auth > > +chap > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > name punk > > require-chap > > proxyarp > > > > I have run out of ideas. Any suggestions? > > > > Thanks in advance. > > > > Michael Holl > > -- > > locutus at imsa.edu > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From grule at esupportnow.com Fri Nov 5 10:11:39 1999 From: grule at esupportnow.com (Gary Rule) Date: Fri Nov 5 10:11:39 1999 Subject: [pptp-server] Auth Message-ID: Hello, I'm trying to get poptop to work. I'm using version 1.0.0 with version 2.3.5 of ppp and I can get the connection to work without any authentication but when I edit the /etc/ppp/options file and add auth +chap I keep getting an error pppd: peer authentication required but no authentication files accessible I have made sure that the file is in the right place and that the format is correct as well as the chap-secrets file I've made sure that I'm running as root when executing and that the file has proper permissions. Has anyone else run into this? I know that the pptpd documents suggests using pppd 2.3.8 but I cannot modify the kernel at work for another 2 months. Any help would be appreciated. ------------------------------------------------------------------------ Gary Rule ------------------------------------------------------------------------ It is impossible to make anything foolproof because fools are so ingenious. ------------------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: From omar at carvajal.com Fri Nov 5 13:51:31 1999 From: omar at carvajal.com (Miguel Carvajal) Date: Fri Nov 5 13:51:31 1999 Subject: [pptp-server] Kernel Version Mismatch Message-ID: <3823361E.3827C72A@carvajal.com> Hi there, I'm installing PoPToP on a Redhat 6.0 with ppp 2.3.10. Everything goes fine until I try to install the ppp_mppe module. When I type: /sbin/insmod /lib/modules/2.2.5-15/net/ppp_mppe.o it returns: /lib/modules/2.2.5-15/net/ppp_mppe.o: kernel-module version mismatch /lib/modules/2.2.5-15/net/ppp_mppe.o was compiled for kernel version 2.2.5-15 while this kernel is version 2.2.5-15smp. One thing I noticed is that the module is being put in the directory /lib/modules/2.2.5-15/net/ instead of /lib/modules/2.2.5-15smp/net/. Also when I open the module ppp_mppe.o with vi and look for 2.2.5-15 I find kernel_version=2.2.5-15 in the binary module. One of the modules that does load properly is ppp.o this module is in the directory /lib/modules/2.2.5-15smp/net/ and has kernel_version=2.2.5-15smp in the binary. Maybe the ppp_mppe.c is not getting my correct kernel version? This is just a wild guess I don't know anything about c. Can anyone help me? Thanks in advance, Miguel Carvajal From chrisk at ciris.net Fri Nov 5 16:49:54 1999 From: chrisk at ciris.net (Christopher Kuhl) Date: Fri Nov 5 16:49:54 1999 Subject: [pptp-server] Fw: [LRP] cant ping the client and others Message-ID: <003201bf27e0$213c70f0$02010b0a@tiger.ciris.net> -----Original Message----- From: Christopher Kuhl To: linux-router at linuxrouter.org ; Ray Olszewski Date: Friday, November 05, 1999 4:49 PM Subject: Re: [LRP] cant ping the client and others >I finally got it working today, and as always, the answer was simple to fix >but hard to find. It turns out the the firewall was stopping it. I add >"ipfwadm -F -a accept -W eht0" to let the router forward back out on my >network and boom, problem solved. No hardware problem, no routing problem. >-----Original Message----- >From: Ray Olszewski >To: Christopher Kuhl ; linux-router at linuxrouter.org > >Date: Thursday, November 04, 1999 7:04 PM >Subject: Re: [LRP] cant ping the client and others > > >>Since you've posted this question several times without getting a response, >>I assume there aren't any experts on this stuff hanging out on this list. >>I'm no expert, but my next project will be to implement one of the VPN >>technologies, so I took a little tilme to look over your setup. Bearing in >>mind my limited expertise here, I have one thought ... >> >>How are these two routers actually connected? You show them as connected >>through "internet", which I intrepret to mean that each connects to an ISP, >>and the ISPs find a route between the two LANs. Under that assumption, what >>is the "remote ip that is passed by pppd" address you are giving to the >>client? I would normally think of this phrase as referring to the ISP's end >>of the PPP connection to the client. If that is what you mean, why would >>that host know how to route to your private subnet-10 network on the other >>end? I would think that each of the routers needs the ppp address of the >>other router here (or they need to be masq'd, which you say works, at least >>after a fsahion). >> >>Apologies in advance if I've misinterpreted your posting. I'll be happy to >>take a closer look at your configuration if you're interested, but pleas >>understand that I'm offering because I need to figure this stuff out too, >>not because I already have any great expertise in it. Good luck in any >case. >> >>At 02:07 PM 11/4/99 -0600, Christopher Kuhl wrote [in part]: >>My setup is this: >>> >>>private >>>network(10.111.1.0/24)-----LRP+POPTOP(10.111.1.1)--------internet------LR P >+P >>>PTP client(10.111.200.1)-----private network(10.111.200.0/24) >>> >>>I am using poptop on one side and the linux pptp client on the other. >When >>>I connect to the Poptop server with a Windows machine I can ping and use >the >>>entire network fine. But from the linux pptp client, I can only ping the >>>Poptop router(ping 10.111.1.1) and vice versa. I can not ping other >>>machines on the remote network. I changed my ip-up and down scripts to >add >>>and delete routes like this >>> >>>Poptop side: >>>route add -net 10.111.200.0 netmask 255.255.255.0 gw $5 $1 ; $5 is the >ip >>>address I am giving the client router. >>> >>>Cleint side: >>>route add -net 10.111.1.0 netmask 255.255.255.0 gw $5 $1 ; $5 is the >>>remote ip that is passed by pppd. >>> >>>I checked my routing tables, and they are correct. I also delete these >>>routes when ip-down runs. >>[rest deleted] >> >>------------------------------------"Never tell me the odds!"--- >>Ray Olszewski -- Han Solo >>Palo Alto, CA ray at comarre.com >>---------------------------------------------------------------- >> >> >> >>_______________________________________________ >>linux-router maillist - linux-router at linuxrouter.org >>http://www.linuxrouter.org/mailman/listinfo/linux-router >> > From lstep at mail.dotcom.fr Sat Nov 6 10:58:02 1999 From: lstep at mail.dotcom.fr (Luc Stepniewski) Date: Sat Nov 6 10:58:02 1999 Subject: [pptp-server] bad protocol from pptpd Message-ID: <87iu3fo74m.fsf@eurythro.savigny.stp> Hello, I'm trying to use pptpd 1.0.0 with ppp-2.3.10 but when I have a win98 box trying to connect on the pptpd server, I get two errors (which may be related ?): In syslog, I see I have a "modprobe: can't locate module char-major-108". Looking in the /usr/src/linux/Documentation/Device.txt, I see that char-major-108 corresponds to "Device independent PPP interface", /dev/ppp. I don't have /dev/ppp, but I have the ppp module correctly loaded in memory: root at home /dev]# lsmod Module Size Used by ppp 20012 1 (autoclean) slhc 4328 0 (autoclean) [ppp] The second error (and the one that stops the win98 from connecting, is a "ICMP message type destination unreachable - bad protocol from 210.27.15.119 (210.27.15.119->62.20.91.232)", where 62.20.91.232 is my pptpd server. Are the two errors related ? What are the required kernel modules options that need to be compiled to make pptpd work correctly ? (I'm using a 2.2.12 kernel). Thanks, Luc From estradey at pullman.com Sat Nov 6 17:02:09 1999 From: estradey at pullman.com (Eric Stratte) Date: Sat Nov 6 17:02:09 1999 Subject: [pptp-server] Help - PPTP 1.0.0, PPP 2.8.10, RH6.1 Message-ID: <3824C049.2B7D06A5@pullman.com> Well, after thoroughly analyzing and trying most of the FAQ, re-compiling the kernel, PPP, and PPTP multiple times, and trying lots of options, hand hacking in the MS-DOMAIN// update and the RC4 stuff, which compiles, but doesn't work, I am stumped. What I am trying to do: I have a linux firewall/masquerade on my ADSL(1 IP) connection on a P100 box, an 8 port hub, and a Win/linux machine. I have also been having LAN game parties from time to time. I would like to setup PPTP to allow TCP/IP and IPX into my local LAN so that we can have remote people join in/share files, etc... What I've tried: straight PPTP 1.0 with noauth. People can log in, I can ping both their local and remote IP's with the linux box, but they don't seem to be on the local network(I can ping their local(t <10ms), but not remote IP). I have set the little arp hack in ip-up.local as mentioned in the FAQ. I haven't added any special firewall forwarding rules, since it seems like it is using an address on the internal subnet and the arp comand lists it as being bound to the proper nic. The ppp0 listing under ifconfig comes up with NOARP, but it lets me turn it on after the connection is made, but it doesn't seem to work either way. If I connect to the PPTP server from the local LAN, I can ping both the local and remote ip's of the machine I am on. The remote guy can ping both of his addresses, as well. One thing I think is worng that I haven't fixed yet is the pptp modprobing for char-major-108, which it can't find. I don't know what this means...:( But it still seems to connect and pass some packets ok. The other thing that may be goofy is I tried initially with PPP-2.3.10, then 2.3.8, then went back to 2.3.10. I don't know if there was someremenant of one that carried over? I have re-compiled everything in the order described in the FAQ. PPP and IPX are compiled into my kernel. I did try PPTP with noauth on PPP before re-compiling anything, and that had nearly identical results. I can post pptp connection dumps, ifconfig, route, arp, even tcpdump :) to here :( or on a website. I hope I am doing something obviously wrong. This is getting to the point where I need to get out the PPTP white papar, and completely read about arp, IPX, etc. and become an expert... after this, I have to tackle the RC4 part, which doesn't work either... :( Thanks, Eric From tmk at netmagic.net Sat Nov 6 18:01:20 1999 From: tmk at netmagic.net (tmk) Date: Sat Nov 6 18:01:20 1999 Subject: [pptp-server] Help - PPTP 1.0.0, PPP 2.8.10, RH6.1 References: <3824C049.2B7D06A5@pullman.com> Message-ID: <000501bf28b3$9cf62fa0$071c0fc0@lala.net> try the proxyarp ppp option. that should do it Kevin ----- Original Message ----- From: Eric Stratte To: Sent: Saturday, November 06, 1999 3:56 PM Subject: [pptp-server] Help - PPTP 1.0.0, PPP 2.8.10, RH6.1 > Well, after thoroughly analyzing and trying most of the FAQ, > re-compiling the kernel, PPP, and PPTP multiple times, and trying lots > of options, hand hacking in the MS-DOMAIN// update and the RC4 stuff, > which compiles, but doesn't work, I am stumped. > > What I am trying to do: > > I have a linux firewall/masquerade on my ADSL(1 IP) connection on a P100 > box, an 8 port hub, and a Win/linux machine. I have also been having > LAN game parties from time to time. I would like to setup PPTP to allow > TCP/IP and IPX into my local LAN so that we can have remote people join > in/share files, etc... > > > What I've tried: > > straight PPTP 1.0 with noauth. People can log in, I can ping both their > local and remote IP's with the linux box, but they don't seem to be on > the local network(I can ping their local(t <10ms), but not remote IP). > I have set the little arp hack in ip-up.local as mentioned in the FAQ. > I haven't added any special firewall forwarding rules, since it seems > like it is using an address on the internal subnet and the arp comand > lists it as being bound to the proper nic. The ppp0 listing under > ifconfig comes up with NOARP, but it lets me turn it on after the > connection is made, but it doesn't seem to work either way. > If I connect to the PPTP server from the local LAN, I can ping both the > local and remote ip's of the machine I am on. > The remote guy can ping both of his addresses, as well. > One thing I think is worng that I haven't fixed yet is the pptp > modprobing for char-major-108, which it can't find. I don't know what > this means...:( But it still seems to connect and pass some packets ok. > > The other thing that may be goofy is I tried initially with PPP-2.3.10, > then 2.3.8, then went back to 2.3.10. I don't know if there was > someremenant of one that carried over? I have re-compiled everything in > the order described in the FAQ. PPP and IPX are compiled into my > kernel. I did try PPTP with noauth on PPP before re-compiling anything, > and that had nearly identical results. > > I can post pptp connection dumps, ifconfig, route, arp, even tcpdump :) > to here :( or on a website. > > > I hope I am doing something obviously wrong. This is getting to the > point where I need to get out the PPTP white papar, and completely read > about arp, IPX, etc. and become an expert... > > after this, I have to tackle the RC4 part, which doesn't work either... > :( > > Thanks, > > Eric > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From macleajb at ednet.ns.ca Sat Nov 6 20:11:48 1999 From: macleajb at ednet.ns.ca (TechServ) Date: Sat Nov 6 20:11:48 1999 Subject: [pptp-server] Hacked MS-Chap-V2 into Cistron and pppd - But need more Message-ID: <3824DFCB.82E4DF5F@ednet.ns.ca> Hi Folks, I have a radiusclient callout from a _hacked_ ppp2.3.10 that gets successfully authenticated by a _hacked_ ICradius(cistron+mysql) server using the MS-Chap-v2 authentication goodies. This is truly an ugly hack that I would not even show myself at this time. I know little about radius and pppd at this level, and now realize I need to send accouting info (start/stop) to be _more_ correct. My goal is as I presented before: . I would like to have remote linux boxes that are used to allow my users to authenticate to. This would be via pptpd . the user would always get the same IP, be given rules and QoS bandwidth settings. . the home(central) box would open access using ipchains only to resources they are allowed to access. Basically stated, users authenticate to the network, instead of to a resource. Access is centrally dished out. My hopes were to use a radiusd server at the home machine, connect to remote linux boxes securely using VTUN. Run pptpd at thos sites, using a special pppd which uses the central home box to chap authenticate users. Then ip-up rules at the remote boxes per user, and add the routes/rules/QoS locally with some call out from the radiusd server. So I am curious if I am the single person out there interested in this type of secure network? Or is there already an accepted way to implement this? Or is there other work under way to which I could participate in? If nothing else, is there a good FAQ/HowTo that would show me how I am _supose_ to code a radius client access? The radiusclient sources exist, but I feel I am coding without enough background. Is there an acceptable way to call-out from radiusd, or is that not anything that radiusd's should do? Possibly I must hack on Xtradius? thanks for any help anyone is willing to provide, JES From estradey at pullman.com Sun Nov 7 15:14:15 1999 From: estradey at pullman.com (Eric Stratte) Date: Sun Nov 7 15:14:15 1999 Subject: [pptp-server] Help - PPTP 1.0.0, PPP 2.8.10, RH6.1 Message-ID: <3825EBD6.5C693A6C@pullman.com> I've gotten it to work mostly, with lots of help from tmk -- Thanks! I think ARP may be broken on my setup. I still get NOARP on the ppp0 ifconfig. I have the arp --set ...etc. in ip-up.local and I have done echo 1>/proc/net.../proxy_arp But, I have setup the folowing IPCHAINS rules that correctly forward packets :input ACCEPT :forward DENY :output ACCEPT ipchains -A forward -s 192.168.5.0/24 -i eth0 -j ACCEPT forward any ppp subnet traffic to the local nic/net ipchains -A forward -d ! 192.168.5.0/24 -i eth1 -j MASQ handle outbound internet traffic ipchains -A forward -d 192.168.5.64/26 -i ppp0 -j ACCEPT send stuff out to the ppp interfaces . . last line repeated for ppp1, ppp2, etc. Now this allows everyone to appear on the 192.168.5.0 subnet, but broadcast packets don't seem to make it all the way through...to all ends...? do I need another ipchains line for the broadcast address forward to pppx?(i.e x.x.x.255) and, alas, I cannot get MSCHAP to work. I have PPP-2.3.10 and it asked for rc4_skey.c and rc4_lol.h(sp?) when making modules in /usr/src/kernel I copied everything from SSLeay0.9... and tweaked a few headers to get it to compile. Do I need to compile the SSL package?? I thought I saw something about this on the list archives, but I couldn't find it again... Now to work on IPX This is fun :) Eric From e8825492 at student.tuwien.ac.at Sun Nov 7 16:42:24 1999 From: e8825492 at student.tuwien.ac.at (BC) Date: Sun Nov 7 16:42:24 1999 Subject: [pptp-server] IP 47 Message-ID: <199911072242.XAA02202@stud4.tuwien.ac.at> hi & and sorry for my ignorance: does anyone know a tool similar to ping to find out whether transport of IP 47 (GRE) is supported? (i know - that hurt) is there a possibility to read this information out of poptop's messages in the logs? i don't believe the answers of my ISP concerning his firewall. best regards bc From matthewr at moreton.com.au Sun Nov 7 22:20:37 1999 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Sun Nov 7 22:20:37 1999 Subject: [pptp-server] COMDEX reminder Message-ID: <99110814134209.07059@gibberling.moretonbay> Hiya All, Just a quick reminder that i will be at COMDEX (15-19 November) answering questions about PoPToP. If anyone is at COMDEX be sure to come visit me at the Moreton Bay stand!! I'll be giving away a limited number of VPN routers running PoPToP (NETtels) to a lucky few. Hope to meet some of you there! Cheers, Matt -- Matthew Ramsay Moreton Bay From neale at lowendale.com.au Mon Nov 8 01:51:19 1999 From: neale at lowendale.com.au (Neale Banks) Date: Mon Nov 8 01:51:19 1999 Subject: [pptp-server] IP 47 In-Reply-To: <199911072242.XAA02202@stud4.tuwien.ac.at> Message-ID: On Sun, 7 Nov 1999, BC wrote: > does anyone know a tool similar to ping to find out whether > transport of IP 47 (GRE) is supported? (i know - that hurt) > is there a possibility to read this information out of poptop's > messages in the logs? > > i don't believe the answers of my ISP concerning his firewall. See John Hardin's "Linux VPN Masquerade" page at There we find: ------------------------------8<------------------------------ Profuse thanks to Gordon Chaffee for coding and sharing a patch to traceroute that allows tracing GRE traffic. It should prove invaluable in troubleshooting if your GRE traffic is being blocked somewhere. Get the patch from: [ FTP Mirror 1 | HTTP Mirror 1 ] ------------------------------8<------------------------------ The tarball is allegedly at both of: HTH, Neale. From mcarvajal at msn.com Mon Nov 8 19:27:46 1999 From: mcarvajal at msn.com (Miguel Carvajal) Date: Mon Nov 8 19:27:46 1999 Subject: [pptp-server] SMP Patch Message-ID: <006501bf2a51$17dde980$02cac7c8@carvajal.com> Hi there, Does anyone have a patch for PoPToP to support multi-processor machines? Thanks in Advance, Miguel Carvajal -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmk at netmagic.net Mon Nov 8 20:42:29 1999 From: tmk at netmagic.net (tmk) Date: Mon Nov 8 20:42:29 1999 Subject: [pptp-server] SMP Patch References: <006501bf2a51$17dde980$02cac7c8@carvajal.com> Message-ID: <005601bf2a5c$77d3f2c0$071c0fc0@lala.net> it doesnt work currently? Right now, it spawns a new process for each connection, so it should do pretty well Kevin ----- Original Message ----- From: Miguel Carvajal To: pptp-server at lists.schulte.org Sent: Monday, November 08, 1999 5:23 PM Subject: [pptp-server] SMP Patch Hi there, Does anyone have a patch for PoPToP to support multi-processor machines? Thanks in Advance, Miguel Carvajal -------------- next part -------------- An HTML attachment was scrubbed... URL: From estradey at pullman.com Mon Nov 8 22:51:00 1999 From: estradey at pullman.com (Eric Stratte) Date: Mon Nov 8 22:51:00 1999 Subject: [pptp-server] proxy-arp with PPTP References: <3825EBD6.5C693A6C@pullman.com> Message-ID: <3827A854.DDBAF66F@pullman.com> I think I might have answered my own question below, but it makes me wonder what the difference between ARP routing rules and IPCHAINS is? I had proxy_arp set to 1 for pppx, but the local eth0 that I am trying to route over had its proxy_arp set to 0. If I want to have the pppx and eth1 all appear on the same subnet and talk to each other, do I need proxy_arp set to 1 for eth1? Will this handle the broadcast packets, since the below firewall rules don't seem to.(I added a forward rule for 192.168.5.255 to pppx) None of my gaming buddies are around to try this at the moment so I thought I'd throw it up here. If this is true, it might make a good FAQ topic, although perhaps more appropriate for PPP. Eric Eric Stratte wrote: > I've gotten it to work mostly, with lots of help from tmk -- Thanks! > > I think ARP may be broken on my setup. I still get NOARP on the ppp0 > ifconfig. > I have the arp --set ...etc. in ip-up.local and I have done echo > 1>/proc/net.../proxy_arp > > But, I have setup the folowing IPCHAINS rules that correctly forward > packets > > :input ACCEPT > :forward DENY > :output ACCEPT > ipchains -A forward -s 192.168.5.0/24 -i eth0 -j ACCEPT forward any ppp > subnet traffic to the local nic/net > ipchains -A forward -d ! 192.168.5.0/24 -i eth1 -j MASQ handle outbound > internet traffic > ipchains -A forward -d 192.168.5.64/26 -i ppp0 -j ACCEPT send stuff out > to the ppp interfaces > . > . > last line repeated for ppp1, ppp2, etc. > > Now this allows everyone to appear on the 192.168.5.0 subnet, but > broadcast packets don't seem to make it all the way through...to all > ends...? > do I need another ipchains line for the broadcast address forward to > pppx?(i.e x.x.x.255) > From tmk at netmagic.net Mon Nov 8 22:59:15 1999 From: tmk at netmagic.net (tmk) Date: Mon Nov 8 22:59:15 1999 Subject: [pptp-server] proxy-arp with PPTP References: <3825EBD6.5C693A6C@pullman.com> <3827A854.DDBAF66F@pullman.com> Message-ID: <00a001bf2a6f$932b7b20$071c0fc0@lala.net> pretty sure just pppX needs it set. I think that the ppp devices are removed from memory as soon as they go down, so you'd have to set that setting in the ip-up script or something to have it around. Keep in mind that proxy arp doesnt solve ipx routing problems, since ipx really does need to be routed. You cant put a dialup device (ie ppp0) into an existing ipx network, it has to be in its own net (at least the way the software is currently) You can put an IP client on the same IP net as existing interfaces however. Kevin ----- Original Message ----- From: Eric Stratte To: Sent: Monday, November 08, 1999 8:51 PM Subject: Re: [pptp-server] proxy-arp with PPTP > I think I might have answered my own question below, but it makes me wonder > what the difference between ARP routing rules and IPCHAINS is? > > I had proxy_arp set to 1 for pppx, but the local eth0 that I am trying to > route over had its proxy_arp set to 0. If I want to have the pppx and eth1 > all appear on the same subnet and talk to each other, do I need proxy_arp > set to 1 for eth1? Will this handle the broadcast packets, since the below > firewall rules don't seem to.(I added a forward rule for 192.168.5.255 to > pppx) > > None of my gaming buddies are around to try this at the moment so I thought > I'd throw it up here. If this is true, it might make a good FAQ topic, > although perhaps more appropriate for PPP. > > Eric > > Eric Stratte wrote: > > > I've gotten it to work mostly, with lots of help from tmk -- Thanks! > > > > I think ARP may be broken on my setup. I still get NOARP on the ppp0 > > ifconfig. > > I have the arp --set ...etc. in ip-up.local and I have done echo > > 1>/proc/net.../proxy_arp > > > > But, I have setup the folowing IPCHAINS rules that correctly forward > > packets > > > > :input ACCEPT > > :forward DENY > > :output ACCEPT > > ipchains -A forward -s 192.168.5.0/24 -i eth0 -j ACCEPT forward any ppp > > subnet traffic to the local nic/net > > ipchains -A forward -d ! 192.168.5.0/24 -i eth1 -j MASQ handle outbound > > internet traffic > > ipchains -A forward -d 192.168.5.64/26 -i ppp0 -j ACCEPT send stuff out > > to the ppp interfaces > > . > > . > > last line repeated for ppp1, ppp2, etc. > > > > Now this allows everyone to appear on the 192.168.5.0 subnet, but > > broadcast packets don't seem to make it all the way through...to all > > ends...? > > do I need another ipchains line for the broadcast address forward to > > pppx?(i.e x.x.x.255) > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From estradey at pullman.com Tue Nov 9 02:39:30 1999 From: estradey at pullman.com (Eric Stratte) Date: Tue Nov 9 02:39:30 1999 Subject: [pptp-server] RC4 stuff with PPP-2.3.10 + IPX References: <3825EBD6.5C693A6C@pullman.com> Message-ID: <3827DDF5.DC9E04DF@pullman.com> Another hurdle surpassed. MSCHAP-v2 now enabled :) I'm not 100% sure if all of my previous kernel/ppp builds were broken. I tried SSLeay0.9.9 with 2.3.8 and 2.3.10(I think I was actually stuck with 2.3.10 as far as the /usr/src/linux/drivers/net directory goes, because I was too timid to delete anything) and I also tried SSLeay 0.6.6b which seemed to now work as well. What did work: starting with a clean ppp-2.3.10 directory rm'ing the newer rc4* files from linux/drivers/net, before going back to trying 0.6.6b again. patching with the 2.3.10 patch editing ppp_mppe.c(both spots i.e. ppp-2.3.10/linux and /usr/src/linux/drivers/net) to remove the include of rc4_skey.c(whose contents are in rc4_enc.c for 0.6.6b) following the directions(novel idea, huh?) fixing my chap-secrets file. I had all kinds of permutations(ugh) the simple "user * secret *" works perfectly strange thing is I don't have any MS-DOMAIN\\ from my win98 SE box. I guess I've never really logged into a domain? I've still got arp/ipchains to fiddle with and IPX(looks real easy, already in my kernel) Does the software compression box on MS-DUN do anything? What frame type is everyone using for IPX. One of my IT buddies recommends etherII since I guess it used to be the only one compatible with TCP/IP on some nics. I guess that doesn't matter any more though? Eric From pellicciotta at coritel.it Tue Nov 9 04:55:29 1999 From: pellicciotta at coritel.it (Raffaele Pellicciotta) Date: Tue Nov 9 04:55:29 1999 Subject: [pptp-server] Information Message-ID: <00c501bf2aa0$efc40c40$20f2cdc1@coritel.it> Hi, I am trying to install tunnel client on my lan. I have a linux machine A with a private address 192.168.200.2 and a linux machine B with two cards: one 192.168.40.2 (private address)and one 193.205.242.52(public address) towards Internet . ( Redhat 6.0 kernel 2.2.12) Ifconfig of my linux machine B is: eth0 Link encap:Ethernet HWaddr 00:C0:F0:3B:EC:53 inet addr:193.205.242.52 Bcast:193.205.242.127 Mask:255.255.255.128 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:93458 errors:1 dropped:0 overruns:0 frame:1 TX packets:137938 errors:0 dropped:0 overruns:0 carrier:0 collisions:12918 txqueuelen:100 Interrupt:5 Base address:0xb800 eth1 Link encap:Ethernet HWaddr 00:C0:F0:3C:04:7F inet addr:192.168.40.2 Bcast:192.168.40.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:37042 errors:0 dropped:0 overruns:0 frame:0 TX packets:36701 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:10 Base address:0xb400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 Kernel IP routing table machine B Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.40.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 193.205.242.52 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 193.205.242.0 0.0.0.0 255.255.255.128 U 0 0 0 eth0 193.205.242.128 193.205.242.38 255.255.255.128 UG 0 0 0 eth0 192.168.40.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.0.0 192.168.40.1 255.255.0.0 UG 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 193.205.242.100 0.0.0.0 UG 0 0 0 eth0 IFCONFIG of my linux machine A is: eth0 Link encap:Ethernet HWaddr 00:C0:F0:3B:AD:7B inet addr:192.168.200.2 Bcast:192.168.200.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2363 errors:0 dropped:0 overruns:0 frame:0 TX packets:1213 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:10 Base address:0xe400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 Kernel IP routing table machine A Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.200.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.200.1 0.0.0.0 UG 0 0 0 eth0 On machine A I have installed my linux pptp client pptp-linux-1.0.2 and on my machine B I have installed pptp server pptpd-1.0.0. On server B I have: file /etc/ppp/options debug name "elle" ( it is the name of my Tunnel server) auth require-chap proxyarp file /etc/pptpd.conf speed 115200 localip 193.205.242.80 ( a public address which I own) remoteip 193.205.242.81( a public address which I own) file /etc/ppp/chap-secrets "kate" "elle" root * ( kate is the name of my client) When I am on my server B I run these: 1. killall syslogd 2. /usr/sbin/syslogd 3. /usr/local/sbin/pptpd At this point on my client A I run: ppptp elle (elle is my tunnel server B) the system B (tunnel client) answer is: (unknown)[628]:log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]:Client connection established (unknown)[628]:log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]:Outgoing call established On my tunnel server the system answer is: No free connection slots or IPs available -no more clients can connect Is it now the tunnel right established? At this point I think I can run all applications from my private LAN towards Internet through tunnel ( for example ping) but no packets go out from my machine B!!! Can you help me? Is right this setup? Have I to add some particular route on my server or on my client? Thanks a lot Raffaele Pellicciotta From anderson at moat.centtech.com Tue Nov 9 08:52:36 1999 From: anderson at moat.centtech.com (Eric Anderson) Date: Tue Nov 9 08:52:36 1999 Subject: [pptp-server] gateways and netmasks Message-ID: <4.2.0.58.19991109085148.00a5c270@mailhost.centtech.com> is there a way to set the gateway and netmask with poptop (so the client forces all traffic thru the pptp connection)? Shouldn't this be in the pptp.conf file? Fast. Reliable. Powerful. User-friendly. Now choose any two. From anderson at moat.centtech.com Tue Nov 9 09:29:36 1999 From: anderson at moat.centtech.com (Eric Anderson) Date: Tue Nov 9 09:29:36 1999 Subject: [pptp-server] gateways and netmasks In-Reply-To: <000b01bf2ac6$6d4fc9e0$071c0fc0@lala.net> References: <4.2.0.58.19991109085148.00a5c270@mailhost.centtech.com> Message-ID: <4.2.0.58.19991109092836.00a868e0@mailhost.centtech.com> Hmm, it seems to be setting the gateway to the same ip as the vpn adapter itself.. what am i missing here? At 07:23 AM 11/9/99 -0800, you wrote: >not really, for windows clients, the use default gateway on remote network >does what you want - it forces all traffic that doesnt match one of the >existing windows routes to tho through the vpn device > >Kevin >----- Original Message ----- > > > is there a way to set the gateway and netmask with poptop (so the client > > forces all traffic thru the pptp connection)? Shouldn't this be in the > > pptp.conf file? Fast. Reliable. Powerful. User-friendly. Now choose any two. From crozen00 at direct.a2000.nl Tue Nov 9 10:44:36 1999 From: crozen00 at direct.a2000.nl (andre) Date: Tue Nov 9 10:44:36 1999 Subject: [pptp-server] pptpd error? Message-ID: <199911091743.SAA09283@surfbeast.nl.eu.org> Hello everybody.. I have installed SSLeay-0.6.6b ppp-2.3.8.tar.gz pptpd-1.0.0.tgz Modules and pptpd are loaded succesfully. When I login with a windows 98 client and get the following errors. Nov 9 18:31:09 surfbeast pppd[9275]: pppd 2.3.8 started by root, uid 0 Nov 9 18:31:09 surfbeast pppd[9275]: Using interface ppp0 Nov 9 18:31:09 surfbeast pppd[9275]: Connect: ppp0 <--> /dev/pts/2 Nov 9 18:31:09 surfbeast pppd[9275]: No CHAP secret found for authenticating a_t_r Nov 9 18:31:09 surfbeast pppd[9275]: CHAP peer authentication failed for remote host a_t_r Nov 9 18:31:09 surfbeast pppd[9275]: Connection terminated. Nov 9 18:31:09 surfbeast pptpd[9274]: GRE: read(fd=4,buffer=804d40c,len=8196) from PTY failed: status = -1 error = Input/output error Nov 9 18:31:09 surfbeast pptpd[9274]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Nov 9 18:31:09 surfbeast pptpd[9274]: CTRL: Client 1.1.1.1 control connection finished Nov 9 18:31:09 surfbeast pppd[9275]: Exit. What is wrong about my configuration ? Andre From anderson at moat.centtech.com Tue Nov 9 11:36:44 1999 From: anderson at moat.centtech.com (Eric Anderson) Date: Tue Nov 9 11:36:44 1999 Subject: [pptp-server] pptpd error? In-Reply-To: <199911091743.SAA09283@surfbeast.nl.eu.org> Message-ID: <4.2.0.58.19991109113559.00a87d50@mailhost.centtech.com> an error in your /etc/ppp/options file can cause this.. At 05:45 PM 11/9/99 +0100, you wrote: >Hello everybody.. > >I have installed >SSLeay-0.6.6b >ppp-2.3.8.tar.gz >pptpd-1.0.0.tgz > >Modules and pptpd are loaded succesfully. >When I login with a windows 98 client and get the following errors. > >Nov 9 18:31:09 surfbeast pppd[9275]: pppd 2.3.8 started by root, uid 0 >Nov 9 18:31:09 surfbeast pppd[9275]: Using interface ppp0 >Nov 9 18:31:09 surfbeast pppd[9275]: Connect: ppp0 <--> /dev/pts/2 >Nov 9 18:31:09 surfbeast pppd[9275]: No CHAP secret found for >authenticating a_t_r >Nov 9 18:31:09 surfbeast pppd[9275]: CHAP peer authentication failed for >remote host a_t_r >Nov 9 18:31:09 surfbeast pppd[9275]: Connection terminated. >Nov 9 18:31:09 surfbeast pptpd[9274]: GRE: >read(fd=4,buffer=804d40c,len=8196) from PTY failed: status = -1 error = >Input/output error >Nov 9 18:31:09 surfbeast pptpd[9274]: CTRL: PTY read or GRE write failed >(pty,gre)=(4,5) >Nov 9 18:31:09 surfbeast pptpd[9274]: CTRL: Client 1.1.1.1 control >connection finished >Nov 9 18:31:09 surfbeast pppd[9275]: Exit. > >What is wrong about my configuration ? > >Andre > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! Fast. Reliable. Powerful. User-friendly. Now choose any two. From tmk at netmagic.net Tue Nov 9 13:35:56 1999 From: tmk at netmagic.net (tmk) Date: Tue Nov 9 13:35:56 1999 Subject: [pptp-server] pptpd error? In-Reply-To: <4.2.0.58.19991109113559.00a87d50@mailhost.centtech.com> Message-ID: it more likely doesnt have a password in teh /etc/ppp/chap-secrets file for the user, so it cant authenticate him. Read the faqs for using mschap. Kevin On Tue, 9 Nov 1999, Eric Anderson wrote: > an error in your /etc/ppp/options file can cause this.. > > At 05:45 PM 11/9/99 +0100, you wrote: > >Hello everybody.. > > > >I have installed > >SSLeay-0.6.6b > >ppp-2.3.8.tar.gz > >pptpd-1.0.0.tgz > > > >Modules and pptpd are loaded succesfully. > >When I login with a windows 98 client and get the following errors. > > > >Nov 9 18:31:09 surfbeast pppd[9275]: pppd 2.3.8 started by root, uid 0 > >Nov 9 18:31:09 surfbeast pppd[9275]: Using interface ppp0 > >Nov 9 18:31:09 surfbeast pppd[9275]: Connect: ppp0 <--> /dev/pts/2 > >Nov 9 18:31:09 surfbeast pppd[9275]: No CHAP secret found for > >authenticating a_t_r > >Nov 9 18:31:09 surfbeast pppd[9275]: CHAP peer authentication failed for > >remote host a_t_r > >Nov 9 18:31:09 surfbeast pppd[9275]: Connection terminated. > >Nov 9 18:31:09 surfbeast pptpd[9274]: GRE: > >read(fd=4,buffer=804d40c,len=8196) from PTY failed: status = -1 error = > >Input/output error > >Nov 9 18:31:09 surfbeast pptpd[9274]: CTRL: PTY read or GRE write failed > >(pty,gre)=(4,5) > >Nov 9 18:31:09 surfbeast pptpd[9274]: CTRL: Client 1.1.1.1 control > >connection finished > >Nov 9 18:31:09 surfbeast pppd[9275]: Exit. > > > >What is wrong about my configuration ? > > > >Andre > > > > > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >List services provided by www.schulte.org! > > > > Fast. Reliable. Powerful. User-friendly. Now choose any two. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From crozen00 at direct.a2000.nl Tue Nov 9 13:57:57 1999 From: crozen00 at direct.a2000.nl (andre) Date: Tue Nov 9 13:57:57 1999 Subject: [pptp-server] pptpd error? (now routing) Message-ID: <199911092056.VAA09908@surfbeast.nl.eu.org> if i login it create a ppp device. And i see network traffic on the ppp device. The problem is that there is no communication between the ppp devices. I think a routing problem. How can i fix it. Here my network. internal network/ external network 1.1.1.0 / 62.108.6.0 S E R V E R 1.1.1.2 / 62.108.6.143 VPN ppp 192.168.1.0 Configuration files. ---- /etc/pptpd.conf speed 115200 localip 1.1.1.10-20 remoteip 192.168.1.10-20 ---- >/sbin/ifconfig ppp0 Link encap:Point-to-Point Protocol inet addr:1.1.1.10 P-t-P:192.168.1.10 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:25 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 ppp1 Link encap:Point-to-Point Protocol inet addr:1.1.1.11 P-t-P:192.168.1.11 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:259 errors:0 dropped:0 overruns:0 frame:0 TX packets:142 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 >nestat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 1.1.1.2 * 255.255.255.255 UH 0 0 0 eth1 192.168.1.10 * 255.255.255.255 UH 0 0 0 ppp0 192.168.1.11 * 255.255.255.255 UH 0 0 0 ppp1 1.1.1.0 * 255.255.255.0 U 0 0 0 eth1 62.108.6.0 * 255.255.254.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default h8rtr1.a2000.nl 0.0.0.0 UG 0 0 0 eth > an error in your /etc/ppp/options file can cause this.. > At 05:45 PM 11/9/99 +0100, you wrote: >>Hello everybody.. >> >>I have installed >>SSLeay-0.6.6b >>ppp-2.3.8.tar.gz >>pptpd-1.0.0.tgz >> >>Modules and pptpd are loaded succesfully. >>When I login with a windows 98 client and get the following errors. >> >>Nov 9 18:31:09 surfbeast pppd[9275]: pppd 2.3.8 started by root, uid 0 >>Nov 9 18:31:09 surfbeast pppd[9275]: Using interface ppp0 >>Nov 9 18:31:09 surfbeast pppd[9275]: Connect: ppp0 <--> /dev/pts/2 >>Nov 9 18:31:09 surfbeast pppd[9275]: No CHAP secret found for >>authenticating a_t_r >>Nov 9 18:31:09 surfbeast pppd[9275]: CHAP peer authentication failed for >>remote host a_t_r >>Nov 9 18:31:09 surfbeast pppd[9275]: Connection terminated. >>Nov 9 18:31:09 surfbeast pptpd[9274]: GRE: >>read(fd=4,buffer=804d40c,len=8196) from PTY failed: status = -1 error = >>Input/output error >>Nov 9 18:31:09 surfbeast pptpd[9274]: CTRL: PTY read or GRE write failed >>(pty,gre)=(4,5) >>Nov 9 18:31:09 surfbeast pptpd[9274]: CTRL: Client 1.1.1.1 control >>connection finished >>Nov 9 18:31:09 surfbeast pppd[9275]: Exit. >> >>What is wrong about my configuration ? >> >>Andre >> >> >>_______________________________________________ >>pptp-server maillist - pptp-server at lists.schulte.org >>http://lists.schulte.org/mailman/listinfo/pptp-server >>List services provided by www.schulte.org! > Fast. Reliable. Powerful. User-friendly. Now choose any two. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From sistemas1 at hipernet.es Wed Nov 10 07:24:27 1999 From: sistemas1 at hipernet.es (David =?iso-8859-1?Q?Sede=F1o=20Fern=E1ndez?=) Date: Wed Nov 10 07:24:27 1999 Subject: [pptp-server] Clients are masquerade. Message-ID: <38297E74.A8C32A2A@hipernet.es> Hi, I'm in trouble with wins pptp clients against pptpd. The win lan are behind a router rdsi that masquerade all of them to the internet. All the wins can conect to pptpd, but only works one at the same time. If I ping one of the remote ip of the win side of tunel, I recive a DUP! packet. The others can't ping the other side of the tunnel (only one works). -- David Sede?o Fern?ndez Servicio Tecnico Virtual Net, S.L. Grupo Hipernet C/. Casas de Campos, 3 29001 M?laga Tlf Nal.: 902 20 21 02 Tlf Int.: +34 95 222 92 14 http://www.hipernet.es/ mailto:sistemas at hipernet.es From andre at direct.a2000.nl Wed Nov 10 08:33:23 1999 From: andre at direct.a2000.nl (andre) Date: Wed Nov 10 08:33:23 1999 Subject: [pptp-server] Routing problem Message-ID: <199911101532.QAA00757@surfbeast.nl.eu.org> Hello everybody, If i'm login with a vpn client it create a ppp device on linux, and i see network traffic on the ppp device. The problem is that there is no communication between the ppp devices. I think a routing problem. How can i fix it ? Here my network and some configuration files. internal network/ external network 1.1.1.0 / 62.108.6.0 S E R V E R 1.1.1.2 / 62.108.6.143 VPN ppp 192.168.1.0 ---- >/etc/pptpd.conf speed 115200 localip 1.1.1.10-20 remoteip 192.168.1.10-20 ---- >/sbin/ifconfig ppp0 Link encap:Point-to-Point Protocol inet addr:1.1.1.10 P-t-P:192.168.1.10 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:25 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 ppp1 Link encap:Point-to-Point Protocol inet addr:1.1.1.11 P-t-P:192.168.1.11 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:259 errors:0 dropped:0 overruns:0 frame:0 TX packets:142 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 >nestat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 1.1.1.2 * 255.255.255.255 UH 0 0 0 eth1 192.168.1.10 * 255.255.255.255 UH 0 0 0 ppp0 192.168.1.11 * 255.255.255.255 UH 0 0 0 ppp1 1.1.1.0 * 255.255.255.0 U 0 0 0 eth1 62.108.6.0 * 255.255.254.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default h8rtr1.a2000.nl 0.0.0.0 UG 0 0 0 eth Andre andre at direct.a2000.nl From tlskinner at hendersontrucking.com Wed Nov 10 09:21:02 1999 From: tlskinner at hendersontrucking.com (Tony Skinner) Date: Wed Nov 10 09:21:02 1999 Subject: [pptp-server] Routing problem In-Reply-To: <199911101532.QAA00757@surfbeast.nl.eu.org> Message-ID: <3.0.6.32.19991110092004.007b2bf0@mail.hendersontrucking.com> At 02:46 PM 11/10/99 +0100, you wrote: >Hello everybody, > >If i'm login with a vpn client it create a ppp device on linux, and i see network traffic on the ppp device. >The problem is that there is no communication between the ppp devices. I think a routing problem. How can i fix it ? I see several problems with the setup you have listed here. 1. Your internal network is using a routable ip address scheme. You should change this to 192.168.0.0 Class-C network space which has been defined as private network addressing. If you require more addresses for your internal network then you can use either the Class-A address scheme of 10.0.0.0 or the Class-B scheme of 172.16.0.0 - 172.31.255.255. 2. Your PPP device is correctly using the 192.168.0.0 addressing scheme but since your internal network is on a completely different *logical* network, there is no information passing. As defined in the PoPToP HOWTO, the 'proxyarp' option only works if both the internal network and network addressing of the PPP interface are the same. If they are different, you must resort in creating a default route dynamically for each occurrence of a new PPP session. 3. You failed to show the configuration of your /etc/ppp/options file so I can't see how you have configured ppp to function. I suggest you consult the HOWTO document for PoPToP. It will answer all your questions. Tony > >Here my network and some configuration files. > >internal network/ external network > 1.1.1.0 / 62.108.6.0 > S E R V E R > 1.1.1.2 / 62.108.6.143 > >VPN >ppp >192.168.1.0 > >---- From aroy at extramile.net Wed Nov 10 11:40:02 1999 From: aroy at extramile.net (Andrew Roy) Date: Wed Nov 10 11:40:02 1999 Subject: [pptp-server] VPN over ADSL Message-ID: Hi, I'm new to the list here. Here's my problem. I have two locations both with an ADSL line. Both locations have WindowsNT networks masqueraded behind a linux box (Bellsouth doesn't like for you to have networks on an ADSl line and they have spiders out to find them, If you use NT to proxy the connection they can see it and disconnect your service) My problem is I was wondering if there was a way to connect the two LINUX boxs so that the two networks on either side can see each other. From EMIR.TOKTAR at bra.xerox.com Wed Nov 10 17:18:51 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Wed Nov 10 17:18:51 1999 Subject: [pptp-server] Authentication ppp Help!! Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F13B7@bra0070ms1.bra.xerox.com> Hello everybody, I?m using PoPToP and it is working fine and I?m doing performance tests via LAN to LAN with VPN over LAN. I have installed the following softwares: pptp-1.0.0 ppp-2.3.8 SSLeay-0.6.6b Red Hat 6.0 kernel 2.2.5-15 1)***************THIS WORK*********************************** LAN configuration tested : | | LAN 200.170.98.* | Domain (DNS): puc.anydomain.edu | Server NIS : 200.170.98.147 | [NIS server on this LAN] | | Linux VPN | Host Name: "vpnlinux" | Samba server ok | |--------------------------| |-----|IP (eth1): 200.170.98.50 | |-----|IP (eth0): 172.16.0.2 | | TTTT|--------------------------| | T | T | T | T | T "VPN Tunnel" | T | T | T | T NT Server | T Host Name: "ntsrv" | T Network Domain (NT): DAEMON | T DNS Domain: crypto.net | TTTT|--------------------------| |-----|IP: 172.16.0.1 | | |--------------------------| | /etc/pptpd.conf speed 115200 localip 192.168.0.234-238 remoteip 192.168.1.234-238 /etc/ppp/options debug name vpnlinux.crypto.net auth require-chap proxyarp .... /etc/ppp/chap-secrets billy vpnlinux.crypto.net bob * 1)This configuration, the NT Server "ntsrv" (172.16.0.1) can?t ping or make telnet (of course!) to any adress 200.170.98.*, but browsing NT (by Network Neighborhood) list servers, domains and workgroups. [Linux,Solaris, NT and others]. e.g. Connectivity means that you have a physical network path between your local computer and a remote computer. BROWSING is the ability to search a local or remote network for resources. When I make a conection Dialup from VPN Server, the computer "ntsrv" receives a remoteip and I can see in Windows Explorer NT (via Samba): ______________________________________________________ +My Computer +Network Neighborhood DAEMON |- ntsrv\\shared (172.16.0.1) |- linuxvpn\\shared (172.16.0.2) |- linuxvpn\\shared (192.168.1.234) VPN conection OTHERS WORKGROUPS .... ___________________________________________________ I can ping, open Telnet sessions in LAN 172.*** or 192.****, access files etc. I tested the performance by sending files in connections CHAP, MS-CHAP, encryption and more.... 2)*************PROBLEM******************************************** I changed LAN configuration to interconnect two LANs with VPN Linux dual-homed and now I have some problems: I split up the LAN phisically, as showed below and I did the setup from Linux VPN "vpn" host to NIS Server (secundary domain options in linuxconfig) | | LAN 200.170.98.* | Domain (DNS): puc.anydomain.edu | Server NIS : 200.170.98.147 | Host Name NIS: nis.puc.anydomani.edu | [NIS server on this LAN] | | | Linux VPN | Host Name: vpnlinux | eth1: obelix.puc.anydomain.edu | eth0: vpnlinux.crypto.net | primary server: 172.16.0.1 ## NT Server | secundary server: 200.170.98.147 ## Linux NIS | Samba server ok |----|--------------------------LAN 200.*** |IP (eth1): 200.170.98.50 | | | | | |----|IP (eth0): 172.16.0.2 | | TTT| |LAN 172.*** | T |-------------------------| | T | T | T | T "VPN Tunnel" | T | T | T | TTT NT Server |-----IP: 172.16.0.1 | Host Name: ntsrv | Network Domain (NT): DAEMON DNS Domain: crypto.net /etc/pptpd.conf speed 115200 localip 200.170.98.40 #free address remoteip 200.170.98.41-44 #range free address /etc/ppp/options debug name nis.puc.anydomani.edu #NIS Server from 200.*** auth require-chap proxyarp .... /etc/ppp/chap-secrets billy nis.puc.anydomani.edu bob * When I make a connection DUN to VPN Server (172.16.0.2), I receive a remoteip IP 200.170.98.41 and I can ping others computers in this network address, on the computer "ntsrv", I CAN?T SEE ANY LIST in Windows Explorer NT (via Samba - same situation): ______________________________________________________ +My Computer +Network Neighborhood DAEMON |- ntsrv\\shared (172.16.0.1) |- linuxvpn\\shared (172.16.0.2) | |-> "NO MORE BROWSE ANY DEVICE FROM NETWORK" ????? ______________________________________________________ A) What's wrong in this configuration that I can't see the browsing but what's says the box above? >e.g. I think about samba config. B) How Can I authenticate the user by using NIS Server to avoid having the name and password of the user recorded in /etc/ppp/chap-secrets? # I wouldn?t like of to use # names in clear-text mode ==> chap-secrets # #/etc/ppp/chap-secrets # billy nis.puc.anydomani.edu bob * Is there any script to send me like example? I?m reading some PPP HowTo but I?m not certainly the solution... If the NIS Server makes users authentication, it can manager the passwords changes, or maybe, using the /etc/passwd file with users registered and not etc/ppp/chap-secrets file. Regards Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br From tmk at netmagic.net Wed Nov 10 18:24:04 1999 From: tmk at netmagic.net (tmk) Date: Wed Nov 10 18:24:04 1999 Subject: [pptp-server] VPN over ADSL References: Message-ID: <001a01bf2bdb$760f2740$071c0fc0@lala.net> there are lots of ways to do it, poptop probably isnt the easiest. I think there is something called vpnd that was on freshmeat a while back, and there have been 3 or 4 other solutions i have seen. one used ssh and ppp, others used different things. pptp will work, but there are better ways. Kevin ----- Original Message ----- From: Andrew Roy To: Sent: Wednesday, November 10, 1999 9:49 AM Subject: [pptp-server] VPN over ADSL > Hi, I'm new to the list here. > > Here's my problem. > > I have two locations both with an ADSL line. Both locations have WindowsNT > networks masqueraded behind a linux box (Bellsouth doesn't like for you to > have networks on an ADSl line and they have spiders out to find them, If you > use NT to proxy the connection they can see it and disconnect your service) > > My problem is I was wondering if there was a way to connect the two LINUX > boxs so that the two networks on either side can see each other. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Wed Nov 10 18:32:58 1999 From: tmk at netmagic.net (tmk) Date: Wed Nov 10 18:32:58 1999 Subject: [pptp-server] Authentication ppp Help!! References: <51E5E026247AD2118CDD0008C74CC2DD5F13B7@bra0070ms1.bra.xerox.com> Message-ID: <002501bf2bdc$b45f30c0$071c0fc0@lala.net> your problem is a routing problem. you need to tell NT that there is a path to the 200.*.*.* lan using the linux box as a gateway. You then need be sure that ip forwarding is enabled so linux will route the packets. All computers involved in the conversation will have to have the linux box listed as a gateway. i *THINK* the nt command to add the route is: route add 200.0.0.0 mask 255.0.0.0 172.16.0.2 metric 1 in english, this says "add a route to the 200.*.*.* network using 172.16.0.2 as a gateway. It takes one hop to get there." the linux box will probably not need any additional configuration. Kevin ----- Original Message ----- From: Toktar, Emir To: Cc: Sent: Wednesday, November 10, 1999 1:02 PM Subject: [pptp-server] Authentication ppp Help!! > Hello everybody, > > > I?m using PoPToP and it is working fine and I?m doing performance tests via > LAN to LAN with VPN over LAN. > > I have installed the following softwares: > pptp-1.0.0 > ppp-2.3.8 > SSLeay-0.6.6b > Red Hat 6.0 kernel 2.2.5-15 > > > 1)***************THIS WORK*********************************** > > LAN configuration tested : > > | > | LAN 200.170.98.* > | Domain (DNS): puc.anydomain.edu > | Server NIS : 200.170.98.147 > | [NIS server on this LAN] > | > | Linux VPN > | Host Name: "vpnlinux" > | Samba server ok > | |--------------------------| > |-----|IP (eth1): 200.170.98.50 | > |-----|IP (eth0): 172.16.0.2 | > | TTTT|--------------------------| > | T > | T > | T > | T > | T "VPN Tunnel" > | T > | T > | T > | T NT Server > | T Host Name: "ntsrv" > | T Network Domain (NT): DAEMON > | T DNS Domain: crypto.net > | TTTT|--------------------------| > |-----|IP: 172.16.0.1 | > | |--------------------------| > | > > > > /etc/pptpd.conf > speed 115200 > localip 192.168.0.234-238 > remoteip 192.168.1.234-238 > > /etc/ppp/options > debug > name vpnlinux.crypto.net > auth > require-chap > proxyarp .... > > /etc/ppp/chap-secrets > billy vpnlinux.crypto.net bob * > > > > 1)This configuration, the NT Server "ntsrv" (172.16.0.1) can?t ping or make > telnet (of course!) to any adress 200.170.98.*, but browsing NT (by Network > Neighborhood) list servers, domains and workgroups. [Linux,Solaris, NT and > others]. > > e.g. Connectivity means that you have a physical network path between your > local computer and a remote computer. BROWSING is the ability to search a > local or remote network for resources. > > > > When I make a conection Dialup from VPN Server, the computer "ntsrv" > receives a remoteip and I can see in Windows Explorer NT (via Samba): > ______________________________________________________ > +My Computer > +Network Neighborhood > DAEMON > |- ntsrv\\shared (172.16.0.1) > |- linuxvpn\\shared (172.16.0.2) > |- linuxvpn\\shared (192.168.1.234) VPN conection > OTHERS > WORKGROUPS > .... > ___________________________________________________ > > I can ping, open Telnet sessions in LAN 172.*** or 192.****, access files > etc. > I tested the performance by sending files in connections CHAP, MS-CHAP, > encryption and more.... > > > > > 2)*************PROBLEM******************************************** > > I changed LAN configuration to interconnect two LANs with VPN Linux > dual-homed and now I have some problems: > > I split up the LAN phisically, as showed below and I did the setup from > Linux VPN "vpn" host to NIS Server (secundary domain options in linuxconfig) > > | > | LAN 200.170.98.* > | Domain (DNS): puc.anydomain.edu > | Server NIS : 200.170.98.147 > | Host Name NIS: nis.puc.anydomani.edu > | [NIS server on this LAN] > | > | > | Linux VPN > | Host Name: vpnlinux > | eth1: obelix.puc.anydomain.edu > | eth0: vpnlinux.crypto.net > | primary server: 172.16.0.1 ## NT Server > | secundary server: 200.170.98.147 ## Linux NIS > | Samba server ok > |----|--------------------------LAN 200.*** > |IP (eth1): 200.170.98.50 | > | | > | | > |----|IP (eth0): 172.16.0.2 | > | TTT| |LAN 172.*** > | T |-------------------------| > | T > | T > | T > | T "VPN Tunnel" > | T > | T > | T > | TTT NT Server > |-----IP: 172.16.0.1 > | Host Name: ntsrv > | Network Domain (NT): DAEMON > DNS Domain: crypto.net > > > /etc/pptpd.conf > speed 115200 > localip 200.170.98.40 #free address > remoteip 200.170.98.41-44 #range free address > > /etc/ppp/options > debug > name nis.puc.anydomani.edu #NIS Server from 200.*** > auth > require-chap > proxyarp .... > > /etc/ppp/chap-secrets > billy nis.puc.anydomani.edu bob * > > > When I make a connection DUN to VPN Server (172.16.0.2), I receive a > remoteip IP 200.170.98.41 and I can ping others computers in this network > address, on the computer "ntsrv", I CAN?T SEE ANY LIST in Windows Explorer > NT (via Samba - same situation): > ______________________________________________________ > +My Computer > +Network Neighborhood > DAEMON > |- ntsrv\\shared (172.16.0.1) > |- linuxvpn\\shared (172.16.0.2) > | > |-> "NO MORE BROWSE ANY DEVICE FROM NETWORK" ????? > ______________________________________________________ > > > A) What's wrong in this configuration that I can't see the browsing but > what's says the box above? > >e.g. I think about samba config. > > > B) How Can I authenticate the user by using NIS Server to avoid having the > name and password of the user recorded in /etc/ppp/chap-secrets? > > # I wouldn?t like of to use > # names in clear-text mode ==> chap-secrets > # > #/etc/ppp/chap-secrets > # billy nis.puc.anydomani.edu bob * > > > Is there any script to send me like example? I?m reading some PPP HowTo but > I?m not certainly the solution... > If the NIS Server makes users authentication, it can manager the passwords > changes, or maybe, using the /etc/passwd file with users registered and not > etc/ppp/chap-secrets file. > > > > Regards > > Emir Toktar > > +55 (**41) 340-7157 > emir.toktar at bra.xerox.com > toktar at per.com.br > toktar at ppgia.pucpr.br > > Emir Toktar > > +55 (**41) 340-7157 > emir.toktar at bra.xerox.com > toktar at per.com.br > toktar at ppgia.pucpr.br > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From rez.zapatero at csoft.co.uk Thu Nov 11 05:58:11 1999 From: rez.zapatero at csoft.co.uk (Rez Erik Zapatero) Date: Thu Nov 11 05:58:11 1999 Subject: [pptp-server] Routing not working on PPTP connection Message-ID: <006801bf2c3b$fcb0c8c0$cc00000a@csoft.co.uk> Hi, I'm using Microsoft Windows 98 to start a dial-up connection to my ISP, and then start a VPN connection to my Linux server with ppp 2.3.8 (patched for MPPE), I can get the connection up but can not ping the remote server. I have a Cisco router with 1723 port open and IP type 47 open. I just need help with routing. Any ideas? Rez -- Rez Erik Zapatero, Connection Software, 391 City Road, LONDON EC1V 1NE Tel:+44 (0)171 713 8000 mailto:rez.zapatero at csoft.co.uk Fax:+44 (0)171 713 8001 http://www.csoft.co.uk From mis at cindyrowe.com Thu Nov 11 12:08:07 1999 From: mis at cindyrowe.com (Matthew C. Grab) Date: Thu Nov 11 12:08:07 1999 Subject: [pptp-server] PPP 2.3.10 Message-ID: <002901bf2c6f$da89a8f0$0200a8c0@mis> Hi, I have been following the PopTop faq and Emir Toktar's additions to the faq, and I have run into something. I don't have a ppp_mppe module. I follow these lines: [make modules SUBDIRS=drivers/net] [make modules_install] [rmmod ppp] (+) [insmod slhc] (+) [insmod ppp] (+) [insmod bsd_comp] (+) [insmod ppp_deflate] (+) [insmod ppp_mppe] this is when I find I don't have a ppp_mppe module. I've looked in /lib/modules/2.2.13 (that's the kernel version I downloaded). I find slhc, ppp, bsd_comp, and ppp_deflate, but not ppp_mppe. Any thoughts? I am compiling ppp 2.3.10 with the patch named ppp-2.3.10-openssl-norc4-mppe.patch I used the command patch -p0 < ppp-2.3.10-openssl-norc4-mppe.patch Thanks in advance, Matt Grab p.s. I've been working on this for a while, and the only time I get anywhere, is when I follow your advice! From luiz at nlink.com.br Thu Nov 11 13:24:45 1999 From: luiz at nlink.com.br (Luiz de Barros) Date: Thu Nov 11 13:24:45 1999 Subject: [pptp-server] CM4000 In-Reply-To: <002901bf2c6f$da89a8f0$0200a8c0@mis> Message-ID: Dear All, Does anybody have any good news about the development of support for Compaq/Microcomm 4000 PPTP implementation in PoPToP? We have one here and have to keep using Windose NoThanks only for doing the ISDN autentication. -- Luiz de Barros Oliveira Neto Nlink Internet Provider - Diretor Fone: (0xx81) 320.4444 Fax: (0xx81) 320.4448 Modems: (0xx81) 320.4466 From mis at cindyrowe.com Thu Nov 11 14:39:03 1999 From: mis at cindyrowe.com (Matthew C. Grab) Date: Thu Nov 11 14:39:03 1999 Subject: [pptp-server] Re: pptp-server PPP 2.3.10 Message-ID: <004901bf2c84$f0853470$0200a8c0@mis> Also, since compiling my own kernel the disk has been thrashing. /proc/meminfo says I have about 1 MB free Mem, and 0 used Swap, anyone know what the thrasing's from? df shows I have 98% of my disk used. I know this is off topic, but I thought since it was a problem I'm encountering in the course of this install, maybe you could help. Thanks in advance, Matt Grab mis at cindyrowe.com From jasonf at Baldwingroup.COM Thu Nov 11 15:17:56 1999 From: jasonf at Baldwingroup.COM (Jason M. Felice) Date: Thu Nov 11 15:17:56 1999 Subject: [pptp-server] Encryption Problem (me too) In-Reply-To: <199911042202.QAA18614@pollux.imsa.edu>; from locutus@imsa.edu on Thu, Nov 04, 1999 at 04:02:54PM -0600 References: <199911042202.QAA18614@pollux.imsa.edu> Message-ID: <19991111161745.B16053@waco.baldwingroup.com> On Thu, Nov 04, 1999 at 04:02:54PM -0600, locutus at imsa.edu wrote: > Hello all. > > I have successfully installed PoPToP 1.0.0 on a RedHat 6.0 (kernel 2.2.5) > system. I can connect to it from any 98 host, and can communicate with > any host on my private network. However, when I check "require encrypted > authentication" within the DUN properties on the client, I am no longer > able to communicate with the private network. The DUN connection can > still be established, and the correct IP is assigned, but communication > is impossible. I have installed the ppp-mppe patch, recompiled the kernel, > and have loaded all of the necessary modules. I have also installed SSLeay > 0.6.6b. In addition, I have installed the DUN 4.0 update per the HOWTO. > This happens from multiple clients, some running 98 and some running 98se. > None of these have helped. Here is what I find in /var/log/pptpd.log: > > pppd[1735]: MPPE 40 bit, stateless compression enabled > pppd[1735]: Script /etc/ppp/ip-up finished (pid 1736), status = 0x0 > pppd[1735]: rcvd [proto=0x4da7] cd 80 08 8a be c6 bc f1 4d 6e ad a5 04 2e > 91 1f 96 1d b5 3d b0 f4 92 12 0c f9 a6 ce > pppd[1735]: Unsupported protocol (0x4da7) received > > The last two lines continue, with a different set of numbers in the > "unsupported protocol" line, until I disconnect. Here is my /etc/ppp/options: > > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > name punk > require-chap > proxyarp I am having the exact same problem here, with multiple Windows 98 machines. The configuration is exactly the same as this, except I don't have the 'name' line in the options file. (I've tried with and without proxyarp, and all compinations of mppe/chap options). ppp-2.3.8+mppe To answer the next question that will be asked, IP header compression is off, IPX/SPX is off, Netbeui is off, Log on to remote network is off. The mppe module is loaded (it appears in the log), so are the compression modules, loaded via aliases in /etc/conf.modules - kernel is 2.2.9, (okay two differences). Require data encryption is on (if I turn it off, I can get an unencrypted tunnel which works fine), require encrypted password is on, record a log file for this connection is on (although it won't *sigh*), I've tried with use default gateway on remote network both on and off (usually off), and I've gone through all of the FAQs and howtos and docs three times now. If log on to network is off (which is where I typically keep it, but I've tried everything), there is a one-to-one relationship between packets I try to send accross the wire and 'Unsupported protocol' messages. All traffic is ICMP or TCP, I have not tried UDP. We have an NT server, and this Windows98 box *will* connect to the NT server with an encrypted connection and route traffic just fine. This is on a modified RH5.2 with kernel 2.2 and the kernel2.2 RPM updates provided by redhat. > > I have run out of ideas. Any suggestions? I have a test box, and PoPToP has gone into our 'custom linux distro', so I can install it and get it onto our subnet fairly quickly. If any developer wants to see what's going on with an exact replica, please let me know. I know this is working under similar configurations, I've talked with a fellow Cleveland Linux User's Group member who has this working in a few offices, although that is an older version PoPToP (only thing I can think of). > > Thanks in advance. > > Michael Holl > -- > locutus at imsa.edu > -Jay 'Eraserhead' Felice P.S. Are there any changes in CVS? From locutus at imsa.edu Thu Nov 11 15:46:29 1999 From: locutus at imsa.edu (locutus at imsa.edu) Date: Thu Nov 11 15:46:29 1999 Subject: [pptp-server] Encryption Problem (me too) In-Reply-To: <19991111161745.B16053@waco.baldwingroup.com> from "Jason M. Felice" at Nov 11, 1999 04:17:45 PM Message-ID: <199911112146.PAA24667@pollux.imsa.edu> I tried reinstalling everything, going step-by-step through the directions in the HOWTO, and continue to get the same "unsupported protocol" errors. At least I'm not alone... Michael Holl -- locutus at imsa.edu From tmk at netmagic.net Thu Nov 11 17:42:00 1999 From: tmk at netmagic.net (tmk) Date: Thu Nov 11 17:42:00 1999 Subject: [pptp-server] Re: pptp-server PPP 2.3.10 In-Reply-To: <004901bf2c84$f0853470$0200a8c0@mis> Message-ID: well, if your disk is 98% used, the free space is most likely not contigous (it's spread out in small sections all over teh drive) so if linux needs say a meg of disk space for swap or what have you, it needs to go all over the disk to get it. Bad Things happen when server-class operating systems run out of disk space. Make sure you have plenty of free space in case something decides to go nuts and full up your logs. Kevin On Thu, 11 Nov 1999, Matthew C. Grab wrote: > Also, > since compiling my own kernel the disk has been thrashing. /proc/meminfo > says I have about 1 MB free Mem, and 0 used Swap, anyone know what the > thrasing's from? > df shows I have 98% of my disk used. > > I know this is off topic, but I thought since it was a problem I'm > encountering in the course of this install, maybe you could help. > > Thanks in advance, > Matt Grab > mis at cindyrowe.com > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From walterm at Gliatech.com Fri Nov 12 01:12:17 1999 From: walterm at Gliatech.com (Michael Walter) Date: Fri Nov 12 01:12:17 1999 Subject: [pptp-server] Detailed Instruction Set Re-Visited Message-ID: Hello All, Well, the detailed instruction set has unfortuanetly fallen to the back burner as other work crowds my day. It has been heavily revised but is still not a complete version. I am posting the latest version as many of the questions I have seen lately are referenced in the document. I have not had time to verify/test some key things thoroughly(Firewalling, all but basic install on RH 5.2, etc...) And a few things are last minute additions today for this posting. That neo disclaimer being said, here is the current Detailed Instruction Set... <> Michael J. Walter mcse Gliatech, Inc. 216-831-3200 walterm at gliatech.com mwalter at drwalter.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From walterm at Gliatech.com Fri Nov 12 08:21:51 1999 From: walterm at Gliatech.com (Michael Walter) Date: Fri Nov 12 08:21:51 1999 Subject: [pptp-server] Firewall Security Message-ID: Sorry for the misprint, the patch in my previous message should be applied to the 2.2.10 kernel Michael J. Walter mcse Gliatech, Inc. 216-831-3200 walterm at gliatech.com mwalter at drwalter.com From cswan at connectria.com Fri Nov 12 08:23:54 1999 From: cswan at connectria.com (Chris Swan) Date: Fri Nov 12 08:23:54 1999 Subject: [pptp-server] Re: pptp-server PPP 2.3.10 References: <004901bf2c84$f0853470$0200a8c0@mis> Message-ID: <000b01bf2d19$8589dbe0$07c0fc80@wustl.edu> Check top and see if syslog is the process that's grinding away. I've had this happen before, but I'm still not sure what causes it. I had clients connecting from behind an NT proxy server to my pptpd, and the log file for pptpd would just start loading itself up with out of order (and other) packet errors. I suspect it was something funky on the connection from the client's providers. Look at the pptpd log and see if it's _really_ big. Removing the debug flag for pptpd and stop/starting syslogd might stop it, for now. For me, the problem cleared itself up. ----- Original Message ----- From: Matthew C. Grab To: Sent: Thursday, November 11, 1999 2:40 PM Subject: [pptp-server] Re: pptp-server PPP 2.3.10 > Also, > since compiling my own kernel the disk has been thrashing. /proc/meminfo > says I have about 1 MB free Mem, and 0 used Swap, anyone know what the > thrasing's from? > df shows I have 98% of my disk used. > > I know this is off topic, but I thought since it was a problem I'm > encountering in the course of this install, maybe you could help. > > Thanks in advance, > Matt Grab > mis at cindyrowe.com > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From mis at cindyrowe.com Fri Nov 12 08:27:56 1999 From: mis at cindyrowe.com (Matthew C. Grab) Date: Fri Nov 12 08:27:56 1999 Subject: [pptp-server] Re: pptp-server PPP 2.3.10 References: <004901bf2c84$f0853470$0200a8c0@mis> <000b01bf2d19$8589dbe0$07c0fc80@wustl.edu> Message-ID: <00b601bf2d1a$484208b0$0200a8c0@mis> Thanks, Yep, that's basically what it was. I found that ppp was doing it. It had filled up the messages file. I disabled ppp until I could get my pppd compiled properly. Thanks again, Matt Grab mis at cindyrowe.com ----- Original Message ----- From: Chris Swan To: Matthew C. Grab ; Sent: Friday, November 12, 1999 9:23 AM Subject: Re: [pptp-server] Re: pptp-server PPP 2.3.10 > Check top and see if syslog is the process that's grinding away. I've > had this happen before, but I'm still not sure what causes it. I had > clients connecting from behind an NT proxy server to my pptpd, and the > log file for pptpd would just start loading itself up with out of > order (and other) packet errors. I suspect it was something funky on > the connection from the client's providers. > > Look at the pptpd log and see if it's _really_ big. > > Removing the debug flag for pptpd and stop/starting syslogd might stop > it, for now. For me, the problem cleared itself up. > > ----- Original Message ----- > From: Matthew C. Grab > To: > Sent: Thursday, November 11, 1999 2:40 PM > Subject: [pptp-server] Re: pptp-server PPP 2.3.10 > > > > Also, > > since compiling my own kernel the disk has been thrashing. > /proc/meminfo > > says I have about 1 MB free Mem, and 0 used Swap, anyone know what > the > > thrasing's from? > > df shows I have 98% of my disk used. > > > > I know this is off topic, but I thought since it was a problem I'm > > encountering in the course of this install, maybe you could help. > > > > Thanks in advance, > > Matt Grab > > mis at cindyrowe.com > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > > From walterm at Gliatech.com Fri Nov 12 08:34:18 1999 From: walterm at Gliatech.com (Michael Walter) Date: Fri Nov 12 08:34:18 1999 Subject: [pptp-server] Problem with firewalling section in detailed instruction set Message-ID: It's gonna be one of those mornings, the previous message was in reference to this message that I apparently deleted rather than sending... Anyway, the following problem can be used to usurp the default ipchains firewall code in redhat 6.0... The description of this problem is available at: ftp://ftp.rustcorp.com/ipchains/ipchains-patch-2.2.desc ftp://ftp.weisshuhn.de/pub/linux/ipchains/ftp.rustcorp.com/ipchains-patch-2. 2.desc | Authors: Thomas Lopatic | John McDonald | | Overview | -------- | | data protect has discovered a potential vulnerability in the Linux ipchains | firewall implementation. In certain situations, it is possible for an | attacker to bypass the packet filter when communicating with machines that | allow incoming packets to specific ports. This attack is a variation | of previously discussed fragmentation attacks, where the attacker uses | fragments to rewrite parts of the TCP or UDP protocol header. In this case | port information is rewritten in order to gain access to ports that should | be blocked by the firewall. In order to protect against this you need to use kernel 2.2.10 and apply the patch from: ftp://ftp.rustcorp.com/ipchains/ipchains-patch-2.2.diff ftp://ftp.weisshuhn.de/pub/linux/ipchains/ftp.rustcorp.com/ipchains-patch-2. 2.diff Or, I believe(don't quote me on this) kernel 2.2.13 has the fix already applied. Or the following rule may hinder other traffic on the firewall, but will prevent this attack: ipchains -A input -i eth0 -f -j DENY note eth0 should be the eth of your external(internet) interface. Michael J. Walter mcse Gliatech, Inc. 216-831-3200 walterm at gliatech.com mwalter at drwalter.com From jasonf at Baldwingroup.COM Fri Nov 12 08:41:30 1999 From: jasonf at Baldwingroup.COM (Jason M. Felice) Date: Fri Nov 12 08:41:30 1999 Subject: [pptp-server] Re: pptp-server PPP 2.3.10 In-Reply-To: <000b01bf2d19$8589dbe0$07c0fc80@wustl.edu>; from Chris Swan on Fri, Nov 12, 1999 at 08:23:41AM -0600 References: <004901bf2c84$f0853470$0200a8c0@mis> <000b01bf2d19$8589dbe0$07c0fc80@wustl.edu> Message-ID: <19991112094118.G16053@waco.baldwingroup.com> On Fri, Nov 12, 1999 at 08:23:41AM -0600, Chris Swan wrote: > Check top and see if syslog is the process that's grinding away. I've > had this happen before, but I'm still not sure what causes it. I had > clients connecting from behind an NT proxy server to my pptpd, and the > log file for pptpd would just start loading itself up with out of > order (and other) packet errors. I suspect it was something funky on > the connection from the client's providers. > > Look at the pptpd log and see if it's _really_ big. > > Removing the debug flag for pptpd and stop/starting syslogd might stop > it, for now. For me, the problem cleared itself up. > I've had the same problem, there is a patch below. Now I have a copy of pptp that doesn't have a race condition, but still doesn't work *sigh* -Jay 'Eraserhead' Felice --- pptpctrl.c.orig Thu Oct 21 09:43:49 1999 +++ pptpctrl.c Thu Oct 21 09:47:14 1999 @@ -454,6 +454,10 @@ /* Wait for STOP CTRL CONN RQST or RPLY */ while (select(clientSocket + 1, &connSet, NULL, NULL, &tv) == 1) { switch((pkt = read_pptp_packet(clientSocket, packet, rply_packet, &rply_size))) { + case 0: + case -1: + syslog(LOG_WARNING, "CTRL: Can't read message in disconnect sequence."); + goto skip; case STOP_CTRL_CONN_RQST: send_pptp_packet(clientSocket, rply_packet, rply_size); goto skip; From gord at amador.ca Fri Nov 12 11:28:38 1999 From: gord at amador.ca (Gord Belsey) Date: Fri Nov 12 11:28:38 1999 Subject: [pptp-server] pptp/pppd issue Message-ID: <024e01bf2d33$64309230$280111ac@amadorinc.com> I'm having a problem, and I hope someone here can help. I have a PoPToP server set up with 1.0 code and ppd ver 2.3.8. I have 2 clients connecting to it, using C. S. Ananain's pptp linux client 1.0.2. These clients both use the pppd that comes with Red Hat 6.0, ver 2.3.7. I believe my problem is with ppd. I've added, lcp timeouts in options to clean up a broken pipe, which works on both ends. I found the client side approach of just killing the pppd PID left a broken pipe. On the server, I've set up ip-up.local and ip-down.local for pppd, to do some setup and cleanup. This is working great. I've done the same on the client side, but it never reads ip-up.local or ip-down.local. I've added some echo messages to verify what's happening. When I start a pptp client session, ip-up runs, then ip-down, then ip-up runs again, then the session starts. Everything appears to be ok with the session. When I bring the session down, ip-down doesn't run. Regardless, ip-up.local and ip-down.local don't run when ip-up/ip-down run. Kas anyone come across this issue? Any idea for fixes? I'm thinking of upgrading to pppd 2.3.8 (seems like an obvious approach) but if anyone has anything to say about this I'd appreciate it. On another note, I want to set up the client to automatically restart if it fails. There's a LAN behind the client side so if it drops I want it to re-open the pipe. Anybody tried this yet??? Thanks Gord Belsey -------------- next part -------------- An HTML attachment was scrubbed... URL: From andre at direct.a2000.nl Sun Nov 14 09:57:08 1999 From: andre at direct.a2000.nl (andre) Date: Sun Nov 14 09:57:08 1999 Subject: [pptp-server] windows networking over VPN ??? Message-ID: <199911141656.RAA01144@surfbeast.nl.eu.org> Hello everybody, I have a problem with windows networking over VPN. I have installed samba as WINS server and made a virtual ip adres. VPN PPP 192.168.0.10-20 192.168.1.1 192.168.0.1(virtual) If i login on VPN server (client ip 192.168.0.10, wins 192.168.0.1 (virtual)) I can't find any stations on microsoft networking. what do i wrong ? 17:33:51.865688 192.168.0.10.netbios-ns > 192.168.0.1.netbios-ns: udp 68 17:33:51.867469 192.168.1.3.netbios-ns > 192.168.0.10.netbios-ns: udp 62 17:33:51.877180 192.168.0.10.netbios-ns > 192.168.0.1.netbios-ns: udp 68 17:33:51.878613 192.168.1.3.netbios-ns > 192.168.0.10.netbios-ns: udp 62 17:33:51.890640 192.168.0.10.netbios-ns > 192.168.0.1.netbios-ns: udp 68 Here are the configuration files. ++++ /sbin/ifconfig ++++ eth0 Link encap:Ethernet HWaddr 00:60:08:73:E2:B3 inet addr:62.108.6.142 Bcast:62.108.7.255 Mask:255.255.254.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:50427 errors:8 dropped:0 overruns:9 frame:8 TX packets:24483 errors:0 dropped:0 overruns:0 carrier:0 collisions:232 txqueuelen:100 Interrupt:10 Base address:0x300 eth1 Link encap:Ethernet HWaddr 00:00:E8:CC:7C:14 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:44606 errors:0 dropped:0 overruns:0 frame:0 TX packets:66572 errors:0 dropped:0 overruns:0 carrier:0 collisions:485 txqueuelen:100 Interrupt:5 Base address:0x280 eth1:0 Link encap:Ethernet HWaddr 00:00:E8:CC:7C:14 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:5 Base address:0x280 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:45 errors:0 dropped:0 overruns:0 frame:0 TX packets:45 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.1.3 P-t-P:192.168.0.10 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:235 errors:0 dropped:0 overruns:0 frame:0 TX packets:133 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 +++++++++ ++++ ppp/options ++++ lock name surfbeast netmask 255.255.255.0 debug auth require-chap proxyarp ms-wins 192.168.0.1 ++++++++++++++++++++ ++++ pptpd.conf ++++ speed 115200 localip 192.168.1.3 remoteip 192.168.0.10-20 +++++++++++++++++++ ++++ smb.conf +++++ [global] workgroup = ATRSERVER log file = /var/log/samba/log.%m remote announce = 192.168.0.255/ATR max log size = 50 socket options = TCP_NODELAY netbios name = SURFBEAST keepalive = 30 dns proxy = No encrypt passwords = Yes server string = ANDRE wins support = true domain logons = yes domain master = yes preferred master = yes +++++++++++++++++++ From b-dawson at tronicplanet.de Sun Nov 14 13:52:47 1999 From: b-dawson at tronicplanet.de (Dawson Brian) Date: Sun Nov 14 13:52:47 1999 Subject: [pptp-server] Can't negotiate LCP with win98 client Message-ID: <382F1039.B89BF900@tronicplanet.de> Hello all, I hope somebody can give me an answer to this question. I have a just installed vpn services on a SuSE 6.2 distro and can't seem to get through LCP negotiations with pppd and a win98 client. Each time I send a LCP ConfReq, I get an instant hangup signal. Any Ideas what this is? Thanks for any help, Brian Nov 14 19:19:55 linux pptpd[6119]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Nov 14 19:19:55 linux pptpd[6119]: CTRL: local address = 192.168.1.100 Nov 14 19:19:55 linux pptpd[6119]: CTRL: remote address = 192.168.1.200 Nov 14 19:19:55 linux pptpd[6119]: CTRL: pppd speed = 115200 Nov 14 19:19:55 linux pptpd[6119]: CTRL: Client 145.253.95.249 control connection started Nov 14 19:19:55 linux pptpd[6119]: CTRL: Received PPTP Control Message (type: 1) Nov 14 19:19:55 linux pptpd[6119]: CTRL: Made a START CTRL CONN RPLY packet Nov 14 19:19:55 linux pptpd[6119]: CTRL: I wrote 156 bytes to the client. Nov 14 19:19:55 linux pptpd[6119]: CTRL: Sent packet to client Nov 14 19:19:55 linux pptpd[6119]: CTRL: Received PPTP Control Message (type: 7) Nov 14 19:19:55 linux pptpd[6119]: CTRL: Set parameters to 0 maxbps, 16 window size Nov 14 19:19:55 linux pptpd[6119]: CTRL: Made a OUT CALL RPLY packet Nov 14 19:19:55 linux pptpd[6119]: CTRL: Starting call (launching pppd, opening GRE) Nov 14 19:19:55 linux pptpd[6119]: CTRL: pty_fd = 5 Nov 14 19:19:55 linux pptpd[6119]: CTRL: tty_fd = 7 Nov 14 19:19:55 linux pptpd[6120]: CTRL (PPPD Launcher): Connection speed = 115200 Nov 14 19:19:55 linux pptpd[6120]: CTRL (PPPD Launcher): local address = 192.168.1.100 Nov 14 19:19:55 linux pptpd[6120]: CTRL (PPPD Launcher): remote address = 192.168.1.200 Nov 14 19:19:55 linux pppd[6120]: pppd 2.3.8 started by root, uid 0 Nov 14 19:19:55 linux pppd[6120]: Using interface ppp0 Nov 14 19:19:55 linux pppd[6120]: Connect: ppp0 <--> /dev/pts/8 Nov 14 19:19:55 linux pppd[6120]: sent [LCP ConfReq id=0x1 ] Nov 14 19:19:55 linux pptpd[6119]: CTRL: I wrote 32 bytes to the client. Nov 14 19:19:55 linux pptpd[6119]: CTRL: Sent packet to client Nov 14 19:19:58 linux pppd[6120]: sent [LCP ConfReq id=0x1 ] Nov 14 19:20:22 linux last message repeated 8 times Nov 14 19:20:25 linux pppd[6120]: LCP: timeout sending Config-Requests Nov 14 19:20:25 linux pptpd[6116]: MGR: Reaped child 6119 Nov 14 19:20:25 linux pptpd[6119]: GRE: read(fd=5,buffer=804daa0,len=8196) from PTY failed: status = -1 error = Input/output error Nov 14 19:20:25 linux pptpd[6119]: CTRL: PTY read or GRE write failed (pty,gre)=(5,7) Nov 14 19:20:25 linux pptpd[6119]: CTRL: Client 145.253.95.249 control connection finished Nov 14 19:20:25 linux pptpd[6119]: CTRL: Exiting now Nov 14 19:20:25 linux pppd[6120]: Connection terminated. Nov 14 19:20:25 linux pppd[6120]: Exit. From a.waller at webpoint.at Mon Nov 15 02:21:47 1999 From: a.waller at webpoint.at (Alexander Waller) Date: Mon Nov 15 02:21:47 1999 Subject: [pptp-server] Dialup and VPN Message-ID: Hi ! I want to excuse me if this is a stupid question, but as my english is not the best I hope to clarify soe point for me. I need a solution for the following configuration Dialup-User with WIN9x or NT connects to the Internet via his ISP Company has a Firewall and behind this a Server ( Linux or NT ) with a SQL-DB. I need to have a encrypted connection from the Dialup-User to the Server. I found solution for Server-Server-VPN. But I coudn?t find a solution for a Dialup-Server-VPN. Oh the SQL-Data is displayed via a SQL-Client-Application and not http, so SSL is no solution ! For your help, thanks in advance. Alex. +------------------------------------------+ + Alex Waller + + WebPoint + + Internet-Services + + A-6840 G?tzis + + Mobil +43 676 4121128 + + http://www.webpoint.at + +------------------------------------------+ PGP-KEY : http://city.webpoint.at/pgp/pgp_aw.htm From EMIR.TOKTAR at bra.xerox.com Mon Nov 15 10:03:09 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Mon Nov 15 10:03:09 1999 Subject: [pptp-server] PPP 2.3.10 Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F13D4@bra0070ms1.bra.xerox.com> Ok, but open the ppp-2.3.10-openssl-norc4-mppe.patch.gz or ppp-2.3.8-mppe-others-norc4_TH7.diff.gz file and to look for "ppp_mppe" and you will find some lines codes like these: --------------------------------------------------- ..... +How to use it: +* Compile this pppd, and teh associated kernel modules. +* Add +chapms and/or +chapms-v2 to your pppd command line. +* Add mppe-40 and/or mppe-128 and/or mppe-stateless to your pppd command line. +* Either load ppp_mppe.o manually or put this line in your /etc/conf.modules. + alias ppp-compress-18 ppp_mppe +* Go for it. + ..... ---------------------------------------------------- ..... + esac if [ ! -e $BASE ]; then if [ -e ../include/linux/$BASE ]; then BASE=../include/linux/$BASE @@ -183,6 +195,16 @@ for FILE in $LINUXSRC/drivers/net/bsd_co $LINUXSRC/drivers/net/ppp_deflate.c \ $LINUXSRC/drivers/net/zlib.c \ $LINUXSRC/drivers/net/zlib.h \ + $LINUXSRC/drivers/net/ppp_mppe.c \ + $LINUXSRC/drivers/net/ppp_lzscomp.c \ ... @@ -229,8 +251,46 @@ else ..... ---------------------------------------------------- +echo -n 'Adding MPPE compression module to drivers makefile...' +NETMK=$LINUXSRC/drivers/net/Makefile +fgrep ppp_mppe.o $NETMK >/dev/null +if [ ! "$?" = "0" ]; then .... ---------------------------------------------------- .... .... .... .... +#define LZS_HIST_WORD(b1,b2) ((b1<<8)|b2) /* (network byte order rulez) */ diff -rupN ppp-2.3.10.orig/linux/ppp_mppe.c ppp-2.3.10/linux/ppp_mppe.c --- ppp-2.3.10.orig/linux/ppp_mppe.c Wed Dec 31 16:00:00 1969 +++ ppp-2.3.10/linux/ppp_mppe.c Wed Sep 22 22:29:24 1999 ----------------------------------------------------- and more.... Regards Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: Matthew C. Grab [mailto:mis at cindyrowe.com] Sent: Thursday, November 11, 1999 4:09 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] PPP 2.3.10 Hi, I have been following the PopTop faq and Emir Toktar's additions to the faq, and I have run into something. I don't have a ppp_mppe module. I follow these lines: [make modules SUBDIRS=drivers/net] [make modules_install] [rmmod ppp] (+) [insmod slhc] (+) [insmod ppp] (+) [insmod bsd_comp] (+) [insmod ppp_deflate] (+) [insmod ppp_mppe] this is when I find I don't have a ppp_mppe module. I've looked in /lib/modules/2.2.13 (that's the kernel version I downloaded). I find slhc, ppp, bsd_comp, and ppp_deflate, but not ppp_mppe. Any thoughts? I am compiling ppp 2.3.10 with the patch named ppp-2.3.10-openssl-norc4-mppe.patch I used the command patch -p0 < ppp-2.3.10-openssl-norc4-mppe.patch Thanks in advance, Matt Grab p.s. I've been working on this for a while, and the only time I get anywhere, is when I follow your advice! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From ryan at ifg.net Mon Nov 15 14:51:11 1999 From: ryan at ifg.net (Ryan Medlin) Date: Mon Nov 15 14:51:11 1999 Subject: [pptp-server] Dialup and VPN In-Reply-To: Message-ID: Hi all, I have a Winnt machine running steelhead and the Routing and Remote access service. I also have another Winnt machine running just the regular RAS server. I can connect to the regular server but not the machine with RRAS installed. The regular computer is a member of the domain while the RRAS server is a standalone server. Both work when i use a win 98 client to connect. it lkooks like i had better just gothe linux-linux route for both sides... ryan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Alexander Waller Sent: Monday, November 15, 1999 3:21 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Dialup and VPN Hi ! I want to excuse me if this is a stupid question, but as my english is not the best I hope to clarify soe point for me. I need a solution for the following configuration Dialup-User with WIN9x or NT connects to the Internet via his ISP Company has a Firewall and behind this a Server ( Linux or NT ) with a SQL-DB. I need to have a encrypted connection from the Dialup-User to the Server. I found solution for Server-Server-VPN. But I coudn?t find a solution for a Dialup-Server-VPN. Oh the SQL-Data is displayed via a SQL-Client-Application and not http, so SSL is no solution ! For your help, thanks in advance. Alex. +------------------------------------------+ + Alex Waller + + WebPoint + + Internet-Services + + A-6840 G?tzis + + Mobil +43 676 4121128 + + http://www.webpoint.at + +------------------------------------------+ PGP-KEY : http://city.webpoint.at/pgp/pgp_aw.htm _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From schlika at virtua.ch Mon Nov 15 16:50:51 1999 From: schlika at virtua.ch (Marcel Prisi) Date: Mon Nov 15 16:50:51 1999 Subject: [pptp-server] Wont work ... Message-ID: <000a01bf2fbb$a1fc0060$a6e1cac3@sefanet.ch> Hi ! I am trying to get pptp working on a simple setup, but have some troubles. I recompiled pppd-2.3.10 + patch, kernel 2.2.14pre4 & used pptp from the latest rpm. I followed the FAQ. I had to add "alias char-major-108 off" in my conf.modules file. I use a Win98rev2 client. When I try to open the VPN, the win client tells me it is trying to get authenticated, waits for a while, and hangs up, saying there is some trouble with the server (error 645). Any help would be greatly appreciated. Here's my ppp/options : lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless part of lsmod : ppp_mppe 13616 0 (unused) ppp_deflate 40580 0 (unused) bsd_comp 3632 0 (unused) ppp 20140 0 [ppp_mppe ppp_deflate bsd_comp] slhc 4360 0 [ppp] Here follows the log : Nov 15 23:36:32 xor pptpd[1075]: MGR: Launching /usr/sbin/pptpctrl to handle client Nov 15 23:36:32 xor pptpd[1075]: CTRL: local address = 192.168.1.235 Nov 15 23:36:32 xor pptpd[1075]: CTRL: remote address = 192.168.2.235 Nov 15 23:36:32 xor pptpd[1075]: CTRL: Client 195.202.225.166 control connection started Nov 15 23:36:32 xor pptpd[1075]: CTRL: Received PPTP Control Message (type: 1) Nov 15 23:36:32 xor pptpd[1075]: CTRL: Made a START CTRL CONN RPLY packet Nov 15 23:36:32 xor pptpd[1075]: CTRL: I wrote 156 bytes to the client. Nov 15 23:36:32 xor pptpd[1075]: CTRL: Sent packet to client Nov 15 23:36:32 xor pptpd[1075]: CTRL: Received PPTP Control Message (type: 7) Nov 15 23:36:32 xor pptpd[1075]: CTRL: Set parameters to 0 maxbps, 16 window size Nov 15 23:36:32 xor pptpd[1075]: CTRL: Made a OUT CALL RPLY packet Nov 15 23:36:32 xor pptpd[1075]: CTRL: Starting call (launching pppd, opening GRE) Nov 15 23:36:32 xor pptpd[1075]: CTRL: pty_fd = 4 Nov 15 23:36:32 xor pptpd[1075]: CTRL: tty_fd = 5 Nov 15 23:36:32 xor pptpd[1076]: CTRL (PPPD Launcher): Connection speed = 115200 Nov 15 23:36:32 xor pptpd[1076]: CTRL (PPPD Launcher): local address = 192.168.1.235 Nov 15 23:36:32 xor pptpd[1076]: CTRL (PPPD Launcher): remote address = 192.168.2.235 Nov 15 23:36:32 xor pptpd[1075]: CTRL: I wrote 32 bytes to the client. Nov 15 23:36:32 xor pptpd[1075]: CTRL: Sent packet to client Nov 15 23:37:00 xor pptpd[1075]: CTRL: Received PPTP Control Message (type: 12) Nov 15 23:37:00 xor pptpd[1051]: MGR: Reaped child 1075 Nov 15 23:37:00 xor pptpd[1075]: CTRL: Made a CALL DISCONNECT RPLY packet Nov 15 23:37:00 xor pptpd[1075]: CTRL: Received CALL CLR request (closing call) Nov 15 23:37:00 xor pptpd[1075]: CTRL: I wrote 148 bytes to the client. Nov 15 23:37:00 xor pptpd[1075]: CTRL: Sent packet to client Nov 15 23:37:00 xor pptpd[1075]: CTRL: Error with select(), quitting Nov 15 23:37:00 xor pptpd[1075]: CTRL: Client 195.202.225.166 control connection finished Nov 15 23:37:00 xor pptpd[1075]: CTRL: Exiting now From tmk at netmagic.net Mon Nov 15 22:07:37 1999 From: tmk at netmagic.net (tmk) Date: Mon Nov 15 22:07:37 1999 Subject: [pptp-server] Wont work ... References: <000a01bf2fbb$a1fc0060$a6e1cac3@sefanet.ch> Message-ID: <000701bf2fc8$0d2ed180$071c0fc0@lala.net> include the ppp negotiation logs and i'll see what i can do. You will probably have to add the debug option to the ppp options file, and add a *.debug /var/log/debug line to your /etc/syslog.conf file Kevin ----- Original Message ----- From: Marcel Prisi To: Sent: Monday, November 15, 1999 2:49 PM Subject: [pptp-server] Wont work ... > Hi ! > > I am trying to get pptp working on a simple setup, but have some troubles. I > recompiled pppd-2.3.10 + patch, kernel 2.2.14pre4 & used pptp from the > latest rpm. I followed the FAQ. I had to add "alias char-major-108 off" in > my conf.modules file. I use a Win98rev2 client. > > When I try to open the VPN, the win client tells me it is trying to get > authenticated, waits for a while, and hangs up, saying there is some trouble > with the server (error 645). > > Any help would be greatly appreciated. > > Here's my ppp/options : > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > part of lsmod : > ppp_mppe 13616 0 (unused) > ppp_deflate 40580 0 (unused) > bsd_comp 3632 0 (unused) > ppp 20140 0 [ppp_mppe ppp_deflate bsd_comp] > slhc 4360 0 [ppp] > > Here follows the log : > Nov 15 23:36:32 xor pptpd[1075]: MGR: Launching /usr/sbin/pptpctrl to handle > client > Nov 15 23:36:32 xor pptpd[1075]: CTRL: local address = 192.168.1.235 > Nov 15 23:36:32 xor pptpd[1075]: CTRL: remote address = 192.168.2.235 > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Client 195.202.225.166 control > connection started > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Received PPTP Control Message (type: > 1) > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Made a START CTRL CONN RPLY packet > Nov 15 23:36:32 xor pptpd[1075]: CTRL: I wrote 156 bytes to the client. > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Sent packet to client > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Received PPTP Control Message (type: > 7) > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Set parameters to 0 maxbps, 16 window > size > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Made a OUT CALL RPLY packet > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Starting call (launching pppd, > opening GRE) > Nov 15 23:36:32 xor pptpd[1075]: CTRL: pty_fd = 4 > Nov 15 23:36:32 xor pptpd[1075]: CTRL: tty_fd = 5 > Nov 15 23:36:32 xor pptpd[1076]: CTRL (PPPD Launcher): Connection speed = > 115200 > Nov 15 23:36:32 xor pptpd[1076]: CTRL (PPPD Launcher): local address = > 192.168.1.235 > Nov 15 23:36:32 xor pptpd[1076]: CTRL (PPPD Launcher): remote address = > 192.168.2.235 > Nov 15 23:36:32 xor pptpd[1075]: CTRL: I wrote 32 bytes to the client. > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Sent packet to client > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Received PPTP Control Message (type: > 12) > Nov 15 23:37:00 xor pptpd[1051]: MGR: Reaped child 1075 > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Made a CALL DISCONNECT RPLY packet > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Received CALL CLR request (closing > call) > Nov 15 23:37:00 xor pptpd[1075]: CTRL: I wrote 148 bytes to the client. > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Sent packet to client > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Error with select(), quitting > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Client 195.202.225.166 control > connection finished > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Exiting now > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From steve at iconz.co.nz Tue Nov 16 02:01:05 1999 From: steve at iconz.co.nz (Steve) Date: Tue Nov 16 02:01:05 1999 Subject: [pptp-server] routing realworld ip addresses via pptp Message-ID: <199911160801.VAA180360942739283@mail.iconz.co.nz> Hiyas :) i'm new to this list and havent quite gotten to the point of setting up PoPToP yet but was wondering if anyone had a solution to this. basicly, what i want to do is try and route a small netblock of realworld IP addresses via a NAT'd ADSL connection back to the net. the setup would be similar to the following.. | 210.48.7.0/240 |---|Linux|-----|ADSL|-----|Linux|---|Internet.. | | | 192.168.1.0/24 (NAT)---------/ | | | | (NZ Telecoms ADSL Network 210.48.81.0/24)-/ | | (Work LAN - 210.48.22.0/24)---------------------/ from the way i figure it (which is probably completely wrong :) ) is that i should be setting up a ppp interface on the local linux box in the 210.48.7.0/240 subnet which is used by the local clients as teh gateway and one end of the tunnel, then establish a tunnel back thru to the linux box at the far end useing PoPToP - terminating the tunnel with an address in say the 210.48.23.0/24 range, then turn on ip forwarding on the 210.48.22.0/24 server and add a static route pointing to that machine for the 210.48.7.0/240 network. this is probably a particuarly long winded way to do things and i saw previously a post by someone advising the person to use vpnd - had a quick look at that but was wanting to try and find some way of useing PPTP as the same could possibly be done with an NT server behind the ADSL box (not sure if vpnd would work in that instance) connecting back to the linux machine and authenticateing with PoPToP. can someone please shoot me down over this idea ? :) TIA -- Steve. From Stephen.Tan at itftennis.com Tue Nov 16 07:34:01 1999 From: Stephen.Tan at itftennis.com (Stephen Tan) Date: Tue Nov 16 07:34:01 1999 Subject: [pptp-server] Problem when making kernel modules Message-ID: <158DC099D95AD3119A610090273C1A0B2201E5@sampras> Hi, I am trying to recompile my kernel so that ppp can handle MSCHPv2/MPPE as per the instructions on the HOW TO. However, when I do "make modules" I get the following error: ppp_mppe.c:68: rc4_skey.c: No such file or directory make[2]: *** [ppp_mppe.o] Error 1 make[2]: Leaving directory `/usr/src/linux-2.2.5/drivers/net' make[1]: *** [_modsubdir_net] Error 2 make[1]: Leaving directory `/usr/src/linux-2.2.5/drivers' make: *** [_mod_drivers] Error 2 I can't use modules now!! Given the lack of documentaion, I am now making my first posting to a newsgroup - HELP! I am running Redhat 6.0, kernel 2.2.5. I am using ppp 2.3.8,and all the other packages specified in the HOW TO. Stephen Tan (International Tennis Federation) The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any use (including retransmission or copying) of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient of this transmission, please contact the sender and delete the material from any computer. The sender is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. From ryan at ifg.net Tue Nov 16 09:35:10 1999 From: ryan at ifg.net (Ryan Medlin) Date: Tue Nov 16 09:35:10 1999 Subject: [pptp-server] Problem when making kernel modules In-Reply-To: <158DC099D95AD3119A610090273C1A0B2201E5@sampras> Message-ID: looks like you didnt copy the rc4.c file into the drivers/net directory. make sure you did that.... ryan -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Stephen Tan Sent: Tuesday, November 16, 1999 8:28 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] Problem when making kernel modules Hi, I am trying to recompile my kernel so that ppp can handle MSCHPv2/MPPE as per the instructions on the HOW TO. However, when I do "make modules" I get the following error: ppp_mppe.c:68: rc4_skey.c: No such file or directory make[2]: *** [ppp_mppe.o] Error 1 make[2]: Leaving directory `/usr/src/linux-2.2.5/drivers/net' make[1]: *** [_modsubdir_net] Error 2 make[1]: Leaving directory `/usr/src/linux-2.2.5/drivers' make: *** [_mod_drivers] Error 2 I can't use modules now!! Given the lack of documentaion, I am now making my first posting to a newsgroup - HELP! I am running Redhat 6.0, kernel 2.2.5. I am using ppp 2.3.8,and all the other packages specified in the HOW TO. Stephen Tan (International Tennis Federation) The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any use (including retransmission or copying) of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient of this transmission, please contact the sender and delete the material from any computer. The sender is not responsible for the completeness or accuracy of this communication as it has been transmitted over a public network. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From agrundma at ddiworld.com Tue Nov 16 10:21:31 1999 From: agrundma at ddiworld.com (Andy Grundman) Date: Tue Nov 16 10:21:31 1999 Subject: [pptp-server] pppd Unsupported Protocol errors when using pptp connection Message-ID: <000501bf304e$fd3981d0$25d309c1@ses.ddiworld.com> I am trying to get PoPToP up and running and I am testing between 2 machines on the same subnet. I can connect from my NT box to the Linux server using PPTP. But when I try to ping the PPTP server IP address from the NT client, my pptp log file spits out: Nov 16 11:54:37 demo pppd[770]: Unsupported protocol (0x8d57) received Nov 16 11:54:37 demo pppd[770]: sent [LCP ProtRej id=0x8 8d 57 0d 3a 1d a1 78 54 3d c4 e6 4b 9b 18 c0 b0 c5 2c 2a 73 08 43 87 ff e3 af e2 44 23 7e 4d d9 8b 88 8d 08 ea ea 2d 7c 7e 69 a5 55 f8 05 93 67 61 75 ce 1a 51 d6 fc 78 90 ef 30 21 bb b7] Nov 16 11:56:04 demo pppd[770]: rcvd [proto=0xd6d2] b2 89 98 20 93 7c 51 58 69 5c be 39 1f 9b a5 ee d0 45 86 c6 66 34 e2 5d d7 dd d7 54 fc e8 ed 4b ... for each ping request. The NT box gets no ping response, but traffic is coming back to the NT box from the server over the PPTP connection. I figured it was maybe just ICMP that wasn't working, so I set up the default gw on my NT to be the VPN adapter, and tried HTTP. I got the same result, with an unsupported protocol message. I can't ping in either direction across the pptp connection... I don't get those error messages when I ping from the server to the client though. Does anyone know what the problem is here? I think I must have compiled my ppp wrong or forgot something in the options file. /etc/ppp/options: lock debug name demo auth require-chap +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless (I had proxyarp in there but it didn't make any difference.) ifconfig on linux server: eth0 Link encap:Ethernet HWaddr 00:A0:C9:32:16:01 inet addr:193.9.211.65 Bcast:193.9.211.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15448 errors:0 dropped:0 overruns:0 frame:0 TX packets:2704 errors:0 dropped:0 overruns:0 carrier:0 collisions:126 txqueuelen:100 Interrupt:11 Base address:0x1000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:2 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:10.0.0.1 P-t-P:10.0.0.11 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:17 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 route on server: Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.11 * 255.255.255.255 UH 0 0 0 ppp0 193.9.211.65 * 255.255.255.255 UH 0 0 0 eth0 193.9.211.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 193.9.211.1 0.0.0.0 UG 0 0 0 eth0 -Andy From anderson at moat.centtech.com Tue Nov 16 10:29:08 1999 From: anderson at moat.centtech.com (Eric Anderson) Date: Tue Nov 16 10:29:08 1999 Subject: [pptp-server] gateway settings Message-ID: <4.2.0.58.19991116102715.00a9f100@mailhost.centtech.com> anyone else having a problem getting ppp/poptop to set the gateway on the windows clients? everything works perfectly, except it isnt setting the gateway.. sometimes, i can get it to set the gateway on the win box, but it sets it to its own ip address, which is not correct.. i really need some help with this.. its killing me.. :D eric anderson ____________________________________ Microsoft: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? From tmk at netmagic.net Tue Nov 16 13:17:56 1999 From: tmk at netmagic.net (tmk) Date: Tue Nov 16 13:17:56 1999 Subject: [pptp-server] gateway settings In-Reply-To: <4.2.0.58.19991116102715.00a9f100@mailhost.centtech.com> Message-ID: it's own local address IS correct, this is ppp which only knows about 2 computers: the local box and the remote server. It is assumed that the remote server has routing capabilities, but not that the remote server is on the same subnet (this is usually not the case).. Since a router or gateway needs to be on the same subnet as the machine that needs to route, and there are only 2 ip addrs involved, the local address is the correct gateway. If you check teh 'use default gateway on remote network' box under tcp/ip settings in teh dial up networking properties window, DUN will route all ip traffic through the vpn link. The routing from there is up to the linux server. Kevin On Tue, 16 Nov 1999, Eric Anderson wrote: > anyone else having a problem getting ppp/poptop to set the gateway on the > windows clients? everything works perfectly, except it isnt setting the > gateway.. sometimes, i can get it to set the gateway on the win box, but it > sets it to its own ip address, which is not correct.. > > i really need some help with this.. its killing me.. :D > > eric anderson > > > > ____________________________________ > Microsoft: Where do you want to go today? > Linux: Where do you want to go tomorrow? > FreeBSD: Are you guys coming or what? > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From anderson at moat.centtech.com Wed Nov 17 11:00:54 1999 From: anderson at moat.centtech.com (Eric Anderson) Date: Wed Nov 17 11:00:54 1999 Subject: [pptp-server] arp / proxyarp Message-ID: <4.2.0.58.19991117105935.00a3e800@mailhost.centtech.com> when sending this command: arp --set $REMOTE_IP_ADDRESS 00:60:08:98:14:14 pub >> /var/run/ppp.up should the 00:60:08:98:14:14 be the hardware address of my ethernet port on the pptp server ,the client, the firewall, etc? i tried it with the pptp server's eth0 address, and it didnt seem to work.. what did i miss? ____________________________________ Microsoft: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? From cwf at infosecana.com Wed Nov 17 11:43:56 1999 From: cwf at infosecana.com (Chuck Flink) Date: Wed Nov 17 11:43:56 1999 Subject: [pptp-server] Linux NAT support PPTP packet editor/filter? Message-ID: <008501bf3124$8a02db90$8900a8c0@infosecana.com> Example: PCa--homeLAN--PCb--RoadRunner--Internet PCb is gateway running Win2K Router with NAT routing rules. PCa is client PC accessing Internet through gateway. PCa can dial to remote work LAN/WAN via PPTP thru PCb, totally transparently. (Neat!) E.g.: PCa--PPTP(--homeLAN--PCb--RoadRunner--Internet)--Work Desired: Linux configuration on PCb with similar functionality. I'm experimenting with Win2K Server as a NAT/PPTP gateway.... Win2K Server RC2 includes Router services with NAT routing rules including support for a PPTP "packet editor/filter" (Microsoft terminology?) that supports editing PPTP packets so they pass thru the NAT gateway. (Note: using NAT routing option under the Router service in Windows 2000 Server, NOT the similar but less functional NAT called the Internet Connection Service (ICS) also available under Win2000 Professional as well as the Server.) I don't want to pay for W2K Server when it is released next year. My use is very 'non-profit', or at least certainly not profitable! :-) Cost considerations lead me to Linux (preferred) or the Win2K Professional version using ICS (which doesn't seem to integrate as well with PPTP, nor does it offer the same security features as the Router service on the Server configuration.) Does the PPTP support for Linux integrate with Linux NAT such as to support the passing of PPTP sessions through NAT, analogous to what I am now doing with the Win2K RC2 beta? I believe IPsec / L2TP cannot be filtered / edited to pass through NAT gateways like PPTP can.... correct me if I'm wrong. I'd prefer to use the more open IPsec standard if it could be made to be as transparent as PPTP. Thanks! -Chuck Flink cwf at att.net ------------ From larry at greenmotor.com Wed Nov 17 15:39:44 1999 From: larry at greenmotor.com (Larry Gray) Date: Wed Nov 17 15:39:44 1999 Subject: [pptp-server] PPTP access for Entire Network Message-ID: <001c01bf313c$b0b4c920$83cac8c6@larry> Hello, I've got a pptp server up and running and can access it from Windows 95/98 over the Internet. I've also got pptp access from my internal LAN through a firewall to the pptp server on the Internet (Used VPN masquerading HOWTO). Each client uses Microsoft's VPN adapter. However, only one user can reliably access the network the pptp server is on. I'm using Redhat 6.1 at both ends, and according to the howto it should work. Any suggestions? I'm also thinking about trying to use the Linux pptp client on the remote firewall. Would this then allow the internal LAN to connect to the external network without using the Microsoft VPN adapter? Is VPN masquerading still required? Anybody done this? My other option is to use vpnd. Has anybody used this? Thanks in Advance, Larry Gray larry at greenmotor.com From EMIR.TOKTAR at bra.xerox.com Wed Nov 17 18:06:03 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Wed Nov 17 18:06:03 1999 Subject: [pptp-server] Problem when making kernel modules Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F13E9@bra0070ms1.bra.xerox.com> Stephen Tan, If you are using a kernel earlier than 2.2.8, you can either use the driver in this package or upgrade your kernel to 2.2.8. Your situation [kernel-2.2.5-15]! ##-----(if kernel < 2.2.8)---------### # e.g. Build the kernel when < Kernel 2.2.8 # kernel [cd /usr/src/linux/] [make menuconfig .....if necessary ...] #e.g. Look for the rmp installed [RedHat 6.0 - default] #kernel-headers-2.2.5-15 3kernel-2.2.5-15 #kernel-doc-2.2.5-15 3kernel-pcmcia-cs-2.2.5-15 # if necessary... #kernel-source-2.2.5-15 #kernelcfg-0.5-5 #ppp-2.3.7-2 # ## Follow this steps... [make dep] [make clean] [make bzImage] [make modules] ## don?t forget it [make modules_install] ## don?t forget it ###-----(endif kernel < 2.2.8)---------### ## after recomplied the kernel, follow the steps in HowTo PoPToP.... [pwd] [usr/local/src/ppp-2.3.8] # be sure into ppp-2.3.8 dir [make] [cp pppd/pppd /usr/sbin/] (+) [make install] --> reference ppp-2.3.8 [cd /usr/src/linux] [make modules SUBDIRS=drivers/net] [make modules_install] Good look! Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: Stephen Tan [mailto:Stephen.Tan at itftennis.com] Sent: Tuesday, November 16, 1999 11:28 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] Problem when making kernel modules _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From tmk at netmagic.net Wed Nov 17 18:15:59 1999 From: tmk at netmagic.net (tmk) Date: Wed Nov 17 18:15:59 1999 Subject: [pptp-server] PPTP access for Entire Network References: <001c01bf313c$b0b4c920$83cac8c6@larry> Message-ID: <000a01bf315a$5d7612a0$071c0fc0@lala.net> > Hello, hi > I've got a pptp server up and running and can access it from Windows > 95/98 over the Internet. I've also got pptp access from my internal LAN > through a firewall to the pptp server on the Internet (Used VPN masquerading > HOWTO). Each client uses Microsoft's VPN adapter. ok, so you have 2 types of clients, those that connect directly, and those that masq through a firewall. > However, only one user can reliably access the network the pptp server > is on. I'm using Redhat 6.1 at both ends, and according to the howto it > should work. Any suggestions? One user at a time? or one user at a time from behind the masqd firewall? If the latter is the case, the pptp masq most likely only reliably supports one connection at a time. I dont know though. > I'm also thinking about trying to use the Linux pptp client on the > remote firewall. Would this then allow the internal LAN to connect to the > external network without using the Microsoft VPN adapter? Is VPN > masquerading still required? Anybody done this? if you create a pptp connectino to the remote pptpd server using the pptp clinet (both sides linux) then you will need only to add routes for the remote networks. None of the clients even need to know there is a tunnel. The local and remote networks need to be on different subnets. > My other option is to use vpnd. Has anybody used this? i've never used vpnd, but there are other ways to do it.. ssh and some scripts is one way, pptp is another, ipsec + masq is a third, basically anything that can create a ppp device or secure pathway from one end to the other will work. Kevin From tmk at netmagic.net Wed Nov 17 18:18:51 1999 From: tmk at netmagic.net (tmk) Date: Wed Nov 17 18:18:51 1999 Subject: [pptp-server] Linux NAT support PPTP packet editor/filter? References: <008501bf3124$8a02db90$8900a8c0@infosecana.com> Message-ID: <001401bf315a$cb00ace0$071c0fc0@lala.net> > Desired: Linux configuration on PCb with similar functionality. linux masq + pptp masq module will do exactly this. > I believe IPsec / L2TP cannot be filtered / edited to pass through > NAT gateways like PPTP can.... correct me if I'm wrong. I'd > prefer to use the more open IPsec standard if it could be made > to be as transparent as PPTP. i believe ipsec encrypts everything (that is useful to NAT) but the dest address, so masq wont do ipsec to my knowledge. Kevin From tmk at netmagic.net Wed Nov 17 18:52:03 1999 From: tmk at netmagic.net (tmk) Date: Wed Nov 17 18:52:03 1999 Subject: [pptp-server] arp / proxyarp References: <4.2.0.58.19991117105935.00a3e800@mailhost.centtech.com> Message-ID: <002301bf315f$71d98c40$071c0fc0@lala.net> what are you tryinhg to do? if you are trying to do proxy arp, there is a ppp switch for that, no need to do it manually. fyi, the hardware (MAC) address must be the eth card that is on the same subnet as the ppp device is in. I have said it before, and i'll probably say it again: There is NO POINT in doing proxy arps for machines on a different subnet, since they will never use it. Routing takes care of that side of the business. -Kevin ----- Original Message ----- From: Eric Anderson To: Sent: Wednesday, November 17, 1999 9:01 AM Subject: [pptp-server] arp / proxyarp > when sending this command: > > arp --set $REMOTE_IP_ADDRESS 00:60:08:98:14:14 pub >> /var/run/ppp.up > > should the 00:60:08:98:14:14 be the hardware address of my ethernet port on > the pptp server ,the client, the firewall, etc? i tried it with the pptp > server's eth0 address, and it didnt seem to work.. what did i miss? > > > > > ____________________________________ > Microsoft: Where do you want to go today? > Linux: Where do you want to go tomorrow? > FreeBSD: Are you guys coming or what? > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Wed Nov 17 19:08:06 1999 From: tmk at netmagic.net (tmk) Date: Wed Nov 17 19:08:06 1999 Subject: [pptp-server] routing realworld ip addresses via pptp References: <199911160801.VAA180360942739283@mail.iconz.co.nz> Message-ID: <004d01bf3161$a1bd7500$071c0fc0@lala.net> can you be more specific about what you want to do? the ascii is either wrong or it didnt come through right. here's what i think you're trying to say: you have a block of real ip's (btw, x.x.x.x/240 isnt standard notation usually when you do /## it is the #of bits in the subnet mask. so 255.255.255.240 would be x.x.x.x/28) and a block of fake ip's. Both blocks are routed through a linux router to the internet via an adsl connection. Somewhere else on the internet is a different linux router/firewal, which is the gateway to your work LAN. You want to connect the ADSL guys' network and the fake ip guys network (which seem to share the same LAN, or at least the same router) to the work network via a secure channel, keeping the current IP addresses as the way of talking back and forth between the 3 networks. Regardless of how you connect the 3 networks, there will be a tunnel created between the linux boxes. Each side has its own ip address (which doesnt need to be in any of the current subnets, let's call the ADSL ip A and the work ip B). Once that is up, you will need to tell the ADSL router (via a static route) that there is a route to the work network with the gateway being B, and the work network that there is a route to the adsl network with the gateway being A, and there is a route to the fake ip network with the gateway being A. As far as creating the tunnel, that is up to you. pptpd + pptp client can do it, so can vpnd, so can a number of other programs. read the mailing list archives, i've listed them before. Also keep in mind that anyone that can get into your local network can now get into your work network, so be careful. Kevin ----- Original Message ----- From: Steve To: Sent: Tuesday, November 16, 1999 12:00 AM Subject: [pptp-server] routing realworld ip addresses via pptp > Hiyas :) > > i'm new to this list and havent quite gotten to the point of setting up > PoPToP yet but was wondering if anyone had a solution to this. > > basicly, what i want to do is try and route a small netblock of realworld > IP addresses via a NAT'd ADSL connection back to the net. the setup would > be similar to the following.. > > | 210.48.7.0/240 |---|Linux|-----|ADSL|-----|Linux|---|Internet.. > | | | > 192.168.1.0/24 (NAT)---------/ | | > | | > (NZ Telecoms ADSL Network 210.48.81.0/24)-/ | > | > (Work LAN - 210.48.22.0/24)---------------------/ > > from the way i figure it (which is probably completely wrong :) ) is that i > should be setting up a ppp interface on the local linux box in the > 210.48.7.0/240 subnet which is used by the local clients as teh gateway and > one end of the tunnel, then establish a tunnel back thru to the linux box > at the far end useing PoPToP - terminating the tunnel with an address in > say the 210.48.23.0/24 range, then turn on ip forwarding on the > 210.48.22.0/24 server and add a static route pointing to that machine for > the 210.48.7.0/240 network. > > this is probably a particuarly long winded way to do things and i saw > previously a post by someone advising the person to use vpnd - had a quick > look at that but was wanting to try and find some way of useing PPTP as the > same could possibly be done with an NT server behind the ADSL box (not sure > if vpnd would work in that instance) connecting back to the linux machine > and authenticateing with PoPToP. > > can someone please shoot me down over this idea ? :) > > TIA > > -- > Steve. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From geoff at gnaa.net Wed Nov 17 19:45:29 1999 From: geoff at gnaa.net (geoff nordli) Date: Wed Nov 17 19:45:29 1999 Subject: [pptp-server] Linux NAT support PPTP packet editor/filter? In-Reply-To: <001401bf315a$cb00ace0$071c0fc0@lala.net> Message-ID: <004601bf3166$c6b5c650$0101a8c0@p350.highway-i.com> If you want to do IPSEC with NAT you have to include the IPSEC MASQ ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html There is a section in there where it talks about masq and IPSEC. Geoff Nordli > Desired: Linux configuration on PCb with similar functionality. linux masq + pptp masq module will do exactly this. > I believe IPsec / L2TP cannot be filtered / edited to pass through > NAT gateways like PPTP can.... correct me if I'm wrong. I'd > prefer to use the more open IPsec standard if it could be made > to be as transparent as PPTP. i believe ipsec encrypts everything (that is useful to NAT) but the dest address, so masq wont do ipsec to my knowledge. Kevin _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From estradey at *remove*pullman.com Wed Nov 17 21:36:11 1999 From: estradey at *remove*pullman.com (Eric Stratte) Date: Wed Nov 17 21:36:11 1999 Subject: [pptp-server] IPX quext-shuns...again Message-ID: <38337446.FEE718DE@pullman.com> Hi, I am wondering on any tricks that I might need to make IPX work over PPTP I have looked at most of the IPX stuff I can find, here and elsewhere to little avail. I have not 'tried everything' since some of the steps take alot of time I don't have(sorry for the sob story) I have PPTP up and working for TCP/IP. eth0(LAN) has IPX up with etherII protocol and the pppx adapters come up with IPX when a win client connects to them. The weird thing is that with or without an internal_net, the /usr/sbin/ipxd -d always seems to ignore all of the RIP and SAP messages. (non-local net) it says with arrogance... IPX is compiled into kernel(2.2.12-RH6.1), but the "FULL INTERNAL IPX.." thing is not, the help for this option is vague, but gave me the impression I didn't need it. pppd is 2.3.10 and I've followed tmk's IPX + PPTP HOWTO v0.1. When I compiled pppd I did not set the two flags, I think they are something like USE_MSWIN and something else. I can't seem to find these now, must have been a late haze...maybe ignore this last line?? any info would help before I start trying everything... Thanks, Eric From tmk at netmagic.net Thu Nov 18 02:23:04 1999 From: tmk at netmagic.net (tmk) Date: Thu Nov 18 02:23:04 1999 Subject: [pptp-server] IPX quext-shuns...again References: <38337446.FEE718DE@pullman.com> Message-ID: <00ae01bf319e$712f9200$071c0fc0@lala.net> what does "work" mean? what do you need ipx for, and how is it failing? Kevin ----- Original Message ----- From: Eric Stratte To: PPTP Sent: Wednesday, November 17, 1999 7:36 PM Subject: [pptp-server] IPX quext-shuns...again > Hi, > > I am wondering on any tricks that I might need to make IPX work over > PPTP I have looked at most of the IPX stuff I can find, here and > elsewhere to little avail. I have not 'tried everything' since some of > the steps take alot of time I don't have(sorry for the sob story) > > I have PPTP up and working for TCP/IP. eth0(LAN) has IPX up with > etherII protocol and the pppx adapters come up with IPX when a win > client connects to them. > > The weird thing is that with or without an internal_net, the > /usr/sbin/ipxd -d always seems to ignore all of the RIP and SAP > messages. (non-local net) it says with arrogance... > > IPX is compiled into kernel(2.2.12-RH6.1), but the "FULL INTERNAL IPX.." > thing is not, the help for this option is vague, but gave me the > impression I didn't need it. > > pppd is 2.3.10 and I've followed tmk's IPX + PPTP HOWTO v0.1. > When I compiled pppd I did not set the two flags, I think they are > something like USE_MSWIN and something else. I can't seem to find these > now, must have been a late haze...maybe ignore this last line?? > > any info would help before I start trying everything... > > Thanks, > Eric > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From tmk at netmagic.net Thu Nov 18 03:25:55 1999 From: tmk at netmagic.net (tmk) Date: Thu Nov 18 03:25:55 1999 Subject: [pptp-server] Wont work ... References: <000a01bf2fbb$a1fc0060$a6e1cac3@sefanet.ch> Message-ID: <000701bf2fc8$0d2ed180$071c0fc0@lala.net> include the ppp negotiation logs and i'll see what i can do. You will probably have to add the debug option to the ppp options file, and add a *.debug /var/log/debug line to your /etc/syslog.conf file Kevin ----- Original Message ----- From: Marcel Prisi To: Sent: Monday, November 15, 1999 2:49 PM Subject: [pptp-server] Wont work ... > Hi ! > > I am trying to get pptp working on a simple setup, but have some troubles. I > recompiled pppd-2.3.10 + patch, kernel 2.2.14pre4 & used pptp from the > latest rpm. I followed the FAQ. I had to add "alias char-major-108 off" in > my conf.modules file. I use a Win98rev2 client. > > When I try to open the VPN, the win client tells me it is trying to get > authenticated, waits for a while, and hangs up, saying there is some trouble > with the server (error 645). > > Any help would be greatly appreciated. > > Here's my ppp/options : > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > part of lsmod : > ppp_mppe 13616 0 (unused) > ppp_deflate 40580 0 (unused) > bsd_comp 3632 0 (unused) > ppp 20140 0 [ppp_mppe ppp_deflate bsd_comp] > slhc 4360 0 [ppp] > > Here follows the log : > Nov 15 23:36:32 xor pptpd[1075]: MGR: Launching /usr/sbin/pptpctrl to handle > client > Nov 15 23:36:32 xor pptpd[1075]: CTRL: local address = 192.168.1.235 > Nov 15 23:36:32 xor pptpd[1075]: CTRL: remote address = 192.168.2.235 > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Client 195.202.225.166 control > connection started > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Received PPTP Control Message (type: > 1) > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Made a START CTRL CONN RPLY packet > Nov 15 23:36:32 xor pptpd[1075]: CTRL: I wrote 156 bytes to the client. > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Sent packet to client > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Received PPTP Control Message (type: > 7) > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Set parameters to 0 maxbps, 16 window > size > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Made a OUT CALL RPLY packet > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Starting call (launching pppd, > opening GRE) > Nov 15 23:36:32 xor pptpd[1075]: CTRL: pty_fd = 4 > Nov 15 23:36:32 xor pptpd[1075]: CTRL: tty_fd = 5 > Nov 15 23:36:32 xor pptpd[1076]: CTRL (PPPD Launcher): Connection speed = > 115200 > Nov 15 23:36:32 xor pptpd[1076]: CTRL (PPPD Launcher): local address = > 192.168.1.235 > Nov 15 23:36:32 xor pptpd[1076]: CTRL (PPPD Launcher): remote address = > 192.168.2.235 > Nov 15 23:36:32 xor pptpd[1075]: CTRL: I wrote 32 bytes to the client. > Nov 15 23:36:32 xor pptpd[1075]: CTRL: Sent packet to client > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Received PPTP Control Message (type: > 12) > Nov 15 23:37:00 xor pptpd[1051]: MGR: Reaped child 1075 > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Made a CALL DISCONNECT RPLY packet > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Received CALL CLR request (closing > call) > Nov 15 23:37:00 xor pptpd[1075]: CTRL: I wrote 148 bytes to the client. > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Sent packet to client > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Error with select(), quitting > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Client 195.202.225.166 control > connection finished > Nov 15 23:37:00 xor pptpd[1075]: CTRL: Exiting now > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From nngodinh at ocicnet.net Thu Nov 18 03:52:37 1999 From: nngodinh at ocicnet.net (Nhan NGO DINH (OCIC Missionary Service Technical Support)) Date: Thu Nov 18 03:52:37 1999 Subject: [pptp-server] PPPD 2.3.10 patch Message-ID: <4.1.19991118105847.00ab1980@mail.rome.ocicnet.net> Hi, Where can I find detailed instructions about the ppp-2.3.10-openssl-norc4-mppe patch? Thx. --- Nhan NGO DINH (OCIC Missionary Service Technical Support) e-mail: nngodinh at ocicnet.net From pf at sxb.bsf.alcatel.fr Thu Nov 18 07:21:14 1999 From: pf at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Thu Nov 18 07:21:14 1999 Subject: [pptp-server] PPPD 2.3.10 patch References: <4.1.19991118105847.00ab1980@mail.rome.ocicnet.net> Message-ID: <3833FBBF.CA13210B@sxb.bsf.alcatel.fr> An HTML attachment was scrubbed... URL: From chavant at geosys.fr Thu Nov 18 09:58:05 1999 From: chavant at geosys.fr (jean-Paul Chavant) Date: Thu Nov 18 09:58:05 1999 Subject: [pptp-server] problem of patching ppp-2.3.8 Message-ID: <002c01bf31dd$023abac0$7d03a8c0@pcjpc> Hello, i am trying to install pptp-1.0.0 on my linux box (Mandrake 5.3 kernel 2.0.36) I have all the necessary files. But when i patch ppp-2.3.8 for mppe patch -p0 < ppp-2_3_8-mppe-others-norc4_TH7_diff (from /usr/local/src) i ve got a lot of error messages : patching file `ppp-2.3.8/README.MPPE' patching file `ppp-2.3.8/include/linux/ppp-comp.h' Hunk #1 FAILED at 28. Hunk #2 FAILED at 120. Hunk #3 FAILED at 139. Hunk #4 FAILED at 186. 4 out of 4 hunks FAILED -- saving rejects to ppp-2.3.8/include/linux/ppp-comp.h.rej patching file `ppp-2.3.8/include/net/ppp-comp.h' Hunk #1 FAILED at 109. Hunk #2 FAILED at 153. 2 out of 2 hunks FAILED -- saving rejects to ppp-2.3.8/include/net/ppp-comp.h.rej patching file `ppp-2.3.8/linux/kinstall.sh' Hunk #1 FAILED at 115. Hunk #2 FAILED at 189. Hunk #3 FAILED at 244. 3 out of 3 hunks FAILED -- saving rejects to ppp-2.3.8/linux/kinstall.sh.rej The next patch would create the file `ppp-2.3.8/linux/mppe.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/linux/mppe.h.rej patching file `ppp-2.3.8/linux/ppp.c' Hunk #1 FAILED at 4. Hunk #2 FAILED at 77. Hunk #3 FAILED at 2351. 3 out of 3 hunks FAILED -- saving rejects to ppp-2.3.8/linux/ppp.c.rej The next patch would create the file `ppp-2.3.8/linux/ppp_lzscomp.c', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/linux/ppp_lzscomp.c.rej The next patch would create the file `ppp-2.3.8/linux/ppp_lzscomp.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/linux/ppp_lzscomp.h.rej The next patch would create the file `ppp-2.3.8/linux/ppp_mppe.c', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/linux/ppp_mppe.c.rej patching file `ppp-2.3.8/pppd/Makefile.linux' Hunk #1 FAILED at 9. Hunk #2 FAILED at 29. Hunk #3 FAILED at 43. Hunk #4 FAILED at 62. Hunk #5 FAILED at 78. Hunk #6 FAILED at 98. 6 out of 6 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/Makefile.linux.rej patching file `ppp-2.3.8/pppd/auth.c' Hunk #1 FAILED at 76. Hunk #2 FAILED at 119. Hunk #3 FAILED at 160. Hunk #4 FAILED at 193. Hunk #5 FAILED at 437. Hunk #6 FAILED at 462. Hunk #7 FAILED at 532. Hunk #8 FAILED at 1303. 8 out of 8 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/auth.c.rej patching file `ppp-2.3.8/pppd/cbcp.c' Hunk #1 FAILED at 18. Hunk #2 FAILED at 55. Hunk #3 FAILED at 82. Hunk #4 FAILED at 97. Hunk #5 FAILED at 116. Hunk #6 FAILED at 169. Hunk #7 FAILED at 180. Hunk #8 FAILED at 276. Hunk #9 FAILED at 402. Hunk #10 FAILED at 415. Hunk #11 FAILED at 452. Hunk #12 FAILED at 488. Hunk #13 FAILED at 709. Hunk #14 FAILED at 727. 14 out of 14 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/cbcp.c.rej patching file `ppp-2.3.8/pppd/ccp.c' Hunk #1 FAILED at 35. Hunk #2 FAILED at 78. Hunk #3 FAILED at 187. Hunk #4 FAILED at 312. Hunk #5 FAILED at 460. Hunk #6 FAILED at 476. Hunk #7 FAILED at 534. Hunk #8 FAILED at 582. Hunk #9 FAILED at 700. Hunk #10 FAILED at 794. Hunk #11 FAILED at 884. Hunk #12 FAILED at 1005. Hunk #13 FAILED at 1199. Hunk #14 FAILED at 1361. Hunk #15 FAILED at 1432. 15 out of 15 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/ccp.c.rej patching file `ppp-2.3.8/pppd/ccp.h' Hunk #1 FAILED at 34. Hunk #2 FAILED at 50. 2 out of 2 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/ccp.h.rej patching file `ppp-2.3.8/pppd/chap.c' Hunk #1 FAILED at 49. Hunk #2 FAILED at 115. Hunk #3 FAILED at 462. Hunk #4 FAILED at 474. Hunk #5 FAILED at 579. Hunk #6 FAILED at 594. Hunk #7 FAILED at 623. Hunk #8 FAILED at 631. Hunk #9 FAILED at 786. Hunk #10 FAILED at 797. Hunk #11 FAILED at 811. Hunk #12 FAILED at 819. Hunk #13 FAILED at 941. 13 out of 13 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/chap.c.rej patching file `ppp-2.3.8/pppd/chap.h' Hunk #1 FAILED at 46. Hunk #2 FAILED at 119. 2 out of 2 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/chap.h.rej patching file `ppp-2.3.8/pppd/chap_ms.c' Hunk #1 FAILED at 31. Hunk #2 FAILED at 59. Hunk #3 FAILED at 75. Hunk #4 FAILED at 118. Hunk #5 FAILED at 126. Hunk #6 FAILED at 141. Hunk #7 FAILED at 175. 7 out of 7 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/chap_ms.c.rej patching file `ppp-2.3.8/pppd/chap_ms.h' Hunk #1 FAILED at 24. 1 out of 1 hunk FAILED -- saving rejects to ppp-2.3.8/pppd/chap_ms.h.rej The next patch would create the file `ppp-2.3.8/pppd/extra_crypto.c', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/extra_crypto.c.rej The next patch would create the file `ppp-2.3.8/pppd/extra_crypto.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/extra_crypto.h.rej patching file `ppp-2.3.8/pppd/ipcp.c' Hunk #1 FAILED at 121. Hunk #2 FAILED at 1056. Hunk #3 FAILED at 1121. 3 out of 3 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/ipcp.c.rej patching file `ppp-2.3.8/pppd/lcp.c' Hunk #1 FAILED at 35. Hunk #2 FAILED at 279. Hunk #3 FAILED at 587. Hunk #4 FAILED at 964. Hunk #5 FAILED at 1202. Hunk #6 FAILED at 1453. Hunk #7 FAILED at 1533. Hunk #8 FAILED at 1822. 8 out of 8 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/lcp.c.rej patching file `ppp-2.3.8/pppd/lcp.h' Hunk #1 FAILED at 56. 1 out of 1 hunk FAILED -- saving rejects to ppp-2.3.8/pppd/lcp.h.rej The next patch would create the file `ppp-2.3.8/pppd/mppe.c', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/mppe.c.rej The next patch would create the file `ppp-2.3.8/pppd/mppe.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/mppe.h.rej patching file `ppp-2.3.8/pppd/pppd.8' Hunk #1 FAILED at 27. Hunk #2 FAILED at 77. Hunk #3 FAILED at 298. Hunk #4 FAILED at 462. Hunk #5 FAILED at 689. Hunk #6 FAILED at 742. Hunk #7 FAILED at 1094. 7 out of 7 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/pppd.8.rej patching file `ppp-2.3.8/pppd/pppd.h' Hunk #1 FAILED at 320. 1 out of 1 hunk FAILED -- saving rejects to ppp-2.3.8/pppd/pppd.h.rej The next patch would create the file `ppp-2.3.8/pppd/sha.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/sha.h.rej The next patch would create the file `ppp-2.3.8/pppd/sha1dgst.c', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/sha1dgst.c.rej The next patch would create the file `ppp-2.3.8/pppd/sha_locl.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/sha_locl.h.rej patching file `ppp-2.3.8/pppdump/ppp-comp.h' Hunk #1 FAILED at 94. 1 out of 1 hunk FAILED -- saving rejects to ppp-2.3.8/pppdump/ppp-comp.h.rej what does it means ? someone can help me ... ? Thans. Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From pf at sxb.bsf.alcatel.fr Thu Nov 18 10:41:56 1999 From: pf at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Thu Nov 18 10:41:56 1999 Subject: [pptp-server] PPPD 2.3.10 patch References: <4.1.19991118105847.00ab1980@mail.rome.ocicnet.net> <3833FBBF.CA13210B@sxb.bsf.alcatel.fr> Message-ID: <38342BBC.CE60B641@sxb.bsf.alcatel.fr> An HTML attachment was scrubbed... URL: From EMIR.TOKTAR at bra.xerox.com Thu Nov 18 16:34:34 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Thu Nov 18 16:34:34 1999 Subject: [pptp-server] Linux NAT support PPTP packet editor/filter? Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F13EE@bra0070ms1.bra.xerox.com> Be careful!! > If you want to do IPSEC with NAT you have to include the IPSEC > MASQ Refs: A Comprehensive Guide to Virtual Private Networks, IBM. Virtual Private Networking: An Overview White Paper - DRAFT, 3/18/98 Microsoft. "... The weakness of NAT in context to VPNs is that by definition the NAT-enabled machine will change some or all of the address information in an IP packet. When end-to-end IPSec authentication is used, a packet whose address has been changed will always fail its integrity check under the AH protocol, since any change to any bit in the datagram will invalidate the integrity check value that was generated by the source. Within the IETF, there is a working group that is looking at the deployment issues surrounding NAT. This group has been advised by the Internet Engineering Steering Group (IESG) that the IETF will not endorse any deployment of NAT that would lead to weaker security that can be obtained when NAT is not used. Since NAT makes it impossible to authenticate a packet using IPSec? s AH protocol, NAT should be considered as a temporary measure at best, but should NOT BE pursued as a long term solution to the addressing problem when dealing with secure VPNs. IPSec protocols offer some solutions to the addressing issues that were previously handled with NAT. ..." Refs: ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html "... VPN Masquerade is the part of IP Masquerade which enables you to use IPsec-based and PPTP-based Virtual Private Network clients from behind a shared-access firewall. This is primarily used for masquerading IPsec and PPTP VPN clients: IPsec Client -. | Linux IPsec PPTP -+-> Masq and --> Internet --> Firewall --> or PPTP Client | Firewall Server | Others -+ | No other software is needed to masquerade VPN clients. It can also be used to provide access to a Private Network IPsec or PPTP server behind a Linux firewall... IPsec Linux Private-IP or PPTP --> Internet --> Firewall --> PPTP or IPsec Client Server ... But,... The IPsec AH protocol (51/ip) incorporates a cryptographic checksum including the IP addresses in the IP header. Since masquerading changes those IP addresses and since the cryptographic checksum cannot be recalculated by the masquerading firewall, the masqueraded packets will fail the checksum test and will be discarded by the remote IPsec gateway. Therefore, IPsec implementations that use the AH protocol cannot be successfully masqueraded. Sorry. ..." Regards Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: geoff nordli [mailto:geoff at gnaa.net] Sent: Wednesday, November 17, 1999 11:47 PM To: 'tmk'; 'Chuck Flink'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Linux NAT support PPTP packet editor/filter? If you want to do IPSEC with NAT you have to include the IPSEC MASQ ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html There is a section in there where it talks about masq and IPSEC. Geoff Nordli > Desired: Linux configuration on PCb with similar functionality. linux masq + pptp masq module will do exactly this. > I believe IPsec / L2TP cannot be filtered / edited to pass through > NAT gateways like PPTP can.... correct me if I'm wrong. I'd > prefer to use the more open IPsec standard if it could be made > to be as transparent as PPTP. i believe ipsec encrypts everything (that is useful to NAT) but the dest address, so masq wont do ipsec to my knowledge. Kevin _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From anderson at moat.centtech.com Thu Nov 18 16:42:26 1999 From: anderson at moat.centtech.com (Eric Anderson) Date: Thu Nov 18 16:42:26 1999 Subject: [pptp-server] arp / proxyarp In-Reply-To: <002301bf315f$71d98c40$071c0fc0@lala.net> References: <4.2.0.58.19991117105935.00a3e800@mailhost.centtech.com> Message-ID: <4.2.0.58.19991118164136.00a977e0@mailhost.centtech.com> Actually, I was jsut doing what the FAQ had said on the site. I know what my problem is now. I just need my pptp server to be doing NAT on eth0. I don't need it to restrict any packets, and I need it bidirectional.. At 04:54 PM 11/17/99 -0800, you wrote: >what are you tryinhg to do? if you are trying to do proxy arp, there is a >ppp switch for that, no need to do it manually. > >fyi, the hardware (MAC) address must be the eth card that is on the same >subnet as the ppp device is in. I have said it before, and i'll probably say >it again: There is NO POINT in doing proxy arps for machines on a different >subnet, since they will never use it. Routing takes care of that side of the >business. > >-Kevin > >----- Original Message ----- >From: Eric Anderson >To: >Sent: Wednesday, November 17, 1999 9:01 AM >Subject: [pptp-server] arp / proxyarp > > > > when sending this command: > > > > arp --set $REMOTE_IP_ADDRESS 00:60:08:98:14:14 pub >> /var/run/ppp.up > > > > should the 00:60:08:98:14:14 be the hardware address of my ethernet port >on > > the pptp server ,the client, the firewall, etc? i tried it with the pptp > > server's eth0 address, and it didnt seem to work.. what did i miss? > > > > > > > > > > ____________________________________ > > Microsoft: Where do you want to go today? > > Linux: Where do you want to go tomorrow? > > FreeBSD: Are you guys coming or what? > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > ____________________________________ Microsoft: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? From garp at opustel.com Thu Nov 18 16:53:37 1999 From: garp at opustel.com (Keith Garry Boyce) Date: Thu Nov 18 16:53:37 1999 Subject: [pptp-server] security with slirp? Message-ID: <006001bf3217$b95efd30$af081cc6@opustel.com> Is there any capability of data and or authentication encryption with poptop,slirp connecting to winnt client with ms pptp? If so how? Work: (508) 424-2356 -------------- next part -------------- An HTML attachment was scrubbed... URL: From cwf at infosecana.com Thu Nov 18 17:01:48 1999 From: cwf at infosecana.com (Chuck Flink) Date: Thu Nov 18 17:01:48 1999 Subject: [pptp-server] Linux NAT support PPTP packet editor/filter? References: <51E5E026247AD2118CDD0008C74CC2DD5F13EE@bra0070ms1.bra.xerox.com> Message-ID: <001601bf321a$250ab360$8900a8c0@infosecana.com> Thanks, Emir. You remind us all of one of the arguments justifying PPTP and L2TP. The point is that IPsec deals with a security domain defined strongly by IP addresses. NAT is philosophically aimed at what is central to IPsec security. PPTP (and some forms of L2TP) has PPP as the "tunneled" protocol. It is only because PPP can carry IP that PPTP tunnels IP at all. This has the advantage of moving the endpoints of the security domain to the PPTP gateway machines. The NAT is no longer a key component in the security analysis of the "tunneled" address space, though it still protects the home LAN on which the tunnel end point (PCa) is located. Of course, as a side of using PPP as the tunneled protocol, PPTP/L2TP can also carry NetBEUI, IPX and theoretically any protocol which PPP can carry. I guess I was too quick to say I'd rather use IPsec than PPTP. Certainly the IPsec standard is FAR more analyzed and understood than PPTP, but the security perimeter it supports in the case in question ends up opening the work domain to greater risk by exposing it to all PCs on the LAN, not just the one that I want accessing the work domain. Interesting business, isn't it. -Chuck ----- Original Message ----- From: "Toktar, Emir" To: "'geoff nordli'" ; "'tmk'" ; "'Chuck Flink'" ; Sent: Thursday, November 18, 1999 8:00 AM Subject: RE: [pptp-server] Linux NAT support PPTP packet editor/filter? > Be careful!! > > > If you want to do IPSEC with NAT you have to include the IPSEC > > MASQ > > Refs: A Comprehensive Guide to Virtual Private Networks, IBM. > Virtual Private Networking: An Overview White Paper - DRAFT, 3/18/98 > Microsoft. > "... > The weakness of NAT in context to VPNs is that by definition the NAT-enabled > machine will change some or all of the address information in an IP packet. > > When end-to-end IPSec authentication is used, a packet whose address has > been changed will always fail its integrity check under the AH protocol, > since any change to any bit in the datagram will invalidate the integrity > check value that was generated by the source. > Within the IETF, there is a working group that is looking at the deployment > issues surrounding NAT. This group has been advised by the Internet > Engineering Steering Group (IESG) that the IETF will not endorse any > deployment of NAT that would lead to weaker security that can be obtained > when NAT is not used. Since NAT makes it impossible to authenticate a packet > using IPSec? s AH protocol, NAT should be considered as a temporary measure > at best, but should NOT BE pursued as a long term solution to the addressing > problem when dealing with secure VPNs. > IPSec protocols offer some solutions to the addressing issues that were > previously handled with NAT. > ..." > > > > Refs: ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html > "... > VPN Masquerade is the part of IP Masquerade which enables you to use > IPsec-based and PPTP-based Virtual Private Network clients from behind a > shared-access firewall. > > This is primarily used for masquerading IPsec and PPTP VPN clients: > IPsec > Client -. > | Linux IPsec > PPTP -+-> Masq and --> Internet --> Firewall --> or PPTP > Client | Firewall Server > | > Others -+ > | > No other software is needed to masquerade VPN clients. > It can also be used to provide access to a Private Network IPsec or PPTP > server behind a Linux firewall... > IPsec Linux Private-IP > or PPTP --> Internet --> Firewall --> PPTP or IPsec > Client Server > ... > But,... > The IPsec AH protocol (51/ip) incorporates a cryptographic checksum > including the IP addresses in the IP header. Since masquerading changes > those IP addresses and since the cryptographic checksum cannot be > recalculated by the masquerading firewall, the masqueraded packets will fail > the checksum test and will be discarded by the remote IPsec gateway. > Therefore, IPsec implementations that use the AH protocol cannot be > successfully masqueraded. Sorry. > ..." > > > > Regards > > > Emir Toktar > > +55 (**41) 340-7157 > emir.toktar at bra.xerox.com > toktar at per.com.br > toktar at ppgia.pucpr.br > > -----Original Message----- > From: geoff nordli [mailto:geoff at gnaa.net] > Sent: Wednesday, November 17, 1999 11:47 PM > To: 'tmk'; 'Chuck Flink'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Linux NAT support PPTP packet editor/filter? > > > If you want to do IPSEC with NAT you have to include the IPSEC > MASQ > > ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html > > There is a section in there where it talks about masq and IPSEC. > > Geoff Nordli > > > Desired: Linux configuration on PCb with similar functionality. > > linux masq + pptp masq module will do exactly this. > > > I believe IPsec / L2TP cannot be filtered / edited to pass through > > NAT gateways like PPTP can.... correct me if I'm wrong. I'd > > prefer to use the more open IPsec standard if it could be made > > to be as transparent as PPTP. > > i believe ipsec encrypts everything (that is useful to NAT) but the dest > address, so masq wont do ipsec to my knowledge. > > Kevin > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > > From EMIR.TOKTAR at bra.xerox.com Fri Nov 19 01:28:12 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Fri Nov 19 01:28:12 1999 Subject: [pptp-server] problem of patching ppp-2.3.8 Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F13F4@bra0070ms1.bra.xerox.com> Chavant, do the download of the ppp-2.3.8 and patchs newly (integrity?) You should rebuild the kernel with this package. This version of PPP has been tested on various Linux kernel versions (most recently 2.0.36 and 2.2.8). It will not work on kernels before 2.0.0. If you have an earlier kernel, please upgrade to the latest 2.0 or 2.2 kernel. Follow the PoPToP HowTo... ##-----(if kernel < 2.2.8)---------### # e.g. Build the kernel when < Kernel 2.2.8 # kernel [cd /usr/src/linux/] [make menuconfig .....if necessary ...] #e.g. Look for the rmp installed [RedHat 6.0 - default] #kernel-headers-2.2.5-15 ==> [your situation kernel-headers-2.0.36]... #kernel-2.2.5-15 ==> [your situation kernel....] #kernel-doc-2.2.5-15 #kernel-pcmcia-cs-2.2.5-15 # if necessary... #kernel-source-2.2.5-15 #kernelcfg-0.5-5 #ppp-2.3.7-2 # ## Follow this steps... [make dep] [make clean] [make bzImage] [make modules] ## don?t forget it [make modules_install] ## don?t forget it ###-----(endif kernel < 2.2.8)---------### ## after recomplied the kernel, follow the steps in HowTo PoPToP.... [pwd] [usr/local/src/ppp-2.3.8] # be sure into ppp-2.3.8 dir [make] [cp pppd/pppd /usr/sbin/] (+) [make install] --> reference ppp-2.3.8 [cd /usr/src/linux] [make modules SUBDIRS=drivers/net] [make modules_install] Good look! Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: jean-Paul Chavant [mailto:chavant at geosys.fr] Sent: Thursday, November 18, 1999 1:53 PM To: Pptp-Server at Lists. Schulte. Org Subject: [pptp-server] problem of patching ppp-2.3.8 Hello, i am trying to install pptp-1.0.0 on my linux box (Mandrake 5.3 kernel 2.0.36) I have all the necessary files. But when i patch ppp-2.3.8 for mppe patch -p0 < ppp-2_3_8-mppe-others-norc4_TH7_diff (from /usr/local/src) i ve got a lot of error messages : patching file `ppp-2.3.8/README.MPPE' patching file `ppp-2.3.8/include/linux/ppp-comp.h' Hunk #1 FAILED at 28. Hunk #2 FAILED at 120. Hunk #3 FAILED at 139. Hunk #4 FAILED at 186. 4 out of 4 hunks FAILED -- saving rejects to ppp-2.3.8/include/linux/ppp-comp.h.rej patching file `ppp-2.3.8/include/net/ppp-comp.h' Hunk #1 FAILED at 109. Hunk #2 FAILED at 153. 2 out of 2 hunks FAILED -- saving rejects to ppp-2.3.8/include/net/ppp-comp.h.rej patching file `ppp-2.3.8/linux/kinstall.sh' Hunk #1 FAILED at 115. Hunk #2 FAILED at 189. Hunk #3 FAILED at 244. 3 out of 3 hunks FAILED -- saving rejects to ppp-2.3.8/linux/kinstall.sh.rej The next patch would create the file `ppp-2.3.8/linux/mppe.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/linux/mppe.h.rej patching file `ppp-2.3.8/linux/ppp.c' Hunk #1 FAILED at 4. Hunk #2 FAILED at 77. Hunk #3 FAILED at 2351. 3 out of 3 hunks FAILED -- saving rejects to ppp-2.3.8/linux/ppp.c.rej The next patch would create the file `ppp-2.3.8/linux/ppp_lzscomp.c', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/linux/ppp_lzscomp.c.rej The next patch would create the file `ppp-2.3.8/linux/ppp_lzscomp.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/linux/ppp_lzscomp.h.rej The next patch would create the file `ppp-2.3.8/linux/ppp_mppe.c', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/linux/ppp_mppe.c.rej patching file `ppp-2.3.8/pppd/Makefile.linux' Hunk #1 FAILED at 9. Hunk #2 FAILED at 29. Hunk #3 FAILED at 43. Hunk #4 FAILED at 62. Hunk #5 FAILED at 78. Hunk #6 FAILED at 98. 6 out of 6 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/Makefile.linux.rej patching file `ppp-2.3.8/pppd/auth.c' Hunk #1 FAILED at 76. Hunk #2 FAILED at 119. Hunk #3 FAILED at 160. Hunk #4 FAILED at 193. Hunk #5 FAILED at 437. Hunk #6 FAILED at 462. Hunk #7 FAILED at 532. Hunk #8 FAILED at 1303. 8 out of 8 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/auth.c.rej patching file `ppp-2.3.8/pppd/cbcp.c' Hunk #1 FAILED at 18. Hunk #2 FAILED at 55. Hunk #3 FAILED at 82. Hunk #4 FAILED at 97. Hunk #5 FAILED at 116. Hunk #6 FAILED at 169. Hunk #7 FAILED at 180. Hunk #8 FAILED at 276. Hunk #9 FAILED at 402. Hunk #10 FAILED at 415. Hunk #11 FAILED at 452. Hunk #12 FAILED at 488. Hunk #13 FAILED at 709. Hunk #14 FAILED at 727. 14 out of 14 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/cbcp.c.rej patching file `ppp-2.3.8/pppd/ccp.c' Hunk #1 FAILED at 35. Hunk #2 FAILED at 78. Hunk #3 FAILED at 187. Hunk #4 FAILED at 312. Hunk #5 FAILED at 460. Hunk #6 FAILED at 476. Hunk #7 FAILED at 534. Hunk #8 FAILED at 582. Hunk #9 FAILED at 700. Hunk #10 FAILED at 794. Hunk #11 FAILED at 884. Hunk #12 FAILED at 1005. Hunk #13 FAILED at 1199. Hunk #14 FAILED at 1361. Hunk #15 FAILED at 1432. 15 out of 15 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/ccp.c.rej patching file `ppp-2.3.8/pppd/ccp.h' Hunk #1 FAILED at 34. Hunk #2 FAILED at 50. 2 out of 2 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/ccp.h.rej patching file `ppp-2.3.8/pppd/chap.c' Hunk #1 FAILED at 49. Hunk #2 FAILED at 115. Hunk #3 FAILED at 462. Hunk #4 FAILED at 474. Hunk #5 FAILED at 579. Hunk #6 FAILED at 594. Hunk #7 FAILED at 623. Hunk #8 FAILED at 631. Hunk #9 FAILED at 786. Hunk #10 FAILED at 797. Hunk #11 FAILED at 811. Hunk #12 FAILED at 819. Hunk #13 FAILED at 941. 13 out of 13 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/chap.c.rej patching file `ppp-2.3.8/pppd/chap.h' Hunk #1 FAILED at 46. Hunk #2 FAILED at 119. 2 out of 2 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/chap.h.rej patching file `ppp-2.3.8/pppd/chap_ms.c' Hunk #1 FAILED at 31. Hunk #2 FAILED at 59. Hunk #3 FAILED at 75. Hunk #4 FAILED at 118. Hunk #5 FAILED at 126. Hunk #6 FAILED at 141. Hunk #7 FAILED at 175. 7 out of 7 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/chap_ms.c.rej patching file `ppp-2.3.8/pppd/chap_ms.h' Hunk #1 FAILED at 24. 1 out of 1 hunk FAILED -- saving rejects to ppp-2.3.8/pppd/chap_ms.h.rej The next patch would create the file `ppp-2.3.8/pppd/extra_crypto.c', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/extra_crypto.c.rej The next patch would create the file `ppp-2.3.8/pppd/extra_crypto.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/extra_crypto.h.rej patching file `ppp-2.3.8/pppd/ipcp.c' Hunk #1 FAILED at 121. Hunk #2 FAILED at 1056. Hunk #3 FAILED at 1121. 3 out of 3 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/ipcp.c.rej patching file `ppp-2.3.8/pppd/lcp.c' Hunk #1 FAILED at 35. Hunk #2 FAILED at 279. Hunk #3 FAILED at 587. Hunk #4 FAILED at 964. Hunk #5 FAILED at 1202. Hunk #6 FAILED at 1453. Hunk #7 FAILED at 1533. Hunk #8 FAILED at 1822. 8 out of 8 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/lcp.c.rej patching file `ppp-2.3.8/pppd/lcp.h' Hunk #1 FAILED at 56. 1 out of 1 hunk FAILED -- saving rejects to ppp-2.3.8/pppd/lcp.h.rej The next patch would create the file `ppp-2.3.8/pppd/mppe.c', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/mppe.c.rej The next patch would create the file `ppp-2.3.8/pppd/mppe.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/mppe.h.rej patching file `ppp-2.3.8/pppd/pppd.8' Hunk #1 FAILED at 27. Hunk #2 FAILED at 77. Hunk #3 FAILED at 298. Hunk #4 FAILED at 462. Hunk #5 FAILED at 689. Hunk #6 FAILED at 742. Hunk #7 FAILED at 1094. 7 out of 7 hunks FAILED -- saving rejects to ppp-2.3.8/pppd/pppd.8.rej patching file `ppp-2.3.8/pppd/pppd.h' Hunk #1 FAILED at 320. 1 out of 1 hunk FAILED -- saving rejects to ppp-2.3.8/pppd/pppd.h.rej The next patch would create the file `ppp-2.3.8/pppd/sha.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/sha.h.rej The next patch would create the file `ppp-2.3.8/pppd/sha1dgst.c', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/sha1dgst.c.rej The next patch would create the file `ppp-2.3.8/pppd/sha_locl.h', which already exists! Assume -R? [n] Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to ppp-2.3.8/pppd/sha_locl.h.rej patching file `ppp-2.3.8/pppdump/ppp-comp.h' Hunk #1 FAILED at 94. 1 out of 1 hunk FAILED -- saving rejects to ppp-2.3.8/pppdump/ppp-comp.h.rej what does it means ? someone can help me ... ? Thans. Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From t_galan at pacbell.net Fri Nov 19 03:04:42 1999 From: t_galan at pacbell.net (Tony Galan) Date: Fri Nov 19 03:04:42 1999 Subject: [pptp-server] Newbie question Message-ID: This is my first attempt at setting up pptp using the HOWTO-PoPToP.txt from http://www.moretonbay.com/vpn/download_pptp.html I am having trouble uncompressing the ppp-2.3.10-openssl-norc4-mppe.patch.gz. It looks like a plain old text file, so I renamed it to ppp-2.3.10-openssl-norc4-mppe.patch Everything went smoothly except for "patch -p0 < ppp-2.3.10-patch1" Where does the "ppp-2.3.10-patch1" file come from ?? Thanks [tar zxvf ppp-2.3.10.tar.gz] [gunzip ppp-2.3.10-mppe-others-norc4_TH7.diff.gz] [tar zxvf SSLeay-0.9.0b.tar.gz] [cp SSLeay-0.9.0b/crypto/rc4/rc4.h ppp-2.3.10/linux/] [cp SSLeay-0.9.0b/crypto/rc4/rc4_enc.c ppp-2.3.10/linux/] [cp SSLeay-0.9.0b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/] [cp SSLeay-0.9.0b/crypto/rc4/rc4_enc.c /usr/src/linux/drivers/net/] [cp ppp-2.3.10-patch1 ppp-2.3.10/pppd] [cd ppp-2.3.10/pppd] [patch -p0 < ppp-2.3.10-patch1] [cd /usr/local/src/] [patch -p0 < ppp-2.3.10-mppe-others-norc4_TH7.diff] From pf at sxb.bsf.alcatel.fr Fri Nov 19 06:33:33 1999 From: pf at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Fri Nov 19 06:33:33 1999 Subject: [pptp-server] Newbie question References: Message-ID: <383541E6.B3E8DF82@sxb.bsf.alcatel.fr> An HTML attachment was scrubbed... URL: From vogt at serc.nl Fri Nov 19 09:49:02 1999 From: vogt at serc.nl (Harald Vogt) Date: Fri Nov 19 09:49:02 1999 Subject: [pptp-server] security with slirp? References: <006001bf3217$b95efd30$af081cc6@opustel.com> Message-ID: <383571B0.9D63A5BB@serc.nl> > Keith Garry Boyce wrote: > > Is there any capability of data and or authentication encryption with poptop,slirp connecting to > winnt client with ms pptp? > If so how? From ryan at ifg.net Fri Nov 19 11:25:31 1999 From: ryan at ifg.net (Ryan Medlin) Date: Fri Nov 19 11:25:31 1999 Subject: [pptp-server] PPTP Client question Message-ID: Hi, I have 2 RAS servers, one with the new version of RAS for NT, the RRAS (Steelhead). and one with the RAS server that comes with NT. I can get the PPTP client to work with the RAS server that comes with NT, but it doesnt work with the RRAS server at all. The RRAS server, however, is not on a domain at all. Do i need to set up something different in chap-secrets, do i put workgroup\\username instead of domain\\username or do i just put username all by itself??? thanks, ryan From geoff at gnaa.net Fri Nov 19 12:49:05 1999 From: geoff at gnaa.net (geoff nordli) Date: Fri Nov 19 12:49:05 1999 Subject: [pptp-server] restricting certain type of authentication Message-ID: <002501bf32bf$0060cef0$0101a8c0@highwayi.com> I only want to accept chapms-v2 encryption with the ppp_mppe. How do I do this? I tried only having chapms-v2 in the options file, but it still allows you to connect with lower security settings. I tried putting a "-" in front of the encryptions I don't want, but to no avail. I tried putting require-chapms-v2, still nothing thanks, Geoff Nordli MCT, Master CNE, MCSE, CCA, A+ From EMIR.TOKTAR at bra.xerox.com Fri Nov 19 22:59:45 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Fri Nov 19 22:59:45 1999 Subject: [pptp-server] Newbie question Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F13F8@bra0070ms1.bra.xerox.com> >>Where does the "ppp-2.3.10-patch1" file come from ?? from PPP files: ftp://cs.anu.edu.au/pub/software/ppp/ >>I am having trouble uncompressing the >>ppp-2.3.10-openssl-norc4-mppe.patch.gz. It isn?t compressing. "patch -p0 < ppp-2.3.10-mppe-others-norc4_TH7.diff.gz" work fine. Regards Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: Tony Galan [mailto:t_galan at pacbell.net] Sent: Friday, November 19, 1999 6:50 AM To: Pptp-Server Subject: [pptp-server] Newbie question This is my first attempt at setting up pptp using the HOWTO-PoPToP.txt from http://www.moretonbay.com/vpn/download_pptp.html I am having trouble uncompressing the ppp-2.3.10-openssl-norc4-mppe.patch.gz. It looks like a plain old text file, so I renamed it to ppp-2.3.10-openssl-norc4-mppe.patch Everything went smoothly except for "patch -p0 < ppp-2.3.10-patch1" Where does the "ppp-2.3.10-patch1" file come from ?? Thanks [tar zxvf ppp-2.3.10.tar.gz] [gunzip ppp-2.3.10-mppe-others-norc4_TH7.diff.gz] [tar zxvf SSLeay-0.9.0b.tar.gz] [cp SSLeay-0.9.0b/crypto/rc4/rc4.h ppp-2.3.10/linux/] [cp SSLeay-0.9.0b/crypto/rc4/rc4_enc.c ppp-2.3.10/linux/] [cp SSLeay-0.9.0b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/] [cp SSLeay-0.9.0b/crypto/rc4/rc4_enc.c /usr/src/linux/drivers/net/] [cp ppp-2.3.10-patch1 ppp-2.3.10/pppd] [cd ppp-2.3.10/pppd] [patch -p0 < ppp-2.3.10-patch1] [cd /usr/local/src/] [patch -p0 < ppp-2.3.10-mppe-others-norc4_TH7.diff] _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From EMIR.TOKTAR at bra.xerox.com Sat Nov 20 00:21:22 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Sat Nov 20 00:21:22 1999 Subject: [pptp-server] Newbie question Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F13FA@bra0070ms1.bra.xerox.com> >> I am having trouble uncompressing the >> ppp-2.3.10-openssl-norc4-mppe.patch.gz. This is not compressing, although it has extensions .gz >> Everything went smoothly except for "patch -p0 < ppp-2.3.10-patch1" >> This patch doesn't exist for ppp-2.3.8: the howto has been released for ppp-2.3.8. You have to adapt it. >> I tried to do that (see in my yesterday posts). There is it at some place that you did the download PPP files: ftp://cs.anu.edu.au/pub/software/ppp/ -------------------------------------------- HOWTOFAQ PoPToP 1. Grab yourself a clean copy of the PPP daemon v2.3.8 (ppp-2.3.8.tar.gz). I usually go here for my PPP files: ftp://cs.anu.edu.au/pub/software/ppp/ ppp-2.3.8.tar.gz ppp-2.3.10-patch1 ## look for ... -------------------------------------------------- It?s a good idea read always the HowTo FAQ and e-mails into this list :-))) Good Look! Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: Pascal Fremaux [mailto:pf at sxb.bsf.alcatel.fr] Sent: Friday, November 19, 1999 10:26 AM To: Tony Galan Cc: Pptp-Server Subject: Re: [pptp-server] Newbie question Tony Galan wrote: This is my first attempt at setting up pptp using the HOWTO-PoPToP.txt from http://www.moretonbay.com/vpn/download_pptp.html I am having trouble uncompressing the ppp-2.3.10-openssl-norc4-mppe.patch.gz. Often browsers unzip automatically what they downloads. Netscape (4.7) rename the file. It looks like a plain old text file, so I renamed it to ppp-2.3.10-openssl-norc4-mppe.patch Everything went smoothly except for "patch -p0 < ppp-2.3.10-patch1" This patch doesn't exist for ppp-2.3.8: the howto has been released for ppp-2.3.8. You have to adapt it. I tried to do that (see in my yesterday posts). Where does the "ppp-2.3.10-patch1" file come from ?? Thanks [tar zxvf ppp-2.3.10.tar.gz] [gunzip ppp-2.3.10-mppe-others-norc4_TH7.diff.gz] [tar zxvf SSLeay-0.9.0b.tar.gz] [cp SSLeay-0.9.0b/crypto/rc4/rc4.h ppp-2.3.10/linux/] [cp SSLeay-0.9.0b/crypto/rc4/rc4_enc.c ppp-2.3.10/linux/] [cp SSLeay-0.9.0b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/] [cp SSLeay-0.9.0b/crypto/rc4/rc4_enc.c /usr/src/linux/drivers/net/] [cp ppp-2.3.10-patch1 ppp-2.3.10/pppd] [cd ppp-2.3.10/pppd] [patch -p0 < ppp-2.3.10-patch1] [cd /usr/local/src/] [patch -p0 < ppp-2.3.10-mppe-others-norc4_TH7.diff] Please tell me if there is a difference between files rc4.h and rc4_enc.c from SSLeay-0.9.0b and those from SSLeay-0.6.6b. I don't know if taking the last update of SSLeay is necessary. -- Pascal Fremaux, SSII Alten Study Engineer at Alcatel Telecom R&D, Illkirch, France _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From tlskinner at mail.mv.total-web.net Sun Nov 21 19:21:12 1999 From: tlskinner at mail.mv.total-web.net (Tony Skinner) Date: Sun Nov 21 19:21:12 1999 Subject: [pptp-server] Problems: Server works but link slowly dies off with any client Message-ID: <3.0.5.32.19991121191450.007f1c30@mail.hendersontrucking.com> Hello, I am using PoPToP v1.0.0, ppp-2.3.10 with latest patches and kernel 2.2.13. I have the server and client establishing link and passing data; however, after 2-3 minutes of connectivity with the server, the connection begins to gradually slow down. Initially when the connection is made, everything is fast and responsive, but as time passes, the link grows slower until finally it ceases to respond. The logs reveal checksum errors being reported from pppd. The errors occur at random times. In some cases, the connection can last up to 5-10 minutes while others last 20 seconds. I have reproduced these errors regardless of the transmission medium. I have established tunnels via modem over the net to the server. I have tested on the local network to the server establishing a tunnel over a 100 mb connection. The same symptoms everytime, increased slowness until finally the link ceases to function. I have tried disabling certain options with the microsoft vpn connection client which has no affect on the connection dying. I have also tried various tricks within the /etc/ppp/options file for helping with transmission errors, this has had no effect at all. Is anyone out there successfully using PoPToP with encryption without any of these symptoms? If so, please respond. I would be interested to see how your configuration differs from mine. At this point, I am wondering if it has something to do with the kernel version I am running. Thanks in advance, Tony Skinner From pf at sxb.bsf.alcatel.fr Mon Nov 22 03:30:41 1999 From: pf at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Mon Nov 22 03:30:41 1999 Subject: [pptp-server] Newbie question References: <51E5E026247AD2118CDD0008C74CC2DD5F13FA@bra0070ms1.bra.xerox.com> Message-ID: <38390D1C.67350768@sxb.bsf.alcatel.fr> An HTML attachment was scrubbed... URL: From pf at sxb.bsf.alcatel.fr Mon Nov 22 03:34:52 1999 From: pf at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Mon Nov 22 03:34:52 1999 Subject: [pptp-server] restricting certain type of authentication References: <002501bf32bf$0060cef0$0101a8c0@highwayi.com> Message-ID: <38390E41.593E2AE5@sxb.bsf.alcatel.fr> An HTML attachment was scrubbed... URL: From steve at iconz.co.nz Mon Nov 22 05:37:32 1999 From: steve at iconz.co.nz (Systems Admin) Date: Mon Nov 22 05:37:32 1999 Subject: [pptp-server] yay ! (sorta) In-Reply-To: <38390E41.593E2AE5@sxb.bsf.alcatel.fr> Message-ID: Hiyas again :) ok, i seem to have a tunnel up and running between my home network and the rest of the net tunneled over a DSL link which is all masqeraded and such forth to do this i used the PoPToP server on a linux box at work and the pptp client software running on the linux gateway at home, i have a static route pointing to the PoPToP server so i can bring the link up and then the routing entries pipeing my small subnet (/28 - sorry, it was late last time i wrote to the list :) ) thru the tunnel, over the DSL link and out the other end onto the net, this all works a right charm :) now the problem is that when the gateway box running the pptp client software tries to do anything it seems to want to use the ip address on the ppp0 interface to announce stuff to the rest of the world, seeing as these are set to 192.168.x.x addresses they hit the end of the tunnel then drop into a bit bucket somewhere on the floor. is there a way to force the linux box to use the eth0 address (210.48.7.161) as the address it sends all traffic it generates down the tunnel ? my routing table looks as such - am i missing something ? i thought of removeing the default route and somehow (running routed or some other form of routeing daemon) building its own routing table as it needs it but dont know if this will work as i want it to. anyway, my routing table is as follows.. Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 210.48.7.161 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 210.48.22.6 192.168.1.254 255.255.255.255 UGH 0 0 0 eth1 192.168.1.249 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 210.48.7.160 0.0.0.0 255.255.255.240 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 ppp0 192.168.1.254 is the DSL box 192.168.1.249 is eth1 on the DSL side and used to carry the ppp link thru to 210.48.22.6 which is the PoPToP server 210.48.7.161 is the linux boxes 'inside' address the tunnel is between 192.168.3.1 and 192.168.2.1 if i ssh into 192.168.2.1 (the far end of the tunnel) it claims that i am comming from 192.168.3.1 - which i gather is my problem :) steve pts/2 192.168.3.1 12:34am 0.00s 0.21s 0.10s w (output from a w) if someone could shed some light on this it'd be great :) -- Steve. From EMIR.TOKTAR at bra.xerox.com Mon Nov 22 22:03:21 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Mon Nov 22 22:03:21 1999 Subject: [pptp-server] Newbie question Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F13FE@bra0070ms1.bra.xerox.com> "Pascal Fremaux" wrote: > Go and see yourself: no ppp-2.3.10-patch1 in this place. the only patch1 > is for 2.3.9, and not necessary for 2.3.10. --------------------------------------- >> Everything went smoothly except for "patch -p0 < ppp-2.3.10-patch1" -------------------------------------- Be careful !! There are patches for 2.3.8 and 2.3.9 are different. The respectives patches fixed different line codes. Look for the patch for ppp-2.3.X and apply to fix it. Ok! ppp-2.3.8-patch1 ==> fix IPX support in the Kernel ppp-2.3.9-patch1 ==> fix the include "sysmacros.h" Open the sources codes "sys-linux.c" in ppp-2.3.9 and ppp-2.3.8, after this, look for the same lines codes: ### if (path_to_procfs("/net/ipx_interface") ### You will find a bit of difference that the ppp-2.3.8-patch1 fix it! You should apply ppp-2.3.8-patch1 (using ppp-2.3.8 of course!)and you repeat the same steps above, you won?t find any difference. OK! Please, look for the softwares on: ftp://cs.anu.edu.au/pub/software/ppp/ README old/ ppp-2.3.10-1.i386.rpm ppp-2.3.10-1.ppc.rpm ppp-2.3.10-1.src.rpm ppp-2.3.10.tar.gz ppp-2.3.8-1.i386.rpm ppp-2.3.8-1.ppc.rpm ppp-2.3.8-1.src.rpm ppp-2.3.8-patch1 ppp-2.3.8.tar.gz ppp-2.3.9-1.i386.rpm ppp-2.3.9-1.ppc.rpm ppp-2.3.9-1.src.rpm ppp-2.3.9-patch1 ppp-2.3.9.tar.gz There are patch to ppp-2.3.8 and ppp-2.3.9, ppp-2.3.10 not yet :) Regards Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: Pascal Fremaux [mailto:pf at sxb.bsf.alcatel.fr] Sent: Monday, November 22, 1999 7:30 AM To: Toktar, Emir Cc: Pptp-Server Subject: Re: [pptp-server] Newbie question "Toktar, Emir" wrote: >> I am having trouble uncompressing the >> ppp-2.3.10-openssl-norc4-mppe.patch.gz. This is not compressing, although it has extensions .gz >> Everything went smoothly except for "patch -p0 < ppp-2.3.10-patch1" >> This patch doesn't exist for ppp-2.3.8: the howto has been released for ppp-2.3.8. You have to adapt it. >> I tried to do that (see in my yesterday posts). There is it at some place that you did the download PPP files: ftp://cs.anu.edu.au/pub/software/ppp/ Go and see yourself: no ppp-2.3.10-patch1 in this place. the only patch1 is for 2.3.9, and not necessary for 2.3.10. -- Pascal Fremaux, SSII Alten Study Engineer at Alcatel Telecom R&D, Illkirch, France _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From tlskinner at mail.mv.total-web.net Mon Nov 22 22:35:50 1999 From: tlskinner at mail.mv.total-web.net (Tony Skinner) Date: Mon Nov 22 22:35:50 1999 Subject: [pptp-server] Anyone successfully using PoPToP, respond with your configuration... Message-ID: <3.0.5.32.19991122222918.007f78d0@mail.hendersontrucking.com> I am hoping there is atleast one person here who is successfully using PoPToP with Windows 9x clients. If you are, please respond. I am pulling my hair out trying to figure out while I can establish a link perfectly, but the link slowly dies off after a few minutes. Thanks Tony From geoff at gnaa.net Tue Nov 23 01:09:22 1999 From: geoff at gnaa.net (geoff nordli) Date: Tue Nov 23 01:09:22 1999 Subject: [pptp-server] restricting certain type of authentication In-Reply-To: <38390E41.593E2AE5@sxb.bsf.alcatel.fr> Message-ID: <003401bf3581$ebc60620$0101a8c0@highwayi.com> So you have an options file that looks like this: lock debug auth name server +chapms-v2 mppe-128 mppe-stateless proxyarp and it will only allow mppe. geoff For me it works. Isn't it another problem ? (patch for encryption ?) geoff nordli wrote: I only want to accept chapms-v2 encryption with the ppp_mppe. How do I do this? I tried only having chapms-v2 in the options file, but it still allows you to connect with lower security settings. I tried putting a "-" in front of the encryptions I don't want, but to no avail. I tried putting require-chapms-v2, still nothing thanks, Geoff Nordli MCT, Master CNE, MCSE, CCA, A+ _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! -- Pascal Fremaux, SSII Alten Study Engineer at Alcatel Telecom R&D, Illkirch, France _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! -------------- next part -------------- An HTML attachment was scrubbed... URL: From pf at sxb.bsf.alcatel.fr Tue Nov 23 02:41:14 1999 From: pf at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Tue Nov 23 02:41:14 1999 Subject: [pptp-server] Newbie question References: <51E5E026247AD2118CDD0008C74CC2DD5F13FE@bra0070ms1.bra.xerox.com> Message-ID: <383A532B.D10C3815@sxb.bsf.alcatel.fr> An HTML attachment was scrubbed... URL: From walterm at Gliatech.com Tue Nov 23 07:31:51 1999 From: walterm at Gliatech.com (Michael Walter) Date: Tue Nov 23 07:31:51 1999 Subject: [pptp-server] Anyone successfully using PoPToP, respond with your configuration... Message-ID: I am successfully using poptop for win95, win98, winNT, and Win2000 Pre Release 2 clients. I have found that the win95 link is somewhat instable and slower but I blame this on win95 not Poptop. Win98, WinNT, and Win2000 are quite good, in fact I have maintained a link for 7 hours with the win98 client(forgot to disconnect a test PC). I do not however use Samba to provide wins information to the client. I just use the vpn link to give access to a MS Terminal/Citrix Metaframe Server. The poptop server is running on a box(Dell Linux Poweredge 1300) with squid, masq'ing, and extensive firewalling and intrusion detection software. I haven't had a single user issue with any of these services since the machine was placed in production 2 months ago. All in all the system supports 80 internal internet users and 15 remote access users. Michael J. Walter mcse Gliatech, Inc. 216-831-3200 walterm at gliatech.com mwalter at drwalter.com From chavant at geosys.fr Tue Nov 23 07:44:52 1999 From: chavant at geosys.fr (jean-Paul Chavant) Date: Tue Nov 23 07:44:52 1999 Subject: [pptp-server] Anyone successfully using PoPToP, respond with your configuration... In-Reply-To: Message-ID: <000501bf35b8$405c2b20$7d03a8c0@pcjpc> Hello, can you say me whitch FW & detection intrusion program you use ? Thanks. Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Michael Walter > Sent: mardi 23 novembre 1999 14:28 > To: PPTPD User Group (E-mail) > Subject: RE: [pptp-server] Anyone successfully using PoPToP, respond > with your configuration... > > > I am successfully using poptop for win95, win98, winNT, and Win2000 Pre > Release 2 clients. I have found that the win95 link is somewhat instable > and slower but I blame this on win95 not Poptop. Win98, WinNT, > and Win2000 > are quite good, in fact I have maintained a link for 7 hours with > the win98 > client(forgot to disconnect a test PC). I do not however use Samba to > provide wins information to the client. I just use the vpn link to give > access to a MS Terminal/Citrix Metaframe Server. The poptop server is > running on a box(Dell Linux Poweredge 1300) with squid, masq'ing, and > extensive firewalling and intrusion detection software. I haven't had a > single user issue with any of these services since the machine > was placed in > production 2 months ago. All in all the system supports 80 internal > internet users and 15 remote access users. > > > Michael J. Walter mcse > Gliatech, Inc. > 216-831-3200 > walterm at gliatech.com > mwalter at drwalter.com > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From chavant at geosys.fr Tue Nov 23 09:24:15 1999 From: chavant at geosys.fr (jean-Paul Chavant) Date: Tue Nov 23 09:24:15 1999 Subject: [pptp-server] PPP 2.3.10 In-Reply-To: <51E5E026247AD2118CDD0008C74CC2DD5F1393@bra0070ms1.bra.xerox.com> Message-ID: <001b01bf35c6$273143c0$7d03a8c0@pcjpc> Hello, on linux box with 2.2.13 kernel i patch suuccesfull i compile my kernel (because it doens t haveloadable module activated) and i made these commands : [root at vpn distant]# cd /usr/src/linux [root at vpn linux]# rmmod ppp [root at vpn linux]# insmod slhc /lib/modules/2.2.13-7mdk/net/slhc.o: a module named slhc already exists [root at vpn linux]# insmod ppp [root at vpn linux]# insmod bsd comp insmod: bsd: no module by that name found [root at vpn linux]# insmod ppp deflate here nothing else ... system is blocked ... someone can help me ? thanks. Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Toktar, Emir > Sent: mercredi 3 novembre 1999 21:49 > To: 'Matthew C. Grab'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] PPP 2.3.10 > > > When I installed the PoPToP, I follow the procedures HowTo/Faq and had any > problems. > > I modifyed any procedures below and work fine. > > Procedures that I used for comments. > (+) lines that I add .... > (-) lines that I cut .... # not necessary > # comment > ****************************** > PoPToP HOWTO/FAQ > ---------------- > Last Updated: 19990813 > Maintained by: Matthew Ramsay > HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP > Mailing List > (hosted by Christopher Schulte) by Matthew Ramsay. Large > contributions from > Steve Rhodes and Michael Walter. > +++++++++++++++++++++ > 3.0 PPP (and MSCHAP/MPPE) Installation > -------------------------------------- > It is only necessary to use PPP 2.3.8 if you want Microsoft compatible > MSCHAPv2/MPPE authentication and encryption. The reason for this is that > the MSCHAPv2/MPPE patch currently supplied (19990813) is against > PPP 2.3.8. > If you don't need Microsoft compatible authentication/encryption any 2.3.x > PPP source will be fine. > Assuming you want Microsoft compatible authentication/encryption follow > these steps: > Note: [] are example commands to run > 1. Grab yourself a clean copy of the PPP deamon v2.3.8 (ppp-2.3.8.tar.gz). > I usually go here for my PPP files: > ftp://cs.anu.edu.au/pub/software/ppp/ > Note: You must get the tarball (tar.gz) and *not* the RPM. > 2. Grab youself the MSCHAP/MPPE diff file from: > > http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4 > _TH7.diff. > gz > 3. Grab yourself the SSLeay-0.6.6b file from: > ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz > 4. You should now have 3 files: > ppp-2.3.8.tar.gz > ppp-2.3.8-mppe-others-norc4_TH7.diff.gz > SSLeay-0.6.6b.tar.gz > (+) ppp-2.3.8-patch1 ==>correction for IPX/SPX > Copy these files to your preferred location (I prefer /usr/local/src/) > #e.g. I uninstall previus ppp > (+) rpm -e ppp-2.3.7-2 > 5. Assuming your files are in /usr/local/src/ and your current working > directory is also /usr/local/src/ do the following: > [tar zxvf ppp-2.3.8.tar.gz] > [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] > # e.g.. it's not gunzip... [gunzip > ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] > [tar zxvf SSLeay-0.6.6b.tar.gz] > [cp SSLeay-0.6.6b/crypto/rc4/rc4.h ppp-2.3.8/linux/] > [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c ppp-2.3.8/linux/] > (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/] > (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c > /usr/src/linux/drivers/net/] > (+) [cp ppp-2.3.8-patch1 ppp-2.3.8/pppd] > (+) [cd ppp-2.3.8/pppd] > (+) [patch -p0 < ppp-2.3.8-patch1] > (+) [cd /usr/local/src/] > [patch -p0 < ppp-2.3.8-mppe-others-norc4_TH7.diff] > [cd ppp-2.3.8] > > 6. The files should now all be in place and we are ready to compile PPP. > Follow these steps to compile it: > [./configure] > (+) [make kernel] --> reference ppp-2.3.8 > #e.g. It isen't necessary following lines below described in > HOWTOFAQ... > (-) [cd linux] # not necessary > (-) [./kinstall.sh] # not necessary > (-) [cd ..] # not necessary > > > ## > ## Read documentation in ppp-2.3.8 ### > ## README.linux > ##-----(if kernel < 2.2.8)---------### > # e.g. Build the kernel when < Kernel 2.2.8 > # kernel > [cd /usr/src/linux/] > [make menuconfig .....if necessary ...] > [make dep] > [make clean] > [make bzImage] > [make modules] > [make modules_install] > ###-----(endif kernel < 2.2.8)---------### > [pwd] > [usr/local/src/ppp-2.3.8] # be sure into ppp-2.3.8 dir > [make] > [cp pppd/pppd /usr/sbin/] > (+) [make install] --> reference ppp-2.3.8 > [cd /usr/src/linux] > [make modules SUBDIRS=drivers/net] > [make modules_install] > [rmmod ppp] > (+) [insmod slhc] > (+) [insmod ppp] > (+) [insmod bsd_comp] > (+) [insmod ppp_deflate] > (+) [insmod ppp_mppe] > > > > Emir Toktar > +55 ** 41 340-7157 > emir.toktar at bra.xerox.com > toktar at per.com.br > toktar at ppgia.pucpr.br > > > -----Original Message----- > From: Matthew C. Grab [mailto:mis at cindyrowe.com] > Sent: Wednesday, November 03, 1999 1:08 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] PPP 2.3.10 > > > Hi, I have been following the PopTop Howto. In the PPP compile /install > part, I am supposed to type "make modules SUBDIRS=drivers/net" > while in the > /usr/src/linux directory. I am getting this error message. Can anybody > help point me in the right direction? I'm running RedHat 6.0, and I don't > know much about compiling kernels or modules or where in linux source for > anything is kept/installed. I would greatly appreciate any help you could > offer. I started with PPP 2.3.8 and the mppe patch, but I couldn't get > anywhere, so I moved to PPP 2.3.10 with the mppe patch. > > Thanks in advance, > Matt Grab > mis at cindyrowe.com > > > [root at shop7 linux]# make modules SUBDIRS=drivers/net > make -C drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2 > -fomit-frame-pointer > -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 > -malign-functio > ns=2 -DCPU=586 -DMODULE -DMODVERSIONS -include > /usr/src/linux-2.2.5/include/linu > x/modversions.h" MAKING_MODULES=1 modules > make[1]: Entering directory `/usr/src/linux-2.2.5/drivers/net' > make[1]: *** No rule to make target > `/usr/src/linux-2.2.5/include/linux/module.h > ', needed by `ppp.o'. Stop. > make[1]: Leaving directory `/usr/src/linux-2.2.5/drivers/net' > make: *** [_mod_drivers/net] Error 2 > [root at shop7 linux]# > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From chavant at geosys.fr Tue Nov 23 09:27:13 1999 From: chavant at geosys.fr (jean-Paul Chavant) Date: Tue Nov 23 09:27:13 1999 Subject: FW: [pptp-server] PPP 2.3.10 Message-ID: <001c01bf35c6$8f4c4400$7d03a8c0@pcjpc> Hello, on linux box with 2.2.13 kernel i patch suuccesfull i compile my kernel (because it doens t haveloadable module activated) and i made these commands : [root at vpn distant]# cd /usr/src/linux [root at vpn linux]# rmmod ppp [root at vpn linux]# insmod slhc /lib/modules/2.2.13-7mdk/net/slhc.o: a module named slhc already exists [root at vpn linux]# insmod ppp [root at vpn linux]# insmod bsd comp insmod: bsd: no module by that name found [root at vpn linux]# insmod ppp deflate here nothing else ... system is blocked ... I have to do a CRTL-C to stop the operation ... someone can help me ? thanks. Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Toktar, Emir > Sent: mercredi 3 novembre 1999 21:49 > To: 'Matthew C. Grab'; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] PPP 2.3.10 > > > When I installed the PoPToP, I follow the procedures HowTo/Faq and had any > problems. > > I modifyed any procedures below and work fine. > > Procedures that I used for comments. > (+) lines that I add .... > (-) lines that I cut .... # not necessary > # comment > ****************************** > PoPToP HOWTO/FAQ > ---------------- > Last Updated: 19990813 > Maintained by: Matthew Ramsay > HOWTO/FAQ mostly compiled from PoPToP help pages and the PoPToP > Mailing List > (hosted by Christopher Schulte) by Matthew Ramsay. Large > contributions from > Steve Rhodes and Michael Walter. > +++++++++++++++++++++ > 3.0 PPP (and MSCHAP/MPPE) Installation > -------------------------------------- > It is only necessary to use PPP 2.3.8 if you want Microsoft compatible > MSCHAPv2/MPPE authentication and encryption. The reason for this is that > the MSCHAPv2/MPPE patch currently supplied (19990813) is against > PPP 2.3.8. > If you don't need Microsoft compatible authentication/encryption any 2.3.x > PPP source will be fine. > Assuming you want Microsoft compatible authentication/encryption follow > these steps: > Note: [] are example commands to run > 1. Grab yourself a clean copy of the PPP deamon v2.3.8 (ppp-2.3.8.tar.gz). > I usually go here for my PPP files: > ftp://cs.anu.edu.au/pub/software/ppp/ > Note: You must get the tarball (tar.gz) and *not* the RPM. > 2. Grab youself the MSCHAP/MPPE diff file from: > > http://www.moretonbay.com/vpn/releases/ppp-2.3.8-mppe-others-norc4 > _TH7.diff. > gz > 3. Grab yourself the SSLeay-0.6.6b file from: > ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-0.6.6b.tar.gz > 4. You should now have 3 files: > ppp-2.3.8.tar.gz > ppp-2.3.8-mppe-others-norc4_TH7.diff.gz > SSLeay-0.6.6b.tar.gz > (+) ppp-2.3.8-patch1 ==>correction for IPX/SPX > Copy these files to your preferred location (I prefer /usr/local/src/) > #e.g. I uninstall previus ppp > (+) rpm -e ppp-2.3.7-2 > 5. Assuming your files are in /usr/local/src/ and your current working > directory is also /usr/local/src/ do the following: > [tar zxvf ppp-2.3.8.tar.gz] > [gunzip ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] > # e.g.. it's not gunzip... [gunzip > ppp-2.3.8-mppe-others-norc4_TH7.diff.gz] > [tar zxvf SSLeay-0.6.6b.tar.gz] > [cp SSLeay-0.6.6b/crypto/rc4/rc4.h ppp-2.3.8/linux/] > [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c ppp-2.3.8/linux/] > (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4.h /usr/src/linux/drivers/net/] > (+) [cp SSLeay-0.6.6b/crypto/rc4/rc4_enc.c > /usr/src/linux/drivers/net/] > (+) [cp ppp-2.3.8-patch1 ppp-2.3.8/pppd] > (+) [cd ppp-2.3.8/pppd] > (+) [patch -p0 < ppp-2.3.8-patch1] > (+) [cd /usr/local/src/] > [patch -p0 < ppp-2.3.8-mppe-others-norc4_TH7.diff] > [cd ppp-2.3.8] > > 6. The files should now all be in place and we are ready to compile PPP. > Follow these steps to compile it: > [./configure] > (+) [make kernel] --> reference ppp-2.3.8 > #e.g. It isen't necessary following lines below described in > HOWTOFAQ... > (-) [cd linux] # not necessary > (-) [./kinstall.sh] # not necessary > (-) [cd ..] # not necessary > > > ## > ## Read documentation in ppp-2.3.8 ### > ## README.linux > ##-----(if kernel < 2.2.8)---------### > # e.g. Build the kernel when < Kernel 2.2.8 > # kernel > [cd /usr/src/linux/] > [make menuconfig .....if necessary ...] > [make dep] > [make clean] > [make bzImage] > [make modules] > [make modules_install] > ###-----(endif kernel < 2.2.8)---------### > [pwd] > [usr/local/src/ppp-2.3.8] # be sure into ppp-2.3.8 dir > [make] > [cp pppd/pppd /usr/sbin/] > (+) [make install] --> reference ppp-2.3.8 > [cd /usr/src/linux] > [make modules SUBDIRS=drivers/net] > [make modules_install] > [rmmod ppp] > (+) [insmod slhc] > (+) [insmod ppp] > (+) [insmod bsd_comp] > (+) [insmod ppp_deflate] > (+) [insmod ppp_mppe] > > > > Emir Toktar > +55 ** 41 340-7157 > emir.toktar at bra.xerox.com > toktar at per.com.br > toktar at ppgia.pucpr.br > > > -----Original Message----- > From: Matthew C. Grab [mailto:mis at cindyrowe.com] > Sent: Wednesday, November 03, 1999 1:08 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] PPP 2.3.10 > > > Hi, I have been following the PopTop Howto. In the PPP compile /install > part, I am supposed to type "make modules SUBDIRS=drivers/net" > while in the > /usr/src/linux directory. I am getting this error message. Can anybody > help point me in the right direction? I'm running RedHat 6.0, and I don't > know much about compiling kernels or modules or where in linux source for > anything is kept/installed. I would greatly appreciate any help you could > offer. I started with PPP 2.3.8 and the mppe patch, but I couldn't get > anywhere, so I moved to PPP 2.3.10 with the mppe patch. > > Thanks in advance, > Matt Grab > mis at cindyrowe.com > > > [root at shop7 linux]# make modules SUBDIRS=drivers/net > make -C drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2 > -fomit-frame-pointer > -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 > -malign-functio > ns=2 -DCPU=586 -DMODULE -DMODVERSIONS -include > /usr/src/linux-2.2.5/include/linu > x/modversions.h" MAKING_MODULES=1 modules > make[1]: Entering directory `/usr/src/linux-2.2.5/drivers/net' > make[1]: *** No rule to make target > `/usr/src/linux-2.2.5/include/linux/module.h > ', needed by `ppp.o'. Stop. > make[1]: Leaving directory `/usr/src/linux-2.2.5/drivers/net' > make: *** [_mod_drivers/net] Error 2 > [root at shop7 linux]# > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From orion at bld.cqg.com Tue Nov 23 12:54:18 1999 From: orion at bld.cqg.com (Orion Poplawski) Date: Tue Nov 23 12:54:18 1999 Subject: [pptp-server] modprobe: can't locate module ppp-compress- Message-ID: <199911231854.LAA13514@bvt.bld.cqg.com> First off, thanks to everyone responsible for this. It works very nicely. Most of the problems I had configuring were on the Windows side or altering my firewall rules to handle the LAN extension. I installed from the binary RPM distribution and ppp-2.3.8 with all requisite patches. Now, on a fresh boot when I connect into the machine I get the following errors: Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-21 Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-18 Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-26 Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-24 Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-21 Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-18 Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-26 Nov 23 11:12:32 bvtigw modprobe: can't locate module ppp-compress-24 Nov 23 11:12:32 bvtigw modprobe: can't locate module ppp-compress-18 with the last message repeating frequently. I've never been very good at the Linux module loading system, what do I need to do to make this work correctly? I can still connect okay, but I'd like to fix these errors. TIA, Orion ----------------------------------------------------------------------- Orion Poplawski, OPoplawski at cqg.com, Tel: (303) 440-4462x17, Fax: -4507 CQG, Inc., 250 Arapahoe Avenue, Boulder, CO 80302 From walterm at Gliatech.com Tue Nov 23 13:39:12 1999 From: walterm at Gliatech.com (Michael Walter) Date: Tue Nov 23 13:39:12 1999 Subject: [pptp-server] modprobe: can't locate module ppp-compress- Message-ID: edit the /etc/conf.modules file and add the following lines alias ppp-compress-18 ppp_mppe alias ppp-compress-21 slhc alias ppp-compress-24 bsd_comp alias ppp-compress-26 ppp_deflate Michael J. Walter mcse Gliatech, Inc. 216-831-3200 walterm at gliatech.com mwalter at drwalter.com On Tuesday, November 23, 1999 1:54 PM, Orion Poplawski [SMTP:orion at bld.cqg.com] wrote: > First off, thanks to everyone responsible for this. It works > very nicely. Most of the problems I had configuring were on the > Windows side or altering my firewall rules to handle the LAN extension. > > I installed from the binary RPM distribution and ppp-2.3.8 with > all requisite patches. > > Now, on a fresh boot when I connect into the machine I get the following > errors: > > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-21 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-18 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-26 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-24 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-21 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-18 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-26 > Nov 23 11:12:32 bvtigw modprobe: can't locate module ppp-compress-24 > Nov 23 11:12:32 bvtigw modprobe: can't locate module ppp-compress-18 > > with the last message repeating frequently. > > I've never been very good at the Linux module loading system, what do > I need to do to make this work correctly? I can still connect okay, > but I'd like to fix these errors. > > TIA, > > Orion > > ----------------------------------------------------------------------- > Orion Poplawski, OPoplawski at cqg.com, Tel: (303) 440-4462x17, Fax: -4507 > CQG, Inc., 250 Arapahoe Avenue, Boulder, CO 80302 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From toktar at per.com.br Tue Nov 23 19:23:12 1999 From: toktar at per.com.br (Emir Toktar) Date: Tue Nov 23 19:23:12 1999 Subject: [pptp-server] modprobe: can't locate module ppp-compress- References: <199911231854.LAA13514@bvt.bld.cqg.com> Message-ID: <006201bf361a$eec1c870$010010ac@crypto.net> ERROR: Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 You can then edit the /etc/conf.modules file and add alias: alias ppp-compress-18 ppp_mppe alias ppp-compress-21 slhc alias ppp-compress-24 bsd_comp alias ppp-compress-26 ppp_deflate This will auto load the encryption stuff. There are entries that will also get the other two, but I can't recall which is which. One of them will get two ppp-compress-xx messages to go away. Regards Emir Toktar +55 2141 232-4570 toktar at per.com.br emir.toktar at bra.xerox.com toktar at ppgia.pucpr.br ----- Original Message ----- From: Orion Poplawski To: Sent: Tuesday, November 23, 1999 4:54 PM Subject: [pptp-server] modprobe: can't locate module ppp-compress- > First off, thanks to everyone responsible for this. It works > very nicely. Most of the problems I had configuring were on the > Windows side or altering my firewall rules to handle the LAN extension. > > I installed from the binary RPM distribution and ppp-2.3.8 with > all requisite patches. > > Now, on a fresh boot when I connect into the machine I get the following > errors: > > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-21 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-18 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-26 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-24 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-21 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-18 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-26 > Nov 23 11:12:32 bvtigw modprobe: can't locate module ppp-compress-24 > Nov 23 11:12:32 bvtigw modprobe: can't locate module ppp-compress-18 > > with the last message repeating frequently. > > I've never been very good at the Linux module loading system, what do > I need to do to make this work correctly? I can still connect okay, > but I'd like to fix these errors. > > TIA, > > Orion > > ----------------------------------------------------------------------- > Orion Poplawski, OPoplawski at cqg.com, Tel: (303) 440-4462x17, Fax: -4507 > CQG, Inc., 250 Arapahoe Avenue, Boulder, CO 80302 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From geoff at gnaa.net Tue Nov 23 19:34:25 1999 From: geoff at gnaa.net (geoff nordli) Date: Tue Nov 23 19:34:25 1999 Subject: [pptp-server] modprobe: can't locate module ppp-compress- In-Reply-To: <006201bf361a$eec1c870$010010ac@crypto.net> Message-ID: <002b01bf361c$50aafab0$0101a8c0@highwayi.com> I thought you had to manually load the ppp_mppe module. I normally put a line in the rc.local like this: insmod ppp_mppe geoff -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Emir Toktar Sent: Tuesday, November 23, 1999 5:26 PM To: Orion Poplawski; pptp-server at lists.schulte.org Subject: Re: [pptp-server] modprobe: can't locate module ppp-compress- ERROR: Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-21 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-26 Jul 2 17:30:03 ape modprobe: can't locate module ppp-compress-24 You can then edit the /etc/conf.modules file and add alias: alias ppp-compress-18 ppp_mppe alias ppp-compress-21 slhc alias ppp-compress-24 bsd_comp alias ppp-compress-26 ppp_deflate This will auto load the encryption stuff. There are entries that will also get the other two, but I can't recall which is which. One of them will get two ppp-compress-xx messages to go away. Regards Emir Toktar +55 2141 232-4570 toktar at per.com.br emir.toktar at bra.xerox.com toktar at ppgia.pucpr.br ----- Original Message ----- From: Orion Poplawski To: Sent: Tuesday, November 23, 1999 4:54 PM Subject: [pptp-server] modprobe: can't locate module ppp-compress- > First off, thanks to everyone responsible for this. It works > very nicely. Most of the problems I had configuring were on the > Windows side or altering my firewall rules to handle the LAN extension. > > I installed from the binary RPM distribution and ppp-2.3.8 with > all requisite patches. > > Now, on a fresh boot when I connect into the machine I get the following > errors: > > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-21 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-18 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-26 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-24 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-21 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-18 > Nov 23 11:12:31 bvtigw modprobe: can't locate module ppp-compress-26 > Nov 23 11:12:32 bvtigw modprobe: can't locate module ppp-compress-24 > Nov 23 11:12:32 bvtigw modprobe: can't locate module ppp-compress-18 > > with the last message repeating frequently. > > I've never been very good at the Linux module loading system, what do > I need to do to make this work correctly? I can still connect okay, > but I'd like to fix these errors. > > TIA, > > Orion > > ----------------------------------------------------------------------- > Orion Poplawski, OPoplawski at cqg.com, Tel: (303) 440-4462x17, Fax: -4507 > CQG, Inc., 250 Arapahoe Avenue, Boulder, CO 80302 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From EMIR.TOKTAR at bra.xerox.com Tue Nov 23 20:00:20 1999 From: EMIR.TOKTAR at bra.xerox.com (Toktar, Emir) Date: Tue Nov 23 20:00:20 1999 Subject: [pptp-server] Newbie question Message-ID: <51E5E026247AD2118CDD0008C74CC2DD5F1402@bra0070ms1.bra.xerox.com> You?re right, but to avoid any mistake I wrote exactally which paches there were and when applyed them as it is descripted below: " There are patch to ppp-2.3.8 and ppp-2.3.9, ppp-2.3.10 not yet " , so , I hope it is understood and there is no doubt left. Thanks for you comprehension and your help! Regards. Emir Toktar +55 (**41) 340-7157 emir.toktar at bra.xerox.com toktar at per.com.br toktar at ppgia.pucpr.br -----Original Message----- From: Pascal Fremaux [mailto:pf at sxb.bsf.alcatel.fr] Sent: Tuesday, November 23, 1999 6:41 AM Cc: Pptp-Server Subject: Re: [pptp-server] Newbie question But the problem is not that. I answered to Tony Galan, and what he asked, it was for the 2.3.10 ppp. And you know, if you took a look to the source, that the modificationis of ppp-2.3.8-patch1 and ppp-2.3.9-patch1 (which are different) are included in ppp-2.3.10. And a patch for ppp-2.3.10 exist, on http://www.moretonbay.com/vpn/download_pptp.html . That'all folks ! "Toktar, Emir" wrote: "Pascal Fremaux" wrote: > Go and see yourself: no ppp-2.3.10-patch1 in this place. the only patch1 > is for 2.3.9, and not necessary for 2.3.10. --------------------------------------- >> Everything went smoothly except for "patch -p0 < ppp-2.3.10-patch1" -------------------------------------- Be careful !! There are patches for 2.3.8 and 2.3.9 are different. The respectives patches fixed different line codes. Look for the patch for ppp-2.3.X and apply to fix it. Ok! ppp-2.3.8-patch1 ==> fix IPX support in the Kernel ppp-2.3.9-patch1 ==> fix the include "sysmacros.h" Open the sources codes "sys-linux.c" in ppp-2.3.9 and ppp-2.3.8, after this, look for the same lines codes: ### if (path_to_procfs("/net/ipx_interface") ### You will find a bit of difference that the ppp-2.3.8-patch1 fix it! You should apply ppp-2.3.8-patch1 (using ppp-2.3.8 of course!)and you repeat the same steps above, you won?t find any difference. OK! Please, look for the softwares on: ftp://cs.anu.edu.au/pub/software/ppp/ README old/ ppp-2.3.10-1.i386.rpm ppp-2.3.10-1.ppc.rpm ppp-2.3.10-1.src.rpm ppp-2.3.10.tar.gz ppp-2.3.8-1.i386.rpm ppp-2.3.8-1.ppc.rpm ppp-2.3.8-1.src.rpm ppp-2.3.8-patch1 ppp-2.3.8.tar.gz ppp-2.3.9-1.i386.rpm ppp-2.3.9-1.ppc.rpm ppp-2.3.9-1.src.rpm ppp-2.3.9-patch1 ppp-2.3.9.tar.gz There are patch to ppp-2.3.8 and ppp-2.3.9, ppp-2.3.10 not yet :) Regards Emir Toktar -- Pascal Fremaux, SSII Alten Study Engineer at Alcatel Telecom R&D, Illkirch, France _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From toktar at per.com.br Tue Nov 23 20:40:31 1999 From: toktar at per.com.br (Emir Toktar) Date: Tue Nov 23 20:40:31 1999 Subject: [pptp-server] Authentication ppp dual-homed References: <51E5E026247AD2118CDD0008C74CC2DD5F13B7@bra0070ms1.bra.xerox.com> <002501bf2bdc$b45f30c0$071c0fc0@lala.net> Message-ID: <00e301bf3625$aaefb7f0$010010ac@crypto.net> (sent with font courrier new) Kevin I saw the route in Windows NT after the conection. /etc/pptpd.conf speed 115200 localip 200.170.98.40 #free address remoteip 200.170.98.41-44 #range free address Network Dest. Netmask Gateway Interface __________________________________________________________ 0.0.0.0 0.0.0.0 200.17.98.41 200.170.98.41 ... 172.16.0.0 255.255.0.0 172.16.0.1 172.16.0.1 172.16.0.1 255.255.255.255 127.0.0.1 127.0.0.1 172.16.0.2 255.255.255.255 172.16.0.1 172.16.0.1 200.170.98.0 255.255.255.0 200.170.98.41 200.170.98.41 200.170.98.41 255.255.255.255 127.0.0.1 127.0.0.1 200.170.98.255 255.255.255.255 200.170.98.41 200.170.98.41 > ip forwarding is enabled It's OK! I can ping any address 200.170.98.*, but I can't open a telnet session to NIS Server for example,only on IP received via VPN or IP 200.170.98.50 (eth1 VPN). (eth0 VPN 172.16.0.2) > in english, this says "add a route to the 200.*.*.* > network using 172.16.0.2 as a gateway. > It takes one hop to get there." Ok, but looking the table above, 172.16.0.2 used 172.16.0.1 that used 127.0.0.1 like gateway. Am I rigth? If I add 200.*** network using 172.16.0.2 as a gateway won't be like same effect of the route table above? I think that I forgot setting anything on VPN... (Brownsing NT same...) I saw that after conection, a table route was built by itself and the gateway was 127.0.0.1, and not 172.16.0.2(eth0 VPN Server) like your suggestion. Any suggestion more? I'd appreciate. >> B) How Can I authenticate the user by using NIS Server >> to avoid having the name and password of the user >> recorded in /etc/ppp/chap-secrets? >> >> # I wouldn?t like of to use >> # names in clear-text mode ==> chap-secrets >> #/etc/ppp/chap-secrets >> # billy nis.puc.anydomani.edu bob * Regards Emir Toktar +55 2141 232-4570 toktar at per.com.br emir.toktar at bra.xerox.com toktar at ppgia.pucpr.br ----- Original Message ----- From: tmk To: Toktar, Emir ; Cc: Sent: Wednesday, November 10, 1999 10:35 PM Subject: Re: [pptp-server] Authentication ppp Help!! > your problem is a routing problem. you need to tell NT > that there is a path to the 200.*.*.* lan using the linux > box as a gateway. You then need be sure that ip > forwarding is enabled so linux will route the packets. > All computers involved in the conversation will have to > have the linux box listed as a gateway. > > i *THINK* the nt command to add the route is: > route add 200.0.0.0 mask 255.0.0.0 172.16.0.2 metric 1 > > in english, this says "add a route to the 200.*.*.* > network using 172.16.0.2 as a gateway. > It takes one hop to get there." > > The linux box will probably not need any additional > configuration. > > Kevin > > ----- Original Message ----- > From: Toktar, Emir > To: > Cc: > Sent: Wednesday, November 10, 1999 1:02 PM > Subject: [pptp-server] Authentication ppp Help!! > > >> Hello everybody, >> >> >> I?m using PoPToP and it is working fine and I?m doing >> performance tests via LAN to LAN with VPN over LAN. >> >> I have installed the following softwares: >> pptp-1.0.0 >> ppp-2.3.8 >> SSLeay-0.6.6b >> Red Hat 6.0 kernel 2.2.5-15 >> >> ************PROBLEM****************************** >> >> I changed LAN configuration to interconnect two LANs >> with VPN Linux dual-homed and now I have some problems: >> >> I split up the LAN phisically, as showed below and I did >> the setup from Linux VPN "vpn" host to NIS Server >> (secundary domain options in linuxconfig) >> >> | >> | LAN 200.170.98.* >> | Domain (DNS): puc.anydomain.edu >> | Server NIS : 200.170.98.147 >> | Host Name NIS: nis.puc.anydomani.edu >> | [NIS server on this LAN] >> | >> | >> | Linux VPN >> | Host Name: vpnlinux >> | eth1: obelix.puc.anydomain.edu >> | eth0: vpnlinux.crypto.net >> | primary server: 172.16.0.1 ## NT Server >> | secundary server: 200.170.98.147 ## Linux NIS >> | Samba server ok >> | >> |----|--------------------------| LAN 200.*** >> | IP (eth1): 200.170.98.50 | >> | | >> | DUAL-HOMED | >> | | >> |----| IP (eth0): 172.16.0.2 | >> | TTT|--------------------------| LAN 172.*** >> | T >> | T >> | T "VPN Tunnel" >> | T >> | T >> | TTT NT Server 4.0 >> |-----IP: 172.16.0.1 >> Host Name: ntsrv >> Network Domain (NT): DAEMON >> DNS Domain: crypto.net >> >> >> /etc/pptpd.conf >> speed 115200 >> localip 200.170.98.40 #free address >> remoteip 200.170.98.41-44 #range free address >> >> /etc/ppp/options >> debug >> name nis.puc.anydomani.edu #NIS Server from 200.*** >> auth >> require-chap >> proxyarp .... >> >> /etc/ppp/chap-secrets >> billy nis.puc.anydomani.edu bob * >> >> >> When I make a connection DUN to VPN Server (172.16.0.2), >> I receive a remoteip IP 200.170.98.41 and I can ping >> others computers in this network address, on the >> computer "ntsrv", I CAN?T SEE ANY LIST in Windows >> Explorer NT (via Samba - same situation): >> ______________________________________________________ >> +My Computer >> +Network Neighborhood >> DAEMON >> |- ntsrv\\shared (172.16.0.1) >> |- linuxvpn\\shared (172.16.0.2) >> | >> |-> "NO MORE BROWSE ANY DEVICE FROM NETWORK" ??? >> ______________________________________________________ >> >> >> A) What's wrong in this configuration that I can't see >> the browsing but what's says the box above? >> >> >> B) How Can I authenticate the user by using NIS Server >> to avoid having the name and password of the user >> recorded in /etc/ppp/chap-secrets? >> >> # I wouldn?t like of to use >> # names in clear-text mode ==> chap-secrets >> # >> #/etc/ppp/chap-secrets >> # billy nis.puc.anydomani.edu bob * >> >> >> Is there any script to send me like example? I?m reading >> some PPP HowTo but I?m not certainly the solution... >> If the NIS Server makes users authentication, it can >> manager the passwords changes, or maybe, using >> the /etc/passwd file with users registered and >> not etc/ppp/chap-secrets file. >> >> >> >> Regards >> >> Emir Toktar >> >> +55 (**41) 340-7157 >> emir.toktar at bra.xerox.com >> toktar at per.com.br >> toktar at ppgia.pucpr.br >> > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From nickj at Power-Networking.net Wed Nov 24 00:13:50 1999 From: nickj at Power-Networking.net (Nick Jones) Date: Wed Nov 24 00:13:50 1999 Subject: [pptp-server] Connection but no connection Message-ID: <000a01bf3643$64d5b8a0$0200a8c0@PowerNetworking.net> Hey everyone. I finally got the PPTPd server to allow clients to connect w/ 2.3.10 pppd w/ the mppe patch (40/128bit) and a 2.3.28 kernel. Everything seems to work as far as connecting the two machines together with the VPN link, but neither side of the tunnel can ping the "remote ip address" on the other side. I included all of the settings in my configuration files below. I hope someone can help me get this working. options file: debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless pptpd.conf debug localip 192.168.0.100-110 remoteip 192.168.1.100-110 Default routing table before vpn link Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 206.58.2.194 0.0.0.0 255.255.255.255 UH 40 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo 0.0.0.0 206.58.2.194 0.0.0.0 UG 40 0 0 ppp0 Both 192.168.0.180 and 192.168.1.180 are bound to the eth0 device -Nick Jones nickj at Power-Networking.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From andre at direct.a2000.nl Wed Nov 24 00:57:58 1999 From: andre at direct.a2000.nl (andre) Date: Wed Nov 24 00:57:58 1999 Subject: [pptp-server] VPN Message-ID: <199911240757.IAA00780@surfbeast.nl.eu.org> Hello everybody, I have a problem with windows networking over VPN. I have installed samba as WINS server and made a virtual ip adres. VPN PPP 192.168.0.10-20 192.168.1.1 192.168.0.1(virtual) If i login on VPN server (client ip 192.168.0.10, wins 192.168.0.1 (virtual)) I can't find any stations on microsoft networking. what do i wrong ? The server answers with a wrong ip. nr. 17:33:51.865688 192.168.0.10.netbios-ns > 192.168.0.1.netbios-ns: udp 68 17:33:51.867469 192.168.1.3.netbios-ns > 192.168.0.10.netbios-ns: udp 62 17:33:51.877180 192.168.0.10.netbios-ns > 192.168.0.1.netbios-ns: udp 68 17:33:51.878613 192.168.1.3.netbios-ns > 192.168.0.10.netbios-ns: udp 62 17:33:51.890640 192.168.0.10.netbios-ns > 192.168.0.1.netbios-ns: udp 68 Here are the configuration files. ++++ /sbin/ifconfig ++++ eth0 Link encap:Ethernet HWaddr 00:60:08:73:E2:B3 inet addr:62.108.6.142 Bcast:62.108.7.255 Mask:255.255.254.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:50427 errors:8 dropped:0 overruns:9 frame:8 TX packets:24483 errors:0 dropped:0 overruns:0 carrier:0 collisions:232 txqueuelen:100 Interrupt:10 Base address:0x300 eth1 Link encap:Ethernet HWaddr 00:00:E8:CC:7C:14 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:44606 errors:0 dropped:0 overruns:0 frame:0 TX packets:66572 errors:0 dropped:0 overruns:0 carrier:0 collisions:485 txqueuelen:100 Interrupt:5 Base address:0x280 eth1:0 Link encap:Ethernet HWaddr 00:00:E8:CC:7C:14 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:5 Base address:0x280 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:45 errors:0 dropped:0 overruns:0 frame:0 TX packets:45 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.1.3 P-t-P:192.168.0.10 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:235 errors:0 dropped:0 overruns:0 frame:0 TX packets:133 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 +++++++++ ++++ ppp/options ++++ lock name surfbeast netmask 255.255.255.0 debug auth require-chap proxyarp ms-wins 192.168.0.1 ++++++++++++++++++++ ++++ pptpd.conf ++++ speed 115200 localip 192.168.1.3 remoteip 192.168.0.10-20 +++++++++++++++++++ ++++ smb.conf +++++ [global] workgroup = ATRSERVER log file = /var/log/samba/log.%m remote announce = 192.168.0.255/ATR max log size = 50 socket options = TCP_NODELAY netbios name = SURFBEAST keepalive = 30 dns proxy = No encrypt passwords = Yes server string = ANDRE wins support = true domain logons = yes domain master = yes preferred master = yes +++++++++++++++++++ From a.waller at webpoint.at Wed Nov 24 02:12:29 1999 From: a.waller at webpoint.at (Alexander Waller) Date: Wed Nov 24 02:12:29 1999 Subject: [pptp-server] Basics Message-ID: Hi ! Can anyone tell me where I can get basics for pptp. I need informations on building a vpn from a dialup-user over Internet to my local network, which is permanently connected to the internet. Tnkx. +------------------------------------------+ + Alex Waller + + WebPoint + + Internet-Services + + A-6840 G?tzis + + Mobil +43 676 4121128 + + http://www.webpoint.at + +------------------------------------------+ PGP-KEY : http://city.webpoint.at/pgp/pgp_aw.htm From vish at gn.gtsl.co.in Wed Nov 24 05:14:46 1999 From: vish at gn.gtsl.co.in (Vishwanath Paranjape) Date: Wed Nov 24 05:14:46 1999 Subject: [pptp-server] Basics Message-ID: <1.5.4.32.19991124164449.008e4cb0@95.45.5.77> dear alex you will be able to get the info in the white papers published by microsoft "understanding pptp" and "installation,configuration of VPN using Microsoft WIndowsNT server " regards vishwanath At 09:10 AM 11/24/99 +0100, Alexander Waller wrote: > >Hi ! >Can anyone tell me where I can get basics for pptp. I need informations on >building a vpn from a dialup-user over Internet to my local network, which >is permanently connected to the internet. > >Tnkx. > >+------------------------------------------+ >+ Alex Waller + >+ WebPoint + >+ Internet-Services + >+ A-6840 G?tzis + >+ Mobil +43 676 4121128 + >+ http://www.webpoint.at + >+------------------------------------------+ > >PGP-KEY : http://city.webpoint.at/pgp/pgp_aw.htm > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > From thierry at sendar.prophecy.lu Wed Nov 24 06:44:27 1999 From: thierry at sendar.prophecy.lu (Thierry Coutelier) Date: Wed Nov 24 06:44:27 1999 Subject: [pptp-server] More IP's Message-ID: Greetings, I use pptp to implement High Speed Satelitte Internet. The users have static IP addresses in the range of 192.168.0.2 to 192.168.255.254 How can i configure this range ? Another Question: Is there a patch to identify users using an Oracle DataBase or radius or can I call a script to identify users ? thanks for your help. -- Thierry.Coutelier at linux.lu http://www.prophecy.lu http://www.mud.lu http://www.linux.lu http://www.games.lu ... From chavant at geosys.fr Wed Nov 24 07:42:59 1999 From: chavant at geosys.fr (jean-Paul Chavant) Date: Wed Nov 24 07:42:59 1999 Subject: [pptp-server] problem using pptp ... Message-ID: <000701bf3681$2d953ee0$7d03a8c0@pcjpc> Hello, on linux box with 2.2.13 kernel i patch suuccesfull i compiled my kernel (because it doens t haveloadable module activated) i compiled ppp 2.3.8 with mppe patch and i made these commands : [root at vpn distant]# cd /usr/src/linux [root at vpn linux]# rmmod ppp [root at vpn linux]# insmod slhc /lib/modules/2.2.13-7mdk/net/slhc.o: a module named slhc already exists [root at vpn linux]# insmod ppp [root at vpn linux]# insmod bsd comp insmod: bsd: no module by that name found [root at vpn linux]# insmod ppp deflate here nothing else ... system is blocked ... I have to do a CRTL-C to stop the operation ... Next i compiled pptp-1.0.0 ... no problem. My question is : - is pppd invoqued by pptpd or it had to be launched at start up or by inetd ? - pptpd have to be launched at the start up or by inetd ? - when i launched pptpd i have this message : No free connection slots or IPs available - no more client can connect ! There is a response oin the pptp FAQ but i don't understand ... what i have to do ? Finally, when i connect to my vpn server with win95 (with DUN1.3) i have this message : Error 629 : you have been disconnected from the computer you dialed ... etc ... Can you help me please ? Thanks. Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From nickj at Power-Networking.net Wed Nov 24 08:51:09 1999 From: nickj at Power-Networking.net (Nick Jones) Date: Wed Nov 24 08:51:09 1999 Subject: [pptp-server] Connection but no connection References: <51E5E026247AD2118CDD0008C74CC2DD5F1407@bra0070ms1.bra.xerox.com> Message-ID: <002a01bf368b$aade1b60$0200a8c0@PowerNetworking.net> Yeah. I do have ip forwarding enabled. The box is also acting as a firewall and a gateway for my internal network using IP Masq. ----- Original Message ----- From: Toktar, Emir To: 'Nick Jones' Sent: Wednesday, November 24, 1999 3:20 AM Subject: RE: [pptp-server] Connection but no connection > [options file] > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > ## proxyarp isen?t here? > > > ip forwarding is enabled ? > > [pptpd.conf] > debug > localip 192.168.0.100-110 > remoteip 192.168.1.100-110 > > > > Regards > > Emir Toktar > > +55 (**41) 340-7157 > emir.toktar at bra.xerox.com > toktar at per.com.br > toktar at ppgia.pucpr.br > > > > -----Original Message----- > From: Nick Jones [mailto:nickj at Power-Networking.net] > Sent: Wednesday, November 24, 1999 4:16 AM > To: PPTP Mailing List > Subject: [pptp-server] Connection but no connection > > > Hey everyone. I finally got the PPTPd server to allow clients to connect w/ > 2.3.10 pppd w/ the mppe patch (40/128bit) and a 2.3.28 kernel. Everything > seems to work as far as connecting the two machines together with the VPN > link, but neither side of the tunnel can ping the "remote ip address" on the > other side. I included all of the settings in my configuration files below. > I hope someone can help me get this working. > > options file: > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > pptpd.conf > debug > localip 192.168.0.100-110 > remoteip 192.168.1.100-110 > > Default routing table before vpn link > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt > Iface > 206.58.2.194 0.0.0.0 255.255.255.255 UH 40 0 0 > ppp0 > 192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 > 192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 > eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo > 0.0.0.0 206.58.2.194 0.0.0.0 UG 40 0 0 > ppp0 > > Both 192.168.0.180 and 192.168.1.180 are bound to the eth0 device > > > -Nick Jones > nickj at Power-Networking.net > From neale at lowendale.com.au Wed Nov 24 14:57:40 1999 From: neale at lowendale.com.au (Neale Banks) Date: Wed Nov 24 14:57:40 1999 Subject: [pptp-server] More IP's In-Reply-To: Message-ID: On Wed, 24 Nov 1999, Thierry Coutelier wrote: > I use pptp to implement High Speed Satelitte Internet. > The users have static IP addresses in the range of > 192.168.0.2 to 192.168.255.254 > > How can i configure this range ? Not sure what you are asking here: do you mean that you need to assign a specific IP address based on the username? > Another Question: > Is there a patch to identify users using an Oracle DataBase > or radius or can I call a script to identify users ? The authentication is done by ppp (NOT by pptp) - have a look at using a PAM-aware pppd. HTH, Neale. From tmk at netmagic.net Wed Nov 24 19:15:56 1999 From: tmk at netmagic.net (tmk) Date: Wed Nov 24 19:15:56 1999 Subject: [pptp-server] problem using pptp ... References: <000701bf3681$2d953ee0$7d03a8c0@pcjpc> Message-ID: <001a01bf36e2$eee29a00$071c0fc0@lala.net> > [root at vpn distant]# cd /usr/src/linux > [root at vpn linux]# rmmod ppp > [root at vpn linux]# insmod slhc > /lib/modules/2.2.13-7mdk/net/slhc.o: a module named slhc already exists > [root at vpn linux]# insmod ppp > [root at vpn linux]# insmod bsd comp > insmod: bsd: no module by that name found > [root at vpn linux]# insmod ppp deflate uh, it should be insmod bsd_comp and insmod ppp_deflate > - is pppd invoqued by pptpd or it had to be launched at start up or by inetd pppd is automatically invoked by pptpd > - pptpd have to be launched at the start up or by inetd ? > - when i launched pptpd i have this message : > > No free connection slots or IPs available - no more client can connect ! you have not set up a configuration file. I recommend you read the faq on the site and either pass command line arguments to the program or use a configuration file (/etc/pptpd.conf i believe.. there is a sample one included in the source tree) Kevin > Finally, when i connect to my vpn server with win95 (with DUN1.3) i have > this message : > > Error 629 : you have been disconnected from the computer you dialed ... etc i think fixing the above will solve this problem Kevin From tmk at netmagic.net Wed Nov 24 19:16:49 1999 From: tmk at netmagic.net (tmk) Date: Wed Nov 24 19:16:49 1999 Subject: [pptp-server] More IP's References: Message-ID: <002401bf36e3$0b7730e0$071c0fc0@lala.net> not sure what you mean by configure the range. can you be more specific about the problems you are having and the goal of your setup? Kevin ----- Original Message ----- From: Thierry Coutelier To: Sent: Wednesday, November 24, 1999 4:43 AM Subject: [pptp-server] More IP's > > Greetings, > > I use pptp to implement High Speed Satelitte Internet. > The users have static IP addresses in the range of > 192.168.0.2 to 192.168.255.254 > > How can i configure this range ? > > Another Question: > Is there a patch to identify users using an Oracle DataBase > or radius or can I call a script to identify users ? > > thanks for your help. > > -- > Thierry.Coutelier at linux.lu > http://www.prophecy.lu http://www.mud.lu > http://www.linux.lu http://www.games.lu ... > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From toktar at per.com.br Wed Nov 24 19:34:15 1999 From: toktar at per.com.br (Emir Toktar) Date: Wed Nov 24 19:34:15 1999 Subject: Fw: [pptp-server] problem using pptp ... Message-ID: <007301bf36e5$a0886fd0$010010ac@crypto.net> Subject: [pptp-server] problem using pptp ... | My question is : | - is pppd invoqued by pptpd or it had to be launched at start up or by | inetd ? | - pptpd have to be launched at the start up or by inetd ? TIP: I'm using "strace [options]" to follow the sequence. For example: $ strace -p 708 ## 708 is pid of the pptpd that is active | - when i launched pptpd i have this message : | No free connection slots or IPs available - no more client can connect ! | There is a response oin the pptp FAQ but i don't understand ... what i | have to do ? When I had this problem, I was using NT and hadn't setting exclusion range from my NT Server (this must be set if you had been DHCP). | Finally, when i connect to my vpn server with win95 (with DUN1.3) i have | this message : | | Error 629 : you have been disconnected from the computer you dialed ... | ... Errors 650 629 645 ... 646 ERROR_RESTRICTED_LOGON_HOURS 647 ERROR_ACCT_DISABLED 648 ERROR_PASSWD_EXPIRED 649 ERROR_NO_DIALIN_PERMISSION 691 ERROR_AUTHENTICATION_FAILURE 709 ERROR_CHANGING_PASSWORD When I had this problem, I saw any mistakes in my configuration. Look at [options file] lock name server123 # must be same in chap-secrets +chap proxyarp ... [chap-secrets file] #client server secret IP addresses userA server123 userSecret * and in your dialup Win95 box: login : userA passwd: userSecret domain: let blank or 'IP VPN' or 'server123' I usually did it with a blank option (my preference...) Regards Emir | _______________________________________________ | pptp-server maillist - pptp-server at lists.schulte.org | http://lists.schulte.org/mailman/listinfo/pptp-server | List services provided by www.schulte.org! | From Thierry.Coutelier at prophecy.lu Thu Nov 25 01:18:23 1999 From: Thierry.Coutelier at prophecy.lu (Thierry Coutelier) Date: Thu Nov 25 01:18:23 1999 Subject: [pptp-server] More IP's References: Message-ID: <383CE29D.18C2EB3A@prophecy.lu> Neale Banks wrote: > > On Wed, 24 Nov 1999, Thierry Coutelier wrote: > > > I use pptp to implement High Speed Satelitte Internet. > > The users have static IP addresses in the range of > > 192.168.0.2 to 192.168.255.254 > > > > How can i configure this range ? > > Not sure what you are asking here: do you mean that you need to assign a > specific IP address based on the username? > Each user has an IP address configured in his pptp client. In the /etc/pptp.conf file I have to give the range of addresses in the form: remoteip 192.168.0.2-254,192.168.1.0-254,...... In the ppp/options I have ipcp-accept-remote Did I missunderstand the remotip tag ? > HTH, > Neale. From chavant at geosys.fr Thu Nov 25 06:30:03 1999 From: chavant at geosys.fr (jean-Paul Chavant) Date: Thu Nov 25 06:30:03 1999 Subject: [pptp-server] problems installing pptp Message-ID: <000201bf3740$1bc51a40$7d03a8c0@pcjpc> Hello, When i compile ppp-2.3.8 with patch (SSL & mppe) & pptp-1.0.0 i can't connect to my vpn server. So i install ppp-2.3.8.rpm & pptp-1.0.0.rpm and ... now i can connect to my vpn server. I would like to know few things : - how to know if password and data encryption works fine ? - my client IP client is 192.168.3.125 and my vpnserver IP is 192.168.3.251. The default gateway of my client is 192.168.3.1 and when i try to ping the vpn LAN (localip = 192.168.5.230-240 / remoteip=192.168.6.230-240) it doesn't work ... my client uses it default gateway. Is there a way to keep the default gateway and ping the vpn LAN (vpn IP) ? Jean-Paul Chavant _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From gordon at hortauto.co.nz Thu Nov 25 16:10:28 1999 From: gordon at hortauto.co.nz (Gordon Smith) Date: Thu Nov 25 16:10:28 1999 Subject: [pptp-server] Kernel modules Message-ID: <9911261113570X.14440@gordon.hal> Hi all, Can anyone help with this error? I'm running openssl 0.9.4, pptp 1.0.0 and ppp-2.3.10 All compiled successfully. Kernel is 2.2.13 Here's the log: Nov 26 10:17:18 homer pptpd[761]: CTRL: Client 192.168.0.13 control connection started Nov 26 10:17:18 homer pptpd[761]: CTRL: Starting call (launching pppd, opening GRE) Nov 26 10:17:18 homer modprobe: can't locate module char-major-108 Nov 26 10:17:27 homer pptpd[761]: CTRL: Error with select(), quitting Nov 26 10:17:27 homer pptpd[761]: CTRL: Client 192.168.0.13 control connection finished I've loaded all the modules as per the HowTo/FAQ. I have no idea what the modprobe error is :-( -- Gordon Smith, MCP, TCP Network Administrator Compac Sorting Equipment Ltd. From muth at CS.Arizona.EDU Thu Nov 25 17:18:31 1999 From: muth at CS.Arizona.EDU (robert@muth.org) Date: Thu Nov 25 17:18:31 1999 Subject: [pptp-server] problems connecting to ms pptp server Message-ID: Hi: This is a more pptp client related question but it has some relevance for pptp servers as well. I am trying to create a pptp tunnel from my linux box to an ms pptp server using Paul Cadach's patched ppp 2.3.5 and Scott Ananian's pptp client (with a minor patch). I have succesfully established a connection and was even able to log in through the tunnel but as soon as pptp connection drops a paket my connection hangs. This is probably because my ppp connection was established as "stateful" encrypted. It seems that the server is not offering "stateless encrypted" and unfortunately I am not in charge of the server. I see two solutions to my problem 1) obtain/write a pptp client that works on top of tcp rather than ip My question: does this already exist? 2) Try to exploit the following feature which I cannot explain: When the server suggest a ccp compression method it sends --- see below for the full log. Now 61=40+20+1, I can explain 40 and 20 but not the 1. I suspect that this could mean stateless as well. Can anybody explain the 1? BTW: I tried ppp-2.3.8 andnot even establish as connection --- ccp failed (even with another patch). I'll try ppp-2.3.10 next. Robert Nov 25 17:23:30 dsl syslogd 1.3-3: restart. Nov 25 17:23:48 dsl pppd[1572]: pppd 2.3.5 started by root, uid 0 Nov 25 17:23:48 dsl pppd[1572]: Using interface ppp0 Nov 25 17:23:48 dsl pppd[1572]: Connect: ppp0 <--> /dev/ttya0 Nov 25 17:23:48 dsl pppd[1572]: sent [LCP ConfReq id=0x1 ] Nov 25 17:23:48 dsl pppd[1572]: fsm_sdata(LCP): Sent code 1, id 1. Nov 25 17:23:48 dsl pppd[1572]: Timeout 804c534:806de40 in 3 seconds. Nov 25 17:23:48 dsl pppd[1572]: LCP: sending Configure-Request, id 1 Nov 25 17:23:50 dsl pppd[1572]: rcvd [LCP ConfReq id=0x0 ] Nov 25 17:23:50 dsl pppd[1572]: fsm_rconfreq(LCP): Rcvd id 0. Nov 25 17:23:50 dsl pppd[1572]: lcp_reqci: rcvd AUTHTYPE Nov 25 17:23:50 dsl pppd[1572]: (c223) Nov 25 17:23:50 dsl pppd[1572]: (ACK) Nov 25 17:23:50 dsl pppd[1572]: lcp_reqci: rcvd MAGICNUMBER Nov 25 17:23:50 dsl pppd[1572]: (6c1c) Nov 25 17:23:50 dsl pppd[1572]: (ACK) Nov 25 17:23:50 dsl pppd[1572]: lcp_reqci: rcvd PCOMPRESSION Nov 25 17:23:50 dsl pppd[1572]: (ACK) Nov 25 17:23:50 dsl pppd[1572]: lcp_reqci: rcvd ACCOMPRESSION Nov 25 17:23:50 dsl pppd[1572]: (ACK) Nov 25 17:23:50 dsl pppd[1572]: lcp_reqci: returning CONFACK. Nov 25 17:23:50 dsl pppd[1572]: sent [LCP ConfAck id=0x0 ] Nov 25 17:23:50 dsl pppd[1572]: fsm_sdata(LCP): Sent code 2, id 0. Nov 25 17:23:50 dsl pppd[1572]: rcvd [LCP ConfAck id=0x1 ] Nov 25 17:23:50 dsl pppd[1572]: fsm_rconfack(LCP): Rcvd id 1. Nov 25 17:23:50 dsl pppd[1572]: Untimeout 804c534:806de40. Nov 25 17:23:51 dsl pppd[1572]: rcvd [CHAP Challenge id=0x60 , name = ""] Nov 25 17:23:51 dsl pppd[1572]: ChapReceiveChallenge: Rcvd id 96. Nov 25 17:23:51 dsl pppd[1572]: ChapReceiveChallenge: received name field '' Nov 25 17:23:51 dsl pppd[1572]: ChapReceiveChallenge: using 'PPTP-Hou01' as remote name Nov 25 17:23:51 dsl pppd[1572]: sent [CHAP Response id=0x60 , name = "yyy\\xxx"] Nov 25 17:23:51 dsl pppd[1572]: Timeout 80524dc:806e120 in 3 seconds. Nov 25 17:23:51 dsl pppd[1572]: rcvd [CHAP Success id=0x60 "S=2E8ACE343517B30155185836456DD9C6FECEB98E"] Nov 25 17:23:51 dsl pppd[1572]: ChapReceiveSuccess: Rcvd id 96. Nov 25 17:23:51 dsl pppd[1572]: Untimeout 80524dc:806e120. Nov 25 17:23:51 dsl pppd[1572]: Remote message: S=2E8ACE343517B30155185836456DD9C6FECEB98E Nov 25 17:23:51 dsl pppd[1572]: sent [IPCP ConfReq id=0x1 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_sdata(IPCP): Sent code 1, id 1. Nov 25 17:23:51 dsl pppd[1572]: Timeout 804c534:806e0a0 in 3 seconds. Nov 25 17:23:51 dsl pppd[1572]: IPCP: sending Configure-Request, id 1 Nov 25 17:23:51 dsl pppd[1572]: sent [CCP ConfReq id=0x1 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_sdata(CCP): Sent code 1, id 1. Nov 25 17:23:51 dsl pppd[1572]: Timeout 804c534:806e1e0 in 3 seconds. Nov 25 17:23:51 dsl pppd[1572]: CCP: sending Configure-Request, id 1 Nov 25 17:23:51 dsl pppd[1572]: rcvd [CCP ConfReq id=0x1 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_rconfreq(CCP): Rcvd id 1. Nov 25 17:23:51 dsl pppd[1572]: sent [CCP ConfNak id=0x1 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_sdata(CCP): Sent code 3, id 1. Nov 25 17:23:51 dsl pppd[1572]: rcvd [IPCP ConfReq id=0x2 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_rconfreq(IPCP): Rcvd id 2. Nov 25 17:23:51 dsl pppd[1572]: ipcp: received ADDR Nov 25 17:23:51 dsl pppd[1572]: (172.18.207.1) Nov 25 17:23:51 dsl pppd[1572]: (ACK) Nov 25 17:23:51 dsl pppd[1572]: ipcp: returning Configure-ACK Nov 25 17:23:51 dsl pppd[1572]: sent [IPCP ConfAck id=0x2 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_sdata(IPCP): Sent code 2, id 2. Nov 25 17:23:51 dsl pppd[1572]: rcvd [IPCP ConfRej id=0x1 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_rconfnakrej(IPCP): Rcvd id 1. Nov 25 17:23:51 dsl pppd[1572]: Untimeout 804c534:806e0a0. Nov 25 17:23:51 dsl pppd[1572]: sent [IPCP ConfReq id=0x2 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_sdata(IPCP): Sent code 1, id 2. Nov 25 17:23:51 dsl pppd[1572]: Timeout 804c534:806e0a0 in 3 seconds. Nov 25 17:23:51 dsl pppd[1572]: IPCP: sending Configure-Request, id 2 Nov 25 17:23:51 dsl pppd[1572]: rcvd [CCP ConfNak id=0x1 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_rconfnakrej(CCP): Rcvd id 1. Nov 25 17:23:51 dsl pppd[1572]: Untimeout 804c534:806e1e0. Nov 25 17:23:51 dsl pppd[1572]: sent [CCP ConfReq id=0x2 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_sdata(CCP): Sent code 1, id 2. Nov 25 17:23:51 dsl pppd[1572]: Timeout 804c534:806e1e0 in 3 seconds. Nov 25 17:23:51 dsl pppd[1572]: CCP: sending Configure-Request, id 2 Nov 25 17:23:51 dsl pppd[1572]: rcvd [CCP ConfReq id=0x3 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_rconfreq(CCP): Rcvd id 3. Nov 25 17:23:51 dsl pppd[1572]: sent [CCP ConfAck id=0x3 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_sdata(CCP): Sent code 2, id 3. Nov 25 17:23:51 dsl pppd[1572]: rcvd [IPCP ConfNak id=0x2 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_rconfnakrej(IPCP): Rcvd id 2. Nov 25 17:23:51 dsl pppd[1572]: local IP address 172.18.207.5 Nov 25 17:23:51 dsl pppd[1572]: Untimeout 804c534:806e0a0. Nov 25 17:23:51 dsl pppd[1572]: sent [IPCP ConfReq id=0x3 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_sdata(IPCP): Sent code 1, id 3. Nov 25 17:23:51 dsl pppd[1572]: Timeout 804c534:806e0a0 in 3 seconds. Nov 25 17:23:51 dsl pppd[1572]: IPCP: sending Configure-Request, id 3 Nov 25 17:23:51 dsl pppd[1572]: rcvd [CCP ConfAck id=0x2 ] Nov 25 17:23:51 dsl pppd[1572]: fsm_rconfack(CCP): Rcvd id 2. Nov 25 17:23:51 dsl pppd[1572]: Untimeout 804c534:806e1e0. Nov 25 17:23:51 dsl pppd[1572]: MPPE compression enabled Nov 25 17:23:52 dsl pppd[1572]: rcvd [IPCP ConfAck id=0x3 ] Nov 25 17:23:52 dsl pppd[1572]: fsm_rconfack(IPCP): Rcvd id 3. Nov 25 17:23:52 dsl pppd[1572]: Untimeout 804c534:806e0a0. Nov 25 17:23:52 dsl pppd[1572]: ipcp: up Nov 25 17:23:52 dsl pppd[1572]: local IP address 172.18.207.5 Nov 25 17:23:52 dsl pppd[1572]: remote IP address 172.18.207.1 Nov 25 17:23:52 dsl pppd[1572]: Script /etc/ppp/ip-up started; pid = 1573 From P.J.Reid at earthling.net Fri Nov 26 10:53:32 1999 From: P.J.Reid at earthling.net (Patrick Reid) Date: Fri Nov 26 10:53:32 1999 Subject: [pptp-server] NetLogon and VPN/DUN In-Reply-To: <9911261113570X.14440@gordon.hal> Message-ID: I have pptp 1.0, pppd 2.3.8 with appropriate mods for encryption etc. and SAMBA set-up on my Linux server. All seems to work properly, including browsing of shared directories, with only one problem: my logon script doesn't run. When I connect on my local LAN, a script runs from the "netlogon" share, setting the time and mapping a couple of shares. When I dial in to my ISP and set up a PPTP session, however, this logon script doesn't run. Is there any way to get that functionality back? Also, is there any way to get Windows to dial a default DUN connection when I start my VPN connection? It's kind of a pain to have to separately launch each of these. Patrick From JordanR7 at aol.com Fri Nov 26 11:41:09 1999 From: JordanR7 at aol.com (JordanR7 at aol.com) Date: Fri Nov 26 11:41:09 1999 Subject: [pptp-server] pptpd-1.0.0: 128-bit encryption not working Message-ID: <0.b0e043e3.25702029@aol.com> Hi, I've searched the PoPToP FAQ, and recompiled and reinstalled ppp & pptpd over and over, but I still can't get 128-bit encryption to work properly. I'm using pptpd-1.0.0, ppp-2.3.8 with the MPPE patch, and SSLeay-0.6.6b. My /etc/ppp/options is as follows: lock # options added for poptop debug name servername auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 #mppe-128 mppe-stateless Everything appears to work normally -- connections can be made from both Windows 98 and Windows NT 4.0 clients. When a Windows 98 client with "Require data encryption" enabled connects, I get this message in the log: pppd[14765]: MPPE 40 bit, stateless receive compression enabled so it appears 40-bit encryption is functional. Problem is, when I remove the hash mark from behind "mppe-128" so that I can use 128-bit encryption, the Windows 98 client cannot connect. It says: "The computer you're dialing in to does not support the data encryption requirements specified. Please check your encryption settings in the properties of the connection. If this problem persists, contact your network administrator." Isn't 128-bit encryption supposed to be supported out the box with the MPPE patch? Is there further configuration required to enable 128-bit encryption on the PoPToP server? The Windows 98 & NT client machines do have the appropriate 128-bit encryption patches, and are able to successfully connect to "128-bit required" NT-based PPTP servers. P.S. I did have to edit one file -- ppp_mppe.c -- in order to get the ppp_mppe module to compile correctly. It had a line #include "rc4_skey.c". I don't have this file anywhere on my system (it doesn't come with SSLeay-0.6.6b), so I commented the line out, and then it was able compile successfully. Could that have anything to do with 128-bit encryption not working? Thanks very much in advance! Jordan Russell From JordanR7 at aol.com Fri Nov 26 14:08:29 1999 From: JordanR7 at aol.com (JordanR7 at aol.com) Date: Fri Nov 26 14:08:29 1999 Subject: [pptp-server] Re: pptpd-1.0.0: 128-bit encryption not working Message-ID: <0.a8ccb416.257042ad@aol.com> Please disregard my last request for help. I *thought* I had ppp compiled as a module, but it turns out it was compiled in the kernel, so a recompile of the kernel and a reboot was required. Now 128-bit encryption works. Strange though how 40-bit encryption was working fine... Jordan Russell -------------- next part -------------- An embedded message was scrubbed... From: JordanR7 at aol.com Subject: pptpd-1.0.0: 128-bit encryption not working Date: Fri, 26 Nov 1999 12:40:57 EST Size: 2295 URL: From thierry at sendar.prophecy.lu Fri Nov 26 16:53:18 1999 From: thierry at sendar.prophecy.lu (Thierry Coutelier) Date: Fri Nov 26 16:53:18 1999 Subject: [pptp-server] Desperated Please Help. Message-ID: Greetings, I'm now 42 hours behind my box and I'm realy desperate. I have a linux box kernel 2.3.20 with latest pptp and pppd which works fine. Now I have to configure the same system on another box which has Intel cards (I can't use others :( ). 2.3.20 does not support this card so I had to use a more resent kernel 2.2.25 (tried 2.3.21, 2.3.29) but there i can't get the pptp to work. I tried everything (routing, gre options, pppd versions) but I can't get any single pack to go out on the correct interface. The ppp connection works fine. I'm able to identify the remote user and I'm able to see he uses the correct address .... In Debugging mode I see all the nice GRE packets going in and out of my eth0 interface and on my ppp0 interface i see the request: 00:46:24.890161 < 192.168.0.2 > ns1.pt.lu: icmp: echo request 00:46:29.387209 < 192.168.0.2 > ns1.pt.lu: icmp: echo request 00:46:33.893303 < 192.168.0.2 > ns1.pt.lu: icmp: echo request 00:46:38.386672 < 192.168.0.2 > ns1.pt.lu: icmp: echo request 00:46:42.887537 < 192.168.0.2 > ns1.pt.lu: icmp: echo request 5 packets received by filter On eth0: [root at pptp /home/ftp]# tcpdump -i eth0 Kernel filter, protocol ALL, datagram packet socket tcpdump: listening on eth0 00:47:26.878094 < gre-proto-0x880B (gre encap) 00:47:26.878246 > [|gre] (gre encap) 00:47:31.377968 < gre-proto-0x880B (gre encap) 00:47:31.378045 > [|gre] (gre encap) 00:47:35.878382 < gre-proto-0x880B (gre encap) 00:47:35.878455 > [|gre] (gre encap) As of my routing (which works well) I don't see a single request going out :(((( As I'm realy completly helpless If you want to see more iformation you may connect to the IP : 212.56.231.69 User: thierry Password: temp01 root's password is temp01 too. I need to have it working for tomorow evening and that's about 18hours left. -- Thierry.Coutelier at linux.lu http://www.linux.lu From thierry at sendar.prophecy.lu Sat Nov 27 06:38:15 1999 From: thierry at sendar.prophecy.lu (Thierry Coutelier) Date: Sat Nov 27 06:38:15 1999 Subject: [pptp-server] RE: previous request Message-ID: IT WORKS !! The problem was neither with kernel, ppptp or pppd. It had to be with the Network card and the switch ans some CAM (MAC routing) that somehow just did not forward the traffic. I had to change the network CARDS (stole some from other server), change the IP address and reset the switch. After some days sleep I will try to reposuce the error on some other system If you relied to the list I could not get the message. Seems I don't recieve the messages from the list (perhaps because my e-mail addy was not reachable for some time) Good night (hum it's day now again) -- Thierry.Coutelier at prophecy.lu http://www.prophecy.lu http://www.mud.lu http://www.linux.lu http://www.games.lu ... From joakim at island.liu.se Sun Nov 28 05:45:11 1999 From: joakim at island.liu.se (Joakim Franzen) Date: Sun Nov 28 05:45:11 1999 Subject: [pptp-server] Using encrypted passwords in the chap-secrets file Message-ID: <384115E8.31F59C7F@island.liu.se> Has anyone managed to use either a hashed SAMBA password or even better, encrypted password from the passwd file. Since we have approx 1500 users I need to use either hashed or encrypted passwords, creating a chap-secrets file with cleartext passwords is not an option. Another problem I'm having (which I have seen other people on the mailing list asking about as well) is to force "Require encrypted data". As it is now +chap-msxxx only forces encrypted passwords, but the user can still connect without using data encryption if they configure their Win client incorrectly. This means that all data will be send in clear text including any passwords (samba, telnet, ftp etc.). Has anyone managed to find a solution for this? //Joakim ------------------------------------------------------------- Joakim Franzen Tel : 013-21 22 54 Tegskiftesg 105 Fax : 013-21 22 34 583 34 Link?ping Mob : 070-772 80 36 Sweden joakim at island.liu.se Systems Administrator Link?ping Institute of Technology From rewt at Royfamily.com Sun Nov 28 08:08:23 1999 From: rewt at Royfamily.com (Brian 0. Roy) Date: Sun Nov 28 08:08:23 1999 Subject: [pptp-server] Error during connection with pptpd Message-ID: <38413A7C.A7FADCD8@Royfamily.com> Hey Guys, Hopefully someone here can help me with my problem. I first had a RedHat 6.0 box that I have been running fine for about 6 months. It had pptpd running great, and to the best of my knowledge, it was very easy to install. Well we got new hardware to replace that box, so we decided to go ahead and upgrade to RH 6.1. After completeing most of the initial setup I found time to load poptop. I decided to use the RPM package this time. Everything seemed to install fine and no failed dependencies. Time to test.... I started trying to test with my clients, and authentication was failing, and connections failing. So I took off any authentication. Now I get the same error as you can see down below. Well I have been disgusted with RPM's in the past, so I uninstalled it, and went the compiled route. One thing I did notice about the rpm was that it put the pptpd in /usr/sbin/ rather than /usr/local/sbin. Put the program seemed to work. After doing the make install, I seemed to be in worse shape. It didn't get as far as the rpm version did. So I thought maybe it was the ppp version I had on it. I then unistalled the ppp version that was on there, and downgraded to 2.3.7-2 And still recieving the same error. Hopefully someone can look at the error below and maybe know what is going on... If anyone needs more information please email me, and I can provide. I have spent more hours on this than I need to :/ Thanks in advance, Brian O Roy Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: local address = 192.168.0.234 Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: remote address = 192.168.1.234 Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: pppd speed = 115200 Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: Client 24.2.121.24 control connection started Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: Received PPTP Control Message (type: 1) Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: Made a START CTRL CONN RPLY packet Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: I wrote 156 bytes to the client. Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: Sent packet to client Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: Received PPTP Control Message (type: 7) Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: Set parameters to 0 maxbps, 16 window size Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: Made a OUT CALL RPLY packet Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: Starting call (launching pppd, opening GRE) Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: pty_fd = 4 Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: tty_fd = 5 Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: I wrote 32 bytes to the client. Nov 28 06:56:02 penguin2 pptpd[1136]: CTRL: Sent packet to client Nov 28 06:56:02 penguin2 pptpd[1137]: CTRL (PPPD Launcher): Connection speed = 115200 Nov 28 06:56:02 penguin2 pptpd[1137]: CTRL (PPPD Launcher): local address = 192.168.0.234 Nov 28 06:56:02 penguin2 pptpd[1137]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Nov 28 06:56:04 penguin2 pppd[1137]: pppd 2.3.7 started by root, uid 0 Nov 28 06:56:04 penguin2 pppd[1137]: Using interface ppp0 Nov 28 06:56:04 penguin2 pppd[1137]: Connect: ppp0 <--> /dev/pts/0 Nov 28 06:56:04 penguin2 pppd[1137]: sent [LCP ConfReq id=0x1 ] Nov 28 06:56:28 penguin2 last message repeated 8 times Nov 28 06:56:31 penguin2 sshd[1141]: log: Connection from 24.2.121.24 port 1023 Nov 28 06:56:31 penguin2 sshd[1141]: log: Could not reverse map address 24.2.121.24. Nov 28 06:56:31 penguin2 pppd[1137]: sent [LCP ConfReq id=0x1 ] Nov 28 06:56:33 penguin2 pptpd[1136]: CTRL: Received PPTP Control Message (type: 12) Nov 28 06:56:33 penguin2 pptpd[1136]: CTRL: Made a CALL DISCONNECT RPLY packet Nov 28 06:56:33 penguin2 pptpd[1136]: CTRL: Received CALL CLR request (closing call) Nov 28 06:56:33 penguin2 pptpd[1136]: CTRL: I wrote 148 bytes to the client. Nov 28 06:56:33 penguin2 pptpd[1136]: CTRL: Sent packet to client Nov 28 06:56:33 penguin2 pptpd[1136]: CTRL: Error with select(), quitting Nov 28 06:56:33 penguin2 pptpd[1136]: CTRL: Client 24.2.121.24 control connection finished Nov 28 06:56:33 penguin2 pptpd[1136]: CTRL: Exiting now Nov 28 06:56:33 penguin2 pppd[1137]: Modem hangup Nov 28 06:56:33 penguin2 pppd[1137]: Connection terminated. Nov 28 06:56:33 penguin2 pppd[1137]: Connect time 0.5 minutes. Nov 28 06:56:33 penguin2 pppd[1137]: Exit. From mfourticq at hotmail.com Sun Nov 28 11:07:13 1999 From: mfourticq at hotmail.com (Mathieu Noel) Date: Sun Nov 28 11:07:13 1999 Subject: [pptp-server] pptp ahd ADSL Message-ID: <19991128170704.12905.qmail@hotmail.com> I have an ADSL modem connected on my network. It has a local IP adress (10.0.0.138). I don't really know how to use pptp-server to connect to my provider. It works with windows pptp client connection but I don't know how to configure it under linux. Can you help. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com From frederic.soulier at sxb.bsf.alcatel.fr Mon Nov 29 02:05:46 1999 From: frederic.soulier at sxb.bsf.alcatel.fr (Fr?d?ric SOULIER) Date: Mon Nov 29 02:05:46 1999 Subject: [pptp-server] pptp ahd ADSL References: <19991128170704.12905.qmail@hotmail.com> Message-ID: <384233CD.663754AD@sxb.bsf.alcatel.fr> Hi, Mathieu Noel wrote: > > I have an ADSL modem connected on my network. It has a local IP adress > (10.0.0.138). hum ... seem to have a Alcatel A1000 ADSL modem there .... >I don't really know how to use pptp-server to connect to my > provider. It works with windows pptp client connection but I don't know how > to configure it under linux. Can you help. Let's try that : 1. Kernel configuration : validate PPP option in kernel config (native or module) 2. Download a recent version of PPP if you don't have and configure it. - For example : ftp://cs.anu.edu.au/pub/software/ppp - Run ./configure and then ./make all; ./make install - edit /etc/ppp/pap-secrets and fill in fields : #client server secret IP adress your_login at your_isp * password * -edit /etc/ppp/options name "your_login at your_isp" noauth noipdefault defaultroute 3. Dowload a recent version of PPTP and install it. - I recommend you to download this version : (patched for A1000 and other bugs) : ftp://ftp.rhapsodyk.net/pub/linux/pptp/pptp-linux-1.0.2-patched.tar.gz 4. Try it ! -pptp 10.0.0.138 BRs, Fred. --------------------------------------------------------------------- Fr?d?ric SOULIER Alcatel Telecom Alcatel Business Systems ***** Technical Direction - ADSL 1 route du Dr Schweitzer *** Phone : +33 (0)3 88 67 76 88 F-67408 ILLKIRCH cedex * e-mail : soulier1 at sxb.bsf.alcatel.fr --------------------------------------------------------------------- From natecars at real-time.com Mon Nov 29 13:42:59 1999 From: natecars at real-time.com (Nate Carlson) Date: Mon Nov 29 13:42:59 1999 Subject: [pptp-server] PPTP Authentication via PAM Message-ID: Hi, Is it possible to have PPTP users authenticated via pam instead of chap-secrets? I'd really prefer to allow my users to have the same password for VPN as e-mail and such. Thanks! -- Nate Carlson | Phone : (612)943-8700 http://www.real-time.com | Fax : (612)943-8500 From tmk at netmagic.net Tue Nov 30 00:38:45 1999 From: tmk at netmagic.net (tmk) Date: Tue Nov 30 00:38:45 1999 Subject: [pptp-server] PPTP Authentication via PAM References: Message-ID: <001401bf3afd$d1f9a900$071c0fc0@lala.net> pptp uses pppd to do the authentication; if you want different login support, go ahead and find the appropriate pppd patches. Kevin ----- Original Message ----- From: Nate Carlson To: PoPToP mailing list Sent: Monday, November 29, 1999 11:42 AM Subject: [pptp-server] PPTP Authentication via PAM > Hi, > > Is it possible to have PPTP users authenticated via pam instead of > chap-secrets? I'd really prefer to allow my users to have the same > password for VPN as e-mail and such. Thanks! > > -- > Nate Carlson | Phone : (612)943-8700 > http://www.real-time.com | Fax : (612)943-8500 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From geoff at gnaa.net Tue Nov 30 00:50:08 1999 From: geoff at gnaa.net (geoff nordli) Date: Tue Nov 30 00:50:08 1999 Subject: [pptp-server] Using encrypted passwords in the chap-secrets file In-Reply-To: <384115E8.31F59C7F@island.liu.se> Message-ID: <009101bf3aff$0f109640$0101a8c0@highwayi.com> I don't think anyone has come up with a solution to force data encryption. If you find something out, please let us know. geoff nordli -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Joakim Franzen Sent: Sunday, November 28, 1999 3:46 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Using encrypted passwords in the chap-secrets file Has anyone managed to use either a hashed SAMBA password or even better, encrypted password from the passwd file. Since we have approx 1500 users I need to use either hashed or encrypted passwords, creating a chap-secrets file with cleartext passwords is not an option. Another problem I'm having (which I have seen other people on the mailing list asking about as well) is to force "Require encrypted data". As it is now +chap-msxxx only forces encrypted passwords, but the user can still connect without using data encryption if they configure their Win client incorrectly. This means that all data will be send in clear text including any passwords (samba, telnet, ftp etc.). Has anyone managed to find a solution for this? //Joakim ------------------------------------------------------------- Joakim Franzen Tel : 013-21 22 54 Tegskiftesg 105 Fax : 013-21 22 34 583 34 Link?ping Mob : 070-772 80 36 Sweden joakim at island.liu.se Systems Administrator Link?ping Institute of Technology _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From macleajb at Trademart-1.EDnet.NS.CA Tue Nov 30 04:33:46 1999 From: macleajb at Trademart-1.EDnet.NS.CA (James B. MacLean) Date: Tue Nov 30 04:33:46 1999 Subject: [pptp-server] PPTP Authentication via PAM In-Reply-To: Message-ID: On Mon, 29 Nov 1999, Nate Carlson wrote: > Hi, > Is it possible to have PPTP users authenticated via pam instead of > chap-secrets? I'd really prefer to allow my users to have the same > password for VPN as e-mail and such. Thanks! > Nate Carlson | Phone : (612)943-8700 Out of the box? I do not know of one. A possible solution, incuding some programming, might be possible. The MS_Chap-v2 spec uses NT-Hashes instead of the clear password for authentication... But that's not how Unix is storing the passwords. Ergo no direct use of /etc/passwd. But if: . Users had an additional pam passwd_change module that synced their Unix with an NTHash file (maybe even rith to /etc/ppp/shap-secrets), possibly using one of the Samba PAM modules? pppd was modified to check this hash area against its 2 challenges to make it's response check, instead of making it into a hash. (maybe do both). . this positive compare resulted in pppd using the hash instead of creating its own as you would not have the actual password. I can see that working. I currently have a basically working PPTP authentication against a modified radius server using the MS_CHAP_v2 handshaking. For me though, a successfull challenge/response by the radius server sends the password (currently clear text) to the NAS (pppd) so that it can be used to make the mppe stream. I am hoping to be able to use pptpd, vtun, and radius to allow users to log in around the province always with _thier_ ip, and always with firewall rules specific to them :). So different people have different access rights on the network, and it's all more secure than telnet :). I figure once I have it running I'll find out it's already been done in a much more robust way :). Hope this atleast peaks you imaginition ;), JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From cwf at infosecana.com Tue Nov 30 13:51:24 1999 From: cwf at infosecana.com (Chuck Flink) Date: Tue Nov 30 13:51:24 1999 Subject: [pptp-server] Using encrypted passwords in the chap-secrets file References: <384115E8.31F59C7F@island.liu.se> Message-ID: <003901bf3b6d$4837e540$8900a8c0@infosecana.com> Someone needs to take the time to dup what NT does re PPTP. NT offers the option of either authenticating relative to NT domain or RADIUS realm. The Linux analog would be to authenticate relative to the password file or RADIUS. I assume the lack of response to Joakim's question indicates this has NOT been done for Linux? ----- Original Message ----- From: "Joakim Franzen" To: Sent: Sunday, November 28, 1999 6:45 AM Subject: [pptp-server] Using encrypted passwords in the chap-secrets file > Has anyone managed to use either a hashed SAMBA password or even > better, encrypted password from the passwd file. Since we have approx > 1500 users I need to use either hashed or encrypted passwords, creating > a chap-secrets file with cleartext passwords is not an option. > > Another problem I'm having (which I have seen other people on the > mailing list asking about as well) is to force "Require encrypted data". > As it is now +chap-msxxx only forces encrypted passwords, but the user > can still connect without using data encryption if they configure their > Win client incorrectly. This means that all data will be send in clear > text including any passwords (samba, telnet, ftp etc.). Has anyone > managed to find a solution for this? > > file://Joakim > > ------------------------------------------------------------- > Joakim Franzen Tel : 013-21 22 54 > Tegskiftesg 105 Fax : 013-21 22 34 > 583 34 Link?ping Mob : 070-772 80 36 > Sweden joakim at island.liu.se > Systems Administrator Link?ping Institute of Technology > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > > From cwf at infosecana.com Tue Nov 30 13:57:12 1999 From: cwf at infosecana.com (Chuck Flink) Date: Tue Nov 30 13:57:12 1999 Subject: [pptp-server] PPTP Authentication via PAM References: Message-ID: <004001bf3b6e$27bafb30$8900a8c0@infosecana.com> Note: The architecture of PPTP, as a graft onto PPP, means that "clear text" authentication is an extremely bad choice of options. Authentication takes place before negotiation of an encryption option under PPTP. If simple (clear text) password authentication method is used, you will be passing your password over the Internet in clear text.... in the case of PPP over dial-up, the clear text method is quite reasonable. In the case of PPP over the open Internet, this is quite risky. PPTP should never be used with less than CHAP. ...regardless of if encryption is negotiated AFTER PPP authentication is complete. ----- Original Message ----- From: "Nate Carlson" To: "PoPToP mailing list" Sent: Monday, November 29, 1999 2:42 PM Subject: [pptp-server] PPTP Authentication via PAM > Hi, > > Is it possible to have PPTP users authenticated via pam instead of > chap-secrets? I'd really prefer to allow my users to have the same > password for VPN as e-mail and such. Thanks! > > -- > Nate Carlson | Phone : (612)943-8700 > http://www.real-time.com | Fax : (612)943-8500 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > > From luyer at zip.com.au Tue Nov 30 18:17:19 1999 From: luyer at zip.com.au (David Luyer) Date: Tue Nov 30 18:17:19 1999 Subject: [pptp-server] Using encrypted passwords in the chap-secrets file In-Reply-To: Message from "Chuck Flink"