[pptp-server] Authentication ppp Help!!

tmk tmk at netmagic.net
Wed Nov 10 18:32:58 CST 1999 

your problem is a routing problem. you need to tell NT that there is a path
to the 200.*.*.* lan using the linux box as a gateway. You then need be sure
that ip forwarding is enabled so linux will route the packets. All computers
involved in the conversation will have to have the linux box listed as a
gateway.

i *THINK* the nt command to add the route is:
route add 200.0.0.0 mask 255.0.0.0 172.16.0.2 metric 1

in english, this says "add a route to the 200.*.*.* network using 172.16.0.2
as a gateway. It takes one hop to get there."

the linux box will probably not need any additional configuration.

Kevin

----- Original Message -----
From: Toktar, Emir <EMIR.TOKTAR at bra.xerox.com>
To: <pptp-server at lists.schulte.org>
Cc: <toktar at per.com.br>
Sent: Wednesday, November 10, 1999 1:02 PM
Subject: [pptp-server] Authentication ppp Help!!


> Hello everybody,
>
>
> I´m using PoPToP and it is working fine and I´m doing performance tests
via
> LAN to LAN with VPN over LAN.
>
> I have installed the following softwares:
> pptp-1.0.0
> ppp-2.3.8
> SSLeay-0.6.6b
> Red Hat 6.0 kernel 2.2.5-15
>
>
> 1)***************THIS WORK***********************************
>
> LAN configuration tested :
>
> |
> |   LAN 200.170.98.*
> |   Domain (DNS): puc.anydomain.edu
> |   Server NIS : 200.170.98.147
> |   [NIS server on this LAN]
> |
> | Linux VPN
> |     Host Name: "vpnlinux"
> |     Samba server ok
> |     |--------------------------|
> |-----|IP (eth1): 200.170.98.50  |
> |-----|IP (eth0): 172.16.0.2     |
> | TTTT|--------------------------|
> | T
> | T
> | T
> | T
> | T "VPN Tunnel"
> | T
> | T
> | T
> | T NT Server
> | T Host Name: "ntsrv"
> | T Network Domain (NT): DAEMON
> | T   DNS Domain:  crypto.net
> | TTTT|--------------------------|
> |-----|IP: 172.16.0.1            |
> |     |--------------------------|
> |
>
>
>
> /etc/pptpd.conf
>    speed 115200
>    localip 192.168.0.234-238
>    remoteip 192.168.1.234-238
>
> /etc/ppp/options
>    debug
>    name vpnlinux.crypto.net
>    auth
>    require-chap
>    proxyarp ....
>
> /etc/ppp/chap-secrets
>    billy   vpnlinux.crypto.net    bob    *
>
>
>
> 1)This configuration, the NT Server "ntsrv" (172.16.0.1) can´t ping or
make
> telnet (of course!) to any adress 200.170.98.*, but browsing NT (by
Network
> Neighborhood) list servers, domains and workgroups. [Linux,Solaris, NT and
> others].
>
> e.g. Connectivity means that you have a physical network path between your
> local computer and a remote computer. BROWSING is the ability to search a
> local or remote network for resources.
>
>
>
> When I make a conection Dialup from VPN Server, the computer "ntsrv"
> receives a remoteip and I can see in Windows Explorer NT (via Samba):
> ______________________________________________________
> +My Computer
> +Network Neighborhood
>    DAEMON
>      |- ntsrv\\shared (172.16.0.1)
>      |- linuxvpn\\shared (172.16.0.2)
>      |- linuxvpn\\shared (192.168.1.234) VPN conection
>    OTHERS
>    WORKGROUPS
>    ....
> ___________________________________________________
>
> I can ping, open Telnet sessions in LAN 172.*** or 192.****, access files
> etc.
> I tested the performance by sending files in connections CHAP, MS-CHAP,
> encryption and more....
>
>
>
>
> 2)*************PROBLEM********************************************
>
> I changed LAN configuration to interconnect two LANs with VPN Linux
> dual-homed and now I have some problems:
>
> I split up the LAN phisically, as showed below and I did the setup from
> Linux VPN "vpn" host to NIS Server (secundary domain options in
linuxconfig)
>
> |
> |   LAN 200.170.98.*
> |   Domain (DNS): puc.anydomain.edu
> |   Server NIS : 200.170.98.147
> |   Host Name NIS: nis.puc.anydomani.edu
> |   [NIS server on this LAN]
> |
> |
> |   Linux VPN
> |   Host Name: vpnlinux
> |   eth1: obelix.puc.anydomain.edu
> |   eth0: vpnlinux.crypto.net
> |   primary server: 172.16.0.1 ## NT Server
> |   secundary server: 200.170.98.147 ## Linux NIS
> |   Samba server ok
> |----|--------------------------LAN 200.***
>      |IP (eth1): 200.170.98.50 |
>      |                         |
>      |                         |
> |----|IP (eth0): 172.16.0.2    |
> | TTT|                         |LAN 172.***
> | T  |-------------------------|
> | T
> | T
> | T
> | T "VPN Tunnel"
> | T
> | T
> | T
> | TTT NT Server
> |-----IP: 172.16.0.1
> |     Host Name: ntsrv
> |     Network Domain (NT): DAEMON
>       DNS Domain:  crypto.net
>
>
> /etc/pptpd.conf
>    speed 115200
>    localip 200.170.98.40       #free address
>    remoteip 200.170.98.41-44   #range free address
>
> /etc/ppp/options
>    debug
>    name  nis.puc.anydomani.edu   #NIS Server from 200.***
>    auth
>    require-chap
>    proxyarp ....
>
> /etc/ppp/chap-secrets
>    billy   nis.puc.anydomani.edu    bob    *
>
>
> When I make a connection DUN to VPN Server (172.16.0.2), I receive a
> remoteip IP 200.170.98.41 and I can ping others computers in this network
> address, on the computer "ntsrv", I CAN´T SEE ANY LIST in Windows Explorer
> NT (via Samba - same situation):
> ______________________________________________________
> +My Computer
> +Network Neighborhood
>    DAEMON
>      |- ntsrv\\shared (172.16.0.1)
>      |- linuxvpn\\shared (172.16.0.2)
>      |
>      |-> "NO MORE BROWSE ANY DEVICE FROM NETWORK" ?????
> ______________________________________________________
>
>
> A) What's wrong in this configuration that I can't see the browsing but
> what's says the box above?
> >e.g. I think about samba config.
>
>
> B) How Can I authenticate the user by using NIS Server to avoid having the
> name and password  of the user recorded in /etc/ppp/chap-secrets?
>
> # I wouldn´t like of to use
> # names in clear-text mode ==> chap-secrets
> #
> #/etc/ppp/chap-secrets
> #   billy   nis.puc.anydomani.edu    bob    *
>
>
> Is there any script to send me like example? I´m reading some PPP HowTo
but
> I´m not certainly the solution...
> If the NIS Server makes users authentication, it can manager the passwords
> changes, or maybe, using the /etc/passwd file with users registered and
not
> etc/ppp/chap-secrets file.
>
>
>
> Regards
>
> Emir Toktar
>
> +55 (**41) 340-7157
> emir.toktar at bra.xerox.com
> toktar at per.com.br
> toktar at ppgia.pucpr.br
>
> Emir Toktar
>
> +55 (**41) 340-7157
> emir.toktar at bra.xerox.com
> toktar at per.com.br
> toktar at ppgia.pucpr.br
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>

More information about the pptp-server mailing list