[pptp-server] Authentication ppp dual-homed

Emir Toktar toktar at per.com.br
Tue Nov 23 20:40:31 CST 1999 

(sent with font courrier new)

Kevin

I saw the route in Windows NT after the conection.

/etc/pptpd.conf
   speed 115200
   localip 200.170.98.40       #free address
   remoteip 200.170.98.41-44   #range free address


Network Dest.   Netmask          Gateway       Interface
__________________________________________________________
0.0.0.0        0.0.0.0         200.17.98.41  200.170.98.41
...
172.16.0.0     255.255.0.0     172.16.0.1    172.16.0.1
172.16.0.1     255.255.255.255 127.0.0.1     127.0.0.1
172.16.0.2     255.255.255.255 172.16.0.1    172.16.0.1
200.170.98.0   255.255.255.0   200.170.98.41 200.170.98.41
200.170.98.41  255.255.255.255 127.0.0.1     127.0.0.1
200.170.98.255 255.255.255.255 200.170.98.41 200.170.98.41

> ip forwarding is enabled
It's OK!

I can ping any address 200.170.98.*, but I can't open a telnet session to
NIS Server for example,only on IP received via VPN or IP 200.170.98.50 (eth1
VPN).
(eth0 VPN 172.16.0.2)

> in english, this says "add a route to the 200.*.*.*
> network using 172.16.0.2 as a gateway.
> It takes one hop to get there."
Ok, but looking the table above, 172.16.0.2 used 172.16.0.1 that used
127.0.0.1 like gateway. Am I rigth? If I add 200.*** network using
172.16.0.2 as a gateway won't be like same effect of the route table above?
I think that I forgot setting anything on VPN...


(Brownsing NT same...)
I saw that after conection, a table route was built by itself and the
gateway was 127.0.0.1, and not 172.16.0.2(eth0 VPN Server) like your
suggestion.
Any suggestion more? I'd appreciate.


>> B) How Can I authenticate the user by using NIS Server
>> to avoid having the name and password  of the user
>> recorded in /etc/ppp/chap-secrets?
>>
>> # I wouldn´t like of to use
>> # names in clear-text mode ==> chap-secrets
>> #/etc/ppp/chap-secrets
>> #   billy   nis.puc.anydomani.edu    bob    *



Regards


Emir Toktar
+55 2141 232-4570
toktar at per.com.br
emir.toktar at bra.xerox.com
toktar at ppgia.pucpr.br

----- Original Message -----
From: tmk <tmk at netmagic.net>
To: Toktar, Emir <EMIR.TOKTAR at bra.xerox.com>;
<pptp-server at lists.schulte.org>
Cc: <toktar at per.com.br>
Sent: Wednesday, November 10, 1999 10:35 PM
Subject: Re: [pptp-server] Authentication ppp Help!!


> your problem is a routing problem. you need to tell NT
> that there is a path to the 200.*.*.* lan using the linux
> box as a gateway. You then need be sure that ip
> forwarding is enabled so linux will route the packets.
> All computers involved in the conversation will have to
> have the linux box listed as a gateway.
>
> i *THINK* the nt command to add the route is:
> route add 200.0.0.0 mask 255.0.0.0 172.16.0.2 metric 1
>
> in english, this says "add a route to the 200.*.*.*
> network using 172.16.0.2 as a gateway.
> It takes one hop to get there."
>
> The linux box will probably not need any additional
> configuration.
>
> Kevin
>
> ----- Original Message -----
> From: Toktar, Emir <EMIR.TOKTAR at bra.xerox.com>
> To: <pptp-server at lists.schulte.org>
> Cc: <toktar at per.com.br>
> Sent: Wednesday, November 10, 1999 1:02 PM
> Subject: [pptp-server] Authentication ppp Help!!
>
>
>> Hello everybody,
>>
>>
>> I´m using PoPToP and it is working fine and I´m doing
>> performance tests via LAN to LAN with VPN over LAN.
>>
>> I have installed the following softwares:
>> pptp-1.0.0
>> ppp-2.3.8
>> SSLeay-0.6.6b
>> Red Hat 6.0 kernel 2.2.5-15
>>
>> ************PROBLEM******************************
>>
>> I changed LAN configuration to interconnect two LANs
>> with VPN Linux dual-homed and now I have some problems:
>>
>> I split up the LAN phisically, as showed below and I did
>> the setup from Linux VPN "vpn" host to NIS Server
>> (secundary domain options in linuxconfig)
>>
>> |
>> |   LAN 200.170.98.*
>> |   Domain (DNS): puc.anydomain.edu
>> |   Server NIS : 200.170.98.147
>> |   Host Name NIS: nis.puc.anydomani.edu
>> |   [NIS server on this LAN]
>> |
>> |
>> |   Linux VPN
>> |   Host Name: vpnlinux
>> |   eth1: obelix.puc.anydomain.edu
>> |   eth0: vpnlinux.crypto.net
>> |   primary server: 172.16.0.1       ## NT Server
>> |   secundary server: 200.170.98.147 ## Linux NIS
>> |   Samba server ok
>> |
>> |----|--------------------------| LAN 200.***
>>      | IP (eth1): 200.170.98.50 |
>>      |                          |
>>      |      DUAL-HOMED          |
>>      |                          |
>> |----| IP (eth0): 172.16.0.2    |
>> | TTT|--------------------------| LAN 172.***
>> | T
>> | T
>> | T "VPN Tunnel"
>> | T
>> | T
>> | TTT NT Server 4.0
>> |-----IP: 172.16.0.1
>>       Host Name: ntsrv
>>       Network Domain (NT): DAEMON
>>       DNS Domain:  crypto.net
>>
>>
>> /etc/pptpd.conf
>>    speed 115200
>>    localip 200.170.98.40       #free address
>>    remoteip 200.170.98.41-44   #range free address
>>
>> /etc/ppp/options
>>    debug
>>    name nis.puc.anydomani.edu #NIS Server from 200.***
>>    auth
>>    require-chap
>>    proxyarp ....
>>
>> /etc/ppp/chap-secrets
>>    billy   nis.puc.anydomani.edu    bob    *
>>
>>
>> When I make a connection DUN to VPN Server (172.16.0.2),
>> I receive a remoteip IP 200.170.98.41 and I can ping
>> others computers in this network address, on the
>> computer "ntsrv", I CAN´T SEE ANY LIST in Windows
>> Explorer NT (via Samba - same situation):
>> ______________________________________________________
>> +My Computer
>> +Network Neighborhood
>>    DAEMON
>>      |- ntsrv\\shared (172.16.0.1)
>>      |- linuxvpn\\shared (172.16.0.2)
>>      |
>>      |-> "NO MORE BROWSE ANY DEVICE FROM NETWORK" ???
>> ______________________________________________________
>>
>>
>> A) What's wrong in this configuration that I can't see
>> the browsing but what's says the box above?
>>
>>
>> B) How Can I authenticate the user by using NIS Server
>> to avoid having the name and password  of the user
>> recorded in /etc/ppp/chap-secrets?
>>
>> # I wouldn´t like of to use
>> # names in clear-text mode ==> chap-secrets
>> #
>> #/etc/ppp/chap-secrets
>> #   billy   nis.puc.anydomani.edu    bob    *
>>
>>
>> Is there any script to send me like example? I´m reading
>> some PPP HowTo but I´m not certainly the solution...
>> If the NIS Server makes users authentication, it can
>> manager the passwords changes, or maybe, using
>> the /etc/passwd file with users registered and
>> not etc/ppp/chap-secrets file.
>>
>>
>>
>> Regards
>>
>> Emir Toktar
>>
>> +55 (**41) 340-7157
>> emir.toktar at bra.xerox.com
>> toktar at per.com.br
>> toktar at ppgia.pucpr.br
>>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>

More information about the pptp-server mailing list