[pptp-server] Still unable to get pptp to work
Cowles, Steve
Steve.Cowles at gte.net
Thu Sep 23 22:32:05 CDT 1999
Hello all,
I have been trying to get pptpd to work for a while now. I have followed all
of the instructions posted to this list along with the PopTop WEB site, but
still an unable to get a single ping to work once connected (I have no
problem connecting). I have a feeling that my problem is because I am
connecting to my Linux box (externally) which is also configured as a
firewall using ipchains for my home LAN. I have added the necessary commands
to allow port 47 and so on through the the box (see my rc.firewall below)
but am still unable to get a single ping to work in both directions. Also, I
am trying to connect using my laptop which is running NT4.0 Workstation
(SP5, 128bit) I loaded the standard VPN stuff from the original NT CD. I'm
not aware of any patches for VPN stuff.
Anyway, if anyone can see an obvious problem with any of my configuration
files, please point them out. At this point, I'm willing to try anything to
make this work. I work out of town Monday thru Friday and would like to
connect to my home LAN through local ISP's while on the road using a VPN.
Also, I have successfully setup my Linux box to recieve calls using mgetty.
ppp 2.3.8 works perfectly when I connect using straight ppp when spawned by
mgetty (without pptp). Obviously, I am assigning a local IP address when
using mgetty and ppp.
A little background:
Local LAN network address is 192.168.9.0/24
Linux box internal IP address is 192.168.9.1
Linux box external IP address is x.x.x.125 (for the purpose of this post
using ADSL connection)
When I create my dialup connection on my laptop, I specify the external IP
address of my Linux box. I have tried enabling/disabling all types of
parameters for this connection profile along with what is recommended in
posts to this list. I have tried to include every file that I can think of
so that someone might be able to point me in the right direction, along with
netstat, ifconfig outputs, tcpdump.
thanks (sorry for the long post, but I wanted to include relevent info)
Steve Cowles
***********************
<cut/paste from lsmod>
***********************
[scowles at voyager scowles]$ lsmod
Module Size Used by
ppp_mppe 13328 1 (autoclean)
ppp 19948 2 (autoclean) [ppp_mppe]
slhc 4268 0 (autoclean) [ppp]
ip_masq_portfw 2256 2 (autoclean)
ip_masq_ftp 2352 0
ip_masq_irc 1360 0 (unused)
ip_masq_raudio 2736 0 (unused)
3c59x 19272 2 (autoclean)
[scowles at voyager scowles]$
***********************
<netstat -rn output before connecting using pptpd>
***********************
[scowles at voyager scowles]$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.9.1 0.0.0.0 255.255.255.255 UH 0 0 0
eth0
192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
x.x.x.0 0.0.0.0 255.255.240.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 x.x.x.1 0.0.0.0 UG 0 0 0 eth1
***********************
<netstat -rn output after connecting using pptpd>
***********************
[scowles at voyager scowles]$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.9.1 0.0.0.0 255.255.255.255 UH 0 0 0
eth0
192.168.9.101 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
x.x.x.0 0.0.0.0 255.255.240.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 x.x.x.1 0.0.0.0 UG 0 0 0 eth1
***********************
<cut/paste from NT system, route print>
***********************
C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 02 d0 6a 5f 80 ...... NdisWan Adapter
0x3 ...00 00 00 00 00 00 ...... NdisWan Adapter
0x4 ...00 01 d0 32 5f 80 ...... NdisWan Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 209.142.71.73 209.142.71.73 1
x.x.x.125 255.255.255.255 209.142.71.73 209.142.71.73 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.9.0 255.255.255.0 192.168.9.101 192.168.9.101 1
192.168.9.101 255.255.255.255 127.0.0.1 127.0.0.1 1
209.142.71.0 255.255.255.0 209.142.71.73 209.142.71.73 1
209.142.71.73 255.255.255.255 127.0.0.1 127.0.0.1 1
209.142.71.255 255.255.255.255 209.142.71.73 209.142.71.73 1
224.0.0.0 224.0.0.0 192.168.9.101 192.168.9.101 1
224.0.0.0 224.0.0.0 209.142.71.73 209.142.71.73 1
255.255.255.255 255.255.255.255 192.168.9.101 192.168.9.101 1
===========================================================================
C:\>
***********************
<cut/paste of ifconfig after connection>
***********************
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.9.1 P-t-P:192.168.9.101 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:77 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
***********************
<cut/paste of pptp connection from /var/log/messages>
***********************
Sep 23 21:43:00 voyager pptpd[8169]: CTRL: Client 209.142.71.73 control
connecti
on started
Sep 23 21:43:00 voyager pptpd[8169]: CTRL: Starting call (launching pppd,
openin
g GRE)
Sep 23 21:43:00 voyager kernel: CSLIP: code copyright 1989 Regents of the
Univer
sity of California
Sep 23 21:43:00 voyager kernel: PPP: version 2.3.8 (demand dialling)
Sep 23 21:43:00 voyager kernel: PPP line discipline registered.
Sep 23 21:43:00 voyager kernel: registered device ppp0
Sep 23 21:43:00 voyager pppd[8170]: pppd 2.3.8 started by root, uid 0
Sep 23 21:43:00 voyager pppd[8170]: Using interface ppp0
Sep 23 21:43:00 voyager pppd[8170]: Connect: ppp0 <--> /dev/pts/5
Sep 23 21:43:04 voyager pptpd[8169]: CTRL: Ignored a SET LINK INFO packet
with r
eal ACCMs!
Sep 23 21:43:04 voyager kernel: PPP MPPE compression module registered
Sep 23 21:43:04 voyager kernel: PPP Deflate Compression module registered
Sep 23 21:43:04 voyager pppd[8170]: MSCHAP-v2 peer authentication succeeded
for
scowles
Sep 23 21:43:06 voyager pppd[8170]: found interface eth0 for proxy arp
Sep 23 21:43:06 voyager pppd[8170]: local IP address 192.168.9.1
Sep 23 21:43:06 voyager pppd[8170]: remote IP address 192.168.9.101
Sep 23 21:43:35 voyager pppd[8170]: CCP: timeout sending Config-Requests
***********************
<cut/paste from /var/log/pptpd.log after connection>
***********************
Sep 23 21:43:00 voyager pptpd[8169]: CTRL: Starting call (launching pppd,
openin
g GRE)
Sep 23 21:43:00 voyager pppd[8170]: pppd 2.3.8 started by root, uid 0
Sep 23 21:43:00 voyager pppd[8170]: Using interface ppp0
Sep 23 21:43:00 voyager pppd[8170]: Connect: ppp0 <--> /dev/pts/5
Sep 23 21:43:00 voyager pppd[8170]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<aut
h chap 81> <magic 0xfb8e2fd9> <pcomp> <accomp>]
Sep 23 21:43:01 voyager pppd[8170]: rcvd [LCP ConfReq id=0x0 <magic 0x7b2>
<pcom
p> <accomp>]
Sep 23 21:43:01 voyager pppd[8170]: sent [LCP ConfAck id=0x0 <magic 0x7b2>
<pcom
p> <accomp>]
Sep 23 21:43:03 voyager pppd[8170]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<aut
h chap 81> <magic 0xfb8e2fd9> <pcomp> <accomp>]
Sep 23 21:43:04 voyager pppd[8170]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
<aut
h chap 81> <magic 0xfb8e2fd9> <pcomp> <accomp>]
Sep 23 21:43:04 voyager pppd[8170]: sent [CHAP Challenge id=0x1
<3653e6cfdf43b5f
ca3223f44125571>, name = "voyager"]
Sep 23 21:43:04 voyager pptpd[8169]: CTRL: Ignored a SET LINK INFO packet
with r
eal ACCMs!
Sep 23 21:43:04 voyager pppd[8170]: rcvd [CHAP Response id=0x1
<5b594e94bd13a417
bb9150fe166365000000000000000088acd83d38c76447951e4bfedecc90820dcad3b984b1cd
00>, name = "scowles"]
Sep 23 21:43:04 voyager pppd[8170]: sent [CHAP Success id=0x1
"S=A86577948BF6C5B
46AA92A884E298CCC1F6B6"]
Sep 23 21:43:04 voyager pppd[8170]: sent [IPCP ConfReq id=0x1 <addr
192.168.9.1>
<compress VJ 0f 01>]
Sep 23 21:43:04 voyager pppd[8170]: sent [CCP ConfReq id=0x1 <deflate 15>
<defla
te(old#) 15> <mppe 1 0 0 20>]
Sep 23 21:43:04 voyager pppd[8170]: MSCHAP-v2 peer authentication succeeded
for
scowles
Sep 23 21:43:05 voyager pppd[8170]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 0>]
Sep 23 21:43:05 voyager pppd[8170]: sent [CCP ConfRej id=0x1 <mppe 1 0 0 0>]
Sep 23 21:43:05 voyager pppd[8170]: rcvd [IPCP ConfReq id=0x2 <addr 0.0.0.0>
<ms
-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Sep 23 21:43:05 voyager pppd[8170]: sent [IPCP ConfNak id=0x2 <addr
192.168.9.10
1> <ms-dns1 192.168.9.1> <ms-wins 192.168.9.2> <ms-dns3 192.168.9.1>
<ms-wins 19
2.168.9.2>]
Sep 23 21:43:05 voyager pppd[8170]: rcvd [IPCP ConfRej id=0x1 <compress VJ
0f 01
>]
Sep 23 21:43:05 voyager pppd[8170]: sent [IPCP ConfReq id=0x2 <addr
192.168.9.1>
]
Sep 23 21:43:05 voyager pppd[8170]: rcvd [CCP ConfRej id=0x1 <deflate 15>
<defla
te(old#) 15>]
Sep 23 21:43:05 voyager pppd[8170]: sent [CCP ConfReq id=0x2 <mppe 1 0 0
20>]
Sep 23 21:43:05 voyager pppd[8170]: rcvd [CCP TermReq id=0x3 00 00 02 dc]
Sep 23 21:43:05 voyager pppd[8170]: sent [CCP TermAck id=0x3]
Sep 23 21:43:05 voyager pppd[8170]: rcvd [IPCP ConfReq id=0x4 <addr
192.168.9.10
1> <ms-dns1 192.168.9.1> <ms-wins 192.168.9.2> <ms-dns3 192.168.9.1>
<ms-wins 19
2.168.9.2>]
Sep 23 21:43:05 voyager pppd[8170]: sent [IPCP ConfAck id=0x4 <addr
192.168.9.10
1> <ms-dns1 192.168.9.1> <ms-wins 192.168.9.2> <ms-dns3 192.168.9.1>
<ms-wins 19
2.168.9.2>]
Sep 23 21:43:06 voyager pppd[8170]: rcvd [IPCP ConfAck id=0x2 <addr
192.168.9.1>
]
Sep 23 21:43:06 voyager pppd[8170]: found interface eth0 for proxy arp
Sep 23 21:43:06 voyager pppd[8170]: local IP address 192.168.9.1
Sep 23 21:43:06 voyager pppd[8170]: remote IP address 192.168.9.101
Sep 23 21:43:06 voyager pppd[8170]: Script /etc/ppp/ip-up started (pid 8180)
Sep 23 21:43:06 voyager pppd[8170]: Script /etc/ppp/ip-up finished (pid
8180), s
tatus = 0x0
Sep 23 21:43:08 voyager pppd[8170]: sent [CCP ConfReq id=0x2 <mppe 1 0 0
20>]
Sep 23 21:43:08 voyager pppd[8170]: rcvd [CCP TermAck id=0x2]
Sep 23 21:43:11 voyager pppd[8170]: sent [CCP ConfReq id=0x2 <mppe 1 0 0
20>]
Sep 23 21:43:17 voyager last message repeated 2 times
Sep 23 21:43:18 voyager pppd[8170]: rcvd [CCP TermAck id=0x2]
Sep 23 21:43:20 voyager pppd[8170]: sent [CCP ConfReq id=0x2 <mppe 1 0 0
20>]
Sep 23 21:43:20 voyager pppd[8170]: rcvd [CCP TermAck id=0x2]
Sep 23 21:43:23 voyager pppd[8170]: sent [CCP ConfReq id=0x2 <mppe 1 0 0
20>]
Sep 23 21:43:24 voyager pppd[8170]: rcvd [CCP TermAck id=0x2]
Sep 23 21:43:26 voyager pppd[8170]: sent [CCP ConfReq id=0x2 <mppe 1 0 0
20>]
Sep 23 21:43:27 voyager pppd[8170]: rcvd [CCP TermAck id=0x2]
Sep 23 21:43:29 voyager pppd[8170]: sent [CCP ConfReq id=0x2 <mppe 1 0 0
20>]
Sep 23 21:43:29 voyager pppd[8170]: rcvd [CCP TermAck id=0x2]
Sep 23 21:43:32 voyager pppd[8170]: sent [CCP ConfReq id=0x2 <mppe 1 0 0
20>]
Sep 23 21:43:32 voyager pppd[8170]: rcvd [CCP TermAck id=0x2]
Sep 23 21:43:35 voyager pppd[8170]: CCP: timeout sending Config-Requests
***********************
<ping output from Linux box towards NT system>
***********************
[scowles at voyager scowles]$ ping 192.168.9.101
PING 192.168.9.101 (192.168.9.101): 56 data bytes
r
--- 192.168.9.101 ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss
[scowles at voyager scowles]$
***********************
<tcpdump output from ping towards NT box, tcpdump -i ppp0, note the reply>
***********************
22:19:41.173435 192.168.9.1 > 192.168.9.101: icmp: echo request
22:19:41.618335 192.168.9.101 > 192.168.9.1: icmp: echo reply
22:19:42.172197 192.168.9.1 > 192.168.9.101: icmp: echo request
22:19:42.533459 192.168.9.101 > 192.168.9.1: icmp: echo reply
22:19:43.172307 192.168.9.1 > 192.168.9.101: icmp: echo request
22:19:43.545091 192.168.9.101 > 192.168.9.1: icmp: echo reply
22:19:44.172390 192.168.9.1 > 192.168.9.101: icmp: echo request
22:19:44.572571 192.168.9.101 > 192.168.9.1: icmp: echo reply
22:19:45.172492 192.168.9.1 > 192.168.9.101: icmp: echo request
22:19:45.518369 192.168.9.101 > 192.168.9.1: icmp: echo reply
22:19:46.172578 192.168.9.1 > 192.168.9.101: icmp: echo request
22:19:46.615564 192.168.9.101 > 192.168.9.1: icmp: echo reply
22:19:47.172676 192.168.9.1 > 192.168.9.101: icmp: echo request
22:19:47.527838 192.168.9.101 > 192.168.9.1: icmp: echo reply
***********************
<tcpdump output from ping from NT box, tcpdump -i ppp0, note NO reply>
***********************
22:23:48.428864 192.168.9.101 > 192.168.9.1: icmp: echo request
22:23:49.714634 192.168.9.101 > 192.168.9.1: icmp: echo request
22:23:51.201163 192.168.9.101 > 192.168.9.1: icmp: echo request
22:23:52.713724 192.168.9.101 > 192.168.9.1: icmp: echo request
***********************
<ping output from NT box towards Linux internal IP address>
***********************
C:\>ping 192.168.9.1
Pinging 192.168.9.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
C:\>ping 192.168.9.2
Pinging 192.168.9.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
C:\>
***********************
<cut/paste from /etc/pptpd.conf>
***********************
speed 115200
localip 192.168.9.1 <NOTE: I have tried changing this to another
ip/network with no luck>
remoteip 192.168.9.100-110
***********************
<cut/paste from /etc/ppp/options>
***********************
lock
debug
auth
name voyager
+chap
+chapms
+chapms-v2
mppe-40
mppe-stateless
netmask 255.255.255.0
ms-wins 192.168.9.2
ms-dns 192.168.9.1
proxyarp
***********************
<cut/paste from rc.firewall, modified from original to get pptp working>
***********************
#!/bin/sh
#=======================================================================
# Define Shell Functions for this script
#=======================================================================
get_if_ipaddress ()
{
INTERFACE=$1
if [ -x /sbin/ifconfig ] ; then
/sbin/ifconfig ${INTERFACE} | grep "inet addr:" | awk ' \
{
split ( $2, sbuf, ":" )
printf ("%s", sbuf[2])
} ' -
fi
}
#=======================================================================
# Define all Variables for this script
#=======================================================================
# Internal LAN
INT_IF="eth0"
INT_NET="192.168.9.0/24"
INT_IP="192.168.9.1"
# External LAN
EXT_IF="eth1"
EXT_NET="x.x.x.x/20"
EXT_IP=`get_if_ipaddress ${EXT_IF}`
DEF_ROUTE="x.x.x.1"
ANYWHERE="0.0.0.0/0"
EXCH_IP="192.168.9.2"
IPCHAINS="/sbin/ipchains"
IPMASQADM="/usr/sbin/ipmasqadm"
DEPMOD="/sbin/depmod"
MODPROBE="/sbin/modprobe"
# ===============================================================
# Finally... setup the IP chains
# ===============================================================
if [ -x ${IPCHAINS} ] ; then
# =======================================================
# Flush chains. Not needed at bootup, but nice for debug
# =======================================================
${IPCHAINS} -F input
${IPCHAINS} -F output
${IPCHAINS} -F forward
# =======================================================
# Set Default chain policies
# =======================================================
# NOTE: I have tried ACCEPT for input/ouput with no luck
${IPCHAINS} -P input DENY
${IPCHAINS} -P output ACCEPT
${IPCHAINS} -P forward DENY
# =======================================================
# Output Chains
# =======================================================
# NOTE: Have tried commenting these lines out with no luck
${IPCHAINS} -A output -p TCP -d ${ANYWHERE} www -t 0x01 0x10
${IPCHAINS} -A output -p TCP -d ${ANYWHERE} telnet -t 0x01 0x10
${IPCHAINS} -A output -p TCP -d ${ANYWHERE} ftp -t 0x01 0x02
# =======================================================
# Input Chains
# =======================================================
# ----------------
# eth0 (Internal)
# ----------------
# Allow all incoming packets to internal interface
${IPCHAINS} -A input -i ${INT_IF} -j ACCEPT
# ----------------
# eth1 (External)
# ----------------
# NOTE: pptp stuff, added these lines per post to pptp list
${IPCHAINS} -A input -p tcp -d ${EXT_IP} 1723 -j ACCEPT
${IPCHAINS} -A input -p 47 -d ${EXT_IP} -j ACCEPT
# Finally, Allow incoming data from Internet to be accepted
${IPCHAINS} -A input -i ${EXT_IF} -j ACCEPT
# ----------------
# lo (Loopback)
# ----------------
# Also accept all local loopback packets
${IPCHAINS} -A input -i lo -j ACCEPT
# =======================================================
# Masquerade Settings
# =======================================================
${IPCHAINS} -M -S 7200 10 60
# =======================================================
# Forward Chains (and Masquerade)
# =======================================================
# NOTE: pptp stuff, added these lines per post in pptp list
${IPCHAINS} -A forward -p tcp -d ${EXT_IP} 1723 -j ACCEPT
${IPCHAINS} -A forward -p tcp -s ${EXT_IP} 1723 -j ACCEPT
${IPCHAINS} -A forward -p 47 -d ${EXT_IP} -j ACCEPT
${IPCHAINS} -A forward -p 47 -s ${EXT_IP} -j ACCEPT
# NOTE: Tried this with no change, added per post to list
${IPCHAINS} -A forward -i ppp0 -j ACCEPT
${IPCHAINS} -A forward -j MASQ -s ${INT_NET} -d ${ANYWHERE}
fi
# =========================================================
# Port Forwarding Settings (external to internal IP/ports)
# =========================================================
NOTE: This part does not apply, but have commented it out with no luck
if [ -x ${IPMASQADM} ] ; then
${IPMASQADM} portfw -f
${IPMASQADM} portfw -a -P tcp -L ${EXT_IP} 80 -R ${EXCH_IP} 80
${IPMASQADM} portfw -a -P tcp -L ${EXT_IP} 110 -R ${EXCH_IP} 110
fi
More information about the pptp-server
mailing list