[pptp-server] Rebuilt PoPToP - now it doesn't work :-(

Brian Aust baust at healthdec.com
Tue Dec 5 12:40:17 CST 2000 

Well I'd had a working PoPToP box for my organisation for 8 months until a
German hacker broke in and compromised it.

So this past weekend I rebuilt it, and sadly to say, I can't get it back up
and running.

I'm running RHAT6.2, pptpd-1.0.0-1 RPM, and pppd 2.3.11.  No patches, no
encryption.  Just basic poptop.

Here's the var/log/messages printout:

Dec  5 14:22:07 BNYATALIE pptpd[1681]: CTRL: Client 24.25.24.109 control
connect
ion started
Dec  5 14:22:07 BNYATALIE pptpd[1681]: CTRL: Starting call (launching pppd,
open
ing GRE)
Dec  5 14:22:08 BNYATALIE kernel: CSLIP: code copyright 1989 Regents of the
Univ
ersity of California
Dec  5 14:22:08 BNYATALIE kernel: PPP: version 2.3.7 (demand dialling)
Dec  5 14:22:08 BNYATALIE kernel: PPP line discipline registered.
Dec  5 14:22:08 BNYATALIE kernel: registered device ppp0
Dec  5 14:22:08 BNYATALIE pppd[1682]: pppd 2.3.11 started by root, uid 0
Dec  5 14:22:08 BNYATALIE pppd[1682]: Using interface ppp0
Dec  5 14:22:08 BNYATALIE pppd[1682]: Connect: ppp0 <--> /dev/pts/1
Dec  5 14:22:38 BNYATALIE pptpd[1681]: CTRL: Error with select(), quitting
Dec  5 14:22:38 BNYATALIE pptpd[1681]: CTRL: Client 24.25.24.109 control
connect
ion finished
Dec  5 14:22:38 BNYATALIE pppd[1682]: Modem hangup
Dec  5 14:22:38 BNYATALIE pppd[1682]: Connection terminated.
Dec  5 14:22:38 BNYATALIE pppd[1682]: Exit.


Here's the options file:
lock
debug
auth
+chap
proxyarp
ms-dns 10.1.1.2
ms-wins 10.1.1.2
domain healthdec.com
name bnyatalie  

In pptpd.conf, i simply have:
speed 115200
localip 10.1.1.69  (the addy of the poptop server)
remoteip 10.3.1.1-99  (internal DHCP assigns this)

I do have ip_forwarding enabled in /proc/sys/net/ipv4/ip_forward.

What bothers me is that i previously had this working perfectly, and i'd
saved my options and chap-secrets files.  
The only big difference is that before, my server was a multi-homed machine
that had both external and internal interfaces.  The new server is purely
internal interface, behind a Checkpoint FW-1 firewall.  But i've opened up
TCP 1723, as well as IP header protocol 47 (GRE).  And it looks like the
error is on the poptop server, not with packets failing to get there.

What is really missing is authentication.  Usually in the past, even if it
failed, i at least got "baust authenticated, assigned IP address 10.3.1.2"
or something like that...  here, it doesn't look like it's even consulting
the chap-secrets file.

Thanks,
Brian

More information about the pptp-server mailing list