From ddobre at deuroconsult.ro Thu Jun 1 03:10:59 2000 From: ddobre at deuroconsult.ro (Dragos DOBRE) Date: Thu, 01 Jun 2000 11:10:59 +0300 Subject: [pptp-server] pptpd+chapms+radius References: Message-ID: <39361A93.D56F8A78@deuroconsult.ro> James MacLean wrote: > > In auth.c I check to see if client!=NULL and server !=NULL. So I am trying > to figure out where the mistake is :(. It should only actually try to > contact the radius server when it has either a server or a client passwd. but the chap part hasn't been yet passed! I mean the server doesn't have the client-name yet! so pppd goes to radiusclient with NULL client name! > I have tried switching the pppd's client/server order of radius checking > and some other switchies, but it does not show any delay contacting the > radius server... :(. well, there is NO delay. the problem is that when pppd goes up, prior to send or wait for LCP ConfReq auth chap it goes to radius server with NULL client! > Hmm. It does contact the radius server to see if the machine has a valid > entry ^^^^^^^ what machine? the server? > to connect with the remote system (it's name field has a valid line > to connect with the remotename) At this time it has only it's own machine > and radius returns no passwd, ^^^^^^^^^^ , radius is not contacted. radiusclient tryies to contact radserver but it times-out since it doesn't pass the correct name (it passes server=eris in my case), and after 3 or 4 time-outs, the client ppp times out...matter of 10xseconds or so. May 31 18:02:55 eris pptpd[7322]: CTRL: Client 192.168.4.149 control connection started May 31 18:02:55 eris pptpd[7322]: CTRL: Starting call (launching pppd, opening GRE) May 31 18:02:55 eris pppd[7323]: client=NULL, server=eris, secret=NULL May 31 18:02:55 eris pppd[7323]: client2=NULL, server=eris, secret=NULL word=!nothing addrs=Ok May 31 18:02:55 eris pppd[7323]: Trying Radius client=NULL, server=eris devnam=/dev/pts/5 May 31 18:03:00 eris pppd[7323]: rc_send_server: no reply from RADIUS server eris.deuroconsult.ro:1812 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ May 31 18:03:00 eris pppd[7323]: S eris Return=-1, passwd=!nothing May 31 18:03:00 eris pppd[7323]: client=NULL, server=eris, secret=NULL May 31 18:03:00 eris pppd[7323]: HUH * May 31 18:03:00 eris pppd[7323]: pppd 2.3.11 started by root, uid 0 May 31 18:03:00 eris pppd[7323]: Using interface ppp0 May 31 18:03:00 eris pppd[7323]: Connect: ppp0 <--> /dev/pts/5 May 31 18:03:00 eris pppd[7323]: client=eris, server=NULL, secret=~D???~H??? May 31 18:03:00 eris pppd[7323]: client=eris, server=NULL, secret=NULL May 31 18:03:00 eris pppd[7323]: client2=eris, server=NULL, secret=NULL word=!nothing addrs=Ok May 31 18:03:00 eris pppd[7323]: Trying Radius client=eris, server=NULL devnam=/dev/pts/5 May 31 18:03:05 eris pppd[7323]: rc_send_server: no reply from RADIUS server eris.deuroconsult.ro:1812 May 31 18:03:05 eris pppd[7323]: C eris Return=-1, passwd=!nothing May 31 18:03:05 eris pppd[7323]: client=eris, server=NULL, secret=NULL May 31 18:03:05 eris pppd[7323]: client=NULL, server=eris, secret=NULL May 31 18:03:05 eris pppd[7323]: client2=NULL, server=eris, secret=NULL word=!nothing addrs=Ok May 31 18:03:05 eris pppd[7323]: Trying Radius client=NULL, server=eris devnam=/dev/pts/5 May 31 18:03:10 eris pppd[7323]: rc_send_server: no reply from RADIUS server eris.deuroconsult.ro:1812 May 31 18:03:10 eris pppd[7323]: S eris Return=-1, passwd=!nothing May 31 18:03:10 eris pppd[7323]: client=NULL, server=eris, secret=NULL May 31 18:03:10 eris pppd[7323]: HUH * May 31 18:03:10 eris pptpd[7322]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! May 31 18:03:10 eris pppd[7323]: client=mambo, server=eris, secret= May 31 18:03:10 eris pppd[7323]: client2=mambo, server=eris, secret= word=!nothing addrs=Ok May 31 18:03:10 eris pppd[7323]: Trying Radius client=mambo, server=eris devnam=/dev/pts/5 May 31 18:03:11 eris pppd[7323]: User mambo:mambo May 31 18:03:11 eris pppd[7323]: C mambo Return=1, passwd=C264F2FACC6A4BEE0FC013C0BAF7B9CB May 31 18:03:11 eris pppd[7323]: client=mambo, server=eris, secret=C264F2FACC6A4BEE0FC013C0BAF7B9CB May 31 18:03:11 eris pppd[7323]: MSCHAP peer authentication succeeded for mambo May 31 18:03:11 eris pppd[7323]: Cannot determine ethernet address for proxy ARP May 31 18:03:11 eris pppd[7323]: local IP address 10.10.10.1 May 31 18:03:11 eris pppd[7323]: remote IP address 10.10.10.201 > but since the function in auth.c does not > end with and error, negotiation can proceed. Is this were you are seeing a > stall? yes, i think this is the weak-part ! > > i made it work reducing the retries-number and time-out in > > radiusclient.conf > > I'd like to see if I can understand this better. You are getting a timeout > in that initial radius connect? I do not think I am seeing it happen here. ok, may I kindly ask you to pass me the whole source tree for your implementation of pppd+xtradius+radiusclient and i'll compile them on my system and see if we have the same-code. > What I do see is that pptp connects (Linux PPTP) take forever to complete > with the chap requests ping-ponging back and forth over the GRE, but the > Windows connects are fast. no, the chap requests aren't the problem here. i will compile them againg, clear the logs, upgrade my kernel to 2.2.15 and then try again. after that i'll send you all the logs.maybe all toghether we can figure-out what's happening. > I'd like to see it smoothen out :). well, me too :) > Thanks for all the feedback. 10k thanks for your help. > JES > -- > James B. MacLean macleajb at ednet.ns.ca respect, -- Dragos Adrian DOBRE Network Systems Specialist Deuroconsult Brasov, Romania From klussier at mclinux.com Thu Jun 1 15:17:23 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Thu, 01 Jun 2000 16:17:23 -0400 Subject: [pptp-server] (no subject) Message-ID: <3936C4D3.3AD12BA4@mclinux.com> Do you know what the "GRE: read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = Input/output error" line means? I left the entire session log intact so you could see the context. Jun 1 16:11:04 vpn pptpd[647]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Jun 1 16:11:04 vpn pptpd[647]: CTRL: local address = 192.168.1.63 Jun 1 16:11:04 vpn pptpd[647]: CTRL: remote address = 192.168.1.2 Jun 1 16:11:04 vpn pptpd[647]: CTRL: pppd speed = 115200 Jun 1 16:11:04 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection started Jun 1 16:11:04 vpn pptpd[647]: CTRL: Received PPTP Control Message (type: 1) Jun 1 16:11:04 vpn pptpd[647]: CTRL: Made a START CTRL CONN RPLY packet Jun 1 16:11:04 vpn pptpd[647]: CTRL: I wrote 156 bytes to the client. Jun 1 16:11:04 vpn pptpd[647]: CTRL: Sent packet to client Jun 1 16:11:05 vpn pptpd[647]: CTRL: Received PPTP Control Message (type: 7) Jun 1 16:11:05 vpn pptpd[647]: CTRL: Set parameters to 152 maxbps, 3 window size Jun 1 16:11:05 vpn pptpd[647]: CTRL: Made a OUT CALL RPLY packet Jun 1 16:11:05 vpn pptpd[647]: CTRL: Starting call (launching pppd, opening GRE) Jun 1 16:11:05 vpn pptpd[647]: CTRL: pty_fd = 4 Jun 1 16:11:05 vpn pptpd[647]: CTRL: tty_fd = 5 Jun 1 16:11:05 vpn pptpd[647]: CTRL: I wrote 32 bytes to the client. Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 1 16:11:05 vpn pptpd[647]: CTRL: Sent packet to client Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): local address = 192.168.1.63 Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): remote address = 192.168.1.2 Jun 1 16:11:05 vpn pptpd[647]: GRE: read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = Input/output error Jun 1 16:11:05 vpn pptpd[647]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jun 1 16:11:05 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection finished Jun 1 16:11:05 vpn pptpd[647]: CTRL: Exiting now Jun 1 16:11:05 vpn pptpd[494]: MGR: Reaped child 647 -- Kenny Lussier Systems Administrator Mission Critical Linux ****************************** If at first you don't succeed, destroy all evidence that you tried ****************************** From klussier at mclinux.com Thu Jun 1 15:27:03 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Thu, 01 Jun 2000 16:27:03 -0400 Subject: [pptp-server] GRE Failures Message-ID: <3936C717.F73364DB@mclinux.com> All, I set up poptop on a server, but I can't connect to it using the Linux pptp client ( I haven't had a chance to try a WinXX client yet). There is no firewall between machines, and no ipchains rules on the poptop server. TIA, Kenny Here is all of the info I can think of: The Errors: /var/log/pptp.log: Jun 1 16:11:04 vpn pptpd[647]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Jun 1 16:11:04 vpn pptpd[647]: CTRL: local address = 192.168.1.63 Jun 1 16:11:04 vpn pptpd[647]: CTRL: remote address = 192.168.1.2 Jun 1 16:11:04 vpn pptpd[647]: CTRL: pppd speed = 115200 Jun 1 16:11:04 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection started Jun 1 16:11:04 vpn pptpd[647]: CTRL: Received PPTP Control Message (type: 1) Jun 1 16:11:04 vpn pptpd[647]: CTRL: Made a START CTRL CONN RPLY packet Jun 1 16:11:04 vpn pptpd[647]: CTRL: I wrote 156 bytes to the client. Jun 1 16:11:04 vpn pptpd[647]: CTRL: Sent packet to client Jun 1 16:11:05 vpn pptpd[647]: CTRL: Received PPTP Control Message (type: 7) Jun 1 16:11:05 vpn pptpd[647]: CTRL: Set parameters to 152 maxbps, 3 window size Jun 1 16:11:05 vpn pptpd[647]: CTRL: Made a OUT CALL RPLY packet Jun 1 16:11:05 vpn pptpd[647]: CTRL: Starting call (launching pppd, opening GRE) Jun 1 16:11:05 vpn pptpd[647]: CTRL: pty_fd = 4 Jun 1 16:11:05 vpn pptpd[647]: CTRL: tty_fd = 5 Jun 1 16:11:05 vpn pptpd[647]: CTRL: I wrote 32 bytes to the client. Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 1 16:11:05 vpn pptpd[647]: CTRL: Sent packet to client Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): local address = 192.168.1.63 Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): remote address = 192.168.1.2 Jun 1 16:11:05 vpn pptpd[647]: GRE: read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = Input/output error Jun 1 16:11:05 vpn pptpd[647]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jun 1 16:11:05 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection finished Jun 1 16:11:05 vpn pptpd[647]: CTRL: Exiting now Jun 1 16:11:05 vpn pptpd[494]: MGR: Reaped child 647 /var/log/messages: Jun 1 16:11:04 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection started Jun 1 16:11:05 vpn pptpd[647]: CTRL: Starting call (launching pppd, opening GRE) Jun 1 16:11:05 vpn pptpd[647]: GRE: read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = Input/output error Jun 1 16:11:05 vpn pptpd[647]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jun 1 16:11:05 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection finished Jun 1 16:11:07 vpn kernel: ip_demasq_gre(): 192.168.1.195 -> 192.168.1.67 CID=0 no masq table, discarding Jun 1 16:11:32 vpn last message repeated 9 times Configs: Server Side: /etc/ppp/options: lock debug auth proxyarp +chap +chapms +chapms-v2 no-mppe-40 mppe-128 mppe-stateless /etc/pptp.conf speed 115200 debug localip 192.168.1.63 remote 192.168.1.66-69 listen 192.168.1.67 Client Side: /etc/ppp/options: lock debug noauth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless -- Kenny Lussier Systems Administrator Mission Critical Linux ****************************** If at first you don't succeed, destroy all evidence that you tried ****************************** From klussier at mclinux.com Thu Jun 1 15:28:37 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Thu, 01 Jun 2000 16:28:37 -0400 Subject: [pptp-server] (no subject) References: <3936C4D3.3AD12BA4@mclinux.com> Message-ID: <3936C775.5A9FFCDF@mclinux.com> My apologies... This e-mail wasn't supposed to go to the list. Kenny "Kenneth E. Lussier" wrote: > > Do you know what the "GRE: read(fd=4,buffer=804d7c0,len=8196) from PTY failed: > status = -1 error = Input/output error" line means? I left the entire session > log intact so you could see the context. > > Jun 1 16:11:04 vpn pptpd[647]: MGR: Launching /usr/local/sbin/pptpctrl to > handle client > Jun 1 16:11:04 vpn pptpd[647]: CTRL: local address = 192.168.1.63 > Jun 1 16:11:04 vpn pptpd[647]: CTRL: remote address = 192.168.1.2 > Jun 1 16:11:04 vpn pptpd[647]: CTRL: pppd speed = 115200 > Jun 1 16:11:04 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection > started > Jun 1 16:11:04 vpn pptpd[647]: CTRL: Received PPTP Control Message (type: 1) > Jun 1 16:11:04 vpn pptpd[647]: CTRL: Made a START CTRL CONN RPLY packet > Jun 1 16:11:04 vpn pptpd[647]: CTRL: I wrote 156 bytes to the client. > Jun 1 16:11:04 vpn pptpd[647]: CTRL: Sent packet to client > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Received PPTP Control Message (type: 7) > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Set parameters to 152 maxbps, 3 window > size > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Made a OUT CALL RPLY packet > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Starting call (launching pppd, opening > GRE) > Jun 1 16:11:05 vpn pptpd[647]: CTRL: pty_fd = 4 > Jun 1 16:11:05 vpn pptpd[647]: CTRL: tty_fd = 5 > Jun 1 16:11:05 vpn pptpd[647]: CTRL: I wrote 32 bytes to the client. > Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): Connection speed = > 115200 > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Sent packet to client > Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): local address = > 192.168.1.63 > Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): remote address = > 192.168.1.2 > Jun 1 16:11:05 vpn pptpd[647]: GRE: read(fd=4,buffer=804d7c0,len=8196) from > PTY failed: status = -1 error = Input/output error > Jun 1 16:11:05 vpn pptpd[647]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection > finished > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Exiting now > Jun 1 16:11:05 vpn pptpd[494]: MGR: Reaped child 647 > > -- > Kenny Lussier > Systems Administrator > Mission Critical Linux > ****************************** > If at first you don't succeed, > destroy all evidence that you > tried > ****************************** > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! -- Kenny Lussier Systems Administrator Mission Critical Linux ****************************** If at first you don't succeed, destroy all evidence that you tried ****************************** From thomas at laun-online.de Thu Jun 1 15:50:47 2000 From: thomas at laun-online.de (Thomas Laun) Date: Thu, 1 Jun 2000 22:50:47 +0200 Subject: [pptp-server] PPTP: PPP does not recognize the pptp session Message-ID: <000501bfcc0b$106934a0$8001a8c0@thomas> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, when trying to set up a pptp sssion from a windows client I get the following: Jun 1 22:42:11 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 7d 21 7d 22 7 d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 99 87 ... Jun 1 22:42:11 tintin pppd[1252]: get_input: Received non-LCP packet when LCP n ot open. Jun 1 22:42:14 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 7d 21 7d 23 7 d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 34 82 ... Jun 1 22:42:14 tintin pppd[1252]: get_input: Received non-LCP packet when LCP n ot open. Jun 1 22:42:14 tintin pppd[1252]: sent [LCP ConfReq id=0x1 ] Jun 1 22:42:14 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 seconds. Jun 1 22:42:17 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 7d 21 7d 24 7 d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 77 9a ... Jun 1 22:42:17 tintin pppd[1252]: get_input: Received non-LCP packet when LCP n ot open. Jun 1 22:42:17 tintin pppd[1252]: sent [LCP ConfReq id=0x1 ] Jun 1 22:42:17 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 seconds. Jun 1 22:42:20 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 7d 21 7d 25 7 d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 da 9f ... Jun 1 22:42:20 tintin pppd[1252]: get_input: Received non-LCP packet when LCP n ot open. Jun 1 22:42:20 tintin pppd[1252]: sent [LCP ConfReq id=0x1 ] Jun 1 22:42:20 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 seconds. Jun 1 22:42:23 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 7d 21 7d 26 7 d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 2d 91 ... Jun 1 22:42:23 tintin pppd[1252]: get_input: Received non-LCP packet when LCP n ot open. Jun 1 22:42:23 tintin pppd[1252]: sent [LCP ConfReq id=0x1 ] Jun 1 22:42:23 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 seconds. Jun 1 22:42:26 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 7d 21 7d 27 7 d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 80 94 ... Jun 1 22:42:26 tintin pppd[1252]: get_input: Received non-LCP packet when LCP n ot open. Jun 1 22:42:26 tintin pppd[1252]: sent [LCP ConfReq id=0x1 ] Jun 1 22:42:26 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 seconds. Jun 1 22:42:29 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 7d 21 7d 28 7 d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 ab a1 ... Jun 1 22:42:29 tintin pppd[1252]: get_input: Received non-LCP packet when LCP n ot open. Jun 1 22:42:29 tintin pppd[1252]: sent [LCP ConfReq id=0x1 ] Jun 1 22:42:29 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 seconds. Jun 1 22:42:32 tintin named[422]: ns_forw: sendto([195.182.96.29].53): Network is unreachable Jun 1 22:42:32 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 7d 21 7d 29 7 d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 7d 26 ... Jun 1 22:42:32 tintin pppd[1252]: get_input: Received non-LCP packet when LCP n ot open. Jun 1 22:42:32 tintin pppd[1252]: sent [LCP ConfReq id=0x1 ] Jun 1 22:42:32 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 seconds. Jun 1 22:42:35 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 7d 21 7d 2a 7 d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 f1 aa ... Jun 1 22:42:35 tintin pppd[1252]: get_input: Received non-LCP packet when LCP n ot open. Jun 1 22:42:35 tintin pppd[1252]: sent [LCP ConfReq id=0x1 ] Jun 1 22:42:35 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 seconds. Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Received PPTP Control Message (type: 1 2) Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Made a CALL DISCONNECT RPLY packet Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Received CALL CLR request (closing cal l) Jun 1 22:42:38 tintin pppd[1252]: Modem hangup Jun 1 22:42:38 tintin pppd[1252]: Untimeout 0x8050b70:0x807a560. Jun 1 22:42:38 tintin pppd[1252]: Connection terminated. Jun 1 22:42:38 tintin pppd[1252]: Exit. Jun 1 22:42:38 tintin pptpd[1251]: CTRL: I wrote 148 bytes to the client. Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Sent packet to client Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Error with select(), quitting Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Client 192.168.1.128 control connectio n finished Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Exiting now Jun 1 22:42:38 tintin pptpd[373]: MGR: Reaped child 1251 I tried with the latest patches for ppp-2.3.11 and the original 2.3.10, same result with both. My pptp.conf looks like this: speed 115200 option /etc/ppp/options.pptp debug localip 192.168.0.1 remoteip 192.168.1.100-199 pidfile /var/run/pptpd.pid options.pptp looks like this: debug ## change 'servername' to whatever you specify as your server name in chap-secre ts auth name tintin require-chap proxyarp lock +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless I configured everything as recommended in the Howto on the Moretonbay server, no change ever from the messages above. Does anyone have an idea what I could be doung wrong ? I am using SuSE 6.4 with the original startup script and I am running the 2.2.15 kernel. Best regards, Thomas. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use iQA/AwUBOTa+l/cJbJwbbejREQLO5wCg0UAHWD4Xr+/8XSlP9FRkKIUQZ18AoLNP 1ifAG941Id39cMXblerOCsxU =iC+C -----END PGP SIGNATURE----- From USTS034 at UABDPO.DPO.UAB.EDU Thu Jun 1 16:11:46 2000 From: USTS034 at UABDPO.DPO.UAB.EDU (Landy Manderson) Date: Thu, 01 Jun 00 16:11:46 CDT Subject: [pptp-server] Re: Encrypted sessions using NTS Tunnel Builder Message-ID: <200006012118.e51LIKB08925@snaildust.schulte.org> I traced this problem down to a couple of bugs in the ppp-2.3.10 MPPE patch. One bug caused the MPPE start key to be malformed for 40-bit encryption, and the other (totally unrelated) bug caused a bad start key for 128-bit encryption. These only manifested themselves when MSChap (v1) authentication was used, which is why the M$ VPN adapter was working for us (it was using MSChapV2 auth.) If this is a documented problem, I'll gladly slink away chastised. But if this is news to anyone, I'll be happy to provide the corrections we used. On Tue, 30 May 00 14:21:07 CDT I said: >I've been running PoPToP 1.0 for a few weeks, and successfully connecting >in with Windows 9x and all of the appropriate patches. Now, we are trying >out NTS Tunnel Builder so that our Mac clients will be able to connect also. >The problem I'm having is that the session will connect but not pass traffic >if encryption is selected. This is the case for both the PC and Mac versions >of Tunnel Builder. It is requesting 40-bit stateless encryption, and the >log shows that all packets after this is negotiated are essentially garbled. >It is almost as if the two ends do not agree on how to perform or initialize >the encryption. > >So I guess my question is, is anyone using a similar configuration with >success? Is there anything obvious which I could've overlooked? I would >think I have one of the patches installed incorrectly if the M$ VPN adapter >didn't work flawlessly when it requests the very same encryption. From ddobre at deuroconsult.ro Fri Jun 2 01:24:40 2000 From: ddobre at deuroconsult.ro (Dragos DOBRE) Date: Fri, 02 Jun 2000 09:24:40 +0300 Subject: [pptp-server] Re: Encrypted sessions using NTS Tunnel Builder References: <200006012118.e51LIKB08925@snaildust.schulte.org> Message-ID: <39375328.E6A0F452@deuroconsult.ro> Landy Manderson wrote: > > I traced this problem down to a couple of bugs in the ppp-2.3.10 MPPE patch. > One bug caused the MPPE start key to be malformed for 40-bit encryption, > and the other (totally unrelated) bug caused a bad start key for 128-bit > encryption. These only manifested themselves when MSChap (v1) authentication > was used, which is why the M$ VPN adapter was working for us (it was using > MSChapV2 auth.) > > If this is a documented problem, I'll gladly slink away chastised. But if > this is news to anyone, I'll be happy to provide the corrections we used. > I think that a patch would be useful for all the people on the list. respect, -- Dragos Adrian DOBRE Network Systems Specialist Deuroconsult Brasov, Romania From USTS034 at UABDPO.DPO.UAB.EDU Fri Jun 2 12:01:21 2000 From: USTS034 at UABDPO.DPO.UAB.EDU (Landy Manderson) Date: Fri, 02 Jun 00 12:01:21 CDT Subject: [pptp-server] Re: Encrypted sessions using NTS Tunnel Builder In-Reply-To: Your message of Fri, 02 Jun 2000 09:24:40 +0300 Message-ID: <200006021712.e52HCHh15341@snaildust.schulte.org> I've included the patch below. You should able to apply it against source already patched by ppp-2.3.10-openssl-norc4-mppe.patch, or use it to make the appropriate mods to the original patch. The first error looks to be an "oops". The second I'm betting was due to misinformation in an earlier release of the MPPE Key Derivation I-D (draft-ietf-pppext-mppe-keys-02.txt). On Fri, 02 Jun 2000 09:24:40 +0300 Dragos DOBRE said: >I think that a patch would be useful for all the people on the list. diff -rupN ppp-2.3.10.orig/pppd/extra_crypto.c ppp-2.3.10/pppd/extra_crypto.c --- ppp-2.3.10.orig/pppd/extra_crypto.c Sat May 27 16:30:02 2000 +++ ppp-2.3.10/pppd/extra_crypto.c Thu Jun 1 14:58:46 2000 @@ -43,7 +43,7 @@ LmPasswordHash(char *password, int len, /* LANMan password is case insensitive */ BZERO(up_pass, sizeof(up_pass)); for (i = 0; i < len; i++) - up_pass[i] = (u_char)toupper(up_pass[i]); + up_pass[i] = (u_char)toupper(password[i]); DesEncrypt(MSStdText, up_pass + 0, hash + 0); DesEncrypt(MSStdText, up_pass + 7, hash + 8); } diff -rupN ppp-2.3.10.orig/pppd/mppe.c ppp-2.3.10/pppd/mppe.c --- ppp-2.3.10.orig/pppd/mppe.c Sat May 27 16:30:02 2000 +++ ppp-2.3.10/pppd/mppe.c Thu Jun 1 15:39:55 2000 @@ -121,7 +121,8 @@ mppe_get_start_key(unsigned char *Challe SHA1_Init(&Context); SHA1_Update(&Context, NtPasswordHashHash, 16); - SHA1_Update(&Context, Challenge, 24); + SHA1_Update(&Context, NtPasswordHashHash, 16); + SHA1_Update(&Context, Challenge, 8); SHA1_Final(Digest, &Context); BCOPY(Digest, InitialSessionKey, 16); } From thomas at laun-online.de Sat Jun 3 07:33:47 2000 From: thomas at laun-online.de (Thomas Laun) Date: Sat, 3 Jun 2000 14:33:47 +0200 Subject: [pptp-server] Re: PPP does not recognize the pptp session Message-ID: <000e01bfcd57$f6d0ef80$8001a8c0@thomas> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I found the problem: I had a options.pptp set up in pptp.conf _and_ an options file in /etc/ppp. PPTP was taking the latter one even so it was configured differently. When I deleteted the options file it worked immediately besides the fact that the client (Windows 98 SE) refuses to accept the assigned IP address. Does anyone have a solution for this ? Best regards, Thomas. - ----- Original Message ----- From: "Thomas Laun" To: Sent: Thursday, June 01, 2000 10:50 PM Subject: PPTP: PPP does not recognize the pptp session > >*** PGP Signature Status: good >*** Signer: Thomas Laun >*** Signed: 01.06.00 22:50:46 >*** Verified: 03.06.00 14:29:59 >*** BEGIN PGP VERIFIED MESSAGE *** > >Hi, >when trying to set up a pptp sssion from a windows client I get the >following: > >Jun 1 22:42:11 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 >7d 21 7d 22 7 >d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 99 >87 ... >Jun 1 22:42:11 tintin pppd[1252]: get_input: Received non-LCP >packet when LCP n >ot open. >Jun 1 22:42:14 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 >7d 21 7d 23 7 >d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 34 >82 ... >Jun 1 22:42:14 tintin pppd[1252]: get_input: Received non-LCP >packet when LCP n >ot open. >Jun 1 22:42:14 tintin pppd[1252]: sent [LCP ConfReq id=0x1 1490> 0x0> ] >Jun 1 22:42:14 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 >seconds. >Jun 1 22:42:17 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 >7d 21 7d 24 7 >d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 77 >9a ... >Jun 1 22:42:17 tintin pppd[1252]: get_input: Received non-LCP >packet when LCP n >ot open. >Jun 1 22:42:17 tintin pppd[1252]: sent [LCP ConfReq id=0x1 1490> 0x0> ] >Jun 1 22:42:17 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 >seconds. >Jun 1 22:42:20 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 >7d 21 7d 25 7 >d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 da >9f ... >Jun 1 22:42:20 tintin pppd[1252]: get_input: Received non-LCP >packet when LCP n >ot open. >Jun 1 22:42:20 tintin pppd[1252]: sent [LCP ConfReq id=0x1 1490> 0x0> ] >Jun 1 22:42:20 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 >seconds. >Jun 1 22:42:23 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 >7d 21 7d 26 7 >d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 2d >91 ... >Jun 1 22:42:23 tintin pppd[1252]: get_input: Received non-LCP >packet when LCP n >ot open. >Jun 1 22:42:23 tintin pppd[1252]: sent [LCP ConfReq id=0x1 1490> 0x0> ] >Jun 1 22:42:23 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 >seconds. >Jun 1 22:42:26 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 >7d 21 7d 27 7 >d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 80 >94 ... >Jun 1 22:42:26 tintin pppd[1252]: get_input: Received non-LCP >packet when LCP n >ot open. >Jun 1 22:42:26 tintin pppd[1252]: sent [LCP ConfReq id=0x1 1490> 0x0> ] >Jun 1 22:42:26 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 >seconds. >Jun 1 22:42:29 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 >7d 21 7d 28 7 >d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 ab >a1 ... >Jun 1 22:42:29 tintin pppd[1252]: get_input: Received non-LCP >packet when LCP n >ot open. >Jun 1 22:42:29 tintin pppd[1252]: sent [LCP ConfReq id=0x1 1490> 0x0> ] >Jun 1 22:42:29 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 >seconds. >Jun 1 22:42:32 tintin named[422]: ns_forw: >sendto([195.182.96.29].53): Network >is unreachable >Jun 1 22:42:32 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 >7d 21 7d 29 7 >d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 7d >26 ... >Jun 1 22:42:32 tintin pppd[1252]: get_input: Received non-LCP >packet when LCP n >ot open. >Jun 1 22:42:32 tintin pppd[1252]: sent [LCP ConfReq id=0x1 1490> 0x0> ] >Jun 1 22:42:32 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 >seconds. >Jun 1 22:42:35 tintin pppd[1252]: rcvd [proto=0x7eff] 7d 23 c0 21 >7d 21 7d 2a 7 >d 20 7d 2e 7d 25 7d 26 7d 20 7d 29 3b d4 7d 27 7d 22 7d 28 7d 22 f1 >aa ... >Jun 1 22:42:35 tintin pppd[1252]: get_input: Received non-LCP >packet when LCP n >ot open. >Jun 1 22:42:35 tintin pppd[1252]: sent [LCP ConfReq id=0x1 1490> 0x0> ] >Jun 1 22:42:35 tintin pppd[1252]: Timeout 0x8050b70:0x807a560 in 3 >seconds. >Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Received PPTP Control >Message (type: 1 >2) >Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Made a CALL DISCONNECT >RPLY packet >Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Received CALL CLR request >(closing cal >l) >Jun 1 22:42:38 tintin pppd[1252]: Modem hangup >Jun 1 22:42:38 tintin pppd[1252]: Untimeout 0x8050b70:0x807a560. >Jun 1 22:42:38 tintin pppd[1252]: Connection terminated. >Jun 1 22:42:38 tintin pppd[1252]: Exit. >Jun 1 22:42:38 tintin pptpd[1251]: CTRL: I wrote 148 bytes to the >client. >Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Sent packet to client >Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Error with select(), >quitting >Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Client 192.168.1.128 >control connectio >n finished >Jun 1 22:42:38 tintin pptpd[1251]: CTRL: Exiting now >Jun 1 22:42:38 tintin pptpd[373]: MGR: Reaped child 1251 > > >I tried with the latest patches for ppp-2.3.11 and the original >2.3.10, same result with both. My pptp.conf looks like this: > >speed 115200 >option /etc/ppp/options.pptp >debug >localip 192.168.0.1 >remoteip 192.168.1.100-199 >pidfile /var/run/pptpd.pid > >options.pptp looks like this: > >debug > >## change 'servername' to whatever you specify as your server name >in chap-secre >ts >auth >name tintin >require-chap >proxyarp >lock >+chap >+chapms >+chapms-v2 >mppe-40 >mppe-128 >mppe-stateless > >I configured everything as recommended in the Howto on the >Moretonbay server, no change ever from the messages above. Does >anyone have an >idea what I could be doung wrong ? I am using SuSE 6.4 with the >original startup script and I am running the 2.2.15 kernel. > >Best regards, >Thomas. > > >*** END PGP VERIFIED MESSAGE *** > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use iQA/AwUBOTjtG/cJbJwbbejREQIMfwCdGyCnAtXQqW2FtQ7zYB815IQqsn0AnidY sm30a0zv9/e76JzdWUJErZQV =Tknd -----END PGP SIGNATURE----- From dimambro at pacbell.net Sat Jun 3 17:53:00 2000 From: dimambro at pacbell.net (Brian L. DiMambro) Date: Sat, 03 Jun 2000 15:53:00 -0700 Subject: [pptp-server] Rebuilding VPN ... new levels ????? Message-ID: <39398C4C.ED8C2E87@pacbell.net> Hi all. I'm rebuilding my PPTPD VPN system from scratch. If I wanted to build the most current, full blown encrypting, fule injected , super charged implementation of PPTPD for RH6.2 with their stock 2.2.14 kernel. What should I download. The RH HOW-TO seems to cover the ppp-2.3.10 stuff usingg SSLeay-0.6.6b ... any suggestions???? Thanks in advance Brian From ranvir at mahindrabt.com Sun Jun 4 22:55:36 2000 From: ranvir at mahindrabt.com (Ranvir Jatana) Date: Mon, 05 Jun 2000 09:25:36 +0530 Subject: [pptp-server] unsuscribe Message-ID: <393B24B8.21D21472@mahindrabt.com> From graham at triad.net.au Mon Jun 5 03:15:25 2000 From: graham at triad.net.au (graham at triad.net.au) Date: Mon, 5 Jun 2000 18:15:25 +1000 Subject: [pptp-server] PPP dial outs to ISP fail Message-ID: I have installed PoPToP onto a RedHat 6.1 system and got the VPN working fine across our ethernet LAN. I then tried dialling out on the same PC to an ISP and I got the result below. I then wiped the Linux 6.1 and started from scratch, got the dialling to the ISP on ppp0 going first. All works well until I apply the pptp rpm (pptpd-1.0.0-1.i386.rpm). The same happens (ISP dial out on ppp0 fails). I notice that the 4th line in messages says ppp ver 2.3.7, yet 2.3.10 is the version on my RH 6.1 install CD. Any ideas?? Jun 5 17:58:55 mail ifup-ppp: pppd started for ppp0 on /dev/modem at 115200 Jun 5 17:58:56 mail modprobe: can't locate module char-major-108 Jun 5 17:58:56 mail kernel: CSLIP: code copyright 1989 Regents of the University of California Jun 5 17:58:56 mail kernel: PPP: version 2.3.7 (demand dialling) Jun 5 17:58:56 mail kernel: PPP line discipline registered. Jun 5 17:58:56 mail kernel: registered device ppp0 Jun 5 17:58:56 mail pppd[547]: The remote system (ppp0) is required to authenticate itself but I Jun 5 17:58:56 mail pppd[547]: couldn't find any suitable secret (password) for it to use to do so. Jun 5 17:58:58 mail modprobe: can't locate module char-major-108 Jun 5 17:58:58 mail ifup-ppp: pppd started for ppp0 on /dev/modem at 115200 Jun 5 17:58:58 mail pppd[559]: The remote system (ppp0) is required to authenticate itself but I Jun 5 17:58:58 mail pppd[559]: couldn't find any suitable secret (password) for it to use to do so. Jun 5 17:58:59 mail modprobe: can't locate module char-major-108 Jun 5 17:58:59 mail ifup-ppp: pppd started for ppp0 on /dev/modem at 115200 Jun 5 17:58:59 mail pppd[568]: The remote system (ppp0) is required to authenticate itself but I Jun 5 17:58:59 mail pppd[568]: couldn't find any suitable secret (password) for it to use to do so. Jun 5 17:58:59 mail modprobe: can't locate module char-major-108 Graham Graieg B.App.Sci Triad Computer Services graham at triad.net.au -------------- next part -------------- An HTML attachment was scrubbed... URL: From neale at lowendale.com.au Mon Jun 5 04:06:11 2000 From: neale at lowendale.com.au (Neale Banks) Date: Mon, 5 Jun 2000 19:06:11 +1000 (EST) Subject: [pptp-server] PPP dial outs to ISP fail In-Reply-To: Message-ID: On Mon, 5 Jun 2000 graham at triad.net.au wrote: > I have installed PoPToP onto a RedHat 6.1 system and got the VPN working > fine across our ethernet LAN. I then tried dialling out on the same PC to an > ISP and I got the result below. > > I then wiped the Linux 6.1 and started from scratch, got the dialling to the > ISP on ppp0 going first. All works well until I apply the pptp rpm > (pptpd-1.0.0-1.i386.rpm). The same happens (ISP dial out on ppp0 fails). > > I notice that the 4th line in messages says ppp ver 2.3.7, yet 2.3.10 is the > version on my RH 6.1 install CD. > > Any ideas?? > > > Jun 5 17:58:55 mail ifup-ppp: pppd started for ppp0 on /dev/modem at 115200 > Jun 5 17:58:56 mail modprobe: can't locate module char-major-108 > Jun 5 17:58:56 mail kernel: CSLIP: code copyright 1989 Regents of the > University of California > Jun 5 17:58:56 mail kernel: PPP: version 2.3.7 (demand dialling) > Jun 5 17:58:56 mail kernel: PPP line discipline registered. > Jun 5 17:58:56 mail kernel: registered device ppp0 > Jun 5 17:58:56 mail pppd[547]: The remote system (ppp0) is required to > authenticate itself but I > Jun 5 17:58:56 mail pppd[547]: couldn't find any suitable secret (password) > for it to use to do so. [snip] Looks like you're demanding that your ISP authenticate themselves to you (they probably won't do that ;-). Check that the options you are passing to pppd for calling your ISP includes "noauth". Perhaps somebody else can suggest why installation of pptpd should provoke this behaviour (one could speculate that it's changing the default ppp options from noauth to auth). HTH, Neale. From graham at triad.net.au Mon Jun 5 05:28:07 2000 From: graham at triad.net.au (graham at triad.net.au) Date: Mon, 5 Jun 2000 20:28:07 +1000 Subject: [pptp-server] PPP dial outs to ISP fail Message-ID: The system doesn't even dial any more..... I would expect the "auth" would be attempted after the modems had connected, but I could be wrong. How can I ask the PPTP to "auth" and the ISP's ppp not to "auth"? Graham -----Original Message----- From: Neale Banks [mailto:neale at lowendale.com.au] Sent: Monday, 5 June 2000 7:06 PM To: graham at triad.net.au Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPP dial outs to ISP fail On Mon, 5 Jun 2000 graham at triad.net.au wrote: > I have installed PoPToP onto a RedHat 6.1 system and got the VPN working > fine across our ethernet LAN. I then tried dialling out on the same PC to an > ISP and I got the result below. > > I then wiped the Linux 6.1 and started from scratch, got the dialling to the > ISP on ppp0 going first. All works well until I apply the pptp rpm > (pptpd-1.0.0-1.i386.rpm). The same happens (ISP dial out on ppp0 fails). > > I notice that the 4th line in messages says ppp ver 2.3.7, yet 2.3.10 is the > version on my RH 6.1 install CD. > > Any ideas?? > > > Jun 5 17:58:55 mail ifup-ppp: pppd started for ppp0 on /dev/modem at 115200 > Jun 5 17:58:56 mail modprobe: can't locate module char-major-108 > Jun 5 17:58:56 mail kernel: CSLIP: code copyright 1989 Regents of the > University of California > Jun 5 17:58:56 mail kernel: PPP: version 2.3.7 (demand dialling) > Jun 5 17:58:56 mail kernel: PPP line discipline registered. > Jun 5 17:58:56 mail kernel: registered device ppp0 > Jun 5 17:58:56 mail pppd[547]: The remote system (ppp0) is required to > authenticate itself but I > Jun 5 17:58:56 mail pppd[547]: couldn't find any suitable secret (password) > for it to use to do so. [snip] Looks like you're demanding that your ISP authenticate themselves to you (they probably won't do that ;-). Check that the options you are passing to pppd for calling your ISP includes "noauth". Perhaps somebody else can suggest why installation of pptpd should provoke this behaviour (one could speculate that it's changing the default ppp options from noauth to auth). HTH, Neale. -------------- next part -------------- An HTML attachment was scrubbed... URL: From P.J.Reid at earthling.net Mon Jun 5 07:30:26 2000 From: P.J.Reid at earthling.net (Patrick Reid) Date: Mon, 5 Jun 2000 09:30:26 -0300 Subject: [pptp-server] PPTPD 1.0 vs. 1.1.1 Message-ID: OK, I have noticed on this list the occasional post in which someone mentions a problem they are having who is then told that all is better with version 1.1.1. But this is the development version, I understand. So I have the following questions: 1) which version is more stable? 2) are there really any 1.0 problems which 1.1.1 fixes? 3) are there any problems which occur with 1.1.1 which don't with 1.0? 4) is 1.1.1 more resource hungry than 1.0 (I don't see how it could be less)? 5) any other caveats? TIA for any info. I would be glad to compile all the answers I get into a list for inclusion on the PoPToP web site or somewhere, if that is considered useful. Patrick Reid - mailto:P.J.Reid at earthling.net Communication Centre: "It is by Caffeine alone that I set my mind in motion- It is by the beans of Java, that my thoughts acquire speed- The hands acquire shakes; the shakes become a warning- It is by Caffeine alone that I set my mind in motion..." - Mentat Chant (c. 20th century) -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2420 bytes Desc: not available URL: From david_luyer at pacific.net.au Mon Jun 5 09:40:16 2000 From: david_luyer at pacific.net.au (David Luyer) Date: Tue, 06 Jun 2000 00:40:16 +1000 Subject: [pptp-server] PPTPD 1.0 vs. 1.1.1 In-Reply-To: Message from "Patrick Reid" of "Mon, 05 Jun 2000 09:30:26 -0300." References: Message-ID: <200006051440.AAA20547@typhaon.pacific.net.au> > OK, I have noticed on this list the occasional post in which someone > mentions a problem they are having who is then told that all is better with > version 1.1.1. But this is the development version, I understand. So I have > the following questions: > > 1) which version is more stable? IMO 1.0 - or at least it's more widely tested. > 2) are there really any 1.0 problems which 1.1.1 fixes? Not that I know of. > 3) are there any problems which occur with 1.1.1 which don't with 1.0? Also none that I know of. > 4) is 1.1.1 more resource hungry than 1.0 (I don't see how it could be > less)? Unsure on that one. It could easily be, as parts where I had tried to consider CPU cache efficiency have been ripped apart and extra code has been added into parts which I expect would be performance critical, but I haven't done any profiling to back this up. 1.0 does all I want it to so I've had no need to test 1.1.1 or consider submitting any code for a post-1.0 release (be it based on 1.1.1 or 1.0). I don't know what the other developers are up to either, probably happily using 1.0 too :-) > 5) any other caveats? If you use 1.0 and find a real bug I will probably try to find/fix it. Under 1.1.1 I'm less likely to but the person who did the code for 1.1.1 might. I did a lot of work leading up to 1.0 making sure it was fully tested and reliable. I am aware of only two problems - given a network which does not generate its own problems such as out of order packets; one is that sometimes some pppds are left around (not really a pptp bug) and the other is that with Win2000 it reports that real ACCMs have been sent but it does nothing with the ACCMs. 1.1.1 doesn't address either of there issues though - it was a first cut toward supporting something which I am convinced is not worth supporting (the broken and fundamentally flawed congestion control protocol from Microsoft). David. -- ---------------------------------------------- David Luyer Senior Network Engineer Pacific Internet (Aust) Pty Ltd Phone: +61 3 9674 7525 Fax: +61 3 9699 8693 Mobile: +61 4 1064 2258, +61 4 1114 2258 http://www.pacific.net.au NASDAQ: PCNTF << fast 'n easy >> ---------------------------------------------- From gord at amador.ca Mon Jun 5 11:11:23 2000 From: gord at amador.ca (Gord Belsey) Date: Mon, 5 Jun 2000 10:11:23 -0600 Subject: [pptp-server] PPP dial outs to ISP fail References: Message-ID: <012a01bfcf08$b2787530$280111ac@amadorinc.com> RE: [pptp-server] PPP dial outs to ISP failIt sounds like you may need to set up separate options files for ppp and pptpd. Their is a flag for pptpd that lets you specify an option file, rather than use the default "options" file. I came accross this when implementin PPP over Ethernet (PPPoE) for a DSL connection on the PPTP box. In that case, I had to use an empty "options" file, and set up unique options files for each of PPPoE and PPTPD. I'm guessing in your case you could use options for ppp and, say options.pptp for the pptpd. PPTPD will pass the desired options to ppp for the pptp/ppp session. Hope this helps Gord Belsey ----- Original Message ----- From: graham at triad.net.au To: neale at lowendale.com.au ; graham at triad.net.au Cc: pptp-server at lists.schulte.org Sent: Monday, June 05, 2000 4:28 AM Subject: RE: [pptp-server] PPP dial outs to ISP fail The system doesn't even dial any more..... I would expect the "auth" would be attempted after the modems had connected, but I could be wrong. How can I ask the PPTP to "auth" and the ISP's ppp not to "auth"? Graham -----Original Message----- From: Neale Banks [mailto:neale at lowendale.com.au] Sent: Monday, 5 June 2000 7:06 PM To: graham at triad.net.au Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPP dial outs to ISP fail On Mon, 5 Jun 2000 graham at triad.net.au wrote: > I have installed PoPToP onto a RedHat 6.1 system and got the VPN working > fine across our ethernet LAN. I then tried dialling out on the same PC to an > ISP and I got the result below. > > I then wiped the Linux 6.1 and started from scratch, got the dialling to the > ISP on ppp0 going first. All works well until I apply the pptp rpm > (pptpd-1.0.0-1.i386.rpm). The same happens (ISP dial out on ppp0 fails). > > I notice that the 4th line in messages says ppp ver 2.3.7, yet 2.3.10 is the > version on my RH 6.1 install CD. > > Any ideas?? > > > Jun 5 17:58:55 mail ifup-ppp: pppd started for ppp0 on /dev/modem at 115200 > Jun 5 17:58:56 mail modprobe: can't locate module char-major-108 > Jun 5 17:58:56 mail kernel: CSLIP: code copyright 1989 Regents of the > University of California > Jun 5 17:58:56 mail kernel: PPP: version 2.3.7 (demand dialling) > Jun 5 17:58:56 mail kernel: PPP line discipline registered. > Jun 5 17:58:56 mail kernel: registered device ppp0 > Jun 5 17:58:56 mail pppd[547]: The remote system (ppp0) is required to > authenticate itself but I > Jun 5 17:58:56 mail pppd[547]: couldn't find any suitable secret (password) > for it to use to do so. [snip] Looks like you're demanding that your ISP authenticate themselves to you (they probably won't do that ;-). Check that the options you are passing to pppd for calling your ISP includes "noauth". Perhaps somebody else can suggest why installation of pptpd should provoke this behaviour (one could speculate that it's changing the default ppp options from noauth to auth). HTH, Neale. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pss at gmx.at Mon Jun 5 11:27:52 2000 From: pss at gmx.at (Patrick Stuckenberger) Date: Mon, 05 Jun 2000 18:27:52 +0200 Subject: [pptp-server] Data compression? Message-ID: <393BD508.145EF365@gmx.at> Maybe a newbie question.. Is data compression with pptp 1.0 possible? best reagrds: Patrick From kmail at dolphinsearch.com Mon Jun 5 14:43:55 2000 From: kmail at dolphinsearch.com (kmail at dolphinsearch.com) Date: Mon, 05 Jun 2000 19:43:55 GMT Subject: [pptp-server] kernel 2.2.15 Message-ID: <20000605.19435500@crawler.dolphinsearch.com> Has anyone got the pptpd server working with kernel version 2.2.15? Kmail at dolphinsearch.com From amacc at iron-bridge.net Mon Jun 5 13:52:06 2000 From: amacc at iron-bridge.net (Andrew McRory) Date: Mon, 5 Jun 2000 14:52:06 -0400 (EDT) Subject: [pptp-server] kernel 2.2.15 In-Reply-To: <20000605.19435500@crawler.dolphinsearch.com> Message-ID: On Mon, 5 Jun 2000 kmail at dolphinsearch.com wrote: > Has anyone got the pptpd server working with kernel version 2.2.15? No problems here... Andrew McRory - President/CTO amacc at iron-bridge.net ****************** Iron Bridge Communications, Inc. www.iron-bridge.net 850-575-0779 *** The PC Doctor, Inc. www.pcdr.com 850-575-2713 *** Caldera OpenLinux Contrib RPMS ftp.iron-bridge.net/pub/Caldera *** ************************************************************************** From klussier at mclinux.com Mon Jun 5 14:02:09 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Mon, 05 Jun 2000 15:02:09 -0400 Subject: [pptp-server] kernel 2.2.15 References: <20000605.19435500@crawler.dolphinsearch.com> Message-ID: <393BF931.DE4EABFA@mclinux.com> I do..... There weren't any differences from the other 2.2.x kernels. Kenny kmail at dolphinsearch.com wrote: > > Has anyone got the pptpd server working with kernel version 2.2.15? > > Kmail at dolphinsearch.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! -- Kenny Lussier Systems Administrator Mission Critical Linux ****************************** If at first you don't succeed, destroy all evidence that you tried ****************************** From kmail at dolphinsearch.com Mon Jun 5 18:47:38 2000 From: kmail at dolphinsearch.com (kmail at dolphinsearch.com) Date: Mon, 05 Jun 2000 23:47:38 GMT Subject: [pptp-server] pppd problem Message-ID: <20000605.23473800@crawler.dolphinsearch.com> I am getting this error message in my syslog, when a user tries to login. I have the chap-secrets file setup with the right user name and password. Any help? pppd[1598]: The remote system is required to authenticate itself but I pppd[1598]: couldn't find any suitable secret (password) for it to use to do so. Kmail at dolphinsearch.com From natecars at real-time.com Mon Jun 5 18:05:03 2000 From: natecars at real-time.com (Nate Carlson) Date: Mon, 5 Jun 2000 18:05:03 -0500 (CDT) Subject: [pptp-server] pppd problem In-Reply-To: <20000605.23473800@crawler.dolphinsearch.com> Message-ID: On Mon, 5 Jun 2000 kmail at dolphinsearch.com wrote: > I am getting this error message in my syslog, when a user tries to > login. I have the chap-secrets file setup with the right user name > and password. Any help? > > > pppd[1598]: The remote system is required to authenticate itself but I > pppd[1598]: couldn't find any suitable secret (password) for it to use > to do so. > > > Kmail at dolphinsearch.com Are you using a linux client? The remote machine may be configured to require the server to authenticate itself, back.. if you are using Linux and pptp-client on the client end, add 'noauth' to the ppp options file on the client machine. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From natecars at real-time.com Mon Jun 5 18:37:10 2000 From: natecars at real-time.com (Nate Carlson) Date: Mon, 5 Jun 2000 18:37:10 -0500 (CDT) Subject: [pptp-server] pppd problem In-Reply-To: <20000606.245700@crawler.dolphinsearch.com> Message-ID: On Tue, 6 Jun 2000 kmail at dolphinsearch.com wrote: > No I am using a windows client. > > Could this still cause the same problem? > > Kmail at dolphinsearch.com Hmm, not that I'm aware of. Can you post your PPP options file to the list? -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From neale at lowendale.com.au Mon Jun 5 18:56:22 2000 From: neale at lowendale.com.au (Neale Banks) Date: Tue, 6 Jun 2000 09:56:22 +1000 (EST) Subject: [pptp-server] pppd problem In-Reply-To: Message-ID: On Mon, 5 Jun 2000, Nate Carlson wrote: > On Tue, 6 Jun 2000 kmail at dolphinsearch.com wrote: > > No I am using a windows client. > > > > Could this still cause the same problem? > > > > Kmail at dolphinsearch.com > > Hmm, not that I'm aware of. Can you post your PPP options file to the > list? Wouldn't be the good old MS "DOMAIN\\username" trick? Runing pppd with the "debug" option should flush that out if it is. HTH, Neale. From ddobre at deuroconsult.ro Tue Jun 6 01:54:38 2000 From: ddobre at deuroconsult.ro (Dragos DOBRE) Date: Tue, 06 Jun 2000 09:54:38 +0300 Subject: [pptp-server] kernel 2.2.15 References: Message-ID: <393CA02E.D6D3EBA5@deuroconsult.ro> Andrew McRory wrote: > > On Mon, 5 Jun 2000 kmail at dolphinsearch.com wrote: > > > Has anyone got the pptpd server working with kernel version 2.2.15? > > No problems here... I use 2.2.15 + pppd-2.3.11 + pptp 1.1.1 and it works quite fine. > Andrew McRory - President/CTO amacc at iron-bridge.net ****************** -- Dragos Adrian DOBRE Network Systems Specialist Deuroconsult Brasov, Romania From hijinx at datafx.com.au Tue Jun 6 06:11:23 2000 From: hijinx at datafx.com.au (HiJinX) Date: Tue, 06 Jun 2000 21:11:23 +1000 Subject: [pptp-server] pptpd through a cisco..? Message-ID: <393CDC5B.1516EFC2@datafx.com.au> Hi, I was wondering if it is possible to have a pptpd server (On a Debian box), running on a 192.168 address behind a cisco801? The client I'm testing with is a win2k - And it seems to be failing on gre (input/output error) Does anyone have a similiar solution working? When the Debian box is on a live IP - The pptp connection can be made no problems. Thanks for any help, Michael From ranvir at mahindrabt.com Tue Jun 6 06:42:21 2000 From: ranvir at mahindrabt.com (Ranvir Jatana) Date: Tue, 06 Jun 2000 17:12:21 +0530 Subject: [pptp-server] unsuscribing Message-ID: <393CE39D.2175565C@mahindrabt.com> Could anyone please help me in unsubscribing from this mailing list...I am not able to do so from the website. From Steve.Cowles at gte.net Tue Jun 6 08:20:54 2000 From: Steve.Cowles at gte.net (Cowles, Steve) Date: Tue, 6 Jun 2000 08:20:54 -0500 Subject: [pptp-server] pptpd through a cisco..? Message-ID: <31361954B2ADD2118B0900A0C90AFC3E05DB70@defiant.dsl.gtei.net> I do not know what the Cisco IOS command is to forward "Protocol 47", but thats what you will need to do (in addition to forwarding port 1723). On my linux based firewall, I forward protocol 47 to an internal pptp server using "ipfwd". I would think Cisco has a simaler command to forward a "protocol", in addition to ports. Steve Cowles > -----Original Message----- > From: HiJinX [mailto:hijinx at datafx.com.au] > Sent: Tuesday, June 06, 2000 6:11 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptpd through a cisco..? > > > Hi, I was wondering if it is possible to have a pptpd server (On a > Debian box), running on a 192.168 address behind a cisco801? > The client I'm testing with is a win2k - And it seems to be failing on > gre (input/output error) > Does anyone have a similiar solution working? > > When the Debian box is on a live IP - The pptp connection can > be made no > problems. > > Thanks for any help, > Michael > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jkosek at univers-edc.com Tue Jun 6 13:01:26 2000 From: jkosek at univers-edc.com (Jerry Kosek) Date: Tue, 6 Jun 2000 13:01:26 -0500 Subject: [pptp-server] GRE failures Message-ID: <000701bfcfe1$3bb03c60$9701a8c0@edcnt2.univers.com> I get the same error messages trying to connect from WIN9X clients. My setup is almost identical to yours as far as all of the configuration files are concerned. I have poptop installed on a Red Hat 6.1 server. All, I set up poptop on a server, but I can't connect to it using the Linux pptp client ( I haven't had a chance to try a WinXX client yet). There is no firewall between machines, and no ipchains rules on the poptop server. TIA, Kenny Here is all of the info I can think of: The Errors: /var/log/pptp.log: Jun 1 16:11:04 vpn pptpd[647]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Jun 1 16:11:04 vpn pptpd[647]: CTRL: local address = 192.168.1.63 Jun 1 16:11:04 vpn pptpd[647]: CTRL: remote address = 192.168.1.2 Jun 1 16:11:04 vpn pptpd[647]: CTRL: pppd speed = 115200 Jun 1 16:11:04 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection started Jun 1 16:11:04 vpn pptpd[647]: CTRL: Received PPTP Control Message (type: 1) Jun 1 16:11:04 vpn pptpd[647]: CTRL: Made a START CTRL CONN RPLY packet Jun 1 16:11:04 vpn pptpd[647]: CTRL: I wrote 156 bytes to the client. Jun 1 16:11:04 vpn pptpd[647]: CTRL: Sent packet to client Jun 1 16:11:05 vpn pptpd[647]: CTRL: Received PPTP Control Message (type: 7) Jun 1 16:11:05 vpn pptpd[647]: CTRL: Set parameters to 152 maxbps, 3 window size Jun 1 16:11:05 vpn pptpd[647]: CTRL: Made a OUT CALL RPLY packet Jun 1 16:11:05 vpn pptpd[647]: CTRL: Starting call (launching pppd, opening GRE) Jun 1 16:11:05 vpn pptpd[647]: CTRL: pty_fd = 4 Jun 1 16:11:05 vpn pptpd[647]: CTRL: tty_fd = 5 Jun 1 16:11:05 vpn pptpd[647]: CTRL: I wrote 32 bytes to the client. Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 1 16:11:05 vpn pptpd[647]: CTRL: Sent packet to client Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): local address = 192.168.1.63 Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): remote address = 192.168.1.2 Jun 1 16:11:05 vpn pptpd[647]: GRE: read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = Input/output error Jun 1 16:11:05 vpn pptpd[647]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jun 1 16:11:05 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection finished Jun 1 16:11:05 vpn pptpd[647]: CTRL: Exiting now Jun 1 16:11:05 vpn pptpd[494]: MGR: Reaped child 647 /var/log/messages: Jun 1 16:11:04 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection started Jun 1 16:11:05 vpn pptpd[647]: CTRL: Starting call (launching pppd, opening GRE) Jun 1 16:11:05 vpn pptpd[647]: GRE: read(fd=4,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = Input/output error Jun 1 16:11:05 vpn pptpd[647]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jun 1 16:11:05 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection finished Jun 1 16:11:07 vpn kernel: ip_demasq_gre(): 192.168.1.195 -> 192.168.1.67 CID=0 no masq table, discarding Jun 1 16:11:32 vpn last message repeated 9 times Configs: Server Side: /etc/ppp/options: lock debug auth proxyarp +chap +chapms +chapms-v2 no-mppe-40 mppe-128 mppe-stateless /etc/pptp.conf speed 115200 debug localip 192.168.1.63 remote 192.168.1.66-69 listen 192.168.1.67 Client Side: /etc/ppp/options: lock debug noauth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless -- Kenny Lussier Systems Administrator Mission Critical Linux ****************************** If at first you don't succeed, destroy all evidence that you tried ****************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: From Steve.Cowles at gte.net Tue Jun 6 13:11:00 2000 From: Steve.Cowles at gte.net (Cowles, Steve) Date: Tue, 6 Jun 2000 13:11:00 -0500 Subject: [pptp-server] pptpd through a cisco..? Message-ID: <31361954B2ADD2118B0900A0C90AFC3E05DB71@defiant.dsl.gtei.net> Terrelle, I use a ipchains based firewall (Seawall) developed by Tom Eastep. Who BTW... also contributes to this list. Tom has gone into great detail in providing the necessary "hooks" for dealing with a PPTP server running on the firewall itself or behind the firewall. By simply editing a (well documented) configuration file, the firewall script (Seawall) will issue the necessary ipchain (ACCEPT), ipmasqadm (port forward) and ipfwd (protocol) commands to deal with your particular network infrastructure. Its worth a look... I know I had a "load of problems" inititally until I used what Tom has developed as my firewall. Save yourself the headaches and take a look at http://seawall.sourceforge.net The reason I mentioned the above is there are only an infinite number of ways to configure a firewall using ipchains. e.g. Your "default" input, output and forward policies and weather or not your are using user-defined chains. Any commands that I post may or may not be needed based on how your firewall is currently configured. Plus, if I remember right... I also had to patch the kernel to handle a PPTP server running behind the firewall. FWIW: The Seawall documentation (http://seawall.sourceforge.net/PPTP.html) mentions the pre-requisites and the WEB sites on how to obtain the required PPTP patches along with "ipmasqadm" and "ipfwd" Steve Cowles > -----Original Message----- > From: Terrelle Shaw [mailto:hshaw at healthcentralrx.com] > Sent: Tuesday, June 06, 2000 10:30 AM > To: Cowles, Steve > Subject: RE: [pptp-server] pptpd through a cisco..? > > > can you send my your ipfwd rules for this? I have a linux > based firewall running ipchains and having a load of > problems trying to forward port 1723 and protocal 47.. > > Thanks.. > > Terrelle Shaw > System Administrator > hshaw at healthcentralrx.com > >> -----Original Message----- >> From: pptp-server-admin at lists.schulte.org >> [mailto:pptp-server-admin at lists.schulte.org] >> On Behalf Of Cowles, Steve >> Sent: Tuesday, June 06, 2000 6:21 AM >> To: pptp-server at lists.schulte.org >> Subject: RE: [pptp-server] pptpd through a cisco..? >> >> >> >> I do not know what the Cisco IOS command is to forward >> "Protocol 47", but thats what you will need to do (in >> addition to forwarding port 1723). On my linux based >> firewall, I forward protocol 47 to an internal pptp server >> using "ipfwd". I would think Cisco has a simaler command >> to forward a "protocol", in addition to ports. >> >> Steve Cowles From vanja at relaygroup.com Tue Jun 6 13:56:56 2000 From: vanja at relaygroup.com (Vanja Hrustic) Date: Wed, 07 Jun 2000 01:56:56 +0700 Subject: [pptp-server] Winblows 2000 and PoPToP Message-ID: <393D4978.65E4C709@relaygroup.com> Dear All, I am losing my mind, so I have to ask for help... I've finally setup PoPToP and wanted to test it. pptpd is running on Linux box, 2.2.14 kernel, w/ ppp-2.3.11 and mppe patch (taken from ftp.binarix.com, if I remember the URL correctly). ppp_mppe module is built ok, and seems to be working just fine. One Windows 2000 machine on local net was used for test. I've created a VPN connection, pointed to the IP address (external interface on the firewall) of the machine where pptpd is running, and it looks just fine (I can see MPPE 40-bit, MSCHAP V2 and other details in connection properties on Windows). Now, it is all nice, but it was done 'internally'. I've decided to disconnect the Windows box from the net, plug in the modem, and dial to ISP. I've setup ipchains rule that accepts *any* traffic coming from the Win2000 box (and also permits any outgoing traffic to that box too). However, when I try to initiate a VPN connection, I get: "Error 651: The modem (or other connecting device) has reported an error." I mean, those guys at Micro$oft are really experts when it comes to providing useful information to users. No, really... Clicking on help bring up the window with whole story of how maybe I should just reboot the machine, or buy another modem - OR, maybe I've input the wrong IP address for remote VPN site - which I, of course, did not. I can see these entries in /var/log/messages (IP addresses have been changed - 203.1.1.1 is Win2000 box connected to ISP, 202.1.1.1 is firewall running pptpd): Jun 7 01:33:48 x kernel: Packet log: input ACCEPT eth1 PROTO=6 203.1.1.1:1050 202.1.1.1:1723 L=48 S=0x00 I=757 F=0x4000 T=121 SYN (#1) Jun 7 01:33:48 x kernel: Packet log: output ACCEPT eth1 PROTO=6 202.1.1.1:1723 203.1.1.1:1050 L=48 S=0x00 I=12019 F=0x4000 T=64 (#1) Jun 7 01:33:48 x kernel: Packet log: input ACCEPT eth1 PROTO=6 203.1.1.1:1050 202.1.1.1:1723 L=40 S=0x00 I=758 F=0x4000 T=121 (#1) Jun 7 01:33:48 x kernel: Packet log: output ACCEPT eth1 PROTO=6 202.1.1.1:1723 203.1.1.1:1050 L=40 S=0x00 I=12021 F=0x0000 T=64 (#1) Jun 7 01:33:48 x kernel: Packet log: input ACCEPT eth1 PROTO=6 203.1.1.1:1050 202.1.1.1:1723 L=196 S=0x00 I=759 F=0x4000 T=121 (#1) Jun 7 01:33:48 x kernel: Packet log: output ACCEPT eth1 PROTO=6 202.1.1.1:1723 203.1.1.1:1050 L=40 S=0x00 I=12022 F=0x0000 T=255 (#1) Jun 7 01:33:48 x kernel: Packet log: input ACCEPT eth1 PROTO=6 203.1.1.1:1050 202.1.1.1:1723 L=40 S=0x00 I=760 F=0x4000 T=121 (#1) Jun 7 01:33:48 x kernel: Packet log: output ACCEPT eth1 PROTO=6 202.1.1.1:1723 203.1.1.1:1050 L=40 S=0x00 I=12023 F=0x0000 T=255 (#1) This obviously means that remote Win2000 box did initiate some kind of connection, but why does it fail? Did anybody have similar experience? Tcpdump logs can be made available too, if someone needs them. -- /etc/ppp/options --------------- debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp require-chap name crash ----------------------------------- -- /etc/pptpd.conf ---------------- speed 115200 option /etc/ppp/options debug localip 192.168.1.250 remoteip 192.168.1.230-249 listen 202.1.1.1 ----------------------------------- PoPToP is version 1.0.0 Nothing gets written in /var/log/pptpd.log or /var/log/messages (except ipchains ACCEPT messages which I wanted to log). Also, while I was rebooting that Win2000 machine few times, once I've managed to get a message saying something like "You need to get a new certificate, please visit your CA, bla, bla, bla..." after I've initiated a connection to the PoPToP server. Unfortunatelly, it has happened only once, all the other errors are only "ERROR 651". Is there any logfile on Win2000 box where I could find more information about failure of VPN connections? I've looked for all *.log files on that box, but nothing contains any logs related to this (or I couldn't see them). Any help is more than appreciated. Regards, Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time From klussier at mclinux.com Tue Jun 6 14:50:28 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Tue, 06 Jun 2000 15:50:28 -0400 Subject: [pptp-server] GRE failures References: <000701bfcfe1$3bb03c60$9701a8c0@edcnt2.univers.com> Message-ID: <393D5604.AEB0D5D5@mclinux.com> I never did find what the problem was, so I eliminated it all together. I got virgin source for 2.2.15, the downgraded to ppp-2.3.8, applied the patch, and voila, it worked like a charm! I remember seeing something on the list about there being a problem with the mppe patch for 2.3.10, but I can't find that post again... Oh well, such is life. It works now, and functionality is all I need. Kenny -- Kenny Lussier Systems Administrator Mission Critical Linux ****************************** If at first you don't succeed, destroy all evidence that you tried ****************************** > Jerry Kosek wrote: > > I get the same error messages trying to connect from WIN9X clients. My setup is almost identical to yours as far as all of the > > configuration files are concerned. I have poptop installed on a Red Hat 6.1 server. > > > > > > All, > I set up poptop on a server, but I can't connect to it using the Linux pptp > client ( I haven't had a chance to try a WinXX client yet). There is no > firewall between machines, and no ipchains rules on the poptop server. > TIA, > Kenny > > Here is all of the info I can think of: > The Errors: > /var/log/pptp.log: > Jun 1 16:11:04 vpn pptpd[647]: MGR: Launching /usr/local/sbin/pptpctrl to > handle client > Jun 1 16:11:04 vpn pptpd[647]: CTRL: local address = 192.168.1.63 > Jun 1 16:11:04 vpn pptpd[647]: CTRL: remote address = 192.168.1.2 > Jun 1 16:11:04 vpn pptpd[647]: CTRL: pppd speed = 115200 > Jun 1 16:11:04 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection > started > Jun 1 16:11:04 vpn pptpd[647]: CTRL: Received PPTP Control Message (type: 1) > Jun 1 16:11:04 vpn pptpd[647]: CTRL: Made a START CTRL CONN RPLY packet > Jun 1 16:11:04 vpn pptpd[647]: CTRL: I wrote 156 bytes to the client. > Jun 1 16:11:04 vpn pptpd[647]: CTRL: Sent packet to client > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Received PPTP Control Message (type: 7) > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Set parameters to 152 maxbps, 3 window > size > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Made a OUT CALL RPLY packet > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Starting call (launching pppd, opening > GRE) > Jun 1 16:11:05 vpn pptpd[647]: CTRL: pty_fd = 4 > Jun 1 16:11:05 vpn pptpd[647]: CTRL: tty_fd = 5 > Jun 1 16:11:05 vpn pptpd[647]: CTRL: I wrote 32 bytes to the client. > Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): Connection speed = > 115200 > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Sent packet to client > Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): local address = > 192.168.1.63 > Jun 1 16:11:05 vpn pptpd[648]: CTRL (PPPD Launcher): remote address = > 192.168.1.2 > Jun 1 16:11:05 vpn pptpd[647]: GRE: read(fd=4,buffer=804d7c0,len=8196) from > PTY failed: status = -1 error = Input/output error > Jun 1 16:11:05 vpn pptpd[647]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection > finished > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Exiting now > Jun 1 16:11:05 vpn pptpd[494]: MGR: Reaped child 647 > > /var/log/messages: > Jun 1 16:11:04 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection > started > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Starting call (launching pppd, opening > GRE) > Jun 1 16:11:05 vpn pptpd[647]: GRE: read(fd=4,buffer=804d7c0,len=8196) from > PTY failed: status = -1 error = Input/output error > Jun 1 16:11:05 vpn pptpd[647]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jun 1 16:11:05 vpn pptpd[647]: CTRL: Client 192.168.1.195 control connection > finished > Jun 1 16:11:07 vpn kernel: ip_demasq_gre(): 192.168.1.195 -> 192.168.1.67 > CID=0 no masq table, discarding > Jun 1 16:11:32 vpn last message repeated 9 times > > Configs: > Server Side: > > /etc/ppp/options: > lock > debug > auth > proxyarp > +chap > +chapms > +chapms-v2 > no-mppe-40 > mppe-128 > mppe-stateless > > /etc/pptp.conf > speed 115200 > debug > localip 192.168.1.63 > remote 192.168.1.66-69 > listen 192.168.1.67 > > Client Side: > /etc/ppp/options: > lock > debug > noauth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > -- > Kenny Lussier > Systems Administrator > Mission Critical Linux > ****************************** > If at first you don't succeed, > destroy all evidence that you > tried > ******************************  From dereks at kd-dev.com Tue Jun 6 21:00:40 2000 From: dereks at kd-dev.com (Derek Simkowiak) Date: Tue, 6 Jun 2000 19:00:40 -0700 (PDT) Subject: [pptp-server] Linux and Win9x (and: Non-TCP protocol sharing?) Message-ID: Hello, I'm building a network. Woohoo! I'm setting up VPN services where there will be a Linux VPN server (also doing firewall/masquerading with ipchains) and MS-Windows9x VPN clients (laptops connecting from the outside world through various ISPs). The only free solution I have found is the Linux PPTP server, as all the other free Linux VPN solutions I've found are OpenSSH-based, and (as far as I can tell) the MS-Windows SSH client cannot be configured for VPN. Besides that, OpenSSH doesn't run on Windows. (There are some non-SSH solutions for Linux, but they don't have MS-Windows clients) Is there anything else besides PPTP that I should look into? Anyhow, it looks like PopTop will work fine. However, I did have a question. The file "win98.doc.gz" (titled, "Setting up VPN Access") and the PopTop-RedHat-HOWTO both say that the Win9x clients must be configured to turn *off* (that is, uncheck) the NetBEUI and IPX/SPX Compatible protocols. One thing the Win9x laptops need to do is get access to "Shares", that is, filesystems shared with the SMB "Network Neighborhood" protocol. Those shares will reside on other Win9x boxes as well as Linux using Samba. It is my understanding that SMB and NetBEUI are the same thing, and that if I want the remote laptops to be able to see those shares, I need to have NetBUIE turned on. Is that true? Are NetBEUI and SMB different? (I was under the impression that SMB, NetBEUI, and NetBIOS were all synonomous. If somebody could clear that up for me, I would be very grateful...) In short, will the remote Win9x laptops be able to see the Shares if NetBEUI and IPX are turned off? And why do those protocols need to be turned off, anyhow? (Not relevant but for the curious: There will also be remote Linux servers --colocated somewhere else-- connecting to the PopTop server so that the dolts running the website can drag'n'drop their FrontPage .HTM files into the proper directories via Samba. Also, there could be some remote Macintosh clients using TunnelBuilder and/or IPNetRouter to connect to the PopTop server. Fun!) Any help is greatly appreciated. Thanks, Derek Simkowiak dereks at kd-dev.com From nick at dfa.com.au Tue Jun 6 23:50:34 2000 From: nick at dfa.com.au (Nick Farrell) Date: Wed, 07 Jun 2000 14:50:34 +1000 Subject: [pptp-server] pptp modifying the firewall Message-ID: <393DD49A.8EAC9917@dfa.com.au> Good afternoon.. I've picked up a number of hints from this list recently - thanks for the fixes, Landy! - but have hit problems with ipchains. PPTP is working, in that the NT client connects to my 2.2.15/2.3.11 box, negotiates MPPE, but then spews out: Jun 7 14:38:11 scully pppd[3845]: MPPE 40 bit, stateless compression enabled Jun 7 14:38:11 scully kernel: Packet log: input DENY ppp0 PROTO=1 192.168.200.242:8 192.168.200.3:0 L=60 S=0x00 I=31874 F=0x0000 T=32 (#8) Jun 7 14:38:12 scully modprobe: modprobe: Can't locate module eth1_0 Jun 7 14:38:12 scully modprobe: modprobe: Can't locate module eth1_0 Jun 7 14:38:13 scully kernel: Packet log: input DENY ppp0 PROTO=1 192.168.200.242:8 192.168.200.3:0 L=60 S=0x00 I=32386 F=0x0000 T=32 (#8) Jun 7 14:38:14 scully kernel: Packet log: input DENY ppp0 PROTO=1 192.168.200.242:8 192.168.200.3:0 L=60 S=0x00 I=33154 F=0x0000 T=32 (#10) .. and so on. If I re-run my ipchains configuration script, these messages go away - evidently, pptp/ppp is modifying my firewall rules, and doing it incorrectly. Yes, I am running with two ethernet cards, and eth1 is the one it's connecting via, and yes there is an alias eth1:0, but this is not the one in my routing table: Target Router Genmask Flags Metric Ref Use Iface 192.168.200.242 * 255.255.255.255 UH 0 0 0 ppp0 localnet * 255.255.255.0 U 0 0 0 eth1 validipaddr * 255.255.240.0 U 0 0 0 eth0 default scully 0.0.0.0 UG 0 0 0 eth0 Any ideas? I hope I haven't missed something extremely obvious. If I find the solution and it doesn't seem documented, I'll follow up with it... Nick Farrell. From ddobre at deuroconsult.ro Wed Jun 7 02:00:19 2000 From: ddobre at deuroconsult.ro (Dragos DOBRE) Date: Wed, 07 Jun 2000 10:00:19 +0300 Subject: [pptp-server] pptpd through a cisco..? References: <31361954B2ADD2118B0900A0C90AFC3E05DB70@defiant.dsl.gtei.net> Message-ID: <393DF303.2605EA66@deuroconsult.ro> "Cowles, Steve" wrote: > > I do not know what the Cisco IOS command is to forward "Protocol 47", but > thats what you will need to do (in addition to forwarding port 1723). On my > linux based firewall, I forward protocol 47 to an internal pptp server using > "ipfwd". I would think Cisco has a simaler command to forward a "protocol", > in addition to ports. assuming that the pptp sever address is 192.168.x.y, and eth0 on thre router is in the same LAN an the pptp server, and serial0 is connected to the ISP you should apply 2 access-lists on the cisco router.(protocol 47 is gre and where it says gre you may substitute with 47) ip access-list extended 101 permit gre any host 192.168.x.y permit tcp any host 192.168.x.y eq 1723 deny ip any any ip access-list extended 102 permit gre host 192.168.x.y any permit tcp host 192.168.x.y any eq 1723 interface ethernet 0 ip address 192.168.a.b 255.255.255.0 ip access-group 101 out interface Serial 0 ............ ip access group 102 out > Steve Cowles > > > -----Original Message----- > > From: HiJinX [mailto:hijinx at datafx.com.au] > > Sent: Tuesday, June 06, 2000 6:11 AM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] pptpd through a cisco..? > > > > > > Hi, I was wondering if it is possible to have a pptpd server (On a > > Debian box), running on a 192.168 address behind a cisco801? > > The client I'm testing with is a win2k - And it seems to be failing on > > gre (input/output error) > > Does anyone have a similiar solution working? > > > > When the Debian box is on a live IP - The pptp connection can > > be made no > > problems. > > > > Thanks for any help, > > Michael > > -- Dragos Adrian DOBRE Network Systems Specialist Deuroconsult Brasov, Romania From pascal.fremaux at sxb.bsf.alcatel.fr Wed Jun 7 03:00:57 2000 From: pascal.fremaux at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Wed, 07 Jun 2000 10:00:57 +0200 Subject: [pptp-server] Re: Encrypted sessions using NTS Tunnel Builder References: <200006021712.e52HCHh15341@snaildust.schulte.org> Message-ID: <393E0139.6942B5E9@sxb.bsf.alcatel.fr> Please could you send your patch as an attached file 'cause the patches sent inside mail are broken (a patch is a sensible person which doesn't support a blank add). -- Pascal Fremaux, SSII Alten Study Engineer at Alcatel Telecom R&D, Illkirch, France From mistral at stevenson.zetnet.co.uk Wed Jun 7 05:54:15 2000 From: mistral at stevenson.zetnet.co.uk (James Stevenson) Date: Wed, 7 Jun 2000 10:54:15 GMT Subject: [pptp-server] pptp modifying the firewall In-Reply-To: <393DD49A.8EAC9917@dfa.com.au> Message-ID: <200006071054.KAA11313@linux.home> Hi it is reject ICMP Ping packet for some reson run something like this before and after the connect ipchains -L > before ipchains -L > after diff before after you will see anychanges show up cya James In local.pptp-list, you wrote: >Good afternoon.. > >I've picked up a number of hints from this list recently - thanks for >the fixes, Landy! - but have hit problems with ipchains. > >PPTP is working, in that the NT client connects to my 2.2.15/2.3.11 box, >negotiates MPPE, but then spews out: > >Jun 7 14:38:11 scully pppd[3845]: MPPE 40 bit, stateless compression >enabled >Jun 7 14:38:11 scully kernel: Packet log: input DENY ppp0 PROTO=1 >192.168.200.242:8 192.168.200.3:0 L=60 S=0x00 I=31874 F=0x0000 T=32 (#8) >Jun 7 14:38:12 scully modprobe: modprobe: Can't locate module eth1_0 >Jun 7 14:38:12 scully modprobe: modprobe: Can't locate module eth1_0 >Jun 7 14:38:13 scully kernel: Packet log: input DENY ppp0 PROTO=1 >192.168.200.242:8 192.168.200.3:0 L=60 S=0x00 I=32386 F=0x0000 T=32 (#8) >Jun 7 14:38:14 scully kernel: Packet log: input DENY ppp0 PROTO=1 >192.168.200.242:8 192.168.200.3:0 L=60 S=0x00 I=33154 F=0x0000 T=32 >(#10) > >.. and so on. If I re-run my ipchains configuration script, these >messages go away - evidently, pptp/ppp is modifying my firewall rules, >and doing it incorrectly. Yes, I am running with two ethernet cards, and >eth1 is the one it's connecting via, and yes there is an alias eth1:0, >but this is not the one in my routing table: > >Target Router Genmask Flags Metric Ref Use Iface >192.168.200.242 * 255.255.255.255 UH 0 0 0 ppp0 >localnet * 255.255.255.0 U 0 0 0 eth1 >validipaddr * 255.255.240.0 U 0 0 0 eth0 >default scully 0.0.0.0 UG 0 0 0 eth0 > >Any ideas? I hope I haven't missed something extremely obvious. If I >find the solution and it doesn't seem documented, I'll follow up with >it... > >Nick Farrell. >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! > -- --------------------------------------------- Check Out: http://www.users.zetnet.co.uk/james/ E-Mail: mistral at stevenson.zetnet.co.uk 10:50am up 2 days, 23:29, 3 users, load average: 0.41, 0.50, 0.79 From vigov at com2com.ru Wed Jun 7 10:10:19 2000 From: vigov at com2com.ru (vigov) Date: Wed, 7 Jun 2000 19:10:19 +0400 Subject: [pptp-server] freebsd mppe Message-ID: <13529850093.20000607191019@com2com.ru> Is there mppe realisation for user ppp? Eugene From vanja at relaygroup.com Wed Jun 7 09:59:35 2000 From: vanja at relaygroup.com (Vanja Hrustic) Date: Wed, 07 Jun 2000 21:59:35 +0700 Subject: [pptp-server] PPTP working on local net, not working over Internet (long one) Message-ID: <393E6357.283B3164@relaygroup.com> After 2 days, I still can't make Windows clients work with PoPToP over Internet. It works just fine on local network. I will try to supply as much details as possible, and I'd be happy if someone has any suggestions. Sorry for the lengthy mail, but I've been through FAQs and mailing list archives, and just couldn't find any answers to this. If you wish, you can just answer directly to me, and I will make a summary to the list (to avoid 'flooding' the list :). But please, read the whole mail before suggesting things (maybe I've tried them already :). The PoPToP setup... Server: - RedHat 6.1, 2.2.14 kernel, ppp-2.3.11, mppe patch ( ftp://ftp.binarix.com/pub/ppp-mppe/ppp-2.3.11-openssl-0.9.5-mppe.patch.gz ). kernel was recompiled 'from the scratch', ppp* modules have been compiled properly too (at least, they don't 'complain' :) - PoPToP V1.0.0 (running as a standalone daemon, not from inetd); installed in /usr/local/sbin (pptpctrl is also in /usr/local/sbin) - Linux box has 2 interfaces - eth0 (internal) and eth1 (external). pptpd is listening on eth1 Clients: - Windows 2000, 128-bit 'patch' has not been applied. No 'fixes' (from windowsupdate.microsoft.com) have been applied either. - Windows NT 4.0 Workstation, SP6a is applied. --------------------- /etc/ppp/options: debug kdebug 1 auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp require-chap name crash --------------------- /etc/pptpd.conf: speed 115200 option /etc/ppp/options debug localip 192.168.1.250 remoteip 192.168.1.230-249 listen 202.1.1.1 --------------------- As I've said before, on Windows clients work just fine on local network. I can see this in /var/log/messages: Jun 7 19:55:35 x pppd[2171]: MSCHAP-v2 peer authentication succeeded for test Jun 7 19:55:35 x pppd[2171]: local IP address 192.168.1.250 Jun 7 19:55:35 x pppd[2171]: remote IP address 192.168.1.230 Jun 7 19:55:35 x pppd[2171]: MPPE 40 bit, stateless compression enabled I presume it means that MSCHAP-v2 authentication was ok, and that 40-bit encryption is being used. Both Windows2000 and Windows NT4 are able to connect like this over local network. The fun begins when I disconnect any of those workstations from the local network. I reboot (just in case), login locally to the machine (no domain logins - it's obvious, since I'm disconencted from the network :), and establish a connection to the ISP. Connection to ISP works fine, and I've tried using both Supra and US Robotics modems (just in case, again). Now... Windows 2000: After I've rebooted and dialed ISP (let's say that IP of Win2000 box was 203.1.1.1), I've done: # ipchains -I input -s 203.1.1.1 -j ACCEPT # ipchains -I input -s 203.1.1.1 -j ACCEPT -p 47 # ipchains -I output -d 203.1.1.1 -j ACCEPT # ipchains -I output -d 203.1.1.1 -j ACCEPT -p 47 I've added "-p 47" as per suggestion, but I think that '-j ACCEPT' should allow *everything* in anyway. Anyway, to make it short - I've done the same for both clients, and with Windows 2000 I get "ERROR 651: The modem (or other connecting device) has reported an error", while with NT 4 I get something like "No response" (don't remember the msg, and can't go to that NT box right now). I've tried to modify /etc/ppp/options (comment/uncomment various entries) - but nothing has changed. I have really tried to modify every single parameter in VPN properties on Win2000. I've tried not to use encryption at all (commented it out in pptpd.conf and allowed it in Win2000 properties), I've tried to change TCP/IP settings, I've tried quite many things, but... always the same problem. Now, the point is that Win200 box does send some data to pptp server. I've grabbed the 'communication' between those 2 hosts using tcpdump. It goes like... 1. 203.1.1.1 -> 202.1.1.1: SYN 2. 202.1.1.1 -> 203.1.1.1: SYN/ACK 3. 203.1.1.1 -> 202.1.1.1: ACK 4. 202.1.1.1 -> 203.1.1.1: FIN/ACK 5. 203.1.1.1 -> 202.1.1.1: PPTP START-CONTROL-REQUEST 6. 202.1.1.1 -> 203.1.1.1: RST 7. 203.1.1.1 -> 202.1.1.1: FIN/ACK 8. 202.1.1.1 -> 203.1.1.1: RST What bothers me is: - why is FIN/ACK returned by firewall (PoPToP) server (packet 4)? - why is RST returned by firewall (PoPToP server), after the PPTP request? I am pretty sure that FIN/ACK (packet 4) and RST (packet 6) should not be there. For some reason, they are... :( However, in local network, the 'handshaking' goes like (192.1.1.1 is Win2000 client): 1. 192.1.1.1 -> 202.1.1.1: SYN 2. 202.1.1.1 -> 192.1.1.1: SYN/ACK 3. 192.1.1.1 -> 202.1.1.1: ACK 5. 192.1.1.1 -> 202.1.1.1: PPTP START-CONTROL-REQUEST 6. 202.1.1.1 -> 192.1.1.1: ACK 7. 192.1.1.1 -> 202.1.1.1: PPTP START-CONTROL-REPLY 8. ...etc... And this is the way it should be (SYN -> SYN/ACK -> ACK -> etc -> ACK -> etc...) Does anybody have any idea of what is going on in this scenario? :) Also, this is the content of the PPTP START-CONTROL-REQUEST packet (as seen in Ethereal). Maybe someone can tell me if it looks ok (it has the same content, no matter if I am going through local net or through Internet): --------------------------------------- PPTP CONTROL CHANNEL: Length: 156 Message Type: CONTROL MESSAGE (1) Cookie: 0x1a2b3c4d Control Type: START-CONTROL-REQUEST (1) Reserved: 0 Protocol Version: 1.0 Reserved: 0 Framing Capabilities: ASYNCHRONOUS (1) Bearer Capabilities: ANALOG (1) Maximum Channels: 0 Firmware Revision: 2160 Hostname: (empty) Vendor: Microsoft Windows NT --------------------------------------- And the worst of all is - absolutelly nothing gets logged (by pptpd) in /var/log/messages or /var/log/pptpd.log. Is there any way to turn on some 'super-debugging' in pptpd, that would be more verbose? [or should I just try modify the source and add more 'verbosity'?] Any suggestion/idea/whatever is more than appreciated. Thanks. Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time From USTS034 at UABDPO.DPO.UAB.EDU Wed Jun 7 10:28:13 2000 From: USTS034 at UABDPO.DPO.UAB.EDU (Landy Manderson) Date: Wed, 07 Jun 00 10:28:13 CDT Subject: [pptp-server] Re: Encrypted sessions using NTS Tunnel Builder In-Reply-To: Message of Wed, 07 Jun 2000 10:00:57 +0200 from Message-ID: <200006071532.e57FW9r26677@snaildust.schulte.org> My apologies for the problems .... will the attachment below suffice? On Wed, 07 Jun 2000 10:00:57 +0200 you said: >Please could you send your patch as an attached file 'cause the patches sent >inside mail are broken (a patch is a sensible person which doesn't support a >blank add). begin 644 ppp-2.3.10-patch-patch M9&EF9B`M'1R85]C2`R-R`Q-CHS,#HP,B`R,#`P"BLK*R!P<'`M,BXS+C$P+W!P M<&0O;7!P92YC"51H=2!*=6X@(#$@,34Z,SDZ-34@,C`P,`I`0"`M,3(Q+#<@ M*S$R,2PX($!`(&UP<&5?9V5T7W-T87)T7VME>2AU;G-I9VYE9"!C:&%R("I# M:&%L;&4*("`@("`*("`@("!32$$Q7TEN:70H)D-O;G1E>'0I.PH@("`@(%-( M03%?57!D871E*"9#;VYT97AT+"!.=%!A'0L($YT4&%S2P@,38I.PH@?0H` ` end From P.J.Reid at earthling.net Wed Jun 7 11:24:12 2000 From: P.J.Reid at earthling.net (Patrick Reid) Date: Wed, 7 Jun 2000 13:24:12 -0300 Subject: [pptp-server] Linux and Win9x (and: Non-TCP protocol sharing?) In-Reply-To: Message-ID: You could look into FreeSwan for an IPSec VPN. However, if any of the computers involved in the VPN are behind a NAT (as mine is), it won't work. I understand that there is a free version of the McAfee PGP IPSec VPN client available somewhere. On NetBEUI vs. SMB, NetBEUI is the protocol on which SMB was first built, but now Windows (and Samba) support SMB in TCP/IP. You don't need NetBEUI to give access to shares. Patrick Reid - mailto:P.J.Reid at earthling.net Communication Centre: "It is by Caffeine alone that I set my mind in motion- It is by the beans of Java, that my thoughts acquire speed- The hands acquire shakes; the shakes become a warning- It is by Caffeine alone that I set my mind in motion..." -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Derek Simkowiak Sent: June 6, 2000 11:01 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Linux and Win9x (and: Non-TCP protocol sharing?) Hello, I'm building a network. Woohoo! I'm setting up VPN services where there will be a Linux VPN server (also doing firewall/masquerading with ipchains) and MS-Windows9x VPN clients (laptops connecting from the outside world through various ISPs). The only free solution I have found is the Linux PPTP server, as all the other free Linux VPN solutions I've found are OpenSSH-based, and (as far as I can tell) the MS-Windows SSH client cannot be configured for VPN. Besides that, OpenSSH doesn't run on Windows. (There are some non-SSH solutions for Linux, but they don't have MS-Windows clients) Is there anything else besides PPTP that I should look into? Anyhow, it looks like PopTop will work fine. However, I did have a question. The file "win98.doc.gz" (titled, "Setting up VPN Access") and the PopTop-RedHat-HOWTO both say that the Win9x clients must be configured to turn *off* (that is, uncheck) the NetBEUI and IPX/SPX Compatible protocols. One thing the Win9x laptops need to do is get access to "Shares", that is, filesystems shared with the SMB "Network Neighborhood" protocol. Those shares will reside on other Win9x boxes as well as Linux using Samba. It is my understanding that SMB and NetBEUI are the same thing, and that if I want the remote laptops to be able to see those shares, I need to have NetBUIE turned on. Is that true? Are NetBEUI and SMB different? (I was under the impression that SMB, NetBEUI, and NetBIOS were all synonomous. If somebody could clear that up for me, I would be very grateful...) In short, will the remote Win9x laptops be able to see the Shares if NetBEUI and IPX are turned off? And why do those protocols need to be turned off, anyhow? (Not relevant but for the curious: There will also be remote Linux servers --colocated somewhere else-- connecting to the PopTop server so that the dolts running the website can drag'n'drop their FrontPage .HTM files into the proper directories via Samba. Also, there could be some remote Macintosh clients using TunnelBuilder and/or IPNetRouter to connect to the PopTop server. Fun!) Any help is greatly appreciated. Thanks, Derek Simkowiak dereks at kd-dev.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From vanja at relaygroup.com Wed Jun 7 12:00:05 2000 From: vanja at relaygroup.com (Vanja Hrustic) Date: Thu, 08 Jun 2000 00:00:05 +0700 Subject: [pptp-server] Windows 2000 & Internet - solved Message-ID: <393E7F95.F197B970@relaygroup.com> Dear me... It was so obvious. For some reason, I did compile pptpd with --with-libwrap, and I didn't realize that until now. When I've finally started pptpd through strace and saw that it reads /etc/hosts.allow ... I think you know the reason why it was dropping the connections :) Anyway, thanks a lot to those who tried to help. Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time From dereks at kd-dev.com Wed Jun 7 13:00:29 2000 From: dereks at kd-dev.com (Derek Simkowiak) Date: Wed, 7 Jun 2000 11:00:29 -0700 (PDT) Subject: [pptp-server] Linux and Win9x (and: Non-TCP protocol sharing?) In-Reply-To: Message-ID: -> On NetBEUI vs. SMB, NetBEUI is the protocol on which SMB was first built, -> but now Windows (and Samba) support SMB in TCP/IP. You don't need NetBEUI to -> give access to shares. Do I need to re-configure the Win9x boxes to use TCP/IP instead of NetBEUI for their shares? (Sorry, this is getting offtopic, but it'm my last SMB question...) --Derek From sstone at taos.com Wed Jun 7 13:32:30 2000 From: sstone at taos.com (Scott M. Stone) Date: Wed, 7 Jun 2000 11:32:30 -0700 (PDT) Subject: [pptp-server] Linux and Win9x (and: Non-TCP protocol sharing?) In-Reply-To: Message-ID: On Wed, 7 Jun 2000, Derek Simkowiak wrote: > -> On NetBEUI vs. SMB, NetBEUI is the protocol on which SMB was first built, > -> but now Windows (and Samba) support SMB in TCP/IP. You don't need NetBEUI to > -> give access to shares. > > Do I need to re-configure the Win9x boxes to use TCP/IP instead of > NetBEUI for their shares? > > (Sorry, this is getting offtopic, but it'm my last SMB > question...) remove IPX and Netbeui as protocols in your network panel, that's usually the best thing to do. You can also remove the bindings for Windows Networking from IPX and Netbeui and only have it bind to TCP/IP if for some reason you need IPX around (ie, for Doom). there's no reason whatsoever to have Netbeui installed at all, AFAICT. -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From RegisterNow65 at Hotmail.com Wed Jun 7 16:26:08 2000 From: RegisterNow65 at Hotmail.com (RegisterNow65 at Hotmail.com) Date: Wed, 7 Jun 2000 16:26:08 Subject: [pptp-server] Free Shares in a new Search Engine Message-ID: <778.27333.555878@server> Hi, A new search engine is about to be launched on the internet. It promises to promote your web site in more ways than any other search engine currently available. As part of our launch we are giving away shares in the company. Register on our mailing list by sending a blank e.mail to SubscribeNow at WebMailStation.com and we will forward you further information about our free share offer and notify you when it is time to register your web site address (URL). If this e.mail has been sent to you in error then please accept our apologies. Thank you for showing an interest. Best Wishes Chris Scott Marketing Manager From Angus.Huckle at simpl.co.nz Wed Jun 7 17:04:53 2000 From: Angus.Huckle at simpl.co.nz (Angus Huckle) Date: Thu, 8 Jun 2000 10:04:53 +1200 Subject: [pptp-server] Linux and Win9x (and: Non-TCP protocol sharing? ) Message-ID: If your users wish to browse the local network (i.e. use Network Neighbourhood to see other Windows/Samba servers), then you will need a WINS server. You can either use an NT box to do this or, I believe, your Samba server. You don't need a WINS server to map drives under Windows, just to browse the network neighbourhood. I think..... ;-) Angus. -----Original Message----- From: Scott M. Stone [mailto:sstone at taos.com] Sent: Thursday, 8 June 2000 06:33 To: Derek Simkowiak Cc: Patrick Reid; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Linux and Win9x (and: Non-TCP protocol sharing?) On Wed, 7 Jun 2000, Derek Simkowiak wrote: > -> On NetBEUI vs. SMB, NetBEUI is the protocol on which SMB was first built, > -> but now Windows (and Samba) support SMB in TCP/IP. You don't need NetBEUI to > -> give access to shares. > > Do I need to re-configure the Win9x boxes to use TCP/IP instead of > NetBEUI for their shares? > > (Sorry, this is getting offtopic, but it'm my last SMB > question...) remove IPX and Netbeui as protocols in your network panel, that's usually the best thing to do. You can also remove the bindings for Windows Networking from IPX and Netbeui and only have it bind to TCP/IP if for some reason you need IPX around (ie, for Doom). there's no reason whatsoever to have Netbeui installed at all, AFAICT. -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From P.J.Reid at earthling.net Thu Jun 8 07:51:37 2000 From: P.J.Reid at earthling.net (Patrick Reid) Date: Thu, 8 Jun 2000 09:51:37 -0300 Subject: [pptp-server] Linux and Win9x (and: Non-TCP protocol sharing?) In-Reply-To: Message-ID: Windows uses SMB over TCP/IP by default, so unless you did somethign special on installation, the answer is no. Patrick Reid - mailto:P.J.Reid at earthling.net Communication Centre: -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Derek Simkowiak Sent: June 7, 2000 3:00 PM To: Patrick Reid Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] Linux and Win9x (and: Non-TCP protocol sharing?) -> On NetBEUI vs. SMB, NetBEUI is the protocol on which SMB was first built, -> but now Windows (and Samba) support SMB in TCP/IP. You don't need NetBEUI to -> give access to shares. Do I need to re-configure the Win9x boxes to use TCP/IP instead of NetBEUI for their shares? (Sorry, this is getting offtopic, but it'm my last SMB question...) --Derek _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From dereks at kd-dev.com Thu Jun 8 18:51:18 2000 From: dereks at kd-dev.com (Derek Simkowiak) Date: Thu, 8 Jun 2000 16:51:18 -0700 (PDT) Subject: [pptp-server] IP Addressing question In-Reply-To: Message-ID: This is a simple question, but I want to make sure I understand things right... Given the following situation: 1) Linux server has static (live) IP address, acting as masquerader/NAT for 192.168.0.0 internal nework 2) Win98 laptop connects to random local ISP, and connects to the above Linux server with PPTP ...will the Win98 have one IP address, or two IP addresses? I can see it having both (a) a live ip address from ISP and (b) something like 192.168.0.7 from the NAT network, or just one of the above. I want to make sure the remote laptops will be able to o browse internal (192.168.0.0) SMB shares o Surf the web o NOT create a bridge/hole whenever they use PPTP to connect o (use VNC and some other crap) Thanks, Derek Simkowiak dereks at kd-dev.com From sstone at taos.com Thu Jun 8 19:43:06 2000 From: sstone at taos.com (Scott M. Stone) Date: Thu, 8 Jun 2000 17:43:06 -0700 (PDT) Subject: [pptp-server] IP Addressing question In-Reply-To: Message-ID: On Thu, 8 Jun 2000, Derek Simkowiak wrote: > > This is a simple question, but I want to make sure I understand > things right... > > Given the following situation: > > 1) Linux server has static (live) IP address, acting as masquerader/NAT > for 192.168.0.0 internal nework > > 2) Win98 laptop connects to random local ISP, and connects to the above > Linux server with PPTP > > ...will the Win98 have one IP address, or two IP addresses? > > > I can see it having both (a) a live ip address from ISP and (b) > something like 192.168.0.7 from the NAT network, or just one of the above. > > I want to make sure the remote laptops will be able to > > o browse internal (192.168.0.0) SMB shares > o Surf the web > o NOT create a bridge/hole whenever they use PPTP to connect > o (use VNC and some other crap) it will have two IP addresses. The VPN thing in Windows is created as a separate INTERFACE (look in your network control panel - VPN Dial-Up interface or something like that). The IP on the VPN iface is the one assigned by your PPTP server, and the one on the REAL dialup interface is the one assigned by the random ISP. the VPN client in windows will point the default route through the VPN IP interface such that ALL packets will be routed through the tunnel to you. So therefore, yes, browsing, surfing, etc will work (well, surfing will. browsing shares requires you to set up WINS on your network). -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From mike at libritas.com Thu Jun 8 19:28:31 2000 From: mike at libritas.com (Mike Ireton) Date: Thu, 8 Jun 2000 17:28:31 -0700 (PDT) Subject: [pptp-server] ppp problems (argh!) Message-ID: Ok folks, I've got one for you: I'm testing out poptop and am having a problem that has me stumped. The issue is the following messages that indicate ppp starting up and then deciding to quit for no discernable reason: Jun 8 08:37:04 (none) pptpd[343]: CTRL: Client 158.252.223.41 control connection started Jun 8 08:37:04 (none) pptpd[343]: CTRL: Starting call (launching pppd, opening GRE) Jun 8 08:37:04 (none) pppd[344]: pppd 2.3.11 started by root, uid 0 Jun 8 08:37:04 (none) kernel: ppp_ioctl: set dbg flags to 70000 Jun 8 08:37:04 (none) kernel: ppp_ioctl: set flags to 70000 Jun 8 08:37:04 (none) pppd[344]: Using interface ppp0 Jun 8 08:37:04 (none) pppd[344]: Connect: ppp0 <--> /dev/ttyp1 Jun 8 08:37:04 (none) kernel: ppp_tty_ioctl: set xasyncmap Jun 8 08:37:04 (none) kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff Jun 8 08:37:04 (none) kernel: ppp_ioctl: set flags to 70000 Jun 8 08:37:04 (none) kernel: ppp_ioctl: set mru to 5dc Jun 8 08:37:04 (none) kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff Jun 8 08:37:04 (none) kernel: ppp: channel ppp0 closing. Jun 8 08:37:04 (none) pptpd[343]: CTRL: Error with select(), quitting Jun 8 08:37:04 (none) pptpd[343]: CTRL: Client 158.252.223.41 control connection finished Jun 8 08:37:04 (none) pppd[344]: Modem hangup Jun 8 08:37:04 (none) pppd[344]: Connection terminated. This is with 'debug' and 'kdebug 7' in the ppp options file. Here are my config files - /etc/pptpd.conf speed 115200 option /config/ppp/options debug localip 10.1.1.220-230 remoteip 10.1.2.220-230 pidfile /var/run/pptpd.pid /config/ppp/options auth local lock debug kdebug 7 +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless Any ideas? If it helps, I'm running 2.0.38 with ppp as a built in driver, patched and installed with ppp 2.3.11 and ppp-mpppe-rc4 patches. -- Mike Ireton Senior Systems Engineer Libritas, inc (Formerly Bay Office Net) - http://www.libritas.com Voice (510) 740-7700 "Where do you want to go today?" With Linux, I'm already there.... From estern at opennetwork.com Fri Jun 9 14:53:12 2000 From: estern at opennetwork.com (Elliott Stern) Date: Fri, 09 Jun 2000 15:53:12 -0400 Subject: [pptp-server] Getting closer :-) Message-ID: <39414B28.F2D3125@opennetwork.com> After a few attempts I now have PoPToP working on Redhat 6.1 without encryption. How do I go about applying Adi's RPMs? (i.e. How does this procedure fit into what is currently section 4 of the Redhat-Poptop Howto?) Thanks. -Elliott -------------- next part -------------- A non-text attachment was scrubbed... Name: estern.vcf Type: text/x-vcard Size: 319 bytes Desc: Card for Elliott Stern URL: From vanja at relaygroup.com Fri Jun 9 16:40:11 2000 From: vanja at relaygroup.com (Vanja Hrustic) Date: Sat, 10 Jun 2000 04:40:11 +0700 Subject: [pptp-server] Kernel 2.2.16 + mppe_patch + ppp-2.3.11 (mini-HOWTO :) Message-ID: <3941643B.B12A11E2@relaygroup.com> Hi! I've spent some time trying to install ppp-2.3.11 on new kernel (2.2.16), but it kept spitting errors. At the end, I've made it work. If someone is interested (and also had problems :), here is what I did to make it work. Also, if I've actually made some error (and didn't realize it), let me know :) btw: you probably know about CAP_SETUID problem, and everyone should upgrade the kernel to 2.2.16, bla, bla... + = mandatory o = optional (just to show what I've done, and that it worked with additional patches, in case someone wants to try the same) + get 2.2.16 sources http://www.kernel.org/pub/linux/kernel/v2.2/ o install Solar Designer's patch (might save your life one day ;) http://www.openwall.com/linux/ o install IDE patches (if you have some newer motherboard and want ATA66 or even ATA100 support) http://www.kernel.org/pub/linux/kernel/people/hedrick/ http://priv4.onet.pl/war/bkz/ (you might find newer/updated version here) http://www.linux-ide.org/ (for ATA100 details) + get ppp-2.3.11 sources ftp://ftp.linuxcare.com.au/pub/ppp/ + get ppp-2.3.11_mppe patch ftp://ftp.binarix.com/pub/ppp-mppe/ Steps: --[1]-- Unpack/patch (with OW and IDE patches) the kernel. Don't forget to make proper link for /usr/src/linux if you are unpacking sources as /usr/src/linux-2.2.16, for example. --[2]-- Unpack ppp-2.3.11 sources somewhere (/var/tmp, for example), and copy 'ppp-2.3.11-openssl-0.9.5-mppe.patch.gz' file into that directory. # cd /var/tmp/ppp-2.3.11 # gzip -d ppp-2.3.11-openssl-0.9.5-mppe.patch.gz # patch -p1 < ppp-2.3.11-openssl-0.9.5-mppe.patch # ./configure # make # make install At this point, you are supposed to do "# make kernel". However, on my systems (RH 6.1 machines, with 2.2.15 and 2.2.16 kernels), it would update some of the files in /usr/src/linux, and would not update some others. That was resulting in errors during the compilation. What I did was to edit linux/kinstall.sh (in ppp-2.3.11 dir). You will see a part that looks like: ----------------------------------------------------- for FILE in $LINUXSRC/drivers/net/bsd_comp.c \ $LINUXSRC/drivers/net/ppp_deflate.c \ $LINUXSRC/drivers/net/zlib.c \ $LINUXSRC/drivers/net/zlib.h \ $LINUXSRC/drivers/net/ppp_mppe.c \ $LINUXSRC/drivers/net/ppp_lzscomp.c \ $LINUXSRC/drivers/net/ppp_lzscomp.h \ $LINUXSRC/drivers/net/mppe.h \ $LINUXSRC/drivers/net/sha.h \ $LINUXSRC/drivers/net/sha1dgst.c \ $LINUXSRC/drivers/net/sha_locl.h \ $LINUXSRC/drivers/net/rc4_enc.c \ $LINUXSRC/drivers/net/rc4_skey.c \ $LINUXSRC/drivers/net/rc4.h \ $LINUXSRC/drivers/net/rc4_locl.h \ $LINUXSRC/include/linux/if_ppp.h \ $LINUXSRC/include/linux/if_pppvar.h \ $LINUXSRC/include/linux/ppp-comp.h \ $LINUXSRC/include/linux/ppp_defs.h do installfile $FILE no done ----------------------------------------------------- Make it look like: ----------------------------------------------------- for FILE in $LINUXSRC/drivers/net/bsd_comp.c \ $LINUXSRC/drivers/net/ppp_deflate.c \ $LINUXSRC/drivers/net/zlib.h \ $LINUXSRC/drivers/net/ppp_mppe.c \ $LINUXSRC/drivers/net/ppp_lzscomp.c \ $LINUXSRC/drivers/net/ppp_lzscomp.h \ $LINUXSRC/drivers/net/mppe.h \ $LINUXSRC/drivers/net/sha.h \ $LINUXSRC/drivers/net/sha1dgst.c \ $LINUXSRC/drivers/net/sha_locl.h \ $LINUXSRC/drivers/net/rc4_enc.c \ $LINUXSRC/drivers/net/rc4_skey.c \ $LINUXSRC/drivers/net/rc4.h \ $LINUXSRC/drivers/net/rc4_locl.h do installfile $FILE no done ----------------------------------------------------- In other words - remove the lines: $LINUXSRC/drivers/net/zlib.c \ $LINUXSRC/include/linux/if_ppp.h \ $LINUXSRC/include/linux/if_pppvar.h \ $LINUXSRC/include/linux/ppp-comp.h \ $LINUXSRC/include/linux/ppp_defs.h Note that there is no backslash in the last entry (rc4_locl.h) :) Next, comment out the line: installfile $LINUXSRC/drivers/net/ppp.c yes so that it looks like: #installfile $LINUXSRC/drivers/net/ppp.c yes Then, edit the file /usr/include/linux/ppp-comp.h, and add these 2 entries at the bottom, below the line that says: /* * Definitions for other, as yet unsupported, compression methods. */ These are the entries: #define CI_MPPE 18 #define CILEN_MPPE 6 [3] Now, run the "# make kernel" from the /var/tmp/ppp-2.3.11 directory. The kernel sources should be patched, and some files added. [4] # cd /usr/src/linux # make menuconfig ... configure whatever you need - you'll need to enable 'experimental' options in order to activate ATA drivers ... # make dep; make bzImage; make modules; make modules_install [ if compilation didn't stop with error - it's a good sign :] ... copy System.map to /boot/System.map-2.2.16, make a link to System.map, copy arch/i386/boot/bzImage to /boot/whatever_you_want, update /etc/lilo.conf, execute # /sbin/lilo [5] These steps are covered in other FAQs: - build pptpd-1.0.0, install it, create /etc/pptpd.conf, modify /etc/ppp/options, modify /etc/syslogd.conf, restart syslog, etc. IMPORTANT: Do NOT forget to add: alias ppp-compress-18 ppp_mppe in your /etc/conf.modules file I've tested it with plain WinNT 4.0 WKS, Win2000 and with Win2000+128bit patch. It worked just fine. I didn't test it with linux client though, but I'll do it sooner or later. If you have received any errors during the compilation, let me know. Maybe I've mixed up some steps in this 'faq' and... don't hate me, it's 4:30am in here :) And thanks to all people that were/are involved in PoPToP :) Regards, Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time From vanja at relaygroup.com Sat Jun 10 14:19:30 2000 From: vanja at relaygroup.com (Vanja Hrustic) Date: Sun, 11 Jun 2000 02:19:30 +0700 Subject: [pptp-server] Re: Kernel 2.2.16 + mppe_patch + ppp-2.3.11 (mini-HOWTO :) References: <3941643B.B12A11E2@relaygroup.com> Message-ID: <394294C2.578FE218@relaygroup.com> Vanja Hrustic wrote: > > Hi! > > I've spent some time trying to install ppp-2.3.11 on new kernel > (2.2.16), but it kept spitting errors. At the end, I've made it work. If > someone is interested (and also had problems :), here is what I did to > make it work. Also, if I've actually made some error (and didn't realize > it), let me know :) After I've rebooted the machine where PoPToP is running, for some reason I can't connect using 128-bit encryption anymore. Only 40-bit. So, it seems the procedure mentioned in previous mail was not correct :( Will play with that later. Sorry about the faulty 'howto'. Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time From vanja at relaygroup.com Sat Jun 10 17:59:03 2000 From: vanja at relaygroup.com (Vanja Hrustic) Date: Sun, 11 Jun 2000 05:59:03 +0700 Subject: [pptp-server] Patch for pptpd-1.0.0 (small utmp/wtmp entries) Message-ID: <3942C837.3DF3BE85@relaygroup.com> Hi! I needed a small 'feature' that would show me (on 'last' or 'w' output) if someone is logged in using PoPToP. This is a very silly/dirty hack that inputs some information into utmp/wtmp and result is like: (hostnames and IP addresses are modified - sorry about that :) [root at aaaaa /]# w 4:28am up 4:41, 3 users, load average: 0.00, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT vanja pts/1 bbbbbb.bbbbbbbbb 11:57pm 0.00s 0.53s ? - vanja pts/4 bbbbbb.bbbbbbbbb 2:15am 6:55 0.27s ? - PPTP 3871 202.122.1.227 4:08am 0.00s 27.63s ? - [root at aaaaa /]# last -9 PPTP 3871 202.122.1.227 Sun Jun 11 04:08 still logged in PPTP 3827 202.122.1.227 Sun Jun 11 04:06 - 04:07 (00:00) PPTP 3771 202.122.1.226 Sun Jun 11 04:04 - 04:06 (00:01) PPTP 3769 202.122.1.227 Sun Jun 11 04:04 - 04:04 (00:00) PPTP 3014 202.122.1.227 Sun Jun 11 03:56 - 03:59 (00:02) PPTP 2042 202.122.1.226 Sun Jun 11 03:21 - 03:24 (00:02) PPTP 1950 202.122.1.227 Sun Jun 11 03:04 - 03:07 (00:02) PPTP 1858 202.122.1.227 Sun Jun 11 02:59 - 03:03 (00:04) vanja pts/4 bbbbbb.bbbbbbbbb Sun Jun 11 02:15 still logged in wtmp begins Sat Jun 10 00:11:12 2000 [root at aaaaa /]# The TTY is actually a PID of the current pptpctrl process - as much as I could understand, real ttys are assigned by pppd, not pptpctrl, so... I needed something 'unique'. PID does the job, helps me track active sessions, and doesn't break anything. I hope... For me, it was more important to see an active session from the outside, than to have a real username and IP address as authenticated/assigned by pppd. That's the reason why I wanted pptpctrl to write into utmp/wtmp. pppd can probably be modified (it does have its own logwtmp() already, and quick hack is to put it in chap.c, after the authentication is made, and close the utmp in auth.c after the "connection is terminated" notice - or I am wrong? :) to show the authenticated user and his 'local' IP address, but I didn't need it. Sorry :) The patch is gzipp'ed because of stupid Netscape - it likes to send text attachments in the body of the mail. Ugh... Please, review the patch before actually applying it - maybe I've made some mistake (I am not skilled programmer, so... :). I'd be happy if someone more experienced would review it and fix it. It will probably work on Linux only. Thanks. Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time -------------- next part -------------- A non-text attachment was scrubbed... Name: pptpd-1.0.0.utmp.diff.gz Type: application/x-gzip Size: 838 bytes Desc: not available URL: From dereks at kd-dev.com Sat Jun 10 18:04:32 2000 From: dereks at kd-dev.com (Derek Simkowiak) Date: Sat, 10 Jun 2000 16:04:32 -0700 (PDT) Subject: [pptp-server] Kernel 2.2.16 + mppe_patch + ppp-2.3.11 (mini-HOWTO :) In-Reply-To: <3941643B.B12A11E2@relaygroup.com> Message-ID: Could somebody please put this in the FAQ or HowTo? I don't want to have to remember to scan the mailing list archives for this stuff several months from now... --Derek On Sat, 10 Jun 2000, Vanja Hrustic wrote: -> Hi! -> -> I've spent some time trying to install ppp-2.3.11 on new kernel -> (2.2.16), but it kept spitting errors. At the end, I've made it work. If -> someone is interested (and also had problems :), here is what I did to -> make it work. Also, if I've actually made some error (and didn't realize -> it), let me know :) -> -> btw: you probably know about CAP_SETUID problem, and everyone should -> upgrade the kernel to 2.2.16, bla, bla... -> -> -> -> + = mandatory -> o = optional (just to show what I've done, and that it worked with -> additional patches, in case someone wants to try the same) -> -> -> + get 2.2.16 sources -> http://www.kernel.org/pub/linux/kernel/v2.2/ -> -> o install Solar Designer's patch (might save your life one day ;) -> http://www.openwall.com/linux/ -> -> o install IDE patches (if you have some newer motherboard and want ATA66 -> or even ATA100 support) -> http://www.kernel.org/pub/linux/kernel/people/hedrick/ -> http://priv4.onet.pl/war/bkz/ (you might find newer/updated version -> here) -> http://www.linux-ide.org/ (for ATA100 details) -> -> + get ppp-2.3.11 sources -> ftp://ftp.linuxcare.com.au/pub/ppp/ -> -> + get ppp-2.3.11_mppe patch -> ftp://ftp.binarix.com/pub/ppp-mppe/ -> -> Steps: -> -> --[1]-- -> -> Unpack/patch (with OW and IDE patches) the kernel. Don't forget to make -> proper link for /usr/src/linux if you are unpacking sources as -> /usr/src/linux-2.2.16, for example. -> -> --[2]-- -> -> Unpack ppp-2.3.11 sources somewhere (/var/tmp, for example), and copy -> 'ppp-2.3.11-openssl-0.9.5-mppe.patch.gz' file into that directory. -> -> # cd /var/tmp/ppp-2.3.11 -> # gzip -d ppp-2.3.11-openssl-0.9.5-mppe.patch.gz -> # patch -p1 < ppp-2.3.11-openssl-0.9.5-mppe.patch -> # ./configure -> # make -> # make install -> -> At this point, you are supposed to do "# make kernel". However, on my -> systems (RH 6.1 machines, with 2.2.15 and 2.2.16 kernels), it would -> update some of the files in /usr/src/linux, and would not update some -> others. That was resulting in errors during the compilation. What I did -> was to edit linux/kinstall.sh (in ppp-2.3.11 dir). -> -> You will see a part that looks like: -> -> ----------------------------------------------------- -> for FILE in $LINUXSRC/drivers/net/bsd_comp.c \ -> $LINUXSRC/drivers/net/ppp_deflate.c \ -> $LINUXSRC/drivers/net/zlib.c \ -> $LINUXSRC/drivers/net/zlib.h \ -> $LINUXSRC/drivers/net/ppp_mppe.c \ -> $LINUXSRC/drivers/net/ppp_lzscomp.c \ -> $LINUXSRC/drivers/net/ppp_lzscomp.h \ -> $LINUXSRC/drivers/net/mppe.h \ -> $LINUXSRC/drivers/net/sha.h \ -> $LINUXSRC/drivers/net/sha1dgst.c \ -> $LINUXSRC/drivers/net/sha_locl.h \ -> $LINUXSRC/drivers/net/rc4_enc.c \ -> $LINUXSRC/drivers/net/rc4_skey.c \ -> $LINUXSRC/drivers/net/rc4.h \ -> $LINUXSRC/drivers/net/rc4_locl.h \ -> $LINUXSRC/include/linux/if_ppp.h \ -> $LINUXSRC/include/linux/if_pppvar.h \ -> $LINUXSRC/include/linux/ppp-comp.h \ -> $LINUXSRC/include/linux/ppp_defs.h -> do -> installfile $FILE no -> done -> ----------------------------------------------------- -> -> Make it look like: -> -> ----------------------------------------------------- -> for FILE in $LINUXSRC/drivers/net/bsd_comp.c \ -> $LINUXSRC/drivers/net/ppp_deflate.c \ -> $LINUXSRC/drivers/net/zlib.h \ -> $LINUXSRC/drivers/net/ppp_mppe.c \ -> $LINUXSRC/drivers/net/ppp_lzscomp.c \ -> $LINUXSRC/drivers/net/ppp_lzscomp.h \ -> $LINUXSRC/drivers/net/mppe.h \ -> $LINUXSRC/drivers/net/sha.h \ -> $LINUXSRC/drivers/net/sha1dgst.c \ -> $LINUXSRC/drivers/net/sha_locl.h \ -> $LINUXSRC/drivers/net/rc4_enc.c \ -> $LINUXSRC/drivers/net/rc4_skey.c \ -> $LINUXSRC/drivers/net/rc4.h \ -> $LINUXSRC/drivers/net/rc4_locl.h -> do -> installfile $FILE no -> done -> ----------------------------------------------------- -> -> In other words - remove the lines: -> -> $LINUXSRC/drivers/net/zlib.c \ -> $LINUXSRC/include/linux/if_ppp.h \ -> $LINUXSRC/include/linux/if_pppvar.h \ -> $LINUXSRC/include/linux/ppp-comp.h \ -> $LINUXSRC/include/linux/ppp_defs.h -> -> Note that there is no backslash in the last entry (rc4_locl.h) :) -> -> Next, comment out the line: -> -> installfile $LINUXSRC/drivers/net/ppp.c yes -> -> so that it looks like: -> -> #installfile $LINUXSRC/drivers/net/ppp.c yes -> -> Then, edit the file /usr/include/linux/ppp-comp.h, and add these 2 -> entries at the bottom, below the line that says: -> -> /* -> * Definitions for other, as yet unsupported, compression methods. -> */ -> -> These are the entries: -> -> #define CI_MPPE 18 -> #define CILEN_MPPE 6 -> -> [3] -> -> Now, run the "# make kernel" from the /var/tmp/ppp-2.3.11 directory. The -> kernel sources should be patched, and some files added. -> -> [4] -> -> # cd /usr/src/linux -> # make menuconfig -> .. configure whatever you need - you'll need to enable 'experimental' -> options in order to activate ATA drivers ... -> # make dep; make bzImage; make modules; make modules_install -> [ if compilation didn't stop with error - it's a good sign :] -> ... copy System.map to /boot/System.map-2.2.16, make a link to -> System.map, copy arch/i386/boot/bzImage to /boot/whatever_you_want, -> update /etc/lilo.conf, execute # /sbin/lilo -> -> [5] -> -> These steps are covered in other FAQs: -> -> - build pptpd-1.0.0, install it, create /etc/pptpd.conf, modify -> /etc/ppp/options, modify /etc/syslogd.conf, restart syslog, etc. -> -> IMPORTANT: -> -> Do NOT forget to add: -> -> alias ppp-compress-18 ppp_mppe -> -> in your /etc/conf.modules file -> -> I've tested it with plain WinNT 4.0 WKS, Win2000 and with Win2000+128bit -> patch. It worked just fine. I didn't test it with linux client though, -> but I'll do it sooner or later. -> -> If you have received any errors during the compilation, let me know. -> Maybe I've mixed up some steps in this 'faq' and... don't hate me, it's -> 4:30am in here :) -> -> And thanks to all people that were/are involved in PoPToP :) -> -> Regards, -> -> Vanja Hrustic -> The Relay Group -> http://relaygroup.com -> Technology Ahead of Time -> _______________________________________________ -> pptp-server maillist - pptp-server at lists.schulte.org -> http://lists.schulte.org/mailman/listinfo/pptp-server -> List services provided by www.schulteconsulting.com! -> From chris at ceeriff.net Sun Jun 11 12:48:11 2000 From: chris at ceeriff.net (Chris Riffle) Date: Sun, 11 Jun 2000 12:48:11 -0500 Subject: [pptp-server] MoretonBay NetTel 2520 Message-ID: I have a MoretonBay NetTel 2520 embedded Linux box that runs a version of pptp-server called "PoPToP". I'm trying to get a client W98 box to use MS VPN adaptor/DUN to authenticate on the PoPTop Server using CHAP. (or anything for that matter) Followed all the directions I could find and still no luck! I am having a heck of a time getting it to work. My network topology looks like the following: Local Lan<--->NetTel2520<--->cablemodem<--->Internet<--->cablemodem2<-- -->Cisco1605w/NAT<--->remote network<--->client W98box Any insite, Commments, suggestions? I'd be happy to supply more detailed descriptions/config settings if required. Thanks in advance. Chris From vanja at relaygroup.com Sun Jun 11 14:52:31 2000 From: vanja at relaygroup.com (Vanja Hrustic) Date: Mon, 12 Jun 2000 02:52:31 +0700 Subject: [pptp-server] 2.2.16 + mppe patch + ppp-2.3.11 HOWTO (working one this time) Message-ID: <3943EDFF.D8F5A182@relaygroup.com> Hi! I've setup the PoPToP on 2.2.16 kernel again, and this time I've checked that it works properly, even after few reboots. I've made the small 'howto', and I hope it is ok this time. Basically, there is no much difference between this one and the 'official' RedHat HOWTO, except the fact that you need to copy 2 files from ppp-2.3.11 distribution manually. But here it is anyway. Some changes to ppp driver have been introduced with kernel 2.2.15, and there is a chance that following directions from this 'howto' might break some things. It works fine for me though. It is also available at http://www.vanja.com/PPTP.txt Any comments or suggestions are more than welcome. Thanks. -- --------------------------------------------------------------- Any comments/suggestions should be sent to vanja at relaygroup.com --------------------------------------------------------------- WARNING: This setup was tested on RedHat 6.1 boxes only. Also, some changes in ppp driver have been made in Kernel 2.2.15 (as opposed to 2.2.14 and earlier), and there is a possibility that installing files from ppp-2.3.11.tar.gz distribution will break something. Use it on your own risk! NOTES: - You might want to check for updated OpenWall patches for Linux kernel (by Solar Designer) at http://www.openwall.com/linux/ - You might want to check for updated IDE drivers at http://republika.pl/bkz/ or http://www.kernel.org/pub/linux/kernel/people/hedrick/ or http://www.linux-ide.org/ (last 2 are 'official' ones, but the first site might have patches available first) First, we will download kernel sources, and additional patches (if you need them): # cd /usr/src # wget http://www.kernel.org/pub/linux/kernel/v2.2/linux-2.2.16.tar.bz2 # wget http://www.openwall.com/linux/linux-2.2.16-ow1.tar.gz # wget http://republika.pl/bkz/ide.2.2.16.patch.bz2 Then, remove 'linux' directory (if it exists), or 'linux' symlink (if it exists): # rm linux (for symlink) # rm -rf linux (for directory) Unpack kernel sources. Note that 'I' option for tar is available for tar 1.13 and above: # tar Ixvf linux-2.2.16.tar.bz2 In case you don't have tar 1.13, use bzip2 first: # bzip2 -d linux-2.2.16.tar.bz2 # tar xvf linux-2.2.16.tar It is better to have 'linux' as a symlink (for maintenance reasons :): # mv linux linux-2.2.16 # ln -s linux-2.2.16 linux Move the patches to the 'linux' dir: # mv linux-2.2.16-ow1.tar.gz linux/ # mv ide.2.2.16.patch.bz2 linux/ # cd linux Unpack patches: # bzip2 -d ide.2.2.16.patch.bz2 # tar zxvf linux-2.2.16-ow1.tar.gz Apply patches: # patch -p1 < ide-2.2.16.patch # patch -p1 < linux-2.2.16-ow1/linux-2.2.16-ow1.diff (you might want/need to apply 2 other patches - read the README file!) Create a link for 'asm' in includes: # cd include # ln -s asm-i386/ asm Now, we need to get pptp/ppp stuff: # cd /var/tmp # mkdir pptp # cd pptp # wget ftp://ftp.linuxcare.com.au/pub/ppp/ppp-2.3.11.tar.gz # wget ftp://ftp.binarix.com/pub/ppp-mppe/ppp-2.3.11-openssl-0.9.5-mppe.patch.gz # wget http://www.moretonbay.com/vpn/releases/pptpd-1.0.0.tgz Unpack pppd, and apply the patch: # tar zxvf ppp-2.3.11.tar.gz # gzip -d ppp-2.3.11-openssl-0.9.5-mppe.patch.gz # mv ppp-2.3.11-openssl-0.9.5-mppe.patch ppp-2.3.11/ # cd ppp-2.3.11/ # patch -p1 < ppp-2.3.11-openssl-0.9.5-mppe.patch Make pppd: # ./configure # make # make install Copy required files to kernel source dir: # make kernel # cp common/zlib.h /usr/src/linux/drivers/net/ # cp include/linux/if_pppvar.h /usr/src/linux/include/linux/ Make kernel configuration: # cd /usr/src/linux # make menuconfig NOTE: kernel configuration is covered on many other places - no need for it here; make sure that you build ppp/slip modules though :) Make kernel and modules: # make dep; make bzImage; make modules; make modules_install or (if you have SMP machine) # make dep; make -j3 bzImage; make -j3 modules; make modules_install NOTE: If you already have /lib/modules/2.2.16 directory, remove it before installing modules Install new kernel: # cp System.map /boot/System.map-2.2.16 # rm /boot/System.map (if you have it) # ln -s /boot/System.map-2.2.16 /boot/System.map # cp arch/i386/bzImage /boot/linux-2.2.16 Edit your /etc/lilo.conf, and make new entry to this kernel. It should probably look like: -- cut -- image=/boot/linux-2.2.16 label=linux read-only root=/dev/hda3 -- cut -- NOTE: Make sure that 'root' points to the right device, and if you are using initrd images, create one using 'mkinitrd' command, and add appropriate entry! Create /etc/ppp/options file. The following is just an example: -- cut --- debug #kdebug 1 (you can turn this on if you require more debugging) auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp ms-wins ms-dns ms-dns require-chap name servername (you can use some other name, it is up to you) netmask 255.255.255.0 -- cut -- Create /etc/ppp/chap-secrets file. The following is just an example: -- cut -- # Secrets for authentication using CHAP # client server secret IP addresses username servername password * -- cut -- Make sure permissions are properly set on /etc/ppp/chap-secrets file: # chown root:root /etc/ppp/chap-secrets # chmod 600 /etc/ppp/chap-secrets Add ppp-compress-18 entry into /etc/conf.modules: -- cut -- alias ppp-compress-18 ppp_mppe -- cut -- Now, build and install pptpd: # cd /var/tmp/ppp/ # tar zxvf pptpd-1.0.0.tar.gz # cd pptpd-1.0.0 # ./configure # make # make install-strip Create /etc/pptpd.conf file. The following is just an example: -- cut -- speed 115200 option /etc/ppp/options debug localip 192.168.1.230 (IP address which PPTP server will have - can be single IP) remoteip 192.168.1.231-253 (pool of IP addresses which will be assigned to clients) listen 192.168.1.200 (IP address where pptpd will listen) -- cut -- You can add init script into /etc/rc.d/init.d directory. It was originally made by Henri Gomez: -- cut -- #!/bin/sh # # Startup script for pptpd # # chkconfig: 345 85 15 # description: PPTP server # processname: pptpd # config: /etc/pptpd.conf # Source function library. . /etc/rc.d/init.d/functions # See how we were called. case "$1" in start) echo -n "Starting pptpd: " if [ -f /var/lock/subsys/pptpd ] ; then echo exit 1 fi daemon /usr/local/sbin/pptpd echo touch /var/lock/subsys/pptpd ;; stop) echo -n "Shutting down pptpd: " killproc pptpd echo rm -f /var/lock/subsys/pptpd ;; status) status pptpd ;; restart) $0 stop $0 start ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 1 esac exit 0 -- cut -- Activate it (on RedHat) using command: # chkconfig --add pptpd If you wish to see some pptpd debugging messages, add the following entry to /etc/syslogd.conf: -- cut here -- daemon.debug /var/log/pptp.log -- cut here -- Reboot... After the reboot, pptpd should be running. From david at solutionsfirst.net Sun Jun 11 18:26:01 2000 From: david at solutionsfirst.net (Dave Kempe) Date: Mon, 12 Jun 2000 09:26:01 +1000 Subject: [pptp-server] MoretonBay NetTel 2520 In-Reply-To: Message-ID: <000001bfd3fc$67ffcd20$0201a8c0@what.net> If you followed all the directions most likely the poptop server just isn't getting thru to the other side. This is probably because the cisco router is blocking it. You will need to configure it to let thru the correct protocols. Dig around on the list archives for these.. perhaps even the FAQ has em. Also, I would have thought Moreton Bay would be glad to support you after you bought one of their products... they developed Poptop anyway. dave > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Chris Riffle > Sent: Monday, 12 June 2000 3:48 AM > To: PPTP Mail List > Subject: [pptp-server] MoretonBay NetTel 2520 > > > I have a MoretonBay NetTel 2520 embedded Linux box that runs a version of > pptp-server called "PoPToP". > I'm trying to get a client W98 box to use MS VPN adaptor/DUN to > authenticate > on the PoPTop Server using CHAP. (or anything for that matter) > Followed all the directions I could find and still no luck! > > I am having a heck of a time getting it to work. My network topology looks > like the following: > > Local Lan<--->NetTel2520<--->cablemodem<--->Internet<--->cablemodem2<-- > -->Cisco1605w/NAT<--->remote network<--->client W98box > > Any insite, Commments, suggestions? > I'd be happy to supply more detailed descriptions/config settings if > required. > > Thanks in advance. > > Chris > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From sstone at taos.com Mon Jun 12 15:34:16 2000 From: sstone at taos.com (Scott M. Stone) Date: Mon, 12 Jun 2000 13:34:16 -0700 (PDT) Subject: [pptp-server] patches CAN coexist... Message-ID: Well, I just built a 2.2.16 kernel with the Openwall patches, the ppp mppe patches, AND FreeS/WAN. Worked beautifully. Most of the credit goes to Vanja, though. Basically, I: 1. download 2.2.16 2. configure to your liking 3. build it but don't install it 4. uncompress freeswan-1.4 5. follow its make procedure, which will automatically patch your kernel and build the userspace tools and install them and rebuild the kernel again. 6. go to http://www.vanja.com/PPTP.txt and follow Vanja's procedure. This will get you the OpenWall patches as well as the ppp patches (and the ATA66/ATA100 patches too, but my firewall/VPN box is old and doesn't support that, so I opted out of it). Anyway, built without incident. Waiting until tonight to actually kick it over and attempt to *BOOT* the thing :) -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From boris at microtrader.com Mon Jun 12 16:19:32 2000 From: boris at microtrader.com (Boris Reisig) Date: Mon, 12 Jun 2000 16:19:32 -0500 Subject: [pptp-server] *Solution* for PPP+MPPE with kernels 2.2.15+ Message-ID: <003001bfd4b3$e71c76a0$5101a8c0@mycompany.xxx> I found alot of information here on how to fix PPP with kernels 2.2.15 and higher. Vanja helped me get a good start and heres is the way I did it [without downloading too many patches]. I am currently using Slackware Linux [7.0] What you need. -Linux kernel 2.2.16 [ftp.kernel.org/pub/linux/kernel/2.2/linux-2.2.16.tar.gz] -PPP 2.3.11 [ftp.linuxcare.com.au/pub/ppp/ppp-2.3.11.tar.gz] -MPPE Patch [ftp.binarix.com/pub/ppp-mppe/ppp-2.3.11-openssl-0.9.5-mppe.patch.gz] a) Download the files above. b) Delete the old kernel and create the symlinks # rm -rf /usr/src/linux* # cp linux-2.2.16.tar /usr/src # tar -zxvf linux-2.2.16.tar # rm linux-2.2.16.tar # cd /usr/include # ln -s ../src/linux/include/linux linux # ln -s ../src/linux/include/asm asm c) Update linux kernel files # cd /usr/src/linux # make menuconfig (or make config depending on what you like better) *Make* sure PPP is installed in the kernel either as a module or built into the kernel [I build mine into the kernel] When done, remember to save your configuration. A "HOWTO" can be found at [http://www.linuxdoc.org] if you are not sure how to configure your kernel to support PPP. d) Install the PPP with MPPE patch # cp ppp-2.3.11.tar.gz /usr/src # cd /usr/src # tar -zxvf ppp-2.3.11.tar.gz # rm ppp-2.3.11.tar.gz # cp ppp-2.3.11-openssl-0.9.5-mppe.patch.gz /usr/src/ppp-2.3.11 # cd /usr/src/ppp-2.3.11 # zcat ppp-2.3.11-openssl-0.9.5-mppe.patch.gz | patch -p1 # ./configure # make # make install # make kernel # cp common/zlib.h /usr/src/linux/drivers/net/ # cp include/linux/if_pppvar.h /usr/src/linux/include/linux/ e) Time to compile our new kernel and new modules. # cd /usr/src/linux # make menuconfig Make sure you have PPP *enabled* in the kernel # make dep clean # rm -rf /lib/modules # make modules modules_install # make bzImage # cp System.map /boot # cp arch/i386/bzImage /boot/vmlinuz # lilo Remember I am building this on a slackware distribution. But yours should work as well [hopefully] :-)) Boris Reisig Microtrader Computers. boris at microtrader.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From dereks at kd-dev.com Mon Jun 12 16:40:41 2000 From: dereks at kd-dev.com (Derek Simkowiak) Date: Mon, 12 Jun 2000 14:40:41 -0700 (PDT) Subject: [pptp-server] Whence the patches In-Reply-To: <003001bfd4b3$e71c76a0$5101a8c0@mycompany.xxx> Message-ID: Applying patches is a time-wasting pain the butt. And that's when you get everything to work together :) If you need different development branches, CVS solved that problem years ago. Does anyone know why the MPPE patch has not been integrated into the PPP source tree? (On a similar note: does anyone know why the OpenWall patches have not been put into the Linux source tree as a compile-time option?) Thanks, Derek Simkowiak dereks at kd-dev.com From sstone at taos.com Mon Jun 12 17:14:06 2000 From: sstone at taos.com (Scott M. Stone) Date: Mon, 12 Jun 2000 15:14:06 -0700 (PDT) Subject: [pptp-server] Whence the patches In-Reply-To: Message-ID: On Mon, 12 Jun 2000, Derek Simkowiak wrote: > > Applying patches is a time-wasting pain the butt. And that's when > you get everything to work together :) > > If you need different development branches, CVS solved that > problem years ago. > > > Does anyone know why the MPPE patch has not been integrated into > the PPP source tree? > > (On a similar note: does anyone know why the OpenWall patches have > not been put into the Linux source tree as a compile-time option?) "export restrictions" may be the answer to some part(s) of this. -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From mike at coredump.csocsg.net Tue Jun 13 11:11:30 2000 From: mike at coredump.csocsg.net (Mike Wronski) Date: Tue, 13 Jun 2000 11:11:30 -0500 Subject: [pptp-server] Zombies killing syslogd Message-ID: <008101bfd552$0a7a8760$dca918cf@mw.3com.com> I am getting zombie pptpd processes that show up in ps as pptpd [10.10.10.1] pptpd [10.10.10.1] Same ip in the brackets. They seem to come from sessions that complete but the process never goes away Those zombies are streaming the following to my syslogd: Jun 13 11:01:59 v pptpd[2644]: CTRL: EOF or bad error reading ctrl packet length. Jun 13 11:01:59 v pptpd[2644]: CTRL: couldn't read packet header (exit) Jun 13 11:01:59 v pptpd[2644]: CTRL: Unexpected control message 0 in disconnect sequence Jun 13 11:01:59 v pptpd[2644]: CTRL: EOF or bad error reading ctrl packet length. Jun 13 11:01:59 v pptpd[2644]: CTRL: couldn't read packet header (exit) Jun 13 11:01:59 v pptpd[2644]: CTRL: Unexpected control message 0 in disconnect sequence This puts a real hurt on the box. The only fix is to kill off the zombies and restart PPTPD and syslogd.. Anyone seen this? From smahmood at tekdigitel.com Tue Jun 13 15:23:44 2000 From: smahmood at tekdigitel.com (Shahid Mahmood) Date: Tue, 13 Jun 2000 16:23:44 -0400 Subject: [pptp-server] Browsing the network, Logging on to NT domain. In-Reply-To: <008101bfd552$0a7a8760$dca918cf@mw.3com.com> Message-ID: <4.3.2.7.0.20000613161709.00a925d0@tekdigitel.com> Hello all. Please tell me what is stopping me from logging on to local NT domain and browsing local shares when i connect using the poptop. Here is what I have: - I have pop top running on linux machine that has 2 ethernet adapters. One public, other private. - I connect from out side ISP to the public side of poptop server using M$ VPN of windoze. - I correctly get assigned the private IP address by the pppd of poptop server. - I can browse the shares provided by the smb server running on the same machine as poptop. - I can map some shares from other NT machines on the network. Here is what I dont have: - Browsing capability on all NT machines - Loggin on the local NT domain controller. HELP ! -shahid From sstone at taos.com Tue Jun 13 15:54:18 2000 From: sstone at taos.com (Scott M. Stone) Date: Tue, 13 Jun 2000 13:54:18 -0700 (PDT) Subject: [pptp-server] Browsing the network, Logging on to NT domain. In-Reply-To: <4.3.2.7.0.20000613161709.00a925d0@tekdigitel.com> Message-ID: On Tue, 13 Jun 2000, Shahid Mahmood wrote: > Hello all. > Please tell me what is stopping me from logging on to local NT domain and > browsing local shares when i connect using the poptop. > > Here is what I have: > > - I have pop top running on linux machine that has 2 ethernet adapters. One > public, other private. > - I connect from out side ISP to the public side of poptop server using M$ > VPN of windoze. > - I correctly get assigned the private IP address by the pppd of poptop server. > - I can browse the shares provided by the smb server running on the same > machine as poptop. > - I can map some shares from other NT machines on the network. > > Here is what I dont have: > > - Browsing capability on all NT machines > - Loggin on the local NT domain controller. > since the poptop server is running samba and knows about both networks, turn on samba's wins support and it should work. It may take a while for browse lists to propagate, though, so Be Patient. Try writing a web browser or something while you're waiting for it to upgrade. -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From dereks at kd-dev.com Tue Jun 13 15:47:06 2000 From: dereks at kd-dev.com (Derek Simkowiak) Date: Tue, 13 Jun 2000 13:47:06 -0700 (PDT) Subject: [pptp-server] Browsing the network, Logging on to NT domain. In-Reply-To: <4.3.2.7.0.20000613161709.00a925d0@tekdigitel.com> Message-ID: -> - I correctly get assigned the private IP address by the pppd of -> poptop server. I have a question: so pppd is the daemon that assigns you an IP address? It's been a long time since I worked with pppd... for some reason, I was under the assumption that the DHCP server inside the private network would pass out VPN IP Addresses. I guess I need to RTFM again. -> Here is what I dont have: -> -> - Browsing capability on all NT machines You need to use WINS. "Network Neighborhood" browsing is dependent on the SMB equivalent of DNS, called WINS. If you are using Samba, there is an option to turn on WINS in the Samba server. It is called "wins support = yes". I don't know anything about turning it on in NT. Once you have a WINS server, you need to point your remote Win9x workstation at that server. There is an option under Control Panel->Network->TCP/IP->Properties->WINS Configuration->Enable WINS Resolution where you specify your WINS server. Here is where I am confused: I know that DHCP can set the WINS server on a Win9x machine, but if the IP address is passed out by pppd, can pppd also provide a WINS server IP address? Or must all the remote, VPN-using Win9x client manually type in the IP address of your WINS server (i.e., 192.168.0.6 or some other internal IP address)? -> - Loggin on the local NT domain controller. If you're using Samba, you must turn on NT Domain logins. There is an option called "domain logons = yes" that you must set in smb.conf. Also, make sure that your client is configured correctly. Again, I don't know how to do it under NT. Under Control Panel->Network->Client for Microsoft Networks->Properties you must turn on "Log on to Windows NT Domain". And make sure you domain is the same as on the Windows NT (or Samba) server! It could be that domain logons will fail if WINS is off, but I'm not sure. Before trying anything else, turn on WINS. If anyone could answer my questions, I'd appreciate it. --Derek From cduffy at mvista.com Tue Jun 13 16:55:43 2000 From: cduffy at mvista.com (Charles Duffy) Date: Tue, 13 Jun 2000 14:55:43 -0700 Subject: [pptp-server] Req. help w/ MPPE support (against Win2K) Message-ID: <20000613145543.A2094@mvista.com> Would someone with MPPE working with Windows 2000 clients be so kind as to give me some debugging info? My symptoms: When I attempt to send info through the PPP tunnel, it decrypts improperly, resulting in garbage (and "unsupported protocol" errors from pppd). This appears to be happening in both directions, as I receive LCP ProtRej errors from random protocols from the NT box as well. First off, the Win2K boxen I've been testing with (both directly off the CD and after downloading the crypto update) refuse to use stateless mode; it's not even in the bitmask with which they negotiate. As I would expect it to be enabled, I'm somewhat surprised. This is true both before and after applying MS's 128-bit crypto patch. Incidentally, the problem (which has been occuring with the stock RPMs of the PPP daemon, PoPToP and the standard RH62 kernel as well as with my hand-patched kernel and pppd and the current CVS implementation of PoPToP) Second, as I read the MPPE docs, the beginning of the buffer being passed to the crypto routines is offset by a few bytes from what it should be. I've put some debugging instrumentation into my kernel; what follows is a dump and my interpretation thereof. (Btw, anyone care to explain what the trailing 5As are?) kernel: ppp: mppe_decrypt, count = 68 kernel: 00 FD 90 02 B0 36 B3 3E .....6.> kernel: 2C B0 77 AD A4 AA 14 0D ,.w..... kernel: 5E C6 C9 89 DD 2A 1D D6 ^....*.. kernel: A4 D6 34 F8 AA AD F5 52 ..4....R kernel: F9 C3 9A CE 76 4A EA D8 ....vJ.. kernel: 91 0F E5 94 53 07 5E 48 ....S.^H kernel: 96 ED E5 10 B7 04 0D F1 ........ kernel: 4C CC 16 88 6F 58 52 4D L...oXRM kernel: 71 FC 3B 20 q.; kernel: Decryption beginning with character 0x2c. kernel: Decryption ending at position 68 with character 0x5a. kernel: ppp: mppe_decrypt, count = 68 kernel: 00 FD B2 A7 5D A9 78 CD ....].x. kernel: 18 F4 B8 80 21 EB 65 81 ....!.e. kernel: 55 E8 D4 E1 4A 14 B5 06 U...J... kernel: 99 C8 69 EE AE 6D B2 CD ..i..m.. kernel: 66 FD CD 0B 66 AE 1A 79 f...f..y kernel: 9C EC A4 6D C4 FE FA 6B ...m...k kernel: 9C 76 9F AC 0E F6 C1 65 .v.....e kernel: 45 42 CD A1 46 68 5A 5A EB..FhZZ kernel: 5A 5A 5A 5A ZZZZ kernel: Unhandled proto 0xb2a7 in ppp_receive_nonmp_frame. To quote from the MPPE draft, 4th revision: --- BEGIN QUOTE 3.1. Packet Format A summary of the MPPE packet format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PPP Protocol |A|B|C|D| Coherency Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Encrypted Data... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ..... When MPPE is successfully negotiated by the PPP Compression Control Protocol, the value of this field is 0x00FD. This value MAY be compressed when Protocol-Field-Compression is negotiated. --- END QUOTE So we have the two PPP protocol bytes, as we should, then followed by the coherency count bytes... which means we should be starting the decryption at the byte 0xB0 rather than 0x2C -- which is to say, at an offset of 4 rather than 8. (Rather oddly, the hardcoded offset appears to be 6 -- apparently, some shifting is happening elsewhere that I've failed to follow). This 6, I'm guessing, is calculated as follows: PPP_HDRLN + MPPE_OVHD - 2, where PPP_HDRLEN and MPPE_OVHD are both 4. The 2, I presume, is to make up for the section of the PPP header which is included in the encrypted data -- it's these two bytes which are causing the unsupported protocol errors. However, since only 2 bytes of the PPP protocol are being included unencrypted, followed by only 2 bytes of MPPE (according to the draft spec), it should be only MPPE_OVHD (without PPP_HDRLN) included, or MPPE_OVHD should be reduced (though I haven't looked into where else in the code it's referenced). Okay, that's how it looks to me. The funny part, though, is that it apparently actually works for the rest of 'yall the way it is. If someone familiar with the code would be so kind as comment, I'd be very appreciative. (I'd do more trial-and-error, but my access to Windows here is limited to after-hours when I can dual-boot my cubemate's machine). If someone with a working MPPE setup would be so kind as to insert debug instrumentation similar to my own, I'd be greatly appreciative (if you're willing, ask and I'll send a patch). For completeness, a dump from the encryption routines (though I doubt much can be gained from them without also dumping the keys, which I haven't done). The following dump is a ping packet, both before and after encryption. kernel: ppp: mppe_encrypt, count = 88 kernel: 5A 5A 00 21 45 00 00 54 ZZ.!E..T kernel: 00 00 40 00 40 01 B8 54 .. at .@..T kernel: C0 A8 00 02 C0 A8 01 02 ........ kernel: 08 00 BA 46 68 04 00 00 ...Fh... kernel: 3E B5 3A 39 65 C3 0C 00 >.:9e... kernel: 08 09 0A 0B 0C 0D 0E 0F ........ kernel: 10 11 12 13 14 15 16 17 ........ kernel: 18 19 1A 1B 1C 1D 1E 1F ........ kernel: 20 21 22 23 24 25 26 27 !"#$%&' kernel: 28 29 2A 2B 2C 2D 2E 2F ()*+,-./ kernel: 30 31 32 33 34 35 36 37 01234567 kernel: ppp: mppe_encrypt out, count = 92 kernel: 5A 5A 00 FD 90 00 9B 42 ZZ.....B kernel: 81 97 5E 82 36 3E C6 9E ..^.6>.. kernel: 85 2A BF 7C 51 6E F1 02 .*.|Qn.. kernel: 01 6C 7F 39 0E 17 98 95 .l.9.... kernel: AD 55 31 8B 3B F0 E3 D6 .U1.;... kernel: E9 F7 44 90 50 44 8F 22 ..D.PD." kernel: 9A DF 39 8D 6C AE E6 38 ..9.l..8 kernel: 4C CC 50 4F 25 2E A9 14 L.PO%... kernel: 9D 18 F5 08 3B 03 9D AD ....;... kernel: C9 2D E1 CD F1 B7 96 3F .-.....? kernel: 56 E8 38 9B 14 AB 6F 78 V.8...ox kernel: FD 05 2D B4 ..-. Looks fine to me, as best I can tell -- but if it truly were fine, the Windows machine wouldn't be sending back ProtRej's. Any suggestions would be appreciated. Thanks for caring enough to read this far. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From vanja at relaygroup.com Tue Jun 13 18:23:42 2000 From: vanja at relaygroup.com (Vanja Hrustic) Date: Wed, 14 Jun 2000 06:23:42 +0700 Subject: [pptp-server] Browsing the network, Logging on to NT domain. References: <4.3.2.7.0.20000613161709.00a925d0@tekdigitel.com> Message-ID: <3946C27E.41BC967C@relaygroup.com> Shahid Mahmood wrote: > > Hello all. > Please tell me what is stopping me from logging on to local NT domain and > browsing local shares when i connect using the poptop. Hi! I presume that you have turned on the 'Client for Windows Network' (or whatever it's called) in your VPN properties. If so, then you should be able to browse the network (assuming that there are no firewall rules that block NetBIOS traffic and similar). Also, make sure that WINS server is specified (you can specify WINS in /etc/ppp/options, and it will be 'pushed' to Windows client). Then, connect to PoPToP server, and take a nap :) When you wake up, you should be able to see other computers in the network. It does take some time for list to get updated both on your computer, and other computers in the network. Regards, Vanja Hrustic The Relay Group http://relaygroup.com Technology Ahead of Time -- > Here is what I have: > > - I have pop top running on linux machine that has 2 ethernet adapters. One > public, other private. > - I connect from out side ISP to the public side of poptop server using M$ > VPN of windoze. > - I correctly get assigned the private IP address by the pppd of poptop server. > - I can browse the shares provided by the smb server running on the same > machine as poptop. > - I can map some shares from other NT machines on the network. > > Here is what I dont have: > > - Browsing capability on all NT machines > - Loggin on the local NT domain controller. > > HELP ! > -shahid > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From smahmood at tekdigitel.com Tue Jun 13 20:48:15 2000 From: smahmood at tekdigitel.com (Shahid Mahmood) Date: Tue, 13 Jun 2000 21:48:15 -0400 Subject: [pptp-server] Browsing the network, Logging on to NT domain. In-Reply-To: <3946C27E.41BC967C@relaygroup.com> References: <4.3.2.7.0.20000613161709.00a925d0@tekdigitel.com> Message-ID: <4.3.2.7.0.20000613214123.00a97ee0@tekdigitel.com> At 06:23 AM 6/14/00 +0700, Vanja Hrustic wrote: >Shahid Mahmood wrote: > > > > Hello all. > > Please tell me what is stopping me from logging on to local NT domain and > > browsing local shares when i connect using the poptop. > >Hi! > >I presume that you have turned on the 'Client for Windows Network' (or >whatever it's called) in your VPN properties. If so, then you should be >able to browse the network (assuming that there are no firewall rules >that block NetBIOS traffic and similar). Client for Windows is there in network properties thingy. Firewall rules (on poptop server) are: [root at linux-server /root]# ipchains -L Chain input (policy ACCEPT): Chain forward (policy ACCEPT): target prot opt source destination ports MASQ all ------ 192.168.1.0/24 anywhere n/a Chain output (policy ACCEPT): >Also, make sure that WINS server is specified (you can specify WINS in >/etc/ppp/options, and it will be 'pushed' to Windows client). WINS server is specified in /etc/ppp/options (as ms-wins 192.168.1.2) and it pops up ok in winipcfg Also c:/windows/lmhosts has ip address of all the NT machines (and thier NETBIOS names). Still cant login to NT domain. While it says "Logging on to network" it pops up the dialog box for domain login. After getting the username and passowrd, it says "No domain controller is found to authenticate ..." and "some of the network resources will not be available ..." I DO see the linux smb (which is running on the same machine as poptop), and another NT share that doens not require passord. but other drives are not visible (becauz they need a valid user). >Then, connect to PoPToP server, and take a nap :) > >When you wake up, you should be able to see other computers in the >network. It does take some time for list to get updated both on your >computer, and other computers in the network. > >Regards, > > >Vanja Hrustic >The Relay Group >http://relaygroup.com >Technology Ahead of Time > >-- > > > Here is what I have: > > > > - I have pop top running on linux machine that has 2 ethernet adapters. One > > public, other private. > > - I connect from out side ISP to the public side of poptop server using M$ > > VPN of windoze. > > - I correctly get assigned the private IP address by the pppd of poptop > server. > > - I can browse the shares provided by the smb server running on the same > > machine as poptop. > > - I can map some shares from other NT machines on the network. > > > > Here is what I dont have: > > > > - Browsing capability on all NT machines > > - Loggin on the local NT domain controller. > > > > HELP ! > > -shahid > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! From smahmood at tekdigitel.com Tue Jun 13 20:59:39 2000 From: smahmood at tekdigitel.com (Shahid Mahmood) Date: Tue, 13 Jun 2000 21:59:39 -0400 Subject: [pptp-server] Browsing the network, Logging on to NT domain. In-Reply-To: References: <4.3.2.7.0.20000613161709.00a925d0@tekdigitel.com> Message-ID: <4.3.2.7.0.20000613215241.00a94e30@tekdigitel.com> At 01:47 PM 6/13/00 -0700, Derek Simkowiak wrote: >-> - I correctly get assigned the private IP address by the pppd of >-> poptop server. > > I have a question: so pppd is the daemon that assigns you an IP >address? It's been a long time since I worked with pppd... for some >reason, I was under the assumption that the DHCP server inside the private >network would pass out VPN IP Addresses. I guess I need to RTFM again. The IP is assigned by the poptop (in pptpd.conf file) and pssed to client by pppd protocol. I didn RTFM but i think its the way becuz 1) ip is assigned outside the local DHCP range, and 2) ip is assigned even if there is no DHCP. >-> Here is what I dont have: >-> >-> - Browsing capability on all NT machines > > You need to use WINS. "Network Neighborhood" browsing is >dependent on the SMB equivalent of DNS, called WINS. One of the NT is running WINS. I am using PC client. > If you are using Samba, there is an option to turn on WINS in the >Samba server. It is called "wins support = yes". I don't know anything >about turning it on in NT. > > Once you have a WINS server, you need to point your remote Win9x >workstation at that server. There is an option under Control >Panel->Network->TCP/IP->Properties->WINS Configuration->Enable WINS >Resolution where you specify your WINS server. >Here is where I am confused: I know that DHCP can set the WINS >server on a Win9x machine, but if the IP address is passed out by pppd, >can pppd also provide a WINS server IP address? Or must all the remote, >VPN-using Win9x client manually type in the IP address of your WINS server >(i.e., 192.168.0.6 or some other internal IP address)? I pass the WINS ip to my pc client from /etc/ppp/options line : ms-wins 192.168.1.2 >-> - Loggin on the local NT domain controller. > > If you're using Samba, you must turn on NT Domain logins. There >is an option called "domain logons = yes" that you must set in smb.conf. >Also, make sure that your client is configured correctly. Again, I don't >know how to do it under NT. Client is PC. I dont have problem mounting SMB shares. It works smoothly. It the NT stuff giving me PITA. > Under Control Panel->Network->Client for Microsoft >Networks->Properties you must turn on "Log on to Windows NT Domain". And >make sure you domain is the same as on the Windows NT (or Samba) server! Yup. done that. > It could be that domain logons will fail if WINS is off, but I'm >not sure. Before trying anything else, turn on WINS. > > If anyone could answer my questions, I'd appreciate it. > > >--Derek > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! From dereks at kd-dev.com Tue Jun 13 21:08:03 2000 From: dereks at kd-dev.com (Derek Simkowiak) Date: Tue, 13 Jun 2000 19:08:03 -0700 (PDT) Subject: [pptp-server] Browsing the network, Logging on to NT domain. In-Reply-To: <4.3.2.7.0.20000613215241.00a94e30@tekdigitel.com> Message-ID: -> One of the NT is running WINS. I am using PC client. Do this: Use smbclient to see if your Linux PPTP server can see the "invisible" NT shares. If the Linux box can't see it (for whatever reason), then all VPN client machines won't see it either. Is there any way to use smbclient to "browse" a network--that is, to look at the browse list (instead of looking at a particular host)? Also, on my Win95 system at work there is an option that "winipcfg" shows that says "NetBIOS Resolution Uses DNS". What is that all about? --Derek From smahmood at tekdigitel.com Tue Jun 13 21:25:49 2000 From: smahmood at tekdigitel.com (Shahid Mahmood) Date: Tue, 13 Jun 2000 22:25:49 -0400 Subject: [pptp-server] Browsing the network, Logging on to NT domain. In-Reply-To: References: <4.3.2.7.0.20000613215241.00a94e30@tekdigitel.com> Message-ID: <4.3.2.7.0.20000613222541.00a94c30@tekdigitel.com> At 07:08 PM 6/13/00 -0700, you wrote: -> One of the NT is running WINS. I am using PC client. Do this: Use smbclient to see if your Linux PPTP server can see the "invisible" NT shares. If the Linux box can't see it (for whatever reason), then all VPN client machines won't see it either. Hmm. I did that once. the command is smbclient -L . It shows the NT machines. I can also mount and logon to NT domain from smb client on linux (same as poptop). Is there any way to use smbclient to "browse" a network--that is, to look at the browse list (instead of looking at a particular host)? Yeah. the smbclient -L will show all the shares stored in the table of Also, on my Win95 system at work there is an option that "winipcfg" shows that says "NetBIOS Resolution Uses DNS". What is that all about? Never used it --Derek From AllanG at Equation.co.za Wed Jun 14 03:15:49 2000 From: AllanG at Equation.co.za (Allan Gee) Date: Wed, 14 Jun 2000 10:15:49 +0200 Subject: [pptp-server] Subnetting the external IP Address Message-ID: Hi I need to set a netmask of 255.255.255.192 to the external IP address. I have tried to put it in the /etc/ppp/options file but it still gives a class C netmask. Please help! Regards Allan Gee Equation 021 4181777 082 6513355 From pascal.fremaux at sxb.bsf.alcatel.fr Wed Jun 14 04:38:06 2000 From: pascal.fremaux at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Wed, 14 Jun 2000 11:38:06 +0200 Subject: [pptp-server] Subnetting the external IP Address References: Message-ID: <3947527E.F5155B1E@sxb.bsf.alcatel.fr> I've got the same problem for my mask of my subnet (255.255.255.0). It seems that the client (W98SE) doesn't exploit the netmask line from /etc/ppp/options. Or perhaps it is not send ? The client force a mask accorded to the class of the address: for 155.132.1.54, class B address, so it take 255.255.0.0 for the mask. Or it is inside a subnet with a mask of 255.255.255.0, so something goes wrong. Allan Gee wrote: > Hi I need to set a netmask of 255.255.255.192 to the external IP address. I > have tried to put it in the /etc/ppp/options file but it still gives a class > C netmask. Please help! > > Regards Allan Gee > Equation > 021 4181777 > 082 6513355 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! -- Pascal Fremaux, SSII Alten Study Engineer at Alcatel Telecom R&D, Illkirch, France From giulioo at pobox.com Wed Jun 14 05:15:29 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 14 Jun 2000 12:15:29 +0200 Subject: [pptp-server] Subnetting the external IP Address In-Reply-To: <3947527E.F5155B1E@sxb.bsf.alcatel.fr> References: <3947527E.F5155B1E@sxb.bsf.alcatel.fr> Message-ID: <20000614101648.4DA862AEB3@i3.golden.dom> On Wed, 14 Jun 2000 11:38:06 +0200, you wrote: >I've got the same problem for my mask of my subnet (255.255.255.0). >It seems that the client (W98SE) doesn't exploit the netmask line from >/etc/ppp/options. Or perhaps it is not send ? I have this problem too. Yesterday I spent 1 hour on the MS web site trying to see how this problem is handled in an "pure" MS environment. I found nothing on this subject :( Anyone else want to try? :-) -- giulioo at pobox.com From mike at coredump.csocsg.net Wed Jun 14 09:23:18 2000 From: mike at coredump.csocsg.net (Mike Wronski) Date: Wed, 14 Jun 2000 09:23:18 -0500 Subject: [pptp-server] Subnetting the external IP Address References: <3947527E.F5155B1E@sxb.bsf.alcatel.fr> <20000614101648.4DA862AEB3@i3.golden.dom> Message-ID: <006301bfd60c$1781d700$dca918cf@mw.3com.com> Actually there is no way in IPCP or its extentions to send Netmask information to the client. And it doent really matter what the client has anyway. As long as the linux box created the poper netmask when building the ppp interface all will be OK.. Does the pppd honor the netmask?? In most cases you want the PPP remote side to have a /32. Since it is a point to point link.. If you need a network on the remote side you just add routes for it. -M ----- Original Message ----- From: "Giulio Orsero" To: Sent: Wednesday, June 14, 2000 5:15 AM Subject: Re: [pptp-server] Subnetting the external IP Address > On Wed, 14 Jun 2000 11:38:06 +0200, you wrote: > > >I've got the same problem for my mask of my subnet (255.255.255.0). > >It seems that the client (W98SE) doesn't exploit the netmask line from > >/etc/ppp/options. Or perhaps it is not send ? > > I have this problem too. > > Yesterday I spent 1 hour on the MS web site trying to see how this > problem is handled in an "pure" MS environment. > I found nothing on this subject :( > > Anyone else want to try? :-) > > -- > giulioo at pobox.com > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From eric at we-24-30-125-179.we.mediaone.net Wed Jun 14 11:00:31 2000 From: eric at we-24-30-125-179.we.mediaone.net (Eric H) Date: Wed, 14 Jun 2000 09:00:31 -0700 (PDT) Subject: [pptp-server] Req. help w/ MPPE support (against Win2K) In-Reply-To: <20000613145543.A2094@mvista.com> Message-ID: I haven't played around with Win2k yet, but from what I understand, you must manually enable the older encryption methods and LanMan Hashes and so forth. I believe it's a registry key that needs to be changed. If you're expieriencing lost/dropped packets, then there's another issue... The easiest fix is to use stateless encryption and in ppp_mppe.c (under your usr/src/linux dir) in the decrypt/decompress function make it loop through the update_count method until the count matches and NOT return an error (just continue). On Tue, 13 Jun 2000, Charles Duffy wrote: #=- Would someone with MPPE working with Windows 2000 clients be so kind #=- as to give me some debugging info? #=- #=- My symptoms: When I attempt to send info through the PPP tunnel, it #=- decrypts improperly, resulting in garbage (and "unsupported protocol" #=- errors from pppd). This appears to be happening in both directions, as #=- I receive LCP ProtRej errors from random protocols from the NT box as #=- well. #=- #=- #=- First off, the Win2K boxen I've been testing with (both directly off #=- the CD and after downloading the crypto update) refuse to use #=- stateless mode; it's not even in the bitmask with which they #=- negotiate. As I would expect it to be enabled, I'm somewhat surprised. #=- This is true both before and after applying MS's 128-bit crypto patch. #=- #=- Incidentally, the problem (which has been occuring with the stock RPMs #=- of the PPP daemon, PoPToP and the standard RH62 kernel as well as with #=- my hand-patched kernel and pppd and the current CVS implementation of #=- PoPToP) #=- #=- Second, as I read the MPPE docs, the beginning of the buffer being #=- passed to the crypto routines is offset by a few bytes from what it #=- should be. I've put some debugging instrumentation into my kernel; #=- what follows is a dump and my interpretation thereof. (Btw, anyone #=- care to explain what the trailing 5As are?) #=- #=- kernel: ppp: mppe_decrypt, count = 68 #=- kernel: 00 FD 90 02 B0 36 B3 3E .....6.> #=- kernel: 2C B0 77 AD A4 AA 14 0D ,.w..... #=- kernel: 5E C6 C9 89 DD 2A 1D D6 ^....*.. #=- kernel: A4 D6 34 F8 AA AD F5 52 ..4....R #=- kernel: F9 C3 9A CE 76 4A EA D8 ....vJ.. #=- kernel: 91 0F E5 94 53 07 5E 48 ....S.^H #=- kernel: 96 ED E5 10 B7 04 0D F1 ........ #=- kernel: 4C CC 16 88 6F 58 52 4D L...oXRM #=- kernel: 71 FC 3B 20 q.; #=- kernel: Decryption beginning with character 0x2c. #=- kernel: Decryption ending at position 68 with character 0x5a. #=- kernel: ppp: mppe_decrypt, count = 68 #=- kernel: 00 FD B2 A7 5D A9 78 CD ....].x. #=- kernel: 18 F4 B8 80 21 EB 65 81 ....!.e. #=- kernel: 55 E8 D4 E1 4A 14 B5 06 U...J... #=- kernel: 99 C8 69 EE AE 6D B2 CD ..i..m.. #=- kernel: 66 FD CD 0B 66 AE 1A 79 f...f..y #=- kernel: 9C EC A4 6D C4 FE FA 6B ...m...k #=- kernel: 9C 76 9F AC 0E F6 C1 65 .v.....e #=- kernel: 45 42 CD A1 46 68 5A 5A EB..FhZZ #=- kernel: 5A 5A 5A 5A ZZZZ #=- kernel: Unhandled proto 0xb2a7 in ppp_receive_nonmp_frame. #=- #=- To quote from the MPPE draft, 4th revision: #=- #=- --- BEGIN QUOTE #=- 3.1. Packet Format #=- #=- A summary of the MPPE packet format is shown below. The fields are #=- transmitted from left to right. #=- #=- 0 1 2 3 #=- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 #=- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ #=- | PPP Protocol |A|B|C|D| Coherency Count | #=- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ #=- | Encrypted Data... #=- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ #=- #=- ..... #=- #=- When MPPE is successfully negotiated by the PPP Compression Control #=- Protocol, the value of this field is 0x00FD. This value MAY be #=- compressed when Protocol-Field-Compression is negotiated. #=- --- END QUOTE #=- #=- So we have the two PPP protocol bytes, as we should, then followed by #=- the coherency count bytes... which means we should be starting the #=- decryption at the byte 0xB0 rather than 0x2C -- which is to say, at an #=- offset of 4 rather than 8. (Rather oddly, the hardcoded offset appears #=- to be 6 -- apparently, some shifting is happening elsewhere that I've #=- failed to follow). This 6, I'm guessing, is calculated as follows: #=- PPP_HDRLN + MPPE_OVHD - 2, where PPP_HDRLEN and MPPE_OVHD are both 4. #=- The 2, I presume, is to make up for the section of the PPP header #=- which is included in the encrypted data -- it's these two bytes which #=- are causing the unsupported protocol errors. However, since only 2 #=- bytes of the PPP protocol are being included unencrypted, followed by #=- only 2 bytes of MPPE (according to the draft spec), it should be only #=- MPPE_OVHD (without PPP_HDRLN) included, or MPPE_OVHD should be reduced #=- (though I haven't looked into where else in the code it's referenced). #=- #=- Okay, that's how it looks to me. #=- #=- The funny part, though, is that it apparently actually works for the #=- rest of 'yall the way it is. If someone familiar with the code would #=- be so kind as comment, I'd be very appreciative. (I'd do more #=- trial-and-error, but my access to Windows here is limited to #=- after-hours when I can dual-boot my cubemate's machine). If someone #=- with a working MPPE setup would be so kind as to insert debug #=- instrumentation similar to my own, I'd be greatly appreciative (if #=- you're willing, ask and I'll send a patch). #=- #=- For completeness, a dump from the encryption routines (though I doubt #=- much can be gained from them without also dumping the keys, which I #=- haven't done). The following dump is a ping packet, both before and #=- after encryption. #=- #=- kernel: ppp: mppe_encrypt, count = 88 #=- kernel: 5A 5A 00 21 45 00 00 54 ZZ.!E..T #=- kernel: 00 00 40 00 40 01 B8 54 .. at .@..T #=- kernel: C0 A8 00 02 C0 A8 01 02 ........ #=- kernel: 08 00 BA 46 68 04 00 00 ...Fh... #=- kernel: 3E B5 3A 39 65 C3 0C 00 >.:9e... #=- kernel: 08 09 0A 0B 0C 0D 0E 0F ........ #=- kernel: 10 11 12 13 14 15 16 17 ........ #=- kernel: 18 19 1A 1B 1C 1D 1E 1F ........ #=- kernel: 20 21 22 23 24 25 26 27 !"#$%&' #=- kernel: 28 29 2A 2B 2C 2D 2E 2F ()*+,-./ #=- kernel: 30 31 32 33 34 35 36 37 01234567 #=- kernel: ppp: mppe_encrypt out, count = 92 #=- kernel: 5A 5A 00 FD 90 00 9B 42 ZZ.....B #=- kernel: 81 97 5E 82 36 3E C6 9E ..^.6>.. #=- kernel: 85 2A BF 7C 51 6E F1 02 .*.|Qn.. #=- kernel: 01 6C 7F 39 0E 17 98 95 .l.9.... #=- kernel: AD 55 31 8B 3B F0 E3 D6 .U1.;... #=- kernel: E9 F7 44 90 50 44 8F 22 ..D.PD." #=- kernel: 9A DF 39 8D 6C AE E6 38 ..9.l..8 #=- kernel: 4C CC 50 4F 25 2E A9 14 L.PO%... #=- kernel: 9D 18 F5 08 3B 03 9D AD ....;... #=- kernel: C9 2D E1 CD F1 B7 96 3F .-.....? #=- kernel: 56 E8 38 9B 14 AB 6F 78 V.8...ox #=- kernel: FD 05 2D B4 ..-. #=- #=- Looks fine to me, as best I can tell -- but if it truly were fine, the #=- Windows machine wouldn't be sending back ProtRej's. #=- #=- Any suggestions would be appreciated. #=- Thanks for caring enough to read this far. :) #=- Eric Harashevsky (eharashe at mediaone.net) ---------------------------------------------------------------- If I were two faced, would I wear this one? From cduffy at mvista.com Wed Jun 14 11:54:42 2000 From: cduffy at mvista.com (Charles Duffy) Date: Wed, 14 Jun 2000 09:54:42 -0700 Subject: [pptp-server] Req. help w/ MPPE support (against Win2K) In-Reply-To: ; from eric@we-24-30-125-179.we.mediaone.net on Wed, Jun 14, 2000 at 09:00:31AM -0700 References: <20000613145543.A2094@mvista.com> Message-ID: <20000614095442.B17383@mvista.com> On Wed, Jun 14, 2000 at 09:00:31AM -0700, Eric H wrote: > I haven't played around with Win2k yet, but from what I understand, you > must manually enable the older encryption methods and LanMan Hashes > and so forth. I believe it's a registry key that needs to be changed. I'm quite sure that's the case for running Samba... if it's also the case for MPPE, I'd be most appreciative if you could point me towards somewhere these keys are mentioned. > If you're expieriencing lost/dropped packets, then there's another > issue... The easiest fix is to use stateless encryption and in ppp_mppe.c > (under your usr/src/linux dir) in the decrypt/decompress function make it > loop through the update_count method until the count matches and NOT > return an error (just continue). One issue -- for some odd reason some of the Windows machines here (eg W2K after installing the 128-bit crypto patch) dislike stateless mode. Are there any other known workarounds? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From ricky.bowen at healthcentral.com Wed Jun 14 12:00:07 2000 From: ricky.bowen at healthcentral.com (Ricky Bowen) Date: Wed, 14 Jun 2000 10:00:07 -0700 Subject: [pptp-server] My Win2k/Linux fw setup Message-ID: Hey all, I just wanted to share my successful Linux 2.2.14 ipchains firewall port-forwarding to Win2k PPTP setup. I can get win2k, NT4, and Win98 PPTP clients to connect to this, but haven't tried pptp-linux yet though. I find this is a great setup for simple internal LAN (mail, files) access for a small NT-based corporate network - the execs love the simplicity of the user end and the security of having a Linux firewall at the front. This document came in handy: http://www.redhat.com/mirrors/LDP/HOWTO/VPN-Masquerade-HOWTO-3.html . I got the VPN masquerade patch from http://www.soleman.org/~jhardin/masquerade/ip_masq_vpn-2.2.14.patch.gz , and a good HOWTO from ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html My firewall was masquerading traffic properly before I tried this - yours should be too. I recompiled my kernel with the following options: CONFIG_IP_TRANSPARENT_PROXY=y (not sure if this was required..) CONFIG_IP_MASQUERADE_MOD=y CONFIG_IP_MASQUERADE_IPAUTOFW=y CONFIG_IP_MASQUERADE_IPPORTFW=y CONFIG_IP_MASQUERADE_PPTP=y DEBUG_IP_MASQUERADE_PPTP=y CONFIG_NET_IPIP=y CONFIG_NET_IPGRE=y I am using ipchains 1.3.9, 17-Mar-1999, here are the pptp specific rules: My INPUT chain; -A input -s 0.0.0.0/0.0.0.0 -d external-ip/255.255.255.255 1723:1723 -i eth0 -p 6 -j ACCEPT -l -A input -s 0.0.0.0/0.0.0.0 -d external-ip/255.255.255.255 -p 47 -j ACCEPT -l E.g.: target prot opt source destination ports ACCEPT tcp ----l- anywhere external-ip any -> 1723 ACCEPT gre ----l- anywhere external-ip n/a The first rule is allowing all traffic from anywhere to the firewall itself, from any port to port 1723. The second rule is for GRE. My FORWARD chain; target prot opt source destination ports -A forward -s 172.16.61.10/255.255.255.255 1723:1723 -d 0.0.0.0/0.0.0.0 -p 6 -j MASQ -l -A forward -s 172.16.61.10/255.255.255.255 -d 0.0.0.0/0.0.0.0 -p 47 -j MASQ -l -A forward -s 0.0.0.0/0.0.0.0 -d 172.16.61.10/255.255.255.255 1723:1723 -p 6 -j MASQ -l -A forward -s 0.0.0.0/0.0.0.0 -d 172.16.61.10/255.255.255.255 -p 47 -j MASQ -l E.g.: MASQ tcp ----l- 172.16.61.10 anywhere 1723 -> any MASQ gre ----l- 172.16.61.10 anywhere n/a MASQ tcp ----l- anywhere 172.16.61.10 any -> 1723 MASQ gre ----l- anywhere 172.16.61.10 n/a The first rule is for masquerading outbound port 1723, the second is for GRE. The third rule is for masquerading inbound port 1723, and the second for GRE. In my /etc/rc.d/rc.local I put the following so things would work on a reboot. /usr/sbin/ipfwd --masq 172.16.61.10 47 & # starts up ipfwd, the protocol redirector for GRE. /usr/sbin/ipmasqadm portfw -a -P tcp -L 208.49.175.6 1723 -R 172.16.61.10 1723 # starts up ipmasqadm for forwarding 1723 from the firewall's external interface to the internal host. Logically, here's how everything works: 1) Pptpclient opens connection to firewall using vanilla windoze DUN. 2) firewall forwards port 1723 and GRE of the external interface to 172.16.61.10, which is the Win2k PPTP server. 3) ipchains masquerades outbound port 1723 and GRE to pptpclient 4) things work. Pptpclient <--> firewall <--> Win2kpptp OK.. I don't think I forgot anything... Ricky Bowen System Administrator HealthCentralRx.com (510) 250-3802 "If all else fails, follow the directions." From giulioo at pobox.com Wed Jun 14 12:50:43 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 14 Jun 2000 19:50:43 +0200 Subject: [pptp-server] Subnetting the external IP Address In-Reply-To: <006301bfd60c$1781d700$dca918cf@mw.3com.com> References: <3947527E.F5155B1E@sxb.bsf.alcatel.fr> <20000614101648.4DA862AEB3@i3.golden.dom> <006301bfd60c$1781d700$dca918cf@mw.3com.com> Message-ID: <20000614175317.EA9B92AEDC@i3.golden.dom> On Wed, 14 Jun 2000 09:23:18 -0500, you wrote: >cases you want the PPP remote side to have a /32. Since it is a point to >point link.. If you need a network on the remote side you just add routes >for it. the ppp link has /32. But the win9x client sets up the route for /8. So it thinks that all 10.x.x.x hosts are on its network, instead of 10.0.1.x Moreover, it would send broadcast (netbios) to 10.255.255.255 instead of 10.0.1.255. Are you saying that I just need to add a route with /24 on the win9x and it'll be ok? Thanks. -- giulioo at pobox.com From ca48ga at yahoo.com Thu Jun 15 02:09:45 2000 From: ca48ga at yahoo.com (aldaraca cesar) Date: Thu, 15 Jun 2000 00:09:45 -0700 (PDT) Subject: [pptp-server] I'm new to pptp-configuration Message-ID: <20000615070945.5817.qmail@web2105.mail.yahoo.com> hello All!! I'm new to pptp-server i want to know it's possible I have pptp-server(POptop) and firewall on the same linux box, This is diagrammed below. _____ ___ _____________ | | | \ | firewall | | win | ---> / net \ ---> | | |_____| \__/\_/ |_pptp-server_| because all of documentation i found take the configuration below: _____ ___ ______ ____________ | | | \ | fire | | | | win | ---> / net \ ---> | wall | ---> | | |_____| \__/\_/ |______| |pptp-server_| I'm instaling the PoPToP-rpm and follow the instalation but, when client win98 the communication fail! and in /var/log/messages says: Jun 15 01:09:34 andreas pptpd[2086]: CTRL: Starting call (launching pppd, opening GRE) Jun 15 01:09:34 andreas pptpd[2086]: GRE: read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error Jun 15 01:09:34 andreas pptpd[2086]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) I don't know what's next ,please somebody help me!! sorry english it's no my native language Cesar Andres Aldaraca Razo Team Sistemas S.A. de C.V. Mexico D.F. 09300 Navarra 73 col. Alamos ca48ga at yahoo.com __________________________________________________ Do You Yahoo!? Yahoo! Photos -- now, 100 FREE prints! http://photos.yahoo.com From hshaw at healthcentralrx.com Thu Jun 15 03:31:45 2000 From: hshaw at healthcentralrx.com (Terrelle Shaw) Date: Thu, 15 Jun 2000 01:31:45 -0700 Subject: [pptp-server] I'm new to pptp-configuration In-Reply-To: <20000615070945.5817.qmail@web2105.mail.yahoo.com> Message-ID: actually having them both on the same box is the easiest way. No forwarding of ports no hassles with ipchains.. Terrelle -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of aldaraca cesar Sent: Thursday, June 15, 2000 12:10 AM To: pptp-server Subject: [pptp-server] I'm new to pptp-configuration hello All!! I'm new to pptp-server i want to know it's possible I have pptp-server(POptop) and firewall on the same linux box, This is diagrammed below. _____ ___ _____________ | | | \ | firewall | | win | ---> / net \ ---> | | |_____| \__/\_/ |_pptp-server_| because all of documentation i found take the configuration below: _____ ___ ______ ____________ | | | \ | fire | | | | win | ---> / net \ ---> | wall | ---> | | |_____| \__/\_/ |______| |pptp-server_| I'm instaling the PoPToP-rpm and follow the instalation but, when client win98 the communication fail! and in /var/log/messages says: Jun 15 01:09:34 andreas pptpd[2086]: CTRL: Starting call (launching pppd, opening GRE) Jun 15 01:09:34 andreas pptpd[2086]: GRE: read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error Jun 15 01:09:34 andreas pptpd[2086]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) I don't know what's next ,please somebody help me!! sorry english it's no my native language Cesar Andres Aldaraca Razo Team Sistemas S.A. de C.V. Mexico D.F. 09300 Navarra 73 col. Alamos ca48ga at yahoo.com __________________________________________________ Do You Yahoo!? Yahoo! Photos -- now, 100 FREE prints! http://photos.yahoo.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From aaa at netman.dk Thu Jun 15 04:19:04 2000 From: aaa at netman.dk (Alaa Alamood) Date: Thu, 15 Jun 2000 11:19:04 +0200 Subject: [pptp-server] linux client Message-ID: <39489F88.C94A4017@netman.dk> Hi Dose any one know about, how to configure linux client against poptop server on linux rh62 regards Alaa From hshaw at healthcentralrx.com Thu Jun 15 04:29:47 2000 From: hshaw at healthcentralrx.com (Terrelle Shaw) Date: Thu, 15 Jun 2000 02:29:47 -0700 Subject: [pptp-server] linux client In-Reply-To: <39489F88.C94A4017@netman.dk> Message-ID: Archives of feb. I sent a detailed email setup from the client and server configs. Although my client was slackware, i doubt the files themselves would change. Terrelle Shaw -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Alaa Alamood Sent: Thursday, June 15, 2000 2:19 AM To: PPtP List Subject: [pptp-server] linux client Hi Dose any one know about, how to configure linux client against poptop server on linux rh62 regards Alaa _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From douletre at esstin.uhp-nancy.fr Thu Jun 15 07:03:46 2000 From: douletre at esstin.uhp-nancy.fr (Doulet Renaud) Date: Thu, 15 Jun 2000 14:03:46 +0200 Subject: [pptp-server] Netmask problem Message-ID: <3948C622.20CAB981@digora.com> hi, i have already set up a connexion with a win2k client to pptpd. But i have a problem, my client have a netmask of 255.255.255.255, so i cant see the local network. How can i resolve this problem ???? thanx a lot renaud doulet From jhummel at fulltiltsolutions.com Thu Jun 15 07:20:36 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Thu, 15 Jun 2000 08:20:36 -0400 Subject: [pptp-server] linux client Message-ID: Actually, If you search the may archives, a gentleman named Adi had given out some RPMs to get the whole shebang working properly. With the great help on this list, I got PPTP working in many configs. Like from Linux Client to Linux Server and Linux CLient to WinNT server and Windoze client to both servers as well. If you install the RPMs, there are three, to RH62 and setup the options and chap files like in the howto, you should have no problem. -J -----Original Message----- From: Alaa Alamood [mailto:aaa at netman.dk] Sent: Thursday, June 15, 2000 5:19 AM To: PPtP List Subject: [pptp-server] linux client Hi Dose any one know about, how to configure linux client against poptop server on linux rh62 regards Alaa _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From eraskin at paslists.com Thu Jun 15 10:32:37 2000 From: eraskin at paslists.com (Eric H. Raskin) Date: Thu, 15 Jun 2000 11:32:37 -0400 Subject: [pptp-server] EMERGENCY!! Clients can't get in!! Message-ID: <00dd01bfd6de$f0242e50$650aa8c0@paslists.com> Hello all: I've got an emergency here because clients can't get in. I've been (and continue to) look at the Usenet postings for any help on this, but I'm taking too long to find what I need. Sorry ahead of time if this is a FAQ (although I didn't find anything about it in the PoPToP FAQ or the PPP FAQ). I've had a working PoPToP v1.0.0 configuration (without MPPE) for about 1 month now. After hearing about problems with security in kernel 2.2.14, I've just upgraded to 2.2.16, following the excellent instructions from Boris Reisig (boris at microtrader.com). Unfortunately, now my clients can't connect!! I'm getting the following in the log file: pppd[2229]: Could not determine local IP address Here is my /etc/pptpd.conf file: speed 115200 option /etc/ppp/pptpd.options debug localip 192.168.10.1 remoteip 192.168.1.2-254 Here is my /etc/ppp/pptpd.options file: debug kdebug 1 name gatekeeper idle 1800 auth require-chap +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ms-wins 192.168.10.2 ms-wins 192.168.10.2 ms-dns 192.168.10.2 ms-dns 192.168.10.1 proxyarp netmask 255.255.255.0 Can anyone help? This is really an emergency!! --------------------------------------------------------------------- Eric H. Raskin eraskin at paslists.com Professional Advertising Systems Inc. Voice: 914-741-1100 70 Memorial Plaza Fax: 914-741-2788 Pleasantville, NY 10570 From amacc at iron-bridge.net Thu Jun 15 10:44:45 2000 From: amacc at iron-bridge.net (Andrew McRory) Date: Thu, 15 Jun 2000 11:44:45 -0400 (EDT) Subject: [pptp-server] EMERGENCY!! Clients can't get in!! In-Reply-To: <00dd01bfd6de$f0242e50$650aa8c0@paslists.com> Message-ID: On Thu, 15 Jun 2000, Eric H. Raskin wrote: > Hello all: > > I've got an emergency here because clients can't get in. I've been > (and continue to) look at the Usenet postings for any help on this, > but I'm taking too long to find what I need. Sorry ahead of time if > this is a FAQ (although I didn't find anything about it in the PoPToP > FAQ or the PPP FAQ). > > I've had a working PoPToP v1.0.0 configuration (without MPPE) for > about 1 month now. After hearing about problems with security in > kernel 2.2.14, I've just upgraded to 2.2.16, following the excellent > instructions from Boris Reisig (boris at microtrader.com). > > Unfortunately, now my clients can't connect!! I'm getting the following in the > log file: > > pppd[2229]: Could not determine local IP address > > Here is my /etc/pptpd.conf file: > > speed 115200 > option /etc/ppp/pptpd.options > debug > localip 192.168.10.1 > remoteip 192.168.1.2-254 ^^^ ummm maybe should that be 192.168.10.2-254? Andrew McRory - President/CTO amacc at iron-bridge.net ****************** Iron Bridge Communications, Inc. www.iron-bridge.net 850-575-0779 *** The PC Doctor, Inc. www.pcdr.com 850-575-2713 *** Caldera OpenLinux Contrib RPMS ftp.iron-bridge.net/pub/Caldera *** ************************************************************************** From BAust at healthdec.com Thu Jun 15 11:03:29 2000 From: BAust at healthdec.com (Brian Aust) Date: Thu, 15 Jun 2000 12:03:29 -0400 Subject: [pptp-server] Linux PoPToP server can't find free connections/IPs Message-ID: Guys, I'm trying to get a Linux PoPToP server working here at the office to allow roaming 98/NT clients access to our internal NT fileservers... Here's the basics of my setup: Company real IP addresses: 207.9.99.64-207.9.99.150 Company internal fake NAT'd addresses: 10.1.1.1-10.1.1.99 and 10.2.1.1-10.2.1.99 Linux PoPToP server is NATALIE, with fake IP of 10.1.1.69, but NAT gives it a real IP address of 207.9.99.146 My test W98 client is at my apartment, with a persistent RoadRunner cable modem connection, real IP address of 24.25.30.238 NATALIE is running RedHat Linux 6.2. All I did was install the PoPToP 1.0.0 RPM, and put the PPTPD.init file in the /etc/rc.d/init.d directory. Changed the line in pptpd.init to /usr/sbin/pptpd -d per the HOWTO. Added a line in /etc/ppp/chap-secrets as: baust * mypass * I have lock, debug, auth, +chap, and proxyarp all in the options file in /etc/ppp And finally, in the /etc/pptpd.conf file, i have the following: localip 10.1.1.1-99 remoteip 24.25.30.238 #this is my RoadRunner IP address (BTW -- i have also tried localip 207.9.99.147-148 in case it wanted real ip addresses locally, instead of NAT'd ones) Then, I fired up /usr/sbin/pptpd -d On Windows98 client, i made a DialUpNetworking item connecting to 207.9.99.146 (NATALIE's external IP), and tried to connect. Watching NATALIE, i get the following line at the bash prompt when W98 box tries to connect: "No free connection slots or IPs available - no more clients can connect!" Lastly, here's the lines from the /var/log/messages file: Jun 15 02:03:56 bnyatalie pptpd[9340]: MGR: Manager process started Jun 15 02:04:03 bnyatalie pptpd[9340]: MGR: No free connection slots or IPs - no more clients can connect! Jun 15 02:04:03 bnyatalie pptpd[9341]: CTRL: Client 24.25.30.238 control connect ion started Jun 15 02:04:03 bnyatalie pptpd[9341]: CTRL: Starting call (launching pppd, open ing GRE) Jun 15 02:04:03 bnyatalie kernel: CSLIP: code copyright 1989 Regents of the Univ ersity of California Jun 15 02:04:03 bnyatalie kernel: PPP: version 2.3.7 (demand dialling) Jun 15 02:04:03 bnyatalie kernel: PPP line discipline registered. Jun 15 02:04:03 bnyatalie kernel: registered device ppp0 Jun 15 02:04:03 bnyatalie pppd[9342]: pppd 2.3.11 started by root, uid 0 Jun 15 02:04:03 bnyatalie pppd[9342]: Using interface ppp0 Jun 15 02:04:03 bnyatalie pppd[9342]: Connect: ppp0 <--> /dev/pts/2 Jun 15 02:04:07 bnyatalie pptpd[9341]: CTRL: Error with select(), quitting Jun 15 02:04:07 bnyatalie pptpd[9341]: CTRL: Client 24.25.30.238 control connect ion finished Jun 15 02:04:07 bnyatalie pppd[9342]: Modem hangup Jun 15 02:04:07 bnyatalie pppd[9342]: Connection terminated. Jun 15 02:04:07 bnyatalie pppd[9342]: Exit. So.... it somehow doesn't work, and my W98 client gets a 650 error message in the DUN client. Any ideas what i might have going wrong? I'm not trying to use M$ authentication at all... plain cleartext authentication. The only other thing i might mention (since i don't know if it's an issue) is that my PoPToP server is sitting behind a CheckPoint Firewall-1 4.0 firewall. BUT... i have a rule defined that allows ALL traffic on ALL ports to make it through into the PoPToP server, so i can't see this being an issue. And the error message of "no free ips" doesn't seem related to a firewall, either. Any help you might be able to provide would be endlessly appreciated!! Cheers from North Carolina, Brian Aust baust at healthdec.com (Real IP addresses are modified for security) Brian R. Aust Manager of Information Technology Health Decisions, Inc. 1512 East Franklin St. Suite 200 Chapel Hill, NC 27514 919.967.2399 x247 baust at healthdec.com From eraskin at paslists.com Thu Jun 15 11:08:11 2000 From: eraskin at paslists.com (Eric H. Raskin) Date: Thu, 15 Jun 2000 12:08:11 -0400 Subject: [pptp-server] EMERGENCY!! Clients can't get in!! In-Reply-To: Message-ID: <00e301bfd6e3$e7c99010$650aa8c0@paslists.com> I'll try it, but I don't think so. The remote network is using the *ugly* Windows Internet Sharing server. They have to be on the 192.168.1.x network in order to work. I don't know if it will route to 192.168.10.x at the Windows side. Does anyone else? Besides, why would I have a problem with the *local* ip address if the *remote* ip address is on the wrong subnet? Eric P.S. I'm not trying to be difficult. I'm just trying to understand the logic! :-) > -----Original Message----- > From: Andrew McRory [mailto:amacc at iron-bridge.net] > Sent: Thursday, June 15, 2000 11:45 AM > To: Eric H. Raskin > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] EMERGENCY!! Clients can't get in!! > > > On Thu, 15 Jun 2000, Eric H. Raskin wrote: > > > Hello all: > > > > I've got an emergency here because clients can't get in. I've been > > (and continue to) look at the Usenet postings for any help on this, > > but I'm taking too long to find what I need. Sorry ahead of time if > > this is a FAQ (although I didn't find anything about it in > the PoPToP > > FAQ or the PPP FAQ). > > > > I've had a working PoPToP v1.0.0 configuration (without MPPE) for > > about 1 month now. After hearing about problems with security in > > kernel 2.2.14, I've just upgraded to 2.2.16, following the excellent > > instructions from Boris Reisig (boris at microtrader.com). > > > > Unfortunately, now my clients can't connect!! I'm getting > the following in the > > log file: > > > > pppd[2229]: Could not determine local IP address > > > > Here is my /etc/pptpd.conf file: > > > > speed 115200 > > option /etc/ppp/pptpd.options > > debug > > localip 192.168.10.1 > > remoteip 192.168.1.2-254 > > ^^^ > > ummm maybe should that be 192.168.10.2-254? > > > Andrew McRory - President/CTO amacc at iron-bridge.net > ****************** > Iron Bridge Communications, Inc. www.iron-bridge.net > 850-575-0779 *** > The PC Doctor, Inc. www.pcdr.com > 850-575-2713 *** > Caldera OpenLinux Contrib RPMS ftp.iron-bridge.net/pub/Caldera *** ************************************************************************** From hshaw at healthcentralrx.com Thu Jun 15 11:20:07 2000 From: hshaw at healthcentralrx.com (Terrelle Shaw) Date: Thu, 15 Jun 2000 09:20:07 -0700 Subject: [pptp-server] EMERGENCY!! Clients can't get in!! In-Reply-To: <00e301bfd6e3$e7c99010$650aa8c0@paslists.com> Message-ID: Right off the bat i can think of routing issues.. but that shouldn't stop them from logging in ( unless they are going outside of the poptop server to authenticate). All in all, how did you upgrade to the new kernel? did you reapply the kernel patches for ip_masq_vpn? Terrelle -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Eric H. Raskin Sent: Thursday, June 15, 2000 9:08 AM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] EMERGENCY!! Clients can't get in!! I'll try it, but I don't think so. The remote network is using the *ugly* Windows Internet Sharing server. They have to be on the 192.168.1.x network in order to work. I don't know if it will route to 192.168.10.x at the Windows side. Does anyone else? Besides, why would I have a problem with the *local* ip address if the *remote* ip address is on the wrong subnet? Eric P.S. I'm not trying to be difficult. I'm just trying to understand the logic! :-) > -----Original Message----- > From: Andrew McRory [mailto:amacc at iron-bridge.net] > Sent: Thursday, June 15, 2000 11:45 AM > To: Eric H. Raskin > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] EMERGENCY!! Clients can't get in!! > > > On Thu, 15 Jun 2000, Eric H. Raskin wrote: > > > Hello all: > > > > I've got an emergency here because clients can't get in. I've been > > (and continue to) look at the Usenet postings for any help on this, > > but I'm taking too long to find what I need. Sorry ahead of time if > > this is a FAQ (although I didn't find anything about it in > the PoPToP > > FAQ or the PPP FAQ). > > > > I've had a working PoPToP v1.0.0 configuration (without MPPE) for > > about 1 month now. After hearing about problems with security in > > kernel 2.2.14, I've just upgraded to 2.2.16, following the excellent > > instructions from Boris Reisig (boris at microtrader.com). > > > > Unfortunately, now my clients can't connect!! I'm getting > the following in the > > log file: > > > > pppd[2229]: Could not determine local IP address > > > > Here is my /etc/pptpd.conf file: > > > > speed 115200 > > option /etc/ppp/pptpd.options > > debug > > localip 192.168.10.1 > > remoteip 192.168.1.2-254 > > ^^^ > > ummm maybe should that be 192.168.10.2-254? > > > Andrew McRory - President/CTO amacc at iron-bridge.net > ****************** > Iron Bridge Communications, Inc. www.iron-bridge.net > 850-575-0779 *** > The PC Doctor, Inc. www.pcdr.com > 850-575-2713 *** > Caldera OpenLinux Contrib RPMS ftp.iron-bridge.net/pub/Caldera *** ************************************************************************** _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From eraskin at paslists.com Thu Jun 15 11:29:38 2000 From: eraskin at paslists.com (Eric H. Raskin) Date: Thu, 15 Jun 2000 12:29:38 -0400 Subject: [pptp-server] EMERGENCY!! Clients can't get in!! SOLVED!! In-Reply-To: <00e301bfd6e3$e7c99010$650aa8c0@paslists.com> Message-ID: <00e401bfd6e6$e7c235b0$650aa8c0@paslists.com> Hello all: I've got it working again, but it's a real hack!! For whatever reason, even though I never specified it, PPPD was behaving as if the "noipdefault" option was specified. There is a bug in PPPD that if "noipdefault" is specified along with a local and remote ip address, it blows away the local ip address. Here is the patch I applied to pppd-2.3.11 to get it to work. Please be aware that this patch is probably not correct -- it just gets my stuff working again!! YMMV!! ------------------------------------------------------- *** ipcp.c.orig Thu Jun 15 11:17:37 2000 --- ipcp.c Thu Jun 15 11:06:51 2000 *************** *** 456,467 **** --- 456,469 ---- if (wo->hisaddr == 0) wo->accept_remote = 1; wo->req_dns1 = usepeerdns; /* Request DNS addresses from the peer */ wo->req_dns2 = usepeerdns; *go = *wo; + /* if (disable_defaultip) go->ouraddr = 0; + */ } /* * ipcp_cilen - Return length of our CI. ------------------------------------------------------------- So, it's not a routing problem or a kernel patch problem (thank the gods!). Setting conditional routing on a remote Windows 98 box is a real killer!! Question for everyone: Does pppd always read the /etc/ppp/options file, even if pptpd gives it a different options file to read? If so, that would explain my problem -- "noipdefault" *was* specified in there. I always thought the specifying a new options file on the command line would override the original. Maybe it just overlayed new settings on the old -- allowing the "noipdefault" to get through. That would trigger the pppd bug and give me all this grief!! In any event, since I don't use pppd for anything else, I'll leave my hack in there for now. But, I'm commenting out the "noipdefault" in /etc/ppp/options just in case!! Thanks to everyone who responded. Eric Raskin > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Eric > H. Raskin > Sent: Thursday, June 15, 2000 12:08 PM > To: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] EMERGENCY!! Clients can't get in!! > > > I'll try it, but I don't think so. The remote network is > using the *ugly* > Windows Internet Sharing server. They have to be on the > 192.168.1.x network in > order to work. I don't know if it will route to 192.168.10.x > at the Windows > side. Does anyone else? > > Besides, why would I have a problem with the *local* ip > address if the *remote* > ip address is on the wrong subnet? > > Eric > > P.S. I'm not trying to be difficult. I'm just trying to > understand the logic! > :-) > > > -----Original Message----- > > From: Andrew McRory [mailto:amacc at iron-bridge.net] > > Sent: Thursday, June 15, 2000 11:45 AM > > To: Eric H. Raskin > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] EMERGENCY!! Clients can't get in!! > > > > > > On Thu, 15 Jun 2000, Eric H. Raskin wrote: > > > > > Hello all: > > > > > > I've got an emergency here because clients can't get in. > I've been > > > (and continue to) look at the Usenet postings for any > help on this, > > > but I'm taking too long to find what I need. Sorry ahead > of time if > > > this is a FAQ (although I didn't find anything about it in > > the PoPToP > > > FAQ or the PPP FAQ). > > > > > > I've had a working PoPToP v1.0.0 configuration (without MPPE) for > > > about 1 month now. After hearing about problems with security in > > > kernel 2.2.14, I've just upgraded to 2.2.16, following > the excellent > > > instructions from Boris Reisig (boris at microtrader.com). > > > > > > Unfortunately, now my clients can't connect!! I'm getting > > the following in the > > > log file: > > > > > > pppd[2229]: Could not determine local IP address > > > > > > Here is my /etc/pptpd.conf file: > > > > > > speed 115200 > > > option /etc/ppp/pptpd.options > > > debug > > > localip 192.168.10.1 > > > remoteip 192.168.1.2-254 > > > > ^^^ > > > > ummm maybe should that be 192.168.10.2-254? > > > > > > Andrew McRory - President/CTO amacc at iron-bridge.net > > ****************** > > Iron Bridge Communications, Inc. www.iron-bridge.net > > 850-575-0779 *** > > The PC Doctor, Inc. www.pcdr.com > > 850-575-2713 *** > > Caldera OpenLinux Contrib RPMS > ftp.iron-bridge.net/pub/Caldera *** > ************************************************************** > ************ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From matthewr at moreton.com.au Thu Jun 15 11:31:45 2000 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu, 15 Jun 2000 09:31:45 -0700 Subject: [pptp-server] linux client References: <39489F88.C94A4017@netman.dk> Message-ID: <009401bfd6e7$517b7ca0$1f01000a@accounts> G'day, CLIENT SIDE: run the pptp client like this: pptp x.x.x.x name matthewr remotename my_server then once the connection is up I run a route: route add -net y.y.y.y netmask z.z.z.z dev ppp0 gw a.a.a.a i'm sure you can work out the ip addresses yourself... in you options file something like: name my_server in chap-secrets: (do it both ways.. i can't remember which way now.. so repeating it will cover you until u work it out) matthewr my_server password * my_server matthewr password * For the server side... look at the PoPToP-REDHAT HOWTO seeya! -matt ----- Original Message ----- From: Alaa Alamood To: PPtP List Sent: Thursday, June 15, 2000 2:19 AM Subject: [pptp-server] linux client > Hi > Dose any one know about, how to configure linux client against poptop > server on linux rh62 > > regards > Alaa > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From matthewr at moreton.com.au Thu Jun 15 12:56:34 2000 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu, 15 Jun 2000 10:56:34 -0700 Subject: [pptp-server] PoPToP difficulties Message-ID: <002a01bfd6f3$0e1f6a00$1f01000a@accounts> > Brian Aust here from Chapel Hill, North Carolina, USA. G'day Brian from NC, USA.. this is Matt from Sunny Brisbane AUSTRALIA.. (but i'm actually in San Jose, CA at the moment) > Trying to set up a > Linux PoPToP server at my company from which roaming Windoze98 clients ok.. should be a piece of cake... see below > Company real IP addresses: 208.9.99.64-208.9.99.150 > > Company internal fake NAT'd addresses: 10.1.1.1-10.1.1.99 and > 10.2.1.1-10.2.1.99 > > Linux PoPToP server is NATALIE, with fake IP of 10.1.1.69, but NAT ives it > a real IP address of 208.9.99.146 > > My test W98 client is at my apartment, with a persistent RoadRunner cable > modem connection, real IP address of 24.25.30.238 > > NATALIE is running RedHat Linux 6.2. All I did was install the PoPToP 1.0.0 > RPM, and put the PPTPD.init file in the /etc/rc.d/init.d directory. > > Changed the line in pptpd.init to /usr/sbin/pptpd -d per the HOWTO. > > Added a line in /etc/ppp/chap-secrets as: > baust * mypass * > > I have lock, debug, auth, +chap, and proxyarp all in the options file in > /etc/ppp > > And finally, in the /etc/pptpd.conf file, i have the following: > localip 10.1.1.1-99 > remoteip 24.25.30.238 #this is my RoadRunner IP address > > (BTW -- i have also tried localip 208.9.99.147-148 in case it wanted real ip > addresses locally, instead of NAT'd ones) No No No.. you stuffed up big time. Should be like this: /etc/pptpd.conf speed 115200 option /etc/config/options.pptp localip 10.1.1.99 remoteip 10.1.1.90-98 You see. .the localip is the ip the tunnel will get on the server.. while the remote ip is the range of addresses the tunnel will give to the endpoint of any connecting clients.. That's what the error was for.. now you may want to review some of yur other files as well.. for instance: /etc/ppp/options: name poptop auth require-chap proxyarp (you may not need proxyarp.. take it out if you still have problems) /etc/ppp/chap-secrets brian poptop brianpwd * Cheers, Matt From sstone at taos.com Thu Jun 15 13:44:22 2000 From: sstone at taos.com (Scott M. Stone) Date: Thu, 15 Jun 2000 11:44:22 -0700 (PDT) Subject: [pptp-server] EMERGENCY!! Clients can't get in!! In-Reply-To: Message-ID: On Thu, 15 Jun 2000, Terrelle Shaw wrote: > Right off the bat i can think of routing issues.. but that shouldn't stop them > from logging in ( unless they are going outside of the poptop server to > authenticate). > All in all, how did you upgrade to the new kernel? did you reapply the kernel > patches for ip_masq_vpn? ooh, where are these patches? > > > Terrelle > > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Eric H. Raskin > Sent: Thursday, June 15, 2000 9:08 AM > To: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] EMERGENCY!! Clients can't get in!! > > > I'll try it, but I don't think so. The remote network is using the *ugly* > Windows Internet Sharing server. They have to be on the 192.168.1.x network in > order to work. I don't know if it will route to 192.168.10.x at the Windows > side. Does anyone else? > > Besides, why would I have a problem with the *local* ip address if the *remote* > ip address is on the wrong subnet? > > Eric > > P.S. I'm not trying to be difficult. I'm just trying to understand the logic! > :-) > > > -----Original Message----- > > From: Andrew McRory [mailto:amacc at iron-bridge.net] > > Sent: Thursday, June 15, 2000 11:45 AM > > To: Eric H. Raskin > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] EMERGENCY!! Clients can't get in!! > > > > > > On Thu, 15 Jun 2000, Eric H. Raskin wrote: > > > > > Hello all: > > > > > > I've got an emergency here because clients can't get in. I've been > > > (and continue to) look at the Usenet postings for any help on this, > > > but I'm taking too long to find what I need. Sorry ahead of time if > > > this is a FAQ (although I didn't find anything about it in > > the PoPToP > > > FAQ or the PPP FAQ). > > > > > > I've had a working PoPToP v1.0.0 configuration (without MPPE) for > > > about 1 month now. After hearing about problems with security in > > > kernel 2.2.14, I've just upgraded to 2.2.16, following the excellent > > > instructions from Boris Reisig (boris at microtrader.com). > > > > > > Unfortunately, now my clients can't connect!! I'm getting > > the following in the > > > log file: > > > > > > pppd[2229]: Could not determine local IP address > > > > > > Here is my /etc/pptpd.conf file: > > > > > > speed 115200 > > > option /etc/ppp/pptpd.options > > > debug > > > localip 192.168.10.1 > > > remoteip 192.168.1.2-254 > > > > ^^^ > > > > ummm maybe should that be 192.168.10.2-254? > > > > > > Andrew McRory - President/CTO amacc at iron-bridge.net > > ****************** > > Iron Bridge Communications, Inc. www.iron-bridge.net > > 850-575-0779 *** > > The PC Doctor, Inc. www.pcdr.com > > 850-575-2713 *** > > Caldera OpenLinux Contrib RPMS > ftp.iron-bridge.net/pub/Caldera *** > ************************************************************************** > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From eraskin at paslists.com Thu Jun 15 14:42:19 2000 From: eraskin at paslists.com (Eric H. Raskin) Date: Thu, 15 Jun 2000 15:42:19 -0400 Subject: [pptp-server] PPTP client connects but can't ping? Message-ID: <00e901bfd701$d186ba30$650aa8c0@paslists.com> Hello all: It's me again, with a problem from a different client. We had a working system up until yesterday, when they added an NT Server to their environment, and changed everything to a domain logon. The first problem was easy -- adding the domain name to the front of the chap-secrets usernames. Been there, done that. Now, they authenticate fine. The PPTP connection comes up OK. Just, nothing happens after that. Can't ping... Can't access servers... nothing. (They are running from a Windows 98 box). I do see this stuff in the log, which makes me think the PPTP connection is fine: Jun 15 14:22:13 pluto pptpd[7319]: CTRL: Received PPTP Control Message (type: 5) Jun 15 14:22:13 pluto pptpd[7319]: CTRL: Received PPTP Control Message (type: 5) Jun 15 14:22:13 pluto pptpd[7319]: CTRL: Made a ECHO RPLY packet Jun 15 14:22:13 pluto pptpd[7319]: CTRL: Made a ECHO RPLY packet Jun 15 14:22:13 pluto pptpd[7319]: CTRL: I wrote 20 bytes to the client. Jun 15 14:22:13 pluto pptpd[7319]: CTRL: I wrote 20 bytes to the client. Jun 15 14:22:13 pluto pptpd[7319]: CTRL: Sent packet to client Jun 15 14:22:13 pluto pptpd[7319]: CTRL: Sent packet to client Jun 15 14:22:42 pluto pppd[7320]: sent [LCP EchoReq id=0xf magic=0xdf3304fe] Jun 15 14:22:42 pluto pppd[7320]: Timeout 0x8053384:0x8079380 in 30 seconds. Jun 15 14:22:43 pluto pppd[7320]: rcvd [LCP EchoRep id=0xf magic=0x10d686] Jun 15 14:23:12 pluto pppd[7320]: sent [LCP EchoReq id=0x10 magic=0xdf3304fe] Jun 15 14:23:12 pluto pppd[7320]: Timeout 0x8053384:0x8079380 in 30 seconds. Jun 15 14:23:13 pluto pppd[7320]: rcvd [LCP EchoRep id=0x10 magic=0x10d686] The routes on my end still exist. The firewall is still the same. Without the PPTP connection, they can ping my PPTP server and I can ping their router/NAT box. Other clients connect to my systems using the same setup and get in fine. What could their consultant have changed to stop their access? Is there anything I could have broken on this end? What can I do to find the problem? TIA Eric Raskin --------------------------------------------------------------------- Eric H. Raskin eraskin at paslists.com Professional Advertising Systems Inc. Voice: 914-741-1100 70 Memorial Plaza Fax: 914-741-2788 Pleasantville, NY 10570 From jakew at enrichcorp.net Thu Jun 15 14:46:27 2000 From: jakew at enrichcorp.net (Jake Woolstenhulme) Date: Thu, 15 Jun 2000 13:46:27 -0600 Subject: [pptp-server] MPPE Encryption Not Working... Message-ID: <39493292.20FC5DE4@enrichcorp.net> Hi All, I have been trying to get a Win98 machine to connect up to my RedHat 6.2 machine running PoPToP. I am able to authenticate and remain connected, but no data will pass through the connection. I can ping the PPP interface on the Win98 box, but no further. When I try to ping the Linux box, I see the lights on the DUN systray icon blinking as if traffic was both being sent and received, but the ping times out. From the Linux box, I can see the counters on the PPP interface increasing, but cannot ping the Win98 box. The log files show that the connection is established using 40-bit stateless encryption. The only errors are from pppd complaining about unsupported protocols. Sorry I don't have the actual logs available right now. The really strange thing is if I unload the PPP_MPPE module from the Linux box, and uncheck require encryption options from the Win98 side, everything works as it should. Any ideas? TIA -Jake Woolstenhulme From jakew at enrichcorp.net Thu Jun 15 14:54:07 2000 From: jakew at enrichcorp.net (Jake Woolstenhulme) Date: Thu, 15 Jun 2000 13:54:07 -0600 Subject: [pptp-server] truncated patch file Message-ID: <3949345E.617463BC@enrichcorp.net> Hi All, I have been having no success with PoPToP using ppp-2.3.11. I wanted to try it against ppp-2.3.8. I have download the file ppp-2.3.8-mppe-others-norc4_TH7.diff.gz from www.moretonbay.com/vpn/releases, but it appears to be truncated. Does anyone have or know where the complete patch resides? TIA -Jake Woolstenhulme From jakew at enrichcorp.net Thu Jun 15 15:00:18 2000 From: jakew at enrichcorp.net (Jake Woolstenhulme) Date: Thu, 15 Jun 2000 14:00:18 -0600 Subject: [pptp-server] MPPE Encryption Not Working... References: <39493292.20FC5DE4@enrichcorp.net> Message-ID: <394935D2.823E1152@enrichcorp.net> Sorry, I hit send a little prematurely there. Here is my current setup: linux-2.2.16 ppp-2.3.11 w/ ppp-2.3.11-openssl-0.9.5-mppe.patch pptpd-1.0.0 All set up as per Vanja Hrustic's 2.2.16 + mppe patch + ppp-2.3.11 HOWTO (working one this time) TIA -Jake Woolstenhulme Jake Woolstenhulme wrote: > Hi All, > > I have been trying to get a Win98 machine to connect up to my RedHat 6.2 > machine running PoPToP. I am able to authenticate and remain connected, > but no data will pass through the connection. I can ping the PPP > interface on the Win98 box, but no further. When I try to ping the > Linux box, I see the lights on the DUN systray icon blinking as if > traffic was both being sent and received, but the ping times out. From > the Linux box, I can see the counters on the PPP interface increasing, > but cannot ping the Win98 box. The log files show that the connection > is established using 40-bit stateless encryption. The only errors are > from pppd complaining about unsupported protocols. Sorry I don't have > the actual logs available right now. > > The really strange thing is if I unload the PPP_MPPE module from the > Linux box, and uncheck require encryption options from the Win98 side, > everything works as it should. > > Any ideas? > > TIA > > -Jake Woolstenhulme > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From ionut at efone.com.au Thu Jun 15 15:49:21 2000 From: ionut at efone.com.au (ionut at efone.com.au) Date: Thu, 15 Jun 2000 23:49:21 +0300 Subject: [pptp-server] MPPE Encryption Not Working... References: <39493292.20FC5DE4@enrichcorp.net> <394935D2.823E1152@enrichcorp.net> Message-ID: <39494151.25876BF1@efone.com.au> Hi, I had the same problem with pptp. When encryption was disabled (on the W98 client machine), everything was working OK. If I tried to enable it, no IP traffic would pass through the link, although is seemed to be connected. I fixed the problem by downloading a patch from Microsoft, called 'vpnupd'. I don't remember exactly where it is located on the site; try searching for it. Ionut Jake Woolstenhulme wrote: > Sorry, I hit send a little prematurely there. Here is my current setup: > > linux-2.2.16 > ppp-2.3.11 > w/ ppp-2.3.11-openssl-0.9.5-mppe.patch > pptpd-1.0.0 > > All set up as per Vanja Hrustic's 2.2.16 + mppe patch + ppp-2.3.11 HOWTO > (working one this time) > > TIA > -Jake Woolstenhulme > > Jake Woolstenhulme wrote: > > > Hi All, > > > > I have been trying to get a Win98 machine to connect up to my RedHat 6.2 > > machine running PoPToP. I am able to authenticate and remain connected, > > but no data will pass through the connection. I can ping the PPP > > interface on the Win98 box, but no further. When I try to ping the > > Linux box, I see the lights on the DUN systray icon blinking as if > > traffic was both being sent and received, but the ping times out. From > > the Linux box, I can see the counters on the PPP interface increasing, > > but cannot ping the Win98 box. The log files show that the connection > > is established using 40-bit stateless encryption. The only errors are > > from pppd complaining about unsupported protocols. Sorry I don't have > > the actual logs available right now. > > > > The really strange thing is if I unload the PPP_MPPE module from the > > Linux box, and uncheck require encryption options from the Win98 side, > > everything works as it should. > > > > Any ideas? > > > > TIA > > > > -Jake Woolstenhulme > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From USTS034 at UABDPO.DPO.UAB.EDU Thu Jun 15 16:10:34 2000 From: USTS034 at UABDPO.DPO.UAB.EDU (Landy Manderson) Date: Thu, 15 Jun 00 16:10:34 CDT Subject: [pptp-server] MPPE Encryption Not Working... In-Reply-To: Message of Thu, 15 Jun 2000 23:49:21 +0300 from Message-ID: <200006152114.e5FLEjS24715@snaildust.schulte.org> Try /windows98/downloads/contents/WURecommended/S_WUNetworking/VPN/Default.asp at www.microsoft.com. On Thu, 15 Jun 2000 23:49:21 +0300 you said: >I had the same problem with pptp. When encryption was disabled (on the W98 >client machine), everything was working OK. If I tried to enable it, no IP >traffic would >pass through the link, although is seemed to be connected. >I fixed the problem by downloading a patch from Microsoft, called 'vpnupd'. I >don't remember exactly where it is located on the site; try searching for it. From jakew at enrichcorp.net Thu Jun 15 16:45:11 2000 From: jakew at enrichcorp.net (Jake Woolstenhulme) Date: Thu, 15 Jun 2000 15:45:11 -0600 Subject: [pptp-server] MPPE Encryption Not Working... References: <200006152114.e5FLEjS24715@snaildust.schulte.org> Message-ID: <39494E67.F6ADE4D5@enrichcorp.net> Bingo. It works like a champ now. Thanks to all for your input! -Jake Woolstenhulme Landy Manderson wrote: > Try > /windows98/downloads/contents/WURecommended/S_WUNetworking/VPN/Default.asp > at www.microsoft.com. > > On Thu, 15 Jun 2000 23:49:21 +0300 you said: > >I had the same problem with pptp. When encryption was disabled (on the W98 > >client machine), everything was working OK. If I tried to enable it, no IP > >traffic would > >pass through the link, although is seemed to be connected. > >I fixed the problem by downloading a patch from Microsoft, called 'vpnupd'. I > >don't remember exactly where it is located on the site; try searching for it. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aaa at netman.dk Fri Jun 16 09:29:58 2000 From: aaa at netman.dk (Alaa Alamood) Date: Fri, 16 Jun 2000 16:29:58 +0200 Subject: [pptp-server] linux-client Message-ID: <394A39E6.1CD04C0A@netman.dk> Hi I have installed linux client 1.0.2, on my redhat 62 box, the following files look like 1- /etc/ppp/options lock name my_pptp_server +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless 2 - /etc/ppp/chap-secret Alaa my_pptp_server secret * my_pptp_server aaa secret * I tried to connect to the server with ../pptp xxx.xxx.xxx.xxx name aaa remotename my_pptp_server I got (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection established. (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. and after 40 secunt I get (unknown)[721]: log[pptp_read_some:pptp_ctrl.c:368]: read error: Broken pipe the connection of course will terminat and I have to reboot the mashine before I can try again Regards Alaa From cduffy at mvista.com Fri Jun 16 11:00:48 2000 From: cduffy at mvista.com (Charles Duffy) Date: Fri, 16 Jun 2000 09:00:48 -0700 Subject: [pptp-server] linux-client In-Reply-To: <394A39E6.1CD04C0A@netman.dk>; from aaa@netman.dk on Fri, Jun 16, 2000 at 04:29:58PM +0200 References: <394A39E6.1CD04C0A@netman.dk> Message-ID: <20000616090048.A5355@mvista.com> On Fri, Jun 16, 2000 at 04:29:58PM +0200, Alaa Alamood wrote: > I tried to connect to the server with > > ../pptp xxx.xxx.xxx.xxx name aaa remotename my_pptp_server > > I got > > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client > connection established. > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing > > call established. > > and after 40 secunt I get > (unknown)[721]: log[pptp_read_some:pptp_ctrl.c:368]: read error: Broken > > pipe > > the connection of course will terminat and I have to reboot the mashine > before I can try again In my experience, that happens most likely when pppd decides to quit. Add "debug" to /etc/ppp/options, and watch the syslog closely. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From klussier at mclinux.com Fri Jun 16 11:30:05 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Fri, 16 Jun 2000 12:30:05 -0400 Subject: [pptp-server] linux-client References: <394A39E6.1CD04C0A@netman.dk> Message-ID: <394A560D.C4C5A394@mclinux.com> I'm assuming that you are connecting to a poptop server. Do you log pptpd activity on the server side? If so that might be helpful. If not, enable it in /etc/syslogd.conf. As for having to reboot after each try, no you don't. Just delete /var/run/pptp/xxx.xxx.xxx.xxx (ip address of the server). Kenny -- Kenny Lussier Systems Administrator Mission Critical Linux *********************************** The road to happiness is paved with potholes. The road to Hell is paved with good intentions. Does the DPW know about this?? *********************************** Alaa Alamood wrote: > > Hi > > I have installed linux client 1.0.2, on my redhat 62 box, > > the following files look like > > 1- /etc/ppp/options > > lock > name my_pptp_server > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > 2 - /etc/ppp/chap-secret > > Alaa my_pptp_server secret * > my_pptp_server aaa secret * > > I tried to connect to the server with > > ../pptp xxx.xxx.xxx.xxx name aaa remotename my_pptp_server > > I got > > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client > connection established. > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing > > call established. > > and after 40 secunt I get > (unknown)[721]: log[pptp_read_some:pptp_ctrl.c:368]: read error: Broken > > pipe > > the connection of course will terminat and I have to reboot the mashine > before I can try again > > Regards > Alaa > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From dsladmin at bellsouth.net Fri Jun 16 11:32:35 2000 From: dsladmin at bellsouth.net (Layton Welborn) Date: Fri, 16 Jun 2000 12:32:35 -0400 Subject: [pptp-server] RedHat 6.2 PoPToP Installation Message-ID: Hello everyone, I have a couple of questions: I am installing a PoPToP server on my RH6.2 machine that is also a MASQ server for my data center. It is going to provide access to 8 people who work from their homes using cable modems & adsl. I am using PPP 2.3.11 and looking through the installation instructions, it says to get the mppe patch for ppp2.3.10. Is this needed? or do I get this for my version from somewhere else? Also, I have the VPN up and working right now without encryption, but I can't get the users to validate to our NT PDC server to access the company shares. When the users are signing on I am receiving the following: Jun 16 12:31:15 thor pptpd[12984]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Do I need to open up a certain port for this? Does this error have anything to do with the NT validation? ANY help would be GREATLY appreciated. thanx in advance! PEREZ SOFTWARE SERVICE, INC. Layton Welborn Systems Analyst lwelborn at pssionline.com 888-758-7774 From AMZABELL at SENTARA.COM Fri Jun 16 11:37:17 2000 From: AMZABELL at SENTARA.COM (ALAN M. ZABELL, MD) Date: Fri, 16 Jun 2000 12:37:17 -0400 Subject: [pptp-server] dynamic ip addresses Message-ID: is it possible for two free standing pc's connected to internet via their own isp's to use pptp to conduct 2 way remote access by exchanging ip addresses by email or some other technique? From AMZABELL at SENTARA.COM Fri Jun 16 14:21:23 2000 From: AMZABELL at SENTARA.COM (ALAN M. ZABELL, MD) Date: Fri, 16 Jun 2000 15:21:23 -0400 Subject: [pptp-server] dynamic ip address Message-ID: can two stand alone pc's connected to the internet via their own isps with dynamic addresses, conduct 2 way remote access using pptp by exchanging ip addresses via email or other means? From dereks at kd-dev.com Fri Jun 16 15:13:50 2000 From: dereks at kd-dev.com (Derek Simkowiak) Date: Fri, 16 Jun 2000 13:13:50 -0700 (PDT) Subject: [pptp-server] dynamic ip address In-Reply-To: Message-ID: -> can two stand alone pc's connected to the internet via their own -> isps with dynamic addresses, conduct 2 way remote access What do you mean by "2 way remote access"? If you just need two MS-Windows computers to talk to one-another, it would be much easier to use an application like LapLink2000, which offers encrypted communication/file transfer and is much easier to set up. Besides, I don't know if there even is a PPTP server for Windows9x. If you're talking about Linux boxes, then one would need the PoPToP server, and one would need the PPTP client for Linux, and yes, email would be one way to figure out what the IP address were. AFAIK, there is no automated way to do that yet, but it should be fairly easy to write scripts to do that for you. --Derek From yan at cardinalengineering.com Fri Jun 16 17:15:37 2000 From: yan at cardinalengineering.com (Yan Seiner) Date: Fri, 16 Jun 2000 18:15:37 -0400 Subject: [pptp-server] dynamic ip address References: Message-ID: <394AA709.7BF728DA@cardinalengineering.com> Derek Simkowiak wrote: > snip... > If you're talking about Linux boxes, then one would need the > PoPToP server, and one would need the PPTP client for Linux, and yes, > email would be one way to figure out what the IP address were. AFAIK, > there is no automated way to do that yet, but it should be fairly easy to > write scripts to do that for you. > Actually, I think vpnd (or maybe vtund) can use dynip (I think that's what it is) to create a vpn between two ISP assigned IPs on the net. Basically, the server posts its ip on the dynip server and the client looks it up. I have no idea if it actually works, but it's been written about. Only works for linux boxes. --Yan > --Derek > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From sam at linuxtec.com Fri Jun 16 19:02:46 2000 From: sam at linuxtec.com (Samuel Gonzalez, Jr.) Date: Fri, 16 Jun 2000 19:02:46 -0500 Subject: [pptp-server] Authentication with Windows Clients to Linux Server Message-ID: <394AC026.CDEB101B@linuxtec.com> Do I have to patch the pppd sources to use CHAP with Windows clients? I have the pptp server working without authentication but have disabled it because when I try to use CHAP I get an error that the authentication has failed. I am thinking that I need to patch for MSCHAP to make it work. Am I correct? Thanks Sam From emmet___ at yahoo.com Fri Jun 16 20:17:04 2000 From: emmet___ at yahoo.com (S.Ecker) Date: Fri, 16 Jun 2000 18:17:04 -0700 (PDT) Subject: [pptp-server] Newbie problem connecting win98vpn to linux pptp Message-ID: <20000617011704.16850.qmail@web216.mail.yahoo.com> Hi, I'm trying to connect a win98 client to a linux server (kernel 2.2.14, redhat 6.2) using windows vpn. The client and server are on different subnets separated by the internet. When I boot the machine I get the following in /var/log/messages: Jun 16 17:47:13 mail pptpd[508]: MGR: Manager process started which looks ok, right? I configured my win98 machine vpn connection with the following settings checked: log on to network require encrypted password tcp/ip specify ip address: 192.168.254.15 specify name servers: blah, blah When I go to connect It waits extra long at "verifying user name and password" then stops with the error (in windows): "Error 645: Dial-Up Networking could not complete the connection to the server. Check your configuration and try the connection again." /var/log/messages (in linux) records the following: Jun 16 17:49:53 mail pptpd[738]: CTRL: Client 123.123.123.123 control connection st arted Jun 16 17:49:53 mail pptpd[738]: CTRL: Starting call (launching pppd, opening GR E) Jun 16 17:49:53 mail kernel: CSLIP: code copyright 1989 Regents of the Universit y of California Jun 16 17:49:53 mail kernel: PPP: version 2.3.7 (demand dialling) Jun 16 17:49:53 mail kernel: PPP line discipline registered. Jun 16 17:49:53 mail kernel: registered device ppp0 Jun 16 17:49:53 mail pppd[739]: pppd 2.3.11 started by root, uid 0 Jun 16 17:49:53 mail pppd[739]: Using interface ppp0 Jun 16 17:49:53 mail pppd[739]: Connect: ppp0 <--> /dev/pts/1 Jun 16 17:50:23 mail pppd[739]: LCP: timeout sending Config-Requests Jun 16 17:50:23 mail pppd[739]: Connection terminated. Jun 16 17:50:23 mail pppd[739]: Exit. Jun 16 17:50:23 mail pptpd[738]: GRE: read(fd=4,buffer=804d7e0,len=8196) from PT Y failed: status = -1 error = Input/output error Jun 16 17:50:23 mail pptpd[738]: CTRL: PTY read or GRE write failed (pty,gre)=(4 ,5) Jun 16 17:50:23 mail pptpd[738]: CTRL: Client 123.123.123.123 control connection finished First, is this a windows or linux side problem? I upgraded to the latest windows vpn. I was unable to upgrade to 128bit-Dialup Networking, though I don't think this should matter. The contents of my /etc/ppp/options: lock debug auth +chap proxyarp # +chapms # +chapms-v2 # p3-40 # mppe-128 # mppe-stateless I commented out those ones at the bottom because I was getting an error that they were unrecognized. In my /etc/pptpd.conf I have the following uncommented: localip 192.168.254.2-20 remoteip 11.22.33.44,123.123.123.123,192.168.212.1-5 listen 192.168.254.2 11.22.33.44 is external ip of the router (masked). 192.168.254.2 is the internal ip of the server. 123.123.123.123 is the external ip of my router (masked) for my win98 client, and 192.168.212.2 is the internal ip of my win98 client. packages I'm using: ppp-2.3.11.tar.gz pptpd-1.0.0-i386.rpm SSLeay-0.9.0b.tar.gz I followed the instructions at http://www.moretonbay.com/vpn/releases/PoPToP-RedHat-HOWTO.txt. However, when I tried to install the patch "ppp-2.3.10-openssl-norc4-mppe.patch" It just hangs so I don't know if it did anything. Thanks for any help. -Scott __________________________________________________ Do You Yahoo!? Send instant messages with Yahoo! Messenger. http://im.yahoo.com/ From david at solutionsfirst.net Sat Jun 17 01:12:46 2000 From: david at solutionsfirst.net (Dave Kempe) Date: Sat, 17 Jun 2000 16:12:46 +1000 Subject: [pptp-server] dynamic ip address In-Reply-To: <394AA709.7BF728DA@cardinalengineering.com> Message-ID: <000001bfd823$0e9a2020$0201a8c0@what.net> The other thing you can do is use a dynamic DNS service. I use dyndns.org for this and it works really well. My VPN efforts would fail unless I could reach various hosts taht have dynamic IPs, and Dyndns works great. Linux client gets invoked when the client dials up, regs the IP in the dns and blammo you get yourserver.dyndns.org or whatever. Its free too! dave > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Yan Seiner > Sent: Saturday, 17 June 2000 8:16 AM > To: Derek Simkowiak > Cc: ALAN M. ZABELL, MD; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] dynamic ip address > > > Derek Simkowiak wrote: > > > snip... > > > If you're talking about Linux boxes, then one would need the > > PoPToP server, and one would need the PPTP client for Linux, and yes, > > email would be one way to figure out what the IP address were. AFAIK, > > there is no automated way to do that yet, but it should be > fairly easy to > > write scripts to do that for you. > > > > Actually, I think vpnd (or maybe vtund) can use dynip (I think that's > what it is) to create a vpn between two ISP assigned IPs on the net. > Basically, the server posts its ip on the dynip server and the client > looks it up. > > I have no idea if it actually works, but it's been written about. Only > works for linux boxes. > > --Yan > > > --Derek > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From georgiev at globalserve.net Sat Jun 17 17:14:13 2000 From: georgiev at globalserve.net (G. Georgiev) Date: Sat, 17 Jun 2000 18:14:13 -0400 (EDT) Subject: [pptp-server] pptp client setup guide needed Message-ID: Hi, I try to set-up pptp client for linux on my gateway and had every possible kind of problems. The documentation (if any) is really scarce. I try linux pptp-1.0.2 client on linux 2.2.13 with pppd-2.2.10 patched with ppp-2.3.10.pptp.patch. I am able to authenticate, bring up the interface, but every single packet I receive form the remote end is rejected from my pppd like: Jun 17 17:06:37 gate pppd[11365]: rcvd [LCP ProtRej id=0x10 cb c5 e7 00 The server on the remoote side is probably NT and I have no control there. Some idea why? gate:~# lsmod Module Size Used by Appp_deflate 42692 0 bsd_comp 3824 0 ppp_mppe 13872 0 nfs 30360 0 (unused) lockd 32424 0 [nfs] sunrpc 54692 0 [nfs lockd] ppp 21388 4 [ppp_deflate bsd_comp ppp_mppe] slhc 4524 2 [ppp] 3c509 6036 1 /var/log/messages: Jun 17 17:06:16 gate pppd[11365]: pppd 2.3.10 started by root, uid 0 Jun 17 17:06:16 gate pppd[11365]: Using interface ppp2 Jun 17 17:06:17 gate pppd[11365]: Connect: ppp2 <--> /dev/ttya0 Jun 17 17:06:21 gate pppd[11365]: Remote message: CHAP authentication success, unit 131992644 Jun 17 17:06:22 gate pppd[11365]: local IP address 172.20.75.215 Jun 17 17:06:22 gate pppd[11365]: remote IP address 172.20.0.13 Jun 17 17:06:22 gate pppd[11365]: MPPE 40 bit, stateless compression enabled /var/log/debug Jun 17 17:06:21 gate pppd[11365]: Timeout 0x80557ec:0x80776a0 in 3 seconds. Jun 17 17:06:21 gate pppd[11365]: rcvd [CHAP Success id=0xad "CHAP authentication success, unit 131992644"] Jun 17 17:06:21 gate pppd[11365]: Untimeout 0x80557ec:0x80776a0. Jun 17 17:06:21 gate pppd[11365]: sent [IPCP ConfReq id=0x1 ] Jun 17 17:06:21 gate pppd[11365]: Timeout 0x80500b8:0x8077620 in 3 seconds. Jun 17 17:06:21 gate pppd[11365]: sent [CCP ConfReq id=0x1 ] Jun 17 17:06:21 gate pppd[11365]: Timeout 0x80500b8:0x8077760 in 3 seconds. Jun 17 17:06:21 gate pppd[11365]: rcvd [IPCP ConfReq id=0xb9 ] Jun 17 17:06:21 gate pppd[11365]: ipcp: returning Configure-ACK Jun 17 17:06:21 gate pppd[11365]: sent [IPCP ConfAck id=0xb9 ] Jun 17 17:06:22 gate pppd[11365]: rcvd [IPCP ConfNak id=0x1 ] Jun 17 17:06:22 gate pppd[11365]: Untimeout 0x80500b8:0x8077620. Jun 17 17:06:22 gate pppd[11365]: sent [IPCP ConfReq id=0x2 ] Jun 17 17:06:22 gate pppd[11365]: Timeout 0x80500b8:0x8077620 in 3 seconds. Jun 17 17:06:22 gate pppd[11365]: rcvd [CCP ConfRej id=0x1 ] Jun 17 17:06:22 gate pppd[11365]: Untimeout 0x80500b8:0x8077760. Jun 17 17:06:22 gate pppd[11365]: sent [CCP ConfReq id=0x2 ] Jun 17 17:06:22 gate pppd[11365]: Timeout 0x80500b8:0x8077760 in 3 seconds. Jun 17 17:06:22 gate pppd[11365]: rcvd [IPCP ConfAck id=0x2 ] Jun 17 17:06:22 gate pppd[11365]: Untimeout 0x80500b8:0x8077620. Jun 17 17:06:22 gate pppd[11365]: ipcp: up Jun 17 17:06:22 gate pppd[11365]: Script /etc/ppp/ip-up started (pid 11367) Jun 17 17:06:22 gate pppd[11365]: rcvd [CCP ConfReq id=0x77 ] Jun 17 17:06:22 gate pppd[11365]: sent [CCP ConfAck id=0x77 ] Jun 17 17:06:22 gate pppd[11365]: rcvd [CCP ConfAck id=0x2 ] Jun 17 17:06:22 gate pppd[11365]: Untimeout 0x80500b8:0x8077760. Jun 17 17:06:23 gate pppd[11365]: Script /etc/ppp/ip-up finished (pid 11367), status = 0x0 Jun 17 17:06:31 gate pppd[11365]: rcvd [LCP ProtRej id=0xa 02 61 aa a2 fd Jun 17 17:06:32 gate pppd[11365]: rcvd [LCP ProtRej id=0xb 9d 37 cb f8 29 Jun 17 17:06:33 gate pppd[11365]: rcvd [LCP ProtRej id=0xc ab 98 7b 62 7c From vgill at technologist.com Sun Jun 18 00:06:06 2000 From: vgill at technologist.com (Vern H. Gill) Date: Sat, 17 Jun 2000 22:06:06 -0700 Subject: [pptp-server] HELP!!! Can't make it work In-Reply-To: Message-ID: I need to connect from both inside and outside my LAN using both Windoze and linux clients. The linux client, unlike the windows one, actually starts to connect, but only for a short time, then ultimately fails. What am I doing wrong? Red Hat Linux release 6.1 (Cartman) Linux linus.gillnet.org 2.2.14 #1 Fri Mar 10 23:03:23 PST 2000 i586 unknown PoPToP v1.1.1 pptp-linux version 1.0.2 Win98 SE /etc/pptpd.conf speed 115200 pidfile /var/run/pptpd.pid option /etc/ppp/options.pptpd /etc/ppp/options.pptpd # The following are for the PPTP Server lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name linus proxyarp localip 192.168.5.1 remoteip 192.168.5.10-14 ms-dns 192.168.5.1 ms-dns 192.168.5.1 ms-wins 192.168.5.1 ms-wins 192.168.5.1 idle 1800 This is the logfile when trying to connect with a Win98 client. Jun 17 21:40:56 linus pptpd[5966]: CTRL: pppd speed = 115200 Jun 17 21:40:56 linus pptpd[5966]: CTRL: pppd options file = /etc/ppp/options.pptpd Jun 17 21:40:56 linus pptpd[5966]: CTRL: Client 192.168.5.52 control connection started Jun 17 21:40:56 linus pptpd[5966]: CTRL: Received PPTP Control Message (type: 1) Jun 17 21:40:56 linus pptpd[5966]: CTRL: Made a START CTRL CONN RPLY packet Jun 17 21:40:56 linus pptpd[5966]: CTRL: I wrote 156 bytes to the client. Jun 17 21:40:56 linus pptpd[5966]: CTRL: Sent packet to client Jun 17 21:40:56 linus pptpd[5966]: CTRL: Received PPTP Control Message (type: 7) Jun 17 21:40:56 linus pptpd[5966]: CTRL: 0 min_bps, 0 max_bps, 32 window size Jun 17 21:40:56 linus pptpd[5966]: CTRL: Made a OUT CALL RPLY packet Jun 17 21:40:56 linus pptpd[5966]: CTRL: Starting call (launching pppd, opening GRE) Jun 17 21:40:56 linus pptpd[5966]: CTRL: pty_fd = 6 Jun 17 21:40:56 linus pptpd[5966]: CTRL: tty_fd = 7 Jun 17 21:40:56 linus pptpd[5966]: CTRL: I wrote 32 bytes to the client. Jun 17 21:40:56 linus pptpd[5966]: CTRL: Sent packet to client Jun 17 21:40:56 linus pptpd[5967]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 17 21:40:56 linus pptpd[5966]: Error reading from pppd: Input/output error Jun 17 21:40:56 linus pptpd[5966]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6) Jun 17 21:40:56 linus pptpd[5966]: CTRL: Client 192.168.5.52 control connection finished Jun 17 21:40:56 linus pptpd[5966]: CTRL: Exiting now Jun 17 21:40:56 linus pptpd[5968]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Jun 17 21:40:56 linus pptpd[5968]: CTRL: pppd speed = 115200 Jun 17 21:40:56 linus pptpd[5968]: CTRL: pppd options file = /etc/ppp/options.pptpd Jun 17 21:40:56 linus pptpd[5968]: CTRL: Client 192.168.5.52 control connection started Jun 17 21:40:56 linus pptpd[5968]: CTRL: Received PPTP Control Message (type: 1) Jun 17 21:40:57 linus pptpd[5968]: CTRL: Made a START CTRL CONN RPLY packet Jun 17 21:40:57 linus pptpd[5968]: CTRL: I wrote 156 bytes to the client. Jun 17 21:40:57 linus pptpd[5968]: CTRL: Sent packet to client Jun 17 21:40:57 linus pptpd[5968]: CTRL: EOF or bad error reading ctrl packet length. Jun 17 21:40:57 linus pptpd[5968]: CTRL: couldn't read packet header (exit) Jun 17 21:40:57 linus pptpd[5968]: CTRL: CTRL read failed Jun 17 21:40:57 linus pptpd[5885]: MGR: Reaped child 5968 This is the logfile when connecting with a linux client. commandline used is just [/root]# pptp linus Jun 17 21:51:26 linus pptpd[6237]: CTRL: pppd speed = 115200 Jun 17 21:51:26 linus pptpd[6237]: CTRL: pppd options file = /etc/ppp/options.pptpd Jun 17 21:51:26 linus pptpd[6237]: CTRL: Client 192.168.5.1 control connection started Jun 17 21:51:26 linus pptpd[6237]: CTRL: Received PPTP Control Message (type: 1) Jun 17 21:51:26 linus pptpd[6237]: CTRL: Made a START CTRL CONN RPLY packet Jun 17 21:51:26 linus pptpd[6237]: CTRL: I wrote 156 bytes to the client. Jun 17 21:51:26 linus pptpd[6237]: CTRL: Sent packet to client Jun 17 21:51:27 linus pptpd[6237]: CTRL: Received PPTP Control Message (type: 7) Jun 17 21:51:27 linus pptpd[6237]: CTRL: 0 min_bps, 152 max_bps, 32 window size Jun 17 21:51:27 linus pptpd[6237]: CTRL: Made a OUT CALL RPLY packet Jun 17 21:51:27 linus pptpd[6237]: CTRL: Starting call (launching pppd, opening GRE) Jun 17 21:51:27 linus pptpd[6237]: CTRL: pty_fd = 6 Jun 17 21:51:27 linus pptpd[6237]: CTRL: tty_fd = 7 Jun 17 21:51:27 linus pptpd[6237]: CTRL: I wrote 32 bytes to the client. Jun 17 21:51:27 linus pptpd[6237]: CTRL: Sent packet to client Jun 17 21:51:27 linus pptpd[6240]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 17 21:51:27 linus pptpd[6237]: Error reading from pppd: Input/output error Jun 17 21:51:27 linus pptpd[6237]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6) Jun 17 21:51:27 linus pptpd[6237]: CTRL: Client 192.168.5.1 control connection finished Jun 17 21:51:27 linus pptpd[6237]: CTRL: Exiting now Jun 17 21:51:27 linus pppd[6242]: pppd 2.3.10 started by root, uid 0 Jun 17 21:51:27 linus pppd[6242]: Using interface ppp1 Jun 17 21:51:27 linus pppd[6242]: Connect: ppp1 <--> /dev/ttya0 Jun 17 21:51:30 linus pppd[6242]: Serial line is looped back. Jun 17 21:51:30 linus pppd[6242]: Connection terminated. Jun 17 21:51:31 linus pppd[6242]: Using interface ppp1 Jun 17 21:51:31 linus pppd[6242]: Connect: ppp1 <--> /dev/ttya0 Jun 17 21:51:31 linus pppd[6242]: Serial line is looped back. Jun 17 21:51:31 linus pppd[6242]: Connection terminated. Jun 17 21:51:32 linus pppd[6242]: Using interface ppp1 Jun 17 21:51:32 linus pppd[6242]: Connect: ppp1 <--> /dev/ttya0 Jun 17 21:51:32 linus pppd[6242]: Serial line is looped back. Jun 17 21:51:32 linus pppd[6242]: Connection terminated. Jun 17 21:51:33 linus pppd[6242]: Using interface ppp1 Jun 17 21:51:33 linus pppd[6242]: Connect: ppp1 <--> /dev/ttya0 Jun 17 21:51:33 linus pppd[6242]: Serial line is looped back. Jun 17 21:51:33 linus pppd[6242]: Connection terminated. Jun 17 21:51:34 linus pppd[6242]: Using interface ppp1 Jun 17 21:51:34 linus pppd[6242]: Connect: ppp1 <--> /dev/ttya0 Jun 17 21:51:34 linus pppd[6242]: Serial line is looped back. Jun 17 21:51:34 linus pppd[6242]: Connection terminated. Jun 17 21:51:35 linus pppd[6242]: Using interface ppp1 Jun 17 21:51:35 linus pppd[6242]: Connect: ppp1 <--> /dev/ttya0 Jun 17 21:51:35 linus pppd[6242]: Serial line is looped back. Jun 17 21:51:35 linus pppd[6242]: Connection terminated. Jun 17 21:51:36 linus pppd[6242]: Using interface ppp1 Jun 17 21:51:36 linus pppd[6242]: Connect: ppp1 <--> /dev/ttya0 Jun 17 21:51:36 linus pppd[6242]: Serial line is looped back. Jun 17 21:51:36 linus pppd[6242]: Connection terminated. Jun 17 21:51:37 linus pppd[6242]: Using interface ppp1 Jun 17 21:51:37 linus pppd[6242]: Connect: ppp1 <--> /dev/ttya0 Jun 17 21:51:37 linus pppd[6242]: Serial line is looped back. Jun 17 21:51:37 linus pppd[6242]: Connection terminated. Jun 17 21:51:38 linus pppd[6242]: Using interface ppp1 Jun 17 21:51:38 linus pppd[6242]: Connect: ppp1 <--> /dev/ttya0 Jun 17 21:51:38 linus pppd[6242]: Serial line is looped back. Jun 17 21:51:38 linus pppd[6242]: Connection terminated. Jun 17 21:51:39 linus pppd[6242]: Using interface ppp1 Jun 17 21:51:39 linus pppd[6242]: Connect: ppp1 <--> /dev/ttya0 Jun 17 21:51:39 linus pppd[6242]: Serial line is looped back. Jun 17 21:51:39 linus pppd[6242]: Connection terminated. Jun 17 21:51:40 linus pppd[6242]: Exit. From emmet___ at yahoo.com Sun Jun 18 17:58:29 2000 From: emmet___ at yahoo.com (S.Ecker) Date: Sun, 18 Jun 2000 15:58:29 -0700 (PDT) Subject: [pptp-server] Help me get started please. Message-ID: <20000618225829.23264.rocketmail@web221.mail.yahoo.com> I've read the poptop-redhat-howto, and scoured the web and list archives. I'm trying to set up a VPN to accomplish the following: I need to be able to map a network drive in windows98se to a samba share on a linux server (redhat6.2). The linux server in on a private ip subnet (192.168.254.*) behind a flowpoint 2200 SDSL router using NAT (I have mapped all ports to the linux server). The win98 client at a remote location is connected to a flowpoint 2200 IDSL router in bridging mode with a public ip address. Simple as that. Now I know what you're saying. Why don't you just map tcp/udp 137-139 to the linux server and connect using netbios over tcp? Well, it doesn't work (from experience) and from what I've read, netbios over tcp doesn't route to other subnets. So anyway, it will not work the easy way unfortunately. So what I'd like some feedback on in order to save me time and frustration is what packages do I need to download and install and where can I find up-to-date installation instructions to accomplish what I described above? __________________________________________________ Do You Yahoo!? Send instant messages with Yahoo! Messenger. http://im.yahoo.com/ From rfairchi at gizzard.org Sun Jun 18 18:33:04 2000 From: rfairchi at gizzard.org (Rob Fairchild) Date: Sun, 18 Jun 2000 16:33:04 -0700 Subject: [pptp-server] rcvd [Compressed data] anyone? Message-ID: <394D5C30.C3CCAE7F@gizzard.org> Hello all, Here's my setup LinuxPptpClient(Home) ->linuxFireWall(seawall)->internet->firewall(unknown)->NtPptpServer ( work ) I can connect from the client to the NtServer, and then run an ftp client into my network at work. Things look ok until I start to upload/download data (i.e. I can do dir listings and get/put small tiny files no problem). Whenever I use larger data in the get/put operations, I get the following messages Jun 18 14:28:32 gizzard pppd[860]: rcvd [Compressed data] 90 4a 48 48 65 91 2f 46 ... Jun 18 14:31:31 gizzard pppd[860]: rcvd [Compressed data] 90 51 92 06 7f 7a 8fce ... I get the following kernel messages as well... Jun 18 14:28:32 gizzard kernel: ppp0: decomp err -1 Jun 18 14:31:31 gizzard kernel: ppp0: decomp err -1 The linux ftp client hangs after 512 bytes on a get operation and 2048 bytes on a put. I don't know if the numbers are significant, but they are consistent. I've read the list archives and there is lots of mention of this same problem (especially a few months ago), but nobody has ever posted a solution that I know of (and please correct me if I am wrong). The debug messages are getting generated in the ppp_mppe code in the mppe_decompress function when (seq != state->ccount). The problem looks similar to the excellent analysis Charles Duffy did so I tried what eric at we-24-30-125-179.we.mediaone.net suggested, i.e. > If you're expieriencing lost/dropped packets, then there's another > issue... The easiest fix is to use stateless encryption and in ppp_mppe.c > (under your usr/src/linux dir) in the decrypt/decompress function make it > loop through the update_count method until the count matches and NOT > return an error (just continue)." and that got rid of the 'decomp err' but the client still hangs as before. Honestly, I dont understand how eric's suggestion could have worked anyways, because I think at that point your already FUBAR. In any case, was I supposed to do the final mppe_update_count() call after we had brought (seq == state->count) ? I've been up many nights with this and have tried getting this to work with all kinds of ppp patch and kernel version variations and the failure is the same. Just for completion sakes, here is my current setup... 2.2.14-5.0smp , ppp-2.3.10 created from the mppe patch source rpms (Thanks Adi!). pptp client 1.02 /etc/ppp/options: lock debug kdebug 7 noipdefault noauth +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless I'll skip dumping the full message logs unless anyone can really use them to help out, I think that it should be good enough to know that do I successfully negotiate mppe-128 stateless with the NT Server. Also, I doubt that it is my firewall that is causing the problem because I can connect MS pptp clients to the destination just fine. Any help here would be highly appreciated. I'ts ultra frustrating because I feel that I am almost there. If there are lurkers out there who who are seeing similar problems or have a fix/suggestion/hint, _please_ do speak up! Thanks in advance, Rob. From jnekl at kc.rr.com Sun Jun 18 21:20:45 2000 From: jnekl at kc.rr.com (Joshua Nekl) Date: Sun, 18 Jun 2000 21:20:45 -0500 Subject: [pptp-server] GRE: Bad checksum from pppd Message-ID: <005901bfd994$f9873c40$0200fa0a@domain> Okay, we've been working on this problem for the last 3 days. When connecting from windows clients, I get the following error message. Jun 18 21:01:29 lx1 pptpd[2325]: GRE: Bad checksum from pppd. Jun 18 21:02:05 lx1 last message repeated 12 times Does anyone know what can cause this error message??? Is there a way to enable better debugging??? I've tried adding debug to /etc/ppp/options and staring pptpd with the -d switch, but neither one yields any more info. We have setup about six other PoPToP linux servers. All of them are the same configuration. RH 6.1 / kernel 2.2.14 poptop 1.0.0 ppp 2.3.10 I've compare /etc/ppp/options and /etc/pptpd.conf. Everything is the same except for the ip pools. I have even re-extraced the kernel / poptop / ppp source and re-compiled everything. Didn't help. I saw in a previous post a similar problem with the GRE: Bad checksum ... stuff. The problem was solved by going to poptop v1.1.1. I tried that also, and it still didn't help. All of us are at a loss of where to go next. Any help is greatly appreciated. "Who needs horror movies when we have Microsoft"? -- Christine Comaford, PC Week, 27/9/95 From hawke at hawkes-haven.com Sun Jun 18 21:42:03 2000 From: hawke at hawkes-haven.com (H) Date: Sun, 18 Jun 2000 20:42:03 -0600 Subject: [pptp-server] GRE: Bad checksum from pppd References: <005901bfd994$f9873c40$0200fa0a@domain> Message-ID: <394D887B.300EF861@hawkes-haven.com> Are there any routers between that are mangling the GRE? Some routers don't know how to handle it at all, others do so incorrectly, and many newer ones work just fine. -Hawke Joshua Nekl wrote: > > Okay, we've been working on this problem for the last 3 days. > When connecting from windows clients, I get the following error > message. > > Jun 18 21:01:29 lx1 pptpd[2325]: GRE: Bad checksum from pppd. > Jun 18 21:02:05 lx1 last message repeated 12 times > > Does anyone know what can cause this error message??? > Is there a way to enable better debugging??? > I've tried adding debug to /etc/ppp/options and staring pptpd with > the -d switch, but neither one yields any more info. > > We have setup about six other PoPToP linux servers. All of them > are the same configuration. > > RH 6.1 / kernel 2.2.14 > poptop 1.0.0 > ppp 2.3.10 > > I've compare /etc/ppp/options and /etc/pptpd.conf. Everything is > the same except for the ip pools. > > I have even re-extraced the kernel / poptop / ppp source and > re-compiled everything. Didn't help. > > I saw in a previous post a similar problem with the GRE: > Bad checksum ... stuff. The problem was solved by going to > poptop v1.1.1. I tried that also, and it still didn't help. > > All of us are at a loss of where to go next. Any help is > greatly appreciated. > > "Who needs horror movies when we have Microsoft"? > -- Christine Comaford, PC Week, 27/9/95 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! -- -Hawke eCommerce & Internal Infrastructure Systems & Components Architect Unix Systems Admin MCP+I, MCSE, CNA, AS in CS Amateur Java programmer hawke at hawkes-haven.com The opinions expressed are just that, my opinions, solely my own, and in no way reflects any view or policy of my employer. From frederic.celse at sema.fr Mon Jun 19 01:50:56 2000 From: frederic.celse at sema.fr (F. CELSE) Date: Mon, 19 Jun 2000 08:50:56 +0200 Subject: [pptp-server] linux client encryption References: Message-ID: <394DC2CF.27EDEDA9@sema.fr> Hi, we are using the linux pptp server 1.0.0 on a red-Hat 6.1 linux box with both NT and linux clients. Everythings seems working well but the encryption with the linux clients. With an NT client, we have in the server logs : Jun 18 16:01:21 hades pptpd[2634]: CTRL: Client 213.36.36.105 control connection started Jun 18 16:01:22 hades pptpd[2634]: CTRL: Starting call (launching pppd, opening GRE) Jun 18 16:01:22 hades modprobe: can't locate module char-major-108 Jun 18 16:01:22 hades kernel: CSLIP: code copyright 1989 Regents of the University of California Jun 18 16:01:22 hades kernel: PPP: version 2.3.10 (demand dialling) Jun 18 16:01:22 hades kernel: PPP line discipline registered. Jun 18 16:01:22 hades kernel: registered device ppp0 Jun 18 16:01:22 hades pppd[2635]: pppd 2.3.10 started by root, uid 0 Jun 18 16:01:22 hades pppd[2635]: Using interface ppp0 Jun 18 16:01:22 hades pppd[2635]: Connect: ppp0 <--> /dev/pts/1 Jun 18 16:01:23 hades kernel: PPP BSD Compression module registered Jun 18 16:01:23 hades kernel: PPP MPPE compression module registered Jun 18 16:01:23 hades kernel: PPP Deflate Compression module registered Jun 18 16:01:23 hades pppd[2635]: MSCHAP peer authentication succeeded for xxxx Jun 18 16:01:23 hades pppd[2635]: found interface eth0 for proxy arp Jun 18 16:01:23 hades pppd[2635]: local IP address x.x.x.x Jun 18 16:01:23 hades pppd[2635]: remote IP address x.x.x.2x Jun 18 16:01:23 hades pppd[2635]: MPPE 40 bit, stateless compression enabled ... With the linux clients we have : Jun 18 16:08:44 hades pptpd[2688]: CTRL: Client 213.36.36.125 control connection started Jun 18 16:08:45 hades pptpd[2688]: CTRL: Starting call (launching pppd, opening GRE) Jun 18 16:08:45 hades modprobe: can't locate module char-major-108 Jun 18 16:08:45 hades pppd[2689]: pppd 2.3.10 started by root, uid 0 Jun 18 16:08:45 hades pppd[2689]: Using interface ppp0 Jun 18 16:08:45 hades pppd[2689]: Connect: ppp0 <--> /dev/pts/1 Jun 18 16:08:47 hades pptpd[2688]: GRE: Discarding duplicate packet Jun 18 16:08:48 hades pppd[2689]: MSCHAP-v2 peer authentication succeeded for xxx Jun 18 16:08:49 hades pppd[2689]: found interface eth0 for proxy arp Jun 18 16:08:49 hades pppd[2689]: local IP address x.x.x.x Jun 18 16:08:49 hades pppd[2689]: remote IP address x.x.x.x Jun 18 16:08:49 hades pppd[2689]: Deflate (15) compression enabled Jun 18 16:09:11 hades sshd[2720]: log: Connection from 1.6.101.233 port 1023 Regards. the encryption seems to be disabled. The linux client (version 1.0.2) is started with both : pptp debug name pptp debug name mppe-40 (or mppe-128) and it doesn't change anything. any idea ? Regards. -- Frederic CELSE Tel : (+33) 4 76 41 67 34 Sema Group Fax : (+33) 4 76 41 47 47 Centre de Grenoble mailto:frederic.celse at sema.fr ------------------------------------------------------------------------- From jnekl at kc.rr.com Mon Jun 19 08:51:25 2000 From: jnekl at kc.rr.com (Joshua Nekl) Date: Mon, 19 Jun 2000 08:51:25 -0500 Subject: [pptp-server] GRE: Bad checksum from pppd References: <005901bfd994$f9873c40$0200fa0a@domain> <394D887B.300EF861@hawkes-haven.com> Message-ID: <000e01bfd9f5$761955d0$0200fa0a@domain> Well, we got the problem solved. Just thought I'd post the solution for everyone else to reference. The only difference from this server compared to all our other servers is that this one has dual PIII's. After exhausing all other possibilities, I re-compiled the kernel without SMP processor support, and downgraded the processor selection from P-Pro to a regular Pentium. Everything is working flawlessly now, even though I hate having an extra processor sitting in there doing nothing. Joshua Nekl From jp.chavant at geosys.fr Mon Jun 19 09:05:11 2000 From: jp.chavant at geosys.fr (Jean-Paul Chavant) Date: Mon, 19 Jun 2000 16:05:11 +0200 Subject: [pptp-server] compiling and installing pptp & ppp Message-ID: <007801bfd9f7$624c99c0$6503a8c0@pcjpc> hello a few time ago someone posted a way to compile & install popotop on Linux. I have lost this mail. Could someone send it me again please ? thanks. Jean-Paul _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From david_luyer at pacific.net.au Mon Jun 19 09:55:37 2000 From: david_luyer at pacific.net.au (David Luyer) Date: Tue, 20 Jun 2000 00:55:37 +1000 Subject: [pptp-server] GRE: Bad checksum from pppd In-Reply-To: Message from "Joshua Nekl" of "Mon, 19 Jun 2000 08:51:25 EST." <000e01bfd9f5$761955d0$0200fa0a@domain> References: <005901bfd994$f9873c40$0200fa0a@domain> <394D887B.300EF861@hawkes-haven.com> <000e01bfd9f5$761955d0$0200fa0a@domain> Message-ID: <200006191455.AAA15543@typhaon.pacific.net.au> > Well, we got the problem solved. Just thought I'd post the > solution for everyone else to reference. > > The only difference from this server compared to all our other > servers is that this one has dual PIII's. > > After exhausing all other possibilities, I re-compiled the kernel > without SMP processor support, and downgraded the processor > selection from P-Pro to a regular Pentium. > > Everything is working flawlessly now, even though I hate > having an extra processor sitting in there doing nothing. I posted some time ago here about SMP races in kernel tty or ppp code. The latest 2.2.x kernels from Alan Cox should be fine SMP with ppp. David. -- ---------------------------------------------- David Luyer Senior Network Engineer Pacific Internet (Aust) Pty Ltd Phone: +61 3 9674 7525 Fax: +61 3 9699 8693 Mobile: +61 4 1064 2258, +61 4 1114 2258 http://www.pacific.net.au NASDAQ: PCNTF << fast 'n easy >> ---------------------------------------------- From frost at engen.com Mon Jun 19 10:01:00 2000 From: frost at engen.com (Frost) Date: Mon, 19 Jun 2000 08:01:00 -0700 Subject: [pptp-server] PoPToP CTRL Troubles Message-ID: Hi, I've been using the PopTop server for several months now and for the most part everything works fine. On occasion though, the connection will break between the client and the server and the PopTop server will beat itself to death logging the following to /var/log/messages file: Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet length. Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in disconnect sequence Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet length. Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in disconnect sequence Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet length. Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in disconnect sequence Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet length. Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in disconnect sequence Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet length. Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in disconnect sequence Jun 15 17:34:12 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet length. Jun 15 17:34:12 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) Jun 15 17:34:12 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in disconnect sequence This logfile can grow enormously in a very short period of time. Would you have any ideas as to what could be causing this? Thanks for your help. Regards, Harv Harv Frost En.gen (a Division of J. River, Inc.) mailto:frost at engen.com 2727 W. Baseline Rd #13 http://www.engen.com Tempe, AZ 85283 ftp://ftp.engen.com Tel: 602-438-1110 From mike at coredump.csocsg.net Mon Jun 19 10:20:26 2000 From: mike at coredump.csocsg.net (Mike Wronski) Date: Mon, 19 Jun 2000 10:20:26 -0500 Subject: [pptp-server] PoPToP CTRL Troubles References: Message-ID: <005b01bfda01$e6ca3fe0$dca918cf@mw.3com.com> I had the same problem.. Brought my system to a crawl.. I never got an answer from the list, but I did move to V1.1.1 and recompile pppd to the latest version. The problem has not reoccured since.. BTW: I am using the MPPE patches.. -M ----- Original Message ----- From: "Frost" To: "Server List PoPToP" Sent: Monday, June 19, 2000 10:01 AM Subject: [pptp-server] PoPToP CTRL Troubles > Hi, > I've been using the PopTop server for several months now and for the most part > everything works fine. On occasion though, the connection will break between > the client and the server and the PopTop server will beat itself to death > logging the following to /var/log/messages file: > > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet > length. > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in > disconnect sequence > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet > length. > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in > disconnect sequence > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet > length. > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in > disconnect sequence > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet > length. > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in > disconnect sequence > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet > length. > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) > Jun 15 17:34:11 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in > disconnect sequence > Jun 15 17:34:12 ns2 pptpd[7196]: CTRL: EOF or bad error reading ctrl packet > length. > Jun 15 17:34:12 ns2 pptpd[7196]: CTRL: couldn't read packet header (exit) > Jun 15 17:34:12 ns2 pptpd[7196]: CTRL: Unexpected control message 0 in > disconnect sequence > > This logfile can grow enormously in a very short period of time. Would you have > any ideas as to what could be causing this? Thanks for your help. > > Regards, > Harv > > Harv Frost En.gen (a Division of J. River, Inc.) > mailto:frost at engen.com 2727 W. Baseline Rd #13 > http://www.engen.com Tempe, AZ 85283 > ftp://ftp.engen.com Tel: 602-438-1110 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jnekl at kc.rr.com Mon Jun 19 10:45:04 2000 From: jnekl at kc.rr.com (Joshua Nekl) Date: Mon, 19 Jun 2000 10:45:04 -0500 Subject: [pptp-server] PoPToP CTRL Troubles References: <005b01bfda01$e6ca3fe0$dca918cf@mw.3com.com> Message-ID: <003201bfda05$5655abd0$0200fa0a@domain> > On occasion though, the connection will break between > the client and the server and the PopTop server will beat itself to death > logging the following to /var/log/messages file: I had this problem in the past. I found in a recent post a patch that fixes it. The post also said it has been fixed in the development version. - Josh Here's the patch for v1.0.0: The mail server mangled the patch from the origional post so I had to clean it up. If it doesn't take, let me know and I'll send it to you as an attachment. diff -uNr pptpd-1.0.0.orig/pptpctrl.c pptpd-1.0.0/pptpctrl.c --- pptpd-1.0.0.orig/pptpctrl.c Wed Sep 22 19:01:28 1999 +++ pptpd-1.0.0/pptpctrl.c Mon Apr 17 20:52:29 2000 @@ -452,9 +452,17 @@ tv.tv_usec = 0; /* Wait for STOP CTRL CONN RQST or RPLY */ - while (select(clientSocket + 1, &connSet, NULL, NULL, &tv) == 1) { - switch((pkt = read_pptp_packet(clientSocket, packet, rply_packet, &rply_size))) { - case STOP_CTRL_CONN_RQST: + while (select(clientSocket + 1, &connSet, NULL, NULL, + &tv) == 1) { + pkt = read_pptp_packet(clientSocket, packet, + rply_packet, &rply_size); + if (pkt == 0) { + syslog (LOG_WARNING, + "EOF reading control message"); + break; + } + else switch (pkt) { + case STOP_CTRL_CONN_RQST: send_pptp_packet(clientSocket, rply_packet, rply_size); goto skip; case CALL_CLR_RQST: From tkaczma at gryf.net Mon Jun 19 10:51:45 2000 From: tkaczma at gryf.net (tkaczma at gryf.net) Date: Mon, 19 Jun 2000 10:51:45 -0500 (CDT) Subject: [pptp-server] GRE: Bad checksum from pppd In-Reply-To: <200006191455.AAA15543@typhaon.pacific.net.au> Message-ID: On Tue, 20 Jun 2000, David Luyer wrote: > I posted some time ago here about SMP races in kernel tty or ppp code. > > The latest 2.2.x kernels from Alan Cox should be fine SMP with ppp. This should not have any affect on GRE which is a layer below ppp and tty in this scenario. Tom From david_luyer at pacific.net.au Mon Jun 19 11:17:56 2000 From: david_luyer at pacific.net.au (David Luyer) Date: Tue, 20 Jun 2000 02:17:56 +1000 Subject: [pptp-server] GRE: Bad checksum from pppd In-Reply-To: Message from of "Mon, 19 Jun 2000 10:51:45 EST." References: Message-ID: <200006191617.CAA17075@typhaon.pacific.net.au> "Tom" wrote: > On Tue, 20 Jun 2000, David Luyer wrote: > > > I posted some time ago here about SMP races in kernel tty or ppp code. > > > > The latest 2.2.x kernels from Alan Cox should be fine SMP with ppp. > > This should not have any affect on GRE which is a layer below ppp and > tty in this scenario. The error is literally: GRE code reports: bad checksum received from PPP daemon (via TTY layer) Trust me, I know how this all goes together :) The cryptic error messages are mostly my fault :/ David. -- ---------------------------------------------- David Luyer Senior Network Engineer Pacific Internet (Aust) Pty Ltd Phone: +61 3 9674 7525 Fax: +61 3 9699 8693 Mobile: +61 4 1064 2258, +61 4 1114 2258 http://www.pacific.net.au NASDAQ: PCNTF << fast 'n easy >> ---------------------------------------------- From emmet___ at yahoo.com Mon Jun 19 13:46:34 2000 From: emmet___ at yahoo.com (S.Ecker) Date: Mon, 19 Jun 2000 11:46:34 -0700 (PDT) Subject: [pptp-server] pptp still not working Message-ID: <20000619184634.8403.qmail@web209.mail.yahoo.com> Ok, I spent this weekend locked in a room trying to get this to work. I have two systems set up. One works and the other doesn't. The one which works is a win98 box and a linux box on the same subnet with no routers in between. I can connect like a champ, no errors. As soon as I put a router between them (even with all tcp & udp ports open) I get the following error in /var/log/messages: Jun 19 10:15:55 mail pptpd[1839]: CTRL: Client xx.xx.xx.xx control connection started Jun 19 10:15:56 mail pptpd[1839]: CTRL: Starting call (launching pppd, opening GRE) Jun 19 10:15:56 mail pppd[1840]: pppd 2.3.11 started by root, uid 0 Jun 19 10:15:56 mail pppd[1840]: Using interface ppp0 Jun 19 10:15:56 mail pppd[1840]: Connect: ppp0 <--> /dev/pts/2 Jun 19 10:16:26 mail pppd[1840]: LCP: timeout sending Config-Requests Jun 19 10:16:26 mail pppd[1840]: Connection terminated. Jun 19 10:16:26 mail pppd[1840]: Exit. Jun 19 10:16:26 mail pptpd[1839]: GRE: read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error Jun 19 10:16:26 mail pptpd[1839]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jun 19 10:16:26 mail pptpd[1839]: CTRL: Client xx.xx.xx.xx control connection finished Is there a problem routing between different networks with this setup or am I missing some crucial piece of information here? I've posted to my setup this weekend so you can refer to that post at http://lists.schulte.org/pipermail/pptp-server/2000-June/002548.html . __________________________________________________ Do You Yahoo!? Send instant messages with Yahoo! Messenger. http://im.yahoo.com/ From eric at we-24-30-125-179.we.mediaone.net Mon Jun 19 15:04:44 2000 From: eric at we-24-30-125-179.we.mediaone.net (Eric H) Date: Mon, 19 Jun 2000 13:04:44 -0700 (PDT) Subject: [pptp-server] rcvd [Compressed data] anyone? In-Reply-To: <394D5C30.C3CCAE7F@gizzard.org> Message-ID: (please note the reply-to field: eharashe at mediaone.net) One thing I think you've got wrong: 'noauth' in your options file. I believe that lets clients connect without authentication, which will break mppe since it uses the authentication to generate it's keys for encryption. The 'fix' I sent is only for a specific case. Does it work ok if you only download from the pptp server? If so, then you may have the same problem I had. I wrote a fix for it, but I'm not certain how good it is... It does work for me though... (The idea was to make it work according to the RFC I included in the original message... Stateless is simple, it just supposed to update the counter and thus the key). The main problem is when DECOMP_ERROR is returned it disables 'compression' actually encryption/decryption, which is why you see the 'rcvd' lines in your log. After that point the session is useless... A good way to check is by trying to connect without mppe, and seeing if transfers work fine (They did in my case). On Sun, 18 Jun 2000, Rob Fairchild wrote: #=- The debug messages are getting generated in the ppp_mppe code in the #=- mppe_decompress function when (seq != state->ccount). #=- #=- The problem looks similar to the excellent analysis Charles Duffy did so #=- #=- I tried what eric at we-24-30-125-179.we.mediaone.net #=- suggested, i.e. #=- > If you're expieriencing lost/dropped packets, then there's another #=- > issue... The easiest fix is to use stateless encryption and in #=- ppp_mppe.c #=- > (under your usr/src/linux dir) in the decrypt/decompress function make #=- it #=- > loop through the update_count method until the count matches and NOT #=- > return an error (just continue)." #=- and that got rid of the 'decomp err' but the client still hangs as #=- before. Honestly, #=- I dont understand how eric's suggestion could have worked anyways, #=- because I think #=- at that point your already FUBAR. In any case, was I supposed to do (Actually according to the RFC I mentioned, this is ok...) #=- the final #=- mppe_update_count() call after we had brought (seq == state->count) ? (I believe that extra update is not correct, but I never got in contact with the original coder, so I don't know for certain.) #=- noauth Eric Harashevsky (eharashe at mediaone.net) ---------------------------------------------------------------- A man's best friend is his dogma. From kenlussier at mediaone.net Mon Jun 19 17:54:04 2000 From: kenlussier at mediaone.net (Kenneth E. Lussier) Date: Mon, 19 Jun 2000 18:54:04 -0400 Subject: [pptp-server] pptp still not working References: <20000619184634.8403.qmail@web209.mail.yahoo.com> Message-ID: <394EA48C.11E0EC3E@mediaone.net> After looking at your post, there could be several problems. The first thing that I noticed is that in the Win98 Config you're specifying that the client should use an IP address that is reserved in the pptpd.conf as a local IP. Since you have pptpd set to assign IP addresses to clients, set the client to obtain all info from the server and add your dns server, wins server,etc., in the /etc/ppp/options file. As for the LCP timeout problem, that's usually caused when the client can connect to the server, but the return traffic can't find it's way back to the client. The server sends out the auth request and never gets a response. Does the router know how to pass packets between the subnets? Does the Linux box have routing enabled and set up to route between all subnets correctly? Check out the link below for some pointers on the config files. Kenny http://lists.schulte.org/pipermail/pptp-server/2000-February/001706.html S.Ecker wrote: > > Ok, I spent this weekend locked in a room trying to > get this to work. I have two systems set up. One > works and the other doesn't. The one which works is a > win98 box and a linux box on the same subnet with no > routers in between. I can connect like a champ, no > errors. As soon as I put a router between them (even > with all tcp & udp ports open) I get the following > error in /var/log/messages: > > Jun 19 10:15:55 mail pptpd[1839]: CTRL: Client > xx.xx.xx.xx control connection started > Jun 19 10:15:56 mail pptpd[1839]: CTRL: Starting call > (launching pppd, opening GRE) > Jun 19 10:15:56 mail pppd[1840]: pppd 2.3.11 started > by root, uid 0 > Jun 19 10:15:56 mail pppd[1840]: Using interface ppp0 > Jun 19 10:15:56 mail pppd[1840]: Connect: ppp0 <--> > /dev/pts/2 > Jun 19 10:16:26 mail pppd[1840]: LCP: timeout sending > Config-Requests > Jun 19 10:16:26 mail pppd[1840]: Connection > terminated. > Jun 19 10:16:26 mail pppd[1840]: Exit. > Jun 19 10:16:26 mail pptpd[1839]: GRE: > read(fd=4,buffer=804d7e0,len=8196) from PTY failed: > status = -1 error = Input/output error > Jun 19 10:16:26 mail pptpd[1839]: CTRL: PTY read or > GRE write failed (pty,gre)=(4,5) > Jun 19 10:16:26 mail pptpd[1839]: CTRL: Client > xx.xx.xx.xx control connection finished > > Is there a problem routing between different networks > with this setup or am I missing some crucial piece of > information here? I've posted to my setup this > weekend so you can refer to that post at > http://lists.schulte.org/pipermail/pptp-server/2000-June/002548.html > . > > __________________________________________________ > Do You Yahoo!? > Send instant messages with Yahoo! Messenger. > http://im.yahoo.com/ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From rwtalbot at talbot.homeip.net Tue Jun 20 02:34:53 2000 From: rwtalbot at talbot.homeip.net (Richard Talbot) Date: Tue, 20 Jun 2000 17:34:53 +1000 (EST) Subject: [pptp-server] POPTOP Problems Message-ID: Hi, I am trying to install ppptp 1.0.0 I am haveing some troubles with the mppe library. I have configured everything as per the mortonbay website. The system is Redhat 6.1 running 2.2.14. I get the following error root at talbot rwtalbot]# /sbin/insmod ppp_mppe /lib/modules/2.2.14/net/ppp_mppe.o: unresolved symbol ppp_register_compressor /lib/modules/2.2.14/net/ppp_mppe.o: unresolved symbol ppp_unregister_compressor /lib/modules/2.2.14/net/ppp_mppe.o: unresolved symbol RC4_set_key [root at talbot rwtalbot]# Can anyone suggest a solution? Thanks Richard From ddobre at deuroconsult.ro Tue Jun 20 02:40:58 2000 From: ddobre at deuroconsult.ro (Dragos DOBRE) Date: Tue, 20 Jun 2000 10:40:58 +0300 Subject: [pptp-server] pptp still not working References: <20000619184634.8403.qmail@web209.mail.yahoo.com> Message-ID: <394F200A.8B04A0E4@deuroconsult.ro> "S.Ecker" wrote: > > Ok, I spent this weekend locked in a room trying to > get this to work. I have two systems set up. One > works and the other doesn't. The one which works is a > win98 box and a linux box on the same subnet with no > routers in between. I can connect like a champ, no > errors. As soon as I put a router between them (even > with all tcp & udp ports open) I get the following > error in /var/log/messages: ---x8---------- is your router doing some sort of PAT (flavor of NAT called masquerade ) ? > Is there a problem routing between different networks > with this setup or am I missing some crucial piece of > information here? I've posted to my setup this > weekend so you can refer to that post at > http://lists.schulte.org/pipermail/pptp-server/2000-June/002548.html -- Dragos Adrian DOBRE Network Systems Specialist Deuroconsult Brasov, Romania From aaa at netman.dk Tue Jun 20 03:15:56 2000 From: aaa at netman.dk (Alaa Alamood) Date: Tue, 20 Jun 2000 10:15:56 +0200 Subject: [pptp-server] linux-client References: <394A39E6.1CD04C0A@netman.dk> <394A560D.C4C5A394@mclinux.com> Message-ID: <394F283C.C32725E4@netman.dk> Hi When we tried to the pptp server from pptp client we got the following logs, we have tested the server by using windows(95, 98 ,nt, 2000) clients, and it working without any problems 1- PPTP server side logs Jun 19 09:55:54 pptp_server pptpd[18938]: MGR: Launching /usr/sbin/pptpctrl to handle client Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: local address = 172.16.1.1 Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: remote address = 172.16.0.10 Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: pppd speed = 115200 Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: pppd options file = /etc/ppp/options Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: Client 213.237.2.96 control connection started Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Received PPTP Control Message (type: 1) Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Made a START CTRL CONN RPLY packet Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: I wrote 156 bytes to the client. Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Sent packet to client Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Received PPTP Control Message (type: 7) Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Set parameters to 152 maxbps, 3 window size Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Made a OUT CALL RPLY packet Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Starting call (launching pppd, opening GRE) Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: pty_fd = 5 Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: tty_fd = 6 Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): local address = 172.16.1.1 Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): remote address = 172.16.0.10 Jun 19 09:55:56 pptp_server pptpd[18938]: CTRL: I wrote 32 bytes to the client. Jun 19 09:55:56 pptp_server pptpd[18938]: CTRL: Sent packet to client Jun 19 09:55:56 pptp_server modprobe: Note: /etc/conf.modules is more recent than /lib/modules/2.2.14-5.0/modules.dep Jun 19 09:55:58 pptp_server pptpd[18938]: GRE: Discarding duplicate packet Jun 19 09:56:02 pptp_server pptpd[18938]: GRE: read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/o utput error Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: Client 213.237.2.96 control connection finished Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: Exiting now Jun 19 09:56:03 pptp_server pptpd[749]: MGR: Reaped child 18938 2- Client logs side Jun 19 19:23:04 arthur (unknown)[1108]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection established. Jun 19 19:23:04 arthur (unknown)[1108]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. Jun 19 19:23:04 arthur pppd[1111]: pppd 2.3.10 started by root, uid 0 Jun 19 19:23:04 arthur pppd[1111]: Using interface ppp1 Jun 19 19:23:04 arthur pppd[1111]: Connect: ppp1 <--> /dev/ttya0 Jun 19 19:23:08 arthur pppd[1111]: peer refused to authenticate: terminating link Jun 19 19:23:08 arthur pppd[1111]: Connection terminated. Jun 19 19:23:09 arthur pppd[1111]: Exit. "Kenneth E. Lussier" wrote: > I'm assuming that you are connecting to a poptop server. Do you log > pptpd activity on the server side? If so that might be helpful. If not, > enable it in /etc/syslogd.conf. As for having to reboot after each try, > no you don't. Just delete /var/run/pptp/xxx.xxx.xxx.xxx (ip address of > the server). > > Kenny > > -- > Kenny Lussier > Systems Administrator > Mission Critical Linux > *********************************** > The road to happiness is paved > with potholes. The road to > Hell is paved with good intentions. > Does the DPW know about this?? > *********************************** > > Alaa Alamood wrote: > > > > Hi > > > > I have installed linux client 1.0.2, on my redhat 62 box, > > > > the following files look like > > > > 1- /etc/ppp/options > > > > lock > > name my_pptp_server > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > > > 2 - /etc/ppp/chap-secret > > > > Alaa my_pptp_server secret * > > my_pptp_server aaa secret * > > > > I tried to connect to the server with > > > > ../pptp xxx.xxx.xxx.xxx name aaa remotename my_pptp_server > > > > I got > > > > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client > > connection established. > > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing > > > > call established. > > > > and after 40 secunt I get > > (unknown)[721]: log[pptp_read_some:pptp_ctrl.c:368]: read error: Broken > > > > pipe > > > > the connection of course will terminat and I have to reboot the mashine > > before I can try again > > > > Regards > > Alaa > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From mpierce at genasys.es Tue Jun 20 04:06:43 2000 From: mpierce at genasys.es (Mark Pierce) Date: Tue, 20 Jun 2000 11:06:43 +0200 Subject: [pptp-server] Errors compiling ppp.c for kernel "make modules" Message-ID: <394F3423.438E9AC@genasys.es> Hello All, In spite of Vanja's very explicit directions and in spite of the fact that I thought that I followed them line by line all 3 times, I am still getting the same errors in compiling ppp.c for kernel "make modules". Everything else seems to go through without a hitch, the make bzImage, the make ppp-2.3.11... Given the odd numbers attached to the variables in the error messages I gather that something is amiss in the version tracking but I'm unable to find where or how. Am I missing a patch? I applied the ide.2.2.16.patch.bz2, linux-2.2.16-ow1.tar.gz and the ppp-2.3.11-openssl-0.9.5-mppe.patch.gz very, very faithfully. All help, even helpful flames are appreciated. Cheers, Mark Platform: i686, Mandrake 6.1, gcc2.95 kernel make modules error messages: _________________________________________________ make[2]: Entering directory `/usr/src/linux-2.2.16/drivers/net' gcc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -O3 -fomit-frame-pointer -fno-exceptions -fno-rtti -pipe -s -mpentium -mcpu=pentium -march=pentium -ffast-math -fexpensive-optimizations -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=586 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -DEXPORT_SYMTAB -c ppp.c ppp.c:188: warning: static declaration for `ppp_register_compressor_R9682e733' follows non-static ppp.c:189: warning: static declaration for `ppp_unregister_compressor_Ra1b928df' follows non-static ppp.c: In function `rcv_proto_unknown': ppp.c:2563: too few arguments to function `kill_fasync_R9bccc750' make[2]: *** [ppp.o] Error 1 make[2]: Leaving directory `/usr/src/linux-2.2.16/drivers/net' make[1]: *** [_modsubdir_net] Error 2 make[1]: Leaving directory `/usr/src/linux-2.2.16/drivers' make: *** [_mod_drivers] Error 2 -------------- next part -------------- A non-text attachment was scrubbed... Name: mpierce.vcf Type: text/x-vcard Size: 309 bytes Desc: Card for Mark Pierce URL: From pptp_list at gizzard.org Tue Jun 20 11:28:37 2000 From: pptp_list at gizzard.org (pptp_list at gizzard.org) Date: Tue, 20 Jun 2000 09:28:37 -0700 (PDT) Subject: SENT [pptp-server] rcvd [Compressed data] anyone? In-Reply-To: Message-ID: Hi Eric, Thanks much for your input. Unfortunately I'm still scratching the hiesenbug here and I think that I am actually going to have to read the RFC you mentioned (gasp!). > One thing I think you've got wrong: 'noauth' in your options file. I > believe that lets clients connect without authentication, which will break > mppe since it uses the authentication to generate it's keys for > encryption. I cant authenticate if I require 'auth' as a client. If I require 'auth' as a client, doesn't that simply force the WinNT server to authenticate itself to me? I think that I read somewhere that this wasn't a good idea to demand this on the client side except for unique situations. But, like I said before, I'm gonna have to read the docs out there and get more intimate with all of this. > > The 'fix' I sent is only for a specific case. Does it work ok if you only > download from the pptp server? If so, then you may have the same problem I > had. I wrote a fix for it, but I'm not certain how good it is... It does > work for me though... (The idea was to make it work according to the RFC I > included in the original message... Stateless is simple, it just > supposed to update the counter and thus the key). The main problem is when > DECOMP_ERROR is returned it disables 'compression' actually > encryption/decryption, which is why you see the 'rcvd' lines in your log. > After that point the session is useless... That makes sense and corresponds with what I've seen so far. I get the 'rcvd' lines at the same moment I get the 'decomp err -1' kernel msg. > A good way to check is by > trying to connect without mppe, and seeing if transfers work fine (They > did in my case). Not really an option... It is the corporate lan so they aren't going to lower their guard so I can run tests at night (paranoid bastards!)... > > On Sun, 18 Jun 2000, Rob Fairchild wrote: > > #=- The debug messages are getting generated in the ppp_mppe code in the > #=- mppe_decompress function when (seq != state->ccount). > #=- > #=- The problem looks similar to the excellent analysis Charles Duffy did so > #=- > #=- I tried what eric at we-24-30-125-179.we.mediaone.net > #=- suggested, i.e. > #=- > If you're expieriencing lost/dropped packets, then there's another > #=- > issue... The easiest fix is to use stateless encryption and in > #=- ppp_mppe.c > #=- > (under your usr/src/linux dir) in the decrypt/decompress function make > #=- it > #=- > loop through the update_count method until the count matches and NOT > #=- > return an error (just continue)." > #=- and that got rid of the 'decomp err' but the client still hangs as > #=- before. Honestly, > #=- I dont understand how eric's suggestion could have worked anyways, > #=- because I think > #=- at that point your already FUBAR. In any case, was I supposed to do > (Actually according to the RFC I mentioned, this is ok...) > > #=- the final > #=- mppe_update_count() call after we had brought (seq == state->count) ? > (I believe that extra update is not correct, but I never got in contact > with the original coder, so I don't know for certain.) Yeah, that extra mppe_update_count() looked smelly to me and thats why I mentioned it. Could be legit though, I'll be the first to admit that I don't know what the hell is going on in there. Once again thanks all for your help. Sincerely, Rob. From ionut at efone.com.au Tue Jun 20 07:49:54 2000 From: ionut at efone.com.au (Ionut Nistor) Date: Tue, 20 Jun 2000 15:49:54 +0300 Subject: [pptp-server] linux client encryption References: <394DC2CF.27EDEDA9@sema.fr> Message-ID: <394F6872.F51770B1@efone.com.au> Hi, I am having the same probmem as Frederic. I also have a quite similar configuration on both the client (pptp) and the server (pptpd), except for the version of pptpd, which is 1.1.1 Win98 clients can connect with MPPE, however the pptp client (linux) does not connect with MPPE with pptpd. I have really tried everithing, I have searched the archives but I found nothing of this kind. Please assist me. Thank you, Ionut "F. CELSE" wrote: > Hi, > > we are using the linux pptp server 1.0.0 on a red-Hat 6.1 linux box with both NT and > linux clients. Everythings seems working well but the encryption with the linux > clients. From Frederic.Celse at sema.fr Tue Jun 20 09:44:38 2000 From: Frederic.Celse at sema.fr (CELSE Frederic - GRE) Date: Tue, 20 Jun 2000 16:44:38 +0200 Subject: [pptp-server] client sometimes unable to connect References: <394DC2CF.27EDEDA9@sema.fr> <394F6872.F51770B1@efone.com.au> Message-ID: <394F8355.7B06DC8F@sema.fr> Hi, until then we where using pptp server 1.0.0 with both linux and NT clients without any problem (except the linux client encryption as submited yesterday). But now some clients (trying connecting from Kenya) are sometimes unable to connect : Jun 19 08:15:13 hades pptpd[4880]: CTRL: Client 212.49.90.254 control connection started Jun 19 08:15:15 hades pptpd[4880]: CTRL: Starting call (launching pppd, opening GRE) Jun 19 08:15:15 hades modprobe: can't locate module char-major-108 Jun 19 08:15:15 hades pppd[4881]: pppd 2.3.10 started by root, uid 0 Jun 19 08:15:15 hades pppd[4881]: Using interface ppp0 Jun 19 08:15:15 hades pppd[4881]: Connect: ppp0 <--> /dev/pts/1 Jun 19 08:15:45 hades pppd[4881]: LCP: timeout sending Config-Requests Jun 19 08:15:45 hades pptpd[4880]: GRE: read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Erreur d'entr?e/sortie Jun 19 08:15:45 hades pptpd[4880]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jun 19 08:15:45 hades pptpd[4880]: CTRL: Client 212.49.90.254 control connection finished Jun 19 08:15:45 hades pppd[4881]: Connection terminated. Jun 19 08:15:45 hades pppd[4881]: Exit. Sometimes the same client connect in without any problem. The only difference we can see between the good connections and the bad ones is that it works fine when the client incomming IP address given by the kenyan provider can be resolved with nslookup. Does anyone know this problem ? -- /// (o o) ooO_(_)_Ooo______________________________________________________________ |_____|_____|_____|_____|_____|_____|_____|____|_____|______|_____|_____| Frederic CELSE Tel : (+33) 4 76 41 67 34 Sema Group Fax : (+33) 4 76 41 47 47 Centre de Grenoble mailto:frederic.celse at sema.fr ------------------------------------------------------------------------- From xavier.marjou at iname.com Tue Jun 20 11:11:35 2000 From: xavier.marjou at iname.com (xavier.marjou at iname.com) Date: Tue, 20 Jun 2000 12:11:35 -0400 (EDT) Subject: [pptp-server] (no subject) Message-ID: <0006201211351I.21134@weba6.iname.net> Hello, I am new with PPP, PPTP and L2TP and I would have two basic questions. 1/ I found a PPTP client software on : http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/ and a PPTP server on : http://www.moretonbay.com/vpn/pptp.html Is the first one a software for a PAC and the second the software for a PNS ? (I am a little bit lost as I read that the first one could also act as a server) 2/ I suppose that there is a ppp connection between an end-user and an LNS: -------- PPP ----- PPP ----- |end-user|------| PAC |---------------| PNS | -------- PSTN ----- PPTP ----- I've read in the PPTP RFC that some PPP features (PSTN interfacing, LCP) are required on the PAC, and the other on the PNS (NCP ...). So I would like to how do I configure one pppd to only perform the first features in the PAC, and how to configure the other one for doing the rest of ppp functionalites in the PNS ? Is it possible with a standard pppd daemon, is it done by pptp, or do I need to implement it myself in some 'special' pppd deamons ? Thanks, Xavier Marjou --------------------------------------------------- Get free personalized email at http://www.iname.com From mpierce at genasys.es Tue Jun 20 13:04:19 2000 From: mpierce at genasys.es (Mark Pierce) Date: Tue, 20 Jun 2000 20:04:19 +0200 Subject: [pptp-server] Success (Errors compiling ppp.c for kernel "make modules") Message-ID: <394FB223.8FD5E3CF@genasys.es> I want to thank Charles and Vanja for their help. The trick was to upgrade to OpenSSL 0.95a and follow Vanja's howto to the letter. The Mandrake openssl-0.94 RPM did not work for me. Cheers, Mark -------------- next part -------------- A non-text attachment was scrubbed... Name: mpierce.vcf Type: text/x-vcard Size: 309 bytes Desc: Card for Mark Pierce URL: From klussier at mclinux.com Tue Jun 20 16:22:28 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Tue, 20 Jun 2000 17:22:28 -0400 Subject: [pptp-server] linux-client References: <394A39E6.1CD04C0A@netman.dk> <394A560D.C4C5A394@mclinux.com> <394F283C.C32725E4@netman.dk> Message-ID: <394FE094.4D9F9293@mclinux.com> try using this for an options file on the client side: debug user your_username_here password your_password_here noauth lock defaultroute I believe that the client will require the server to authenticate bey default, so the `noauth` option is required. Kenny -- Kenny Lussier Systems Administrator Mission Critical Linux *********************************** The road to happiness is paved with potholes. The road to Hell is paved with good intentions. Does the DPW know about this?? *********************************** Alaa Alamood wrote: > > Hi > > When we tried to the pptp server from pptp client we got the following logs, > we have tested the server by using windows(95, 98 ,nt, 2000) clients, and it > working without any problems > > 1- PPTP server side logs > > Jun 19 09:55:54 pptp_server pptpd[18938]: MGR: Launching /usr/sbin/pptpctrl > to handle client > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: local address = 172.16.1.1 > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: remote address = 172.16.0.10 > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: pppd speed = 115200 > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: pppd options file = > /etc/ppp/options > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: Client 213.237.2.96 control > connection started > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Received PPTP Control Message > (type: 1) > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Made a START CTRL CONN RPLY > packet > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: I wrote 156 bytes to the > client. > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Sent packet to client > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Received PPTP Control Message > (type: 7) > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Set parameters to 152 maxbps, > 3 window size > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Made a OUT CALL RPLY packet > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Starting call (launching > pppd, opening GRE) > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: pty_fd = 5 > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: tty_fd = 6 > Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): Connection > speed = 115200 > Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): local address > = 172.16.1.1 > Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): remote > address = 172.16.0.10 > Jun 19 09:55:56 pptp_server pptpd[18938]: CTRL: I wrote 32 bytes to the > client. > Jun 19 09:55:56 pptp_server pptpd[18938]: CTRL: Sent packet to client > Jun 19 09:55:56 pptp_server modprobe: Note: /etc/conf.modules is more recent > than /lib/modules/2.2.14-5.0/modules.dep > Jun 19 09:55:58 pptp_server pptpd[18938]: GRE: Discarding duplicate packet > Jun 19 09:56:02 pptp_server pptpd[18938]: GRE: > read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = > Input/o > utput error > Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: Client 213.237.2.96 control > connection finished > Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: Exiting now > Jun 19 09:56:03 pptp_server pptpd[749]: MGR: Reaped child 18938 > > 2- Client logs side > > Jun 19 19:23:04 arthur (unknown)[1108]: > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection > established. > Jun 19 19:23:04 arthur (unknown)[1108]: > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. > Jun 19 19:23:04 arthur pppd[1111]: pppd 2.3.10 started by root, uid 0 > Jun 19 19:23:04 arthur pppd[1111]: Using interface ppp1 > Jun 19 19:23:04 arthur pppd[1111]: Connect: ppp1 <--> /dev/ttya0 > Jun 19 19:23:08 arthur pppd[1111]: peer refused to authenticate: terminating > link > Jun 19 19:23:08 arthur pppd[1111]: Connection terminated. > Jun 19 19:23:09 arthur pppd[1111]: Exit. > > "Kenneth E. Lussier" wrote: > > > I'm assuming that you are connecting to a poptop server. Do you log > > pptpd activity on the server side? If so that might be helpful. If not, > > enable it in /etc/syslogd.conf. As for having to reboot after each try, > > no you don't. Just delete /var/run/pptp/xxx.xxx.xxx.xxx (ip address of > > the server). > > > > Kenny > > > > -- > > Kenny Lussier > > Systems Administrator > > Mission Critical Linux > > *********************************** > > The road to happiness is paved > > with potholes. The road to > > Hell is paved with good intentions. > > Does the DPW know about this?? > > *********************************** > > > > Alaa Alamood wrote: > > > > > > Hi > > > > > > I have installed linux client 1.0.2, on my redhat 62 box, > > > > > > the following files look like > > > > > > 1- /etc/ppp/options > > > > > > lock > > > name my_pptp_server > > > +chapms > > > +chapms-v2 > > > mppe-40 > > > mppe-128 > > > mppe-stateless > > > > > > 2 - /etc/ppp/chap-secret > > > > > > Alaa my_pptp_server secret * > > > my_pptp_server aaa secret * > > > > > > I tried to connect to the server with > > > > > > ../pptp xxx.xxx.xxx.xxx name aaa remotename my_pptp_server > > > > > > I got > > > > > > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client > > > connection established. > > > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing > > > > > > call established. > > > > > > and after 40 secunt I get > > > (unknown)[721]: log[pptp_read_some:pptp_ctrl.c:368]: read error: Broken > > > > > > pipe > > > > > > the connection of course will terminat and I have to reboot the mashine > > > before I can try again > > > > > > Regards > > > Alaa > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! From rwtalbot at talbot.homeip.net Tue Jun 20 17:03:44 2000 From: rwtalbot at talbot.homeip.net (Richard Talbot) Date: Wed, 21 Jun 2000 08:03:44 +1000 Subject: [pptp-server] POPTOP Problems References: <394A39E6.1CD04C0A@netman.dk> <394A560D.C4C5A394@mclinux.com> <394F283C.C32725E4@netman.dk> <394FE094.4D9F9293@mclinux.com> Message-ID: <006901bfdb03$66d0ad80$0200000a@talbot.homeip.net> Thanks very much to those that helped me out. I eventually got hold of the latest kernel and followed vanja's instructions. I was rewarded at 2AM this morning when the 95 box dialed out to the net and connected using Ms-chap-2. Now that I have everything working, I have another question.. Is it possible to have each client getting their own IP address (on the client side)? I have here 3 ethernet networks connected to my firewall. It would be useful to me if I could allocate some clients to my DMZ, while allowing others onto my local lan. If the IP's were predictable I could do this. Thanks Richard From jnekl at kc.rr.com Tue Jun 20 19:26:55 2000 From: jnekl at kc.rr.com (Joshua Nekl) Date: Tue, 20 Jun 2000 19:26:55 -0500 Subject: [pptp-server] require-mschap-v2 not working Message-ID: <002001bfdb17$67c5a4c0$0200fa0a@domain> We are wanting to anyone dialing in through pptp to be forced to use ms-chapv2 and mppe data encryption. I have require-mschap-v2 in the /etc/ppp/options file. While using NT4.0 sp6a, I forgot to re-apply the service pack after I added the point to point tunnelling protocol. When I looked though the logs, I found: Jun 20 17:12:13 lx1 pppd[8891]: CHAP peer authentication succeeded for nbartos It wasn't authenticating using mschap-v2 or mppe. After I re-applied service pack6a, it authenticated using mschap-v2 and mppe. Jun 20 18:57:54 lx1 pppd[9263]: MSCHAP-v2 peer authentication succeeded for nbartos Jun 20 18:58:01 lx1 pppd[9263]: MPPE 128 bit, stateless compression enabled Is there something else I need to be doing to force the pppd daemon to use mschap-v2??? Using: kernel v2.2.14 ppp-2.3.10 ppp-2.3.10-openssl-0.9.4-mppe.patch.gz poptop-1.0.0 /etc/ppp/options lock auth proxyarp +chapms-v2 require-chapms-v2 chapms-strip-domain mppe-40 mppe-128 mppe-stateless ms-wins 10.8.0.2 netmask 255.0.0.0 ipx nodefaultroute ------------------------------------------------- Who would write an Operating System where you have to press start to shut it off ??? From jp.chavant at geosys.fr Wed Jun 21 07:46:34 2000 From: jp.chavant at geosys.fr (Jean-Paul Chavant) Date: Wed, 21 Jun 2000 14:46:34 +0200 Subject: [pptp-server] encryption problems ... Message-ID: <000001bfdb7e$bb46ba00$6503a8c0@pcjpc> hello, i have installed pptp 1.0.0 (rpm version) on linux 2.2.14 with ppp2.3.10 (patched with ppp-2.3.10-openssl-norc4-mppe.patch) and SSLeay-0.9.0b (i don't find 0.6.0 version). compilation was fine (i have to copy rc4_locl.h from SSL in /usr/src/linux/drivers/net ...) and i can't do depmod -a , error : /lib/modules/2.2.14-15mdk/net/ppp_mppe.o: unresolved symbol(s) when i connect a Win95 client (with DUN 1.3 + vpnupdate + Y2k patch) without encryption it works fine. When i enable encryption on my pptpd server the client connect without encryption ... :( here is the log : Jun 21 14:30:15 apollon pptpd[25849]: CTRL: Client 192.168.3.101 control connect ion started Jun 21 14:30:15 apollon pptpd[25849]: CTRL: Starting call (launching pppd, openi ng GRE) Jun 21 14:30:15 apollon pppd[25850]: pppd 2.3.10 started by aroot, uid 0 Jun 21 14:30:15 apollon pppd[25850]: Using interface ppp0 Jun 21 14:30:15 apollon pppd[25850]: Connect: ppp0 <--> /dev/pts/8 Jun 21 14:30:16 apollon insmod: /lib/modules/2.2.14-15mdk/net/ppp_mppe.o: unreso lved symbol RC4_set_key Jun 21 14:30:16 apollon insmod: /lib/modules/2.2.14-15mdk/net/ppp_mppe.o: unreso lved symbol RC4_set_key Jun 21 14:30:16 apollon pppd[25850]: MSCHAP-v2 peer authentication succeeded for test Jun 21 14:30:16 apollon insmod: /lib/modules/2.2.14-15mdk/net/ppp_mppe.o: unreso lved symbol RC4_set_key Jun 21 14:30:16 apollon pppd[25850]: Cannot determine ethernet address for proxy ARP Jun 21 14:30:16 apollon pppd[25850]: local IP address 192.168.0.1 Jun 21 14:30:16 apollon pppd[25850]: remote IP address 192.168.1.1 Jun 21 14:30:16 apollon pppd[25850]: CCP terminated by peer Jun 21 14:30:16 apollon pppd[25850]: Compression disabled by peer. here is my /etc/ppp/options file : lock debug auth +chap proxyarp +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless how can i force the client to use encryption ? could someone help me ... Another question is ... After ppp authetification how can i force client to authentificate himself on an NT server ? Jean-Paul _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From aaa at netman.dk Wed Jun 21 08:17:07 2000 From: aaa at netman.dk (Alaa Alamood) Date: Wed, 21 Jun 2000 15:17:07 +0200 Subject: [pptp-server] linux-client References: <394A39E6.1CD04C0A@netman.dk> <394A560D.C4C5A394@mclinux.com> <394F283C.C32725E4@netman.dk> <394FE094.4D9F9293@mclinux.com> Message-ID: <3950C053.F72ABB8C@netman.dk> "Kenneth E. Lussier" wrote: Hi I still have the same problem > try using this for an options file on the client side: > > debug > user your_username_here > password your_password_here > noauth > lock > defaultroute > > I believe that the client will require the server to authenticate bey > default, so the `noauth` option is required. > Kenny > > -- > Kenny Lussier > Systems Administrator > Mission Critical Linux > *********************************** > The road to happiness is paved > with potholes. The road to > Hell is paved with good intentions. > Does the DPW know about this?? > *********************************** > > Alaa Alamood wrote: > > > > Hi > > > > When we tried to the pptp server from pptp client we got the following logs, > > we have tested the server by using windows(95, 98 ,nt, 2000) clients, and it > > working without any problems > > > > 1- PPTP server side logs > > > > Jun 19 09:55:54 pptp_server pptpd[18938]: MGR: Launching /usr/sbin/pptpctrl > > to handle client > > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: local address = 172.16.1.1 > > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: remote address = 172.16.0.10 > > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: pppd speed = 115200 > > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: pppd options file = > > /etc/ppp/options > > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: Client 213.237.2.96 control > > connection started > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Received PPTP Control Message > > (type: 1) > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Made a START CTRL CONN RPLY > > packet > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: I wrote 156 bytes to the > > client. > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Sent packet to client > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Received PPTP Control Message > > (type: 7) > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Set parameters to 152 maxbps, > > 3 window size > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Made a OUT CALL RPLY packet > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Starting call (launching > > pppd, opening GRE) > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: pty_fd = 5 > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: tty_fd = 6 > > Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): Connection > > speed = 115200 > > Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): local address > > = 172.16.1.1 > > Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): remote > > address = 172.16.0.10 > > Jun 19 09:55:56 pptp_server pptpd[18938]: CTRL: I wrote 32 bytes to the > > client. > > Jun 19 09:55:56 pptp_server pptpd[18938]: CTRL: Sent packet to client > > Jun 19 09:55:56 pptp_server modprobe: Note: /etc/conf.modules is more recent > > than /lib/modules/2.2.14-5.0/modules.dep > > Jun 19 09:55:58 pptp_server pptpd[18938]: GRE: Discarding duplicate packet > > Jun 19 09:56:02 pptp_server pptpd[18938]: GRE: > > read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = > > Input/o > > utput error > > Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: PTY read or GRE write failed > > (pty,gre)=(5,6) > > Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: Client 213.237.2.96 control > > connection finished > > Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: Exiting now > > Jun 19 09:56:03 pptp_server pptpd[749]: MGR: Reaped child 18938 > > > > 2- Client logs side > > > > Jun 19 19:23:04 arthur (unknown)[1108]: > > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection > > established. > > Jun 19 19:23:04 arthur (unknown)[1108]: > > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. > > Jun 19 19:23:04 arthur pppd[1111]: pppd 2.3.10 started by root, uid 0 > > Jun 19 19:23:04 arthur pppd[1111]: Using interface ppp1 > > Jun 19 19:23:04 arthur pppd[1111]: Connect: ppp1 <--> /dev/ttya0 > > Jun 19 19:23:08 arthur pppd[1111]: peer refused to authenticate: terminating > > link > > Jun 19 19:23:08 arthur pppd[1111]: Connection terminated. > > Jun 19 19:23:09 arthur pppd[1111]: Exit. > > > > "Kenneth E. Lussier" wrote: > > > > > I'm assuming that you are connecting to a poptop server. Do you log > > > pptpd activity on the server side? If so that might be helpful. If not, > > > enable it in /etc/syslogd.conf. As for having to reboot after each try, > > > no you don't. Just delete /var/run/pptp/xxx.xxx.xxx.xxx (ip address of > > > the server). > > > > > > Kenny > > > > > > -- > > > Kenny Lussier > > > Systems Administrator > > > Mission Critical Linux > > > *********************************** > > > The road to happiness is paved > > > with potholes. The road to > > > Hell is paved with good intentions. > > > Does the DPW know about this?? > > > *********************************** > > > > > > Alaa Alamood wrote: > > > > > > > > Hi > > > > > > > > I have installed linux client 1.0.2, on my redhat 62 box, > > > > > > > > the following files look like > > > > > > > > 1- /etc/ppp/options > > > > > > > > lock > > > > name my_pptp_server > > > > +chapms > > > > +chapms-v2 > > > > mppe-40 > > > > mppe-128 > > > > mppe-stateless > > > > > > > > 2 - /etc/ppp/chap-secret > > > > > > > > Alaa my_pptp_server secret * > > > > my_pptp_server aaa secret * > > > > > > > > I tried to connect to the server with > > > > > > > > ../pptp xxx.xxx.xxx.xxx name aaa remotename my_pptp_server > > > > > > > > I got > > > > > > > > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client > > > > connection established. > > > > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing > > > > > > > > call established. > > > > > > > > and after 40 secunt I get > > > > (unknown)[721]: log[pptp_read_some:pptp_ctrl.c:368]: read error: Broken > > > > > > > > pipe > > > > > > > > the connection of course will terminat and I have to reboot the mashine > > > > before I can try again > > > > > > > > Regards > > > > Alaa > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulteconsulting.com! > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jhummel at fulltiltsolutions.com Wed Jun 21 09:29:31 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Wed, 21 Jun 2000 10:29:31 -0400 Subject: [pptp-server] linux-client Message-ID: Gentlemen, You need to specify options on the command line and in a specific order. My command line would be like this ( I use the linux client to route my home network to a NT box residing on our company lan. pptp [server ip address] lock noauth debug user [username or DOMAIN\\username] +chapms-v2 mppe-128 mppe-stateless noauth You must also have the username or DOMAIN\\username and password specified in the /etc/ppp/chap-secrets file like this username * [Password] * That should do it. The problem is that the linux client wants the server to authenticate itself. This is okay if you are doing a one to one PPTP connection with a linux PPTP server. NT PPTP server doesn't send out anything to authenticate, so therefore you need to turn off authorization. I have noauth specified twice because it doesn't take just once for me. Maybe only once for you. Also, for testing purposes, you may not want to turn on encryption until it works well without it. -J -----Original Message----- From: Alaa Alamood [mailto:aaa at netman.dk] Sent: Wednesday, June 21, 2000 9:17 AM To: Kenneth E. Lussier Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] linux-client "Kenneth E. Lussier" wrote: Hi I still have the same problem > try using this for an options file on the client side: > > debug > user your_username_here > password your_password_here > noauth > lock > defaultroute > > I believe that the client will require the server to authenticate bey > default, so the `noauth` option is required. > Kenny > > -- > Kenny Lussier > Systems Administrator > Mission Critical Linux > *********************************** > The road to happiness is paved > with potholes. The road to > Hell is paved with good intentions. > Does the DPW know about this?? > *********************************** > > Alaa Alamood wrote: > > > > Hi > > > > When we tried to the pptp server from pptp client we got the following logs, > > we have tested the server by using windows(95, 98 ,nt, 2000) clients, and it > > working without any problems > > > > 1- PPTP server side logs > > > > Jun 19 09:55:54 pptp_server pptpd[18938]: MGR: Launching /usr/sbin/pptpctrl > > to handle client > > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: local address = 172.16.1.1 > > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: remote address = 172.16.0.10 > > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: pppd speed = 115200 > > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: pppd options file = > > /etc/ppp/options > > Jun 19 09:55:54 pptp_server pptpd[18938]: CTRL: Client 213.237.2.96 control > > connection started > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Received PPTP Control Message > > (type: 1) > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Made a START CTRL CONN RPLY > > packet > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: I wrote 156 bytes to the > > client. > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Sent packet to client > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Received PPTP Control Message > > (type: 7) > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Set parameters to 152 maxbps, > > 3 window size > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Made a OUT CALL RPLY packet > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: Starting call (launching > > pppd, opening GRE) > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: pty_fd = 5 > > Jun 19 09:55:55 pptp_server pptpd[18938]: CTRL: tty_fd = 6 > > Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): Connection > > speed = 115200 > > Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): local address > > = 172.16.1.1 > > Jun 19 09:55:56 pptp_server pptpd[18939]: CTRL (PPPD Launcher): remote > > address = 172.16.0.10 > > Jun 19 09:55:56 pptp_server pptpd[18938]: CTRL: I wrote 32 bytes to the > > client. > > Jun 19 09:55:56 pptp_server pptpd[18938]: CTRL: Sent packet to client > > Jun 19 09:55:56 pptp_server modprobe: Note: /etc/conf.modules is more recent > > than /lib/modules/2.2.14-5.0/modules.dep > > Jun 19 09:55:58 pptp_server pptpd[18938]: GRE: Discarding duplicate packet > > Jun 19 09:56:02 pptp_server pptpd[18938]: GRE: > > read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = > > Input/o > > utput error > > Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: PTY read or GRE write failed > > (pty,gre)=(5,6) > > Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: Client 213.237.2.96 control > > connection finished > > Jun 19 09:56:02 pptp_server pptpd[18938]: CTRL: Exiting now > > Jun 19 09:56:03 pptp_server pptpd[749]: MGR: Reaped child 18938 > > > > 2- Client logs side > > > > Jun 19 19:23:04 arthur (unknown)[1108]: > > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection > > established. > > Jun 19 19:23:04 arthur (unknown)[1108]: > > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. > > Jun 19 19:23:04 arthur pppd[1111]: pppd 2.3.10 started by root, uid 0 > > Jun 19 19:23:04 arthur pppd[1111]: Using interface ppp1 > > Jun 19 19:23:04 arthur pppd[1111]: Connect: ppp1 <--> /dev/ttya0 > > Jun 19 19:23:08 arthur pppd[1111]: peer refused to authenticate: terminating > > link > > Jun 19 19:23:08 arthur pppd[1111]: Connection terminated. > > Jun 19 19:23:09 arthur pppd[1111]: Exit. > > > > "Kenneth E. Lussier" wrote: > > > > > I'm assuming that you are connecting to a poptop server. Do you log > > > pptpd activity on the server side? If so that might be helpful. If not, > > > enable it in /etc/syslogd.conf. As for having to reboot after each try, > > > no you don't. Just delete /var/run/pptp/xxx.xxx.xxx.xxx (ip address of > > > the server). > > > > > > Kenny > > > > > > -- > > > Kenny Lussier > > > Systems Administrator > > > Mission Critical Linux > > > *********************************** > > > The road to happiness is paved > > > with potholes. The road to > > > Hell is paved with good intentions. > > > Does the DPW know about this?? > > > *********************************** > > > > > > Alaa Alamood wrote: > > > > > > > > Hi > > > > > > > > I have installed linux client 1.0.2, on my redhat 62 box, > > > > > > > > the following files look like > > > > > > > > 1- /etc/ppp/options > > > > > > > > lock > > > > name my_pptp_server > > > > +chapms > > > > +chapms-v2 > > > > mppe-40 > > > > mppe-128 > > > > mppe-stateless > > > > > > > > 2 - /etc/ppp/chap-secret > > > > > > > > Alaa my_pptp_server secret * > > > > my_pptp_server aaa secret * > > > > > > > > I tried to connect to the server with > > > > > > > > ../pptp xxx.xxx.xxx.xxx name aaa remotename my_pptp_server > > > > > > > > I got > > > > > > > > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client > > > > connection established. > > > > (unknown)[721]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing > > > > > > > > call established. > > > > > > > > and after 40 secunt I get > > > > (unknown)[721]: log[pptp_read_some:pptp_ctrl.c:368]: read error: Broken > > > > > > > > pipe > > > > > > > > the connection of course will terminat and I have to reboot the mashine > > > > before I can try again > > > > > > > > Regards > > > > Alaa > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulteconsulting.com! > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From P.J.Reid at earthling.net Wed Jun 21 10:11:20 2000 From: P.J.Reid at earthling.net (Patrick Reid) Date: Wed, 21 Jun 2000 12:11:20 -0300 Subject: [pptp-server] POPTOP Problems In-Reply-To: <006901bfdb03$66d0ad80$0200000a@talbot.homeip.net> Message-ID: Just specify the IP in the chap-secrets file, like this (from my chap-secrets): rrock reidworld @/home/rrock/passwords/vpnfore.txt 192.168.99.33 reidworld rrock @/home/rrock/passwords/vpnback.txt 192.168.99.11 This entry has user rrock logging into machine reidworld using a password which is stored in /home/rrock/passwords/vpnfore.txt (the same password backwards is in /home/rrock/passwords/vpnback.txt). reidworld is always on 192.168.99.11 and rrock always gets 192.168.99.33 Patrick Reid - mailto:P.J.Reid at earthling.net Communication Centre: "It is by Caffeine alone that I set my mind in motion- It is by the beans of Java, that my thoughts acquire speed- The hands acquire shakes; the shakes become a warning- It is by Caffeine alone that I set my mind in motion..." -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Richard Talbot Sent: June 20, 2000 7:04 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] POPTOP Problems Thanks very much to those that helped me out. I eventually got hold of the latest kernel and followed vanja's instructions. I was rewarded at 2AM this morning when the 95 box dialed out to the net and connected using Ms-chap-2. Now that I have everything working, I have another question.. Is it possible to have each client getting their own IP address (on the client side)? I have here 3 ethernet networks connected to my firewall. It would be useful to me if I could allocate some clients to my DMZ, while allowing others onto my local lan. If the IP's were predictable I could do this. Thanks Richard _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From jp.chavant at geosys.fr Wed Jun 21 10:16:13 2000 From: jp.chavant at geosys.fr (Jean-Paul Chavant) Date: Wed, 21 Jun 2000 17:16:13 +0200 Subject: [pptp-server] problem compiling ppp 2.3.10 Message-ID: <001101bfdb93$a30432a0$6503a8c0@pcjpc> hello i am following the redhat link howto from moretonbay www (this time i ve found SSLeay-0.6.6b ...) and when i compile ppp 2.3.10 at the make modules SUBDIRS=drivers/net i ve got this error : In file included from ppp_mppe.c:67: rc4_enc.c:60: rc4_locl.h: Aucun fichier ou r?pertoire de ce type make[1]: *** [ppp_mppe.o] Error 1 I don't find SSLeay-0.6.6b/crypto/rc4/rc4_locl.h what can i have to do ???? thanks Jean-Paul _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From smahmood at tekdigitel.com Wed Jun 21 10:42:17 2000 From: smahmood at tekdigitel.com (Shahid Mahmood) Date: Wed, 21 Jun 2000 11:42:17 -0400 Subject: [pptp-server] "No domain controller was found to validate your password." In-Reply-To: References: Message-ID: <4.3.2.7.0.20000621112758.00aac750@tekdigitel.com> Office: * PopTop running on m/c with 2 ethernet cards (64.x.x.x and 192.168.1.1) * File server "NT_SERVER" on private LAN (192.168.1.2) * smb server "linux-server" + wins support on 192.168.1.1 (same m/c as poptop). * /etc/ppp/options has ms-wins 192.168.1.1 Home: * Win 98 SE PC * lmhosts file has a line 192.168.1.2 NT_SERVER #PRE #DOM:atc-group * WORKGROUP = atc-group I connect to Internet, fire up VPN get connected to office LAN at "Logging on to Network" dilaog, I get "No domain controller was found to validate your password". It happens 9 out of ten times. Sometimes it "DOES" find the N_SERVER for login, but the startup scripts (kick32.exe or something) either takes toooo long to finish or crashes the client PC. This works: * The shares from "linux-server" (the samba on poptop m/c) are connected ok. (i can mount directories etc). These dont require NT for login authorizarion. * I can browse the network and see all NT file servers, but cannot write to any of them (becuz i never logged in). * I can ping all PC in office LAN. *HELP* !!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From cduffy at mvista.com Wed Jun 21 10:55:25 2000 From: cduffy at mvista.com (Charles Duffy) Date: Wed, 21 Jun 2000 08:55:25 -0700 Subject: [pptp-server] encryption problems ... In-Reply-To: <000001bfdb7e$bb46ba00$6503a8c0@pcjpc>; from jp.chavant@geosys.fr on Wed, Jun 21, 2000 at 02:46:34PM +0200 References: <000001bfdb7e$bb46ba00$6503a8c0@pcjpc> Message-ID: <20000621085525.C18084@mvista.com> On Wed, Jun 21, 2000 at 02:46:34PM +0200, Jean-Paul Chavant wrote: > and i can't do depmod -a , error : > /lib/modules/2.2.14-15mdk/net/ppp_mppe.o: unresolved symbol(s) Do a 'modprobe ppp; insmod /lib/modules/2.2.14-15mdk/net/ppp_mppe.o' so we can see exactly which symbols are missing. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From giulioo at pobox.com Wed Jun 21 12:02:08 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Wed, 21 Jun 2000 19:02:08 +0200 Subject: [pptp-server] problem compiling ppp 2.3.10 In-Reply-To: <001101bfdb93$a30432a0$6503a8c0@pcjpc> References: <001101bfdb93$a30432a0$6503a8c0@pcjpc> Message-ID: <20000621170513.C222C2AE9C@i3.golden.dom> On Wed, 21 Jun 2000 17:16:13 +0200, you wrote: >(this time i ve found SSLeay-0.6.6b ...) >and when i compile ppp 2.3.10 at the make modules SUBDIRS=drivers/net >i ve got this error : > >In file included from ppp_mppe.c:67: >rc4_enc.c:60: rc4_locl.h: Aucun fichier ou r?pertoire de ce type >make[1]: *** [ppp_mppe.o] Error 1 >I don't find SSLeay-0.6.6b/crypto/rc4/rc4_locl.h what can i have to do ???? I used openssl instead of SSLeay [go at i4 openssl-0.9.4]$ ls crypto/rc4/ Makefile Makefile.uni rc4.c rc4_enc.c rc4_skey.c rc4speed.c rrc4.doc Makefile.ssl asm rc4.h rc4_locl.h rc4s.cpp rc4test.c [go at i4 openssl-0.9.4]$ -- giulioo at pobox.com From bps at i-dzines.com Wed Jun 21 17:15:41 2000 From: bps at i-dzines.com (Brian Sweeney) Date: Wed, 21 Jun 2000 18:15:41 -0400 Subject: [pptp-server] Encrypted without PPP with MSCHAPv2/MPPE Installed? Message-ID: Hi, I am hoping someone can help me answer the question Is PopTop encrypted without installing PPP with MSCHAPv2/MPPE? If so how many bit encryption? Thanks, Brian From BAust at healthdec.com Wed Jun 21 17:29:00 2000 From: BAust at healthdec.com (Brian Aust) Date: Wed, 21 Jun 2000 18:29:00 -0400 Subject: [pptp-server] W98 client can only ping poptop server Message-ID: Hey guys... After finally trashing all of my W98SE dial up networking software and reinstalling all of it from CD and then applying the 128-bit DUN upgrade, the W98 now successfully connects to my Linux Poptop server without errors. Bear in mind this is just clear, no authentication. However... it comes close, but not quite. Turns out that it can ONLY ping the internal address of the Poptop server (10.1.1.69), and nothing else. There are lots of other machines on our 10.x.x.x network, but the W98 box can't ping them. it can't ping 10.1.1.2 (DNS and WINS server) or anything. Here's the layout again: Server: RHAT6.2, PPTPD 1.0.0 tarball install Client: W98SE with 128-bit DUN upgrade... only TCP/IP selected, gets all addresses from server /etc/ppp/options file: lock ms-dns 10.1.1.2 ms-wins 10.1.1.2 domain healthdec.com proxyarp name bnyatalie.healthdec.com debug auth require-chap /etc/ppp/chap-secrets file: baust * bpass * (I've also put the name of the poptop server in place of the "*"s in the 2nd area, in the past) jdoe * jpass * /etc/pptpd.conf file: speed 115200 debug localip 10.1.1.69 #this is the address of the poptop server remoteip 10.1.1.96-99 #the four addresses i have set aside for W98 clients and finally, the /var/log/messages file when the W98 box connects: Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Client 24.162.230.141 control connection started Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Starting call (launching pppd, opening GRE) Jun 21 01:58:39 bnyatalie pppd[10017]: pppd 2.3.11 started by root, uid 0 Jun 21 01:58:39 bnyatalie pppd[10017]: Using interface ppp0 Jun 21 01:58:39 bnyatalie pppd[10017]: Connect: ppp0 <--> /dev/pts/2 Jun 21 01:58:39 bnyatalie pppd[10017]: CHAP peer authentication succeeded for baust Jun 21 01:58:40 bnyatalie pppd[10017]: found interface eth0 for proxy arp Jun 21 01:58:40 bnyatalie pppd[10017]: local IP address 10.1.1.69 Jun 21 01:58:40 bnyatalie pppd[10017]: remote IP address 10.1.1.97 Jun 21 01:58:40 bnyatalie pppd[10017]: CCP terminated by peer Jun 21 01:58:40 bnyatalie pppd[10017]: Compression disabled by peer. Jun 21 02:01:35 bnyatalie pppd[10017]: LCP terminated by peer Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Error with select(), quitting Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Client 24.162.230.141 control connection finished Jun 21 02:01:36 bnyatalie pppd[10017]: Modem hangup Jun 21 02:01:36 bnyatalie pppd[10017]: Connection terminated. Jun 21 02:01:36 bnyatalie pppd[10017]: Connect time 3.0 minutes. Jun 21 02:01:36 bnyatalie pppd[10017]: Sent 1114 bytes, received 18023 bytes. Jun 21 02:01:36 bnyatalie pppd[10017]: Exit. everything at 01:58 is when it first connects, the stuff at 02:01 is when i finally killed the dialup networking connection from W98. Any clues why the W98 box can ping the poptop server, but nothing else on the internal network?? Thanks much!! Brian Brian R. Aust Manager of Information Technology Health Decisions, Inc. 1512 East Franklin St. Suite 200 Chapel Hill, NC 27514 919.967.2399 x247 baust at healthdec.com From sstone at taos.com Wed Jun 21 17:50:03 2000 From: sstone at taos.com (Scott M. Stone) Date: Wed, 21 Jun 2000 15:50:03 -0700 (PDT) Subject: [pptp-server] Encrypted without PPP with MSCHAPv2/MPPE Installed? In-Reply-To: Message-ID: On Wed, 21 Jun 2000, Brian Sweeney wrote: > Hi, > > I am hoping someone can help me answer the question > > Is PopTop encrypted without installing PPP with MSCHAPv2/MPPE? > If so how many bit encryption? no. poptop is just a program that establishes a ppp-over-gre tunnel between two IP hosts through an IP network. Encryption is up to the PPP implementation to provide. -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From sstone at taos.com Wed Jun 21 17:51:14 2000 From: sstone at taos.com (Scott M. Stone) Date: Wed, 21 Jun 2000 15:51:14 -0700 (PDT) Subject: [pptp-server] W98 client can only ping poptop server In-Reply-To: Message-ID: On Wed, 21 Jun 2000, Brian Aust wrote: > Hey guys... > > After finally trashing all of my W98SE dial up networking software and > reinstalling all of it from CD and then applying the 128-bit DUN upgrade, > the W98 now successfully connects to my Linux Poptop server without errors. > Bear in mind this is just clear, no authentication. > > However... it comes close, but not quite. Turns out that it can ONLY ping > the internal address of the Poptop server (10.1.1.69), and nothing else. > There are lots of other machines on our 10.x.x.x network, but the W98 box > can't ping them. it can't ping 10.1.1.2 (DNS and WINS server) or anything. you're using ipchains, right? you have to specifically allow conduits from your pptp client ip addrs to the rest of your subnet, since you're spanning multiple interfaces. > > Here's the layout again: > > Server: RHAT6.2, PPTPD 1.0.0 tarball install Client: W98SE > with 128-bit DUN upgrade... only TCP/IP selected, gets all addresses from > server > > /etc/ppp/options file: > lock > ms-dns 10.1.1.2 > ms-wins 10.1.1.2 > domain healthdec.com > proxyarp > name bnyatalie.healthdec.com > debug > auth > require-chap > > /etc/ppp/chap-secrets file: > baust * bpass * (I've also put the > name of the poptop server in place of the "*"s in the 2nd area, in the past) > jdoe * jpass * > > /etc/pptpd.conf file: > speed 115200 > debug > localip 10.1.1.69 #this is the address of the poptop server > remoteip 10.1.1.96-99 #the four addresses i have set aside for W98 clients > > > and finally, the /var/log/messages file when the W98 box connects: > Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Client 24.162.230.141 control > connection started > Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Starting call (launching pppd, > opening GRE) > Jun 21 01:58:39 bnyatalie pppd[10017]: pppd 2.3.11 started by root, uid 0 > Jun 21 01:58:39 bnyatalie pppd[10017]: Using interface ppp0 > Jun 21 01:58:39 bnyatalie pppd[10017]: Connect: ppp0 <--> /dev/pts/2 > Jun 21 01:58:39 bnyatalie pppd[10017]: CHAP peer authentication succeeded > for baust > Jun 21 01:58:40 bnyatalie pppd[10017]: found interface eth0 for proxy arp > Jun 21 01:58:40 bnyatalie pppd[10017]: local IP address 10.1.1.69 > Jun 21 01:58:40 bnyatalie pppd[10017]: remote IP address 10.1.1.97 > Jun 21 01:58:40 bnyatalie pppd[10017]: CCP terminated by peer > Jun 21 01:58:40 bnyatalie pppd[10017]: Compression disabled by peer. > Jun 21 02:01:35 bnyatalie pppd[10017]: LCP terminated by peer > Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Error with select(), quitting > Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Client 24.162.230.141 control > connection finished > Jun 21 02:01:36 bnyatalie pppd[10017]: Modem hangup > Jun 21 02:01:36 bnyatalie pppd[10017]: Connection terminated. > Jun 21 02:01:36 bnyatalie pppd[10017]: Connect time 3.0 minutes. > Jun 21 02:01:36 bnyatalie pppd[10017]: Sent 1114 bytes, received 18023 > bytes. > Jun 21 02:01:36 bnyatalie pppd[10017]: Exit. > > everything at 01:58 is when it first connects, the stuff at 02:01 is when i > finally killed the dialup networking connection from W98. > > Any clues why the W98 box can ping the poptop server, but nothing else on > the internal network?? > > Thanks much!! > Brian > > Brian R. Aust > Manager of Information Technology > Health Decisions, Inc. > 1512 East Franklin St. Suite 200 > Chapel Hill, NC 27514 > 919.967.2399 x247 > baust at healthdec.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From BAust at healthdec.com Wed Jun 21 17:52:06 2000 From: BAust at healthdec.com (Brian Aust) Date: Wed, 21 Jun 2000 18:52:06 -0400 Subject: [pptp-server] W98 client can only ping poptop server Message-ID: No... no ipchains, yet.... I have a CHeckpoint FW-1 firewall on an NT box, and the poptop server is 10.1.1.69, NAT'd to a real external address. So the poptop server is just another internal server here at the company. But FW-1 has it NAT'd to a real external IP, and i've set up a rule in FW-1 to allow ANY AND ALL traffic in to and out from the poptop server. Does this shed any new light onto things? Brian R. Aust Manager of Information Technology Health Decisions, Inc. 1512 East Franklin St. Suite 200 Chapel Hill, NC 27514 919.967.2399 x247 baust at healthdec.com > -----Original Message----- > From: Scott M. Stone [mailto:sstone at taos.com] > Sent: Wednesday, June 21, 2000 6:51 PM > To: Brian Aust > Cc: 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] W98 client can only ping poptop server > > > On Wed, 21 Jun 2000, Brian Aust wrote: > > > Hey guys... > > > > After finally trashing all of my W98SE dial up networking > software and > > reinstalling all of it from CD and then applying the > 128-bit DUN upgrade, > > the W98 now successfully connects to my Linux Poptop server > without errors. > > Bear in mind this is just clear, no authentication. > > > > However... it comes close, but not quite. Turns out that > it can ONLY ping > > the internal address of the Poptop server (10.1.1.69), and > nothing else. > > There are lots of other machines on our 10.x.x.x network, > but the W98 box > > can't ping them. it can't ping 10.1.1.2 (DNS and WINS > server) or anything. > > you're using ipchains, right? > > you have to specifically allow conduits from your pptp client > ip addrs to > the rest of your subnet, since you're spanning multiple interfaces. > > > > > Here's the layout again: > > > > Server: RHAT6.2, PPTPD 1.0.0 tarball install > Client: W98SE > > with 128-bit DUN upgrade... only TCP/IP selected, gets > all addresses from > > server > > > > /etc/ppp/options file: > > lock > > ms-dns 10.1.1.2 > > ms-wins 10.1.1.2 > > domain healthdec.com > > proxyarp > > name bnyatalie.healthdec.com > > debug > > auth > > require-chap > > > > /etc/ppp/chap-secrets file: > > baust * bpass * > (I've also put the > > name of the poptop server in place of the "*"s in the 2nd > area, in the past) > > jdoe * jpass * > > > > /etc/pptpd.conf file: > > speed 115200 > > debug > > localip 10.1.1.69 #this is the address of the poptop server > > remoteip 10.1.1.96-99 #the four addresses i have set > aside for W98 clients > > > > > > and finally, the /var/log/messages file when the W98 box connects: > > Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Client > 24.162.230.141 control > > connection started > > Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Starting call > (launching pppd, > > opening GRE) > > Jun 21 01:58:39 bnyatalie pppd[10017]: pppd 2.3.11 started > by root, uid 0 > > Jun 21 01:58:39 bnyatalie pppd[10017]: Using interface ppp0 > > Jun 21 01:58:39 bnyatalie pppd[10017]: Connect: ppp0 <--> /dev/pts/2 > > Jun 21 01:58:39 bnyatalie pppd[10017]: CHAP peer > authentication succeeded > > for baust > > Jun 21 01:58:40 bnyatalie pppd[10017]: found interface eth0 > for proxy arp > > Jun 21 01:58:40 bnyatalie pppd[10017]: local IP address 10.1.1.69 > > Jun 21 01:58:40 bnyatalie pppd[10017]: remote IP address 10.1.1.97 > > Jun 21 01:58:40 bnyatalie pppd[10017]: CCP terminated by peer > > Jun 21 01:58:40 bnyatalie pppd[10017]: Compression disabled by peer. > > Jun 21 02:01:35 bnyatalie pppd[10017]: LCP terminated by peer > > Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Error with > select(), quitting > > Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Client > 24.162.230.141 control > > connection finished > > Jun 21 02:01:36 bnyatalie pppd[10017]: Modem hangup > > Jun 21 02:01:36 bnyatalie pppd[10017]: Connection terminated. > > Jun 21 02:01:36 bnyatalie pppd[10017]: Connect time 3.0 minutes. > > Jun 21 02:01:36 bnyatalie pppd[10017]: Sent 1114 bytes, > received 18023 > > bytes. > > Jun 21 02:01:36 bnyatalie pppd[10017]: Exit. > > > > everything at 01:58 is when it first connects, the stuff at > 02:01 is when i > > finally killed the dialup networking connection from W98. > > > > Any clues why the W98 box can ping the poptop server, but > nothing else on > > the internal network?? > > > > Thanks much!! > > Brian > > > > Brian R. Aust > > Manager of Information Technology > > Health Decisions, Inc. > > 1512 East Franklin St. Suite 200 > > Chapel Hill, NC 27514 > > 919.967.2399 x247 > > baust at healthdec.com > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > > > -------------------------- > Scott M. Stone, CCNA > UNIX Systems and Network Engineer > Taos - The SysAdmin Company > From georgiev at globalserve.net Wed Jun 21 17:55:34 2000 From: georgiev at globalserve.net (G. Georgiev) Date: Wed, 21 Jun 2000 18:55:34 -0400 (EDT) Subject: [pptp-server] rcvd [LCP ProtRej id=0xf0 02 61 aa.. Why? Message-ID: Hi, I try to install the linux pptp client(pptp-1.0.2) and I am able to connect, bring up the interface, but can not send or receive anything, the debug log records: Jun 21 18:27:58 gate pppd[379]: rcvd [LCP ProtRej id=0xf0 02 61 aa a2 Jun 21 18:27:59 gate pppd[379]: rcvd [LCP ProtRej id=0xf1 d6 3d 56 c9 and so on. I can not turn off the compression nor call the other side - they provided me with windows package and the link has to work (and it works) under windows, but I hate that. I use the linux 2.2.13, pppd-2.2.11 and ppp-2.3.10-openssl-norc4-mppe.patch, i did also try the SSleay package encryption with pppd-2.3.10, several other kernels, but I am relly stuck. I read the mail list archives, two week dig in Internet, but nothing. May someone give me a test login somewhere with MPPE encription to connect with windows and linux and see the difference? Or some idea how I may patch the situation? thanks, george. ----------------------------------------------------------------------- Some logs: Kernel mods: PPP: version 2.3.11 (demand dialling) PPP line discipline registered. PPP MPPE compression module registered registered device ppp0 registered device ppp1 PPP BSD Compression module registered GRE over IPv4 tunneling driver PPP Deflate Compression module registered /var/log/debug Jun 21 18:26:58 gate pppd[379]: rcvd [CHAP Success id=0xad "CHAP authentication success, unit 162104852"] Jun 21 18:26:59 gate pppd[379]: rcvd [CCP ConfReq id=0x97 ] Jun 21 18:26:59 gate pppd[379]: sent [CCP ConfAck id=0x97 ] Jun 21 18:26:59 gate pppd[379]: rcvd [CCP ConfAck id=0x3 ] From sstone at taos.com Wed Jun 21 18:00:28 2000 From: sstone at taos.com (Scott M. Stone) Date: Wed, 21 Jun 2000 16:00:28 -0700 (PDT) Subject: [pptp-server] W98 client can only ping poptop server In-Reply-To: Message-ID: On Wed, 21 Jun 2000, Brian Aust wrote: > No... no ipchains, yet.... > > I have a CHeckpoint FW-1 firewall on an NT box, and the poptop server is > 10.1.1.69, NAT'd to a real external address. So the poptop server is just > another internal server here at the company. But FW-1 has it NAT'd to a > real external IP, and i've set up a rule in FW-1 to allow ANY AND ALL > traffic in to and out from the poptop server. > > Does this shed any new light onto things? hm, make sure the clients are setting their gateway to point at the poptop server, then, and that ip forwarding is enabled on the server... > > Brian R. Aust > Manager of Information Technology > Health Decisions, Inc. > 1512 East Franklin St. Suite 200 > Chapel Hill, NC 27514 > 919.967.2399 x247 > baust at healthdec.com > > > > -----Original Message----- > > From: Scott M. Stone [mailto:sstone at taos.com] > > Sent: Wednesday, June 21, 2000 6:51 PM > > To: Brian Aust > > Cc: 'pptp-server at lists.schulte.org' > > Subject: Re: [pptp-server] W98 client can only ping poptop server > > > > > > On Wed, 21 Jun 2000, Brian Aust wrote: > > > > > Hey guys... > > > > > > After finally trashing all of my W98SE dial up networking > > software and > > > reinstalling all of it from CD and then applying the > > 128-bit DUN upgrade, > > > the W98 now successfully connects to my Linux Poptop server > > without errors. > > > Bear in mind this is just clear, no authentication. > > > > > > However... it comes close, but not quite. Turns out that > > it can ONLY ping > > > the internal address of the Poptop server (10.1.1.69), and > > nothing else. > > > There are lots of other machines on our 10.x.x.x network, > > but the W98 box > > > can't ping them. it can't ping 10.1.1.2 (DNS and WINS > > server) or anything. > > > > you're using ipchains, right? > > > > you have to specifically allow conduits from your pptp client > > ip addrs to > > the rest of your subnet, since you're spanning multiple interfaces. > > > > > > > > Here's the layout again: > > > > > > Server: RHAT6.2, PPTPD 1.0.0 tarball install > > Client: W98SE > > > with 128-bit DUN upgrade... only TCP/IP selected, gets > > all addresses from > > > server > > > > > > /etc/ppp/options file: > > > lock > > > ms-dns 10.1.1.2 > > > ms-wins 10.1.1.2 > > > domain healthdec.com > > > proxyarp > > > name bnyatalie.healthdec.com > > > debug > > > auth > > > require-chap > > > > > > /etc/ppp/chap-secrets file: > > > baust * bpass * > > (I've also put the > > > name of the poptop server in place of the "*"s in the 2nd > > area, in the past) > > > jdoe * jpass * > > > > > > /etc/pptpd.conf file: > > > speed 115200 > > > debug > > > localip 10.1.1.69 #this is the address of the poptop server > > > remoteip 10.1.1.96-99 #the four addresses i have set > > aside for W98 clients > > > > > > > > > and finally, the /var/log/messages file when the W98 box connects: > > > Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Client > > 24.162.230.141 control > > > connection started > > > Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Starting call > > (launching pppd, > > > opening GRE) > > > Jun 21 01:58:39 bnyatalie pppd[10017]: pppd 2.3.11 started > > by root, uid 0 > > > Jun 21 01:58:39 bnyatalie pppd[10017]: Using interface ppp0 > > > Jun 21 01:58:39 bnyatalie pppd[10017]: Connect: ppp0 <--> /dev/pts/2 > > > Jun 21 01:58:39 bnyatalie pppd[10017]: CHAP peer > > authentication succeeded > > > for baust > > > Jun 21 01:58:40 bnyatalie pppd[10017]: found interface eth0 > > for proxy arp > > > Jun 21 01:58:40 bnyatalie pppd[10017]: local IP address 10.1.1.69 > > > Jun 21 01:58:40 bnyatalie pppd[10017]: remote IP address 10.1.1.97 > > > Jun 21 01:58:40 bnyatalie pppd[10017]: CCP terminated by peer > > > Jun 21 01:58:40 bnyatalie pppd[10017]: Compression disabled by peer. > > > Jun 21 02:01:35 bnyatalie pppd[10017]: LCP terminated by peer > > > Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Error with > > select(), quitting > > > Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Client > > 24.162.230.141 control > > > connection finished > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Modem hangup > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Connection terminated. > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Connect time 3.0 minutes. > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Sent 1114 bytes, > > received 18023 > > > bytes. > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Exit. > > > > > > everything at 01:58 is when it first connects, the stuff at > > 02:01 is when i > > > finally killed the dialup networking connection from W98. > > > > > > Any clues why the W98 box can ping the poptop server, but > > nothing else on > > > the internal network?? > > > > > > Thanks much!! > > > Brian > > > > > > Brian R. Aust > > > Manager of Information Technology > > > Health Decisions, Inc. > > > 1512 East Franklin St. Suite 200 > > > Chapel Hill, NC 27514 > > > 919.967.2399 x247 > > > baust at healthdec.com > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > -------------------------- > > Scott M. Stone, CCNA > > UNIX Systems and Network Engineer > > Taos - The SysAdmin Company > > > > -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From BAust at healthdec.com Wed Jun 21 18:19:10 2000 From: BAust at healthdec.com (Brian Aust) Date: Wed, 21 Jun 2000 19:19:10 -0400 Subject: [pptp-server] W98 client can only ping poptop server Message-ID: IP forwarding enabled on the NT FW-1 box, or IP forwarding enabled on the poptop server?? If on poptop server, where exactly is this located? With that info, I can give it a whirl and see what happens! Cheers! Brian Brian R. Aust Manager of Information Technology Health Decisions, Inc. 1512 East Franklin St. Suite 200 Chapel Hill, NC 27514 919.967.2399 x247 baust at healthdec.com > -----Original Message----- > From: Scott M. Stone [mailto:sstone at taos.com] > Sent: Wednesday, June 21, 2000 7:00 PM > To: Brian Aust > Cc: 'pptp-server at lists.schulte.org' > Subject: RE: [pptp-server] W98 client can only ping poptop server > > > On Wed, 21 Jun 2000, Brian Aust wrote: > > > No... no ipchains, yet.... > > > > I have a CHeckpoint FW-1 firewall on an NT box, and the > poptop server is > > 10.1.1.69, NAT'd to a real external address. So the poptop > server is just > > another internal server here at the company. But FW-1 has > it NAT'd to a > > real external IP, and i've set up a rule in FW-1 to allow > ANY AND ALL > > traffic in to and out from the poptop server. > > > > Does this shed any new light onto things? > > hm, make sure the clients are setting their gateway to point > at the poptop > server, then, and that ip forwarding is enabled on the server... > > > > > Brian R. Aust > > Manager of Information Technology > > Health Decisions, Inc. > > 1512 East Franklin St. Suite 200 > > Chapel Hill, NC 27514 > > 919.967.2399 x247 > > baust at healthdec.com > > > > > > > -----Original Message----- > > > From: Scott M. Stone [mailto:sstone at taos.com] > > > Sent: Wednesday, June 21, 2000 6:51 PM > > > To: Brian Aust > > > Cc: 'pptp-server at lists.schulte.org' > > > Subject: Re: [pptp-server] W98 client can only ping poptop server > > > > > > > > > On Wed, 21 Jun 2000, Brian Aust wrote: > > > > > > > Hey guys... > > > > > > > > After finally trashing all of my W98SE dial up networking > > > software and > > > > reinstalling all of it from CD and then applying the > > > 128-bit DUN upgrade, > > > > the W98 now successfully connects to my Linux Poptop server > > > without errors. > > > > Bear in mind this is just clear, no authentication. > > > > > > > > However... it comes close, but not quite. Turns out that > > > it can ONLY ping > > > > the internal address of the Poptop server (10.1.1.69), and > > > nothing else. > > > > There are lots of other machines on our 10.x.x.x network, > > > but the W98 box > > > > can't ping them. it can't ping 10.1.1.2 (DNS and WINS > > > server) or anything. > > > > > > you're using ipchains, right? > > > > > > you have to specifically allow conduits from your pptp client > > > ip addrs to > > > the rest of your subnet, since you're spanning multiple > interfaces. > > > > > > > > > > > Here's the layout again: > > > > > > > > Server: RHAT6.2, PPTPD 1.0.0 tarball install > > > Client: W98SE > > > > with 128-bit DUN upgrade... only TCP/IP selected, gets > > > all addresses from > > > > server > > > > > > > > /etc/ppp/options file: > > > > lock > > > > ms-dns 10.1.1.2 > > > > ms-wins 10.1.1.2 > > > > domain healthdec.com > > > > proxyarp > > > > name bnyatalie.healthdec.com > > > > debug > > > > auth > > > > require-chap > > > > > > > > /etc/ppp/chap-secrets file: > > > > baust * bpass * > > > (I've also put the > > > > name of the poptop server in place of the "*"s in the 2nd > > > area, in the past) > > > > jdoe * jpass * > > > > > > > > /etc/pptpd.conf file: > > > > speed 115200 > > > > debug > > > > localip 10.1.1.69 #this is the address of the poptop server > > > > remoteip 10.1.1.96-99 #the four addresses i have set > > > aside for W98 clients > > > > > > > > > > > > and finally, the /var/log/messages file when the W98 > box connects: > > > > Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Client > > > 24.162.230.141 control > > > > connection started > > > > Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Starting call > > > (launching pppd, > > > > opening GRE) > > > > Jun 21 01:58:39 bnyatalie pppd[10017]: pppd 2.3.11 started > > > by root, uid 0 > > > > Jun 21 01:58:39 bnyatalie pppd[10017]: Using interface ppp0 > > > > Jun 21 01:58:39 bnyatalie pppd[10017]: Connect: ppp0 > <--> /dev/pts/2 > > > > Jun 21 01:58:39 bnyatalie pppd[10017]: CHAP peer > > > authentication succeeded > > > > for baust > > > > Jun 21 01:58:40 bnyatalie pppd[10017]: found interface eth0 > > > for proxy arp > > > > Jun 21 01:58:40 bnyatalie pppd[10017]: local IP > address 10.1.1.69 > > > > Jun 21 01:58:40 bnyatalie pppd[10017]: remote IP > address 10.1.1.97 > > > > Jun 21 01:58:40 bnyatalie pppd[10017]: CCP terminated by peer > > > > Jun 21 01:58:40 bnyatalie pppd[10017]: Compression > disabled by peer. > > > > Jun 21 02:01:35 bnyatalie pppd[10017]: LCP terminated by peer > > > > Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Error with > > > select(), quitting > > > > Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Client > > > 24.162.230.141 control > > > > connection finished > > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Modem hangup > > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Connection terminated. > > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Connect time 3.0 minutes. > > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Sent 1114 bytes, > > > received 18023 > > > > bytes. > > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Exit. > > > > > > > > everything at 01:58 is when it first connects, the stuff at > > > 02:01 is when i > > > > finally killed the dialup networking connection from W98. > > > > > > > > Any clues why the W98 box can ping the poptop server, but > > > nothing else on > > > > the internal network?? > > > > > > > > Thanks much!! > > > > Brian > > > > > > > > Brian R. Aust > > > > Manager of Information Technology > > > > Health Decisions, Inc. > > > > 1512 East Franklin St. Suite 200 > > > > Chapel Hill, NC 27514 > > > > 919.967.2399 x247 > > > > baust at healthdec.com > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > > > > > -------------------------- > > > Scott M. Stone, CCNA > > > UNIX Systems and Network Engineer > > > Taos - The SysAdmin Company > > > > > > > > > -------------------------- > Scott M. Stone, CCNA > UNIX Systems and Network Engineer > Taos - The SysAdmin Company > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From sstone at taos.com Wed Jun 21 18:32:12 2000 From: sstone at taos.com (Scott M. Stone) Date: Wed, 21 Jun 2000 16:32:12 -0700 (PDT) Subject: [pptp-server] W98 client can only ping poptop server In-Reply-To: Message-ID: On Wed, 21 Jun 2000, Brian Aust wrote: > IP forwarding enabled on the NT FW-1 box, or IP forwarding enabled on the > poptop server?? If on poptop server, where exactly is this located? both. on poptop server you would: echo 1 > /proc/sys/net/ipv4/ip_forward > > With that info, I can give it a whirl and see what happens! > > Cheers! > Brian > > Brian R. Aust > Manager of Information Technology > Health Decisions, Inc. > 1512 East Franklin St. Suite 200 > Chapel Hill, NC 27514 > 919.967.2399 x247 > baust at healthdec.com > > > > -----Original Message----- > > From: Scott M. Stone [mailto:sstone at taos.com] > > Sent: Wednesday, June 21, 2000 7:00 PM > > To: Brian Aust > > Cc: 'pptp-server at lists.schulte.org' > > Subject: RE: [pptp-server] W98 client can only ping poptop server > > > > > > On Wed, 21 Jun 2000, Brian Aust wrote: > > > > > No... no ipchains, yet.... > > > > > > I have a CHeckpoint FW-1 firewall on an NT box, and the > > poptop server is > > > 10.1.1.69, NAT'd to a real external address. So the poptop > > server is just > > > another internal server here at the company. But FW-1 has > > it NAT'd to a > > > real external IP, and i've set up a rule in FW-1 to allow > > ANY AND ALL > > > traffic in to and out from the poptop server. > > > > > > Does this shed any new light onto things? > > > > hm, make sure the clients are setting their gateway to point > > at the poptop > > server, then, and that ip forwarding is enabled on the server... > > > > > > > > Brian R. Aust > > > Manager of Information Technology > > > Health Decisions, Inc. > > > 1512 East Franklin St. Suite 200 > > > Chapel Hill, NC 27514 > > > 919.967.2399 x247 > > > baust at healthdec.com > > > > > > > > > > -----Original Message----- > > > > From: Scott M. Stone [mailto:sstone at taos.com] > > > > Sent: Wednesday, June 21, 2000 6:51 PM > > > > To: Brian Aust > > > > Cc: 'pptp-server at lists.schulte.org' > > > > Subject: Re: [pptp-server] W98 client can only ping poptop server > > > > > > > > > > > > On Wed, 21 Jun 2000, Brian Aust wrote: > > > > > > > > > Hey guys... > > > > > > > > > > After finally trashing all of my W98SE dial up networking > > > > software and > > > > > reinstalling all of it from CD and then applying the > > > > 128-bit DUN upgrade, > > > > > the W98 now successfully connects to my Linux Poptop server > > > > without errors. > > > > > Bear in mind this is just clear, no authentication. > > > > > > > > > > However... it comes close, but not quite. Turns out that > > > > it can ONLY ping > > > > > the internal address of the Poptop server (10.1.1.69), and > > > > nothing else. > > > > > There are lots of other machines on our 10.x.x.x network, > > > > but the W98 box > > > > > can't ping them. it can't ping 10.1.1.2 (DNS and WINS > > > > server) or anything. > > > > > > > > you're using ipchains, right? > > > > > > > > you have to specifically allow conduits from your pptp client > > > > ip addrs to > > > > the rest of your subnet, since you're spanning multiple > > interfaces. > > > > > > > > > > > > > > Here's the layout again: > > > > > > > > > > Server: RHAT6.2, PPTPD 1.0.0 tarball install > > > > Client: W98SE > > > > > with 128-bit DUN upgrade... only TCP/IP selected, gets > > > > all addresses from > > > > > server > > > > > > > > > > /etc/ppp/options file: > > > > > lock > > > > > ms-dns 10.1.1.2 > > > > > ms-wins 10.1.1.2 > > > > > domain healthdec.com > > > > > proxyarp > > > > > name bnyatalie.healthdec.com > > > > > debug > > > > > auth > > > > > require-chap > > > > > > > > > > /etc/ppp/chap-secrets file: > > > > > baust * bpass * > > > > (I've also put the > > > > > name of the poptop server in place of the "*"s in the 2nd > > > > area, in the past) > > > > > jdoe * jpass * > > > > > > > > > > /etc/pptpd.conf file: > > > > > speed 115200 > > > > > debug > > > > > localip 10.1.1.69 #this is the address of the poptop server > > > > > remoteip 10.1.1.96-99 #the four addresses i have set > > > > aside for W98 clients > > > > > > > > > > > > > > > and finally, the /var/log/messages file when the W98 > > box connects: > > > > > Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Client > > > > 24.162.230.141 control > > > > > connection started > > > > > Jun 21 01:58:39 bnyatalie pptpd[10016]: CTRL: Starting call > > > > (launching pppd, > > > > > opening GRE) > > > > > Jun 21 01:58:39 bnyatalie pppd[10017]: pppd 2.3.11 started > > > > by root, uid 0 > > > > > Jun 21 01:58:39 bnyatalie pppd[10017]: Using interface ppp0 > > > > > Jun 21 01:58:39 bnyatalie pppd[10017]: Connect: ppp0 > > <--> /dev/pts/2 > > > > > Jun 21 01:58:39 bnyatalie pppd[10017]: CHAP peer > > > > authentication succeeded > > > > > for baust > > > > > Jun 21 01:58:40 bnyatalie pppd[10017]: found interface eth0 > > > > for proxy arp > > > > > Jun 21 01:58:40 bnyatalie pppd[10017]: local IP > > address 10.1.1.69 > > > > > Jun 21 01:58:40 bnyatalie pppd[10017]: remote IP > > address 10.1.1.97 > > > > > Jun 21 01:58:40 bnyatalie pppd[10017]: CCP terminated by peer > > > > > Jun 21 01:58:40 bnyatalie pppd[10017]: Compression > > disabled by peer. > > > > > Jun 21 02:01:35 bnyatalie pppd[10017]: LCP terminated by peer > > > > > Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Error with > > > > select(), quitting > > > > > Jun 21 02:01:36 bnyatalie pptpd[10016]: CTRL: Client > > > > 24.162.230.141 control > > > > > connection finished > > > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Modem hangup > > > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Connection terminated. > > > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Connect time 3.0 minutes. > > > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Sent 1114 bytes, > > > > received 18023 > > > > > bytes. > > > > > Jun 21 02:01:36 bnyatalie pppd[10017]: Exit. > > > > > > > > > > everything at 01:58 is when it first connects, the stuff at > > > > 02:01 is when i > > > > > finally killed the dialup networking connection from W98. > > > > > > > > > > Any clues why the W98 box can ping the poptop server, but > > > > nothing else on > > > > > the internal network?? > > > > > > > > > > Thanks much!! > > > > > Brian > > > > > > > > > > Brian R. Aust > > > > > Manager of Information Technology > > > > > Health Decisions, Inc. > > > > > 1512 East Franklin St. Suite 200 > > > > > Chapel Hill, NC 27514 > > > > > 919.967.2399 x247 > > > > > baust at healthdec.com > > > > > > > > > > _______________________________________________ > > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > > > > > > > > > -------------------------- > > > > Scott M. Stone, CCNA > > > > UNIX Systems and Network Engineer > > > > Taos - The SysAdmin Company > > > > > > > > > > > > > > -------------------------- > > Scott M. Stone, CCNA > > UNIX Systems and Network Engineer > > Taos - The SysAdmin Company > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From BAust at healthdec.com Wed Jun 21 23:01:45 2000 From: BAust at healthdec.com (Brian Aust) Date: Thu, 22 Jun 2000 00:01:45 -0400 Subject: [pptp-server] W98 client can only ping poptop server Message-ID: You hit it right on the head of the nail, Scott -- turning on IP forwarding on the poptop server solved a slew of problems -- pinging all the other internal machines, DNS, WINS, the whole deal. Thank you!! Now just need to figure out what the heck is wrong with W98SE. 4 out of 5 times it hangs on the Verifying Username/Password part... and the only way to fix it is to uninstall W98 DUN, reinstall W98 DUN, and add the 128-bit DUN upgrade patch. But then the next day it doesn't work, and a full un- and re-install is in order. I'll need to test from an NT box or something cuz i'll bet W98SE is just flaky or something. Thanks again Scott! Onwards to encryption! :-) Cheers, Brian Aust -----Original Message----- From: Scott M. Stone To: Brian Aust Cc: 'pptp-server at lists.schulte.org' Sent: 6/21/00 7:32 PM Subject: RE: [pptp-server] W98 client can only ping poptop server On Wed, 21 Jun 2000, Brian Aust wrote: > IP forwarding enabled on the NT FW-1 box, or IP forwarding enabled on the > poptop server?? If on poptop server, where exactly is this located? both. on poptop server you would: echo 1 > /proc/sys/net/ipv4/ip_forward From sstone at taos.com Wed Jun 21 23:30:56 2000 From: sstone at taos.com (Scott M. Stone) Date: Wed, 21 Jun 2000 21:30:56 -0700 (PDT) Subject: [pptp-server] W98 client can only ping poptop server In-Reply-To: Message-ID: On Thu, 22 Jun 2000, Brian Aust wrote: > You hit it right on the head of the nail, Scott -- turning on IP forwarding > on the poptop server solved a slew of problems -- pinging all the other > internal machines, DNS, WINS, the whole deal. Thank you!! > > Now just need to figure out what the heck is wrong with W98SE. 4 out of 5 > times it hangs on the Verifying Username/Password part... and the only way > to fix it is to uninstall W98 DUN, reinstall W98 DUN, and add the 128-bit > DUN upgrade patch. But then the next day it doesn't work, and a full un- > and re-install is in order. I'll need to test from an NT box or something > cuz i'll bet W98SE is just flaky or something. could be. I'm trying to get this Shiva VPN client working on my 98SE box so I can talk to the machines at work, and it keeps telling me "Virtual Adapter Initialization Failed(2)". The VPN people at work just say, "umm.. try rebooting?"... I have tried rebooting..sigh.. > > Thanks again Scott! Onwards to encryption! :-) > > Cheers, > Brian Aust > > -----Original Message----- > From: Scott M. Stone > To: Brian Aust > Cc: 'pptp-server at lists.schulte.org' > Sent: 6/21/00 7:32 PM > Subject: RE: [pptp-server] W98 client can only ping poptop server > > On Wed, 21 Jun 2000, Brian Aust wrote: > > > IP forwarding enabled on the NT FW-1 box, or IP forwarding enabled on > the > > poptop server?? If on poptop server, where exactly is this located? > > both. > > on poptop server you would: > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From icox at pinc.com Thu Jun 22 00:04:34 2000 From: icox at pinc.com (Iain Cox) Date: Wed, 21 Jun 2000 22:04:34 -0700 Subject: [pptp-server] ppp_mppe - unresolved symbol RC4_set_key Message-ID: <39519E62.49302FE1@pinc.com> I have the same problem as Jean Paul Chavant...clients connect ok without crypto, but fails when trying to connect with encryption enabled. (exact same errors as in his post today) 'insmod ppp_mppe' returns "unresolved symbol RC4_set_key" Also, in syslog I get "insmod: /lib/modules/2.2.xx/net/ppp_mppe.o: unresolved symbol RC4_set_key" Any ideas? pptpd v1.0.0 (rpm) with ppp2.3.10(mppe patched) and SSLeay0.9.0b on redhat 2.2.12 Thanks in advance, Iain From klussier at mclinux.com Thu Jun 22 07:57:43 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Thu, 22 Jun 2000 08:57:43 -0400 Subject: [pptp-server] DNS/WINS/Gateway Message-ID: <39520D47.8B81BB28@mclinux.com> All, I can connect to my pptp server with a Windows box with out issue, and I get get at all of the resources that I need. The only problem is that I can only do so by IP address. For some reason, I'm not getting DNS or WINS settings, and the gateway is being assigned as the remote-host IP. Now, I'm sure that this is just something small that I overlooked, but any help would be appriciated. Also, will the ms-dns and line in the /etc/ppp/options files hand out dns settings to a Linux pptp client as well? Below are my configs. TIA, Kenny -- Kenny Lussier Systems Administrator Mission Critical Linux /etc/ppp/options: lock debug kdebug 1 ms-dns 10.1.0.24 ms-wins 10.1.0.20 netmask 255.255.255.0 proxyarp nodeflate auth mppe-128 mppe-stateless +chapms-v2 defaultroute /etc/pptpd.conf: debug speed 115200 localip 10.100.0.2-10 remoteip 10.100.0.11-100 From matthew.pearson at infomatrix.ltd.uk Thu Jun 22 08:32:30 2000 From: matthew.pearson at infomatrix.ltd.uk (Matthew Pearson) Date: Thu, 22 Jun 2000 14:32:30 +0100 Subject: [pptp-server] Win 98 - error 720 - could not negotiate a compatible set of protocols Message-ID: I had pptpd working fine until I tried to add in authentication and encryption. I could make a connection via the internet to my pptpd or alternatively I could do it via my Ethernet. Now I have recompiled the kernel with support for MSCHAP, I can't get any pptp connection going. Here is my pptp log file: Jun 22 14:22:16 homer pptpd[287]: MGR: Max connections reached, extra IP addresses ignored Jun 22 14:22:16 homer pptpd[288]: MGR: Manager process started Jun 22 14:22:48 homer pptpd[291]: MGR: Launching /usr/sbin/pptpctrl to handle client Jun 22 14:22:48 homer pptpd[291]: CTRL: local address = 192.168.2.5 Jun 22 14:22:48 homer pptpd[291]: CTRL: remote address = 192.168.3.1 Jun 22 14:22:48 homer pptpd[291]: CTRL: pppd speed = 115200 Jun 22 14:22:48 homer pptpd[291]: CTRL: pppd options file = /etc/ppp/pptpd.options Jun 22 14:22:48 homer pptpd[291]: CTRL: Client 192.168.1.37 control connection started Jun 22 14:22:48 homer pptpd[291]: CTRL: Received PPTP Control Message (type: 1) Jun 22 14:22:48 homer pptpd[291]: CTRL: Made a START CTRL CONN RPLY packet Jun 22 14:22:48 homer pptpd[291]: CTRL: I wrote 156 bytes to the client. Jun 22 14:22:48 homer pptpd[291]: CTRL: Sent packet to client Jun 22 14:22:48 homer pptpd[291]: CTRL: Received PPTP Control Message (type: 7) Jun 22 14:22:48 homer pptpd[291]: CTRL: Set parameters to 0 maxbps, 16 window size Jun 22 14:22:48 homer pptpd[291]: CTRL: Made a OUT CALL RPLY packet Jun 22 14:22:48 homer pptpd[291]: CTRL: Starting call (launching pppd, opening GRE) Jun 22 14:22:48 homer pptpd[291]: CTRL: pty_fd = 5 Jun 22 14:22:48 homer pptpd[291]: CTRL: tty_fd = 6 Jun 22 14:22:48 homer pptpd[288]: MGR: Reaped child 291 Jun 22 14:22:48 homer pptpd[291]: CTRL: I wrote 32 bytes to the client. Jun 22 14:22:48 homer pptpd[291]: CTRL: Sent packet to client Jun 22 14:22:48 homer pptpd[292]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 22 14:22:48 homer pptpd[292]: CTRL (PPPD Launcher): local address = 192.168.2.5 Jun 22 14:22:48 homer pptpd[292]: CTRL (PPPD Launcher): remote address = 192.168.3.1 Jun 22 14:22:48 homer pptpd[291]: CTRL: Received PPTP Control Message (type: 12) Jun 22 14:22:48 homer pptpd[291]: CTRL: Made a CALL DISCONNECT RPLY packet Jun 22 14:22:48 homer pptpd[291]: CTRL: Received CALL CLR request (closing call) Jun 22 14:22:48 homer pptpd[291]: CTRL: I wrote 148 bytes to the client. Jun 22 14:22:48 homer pptpd[291]: CTRL: Sent packet to client Jun 22 14:22:48 homer pptpd[291]: CTRL: Error with select(), quitting Jun 22 14:22:48 homer pptpd[291]: CTRL: Client 192.168.1.37 control connection finished Jun 22 14:22:48 homer pptpd[291]: CTRL: Exiting now my pptp.options file debug name infomatrix.londonweb.net auth proxyarp ms-wins 192.168.1.200 ms-dns 192.168.1.200 +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless and my pptpd.conf file ############################################################################ #### # # Sample PoPToP configuration file # # for PoPToP version 1.0.0 # ############################################################################ #### # TAG: speed # # Specifies the speed for the PPP daemon to talk at. # Some PPP daemons will ignore this value. # speed 115200 # TAG: option # # Specifies the location of the PPP options file. # By default PPP looks in '/etc/ppp/options' # option /etc/ppp/pptpd.options # TAG: debug # # Turns on (more) debugging to syslog. # debug # TAG: localip # TAG: remoteip # # Specifies the local and remote IP address ranges. # # You can specify single IP addresses seperated by commas or you can # specify ranges, or both. For example: # # 192.168.0.234,192.168.0.245-249,192.168.0.254 # # IMPORTANT RESTRICTIONS: # # 1. No spaces are permitted between commas or within addresses. # # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, # you must type 234-238 if you mean this. # # 4. If you give a single localIP, that's ok - all local IPs will # be set to the given one. You MUST still give at least one remote # IP for each simultaneous client. # localip 192.168.2.5 remoteip 192.168.3.1-254 # TAG: ipxnets # # This gives the range of IPX networks to allocate to clients. By # default IPX network number allocation is not handled internally. # By putting a low and high network number here a pool of IPX networks # can be defined. If this is done then there must be one IPX network # per client. # # The format is a pair of hex numbers without any 0x prefix separated # by a hyphen. # #ipxnets 00001000-00001FFF # TAG: listen # # Defines the IP address of the local interface on which pptpd # should listen for connections. The default is to listen on all # local interfaces (even ones brought up by pptp connections, thus # permitting pptp tunnels inside the pptp tunnels). # #listen 192.168.0.1 # TAG: pidfile # # This defines the file name in which pptpd should store its process # ID (or pid). The default is /var/run/pptpd.pid. # #pidfile /var/run/pptpd.pid ppp still works fine for my dial up link to the Internet but I get error 720 whenever I try to connect from my Win 98 machine via the LAN. I get the same message using Win 98 on aa different machine via the Internet. I've had a look through the archives and couldn't sort it out. Please can someone help? Matt Pearson mailto://matthew.pearson at infomatrix.ltd.uk http://www.infomatrix.ltd.uk/ From BAust at healthdec.com Thu Jun 22 08:39:02 2000 From: BAust at healthdec.com (Brian Aust) Date: Thu, 22 Jun 2000 09:39:02 -0400 Subject: [pptp-server] DNS/WINS/Gateway Message-ID: Hmmm... well, the only thing i can say is that this looks suspicious: localip 10.100.0.2-10 remoteip 10.100.0.11-100 This means that your REMOTE CLIENTS will be receiving .11 thru .100, and yet you've specified your WINS and DNS servers to be: ms-dns 10.1.0.24 ms-wins 10.1.0.20, which fall in that .11 - .100 range. So it seems to me like the local and remote ip's are mixed up. Maybe not. But i don't see how the DNS and WINS servers could be the remote roving clients -- wouldn't those have to be in the localip set on your LAN? That's my initial observation... Brian -----Original Message----- From: Kenneth E. Lussier To: 'pptp-server at lists.schulte.org' Sent: 6/22/00 8:57 AM Subject: [pptp-server] DNS/WINS/Gateway All, I can connect to my pptp server with a Windows box with out issue, and I get get at all of the resources that I need. The only problem is that I can only do so by IP address. For some reason, I'm not getting DNS or WINS settings, and the gateway is being assigned as the remote-host IP. Now, I'm sure that this is just something small that I overlooked, but any help would be appriciated. Also, will the ms-dns and line in the /etc/ppp/options files hand out dns settings to a Linux pptp client as well? Below are my configs. TIA, Kenny -- Kenny Lussier Systems Administrator Mission Critical Linux /etc/ppp/options: lock debug kdebug 1 ms-dns 10.1.0.24 ms-wins 10.1.0.20 netmask 255.255.255.0 proxyarp nodeflate auth mppe-128 mppe-stateless +chapms-v2 defaultroute /etc/pptpd.conf: debug speed 115200 localip 10.100.0.2-10 remoteip 10.100.0.11-100 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From klussier at mclinux.com Thu Jun 22 08:48:06 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Thu, 22 Jun 2000 09:48:06 -0400 Subject: [pptp-server] DNS/WINS/Gateway References: Message-ID: <39521915.36CB52AE@mclinux.com> They're on totally different subnets. The remote hosts are on 10.100.0.0/16 and the DNS and WINS servers are on 10.1.0.0/16. Kenny -- Kenny Lussier Systems Administrator Mission Critical Linux Brian Aust wrote: > > Hmmm... well, the only thing i can say is that this looks suspicious: > > localip 10.100.0.2-10 > remoteip 10.100.0.11-100 > > This means that your REMOTE CLIENTS will be receiving .11 thru .100, and yet > you've specified your WINS and DNS servers to be: > > ms-dns 10.1.0.24 > ms-wins 10.1.0.20, which fall in that .11 - .100 range. > > So it seems to me like the local and remote ip's are mixed up. Maybe not. > But i don't see how the DNS and WINS servers could be the remote roving > clients -- wouldn't those have to be in the localip set on your LAN? > > That's my initial observation... > > Brian > > -----Original Message----- > From: Kenneth E. Lussier > To: 'pptp-server at lists.schulte.org' > Sent: 6/22/00 8:57 AM > Subject: [pptp-server] DNS/WINS/Gateway > > All, > I can connect to my pptp server with a Windows box with out > issue, and > I get get at all of the resources that I need. The only problem is that > I can only do so by IP address. For some reason, I'm not getting DNS or > WINS settings, and the gateway is being assigned as the remote-host IP. > Now, I'm sure that this is just something small that I overlooked, but > any help would be appriciated. Also, will the ms-dns and line in the > /etc/ppp/options files hand out dns settings to a Linux pptp client as > well? Below are my configs. > TIA, > Kenny > > -- > Kenny Lussier > Systems Administrator > Mission Critical Linux > > /etc/ppp/options: > lock > debug > kdebug 1 > ms-dns 10.1.0.24 > ms-wins 10.1.0.20 > netmask 255.255.255.0 > proxyarp > nodeflate > auth > mppe-128 > mppe-stateless > +chapms-v2 > defaultroute > > /etc/pptpd.conf: > debug > speed 115200 > localip 10.100.0.2-10 > remoteip 10.100.0.11-100 > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jp.chavant at geosys.fr Thu Jun 22 09:07:48 2000 From: jp.chavant at geosys.fr (Jean-Paul Chavant) Date: Thu, 22 Jun 2000 16:07:48 +0200 Subject: [pptp-server] problem of authentification ... Message-ID: <00b701bfdc53$3f2a5b40$6503a8c0@pcjpc> hello, my first problem was the encryption problem. I pass through using ppp-2.3.11 and the patch and openssl-0.9.5a. But now when i connect my Win95 i get an error : Error 629: you have been disconnected from the computer you dialed... in pptp.log i have this error : Jun 22 16:01:35 apollon pptpd[7949]: MGR: Launching /usr/sbin/pptpctrl to handle client Jun 22 16:01:35 apollon pptpd[7949]: CTRL: local address = 192.168.0.245 Jun 22 16:01:35 apollon pptpd[7949]: CTRL: remote address = 192.168.0.234 Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Client 192.168.3.101 control connection started Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Received PPTP Control Message (type: 1) Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Made a START CTRL CONN RPLY packet Jun 22 16:01:35 apollon pptpd[7949]: CTRL: I wrote 156 bytes to the client. Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Sent packet to client Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Received PPTP Control Message (type: 7) Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Set parameters to 0 maxbps, 16 window size Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Made a OUT CALL RPLY packet Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Starting call (launching pppd, opening GRE) Jun 22 16:01:35 apollon pptpd[7949]: CTRL: pty_fd = 4 Jun 22 16:01:35 apollon pptpd[7949]: CTRL: tty_fd = 5 Jun 22 16:01:35 apollon pptpd[7949]: CTRL: I wrote 32 bytes to the client. Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Sent packet to client Jun 22 16:01:35 apollon pptpd[7950]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 22 16:01:35 apollon pptpd[7950]: CTRL (PPPD Launcher): local address = 192.168.0.245 Jun 22 16:01:35 apollon pptpd[7950]: CTRL (PPPD Launcher): remote address = 192.168.0.234 *** Jun 22 16:01:35 apollon pppd[7950]: In file /etc/ppp/options: unrecognized option '+chapms' *** Jun 22 16:01:35 apollon pptpd[7949]: GRE: read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Erreur d'entr?e/sortie Jun 22 16:01:35 apollon pptpd[7949]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Client 192.168.3.101 control connection finished Jun 22 16:01:35 apollon pptpd[7949]: CTRL: Exiting now it appears that ppp2.3.11 don't recognize the option +chapms in /etc/ppp/options ... :( i ve forget to do something or thereis another problem ? Jean-Paul _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From jp.chavant at geosys.fr Thu Jun 22 10:30:33 2000 From: jp.chavant at geosys.fr (Jean-Paul Chavant) Date: Thu, 22 Jun 2000 17:30:33 +0200 Subject: [pptp-server] unresolved symbol Message-ID: <00be01bfdc5e$ce662360$6503a8c0@pcjpc> hello, why in this howto http://www.moretonbay.com/vpn/releases/PoPToP-RedHat-HOWTO.txt i have to do this : Comment out or delete the reference to rc4_skey.c in /usr/src/redhat/SOURCES/ppp-2.3.10/linux/ppp_mppe.c if i do this, when i do depmod -a i have an error : /lib/modules/2.2.14-15mdk/net/ppp_mppe.o: unresolved symbol(s) the modprobe ppp; insmod /lib/modules/2.2.14-15mdk/net/ppp_mppe.o command give me : /lib/modules/2.2.14-15mdk/net/ppp_mppe.o: unresolved symbol RC4_set_key whereis the problem ??? (ppp-2.3.110 with openssl-0.9.5a and patched on linux 2.2.14) Also i have constated that if i use openssl library i can connect my client (/usr/sbin/pppd: In file /etc/ppp/options: unrecognized option '+chapms') ... is there a way to make PoPToP working with chapms-v2 and 128 bits encryption ??? i don't know what to do ... :( Jean-Paul _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From klussier at mclinux.com Thu Jun 22 10:58:48 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Thu, 22 Jun 2000 11:58:48 -0400 Subject: [pptp-server] unresolved symbol References: <00be01bfdc5e$ce662360$6503a8c0@pcjpc> Message-ID: <395237B8.4334033E@mclinux.com> Because what they forgot to say was that you also have to remove it from /usr/src/linux/drivers/net/ppp_mppe.c. Kenny -- Kenny Lussier Systems Administrator Mission Critical Linux Jean-Paul Chavant wrote: > > hello, > > why in this howto > http://www.moretonbay.com/vpn/releases/PoPToP-RedHat-HOWTO.txt > i have to do this : > > Comment out or delete the reference to rc4_skey.c in > /usr/src/redhat/SOURCES/ppp-2.3.10/linux/ppp_mppe.c > > if i do this, when i do depmod -a i have an error : > > /lib/modules/2.2.14-15mdk/net/ppp_mppe.o: unresolved symbol(s) > > the modprobe ppp; insmod /lib/modules/2.2.14-15mdk/net/ppp_mppe.o command > give me : > > /lib/modules/2.2.14-15mdk/net/ppp_mppe.o: unresolved symbol RC4_set_key > > whereis the problem ??? > > (ppp-2.3.110 with openssl-0.9.5a and patched on linux 2.2.14) > > Also i have constated that if i use openssl library i can connect my client > (/usr/sbin/pppd: In file /etc/ppp/options: unrecognized option '+chapms') > ... > > is there a way to make PoPToP working with chapms-v2 and 128 bits encryption > ??? > > i don't know what to do ... :( > > Jean-Paul > > _-----_ GEOSYS SA - Service Informatique > (_/ \_) T?l.: (0) 5 62 47 80 75 > (_____) \/\/\___ http://www.geosys.fr/ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From smahmood at tekdigitel.com Thu Jun 22 11:09:30 2000 From: smahmood at tekdigitel.com (Shahid Mahmood) Date: Thu, 22 Jun 2000 12:09:30 -0400 Subject: [pptp-server] "No domain controller was found to validate your password." Message-ID: <4.3.2.7.0.20000622120838.00abda70@mail.alum.rpi.edu> Office: PopTop running on m/c with 2 ethernet cards (64.x.x.x and 192.168.1.1) File server "NT_SERVER" on private LAN (192.168.1.2) smb server "linux-server" + wins support on 192.168.1.1 (same m/c as poptop). /etc/ppp/options has ms-wins 192.168.1.1 Home: Win 98 SE PC lmhosts file has a line 192.168.1.2 NT_SERVER #PRE #DOM:atc-group WORKGROUP = atc-group I connect to Internet, fire up VPN get connected to office LAN at "Logging on to Network" dilaog, I get "No domain controller was found to validate your password". It happens 9 out of ten times. Sometimes it "DOES" find the N_SERVER for login, but the startup scripts (kick32.exe or something) either takes toooo long to finish or crashes the client PC. This works: The shares from "linux-server" (the samba on poptop m/c) are connected ok. (i can mount directories etc). These dont require NT for login authorizarion. I can browse the network and see all NT file servers, but cannot write to any of them (becuz i never logged in). I can ping all PC in office LAN. *HELP* !!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel at unity.f9.co.uk Thu Jun 22 14:33:42 2000 From: daniel at unity.f9.co.uk (Daniel Slatford) Date: Thu, 22 Jun 2000 20:33:42 +0100 Subject: [pptp-server] PTY read or GRE write failure Message-ID: <000001bfdc80$c60e1700$0301a8c0@thehoneycomb.net> Greetings all, Anybody able to shed any light on whats going on here? Trying to get a basic pptp server running for doze 98SE client, running pptpd 1.0.0, pppd 2.3.11 and kernel 2.2.16, SuSE 6.4 box. The box it's running on is a masq box for my home LAN. Can establish a connection momentarially from windows, but it immediately disconnects. Logfile thus: pptpd[1144]: MGR: Launching /usr/local/sbin/pptpctrl to handle client pptpd[1144]: CTRL: local address = 192.168.1.100 pptpd[1144]: CTRL: remote address = 192.168.1.234 pptpd[1144]: CTRL: pppd speed = 115200 pptpd[1144]: CTRL: pppd options file = /etc/ppp/options.pptp pptpd[1144]: CTRL: Client 213.48.114.184 control connection started pptpd[1144]: CTRL: Received PPTP Control Message (type: 1) pptpd[1144]: CTRL: Made a START CTRL CONN RPLY packet pptpd[1144]: CTRL: I wrote 156 bytes to the client. pptpd[1144]: CTRL: Sent packet to client pptpd[1144]: CTRL: Received PPTP Control Message (type: 7) pptpd[1144]: CTRL: Set parameters to 0 maxbps, 16 window size pptpd[1144]: CTRL: Made a OUT CALL RPLY packet pptpd[1144]: CTRL: Starting call (launching pppd, opening GRE) pptpd[1144]: CTRL: pty_fd = 5 pptpd[1144]: CTRL: tty_fd = 6 pptpd[1145]: CTRL (PPPD Launcher): Connection speed = 115200 pptpd[1145]: CTRL (PPPD Launcher): local address = 192.168.1.100 pptpd[1145]: CTRL (PPPD Launcher): remote address = 192.168.1.234 pptpd[1144]: CTRL: I wrote 32 bytes to the client. pptpd[1144]: CTRL: Sent packet to client pptpd[1144]: GRE: read(fd=5,buffer=804dac0,len=8196) from PTY failed: status = -1 error = Input/output error pptpd[1144]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) pptpd[1144]: CTRL: Client 213.48.114.184 control connection finished pptpd[1144]: CTRL: Exiting now pptpd[1099]: MGR: Reaped child 1144 As I can't even seem to get this bit working I've not tried recompiling pppd with appropiate encryption patches yet. The seperate pppd options file /etc/ppp/options.pptp is necessary because I also have to use pppd to dial into my ISP, the two configurations conflict. Even tho there's a seperate instance of pppd running each with its own config file, would that cause a problem for pptpd? I'm not 100% sure either if the localip should be any free IP address on the subnet (which it is in the above example) or the address of an existing interface, ie eth0. I always thought it was the former reading the pptpd docs, however I've been playing with seawall firewall script lately and that tells me the latter. (either way, it doesn't work, and using my old (basic) ipchains script still produced the same problem). ** Also, assuming I manage to clear up this problem - what, in the opinion of people far more experianced with pptpd than I, is the feasability of using poptop on a corporate LAN? In our office (A job I've just started - they're all NT based, eurgh) we plan to have a leased line installed, and need a firewall/VPN solution. Currently we have neither, just an MS proxy server, *gulp*. As my experiance with poptop is so far less than impressive (but I still have faith in it!) is it up to the task of serving, say, up to a dozen concurrent connections reliably? (it's this requirement that introduced me to poptop to begin with, then I realised as sometimes travel about a bit how cool it'd be to have a VPN link to my home lan :) -- Dan Slatford ------------------------------------------------- Email: daniel at unity.f9.co.uk Mobile: 07787 778186 URL : http://www.unity.f9.co.uk ICQ: 12576446 ------------------------------------------------- From neale at lowendale.com.au Thu Jun 22 16:25:29 2000 From: neale at lowendale.com.au (Neale Banks) Date: Fri, 23 Jun 2000 07:25:29 +1000 (EST) Subject: [pptp-server] PTY read or GRE write failure In-Reply-To: <000001bfdc80$c60e1700$0301a8c0@thehoneycomb.net> Message-ID: On Thu, 22 Jun 2000, Daniel Slatford wrote: > Greetings all, > > Anybody able to shed any light on whats going on here? Trying to get a basic > pptp server running for doze 98SE client, running pptpd 1.0.0, pppd 2.3.11 > and kernel 2.2.16, SuSE 6.4 box. The box it's running on is a masq box for > my home LAN. > > Can establish a connection momentarially from windows, but it immediately > disconnects. Logfile thus: [snip] > > As I can't even seem to get this bit working I've not tried recompiling pppd > with appropiate encryption patches yet. > > The seperate pppd options file /etc/ppp/options.pptp is necessary because I > also have to use pppd to dial into my ISP, the two configurations conflict. > Even tho there's a seperate instance of pppd running each with its own > config file, would that cause a problem for pptpd? "should" be OK. You might coax some useful information from ppp if you include "debug" in the pppd options (e.g. maybe the caller is using the MS-style DOMAIN\\user?). [...] > Also, assuming I manage to clear up this problem - what, in the opinion of > people far more experianced with pptpd than I, is the feasability of using > poptop on a corporate LAN? In our office (A job I've just started - they're > all NT based, eurgh) we plan to have a leased line installed, and need a > firewall/VPN solution. Currently we have neither, just an MS proxy server, > *gulp*. As my experiance with poptop is so far less than impressive (but I > still have faith in it!) is it up to the task of serving, say, up to a dozen > concurrent connections reliably? IIRC, others here reported success with these kinds of numbers and there has been the occasional speculation on how to run many more than this. > (it's this requirement that introduced me > to poptop to begin with, then I realised as sometimes travel about a bit how > cool it'd be to have a VPN link to my home lan :) PoPToP has its place, but if you have *n*x at each end then there are other, arguably more appropriate, solutions available (e.g. vpnd). HTH, Neale. From icox at pinc.com Thu Jun 22 21:39:12 2000 From: icox at pinc.com (Iain Cox) Date: Thu, 22 Jun 2000 19:39:12 -0700 Subject: [pptp-server] *fixed* Unresolved symbol RC4_set_key Message-ID: <3952CDD0.41CAA2D3@pinc.com> Hi all, I got around the unresolved symbol error (from my post yesterday- check it out for the details) that I was getting in ppp_mppe when trying to connect clients using encryption. I ditched ppp-2.3.10 and SSLeay-0.9.0b and grabbed the ppp2.3.11 tarball and applied the ppp-2.3.11-openssl-0.9.5-mppe.patch available from ftp.binarix.com/pub/ppp-mppe/ pptp stays untouched...it was working fine! It went something like this...you may need to adjust. tar xvzf ppp-2.3.11.tar.gz cd ppp-2.3.11 patch -p1 < ppp-2.3.11-openssl-0.9.5-mppe.patch ./configure make make kernel make install cd /usr/src/linux/ make modules SUBDIRS=drivers/net make modules_install Make sure your /etc/ppp/options file is setup correctly to use encryption, check the client to make sure it is configured properly, then try the connection again. From cduffy at mvista.com Thu Jun 22 22:03:32 2000 From: cduffy at mvista.com (Charles Duffy) Date: Thu, 22 Jun 2000 20:03:32 -0700 Subject: [pptp-server] *fixed* Unresolved symbol RC4_set_key In-Reply-To: <3952CDD0.41CAA2D3@pinc.com>; from icox@pinc.com on Thu, Jun 22, 2000 at 07:39:12PM -0700 References: <3952CDD0.41CAA2D3@pinc.com> Message-ID: <20000622200332.D29766@mvista.com> On Thu, Jun 22, 2000 at 07:39:12PM -0700, Iain Cox wrote: > make kernel I'm pretty sure this is the key step. Any changes made to the files that are installed into the kernel have to be done before 'make kernel', or be done directly to the copies in the kernel source. Someone mentioned having changed some files in his ppp directory -- but without running make kernel, it becomes easy to see why thy could fail to have any effect. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From alexm at sirena.khv.ru Thu Jun 22 22:33:54 2000 From: alexm at sirena.khv.ru (=?koi8-r?B?4czFy9PFyiDtwcDLz9c=?=) Date: Fri, 23 Jun 2000 14:33:54 +1100 Subject: [pptp-server] mppe error Message-ID: <001801bfdcc3$e64ca7a0$87c7a8c0@sirena.khv.ru> Hi, all ! I'm having a some problems during the installation of "PPP with MSCHAPv2/MPPE". Then the all make-ing procedures are completed and I typing the ' insmod ppp_mppe ', I receiving the next message : "insmod : /lib/modules/2.0.36/net/ppp_mppe.o : unresolved symbol RC4_set_key". What's wrong in my actions ? With best regards, Alex Mayukoff, Russia. p.s. sorry for my poor English -------------- next part -------------- An HTML attachment was scrubbed... URL: From jp.chavant at geosys.fr Fri Jun 23 05:37:13 2000 From: jp.chavant at geosys.fr (Jean-Paul Chavant) Date: Fri, 23 Jun 2000 12:37:13 +0200 Subject: [pptp-server] *fixed* Unresolved symbol RC4_set_key In-Reply-To: <3952CDD0.41CAA2D3@pinc.com> Message-ID: <008501bfdcfe$fe44f840$6503a8c0@pcjpc> hello, i resolve my problem using ppp2.3.11 tarball with ppp-2.3.11-openssl-0.9.5-mppe.patch and openssl-0.9.5a. It works with no encryption !!! BUT :( I want to use encryption ! And it doesn't work ... if i use encryption with my /etc/ppp/options file : lock debug auth +chap proxyarp +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless i ve an error on my client (629) and in the pptp.log file this one : /usr/sbin/pppd: In file /etc/ppp/options: unrecognized option '+chapms' whereis my problem ? i m not able to find it ... :( JP > > > Hi all, > > I got around the unresolved symbol error (from my post yesterday- check > it out for the details) that I was getting in ppp_mppe when trying to > connect clients using encryption. I ditched ppp-2.3.10 and > SSLeay-0.9.0b > and grabbed the ppp2.3.11 tarball and applied the > ppp-2.3.11-openssl-0.9.5-mppe.patch available from > ftp.binarix.com/pub/ppp-mppe/ > pptp stays untouched...it was working fine! > > It went something like this...you may need to adjust. > > tar xvzf ppp-2.3.11.tar.gz > cd ppp-2.3.11 > patch -p1 < ppp-2.3.11-openssl-0.9.5-mppe.patch > ./configure > make > make kernel > make install > > cd /usr/src/linux/ > make modules SUBDIRS=drivers/net > make modules_install > > Make sure your /etc/ppp/options file is setup correctly to use > encryption, check the client to make sure it is configured properly, > then try the connection again. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From giulioo at pobox.com Fri Jun 23 06:21:22 2000 From: giulioo at pobox.com (Giulio Orsero) Date: Fri, 23 Jun 2000 13:21:22 +0200 Subject: [pptp-server] *fixed* Unresolved symbol RC4_set_key In-Reply-To: <008501bfdcfe$fe44f840$6503a8c0@pcjpc> References: <3952CDD0.41CAA2D3@pinc.com> <008501bfdcfe$fe44f840$6503a8c0@pcjpc> Message-ID: <20000623112434.4DEFE2AE80@i3.golden.dom> On Fri, 23 Jun 2000 12:37:13 +0200, you wrote: >/usr/sbin/pppd: In file /etc/ppp/options: unrecognized option '+chapms' >whereis my problem ? i m not able to find it ... :( Are you sure you have installed the new (patched) pppd? -- giulioo at pobox.com From truxa at truxoft.com Fri Jun 23 08:21:57 2000 From: truxa at truxoft.com (Ivo Truxa) Date: Fri, 23 Jun 2000 15:21:57 +0200 Subject: [pptp-server] remote administration (keywords: ADSL,PPTP through PPTP,Telnet,FTP) Message-ID: Please excuse if my questions are lame, it was not my intension. I studied the FAQ, HOWTO, mail-list-archives, made a research on SE, but I am still not sure about the right replies. A remark to the list-moderator: a searchable web-interface to the archives would be VERY helpful and could save the list subscribers from many lamers like me! I want to use PPTP to securely administrate a dedicated Linux web server from my NT machine over the Internet. My questions: 1. I hope I understood well that once I build the tunnel between the remote machine and me, all the communication runs encrypted (presuming MPPE having installed on both ends). Is that correct, or is there any way some connections to the remote machine could escape from the tunnel? 2. Strangely I have not seen using Telnet through PPTP mentioned anywhere as a secure alternative to SSLTelnet, SSH and other secure shells. Is there any problem in using Telnet trough a PPTP or is there some better alternative? 3. Same for FTP. Well, I understand that installing Samba would be probably better alternative, but would FTP through PPTP still work fine (and secure)? I suppose there should be no problem, but would like to have it confirmed. 4. I am connected to the Internet through a VPN (also PPTP). I use ADSL modem that connects me to the network of my national telecom. Through a tunnel (PPTP) in their network I am connected to my ISP. How the connection to my remote web server would be made? (My remote web server is outside of the national telecom network). It seems to me that I would need to build a second tunnel (to my server) inside of the tunnel to my ISP (and to the Internet). Is it possible at all? 5. Has anybody experience with a remote installation of PoPToP incl. MSCHAPv2/MPPE? Are there any risks I should be especially aware of, or things to check before I start? Or can it be done only locally and I should ask my IHP to install it for me? Many thanks in advance for any hints, Ivo Truxa PS: I am trying to send this message to the list without subscribing. I am not sure if it works. If replying to the list, please attach a CC to my address too: pptp at truxoft.com Thanks From cduffy at mvista.com Fri Jun 23 11:52:14 2000 From: cduffy at mvista.com (Charles Duffy) Date: Fri, 23 Jun 2000 09:52:14 -0700 Subject: [pptp-server] remote administration (keywords: ADSL,PPTP through PPTP,Telnet,FTP) In-Reply-To: ; from truxa@truxoft.com on Fri, Jun 23, 2000 at 03:21:57PM +0200 References: Message-ID: <20000623095214.A921@mvista.com> On Fri, Jun 23, 2000 at 03:21:57PM +0200, Ivo Truxa wrote: > I want to use PPTP to securely administrate a dedicated Linux web server > from my NT machine over the Internet. My questions: > > 1. I hope I understood well that once I build the tunnel between the remote > machine and me, all the communication runs encrypted (presuming MPPE having > installed on both ends). Is that correct, or is there any way some > connections to the remote machine could escape from the tunnel? Barring any bugs (and none are known and likely to be causing this), everything should be encrypted unless MPPE fails. It is advisable that you install the MPPE-only patch to prevent this from happening; my understanding is that it will terminate a session rather than allow it to go unencrypted. > 2. Strangely I have not seen using Telnet through PPTP mentioned anywhere as > a secure alternative to SSLTelnet, SSH and other secure shells. Is there any > problem in using Telnet trough a PPTP or is there some better alternative? The only "problem" is that it's not as versitile -- with SSH, your connection is encrypted as far as wherever you're connecting to. With telnet over PPTP, it's only encrypted as far as the PPTP server. Also, SSH has (particularly in RSA key mode) far better crypto than MPPE provides (see Counterpane's analysis). > 3. Same for FTP. Well, I understand that installing Samba would be probably > better alternative, but would FTP through PPTP still work fine (and secure)? > I suppose there should be no problem, but would like to have it confirmed. Yes, it would work -- but MPPE's security still leaves something to be desired. I strongly reccomend SCP (the file-copying counterpart to SSH). > 4. I am connected to the Internet through a VPN (also PPTP). I use ADSL > modem that connects me to the network of my national telecom. Through a > tunnel (PPTP) in their network I am connected to my ISP. How the connection > to my remote web server would be made? (My remote web server is outside of > the national telecom network). It seems to me that I would need to build a > second tunnel (to my server) inside of the tunnel to my ISP (and to the > Internet). Is it possible at all? Yes, you can nest tunnels. As long as your routing to the target of the second target goes through the first (ie. your first tunnel is correctly configured), the second one should go through it without any special configuration. > 5. Has anybody experience with a remote installation of PoPToP incl. > MSCHAPv2/MPPE? Are there any risks I should be especially aware of, or > things to check before I start? Or can it be done only locally and I should > ask my IHP to install it for me? Any time you're loading kernel modules, you're putting the system at a slight risk. As long as you compile against the same kernel version as is on the remote machine, though, or compile on the remote machine, you should be fine. Really, though, it's probably better security-wise to use SSH/SCP if you have the choice. PuTTY/PSCP are a pair of high quality, free SSH and SCP clients for Windows; you might want to consider giving them a try. (Also, if you have a low-bandwidth connection and turn on SSH's compression, you may get better performance). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From alexander.jernejcic at i-online.cc Fri Jun 23 14:04:33 2000 From: alexander.jernejcic at i-online.cc (Alexander Jernejcic) Date: Fri, 23 Jun 2000 21:04:33 +0200 Subject: [pptp-server] pptp+mschap+radius+dedicated ip adresses Message-ID: hi folks, i happily got pptp running, but now i have to set up authentication against radius and dedicated ip-adresses for our dummy (nt)users. any pointers to a stable setup? ;) alexander From boris at microtrader.com Fri Jun 23 15:13:51 2000 From: boris at microtrader.com (Boris Reisig) Date: Fri, 23 Jun 2000 15:13:51 -0500 Subject: [pptp-server] ** Serious ** PPTP Bug or windows? Message-ID: <000f01bfdd4f$8c7fbdc0$5101a8c0@mycompany.xxx> Ok, Heres the scenerio I have. I have a PPTP server and a Samba Wins server [v2.05a] up and going on our work lan network. I have it configured properly since I have tested out the VPN on my computer and I could see the network thru network neighborhood. The problem is that I have a second computer [both with Win98] and ive patched them both from windowsupdate.microsoft.com for securety holes and it seems that the second computer cant see anyone in the network neighborhood. Im not connected twice and both computers have the *same* configuration properties when getting into the VPN. I can the remote computers and access the share thru \\ but I *need* to have network neighborhood working for the clients. I even checked the browse.dat and wins.dat file to see if the computer was registered and sambas database. Any suggestions? -------------- next part -------------- An HTML attachment was scrubbed... URL: From not_work at hotmail.com Fri Jun 23 22:01:03 2000 From: not_work at hotmail.com (Edith LEVY) Date: Fri, 23 Jun 2000 20:01:03 PDT Subject: [pptp-server] help Message-ID: <20000624030104.82973.qmail@hotmail.com> >From: pptp-server-request at lists.schulte.org >Reply-To: pptp-server at lists.schulte.org >To: pptp-server at lists.schulte.org >Subject: pptp-server digest, Vol 1 #442 - 9 msgs >Date: Fri, 23 Jun 2000 12:00:13 -0500 > >Send pptp-server mailing list submissions to > pptp-server at lists.schulte.org > >To subscribe or unsubscribe via the World Wide Web, visit > http://lists.schulte.org/mailman/listinfo/pptp-server >or, via email, send a message with subject or body 'help' to > pptp-server-request at lists.schulte.org > >You can reach the person managing the list at > pptp-server-admin at lists.schulte.org > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of pptp-server digest..." > > >Today's Topics: > > 1. PTY read or GRE write failure (Daniel Slatford) > 2. Re: PTY read or GRE write failure (Neale Banks) > 3. *fixed* Unresolved symbol RC4_set_key (Iain Cox) > 4. Re: *fixed* Unresolved symbol RC4_set_key (Charles Duffy) > 5. mppe error (=?koi8-r?B?4czFy9PFyiDtwcDLz9c=?=) > 6. RE: *fixed* Unresolved symbol RC4_set_key (Jean-Paul Chavant) > 7. Re: *fixed* Unresolved symbol RC4_set_key (Giulio Orsero) > 8. remote administration (keywords: ADSL,PPTP through PPTP,Telnet,FTP) >(Ivo Truxa) > 9. Re: remote administration (keywords: ADSL,PPTP through >PPTP,Telnet,FTP) (Charles Duffy) > >--__--__-- > >Message: 1 >From: "Daniel Slatford" >To: >Date: Thu, 22 Jun 2000 20:33:42 +0100 >charset="iso-8859-1" >Subject: [pptp-server] PTY read or GRE write failure > >Greetings all, > >Anybody able to shed any light on whats going on here? Trying to get a >basic >pptp server running for doze 98SE client, running pptpd 1.0.0, pppd 2.3.11 >and kernel 2.2.16, SuSE 6.4 box. The box it's running on is a masq box for >my home LAN. > >Can establish a connection momentarially from windows, but it immediately >disconnects. Logfile thus: > >pptpd[1144]: MGR: Launching /usr/local/sbin/pptpctrl to handle client >pptpd[1144]: CTRL: local address = 192.168.1.100 >pptpd[1144]: CTRL: remote address = 192.168.1.234 >pptpd[1144]: CTRL: pppd speed = 115200 >pptpd[1144]: CTRL: pppd options file = /etc/ppp/options.pptp >pptpd[1144]: CTRL: Client 213.48.114.184 control connection started >pptpd[1144]: CTRL: Received PPTP Control Message (type: 1) >pptpd[1144]: CTRL: Made a START CTRL CONN RPLY packet >pptpd[1144]: CTRL: I wrote 156 bytes to the client. >pptpd[1144]: CTRL: Sent packet to client >pptpd[1144]: CTRL: Received PPTP Control Message (type: 7) >pptpd[1144]: CTRL: Set parameters to 0 maxbps, 16 window size >pptpd[1144]: CTRL: Made a OUT CALL RPLY packet >pptpd[1144]: CTRL: Starting call (launching pppd, opening GRE) >pptpd[1144]: CTRL: pty_fd = 5 >pptpd[1144]: CTRL: tty_fd = 6 >pptpd[1145]: CTRL (PPPD Launcher): Connection speed = 115200 >pptpd[1145]: CTRL (PPPD Launcher): local address = 192.168.1.100 >pptpd[1145]: CTRL (PPPD Launcher): remote address = 192.168.1.234 >pptpd[1144]: CTRL: I wrote 32 bytes to the client. >pptpd[1144]: CTRL: Sent packet to client >pptpd[1144]: GRE: read(fd=5,buffer=804dac0,len=8196) from PTY failed: >status >= -1 error = Input/output error >pptpd[1144]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) >pptpd[1144]: CTRL: Client 213.48.114.184 control connection finished >pptpd[1144]: CTRL: Exiting now >pptpd[1099]: MGR: Reaped child 1144 > >As I can't even seem to get this bit working I've not tried recompiling >pppd >with appropiate encryption patches yet. > >The seperate pppd options file /etc/ppp/options.pptp is necessary because I >also have to use pppd to dial into my ISP, the two configurations conflict. >Even tho there's a seperate instance of pppd running each with its own >config file, would that cause a problem for pptpd? > >I'm not 100% sure either if the localip should be any free IP address on >the >subnet (which it is in the above example) or the address of an existing >interface, ie eth0. I always thought it was the former reading the pptpd >docs, however I've been playing with seawall firewall script lately and >that >tells me the latter. (either way, it doesn't work, and using my old (basic) >ipchains script still produced the same problem). > >** > >Also, assuming I manage to clear up this problem - what, in the opinion of >people far more experianced with pptpd than I, is the feasability of using >poptop on a corporate LAN? In our office (A job I've just started - they're >all NT based, eurgh) we plan to have a leased line installed, and need a >firewall/VPN solution. Currently we have neither, just an MS proxy server, >*gulp*. As my experiance with poptop is so far less than impressive (but I >still have faith in it!) is it up to the task of serving, say, up to a >dozen >concurrent connections reliably? (it's this requirement that introduced me >to poptop to begin with, then I realised as sometimes travel about a bit >how >cool it'd be to have a VPN link to my home lan :) > > > >-- >Dan Slatford >------------------------------------------------- >Email: daniel at unity.f9.co.uk Mobile: 07787 778186 >URL : http://www.unity.f9.co.uk ICQ: 12576446 >------------------------------------------------- > > >--__--__-- > >Message: 2 >Date: Fri, 23 Jun 2000 07:25:29 +1000 (EST) >From: Neale Banks >To: Daniel Slatford >cc: pptp-server at lists.schulte.org >Subject: Re: [pptp-server] PTY read or GRE write failure > >On Thu, 22 Jun 2000, Daniel Slatford wrote: > > > Greetings all, > > > > Anybody able to shed any light on whats going on here? Trying to get a >basic > > pptp server running for doze 98SE client, running pptpd 1.0.0, pppd >2.3.11 > > and kernel 2.2.16, SuSE 6.4 box. The box it's running on is a masq box >for > > my home LAN. > > > > Can establish a connection momentarially from windows, but it >immediately > > disconnects. Logfile thus: >[snip] > > > > As I can't even seem to get this bit working I've not tried recompiling >pppd > > with appropiate encryption patches yet. > > > > The seperate pppd options file /etc/ppp/options.pptp is necessary >because I > > also have to use pppd to dial into my ISP, the two configurations >conflict. > > Even tho there's a seperate instance of pppd running each with its own > > config file, would that cause a problem for pptpd? > >"should" be OK. You might coax some useful information from ppp if you >include "debug" in the pppd options (e.g. maybe the caller is using the >MS-style DOMAIN\\user?). > >[...] > > Also, assuming I manage to clear up this problem - what, in the opinion >of > > people far more experianced with pptpd than I, is the feasability of >using > > poptop on a corporate LAN? In our office (A job I've just started - >they're > > all NT based, eurgh) we plan to have a leased line installed, and need a > > firewall/VPN solution. Currently we have neither, just an MS proxy >server, > > *gulp*. As my experiance with poptop is so far less than impressive (but >I > > still have faith in it!) is it up to the task of serving, say, up to a >dozen > > concurrent connections reliably? > >IIRC, others here reported success with these kinds of numbers and there >has been the occasional speculation on how to run many more than this. > > > (it's this requirement that introduced me > > to poptop to begin with, then I realised as sometimes travel about a bit >how > > cool it'd be to have a VPN link to my home lan :) > >PoPToP has its place, but if you have *n*x at each end then there are >other, arguably more appropriate, solutions available (e.g. vpnd). > >HTH, >Neale. > > >--__--__-- > >Message: 3 >Date: Thu, 22 Jun 2000 19:39:12 -0700 >From: Iain Cox >To: "'pptp-server at lists.schulte.org'" >Subject: [pptp-server] *fixed* Unresolved symbol RC4_set_key > >Hi all, > >I got around the unresolved symbol error (from my post yesterday- check >it out for the details) that I was getting in ppp_mppe when trying to >connect clients using encryption. I ditched ppp-2.3.10 and SSLeay-0.9.0b >and grabbed the ppp2.3.11 tarball and applied the >ppp-2.3.11-openssl-0.9.5-mppe.patch available from >ftp.binarix.com/pub/ppp-mppe/ >pptp stays untouched...it was working fine! > >It went something like this...you may need to adjust. > >tar xvzf ppp-2.3.11.tar.gz >cd ppp-2.3.11 >patch -p1 < ppp-2.3.11-openssl-0.9.5-mppe.patch >./configure >make >make kernel >make install > >cd /usr/src/linux/ >make modules SUBDIRS=drivers/net >make modules_install > >Make sure your /etc/ppp/options file is setup correctly to use >encryption, check the client to make sure it is configured properly, >then try the connection again. > > >--__--__-- > >Message: 4 >Date: Thu, 22 Jun 2000 20:03:32 -0700 >From: Charles Duffy >To: "'pptp-server at lists.schulte.org'" >Subject: Re: [pptp-server] *fixed* Unresolved symbol RC4_set_key >"'pptp-server at lists.schulte.org'" >protocol="application/pgp-signature"; boundary="cHMo6Wbp1wrKhbfi" > > >--cHMo6Wbp1wrKhbfi >Content-Type: text/plain; charset=us-ascii >Content-Disposition: inline > >On Thu, Jun 22, 2000 at 07:39:12PM -0700, Iain Cox wrote: > > make kernel > >I'm pretty sure this is the key step. > >Any changes made to the files that are installed into the kernel have >to be done before 'make kernel', or be done directly to the copies in >the kernel source. > >Someone mentioned having changed some files in his ppp directory -- >but without running make kernel, it becomes easy to see why thy could >fail to have any effect. > >--cHMo6Wbp1wrKhbfi >Content-Type: application/pgp-signature >Content-Disposition: inline > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.1 (GNU/Linux) >Comment: For info see http://www.gnupg.org > >iD8DBQE5UtOEr/O29KUQmJURAvKTAJ9AQKPMpilMhEPBfNfs2rzYvn6MlACgszG5 >X5nDaMG9eV9ds3DZ5BG+PXc= >=0EZg >-----END PGP SIGNATURE----- > >--cHMo6Wbp1wrKhbfi-- > >--__--__-- > >Message: 5 >From: =?koi8-r?B?4czFy9PFyiDtwcDLz9c=?= >To: >Date: Fri, 23 Jun 2000 14:33:54 +1100 >boundary="----=_NextPart_000_0015_01BFDD20.0ECF1E90" >Subject: [pptp-server] mppe error > >This is a multi-part message in MIME format. > >------=_NextPart_000_0015_01BFDD20.0ECF1E90 >Content-Type: text/plain; > charset="koi8-r" >Content-Transfer-Encoding: quoted-printable > >Hi, all ! >I'm having a some problems during the installation of "PPP with = >MSCHAPv2/MPPE". Then the all make-ing procedures are completed and I = >typing the ' insmod ppp_mppe ', I receiving the next message :=20 >"insmod : /lib/modules/2.0.36/net/ppp_mppe.o : unresolved symbol = >RC4_set_key". >What's wrong in my actions ? >With best regards, Alex Mayukoff, Russia. >p.s. sorry for my poor English > > >------=_NextPart_000_0015_01BFDD20.0ECF1E90 >Content-Type: text/html; > charset="koi8-r" >Content-Transfer-Encoding: quoted-printable > > > > > > > > >
Hi, all  !
>
I'm having a some problems during = >the=20 >installation of "PPP with MSCHAPv2/MPPE". Then the all make-ing = >procedures=20 >are completed and I typing the ' insmod ppp_mppe ', I receiving the next = >message=20 >:
>
"insmod : = >/lib/modules/2.0.36/net/ppp_mppe.o=20 >: unresolved symbol RC4_set_key".
>
What's wrong in my actions = >?
>
With best regards, Alex Mayukoff, = > >Russia.
>
p.s. sorry for my poor = >English
>
 
> >------=_NextPart_000_0015_01BFDD20.0ECF1E90-- > > >--__--__-- > >Message: 6 >From: "Jean-Paul Chavant" >To: "Pptp" >Cc: "Iain Cox" >Subject: RE: [pptp-server] *fixed* Unresolved symbol RC4_set_key >Date: Fri, 23 Jun 2000 12:37:13 +0200 >charset="iso-8859-1" > >hello, > >i resolve my problem using ppp2.3.11 tarball with >ppp-2.3.11-openssl-0.9.5-mppe.patch and openssl-0.9.5a. > >It works with no encryption !!! > >BUT :( > >I want to use encryption ! And it doesn't work ... > >if i use encryption with my /etc/ppp/options file : > >lock >debug >auth >+chap >proxyarp >+chapms >+chapms-v2 >mppe-40 >mppe-128 >mppe-stateless > >i ve an error on my client (629) >and in the pptp.log file this one : > >/usr/sbin/pppd: In file /etc/ppp/options: unrecognized option '+chapms' > >whereis my problem ? i m not able to find it ... :( > >JP > > > > > > > Hi all, > > > > I got around the unresolved symbol error (from my post yesterday- >check > > it out for the details) that I was getting in ppp_mppe when trying to > > connect clients using encryption. I ditched ppp-2.3.10 and > > SSLeay-0.9.0b > > and grabbed the ppp2.3.11 tarball and applied the > > ppp-2.3.11-openssl-0.9.5-mppe.patch available from > > ftp.binarix.com/pub/ppp-mppe/ > > pptp stays untouched...it was working fine! > > > > It went something like this...you may need to adjust. > > > > tar xvzf ppp-2.3.11.tar.gz > > cd ppp-2.3.11 > > patch -p1 < ppp-2.3.11-openssl-0.9.5-mppe.patch > > ./configure > > make > > make kernel > > make install > > > > cd /usr/src/linux/ > > make modules SUBDIRS=drivers/net > > make modules_install > > > > Make sure your /etc/ppp/options file is setup correctly to use > > encryption, check the client to make sure it is configured properly, > > then try the connection again. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > >--__--__-- > >Message: 7 >From: Giulio Orsero >To: "Pptp" >Subject: Re: [pptp-server] *fixed* Unresolved symbol RC4_set_key >Date: Fri, 23 Jun 2000 13:21:22 +0200 >Organization: nowhere > >On Fri, 23 Jun 2000 12:37:13 +0200, you wrote: > > >/usr/sbin/pppd: In file /etc/ppp/options: unrecognized option '+chapms' > >whereis my problem ? i m not able to find it ... :( >Are you sure you have installed the new (patched) pppd? > >-- >giulioo at pobox.com > >--__--__-- > >Message: 8 >From: "Ivo Truxa" >To: >Date: Fri, 23 Jun 2000 15:21:57 +0200 >charset="iso-8859-1" >Subject: [pptp-server] remote administration (keywords: ADSL,PPTP through >PPTP,Telnet,FTP) > >Please excuse if my questions are lame, it was not my intension. I studied >the FAQ, HOWTO, mail-list-archives, made a research on SE, but I am still >not sure about the right replies. > >A remark to the list-moderator: a searchable web-interface to the archives >would be VERY helpful and could save the list subscribers from many lamers >like me! > >I want to use PPTP to securely administrate a dedicated Linux web server >from my NT machine over the Internet. My questions: > >1. I hope I understood well that once I build the tunnel between the remote >machine and me, all the communication runs encrypted (presuming MPPE having >installed on both ends). Is that correct, or is there any way some >connections to the remote machine could escape from the tunnel? > >2. Strangely I have not seen using Telnet through PPTP mentioned anywhere >as >a secure alternative to SSLTelnet, SSH and other secure shells. Is there >any >problem in using Telnet trough a PPTP or is there some better alternative? > >3. Same for FTP. Well, I understand that installing Samba would be probably >better alternative, but would FTP through PPTP still work fine (and >secure)? >I suppose there should be no problem, but would like to have it confirmed. > >4. I am connected to the Internet through a VPN (also PPTP). I use ADSL >modem that connects me to the network of my national telecom. Through a >tunnel (PPTP) in their network I am connected to my ISP. How the connection >to my remote web server would be made? (My remote web server is outside of >the national telecom network). It seems to me that I would need to build a >second tunnel (to my server) inside of the tunnel to my ISP (and to the >Internet). Is it possible at all? > >5. Has anybody experience with a remote installation of PoPToP incl. >MSCHAPv2/MPPE? Are there any risks I should be especially aware of, or >things to check before I start? Or can it be done only locally and I should >ask my IHP to install it for me? > >Many thanks in advance for any hints, >Ivo Truxa > >PS: I am trying to send this message to the list without subscribing. I am >not sure if it works. If replying to the list, please attach a CC to my >address too: pptp at truxoft.com > >Thanks > > > >--__--__-- > >Message: 9 >Date: Fri, 23 Jun 2000 09:52:14 -0700 >From: Charles Duffy >To: pptp-server at lists.schulte.org >Cc: pptp at truxoft.com >Subject: Re: [pptp-server] remote administration (keywords: ADSL,PPTP >through PPTP,Telnet,FTP) >pptp-server at lists.schulte.org, pptp at truxoft.com >protocol="application/pgp-signature"; boundary="wRRV7LY7NUeQGEoC" > > >--wRRV7LY7NUeQGEoC >Content-Type: text/plain; charset=us-ascii >Content-Disposition: inline >Content-Transfer-Encoding: quoted-printable > >On Fri, Jun 23, 2000 at 03:21:57PM +0200, Ivo Truxa wrote: > > I want to use PPTP to securely administrate a dedicated Linux web server > > from my NT machine over the Internet. My questions: > >=20 > > 1. I hope I understood well that once I build the tunnel between the >remo= >te > > machine and me, all the communication runs encrypted (presuming MPPE >havi= >ng > > installed on both ends). Is that correct, or is there any way some > > connections to the remote machine could escape from the tunnel? > >Barring any bugs (and none are known and likely to be causing this), >everything should be encrypted unless MPPE fails. > >It is advisable that you install the MPPE-only patch to prevent this >from happening; my understanding is that it will terminate a session >rather than allow it to go unencrypted. > > > 2. Strangely I have not seen using Telnet through PPTP mentioned >anywhere= > as > > a secure alternative to SSLTelnet, SSH and other secure shells. Is there >= >any > > problem in using Telnet trough a PPTP or is there some better >alternative? > >The only "problem" is that it's not as versitile -- with SSH, your >connection is encrypted as far as wherever you're connecting to. With >telnet over PPTP, it's only encrypted as far as the PPTP server. > >Also, SSH has (particularly in RSA key mode) far better crypto than >MPPE provides (see Counterpane's analysis). > > > 3. Same for FTP. Well, I understand that installing Samba would be >probab= >ly > > better alternative, but would FTP through PPTP still work fine (and >secur= >e)? > > I suppose there should be no problem, but would like to have it >confirmed. > >Yes, it would work -- but MPPE's security still leaves something to >be desired. I strongly reccomend SCP (the file-copying counterpart to >SSH). > > > 4. I am connected to the Internet through a VPN (also PPTP). I use ADSL > > modem that connects me to the network of my national telecom. Through a > > tunnel (PPTP) in their network I am connected to my ISP. How the >connecti= >on > > to my remote web server would be made? (My remote web server is outside >of > > the national telecom network). It seems to me that I would need to build >a > > second tunnel (to my server) inside of the tunnel to my ISP (and to the > > Internet). Is it possible at all? > >Yes, you can nest tunnels. As long as your routing to the target of >the second target goes through the first (ie. your first tunnel is >correctly configured), the second one should go through it without any >special configuration. > > > 5. Has anybody experience with a remote installation of PoPToP incl. > > MSCHAPv2/MPPE? Are there any risks I should be especially aware of, or > > things to check before I start? Or can it be done only locally and I >shou= >ld > > ask my IHP to install it for me? > >Any time you're loading kernel modules, you're putting the system at a >slight risk. As long as you compile against the same kernel version as >is on the remote machine, though, or compile on the remote machine, >you should be fine. > >Really, though, it's probably better security-wise to use SSH/SCP if >you have the choice. PuTTY/PSCP are a pair of high quality, free SSH >and SCP clients for Windows; you might want to consider giving them a >try. (Also, if you have a low-bandwidth connection and turn on SSH's >compression, you may get better performance). > >--wRRV7LY7NUeQGEoC >Content-Type: application/pgp-signature >Content-Disposition: inline > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.1 (GNU/Linux) >Comment: For info see http://www.gnupg.org > >iD8DBQE5U5W+r/O29KUQmJURArWDAKC2cZkb4qJZglWA+s+rw8SF7H4PIACcD9T0 >Am/Y1tlQ4IvkCcNM5OdU4ms= >=A7+M >-----END PGP SIGNATURE----- > >--wRRV7LY7NUeQGEoC-- > > >--__--__-- > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! > >End of pptp-server Digest_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com From daniel at unity.f9.co.uk Sat Jun 24 19:16:35 2000 From: daniel at unity.f9.co.uk (Daniel Slatford) Date: Sun, 25 Jun 2000 01:16:35 +0100 Subject: [pptp-server] Continuing problem, and a clue? Message-ID: <000c01bfde3a$9f448300$0301a8c0@thehoneycomb.net> I still can't get a connection up and running, but this dialogue is common to every connection attempt regardless of configuration (Well, providing it can get this far) : Jun 25 01:05:03 server pppd[7282]: ipcp: up Jun 25 01:05:03 server pppd[7282]: Could not determine local IP address Jun 25 01:05:03 server pppd[7282]: ipcp: down Jun 25 01:05:03 server pppd[7282]: sent [IPCP TermReq id=0x4 "Could not determine local IP address"] Jun 25 01:05:03 server pppd[7282]: Timeout 0x8050b20:0x807a4e0 in 3 seconds. Jun 25 01:05:04 server pppd[7282]: rcvd [IPCP TermAck id=0x4] Jun 25 01:05:04 server pppd[7282]: Untimeout 0x8050b20:0x807a4e0. Jun 25 01:05:04 server pppd[7282]: sent [LCP TermReq id=0x5 "No network protocols running"] Jun 25 01:05:04 server pppd[7282]: Timeout 0x8050b20:0x807a280 in 3 seconds. Jun 25 01:05:04 server pppd[7282]: rcvd [LCP TermAck id=0x5] Jun 25 01:05:04 server pppd[7282]: Untimeout 0x8050b20:0x807a280. Jun 25 01:05:04 server pppd[7282]: Connection terminated. This is after the client has been authorised, ms-wins and ms-dns servers assigned, etc. pptpd then moans about PTY read or GRE write failure. I'm fairly sure this is the problem - does anyone with a working setup get this error from pppd (with debugging on)? Running pptpd 1.0.0, pppd with mschap/mppe patch (still does the same without it), 2.2.16 and seawall firewall 3.1, on suse 6.4. I dial out with a modem and pppd, but use seperate pppd options files of course. pptpd 1.1.1 didn't solve the problem. Any clues to anyone? ipchains ruleset includes this on a custom chain (defined by seawall) : target prot opt source destination ports ACCEPT gre ------ anywhere n/a -- Dan Slatford ------------------------------------------------- Email: daniel at unity.f9.co.uk Mobile: 07787 778186 URL : http://www.unity.f9.co.uk ICQ: 12576446 ------------------------------------------------- From daniel at unity.f9.co.uk Sat Jun 24 19:20:50 2000 From: daniel at unity.f9.co.uk (Daniel Slatford) Date: Sun, 25 Jun 2000 01:20:50 +0100 Subject: [pptp-server] ** Serious ** PPTP Bug or windows? In-Reply-To: <000f01bfdd4f$8c7fbdc0$5101a8c0@mycompany.xxx> Message-ID: <000d01bfde3b$3734b0e0$0301a8c0@thehoneycomb.net> Questions - does the second computer fail to browse the network only when connected with the first, or even if it's the only VPN client? In either case, is the VPN adapter on the machine that doesn't work getting a different IP from the machine that does work? If so, have you edited /etc/hosts on the samba server to include this IP? -- Dan Slatford ------------------------------------------------- Email: daniel at unity.f9.co.uk Mobile: 07787 778186 URL : http://www.unity.f9.co.uk ICQ: 12576446 ------------------------------------------------- -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Boris Reisig Sent: 23 June 2000 21:14 To: pptp-server at lists.schulte.org Subject: [pptp-server] ** Serious ** PPTP Bug or windows? Ok, Heres the scenerio I have. I have a PPTP server and a Samba Wins server [v2.05a] up and going on our work lan network. I have it configured properly since I have tested out the VPN on my computer and I could see the network thru network neighborhood. The problem is that I have a second computer [both with Win98] and ive patched them both from windowsupdate.microsoft.com for securety holes and it seems that the second computer cant see anyone in the network neighborhood. Im not connected twice and both computers have the *same* configuration properties when getting into the VPN. I can the remote computers and access the share thru \\ but I *need* to have network neighborhood working for the clients. I even checked the browse.dat and wins.dat file to see if the computer was registered and sambas database. Any suggestions? From jp.chavant at geosys.fr Mon Jun 26 03:55:39 2000 From: jp.chavant at geosys.fr (Jean-Paul Chavant) Date: Mon, 26 Jun 2000 10:55:39 +0200 Subject: [pptp-server] problem during patching ? Message-ID: <005d01bfdf4c$4d70a640$6503a8c0@pcjpc> Hello, as i am obstinate , i try again to install encryption ... and i look for this : patch -p1 < ppp-2.3.11-openssl-0.9.5-mppe.patch The next patch would create the file linux/rc4.h, which already exists! Assume -R? [n] y (Stripping trailing CRs from patch.) patching file linux/rc4.h The next patch would create the file linux/rc4_enc.c, which already exists! Assume -R? [n] y (Stripping trailing CRs from patch.) patching file linux/rc4_enc.c (Stripping trailing CRs from patch.) patching file linux/rc4_locl.h The next patch would create the file linux/rc4_skey.c, which already exists! Assume -R? [n] y (Stripping trailing CRs from patch.) patching file linux/rc4_skey.c ... make kernel Could not find source file rc4_enc.c ! Could not find source file rc4_skey.c ! Could not find source file rc4.h ! the pacth i use do strange things ... Jean-Paul _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From jp.chavant at geosys.fr Mon Jun 26 05:29:19 2000 From: jp.chavant at geosys.fr (Jean-Paul Chavant) Date: Mon, 26 Jun 2000 12:29:19 +0200 Subject: [pptp-server] IT WORKS :)) Message-ID: <006401bfdf59$62e93fc0$6503a8c0@pcjpc> Hello, finally i install successfully pptp with encryption. i think there is an error in the HOW-TO ... it s not necessary to delete rc4_skey.c reference and to copy opensssl/crytpo/rc4/rc4_files. the openssl patch creates or copies the necessary files ! to sum up : using linux 2.2.14-mdk - download pptp.rpm (on moretonbay ressource) and install it (rpm -ivh) - donwload ppp-2.3.11 from ftp://cs.anu.edu.au/pub/software/ppp/ for example) and untar - download patch ppp-2.3.11-openssl-0.9.5-mppe.patch from ftp.binarix.com/pub/ppp-mppe/ - go into ppp src directory - apply the patch (patch -p1 < ppp-2.3.11-openssl-0.9.5-mppe.patch) - ./configure - make - make kernel - make install - go into linux src directory - make modules SUBDIRS=drivers/net - make module_install - depmod -a - modprobe ppp - modprobe ppp_mppe - configure /etc/ppp/options it works !!! 40 bits version on Win9x ... for 128 bits encryption you have to be in US or Canada or to have a friend who can give you the patch (thank you M$ ...) bye ... :) Jean-Paul _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From opjose at ex-pressnet.com Mon Jun 26 05:52:27 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Mon, 26 Jun 2000 06:52:27 -0400 Subject: [pptp-server] IT WORKS :)) In-Reply-To: <006401bfdf59$62e93fc0$6503a8c0@pcjpc> Message-ID: Thank you for this info... I've run accross the same trouble myself! Do you know how or where I can find the 128bit patch (I'm in the U.S.). Where would I look and/or under what? Thanks! -JMS opjose at ex-pressnet.com |-----Original Message----- |From: pptp-server-admin at lists.schulte.org |[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jean-Paul |Chavant |Sent: Monday, June 26, 2000 6:29 AM |To: Pptp |Subject: [pptp-server] IT WORKS :)) | | |Hello, | |finally i install successfully pptp with encryption. |i think there is an error in the HOW-TO ... |it s not necessary to delete rc4_skey.c reference and to copy |opensssl/crytpo/rc4/rc4_files. the openssl patch creates or copies the |necessary files ! | |to sum up : | |using linux 2.2.14-mdk | |- download pptp.rpm (on moretonbay ressource) and install it (rpm -ivh) |- donwload ppp-2.3.11 from ftp://cs.anu.edu.au/pub/software/ppp/ for |example) and untar |- download patch ppp-2.3.11-openssl-0.9.5-mppe.patch from |ftp.binarix.com/pub/ppp-mppe/ |- go into ppp src directory |- apply the patch (patch -p1 < ppp-2.3.11-openssl-0.9.5-mppe.patch) |- ./configure |- make |- make kernel |- make install |- go into linux src directory |- make modules SUBDIRS=drivers/net |- make module_install |- depmod -a |- modprobe ppp |- modprobe ppp_mppe |- configure /etc/ppp/options | |it works !!! 40 bits version on Win9x ... |for 128 bits encryption you have to be in US or Canada or to have a friend |who can give you the patch (thank you M$ ...) | |bye ... :) | |Jean-Paul | | _-----_ GEOSYS SA - Service Informatique | (_/ \_) T?l.: (0) 5 62 47 80 75 | (_____) \/\/\___ http://www.geosys.fr/ | |_______________________________________________ |pptp-server maillist - pptp-server at lists.schulte.org |http://lists.schulte.org/mailman/listinfo/pptp-server |List services provided by www.schulteconsulting.com! From jp.chavant at geosys.fr Mon Jun 26 09:05:50 2000 From: jp.chavant at geosys.fr (Jean-Paul Chavant) Date: Mon, 26 Jun 2000 16:05:50 +0200 Subject: [pptp-server] 0 / 40 / 128 bits ... Message-ID: <000001bfdf77$a23444e0$6503a8c0@pcjpc> hello how can i know if i am in 40 or 128 bits encryption ? how options in DUN (requires data encryption / encrypted password / etc can be used and active. for exemple, if i desactivate requires data encryption and if i connect my client to my server data is encrypted ...) i can do that only from server (activate or desactivate options) (it s for tests ...) thanks Jean-Paul _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From boris at microtrader.com Mon Jun 26 09:38:03 2000 From: boris at microtrader.com (Boris Reisig) Date: Mon, 26 Jun 2000 09:38:03 -0500 Subject: [pptp-server] Window Bugs? Message-ID: <00d801bfdf7c$22e47700$5101a8c0@mycompany.xxx> Hello, I have *3* computers here running Win98, Win98SE, Win Millenium. I my VPN working properly with samba and everything. The problem is that the network neighborhood sometimes doesnt work and I cant browse. I can access the share directly. What I did for testing is setup each machine running all different versions of windows the same, Dialed in and checked if I could see anyone in the "Network Neighborhood". I am using samba [2.0.7] as a wins server and I can ping it and access the shares directly. The problem is that the Win98 and Win98SE, I can VPN in and *sometimes* I can browse the Network neighborhood. And whenever I can browse, Sometimes at random times I click on my network neighborhood and all the computers are gone. I was thinking it was something with my wins server but I can ping and I checked the browse.dat/wins.dat file if all the computers were registered. Is it a windows bug with their VPN or reading from a wins server or something? I wonder if theirs a patch or anything. Anyways, Whenever I use my Windows Millenium to log into the vpn, *every* time ive logged in, I could see all the shares via network neighborhood. Sounds like they changed some code to make it work better. Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: From jp.chavant at geosys.fr Mon Jun 26 10:20:39 2000 From: jp.chavant at geosys.fr (Jean-Paul Chavant) Date: Mon, 26 Jun 2000 17:20:39 +0200 Subject: [pptp-server] stupid question ? Message-ID: <000b01bfdf82$15e47720$6503a8c0@pcjpc> hello, ... what does it mean mppe_stateless ? Jean-Paul _-----_ GEOSYS SA - Service Informatique (_/ \_) T?l.: (0) 5 62 47 80 75 (_____) \/\/\___ http://www.geosys.fr/ From ccosby at westhq.com Mon Jun 26 11:18:04 2000 From: ccosby at westhq.com (Christopher S. Cosby) Date: Mon, 26 Jun 2000 12:18:04 -0400 (EDT) Subject: [pptp-server] Win98 IPCP not starting Message-ID: After way too much digging and crying, I've come to the conclusion that Win98 (First Edition) is a big ole piece of trash. The problem is simply that Win98 will not attempt to start an IPCP protocol layer. It seems to be only on this laptop (for now). My Win95 box works great. Perfectly, in fact. I have no issues with connecting from any other machines (all Win95) and setups are identical. My rope is getting tighter. I'm already at the end of it. Thanks in advance for any suggestions. Chris Cosby ccosby at westhq.com From opjose at ex-pressnet.com Mon Jun 26 12:20:14 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Mon, 26 Jun 2000 13:20:14 -0400 Subject: [pptp-server] Win98 IPCP not starting In-Reply-To: Message-ID: Normally this is a result of misconfiguration in the LAN setup... not necessarily wrought by the user... rather bad registry entries. Try this: In the WIN98SE machine, go into the control panel and delete all networking items. Then boot to dos, and delete the protocol.* files in the windows directory. Reboot windows and let it re-detect the LAN card. Re-install the setups... This normally cures what you are seeing. -JMS |-----Original Message----- |From: pptp-server-admin at lists.schulte.org |[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher S. |Cosby |Sent: Monday, June 26, 2000 12:18 PM |To: pptp-server at lists.schulte.org |Subject: [pptp-server] Win98 IPCP not starting | | |After way too much digging and crying, I've come to the conclusion that |Win98 (First Edition) is a big ole piece of trash. The problem is simply |that Win98 will not attempt to start an IPCP protocol layer. It seems to |be only on this laptop (for now). My Win95 box works great. Perfectly, |in fact. I have no issues with connecting from any other machines (all |Win95) and setups are identical. My rope is getting tighter. I'm already |at the end of it. | |Thanks in advance for any suggestions. |Chris Cosby |ccosby at westhq.com | | |From ppplog.txt of broken (Win98) machine: |... |06-26-2000 11:46:20.94 - CHAP : Layer up. |06-26-2000 11:46:20.94 - FSA : No net control protocols started. |... | |From ppplog.txt of working (Win95) machine: |... |06-26-2000 11:56:19.34 - CHAP : Layer up. |06-26-2000 11:56:19.34 - IPCP : Layer started. |06-26-2000 11:56:19.34 - IPCP : IP address is 0. |... | | |_______________________________________________ |pptp-server maillist - pptp-server at lists.schulte.org |http://lists.schulte.org/mailman/listinfo/pptp-server |List services provided by www.schulteconsulting.com! From ejb at ql.org Mon Jun 26 12:37:27 2000 From: ejb at ql.org (E. Jay Berkenbilt) Date: Mon, 26 Jun 2000 13:37:27 -0400 Subject: [pptp-server] clients can see only some machines.... why? Message-ID: <200006261737.NAA11370@soup.ads.apexinc.com> I have some clients running various combinations of Windows 95 and NT 4.0. They are able to connect and authenticate, but they are only able to see some hosts. Here's my setup in detail: I have a firewall running Linux with a 2.2.16 kernel patched with PPTP masquerading support and ipfwd. I have TCP port 1723 and IP protocol 47 forwarding to an internal machine which is running a PPTP server. This seems to work flawlessly. On the internal network, I have a RedHat 6.0 box with a 2.2.10 kernel, a patched ppp-2.3.10 that includes the MS-CHAP and MS-style encryption. This machine is running an unmodified PoPToP 1.0.0. My /etc/ppp/options is: lock auth require-chap ms-dns 192.168.0.1 ms-wins 192.168.0.101 require-chapms require-chapms-v2 mppe-40 mppe-128 mppe-stateless where 192.168.0.101 is the IP address of our NT primary domain controller and 192.168.0.1 is the IP address of our primary DNS server. My /etc/pptpd.conf is localip 192.168.254.1 remoteip 192.168.255.1-8 Also, on the Linux box running pptp, I have ipchains -A forward -p all 192.168.255.0/24 -j MASQ IP masquerading, including ICMP masquerading are compiled as modules and are loaded automatically. The NT clients are all running Service pack 5. The 95 clients are running with the dialup network 1.3 patch, the VPN patch, and some dialup networking y2k patch from Microsoft. Clients have IP Header compression off, default gateway over connection on, TCP enabled, NetBEUI and IPX disabled. They connect using a login and password in /etc/ppp/chap-secrets on the pptp server. The login is not necessarily the same as the login on the domain, and no domain authentication is happening here to my knowledge. Here's what works: * Authentication and connection to the network. * ping, telnet, DNS resolutions to our internal network (works via masquerading) * START -> Run... \\ads-svr-1 -- ads-svr-1 is our primary domain controller. It is on the same subnet as the pptp server, but it is not itself the pptp server. Connecting to some machines like this works. * Outlook-2000 to access exchange server which is also on the same subnet as the pptp sever. Here's what does not work: * Browsing via network neighborhood (no surprise here, and I don't need to fix it). * Access to some other machines in the network. Attempts to access other machines fail with a message indicating that no service recognizes the name. It appears that name resolution must not be working well. I have yet to find a convincing pattern to which machines work and which don't. Our PDC works, as does one of our development file servers. These are both running NT Server with service pack 4 or higher. Another file server does not work. I think it's also running NT server, but there's some chances it is running NT workstation. I do not administratively control that server. All three servers have static IP addresses which are registered with DNS and are also available via NMB. I can't access any of the samba servers in this way. The samba servers all have domain authentication. Does anyone have any ideas on what I might try to track down the differences between the machines that work and those that don't? Also, I would like my clients to keep their default route going over the Internet and to have only 192.168.0.0/24 routed over the PPP connection, but I don't see any way to do that under Windows. For what it's worth, I have several years of network and UNIX admin experience, but not much in the way of Windows -- survival sysadmin skills, basically. Any tips would be most helpful. -- E. Jay Berkenbilt (ejb at ql.org) | http://www.ql.org/q/ From ccosby at westhq.com Mon Jun 26 14:11:00 2000 From: ccosby at westhq.com (Christopher S. Cosby) Date: Mon, 26 Jun 2000 15:11:00 -0400 Subject: [pptp-server] Win98 IPCP not starting Message-ID: <89D18A644A05D411867600B0D0207D0006EA52@JOBBER> Thank you Jose. After doing all of this, my connection is now working again. What kind of world would it be without all this information? Thanks a million. Coz -----Original Message----- From: Jose M. Sanchez [mailto:opjose at ex-pressnet.com] Sent: Monday, June 26, 2000 1:20 PM To: Christopher S. Cosby; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Win98 IPCP not starting Normally this is a result of misconfiguration in the LAN setup... not necessarily wrought by the user... rather bad registry entries. Try this: In the WIN98SE machine, go into the control panel and delete all networking items. Then boot to dos, and delete the protocol.* files in the windows directory. Reboot windows and let it re-detect the LAN card. Re-install the setups... This normally cures what you are seeing. -JMS |-----Original Message----- |From: pptp-server-admin at lists.schulte.org |[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher S. |Cosby |Sent: Monday, June 26, 2000 12:18 PM |To: pptp-server at lists.schulte.org |Subject: [pptp-server] Win98 IPCP not starting | | |After way too much digging and crying, I've come to the conclusion that |Win98 (First Edition) is a big ole piece of trash. The problem is simply |that Win98 will not attempt to start an IPCP protocol layer. It seems to |be only on this laptop (for now). My Win95 box works great. Perfectly, |in fact. I have no issues with connecting from any other machines (all |Win95) and setups are identical. My rope is getting tighter. I'm already |at the end of it. | |Thanks in advance for any suggestions. |Chris Cosby |ccosby at westhq.com | | |From ppplog.txt of broken (Win98) machine: |... |06-26-2000 11:46:20.94 - CHAP : Layer up. |06-26-2000 11:46:20.94 - FSA : No net control protocols started. |... | |From ppplog.txt of working (Win95) machine: |... |06-26-2000 11:56:19.34 - CHAP : Layer up. |06-26-2000 11:56:19.34 - IPCP : Layer started. |06-26-2000 11:56:19.34 - IPCP : IP address is 0. |... | | |_______________________________________________ |pptp-server maillist - pptp-server at lists.schulte.org |http://lists.schulte.org/mailman/listinfo/pptp-server |List services provided by www.schulteconsulting.com! From bsmojver at sebs.com.au Mon Jun 26 22:58:20 2000 From: bsmojver at sebs.com.au (Bojan Smojver) Date: Tue, 27 Jun 2000 13:58:20 +1000 Subject: [pptp-server] PPP 2.3.11 + MPPE + OpenSSL 0.9.5a for Alpha Message-ID: <51FBC35ABD59D21181E30000F805BDAC4317C0@elvis.sias> Just a little addition to the existing patches. Can be found at ftp://ftp.binarix.com/pub/ppp-mppe/. Bojan From admin at gothica.net Mon Jun 26 22:08:08 2000 From: admin at gothica.net (System Administrator) Date: Mon, 26 Jun 2000 21:08:08 -0600 (MDT) Subject: [pptp-server] Connectivity Problem Message-ID: Greetings All, I am new to PPTP and to this list. I have successfully installed PoPToP and it appears to be working properly except for one minor detail. I am able to connect to the server remotely and access the remote network without a problem for about the first 2 to 5 minutes. I have verified that both firewalls are correctly configured and all neccessary routers contain the proper routes for the assigned addresses. Everything works great in the beginning but then the connection simply ceases. It doesn't hangup but no more data passes between the hosts. Any ideas? Thanks, admin at gothica.net From support at tecpro.com Tue Jun 27 01:55:18 2000 From: support at tecpro.com (Charles Peters - Tech Support) Date: Tue, 27 Jun 2000 02:55:18 -0400 Subject: [pptp-server] Establishing a connection Message-ID: <39581796.6330.2E30E93@localhost> Greetings: I am currently attempting to set up a VPN with PopTop. My server configuration is FreeBSD 4.0-Release, and Samba 2.0.6. I have installed the PopTop port on this server to allow for the VPN connections. I am attempting to connect to this server (ip address = 24.x.x.x) from a Windows 98 box from behing a NATD gateway (win98 ip address = 192.168.0.55). My questions are as follows: 1. How do I verify that I have installed and started the PopTop software correctly? 2. How do I verify that the PopTop daemon is running? 3. How do I configure my Win98 client machine to connect to the PopTop VPN Server? I have read the docs, and am obviously missing something. A point in the right direction would be greatly appreciated. Thanks, Charles Charles Peters mailto:support at tecpro.com From pss at gmx.at Tue Jun 27 03:23:21 2000 From: pss at gmx.at (Patrick Stuckenberger) Date: Tue, 27 Jun 2000 10:23:21 +0200 Subject: [pptp-server] (no subject) Message-ID: <000601bfe027$fe6fcf30$3d015f0a@systemica.com> please help me to unsubscribe -------------- next part -------------- An HTML attachment was scrubbed... URL: From opjose at ex-pressnet.com Tue Jun 27 08:04:47 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Tue, 27 Jun 2000 09:04:47 -0400 Subject: [pptp-server] Win98 IPCP not starting In-Reply-To: <89D18A644A05D411867600B0D0207D0006EA52@JOBBER> Message-ID: Heh, glad to be of service! -JMS opjose at ex-pressnet.com |-----Original Message----- |From: pptp-server-admin at lists.schulte.org |[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Christopher S. |Cosby |Sent: Monday, June 26, 2000 3:11 PM |To: pptp-server at lists.schulte.org |Subject: RE: [pptp-server] Win98 IPCP not starting | | |Thank you Jose. After doing all of this, my connection is now working |again. What kind of world would it be without all this information? | |Thanks a million. |Coz | | From robert.ludvik at zd-lj.si Tue Jun 27 09:38:45 2000 From: robert.ludvik at zd-lj.si (Robert Ludvik) Date: Tue, 27 Jun 2000 16:38:45 +0200 Subject: [pptp-server] confirmation Message-ID: <001101bfe045$67311b60$3b14fad5@robertl.doma.net> From opjose at ex-pressnet.com Tue Jun 27 09:51:32 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Tue, 27 Jun 2000 10:51:32 -0400 Subject: [pptp-server] What do Select() errors mean? In-Reply-To: <001101bfe045$67311b60$3b14fad5@robertl.doma.net> Message-ID: Hi all... Does anyone know what server side select() errors mean? What does this refer to? Thanks -JMS opjose at ex-pressnet.com From opjose at ex-pressnet.com Tue Jun 27 12:25:04 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Tue, 27 Jun 2000 13:25:04 -0400 Subject: [pptp-server] What do Select() errors mean? In-Reply-To: <3958C3A4.D3C92667@javalinux.net> Message-ID: Thanks, I discovered that the cause was that I had not set up VPN properly on the Winblows client... I've lost SOOOO much time on this one... (That's what the second VPN connection was for!!!). Well now I have it working... sort of... I can't see any windows shares on the remote LAN I'm connected to, even though I'm able to log in properly, and I can access the remote gateway. I've given it the correct domain\\username in chap-secrets but the domain logons do not work under windows... You wouldn't have any ideas on where to look? Thanks -JMS |-----Original Message----- |From: nmeyers at javalinux.net [mailto:nmeyers at javalinux.net] |Sent: Tuesday, June 27, 2000 11:09 AM |To: opjose at ex-pressnet.com |Cc: pptp-server at lists.schulte.org |Subject: Re: [pptp-server] What do Select() errors mean? | | |"Jose M. Sanchez" wrote: | |> Hi all... |> |> Does anyone know what server side select() errors mean? | |Usually it means that the remote client has ended the session, causing |the server to detect a disconnect when using the select() call. Unless |you're seeing bad behavior, it's nothing to worry about. | |Nathan | |> |> |> What does this refer to? |> |> Thanks |> |> -JMS |> opjose at ex-pressnet.com |> |> _______________________________________________ |> pptp-server maillist - pptp-server at lists.schulte.org |> http://lists.schulte.org/mailman/listinfo/pptp-server |> List services provided by www.schulteconsulting.com! | From dimambro at pacbell.net Tue Jun 27 13:07:26 2000 From: dimambro at pacbell.net (Brian L. DiMambro) Date: Tue, 27 Jun 2000 11:07:26 -0700 Subject: [pptp-server] Error .... Message-ID: <3958ED5E.4CB7B9@pacbell.net> Hi all. What could be causing these errors? This specific error causes syslogd to do so much work it maxes my system. I am running RH 6.2 with ppp 2.3.10 and pptpd 1.0.0-1 with no encryption. Jun 27 08:01:54 wclvs2-0 pptpd[6787]: CTRL: Unexpected control message 0 in disconnect sequence, Jun 27 08:01:54 wclvs2-0 pptpd[6787]: CTRL: EOF or bad error reading ctrl packet length., Jun 27 08:01:54 wclvs2-0 pptpd[6787]: CTRL: couldn't read packet header (exit), Jun 27 08:01:54 wclvs2-0 pptpd[6787]: CTRL: Unexpected control message 0 in disconnect sequence, Jun 27 08:01:54 wclvs2-0 pptpd[6787]: CTRL: EOF or bad error reading ctrl packet length., Jun 27 08:01:54 wclvs2-0 pptpd[6787]: CTRL: couldn't read packet header (exit), Jun 27 08:01:54 wclvs2-0 pptpd[6787]: CTRL: Unexpected control message 0 in disconnect sequence, Jun 27 08:01:54 wclvs2-0 pptpd[6787]: CTRL: EOF or bad error reading ctrl packet length., Jun 27 08:01:54 wclvs2-0 pptpd[6787]: CTRL: couldn't read packet header (exit), Jun 27 08:01:55 wclvs2-0 pptpd[6787]: CTRL: Unexpected control message 0 in disconnect sequence Any help will be appreciated. Thanks Brian From BAust at healthdec.com Tue Jun 27 15:42:42 2000 From: BAust at healthdec.com (Brian Aust) Date: Tue, 27 Jun 2000 16:42:42 -0400 Subject: [pptp-server] What do Select() errors mean? Message-ID: JMS, What did you wind up doing to the Winblows client to eliminate the SELECT() error? I've got a poptop server myself which only SOMETIMES works. Sometimes my Winblows client can connect, and see all the internal machines and everything, but then the next time i try it i get a select() error in the /var/log/messages file, and the winblows client just hangs on the Verifying Username... screen. I'm excited that this SOMETIMES works, but I'm trying to roll this out to three coworkers in Britain, and i can't have it only work "sometimes". Anything specific that you modified? There only seems to be so much one can change on the winblows DialUpNetworking client -- very few options, etc. Were there changes you made on the server?? Cheers, Brian Brian R. Aust Manager of Information Technology Health Decisions, Inc. 1512 East Franklin St. Suite 200 Chapel Hill, NC 27514 919.967.2399 x247 baust at healthdec.com > -----Original Message----- > From: Jose M. Sanchez [mailto:opjose at ex-pressnet.com] > Sent: Tuesday, June 27, 2000 1:25 PM > To: nmeyers at javalinux.net > Cc: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] What do Select() errors mean? > > > > Thanks, I discovered that the cause was that I had not set up > VPN properly > on the Winblows client... I've lost SOOOO much time on this one... > > (That's what the second VPN connection was for!!!). > > Well now I have it working... sort of... I can't see any > windows shares on > the remote LAN I'm connected to, even though I'm able to log > in properly, > and I can access the remote gateway. > > I've given it the correct domain\\username in chap-secrets > but the domain > logons do not work under windows... > > You wouldn't have any ideas on where to look? > > Thanks > > -JMS > > |-----Original Message----- > |From: nmeyers at javalinux.net [mailto:nmeyers at javalinux.net] > |Sent: Tuesday, June 27, 2000 11:09 AM > |To: opjose at ex-pressnet.com > |Cc: pptp-server at lists.schulte.org > |Subject: Re: [pptp-server] What do Select() errors mean? > | > | > |"Jose M. Sanchez" wrote: > | > |> Hi all... > |> > |> Does anyone know what server side select() errors mean? > | > |Usually it means that the remote client has ended the > session, causing > |the server to detect a disconnect when using the select() > call. Unless > |you're seeing bad behavior, it's nothing to worry about. > | > |Nathan > | > |> > |> > |> What does this refer to? > |> > |> Thanks > |> > |> -JMS > |> opjose at ex-pressnet.com > |> > |> _______________________________________________ > |> pptp-server maillist - pptp-server at lists.schulte.org > |> http://lists.schulte.org/mailman/listinfo/pptp-server > |> List services provided by www.schulteconsulting.com! > | > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From opjose at ex-pressnet.com Tue Jun 27 17:26:06 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Tue, 27 Jun 2000 18:26:06 -0400 Subject: [pptp-server] What do Select() errors mean? In-Reply-To: Message-ID: Re: Select() The problem was user error... ME. I have two connection points on the clients I was trying to use. Either Dialup or via a local LAN/Cable modem/Masq connection. I had originally deleted VPN after installing Windows. I manually re-installed it. This creates the single VPN entry in the network properties box in the control panel. This works fine for my LAN connections but I kept getting select() errors when attempting to connect via a dialup ISP. I finally discovered what the Second VPN #2 dialup adapter was for. It is used to enable VPN over dialups. PPP "rides" the second adapter. After removing all vestiges of networking from the clients then re-installing the VPN #2 connection re-appeared. This eliminated the select() errors and permitted the clients to log in... Otherwise I'm just running PPP 2.2.11 with the patch file applied. options file contains debug +chapms +chapms-v2 name firewall remotename remote mppe-40 mppe-128 mppe-stateless require-chap proxyarp auth chap-secrets contains domain\\admin * password * firewall domain\\admin password * remote * password * * remote password * --- Now I know the tunnel works, because I can do things like run PC-ANYWHERE thru the tunnel to machines on the remote LAN... but I am still totally unable to view the shares. I can even use the remote gateway. Do you have any idea on what I might have missed? The VPN clients log in just fine. They seem to authenticate via PoPToP even with "Log in to Network" enabled... However I cannot browse or attach to ANY shares on the remote LAN. Even attempting to connect to a workstation share fails. The remote LAN has a PDC and BDC, with TCP/IP enabled and working. I've tried various versions of chap-secrets entries... the logs indicates that the login and domain logon works... but I don't know if the PoPToP box is actually passing requests to the NT PDC... I even force the username in options with name firewall remotename domain\\admin But still no shares. Thanks. -JMS |-----Original Message----- |From: Brian Aust [mailto:BAust at healthdec.com] |Sent: Tuesday, June 27, 2000 4:43 PM |To: 'opjose at ex-pressnet.com'; nmeyers at javalinux.net |Cc: pptp-server at lists.schulte.org |Subject: RE: [pptp-server] What do Select() errors mean? | | |JMS, | |What did you wind up doing to the Winblows client to eliminate the SELECT() |error? | |I've got a poptop server myself which only SOMETIMES works. Sometimes my |Winblows client can connect, and see all the internal machines and |everything, but then the next time i try it i get a select() error in the |/var/log/messages file, and the winblows client just hangs on the Verifying |Username... screen. | |I'm excited that this SOMETIMES works, but I'm trying to roll this out to |three coworkers in Britain, and i can't have it only work "sometimes". |Anything specific that you modified? There only seems to be so |much one can |change on the winblows DialUpNetworking client -- very few options, etc. | |Were there changes you made on the server?? | |Cheers, |Brian | |Brian R. Aust |Manager of Information Technology |Health Decisions, Inc. |1512 East Franklin St. Suite 200 |Chapel Hill, NC 27514 |919.967.2399 x247 |baust at healthdec.com | | |> -----Original Message----- |> From: Jose M. Sanchez [mailto:opjose at ex-pressnet.com] |> Sent: Tuesday, June 27, 2000 1:25 PM |> To: nmeyers at javalinux.net |> Cc: pptp-server at lists.schulte.org |> Subject: RE: [pptp-server] What do Select() errors mean? |> |> |> |> Thanks, I discovered that the cause was that I had not set up |> VPN properly |> on the Winblows client... I've lost SOOOO much time on this one... |> |> (That's what the second VPN connection was for!!!). |> |> Well now I have it working... sort of... I can't see any |> windows shares on |> the remote LAN I'm connected to, even though I'm able to log |> in properly, |> and I can access the remote gateway. |> |> I've given it the correct domain\\username in chap-secrets |> but the domain |> logons do not work under windows... |> |> You wouldn't have any ideas on where to look? |> |> Thanks |> |> -JMS |> |> |-----Original Message----- |> |From: nmeyers at javalinux.net [mailto:nmeyers at javalinux.net] |> |Sent: Tuesday, June 27, 2000 11:09 AM |> |To: opjose at ex-pressnet.com |> |Cc: pptp-server at lists.schulte.org |> |Subject: Re: [pptp-server] What do Select() errors mean? |> | |> | |> |"Jose M. Sanchez" wrote: |> | |> |> Hi all... |> |> |> |> Does anyone know what server side select() errors mean? |> | |> |Usually it means that the remote client has ended the |> session, causing |> |the server to detect a disconnect when using the select() |> call. Unless |> |you're seeing bad behavior, it's nothing to worry about. |> | |> |Nathan |> | |> |> |> |> |> |> What does this refer to? |> |> |> |> Thanks |> |> |> |> -JMS |> |> opjose at ex-pressnet.com |> |> |> |> _______________________________________________ |> |> pptp-server maillist - pptp-server at lists.schulte.org |> |> http://lists.schulte.org/mailman/listinfo/pptp-server |> |> List services provided by www.schulteconsulting.com! |> | |> |> _______________________________________________ |> pptp-server maillist - pptp-server at lists.schulte.org |> http://lists.schulte.org/mailman/listinfo/pptp-server |> List services provided by www.schulteconsulting.com! |> From BAust at healthdec.com Tue Jun 27 17:45:51 2000 From: BAust at healthdec.com (Brian Aust) Date: Tue, 27 Jun 2000 18:45:51 -0400 Subject: [pptp-server] What do Select() errors mean? Message-ID: > -----Original Message----- > From: Jose M. Sanchez [mailto:opjose at ex-pressnet.com] > Sent: Tuesday, June 27, 2000 6:26 PM [SNIP] > > Otherwise I'm just running PPP 2.2.11 with the patch file applied. Which patch file exactly? I was only running 2.3.11 by itself, straight from RHAT. I just downgraded to 2.3.8 because i can't think of anything else to try and Moretonbay sez that 2.3.8 works perfectly.... At this point i'm not overly concerned about encryption, i just want a reliable VPN where i can connect every time, without those select() errors. After trying my hand at 2.3.8 (and assuming it doesn't fix the problem) i'll reinstall the 2.3.11 RPM and apply this patch file that you're talking about, once i know which one it is. > > Now I know the tunnel works, because I can do things like run > PC-ANYWHERE > thru the tunnel to machines on the remote LAN... but I am > still totally > unable to view the shares. > > I can even use the remote gateway. > > Do you have any idea on what I might have missed? The only thing i can think of was the thing that **I** had missed, which was preventing me from seeing other internal machines, browsing shares, etc. I had to turn on IP forwarding on the Linux poptop server, per Scott Stone's suggestion. You need to do a "echo 1 > /proc/sys/net/ipv4/ip_forward" command, which places a 1 in that ip_forward file. THe moment i did that, i was able to ping and map drives to all my internal LANs machines. I'll know about 2.3.8's success or failure in about an hour... HTH, Brian Brian R. Aust Mgr of IT Health Decisions, Inc. Chapel Hill, NC 27514 From ccosby at westhq.com Tue Jun 27 18:00:01 2000 From: ccosby at westhq.com (Christopher S. Cosby) Date: Tue, 27 Jun 2000 19:00:01 -0400 Subject: [pptp-server] What do Select() errors mean? Message-ID: <89D18A644A05D411867600B0D0207D0006EA58@JOBBER> Seems like a common "broadcast doesn't work over anything but a local subnet" problem. So, I ask this: are you using WINS? Nevermind...I answered my own question. Your options file should contain "ms-wins xxx.xxx.xxx.xxx", pointing to a WINS server. If you don't have a WINS server, use Samba to set one up (real simple). Most (some)times this works fine, browsing works. At other times, browsing may not work, but using UNC paths will work. Never have figured that one out. I still have my problem from yesterday, by the way (Win98 First Edition not starting IPCP). Here's a closer look at what's happening. If I connect the computer to the local LAN using its Ethernet adapter and connect to my VPN that way, it works great. A "route print" shows that all of the routes are setup properly (I choose to use "Use default gateway on remote network" for some unrelated things). Now, let's try a real-life situation of being at home and needing the VPN. I dial my ISP with a dial-up networking connection. Fine. Works. I try the same VPN connection. The server shows the CHAP login. Nothing at all after that. The ppplog.txt from the Win98 machine shows a curious line right at the top: "FSA : Protocol not bound - skipping control protocol 8021 (IPCP)." This compares to the working line of: "FSA : Adding Control Protocol 8021 (IPCP) to control protocol chain." What have I done? On Jose's suggestion, I deleted the DUN connections. Then, I uninstalled Dial-Up Networking. Reboot. Uninstall all of the network clients, adapters, and protocols. Delete C:\windows\protocol.* Reboot. Run regedit. Look for anything even remotely related to "network", remove that (selectively, of course). Reinstall everything, starting with Dial-Up Networking. In my Network properties, I see "Client for Microsoft Networks", "Dial-Up Adapter", "Dial-Up Adapter #2 (VPN Support)", "Microsoft Virtual Private Networking Adapter", "NDISWAN -> msvpnadptr", "TCP/IP -> dunadapter", "TCP/IP -> dunadapter2". All bindings are present and working. Nada. Tried installing dun40.exe (40-bit encryption upgrade for Win98). Nada. I presented the janitor with the machine and asked him to bring it back to me Friday. Hope I was of a little help in the first half. I also hope that someone else can shed some of that Microsoft light on me. Thanks regardless. Coz -----Original Message----- From: Jose M. Sanchez [mailto:opjose at ex-pressnet.com] Sent: Tuesday, June 27, 2000 6:26 PM To: Brian Aust; nmeyers at javalinux.net Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] What do Select() errors mean? Re: Select() The problem was user error... ME. I have two connection points on the clients I was trying to use. Either Dialup or via a local LAN/Cable modem/Masq connection. I had originally deleted VPN after installing Windows. I manually re-installed it. This creates the single VPN entry in the network properties box in the control panel. This works fine for my LAN connections but I kept getting select() errors when attempting to connect via a dialup ISP. I finally discovered what the Second VPN #2 dialup adapter was for. It is used to enable VPN over dialups. PPP "rides" the second adapter. After removing all vestiges of networking from the clients then re-installing the VPN #2 connection re-appeared. This eliminated the select() errors and permitted the clients to log in... Otherwise I'm just running PPP 2.2.11 with the patch file applied. options file contains debug +chapms +chapms-v2 name firewall remotename remote mppe-40 mppe-128 mppe-stateless require-chap proxyarp auth chap-secrets contains domain\\admin * password * firewall domain\\admin password * remote * password * * remote password * --- Now I know the tunnel works, because I can do things like run PC-ANYWHERE thru the tunnel to machines on the remote LAN... but I am still totally unable to view the shares. I can even use the remote gateway. Do you have any idea on what I might have missed? The VPN clients log in just fine. They seem to authenticate via PoPToP even with "Log in to Network" enabled... However I cannot browse or attach to ANY shares on the remote LAN. Even attempting to connect to a workstation share fails. The remote LAN has a PDC and BDC, with TCP/IP enabled and working. I've tried various versions of chap-secrets entries... the logs indicates that the login and domain logon works... but I don't know if the PoPToP box is actually passing requests to the NT PDC... I even force the username in options with name firewall remotename domain\\admin But still no shares. Thanks. -JMS |-----Original Message----- |From: Brian Aust [mailto:BAust at healthdec.com] |Sent: Tuesday, June 27, 2000 4:43 PM |To: 'opjose at ex-pressnet.com'; nmeyers at javalinux.net |Cc: pptp-server at lists.schulte.org |Subject: RE: [pptp-server] What do Select() errors mean? | | |JMS, | |What did you wind up doing to the Winblows client to eliminate the SELECT() |error? | |I've got a poptop server myself which only SOMETIMES works. Sometimes my |Winblows client can connect, and see all the internal machines and |everything, but then the next time i try it i get a select() error in the |/var/log/messages file, and the winblows client just hangs on the Verifying |Username... screen. | |I'm excited that this SOMETIMES works, but I'm trying to roll this out to |three coworkers in Britain, and i can't have it only work "sometimes". |Anything specific that you modified? There only seems to be so |much one can |change on the winblows DialUpNetworking client -- very few options, etc. | |Were there changes you made on the server?? | |Cheers, |Brian | |Brian R. Aust |Manager of Information Technology |Health Decisions, Inc. |1512 East Franklin St. Suite 200 |Chapel Hill, NC 27514 |919.967.2399 x247 |baust at healthdec.com | | |> -----Original Message----- |> From: Jose M. Sanchez [mailto:opjose at ex-pressnet.com] |> Sent: Tuesday, June 27, 2000 1:25 PM |> To: nmeyers at javalinux.net |> Cc: pptp-server at lists.schulte.org |> Subject: RE: [pptp-server] What do Select() errors mean? |> |> |> |> Thanks, I discovered that the cause was that I had not set up |> VPN properly |> on the Winblows client... I've lost SOOOO much time on this one... |> |> (That's what the second VPN connection was for!!!). |> |> Well now I have it working... sort of... I can't see any |> windows shares on |> the remote LAN I'm connected to, even though I'm able to log |> in properly, |> and I can access the remote gateway. |> |> I've given it the correct domain\\username in chap-secrets |> but the domain |> logons do not work under windows... |> |> You wouldn't have any ideas on where to look? |> |> Thanks |> |> -JMS |> |> |-----Original Message----- |> |From: nmeyers at javalinux.net [mailto:nmeyers at javalinux.net] |> |Sent: Tuesday, June 27, 2000 11:09 AM |> |To: opjose at ex-pressnet.com |> |Cc: pptp-server at lists.schulte.org |> |Subject: Re: [pptp-server] What do Select() errors mean? |> | |> | |> |"Jose M. Sanchez" wrote: |> | |> |> Hi all... |> |> |> |> Does anyone know what server side select() errors mean? |> | |> |Usually it means that the remote client has ended the |> session, causing |> |the server to detect a disconnect when using the select() |> call. Unless |> |you're seeing bad behavior, it's nothing to worry about. |> | |> |Nathan |> | |> |> |> |> |> |> What does this refer to? |> |> |> |> Thanks |> |> |> |> -JMS |> |> opjose at ex-pressnet.com |> |> |> |> _______________________________________________ |> |> pptp-server maillist - pptp-server at lists.schulte.org |> |> http://lists.schulte.org/mailman/listinfo/pptp-server |> |> List services provided by www.schulteconsulting.com! |> | |> |> _______________________________________________ |> pptp-server maillist - pptp-server at lists.schulte.org |> http://lists.schulte.org/mailman/listinfo/pptp-server |> List services provided by www.schulteconsulting.com! |> _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From opjose at ex-pressnet.com Tue Jun 27 18:59:28 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Tue, 27 Jun 2000 19:59:28 -0400 Subject: [pptp-server] What do Select() errors mean? In-Reply-To: Message-ID: |-----Original Message----- |From: Brian Aust [mailto:BAust at healthdec.com] |Sent: Tuesday, June 27, 2000 6:46 PM |To: 'opjose at ex-pressnet.com' |Cc: pptp-server at lists.schulte.org |Subject: RE: [pptp-server] What do Select() errors mean? | | | |> -----Original Message----- |> From: Jose M. Sanchez [mailto:opjose at ex-pressnet.com] |> Sent: Tuesday, June 27, 2000 6:26 PM | |[SNIP] |> |> Otherwise I'm just running PPP 2.2.11 with the patch file applied. | |Which patch file exactly? I was only running 2.3.11 by itself, straight |from RHAT. I just downgraded to 2.3.8 because i can't think of anything |else to try and Moretonbay sez that 2.3.8 works perfectly.... At |this point ppp-2.3.11-openssl-0.9.5-mppe.patch Available at ftp://ftp.binarix.com/pub/ppp-mppe/ Which works great, and it adds all the MCHAP and encryption patches in one step. Apply this to a freshly untarred 2.2.11 in the /usr/src directory. then ./configure make kernel make make install then recompile your kernel & modules and install. |i'm not overly concerned about encryption, i just want a reliable VPN where |i can connect every time, without those select() errors. After trying my |hand at 2.3.8 (and assuming it doesn't fix the problem) i'll reinstall the |2.3.11 RPM and apply this patch file that you're talking about, once i know |which one it is. | | -JMS | From opjose at ex-pressnet.com Tue Jun 27 19:23:10 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Tue, 27 Jun 2000 20:23:10 -0400 Subject: [pptp-server] What do Select() errors mean? In-Reply-To: <89D18A644A05D411867600B0D0207D0006EA58@JOBBER> Message-ID: |-----Original Message----- |From: Christopher S. Cosby [mailto:ccosby at westhq.com] |Sent: Tuesday, June 27, 2000 7:00 PM |To: 'opjose at ex-pressnet.com' |Cc: pptp-server at lists.schulte.org |Subject: RE: [pptp-server] What do Select() errors mean? | | |Seems like a common "broadcast doesn't work over anything but a local |subnet" problem. So, I ask this: are you using WINS? Nevermind...I |answered my own question. Your options file should contain "ms-wins |xxx.xxx.xxx.xxx", pointing to a WINS server. If you don't have a WINS |server, use Samba to set one up (real simple). Most (some)times this works |fine, browsing works. At other times, browsing may not work, but using UNC |paths will work. Never have figured that one out. | | Well thank you. This forced me to go back and change the options file. I pointed the ms-wins entry to the PDC (which is set up as a WINS server)... After doing what you recommended I then manually loaded ip_gre and ip_masq_pptp restarted pptpd and wham I can map to the remote shares... The logs indicate an ip_demasq_gre module... since I don't have any such animal I assume that this is the ip_gre module at work... Heh, not that this is even mentioned in the HOWTO's... However I'm still totally unable to browse the shares... -JMS From opjose at ex-pressnet.com Tue Jun 27 19:29:08 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Tue, 27 Jun 2000 20:29:08 -0400 Subject: [pptp-server] What do Select() errors mean? In-Reply-To: <89D18A644A05D411867600B0D0207D0006EA58@JOBBER> Message-ID: As a follow-up to my last message... I tried browsing on a machine that had no prior connection to a domain... I.E. I set up a dialup to an ISP and then VPN'd to the PoPToP server... Wammo again... all the shares show up... Now I just need to figure out why my LAN connected machines (in another domain) will not display the shares on the remote domain... Otherwise... Halleluiah! -JMS |-----Original Mes |List services provided by www.schulteconsulting.com! From opjose at ex-pressnet.com Wed Jun 28 05:46:02 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Wed, 28 Jun 2000 06:46:02 -0400 Subject: [pptp-server] PoPToP remote browsing... question. Message-ID: Hello all; Thanks to the help and pointers I got here, I finally got PoPToP working. Users who dial up via an ISP, and have not previously set up any domain membership, seem to have no trouble viewing the shares on the remote LAN. (See below) Currently I'm trying to get my Masq'd machines to also view the shares on the remote LAN. I'm actually able to MAP to remote drives and printers if I invoke them by name. But I'm not able to browse the remote network. I can browse individual machines shares if I manually enter the machine name in the Explorer. This raises the questions: 1) Do I have to install anything on my local LAN's Masq box? (Mandrake 7.01) 2) Do I have to modify any rule sets for IPCHAINS to view the remote network? 3) I see that Windows presents the name of the CURRENT domain to the remote when the connection is established. I found this in the registry. I had to change this on the dialup clients that had already "joined" another domain at some point as no matter what I did, Windows reverted back to the original domain when connecting. I edited the registry entries to use the remote DOMAIN name instead. After I made this change the dialup/isp users were able to browse the PoPToP'd LAN. There seems to be no way to modify this elsewhere in windows... even after removing and re-installing all network components! I tried this same technique on my Masq'd boxes, but it had no affect. I could still connect to the remote shares, but I could not browse them. Any suggestions or ideas? Thanks a bunch! -JMS opjose at ex-pressnet.com From robert.ludvik at zd-lj.si Wed Jun 28 08:23:14 2000 From: robert.ludvik at zd-lj.si (Robert Ludvik) Date: Wed, 28 Jun 2000 15:23:14 +0200 Subject: [pptp-server] ifconfig Message-ID: <000e01bfe104$03cabbc0$0ac8a8c0@zdlj.si> hi i have pptpd running on linux RH6.1. when i connect to server from my win98 machine via VPN, everything seems to be ok. on linux, if i run ifconfig, there are only results for eth0 and lo - not for ppp0 (i log *.* to /dev/tty12 - when i connect it sets my local and remote IP - 192.168.100.x and 192.168.101.x.). why is that? did i missconfigure something??? thnx Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: From BAust at healthdec.com Wed Jun 28 09:47:57 2000 From: BAust at healthdec.com (Brian Aust) Date: Wed, 28 Jun 2000 10:47:57 -0400 Subject: [pptp-server] Select() errors --- client or server??? Message-ID: Rumour around here seems to have it that "CTRL: select() error" messages appearing in the /var/log/messages file are generally a result of a fubar'd Windoze client setup, as opposed to anything wrong on the poptop server. Here's a sample set: Jun 28 01:21:30 bnyatalie pptpd[20208]: CTRL: Client 24.162.230.175 control connection started Jun 28 01:21:30 bnyatalie pptpd[20208]: CTRL: Starting call (launching pppd, opening GRE) Jun 28 01:21:30 bnyatalie kernel: CSLIP: code copyright 1989 Regents of the University of California Jun 28 01:21:30 bnyatalie kernel: PPP: version 2.3.7 (demand dialling) Jun 28 01:21:30 bnyatalie kernel: PPP line discipline registered. Jun 28 01:21:30 bnyatalie kernel: registered device ppp0 Jun 28 01:21:30 bnyatalie pppd[20209]: pppd 2.3.8 started by root, uid 0 Jun 28 01:21:30 bnyatalie pppd[20209]: Using interface ppp0 Jun 28 01:21:30 bnyatalie pppd[20209]: Connect: ppp0 <--> /dev/pts/2 Jun 28 01:21:59 bnyatalie pptpd[20208]: CTRL: Error with select(), quitting Jun 28 01:21:59 bnyatalie pptpd[20208]: CTRL: Client 24.162.230.175 control connection finished Jun 28 01:21:59 bnyatalie pppd[20209]: Modem hangup Jun 28 01:21:59 bnyatalie pppd[20209]: Connection terminated. Jun 28 01:21:59 bnyatalie pppd[20209]: Exit. I've tried numerous server configurations, always on stock RedHat6.2 box, with poptop 1.0.0, along with ppp of either 2.3.8 or 2.3.11. The Windoze client is always W98 SE. I have done EVERYTHING imaginable on this W98 client -- uninstall DUN, reinstall DUN, install msdun128.exe 128-bit DUN upgrade..... then even so far as to remove all dialup and ethernet adapters, so there's nothing in the Network control panel, then reinstalling everything. SOMETIMES the connection works and i can get in and browse the LAN -- but only about 10-15% of the time. Most usually the W98 client hangs on the "Verifying Username....." screen. Sooo...... a few questions: 1. Has anyone determined what causes these select() errors? 2. Those of you who have a consistently working VPN --- what Windoze clients are you using? NT? 98 (1E or 2E)?, 2000? Any other patches besides the DUN128-bit upgrade? 3. For NT's DUN, I don't see any way possible to select "Microsoft VPN adapter", especially since it doesn't seem possible to save DUN profiles for each server.... even after installing PPTP. Can PoPToP be used with NT DUN clients? 4. Would anyone recommend bumping up to PoPToP 1.1.1 development version to fix this? I've really run out of options, run out of things to try to get a working, consistent VPN going. Any and all help is greatly appreciated guys, Cheers, Brian Brian R. Aust Manager of Information Technology Health Decisions, Inc. 1512 East Franklin St. Suite 200 Chapel Hill, NC 27514 919.967.2399 x247 baust at healthdec.com From gkopp at gregkopp.com Wed Jun 28 10:07:03 2000 From: gkopp at gregkopp.com (Greg Kopp) Date: Wed, 28 Jun 2000 11:07:03 -0400 Subject: [pptp-server] I think I have arouting problem - can you help Message-ID: I have PoPToP working on my linux box - sort of. Here is my configuration: We have a class C connect to the internet. I have the Class C routed into a firewall. I have one subnet (x.x.x.0/255.255.255.128, hosts 1-126, gw=.1) routed to a Lan network. I have another subnet (x.x.x.128/255.255.255.192, hosts 129-190, gw=.129) routed to a DMZ network for web servers and such. I want to use another subnet (x.x.x.192/255.255.255.248, hosts 193-198) for my remote IP addresses. My PPTP server is x.x.x.4 My /etc/pptp.conf file is: localip x.x.x.5 remoteip x.x.x.193-197 My /etc/ppp/options file is: lock debug auth +chap proxyarp My /etc/ppp/chap-secrets file is: # Secrets for authentication using CHAP # client server secret IP addresses user * pass * I can connect to the PPTP server using my Win98 box and it's built in VPN support. But... When it tries to log me into the network (the NT domain) I get an error that it cannot find a domain controller. Also, from the remote client, if I ping x.x.x.5 (the remote IP) it replies. if I ping x.x.x.4 (the PPTP server) it replies. If I ping x.x.x.64 (a server on the LAN) I get no reply. I'm thinking it's a routing issue. So I added a manual route to the firewall (route add -net x.x.x.192 netmask 255.255.255.248 gw x.x.x.4). My assumption is that x.x.x.64 could not find a path to the remote host x.x.x.193 (the remote IP of my VPN client). It should send that packet to the firewall, which should (I think?) forward the packet back to the LAN, but to x.x.x.4, the PPTP server. I have routing enable on the PPTP server. I'm not sure what's holding it up. Any help you could be would be greatly appreciated. Greg From opjose at ex-pressnet.com Wed Jun 28 10:12:52 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Wed, 28 Jun 2000 11:12:52 -0400 Subject: [pptp-server] Select() errors --- client or server??? In-Reply-To: Message-ID: |-----Original Message----- |From: pptp-server-admin at lists.schulte.org |[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Brian Aust |Sent: Wednesday, June 28, 2000 10:48 AM |To: pptp-server at lists.schulte.org |Subject: [pptp-server] Select() errors --- client or server??? | | |Rumour around here seems to have it that "CTRL: select() error" messages |appearing in the /var/log/messages file are generally a result of a fubar'd |Windoze client setup, as opposed to anything wrong on the poptop server. |Here's a sample set: | I can verify this as in my case it was a foobar'd Windows client... |Jun 28 01:21:30 bnyatalie pptpd[20208]: CTRL: Client 24.162.230.175 control |connection started |Jun 28 01:21:30 bnyatalie pptpd[20208]: CTRL: Starting call |(launching pppd, |opening GRE) |Jun 28 01:21:30 bnyatalie kernel: CSLIP: code copyright 1989 Regents of the |University of California |Jun 28 01:21:30 bnyatalie kernel: PPP: version 2.3.7 (demand dialling) |Jun 28 01:21:30 bnyatalie kernel: PPP line discipline registered. |Jun 28 01:21:30 bnyatalie kernel: registered device ppp0 |Jun 28 01:21:30 bnyatalie pppd[20209]: pppd 2.3.8 started by root, uid 0 |Jun 28 01:21:30 bnyatalie pppd[20209]: Using interface ppp0 |Jun 28 01:21:30 bnyatalie pppd[20209]: Connect: ppp0 <--> /dev/pts/2 |Jun 28 01:21:59 bnyatalie pptpd[20208]: CTRL: Error with select(), quitting |Jun 28 01:21:59 bnyatalie pptpd[20208]: CTRL: Client 24.162.230.175 control |connection finished |Jun 28 01:21:59 bnyatalie pppd[20209]: Modem hangup |Jun 28 01:21:59 bnyatalie pppd[20209]: Connection terminated. |Jun 28 01:21:59 bnyatalie pppd[20209]: Exit. | |I've tried numerous server configurations, always on stock RedHat6.2 box, |with poptop 1.0.0, along with ppp of either 2.3.8 or 2.3.11. | Yeap exactly what I saw! |The Windoze client is always W98 SE. I have done EVERYTHING imaginable on |this W98 client -- uninstall DUN, reinstall DUN, install msdun128.exe |128-bit DUN upgrade..... then even so far as to remove all dialup and |ethernet adapters, so there's nothing in the Network control panel, then |reinstalling everything. | I hope you didn't download the patch from Microsoft's web site. For Win98SE the patch completely screws up Windows as it was written for WIN95 & 98 not 98SE! For 98SE you merely use the included VPN configuration. |SOMETIMES the connection works and i can get in and browse the LAN -- but |only about 10-15% of the time. Most usually the W98 client hangs on the |"Verifying Username....." screen. | | |Sooo...... a few questions: | |1. Has anyone determined what causes these select() errors? | |2. Those of you who have a consistently working VPN --- what Windoze |clients are you using? NT? 98 (1E or 2E)?, 2000? Any other patches |besides the DUN128-bit upgrade? | Nope, however I've upgraded from the Windows 98SE update page... Also you HAVE to have VPN Adapter #2 installed by the Windows Setup Add/Remove programs if you are using PPP on another device... I.E. Dialup to an ISP. If you've applied the downloadable EXE patch from Microsoft, start re-installing Win98SE, because it's very difficult to undo the damage. |3. For NT's DUN, I don't see any way possible to select "Microsoft VPN |adapter", especially since it doesn't seem possible to save DUN |profiles for |each server.... even after installing PPTP. Can PoPToP be used with NT DUN |clients? | Dunno on this one. |4. Would anyone recommend bumping up to PoPToP 1.1.1 development |version to |fix this? I've really run out of options, run out of things to |try to get a |working, consistent VPN going. | 1.0.0-1 is working fine for me, FINALLY. As for browsing, it seems that windows "registers" the domain the system is first initiated to when the networking components are installed. If you install VPN after say another adapter card, or after having connected to another domain, you will -NOT- be able to see the remote shares (I've tested this). Your clients must be members of the same domain when windows is first installed or Networking is setup... The original domain is then added to the dialup VPN settings (search the registry) for each adapter. If you've already set up another domain or workgroup, you'll need to uninstall all networking components, edit the registry VPN entries, then re-add in all networking components, making the machine a member of the remote domain. Then browsing works (at least for me). Something is wrong with this, NORMALLY windows can detect other domains on the same lan segment. It seems that once you install VPN and establish a connection Windows does not "see" the remote LAN as being on the same segment as the local one... (I haven't tried setting the remote and local to the same subnet though). In all cases however, specifying the complete UNC does work. -JMS |Any and all help is greatly appreciated guys, | |Cheers, |Brian | From barjunk at attglobal.net Wed Jun 28 13:48:43 2000 From: barjunk at attglobal.net (Michael Barsalou) Date: Wed, 28 Jun 2000 10:48:43 -0800 Subject: [pptp-server] Windows browsing Message-ID: <3959D80B.7020.7CDF89@localhost> One thing that has worked consistently for me is to add the hosts you are trying to browse to the remote machines lmhosts file. Here is an example: 192.168.1.13 server1 #PRE #DOM:DOMMAIN 192.168.1.13 "DOMMAIN \0x1b" #PRE 192.168.1.12 server2 #PRE #DOM:DOMAIN 192.168.1.11 server3 #PRE #DOM:DOMAIN The IP address' correlate to what the machines ip addresses are for the local lan. We use 192.168.1.0 network for our local lan behind a masqueraded firewall. Note on the second entry there are exactly 16 characters (the "\0x1b" sequence is considered one character). In other words, the slash starts in the sixteenth space. The #PRE and #DOM: MUST BE CAPS. If you don't they won't register. use the "nbtstat -R" command to reload the netbios cash table if you need to. Read more information on Microsofts website and search for lmhosts or nbtstat Hope that helps. Mike Michael Barsalou barjunk at attglobal.net From admin at gothica.net Wed Jun 28 13:10:07 2000 From: admin at gothica.net (System Administrator) Date: Wed, 28 Jun 2000 12:10:07 -0600 (MDT) Subject: [pptp-server] Connectivity Problem In-Reply-To: Message-ID: Some additional information which may help the diagnoses. If I tail /var/log/debug on the pptp server while I am connected I see the same messages each time immediately before my connectivity ceases. Below is a paste from the log. May 29 09:58:56 ringworm pppd[6982]: rcvd [Compressed data] 91 b5 b7 1c 9a 36 4d d4 ... May 29 09:58:58 ringworm pppd[6982]: rcvd [Compressed data] 91 b6 b4 13 c2 bc eb 29 ... May 29 09:59:01 ringworm pppd[6982]: rcvd [Compressed data] 91 b7 43 00 4d 7f cf d5 ... May 29 09:59:06 ringworm pppd[6982]: rcvd [Compressed data] 91 b8 58 3b 52 29 d2 73 ... May 29 09:59:17 ringworm pppd[6982]: rcvd [Compressed data] 91 b9 86 87 a1 c9 43 1a ... Hopefully this will help out. Thanks again, admin at gothica.net On Mon, 26 Jun 2000, System Administrator wrote: > Greetings All, > > I am new to PPTP and to this list. I have successfully installed PoPToP > and it appears to be working properly except for one minor detail. I am > able to connect to the server remotely and access the remote network > without a problem for about the first 2 to 5 minutes. I have verified > that both firewalls are correctly configured and all neccessary routers > contain the proper routes for the assigned addresses. Everything works > great in the beginning but then the connection simply ceases. It doesn't > hangup but no more data passes between the hosts. Any ideas? > > Thanks, > > admin at gothica.net > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From Steve.Cowles at gte.net Wed Jun 28 18:10:50 2000 From: Steve.Cowles at gte.net (Cowles, Steve) Date: Wed, 28 Jun 2000 18:10:50 -0500 Subject: [pptp-server] I think I have arouting problem - can you help Message-ID: <31361954B2ADD2118B0900A0C90AFC3E05DBB0@defiant.dsl.gtei.net> The problem your describing is usually related to the PPTP/pppd server not setting its ethernet interface (x.x.x.4) to act as a "proxyarp" for the remote client, not a routing problem. Although, this problem could be as simple as IP_FORWARDING not being enabled in the linux kernel. IP_FORWARDING needs to be enabled to route packets between eth(x) and the ppp devices. When you connect from the remote, do the logfiles indicate that pppd found eth0 or eth1 as a proxyarp for the connection??? On my system, a standard client connection generates the following entries in /var/log/messages. NOTE that line 8 states eth0 will answer arp requests on behalf of the client at 192.168.9.100. e.g. proxyarp. Without this entry, you can forget about other nodes on the same network being able to send data to the remote client. Jun 28 17:21:29 voyager pppd[6793]: pppd 2.3.10 started by root, uid 0 Jun 28 17:21:29 voyager pppd[6793]: Using interface ppp0 Jun 28 17:21:29 voyager pppd[6793]: Connect: ppp0 <--> /dev/pts/2 Jun 28 17:21:31 voyager kernel: PPP BSD Compression module registered Jun 28 17:21:31 voyager kernel: PPP MPPE compression module registered Jun 28 17:21:31 voyager kernel: PPP Deflate Compression module registered Jun 28 17:21:31 voyager pppd[6793]: MSCHAP-v2 peer authentication succeeded for COWLES\\scowles Jun 28 17:21:31 voyager pppd[6793]: found interface eth0 for proxy arp Jun 28 17:21:31 voyager pppd[6793]: local IP address 192.168.9.3 Jun 28 17:21:31 voyager pppd[6793]: remote IP address 192.168.9.100 Jun 28 17:21:38 voyager pppd[6793]: MPPE 128 bit, stateless compression enabled The "No Domain Controller Found" error is always due to no WINS server being specified in your /etc/ppp/options file (ms-wins). FWIW: Your WINS server should contain the PDC/BDC records so when the client tries to authenticate, it knows who to ask. e.g. The Domain Controller. If your not running a WINS server (and you should be!) you will need to construct this PDC/BDC record in the clients LMHOSTS files. Steve Cowles > -----Original Message----- > From: Greg Kopp [mailto:gkopp at gregkopp.com] > Sent: Wednesday, June 28, 2000 10:07 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] I think I have arouting problem - can you help > > > I have PoPToP working on my linux box - sort of. > > Here is my configuration: > > We have a class C connect to the internet. I have the Class C > routed into a firewall. > > I have one subnet (x.x.x.0/255.255.255.128, hosts 1-126, > gw=.1) routed to a Lan network. > > I have another subnet (x.x.x.128/255.255.255.192, hosts > 129-190, gw=.129) routed to a DMZ network for web servers > and such. > > I want to use another subnet (x.x.x.192/255.255.255.248, > hosts 193-198) for my remote IP addresses. > > My PPTP server is x.x.x.4 > > My /etc/pptp.conf file is: > > localip x.x.x.5 > remoteip x.x.x.193-197 > > My /etc/ppp/options file is: > > lock > debug > auth > +chap > proxyarp > > My /etc/ppp/chap-secrets file is: > > # Secrets for authentication using CHAP > # client server secret IP addresses > user * pass * > > I can connect to the PPTP server using my Win98 box and it's > built in VPN support. But... When it tries to log me into the > network (the NT domain) I get an error that it cannot find a > domain controller. Also, from the remote client, if I ping > x.x.x.5 (the remote IP) it replies. if I ping x.x.x.4 (the > PPTP server) it replies. If I ping x.x.x.64 (a server on the > LAN) I get no reply. I'm thinking it's a routing issue. So I > added a manual route to the firewall (route add -net x.x.x.192 > netmask 255.255.255.248 gw x.x.x.4). My assumption is that > x.x.x.64 could not find a path to the remote host x.x.x.193 > (the remote IP of my VPN client). It should send that packet > to the firewall, which should (I think?) forward the packet > back to the LAN, but to x.x.x.4, the PPTP server. I have > routing enable on the PPTP server. > > I'm not sure what's holding it up. Any help you could be > would be greatly appreciated. > > Greg > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From ivanfetch at technologist.com Wed Jun 28 21:10:57 2000 From: ivanfetch at technologist.com (Ivan Fetch) Date: Wed, 28 Jun 2000 19:10:57 -0700 (MST) Subject: [pptp-server] rpms available? In-Reply-To: <31361954B2ADD2118B0900A0C90AFC3E05DBB0@defiant.dsl.gtei.net> Message-ID: Hello, I would like to setup pptpd 1.0.0 on a redhat 6.2 machine, with kernel 2.2.14_5 and pppd 2.3.11. I see there is an rpm for pptpd - is there also one for pppd with the proper MPE patches and so-on so that I may use encryption, Etc? Thank you very much, Ivan Fetch From rbuckley at cendatsys.com Wed Jun 28 22:41:36 2000 From: rbuckley at cendatsys.com (Renee) Date: Wed, 28 Jun 2000 22:41:36 -0500 Subject: [pptp-server] Encryption fails Message-ID: <000801bfe17b$ef3de060$0101010a@p200> Hi. I have PoPToP working, but the encryption fails when I turn it on. I have read through the postings and have tried different configurations, but these do not help. I did see that some people have had problems with data packets getting dropped or getting out of order, and this might be the problem. If anyone has had encryption problems, I would like to talk to you. You can post a message here, or write to me at jbuckley at cendatsys.com . Here is a brief list of the setup: 2.2.14 kernel 2.3.10 pppd mppe patches open ssl All things compiled correctly and all modules load. Thanks, Jim Buckley -------------- next part -------------- An HTML attachment was scrubbed... URL: From antivirus at stratium.fr Wed Jun 28 23:01:44 2000 From: antivirus at stratium.fr (ANTIGEN_STRNS005) Date: Thu, 29 Jun 2000 06:01:44 +0200 Subject: [pptp-server] Antigen found JS/Kak.Worm virus Message-ID: <398F4FEA69F7D211A7730090273C5F89383D01@strns005.stratium.fr> Antigen for Exchange found Unknown infected with JS/Kak.Worm virus. The file is currently Deleted. The message, "[pptp-server] Encryption fails", was sent from Renee . From bogdan at dahas.ro Wed Jun 28 23:12:33 2000 From: bogdan at dahas.ro (Bogdan) Date: Thu, 29 Jun 2000 07:12:33 +0300 Subject: [pptp-server] rbuckley@cendatsys.com this guy send as a tojan Hors :)) bee careful Message-ID: <011f01bfe180$40439e60$0200a8c0@dahas.ro> Look in Start/Programs/StartUp and if U Find Kak in pleas delete is a tojan horse -------------- next part -------------- An HTML attachment was scrubbed... URL: From pponcet at vaxxine.com Wed Jun 28 23:33:05 2000 From: pponcet at vaxxine.com (Patrick Poncet) Date: Thu, 29 Jun 2000 00:33:05 -0400 Subject: [Fwd: Re: [pptp-server] rpms available?] Message-ID: <395AD181.AF2FCB70@vaxxine.com> Hi Ian! Yes, I made one using the ppp-2.3.11.src.rpm and included the openssl-mppe patch for it. What I have not done though is include the kernel drivers for ppp, ppp_mppe, ppp_deflate and other modules. So if you need the kernel modules too, you'll need to get the src.rpm, rebuild it and then execute the kinstall.sh script. I can make it available to you on my LUG anonymous ftp server (let me know). Are any of the poptop developpers interested to link from the poptop web site??? If so, I could put a little more effort and include the ppp kernel modules in it!?! cheers, Patrick. PS: By the way, this pptpd is simply excellent!!! Keep up the good job. Ivan Fetch wrote: > Hello, > I would like to setup pptpd 1.0.0 on a redhat 6.2 machine, with kernel > 2.2.14_5 and pppd 2.3.11. I see there is an rpm for pptpd - is there also > one for pppd with the proper MPE patches and so-on so that I may use > encryption, Etc? > > Thank you very much, > Ivan Fetch > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From ejb at ql.org Thu Jun 29 00:00:42 2000 From: ejb at ql.org (E. Jay Berkenbilt) Date: Thu, 29 Jun 2000 01:00:42 -0400 Subject: [pptp-server] clients can see only some machines.... why? In-Reply-To: <200006261737.NAA11370@soup.ads.apexinc.com> (ejb@ql.org) References: <200006261737.NAA11370@soup.ads.apexinc.com> Message-ID: <200006290500.BAA03492@soup.ql.org> I have figured out the answers to my questions for NT 4.0 clients. Since I have received no response from the list, I will post my answers here in hopes that they will be useful to someone. These answers may not solve everyone's problems, of course... The problem described below basically boiled down to a name resolution problem. It turned out that simply checking "Enable DNS for Windows Resolution" in the TCP/IP protocol properties dialog under the WINS Address tab was sufficient to get names to resolve. Once I got this far, I could connect to any of our servers that had static IP addresses and names registered via DNS. However, after doing this, I could still not connect to the samba servers, which have domain authentication. This is because the NT client was sending the local domain as the domain string in the connection attempt. Entering DOMAIN\Username in the Connect As area solved this problem. I suspect that this will work for Win95 as well, except since there is no place to override connection strings, I would probably have to have the desired domain configured on the client.... Anyway, now I can do everything I want from NT 4.0 clients. (Well, actually, I can tell my users how to do everything they want -- I access our network from Linux.... ;-]) -- E. Jay Berkenbilt (ejb at ql.org) | http://www.ql.org/q/ --------------------------------------------------------------------------- > I have some clients running various combinations of Windows 95 and NT > 4.0. They are able to connect and authenticate, but they are only > able to see some hosts. Here's my setup in detail: > > I have a firewall running Linux with a 2.2.16 kernel patched with PPTP > masquerading support and ipfwd. I have TCP port 1723 and IP protocol > 47 forwarding to an internal machine which is running a PPTP server. > This seems to work flawlessly. > > On the internal network, I have a RedHat 6.0 box with a 2.2.10 kernel, > a patched ppp-2.3.10 that includes the MS-CHAP and MS-style > encryption. This machine is running an unmodified PoPToP 1.0.0. > > My /etc/ppp/options is: > > lock > auth > require-chap > ms-dns 192.168.0.1 > ms-wins 192.168.0.101 > require-chapms > require-chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > where 192.168.0.101 is the IP address of our NT primary domain > controller and 192.168.0.1 is the IP address of our primary DNS > server. > > My /etc/pptpd.conf is > > localip 192.168.254.1 > remoteip 192.168.255.1-8 > > Also, on the Linux box running pptp, I have > > ipchains -A forward -p all 192.168.255.0/24 -j MASQ > > IP masquerading, including ICMP masquerading are compiled as modules > and are loaded automatically. > > The NT clients are all running Service pack 5. The 95 clients are > running with the dialup network 1.3 patch, the VPN patch, and some > dialup networking y2k patch from Microsoft. > > Clients have IP Header compression off, default gateway over > connection on, TCP enabled, NetBEUI and IPX disabled. They connect > using a login and password in /etc/ppp/chap-secrets on the pptp > server. The login is not necessarily the same as the login on the > domain, and no domain authentication is happening here to my > knowledge. > > Here's what works: > > * Authentication and connection to the network. > > * ping, telnet, DNS resolutions to our internal network (works via > masquerading) > > * START -> Run... \\ads-svr-1 -- ads-svr-1 is our primary domain > controller. It is on the same subnet as the pptp server, but it is > not itself the pptp server. Connecting to some machines like this > works. > > * Outlook-2000 to access exchange server which is also on the same > subnet as the pptp sever. > > Here's what does not work: > > * Browsing via network neighborhood (no surprise here, and I don't > need to fix it). > > * Access to some other machines in the network. > > Attempts to access other machines fail with a message indicating that > no service recognizes the name. It appears that name resolution must > not be working well. > > I have yet to find a convincing pattern to which machines work and > which don't. Our PDC works, as does one of our development file > servers. These are both running NT Server with service pack 4 or > higher. Another file server does not work. I think it's also running > NT server, but there's some chances it is running NT workstation. I > do not administratively control that server. All three servers have > static IP addresses which are registered with DNS and are also > available via NMB. > > I can't access any of the samba servers in this way. The samba > servers all have domain authentication. From rich at netlynx.com Thu Jun 29 01:54:25 2000 From: rich at netlynx.com (Rich Hall) Date: Wed, 28 Jun 2000 23:54:25 -0700 Subject: [pptp-server] Your email message to pptp is INFECTED with a virus Message-ID: <4.3.2.7.2.20000628234124.00b476c0@earth.netlynx.com> Hello Jim, You have the KAK worm virus on your machine. And you have passed it out to the pptp netlist group. What you need to do: Get a good virus program. Then TURN OFF your HTML EMAIL stuff PLEASE as it is the number one transport function in MS OUTLOOK - Secondly NEVER EVER send HTML code in an email to anyone outside of your own network. It is bad manners and as not everyone can accept it nor do many of use want HTML encoded mail (not everyone runs MS based computers) and it is frequently used to transport viruses. Your machine is infected and you have a serious problem right now. Look closely at your last email sent to the list and you will find that this thing has raped your computer and you don't even know it because of the HTML crap hiding the virus. Good luck -Rich From vcolaco at via-net-works.pt Thu Jun 29 05:00:09 2000 From: vcolaco at via-net-works.pt (Vitor =?iso-8859-1?Q?Cola=E7o?=) Date: Thu, 29 Jun 2000 10:00:09 +0000 Subject: [pptp-server] Routing problem (?) Message-ID: <395B1E29.2B842379@via-net-works.pt> Greetings, I'm facing a problem with my two new brand instalations of pptpd. It's running and accepting connections, but this happens: pptp server is 192.168.0.1 network addresses for clients are, for example, 192.168.0.100-150 and I have a program to wich I connect in 192.168.0.2 however, I login to pptp server OK I can ping pptp server pptp server can ping both connected client and 192.168.0.2 pptp client cant connect 192.168.0.2 or any of the other network addresses, except 192.168.0.1 It seems to me routing is messed up somewhere...but damn me if I know TIA -- Vitor Colaco From vcolaco at via-net-works.pt Thu Jun 29 05:20:56 2000 From: vcolaco at via-net-works.pt (Vitor =?iso-8859-1?Q?Cola=E7o?=) Date: Thu, 29 Jun 2000 10:20:56 +0000 Subject: [pptp-server] Routing problem (?) References: <395B1E29.2B842379@via-net-works.pt> Message-ID: <395B2308.524A557D@via-net-works.pt> Vitor Cola?o wrote: > > Greetings, > > I'm facing a problem with my two new brand instalations of pptpd. It's > running and accepting connections, but this happens: > > pptp server is 192.168.0.1 > network addresses for clients are, for example, 192.168.0.100-150 > and I have a program to wich I connect in 192.168.0.2 > > however, > I login to pptp server OK > I can ping pptp server > pptp server can ping both connected client and 192.168.0.2 > pptp client cant connect 192.168.0.2 or any of the other network > addresses, except 192.168.0.1 > > It seems to me routing is messed up somewhere...but damn me if I know Ok...nuttin' like reading mlist archives (yes, I'm lazy) problem was with ipforwarding on the pptp server. Just applied command "echo 1 > /proc/sys/net/ipv4/ip_forward" and it just worked by magik! Thank you for your doubt Brian Aust, and thank you for the solution Scott M. Stone Regards, -- Vitor Colaco From robert.ludvik at zd-lj.si Thu Jun 29 08:23:45 2000 From: robert.ludvik at zd-lj.si (Robert Ludvik) Date: Thu, 29 Jun 2000 15:23:45 +0200 Subject: [pptp-server] ping problem Message-ID: <003401bfe1cd$411f9f80$0ac8a8c0@zdlj.si> hi i tried some scripts for /etc/ppp/ip-up-local but none worked for me. when a client from win98 connect to my machine, he cannot ping any of machines on network. i have set localip=192.168.10.1 and remoteip:192.168.1-5. with ifconfig i can see ppp0 device, both of IPs but there is NOARP? is this a problem. i read something about it, but i didn't get it work. thnx Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: From vcolaco at via-net-works.pt Thu Jun 29 11:31:17 2000 From: vcolaco at via-net-works.pt (Vitor =?iso-8859-1?Q?Cola=E7o?=) Date: Thu, 29 Jun 2000 16:31:17 +0000 Subject: [pptp-server] ping problem References: <003401bfe1cd$411f9f80$0ac8a8c0@zdlj.si> Message-ID: <395B79D4.F6EA7FF4@via-net-works.pt> > Robert Ludvik wrote: > > hi > i tried some scripts for /etc/ppp/ip-up-local but none worked for me. > when a client from win98 connect to my machine, he cannot ping any of > machines on network. i have set localip=192.168.10.1 and > remoteip:192.168.1-5. with ifconfig i can see ppp0 device, both of IPs > but there is NOARP? is this a problem. i read something about it, but > i didn't get it work. > thnx > Robert > Hi check my previous message. It may help you -- Vitor Colaco Departamento Tecnico VIA NET.WORKS Portugal Visite o www.surftrade.pt - Sempre um bom neg?cio! From bob at xciv.org Thu Jun 29 16:54:26 2000 From: bob at xciv.org (Bob Dickel) Date: Thu, 29 Jun 2000 22:54:26 +0100 (BST) Subject: [pptp-server] ppp problem to Altiga VPN Message-ID: I'm having a problem connecting to an Altiga VPN server using the pptp client at http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/ - this is running on Solaris 2.6x86 and also Solaris7x86, can anyone help with this problem? ppp version is 2.3.11 ---------------------- Jun 29 15:52:50 test-unix1 pppd[12430]: Using interface ppp0 Jun 29 15:52:50 test-unix1 pppd[12430]: Connect: ppp0 <--> /dev/ttyp0 Jun 29 15:52:50 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 ] Jun 29 15:52:52 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x1 ] Jun 29 15:52:52 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x1 ] Jun 29 15:52:53 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 ] Jun 29 15:52:54 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x2 ] Jun 29 15:52:54 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x2 ] Jun 29 15:52:56 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 ] Jun 29 15:52:56 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x3 ] Jun 29 15:52:56 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x3 ] Jun 29 15:52:58 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x4 ] Jun 29 15:52:58 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x4 ] Jun 29 15:52:59 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 ] Jun 29 15:53:01 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x5 ] Jun 29 15:53:01 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x5 ] Jun 29 15:53:02 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 ] Jun 29 15:53:03 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x6 ] Jun 29 15:53:03 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x6 ] Jun 29 15:53:05 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 ] Jun 29 15:53:05 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x7 ] Jun 29 15:53:05 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x7 ] Jun 29 15:53:07 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x8 ] Jun 29 15:53:07 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x8 ] Jun 29 15:53:08 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 ] Jun 29 15:53:10 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x9 ] Jun 29 15:53:10 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x9 ] Jun 29 15:53:11 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 ] Jun 29 15:53:12 test-unix1 pppd[12430]: rcvd [LCP TermReq id=0xa] Jun 29 15:53:12 test-unix1 pppd[12430]: sent [LCP TermAck id=0xa] Jun 29 15:53:14 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 ] Jun 29 15:53:14 test-unix1 pppd[12430]: rcvd [LCP TermReq id=0xb] Jun 29 15:53:14 test-unix1 pppd[12430]: sent [LCP TermAck id=0xb] Jun 29 15:53:17 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 ] Jun 29 15:53:20 test-unix1 pppd[12430]: LCP: timeout sending Config-Reque sts Jun 29 15:53:20 test-unix1 pppd[12430]: Connection terminated. From htcengrs at pacbell.net Thu Jun 29 18:45:54 2000 From: htcengrs at pacbell.net (Waleed Alrawi) Date: Thu, 29 Jun 2000 16:45:54 -0700 Subject: [pptp-server] help setting pptp server Message-ID: Hi all I have installed all (I think) required modules to run pptp server on a RH6.2 box. when I try to start the server "pptp -d" I get "CreatHostSocket:Address already in use" and the system pauses. An ideas !!!!!! Thanks PS: the RH box is runnign Web server and ftp server. Reply to:htcengrs at pacbell.net From opjose at ex-pressnet.com Thu Jun 29 21:52:57 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Thu, 29 Jun 2000 22:52:57 -0400 Subject: [pptp-server] help setting pptp server In-Reply-To: Message-ID: Comment out pptp:35:respawn:/usr/sbin/pptpd -f # pptpd-1.0.0-1 in /etc/inittab! -JMS |-----Original Message----- |From: pptp-server-admin at lists.schulte.org |[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Waleed Alrawi |Sent: Thursday, June 29, 2000 7:46 PM |To: pptp-server at lists.schulte.org |Subject: [pptp-server] help setting pptp server | | |Hi all |I have installed all (I think) required modules to run pptp server on a |RH6.2 box. when I try to start the server "pptp -d" I get |"CreatHostSocket:Address already in use" and the system pauses. |An ideas !!!!!! | |Thanks | |PS: the RH box is runnign Web server and ftp server. |Reply to:htcengrs at pacbell.net | |_______________________________________________ |pptp-server maillist - pptp-server at lists.schulte.org |http://lists.schulte.org/mailman/listinfo/pptp-server |List services provided by www.schulteconsulting.com! From opjose at ex-pressnet.com Thu Jun 29 21:54:52 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Thu, 29 Jun 2000 22:54:52 -0400 Subject: [pptp-server] ppp problem to Altiga VPN In-Reply-To: Message-ID: Did you apply the patch? The ppp-2.3.11-openssl-0.9.5-mppe.patch one? This creates the modules (for Linux, don't know about Solaris) that are required for MS-CHAP authentication, without them, you are SOL. -JMS |-----Original Message----- |From: pptp-server-admin at lists.schulte.org |[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Bob Dickel |Sent: Thursday, June 29, 2000 5:54 PM |To: pptp-server at lists.schulte.org |Subject: [pptp-server] ppp problem to Altiga VPN | | | |I'm having a problem connecting to an Altiga VPN server using the |pptp client |at http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/ - this is running |on Solaris 2.6x86 and also Solaris7x86, can anyone help with this problem? |ppp version is 2.3.11 | |---------------------- |Jun 29 15:52:50 test-unix1 pppd[12430]: Using interface ppp0 |Jun 29 15:52:50 test-unix1 pppd[12430]: Connect: ppp0 <--> /dev/ttyp0 |Jun 29 15:52:50 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 | ] |Jun 29 15:52:52 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x1 |] |Jun 29 15:52:52 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x1 |] |Jun 29 15:52:53 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 | ] |Jun 29 15:52:54 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x2 |] |Jun 29 15:52:54 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x2 |] |Jun 29 15:52:56 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 | ] |Jun 29 15:52:56 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x3 |] |Jun 29 15:52:56 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x3 |] |Jun 29 15:52:58 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x4 |] |Jun 29 15:52:58 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x4 |] |Jun 29 15:52:59 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 | ] |Jun 29 15:53:01 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x5 |] |Jun 29 15:53:01 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x5 |] |Jun 29 15:53:02 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 | ] |Jun 29 15:53:03 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x6 |] |Jun 29 15:53:03 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x6 |] |Jun 29 15:53:05 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 | ] |Jun 29 15:53:05 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x7 |] |Jun 29 15:53:05 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x7 |] |Jun 29 15:53:07 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x8 |] |Jun 29 15:53:07 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x8 |] |Jun 29 15:53:08 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 | ] |Jun 29 15:53:10 test-unix1 pppd[12430]: rcvd [LCP ConfReq id=0x9 |] |Jun 29 15:53:10 test-unix1 pppd[12430]: sent [LCP ConfAck id=0x9 |] |Jun 29 15:53:11 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 | ] |Jun 29 15:53:12 test-unix1 pppd[12430]: rcvd [LCP TermReq id=0xa] |Jun 29 15:53:12 test-unix1 pppd[12430]: sent [LCP TermAck id=0xa] |Jun 29 15:53:14 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 | ] |Jun 29 15:53:14 test-unix1 pppd[12430]: rcvd [LCP TermReq id=0xb] |Jun 29 15:53:14 test-unix1 pppd[12430]: sent [LCP TermAck id=0xb] |Jun 29 15:53:17 test-unix1 pppd[12430]: sent [LCP ConfReq id=0x1 | ] |Jun 29 15:53:20 test-unix1 pppd[12430]: LCP: timeout sending Config-Reque |sts |Jun 29 15:53:20 test-unix1 pppd[12430]: Connection terminated. | |_______________________________________________ |pptp-server maillist - pptp-server at lists.schulte.org |http://lists.schulte.org/mailman/listinfo/pptp-server |List services provided by www.schulteconsulting.com! From opjose at ex-pressnet.com Thu Jun 29 21:58:22 2000 From: opjose at ex-pressnet.com (Jose M. Sanchez) Date: Thu, 29 Jun 2000 22:58:22 -0400 Subject: [pptp-server] ping problem In-Reply-To: <003401bfe1cd$411f9f80$0ac8a8c0@zdlj.si> Message-ID: Eh, is "proxyarp" in your options file and have you loaded all the modules? I.E. ip_gre, ip_masq_pptp,ip_masq_ipsec ? Did you direct the debugging output to the syslog and then viewed the results during a connection? -JMS -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Ludvik Sent: Thursday, June 29, 2000 9:24 AM To: pptp maillist Subject: [pptp-server] ping problem hi i tried some scripts for /etc/ppp/ip-up-local but none worked for me. when a client from win98 connect to my machine, he cannot ping any of machines on network. i have set localip=192.168.10.1 and remoteip:192.168.1-5. with ifconfig i can see ppp0 device, both of IPs but there is NOARP? is this a problem. i read something about it, but i didn't get it work. thnx Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: From thomas at laun-online.de Fri Jun 30 01:01:15 2000 From: thomas at laun-online.de (Thomas Laun) Date: Fri, 30 Jun 2000 08:01:15 +0200 Subject: [pptp-server] MPPE for 2.4-pre2 kernel ? Message-ID: <001c01bfe258$99e22f80$8001a8c0@petra> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I would like to use the 2.4 test kernel, but I could not find any MPPE stuff in it. Is a patch already existing for it ? Best regards, Thomas. - ---------------------------------------------------------------------- - ------- Thomas Laun, Frankfurt, Germany Homepage: www.laun-online.de Email: thomas at laun-online.de - ---------------------------------------------------------------------- - ------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use iQA/AwUBOVwpm/cJbJwbbejREQLYYQCfUapN6JORwpKorH4xsEDdkMIP7lMAn1s0 Tdgc0NYT7Yrsr6aLNDzzpPZa =Mkcr -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: From robert.ludvik at zd-lj.si Fri Jun 30 01:11:45 2000 From: robert.ludvik at zd-lj.si (Robert Ludvik) Date: Fri, 30 Jun 2000 08:11:45 +0200 Subject: [pptp-server] help setting pptp server References: Message-ID: <004e01bfe25a$11d0e4e0$0ac8a8c0@zdlj.si> hi you have already running pptpd or something else on port 1723. check this with netstat -an. if you can see it, kill it and try again ----- Original Message ----- From: Waleed Alrawi To: Sent: Friday, June 30, 2000 1:45 AM Subject: [pptp-server] help setting pptp server > Hi all > I have installed all (I think) required modules to run pptp server on a > RH6.2 box. when I try to start the server "pptp -d" I get > "CreatHostSocket:Address already in use" and the system pauses. > An ideas !!!!!! > > Thanks > > PS: the RH box is runnign Web server and ftp server. > Reply to:htcengrs at pacbell.net > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From robert.ludvik at zd-lj.si Fri Jun 30 02:25:49 2000 From: robert.ludvik at zd-lj.si (Robert Ludvik) Date: Fri, 30 Jun 2000 09:25:49 +0200 Subject: [pptp-server] ping problem References: Message-ID: <00a901bfe264$6af4d360$0ac8a8c0@zdlj.si> thnx for answer jap, i have proxyarp in my option file, but i have another problem. i haven't loaded mentioned modules, well, if i try to, ip_gre loads ok, but ip_masq_pptp don't. should it be compiled in kernel somewhere or can i fix it on some diferent way? ----- Original Message ----- From: Jose M. Sanchez To: Robert Ludvik ; pptp maillist Sent: Friday, June 30, 2000 4:58 AM Subject: RE: [pptp-server] ping problem Eh, is "proxyarp" in your options file and have you loaded all the modules? I.E. ip_gre, ip_masq_pptp,ip_masq_ipsec ? Did you direct the debugging output to the syslog and then viewed the results during a connection? -JMS -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Ludvik Sent: Thursday, June 29, 2000 9:24 AM To: pptp maillist Subject: [pptp-server] ping problem hi i tried some scripts for /etc/ppp/ip-up-local but none worked for me. when a client from win98 connect to my machine, he cannot ping any of machines on network. i have set localip=192.168.10.1 and remoteip:192.168.1-5. with ifconfig i can see ppp0 device, both of IPs but there is NOARP? is this a problem. i read something about it, but i didn't get it work. thnx Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: From cduffy at mvista.com Fri Jun 30 11:14:33 2000 From: cduffy at mvista.com (Charles Duffy) Date: Fri, 30 Jun 2000 09:14:33 -0700 Subject: [pptp-server] MPPE for 2.4-pre2 kernel ? In-Reply-To: <001c01bfe258$99e22f80$8001a8c0@petra>; from thomas@laun-online.de on Fri, Jun 30, 2000 at 08:01:15AM +0200 References: <001c01bfe258$99e22f80$8001a8c0@petra> Message-ID: <20000630091433.K695@mvista.com> On Fri, Jun 30, 2000 at 08:01:15AM +0200, Thomas Laun wrote: > Hi, > I would like to use the 2.4 test kernel, but I could not find any > MPPE stuff in it. Is a patch already existing for it ? Yes; I've got my own version. I haven't packaged it up, however. I'll send anyone who asks a patch -- I'd like to have someone else test it before it goes up on the page as official, though. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From georgiev at globalserve.net Fri Jun 30 16:04:36 2000 From: georgiev at globalserve.net (G. Georgiev) Date: Fri, 30 Jun 2000 17:04:36 -0400 (EDT) Subject: [pptp-server] ADSL line pptp client not connecting. Message-ID: Hi, I use to run a pptp connection with MPPE encryption over a standard phone line with ppp protocol and everything works fine, but I got yesterday a dedicated ADSL line and when I try to establish the pptp connection over this ADSL line there is just no response from the other side. I am able to ping the machine to which the connection is supposed to be established, but it does not return the LCP configuration requests. The ADSL line implements ethernet protocol. I run pptp-linux 1.0.2 with some patches, thanks to Tom Eastep for the configuration help! For now I keep both lines - the 33.6k modem only for pptp connection and the ADSL line for everything other. It messes my routing tables and is quite awkward to have to drive an old chevy if you have new Mercedes. Some ideas why theere is no LCP responses from the other side? Thanks, George. /var/log/debug: Jun 30 11:36:54 gate pppd[325]: Timeout 0x80502e0:0x8078220 in 3 seconds. Jun 30 11:36:57 gate pppd[325]: sent [LCP ConfReq id=0x1 ] Jun 30 11:36:57 gate pppd[325]: Timeout 0x80502e0:0x8078220 in 3 seconds. Jun 30 11:37:00 gate pppd[325]: sent [LCP ConfReq id=0x1 ] Jun 30 11:37:00 gate pppd[325]: Timeout 0x80502e0:0x8078220 in 3 seconds. Jun 30 11:37:03 gate pppd[325]: sent [LCP ConfReq id=0x1 ] Jun 30 11:37:03 gate pppd[325]: Timeout 0x80502e0:0x8078220 in 3 seconds. Jun 30 12:59:31 gate (unknown)[323]: log[pptp_conn_close:pptp_ctrl.c:275]: Closing PPTP connection / From awilliam at whitemice.org Fri Jun 30 21:38:43 2000 From: awilliam at whitemice.org (awilliam at whitemice.org) Date: Sat, 01 Jul 2000 02:38:43 GMT Subject: [pptp-server] ADSL line pptp client not connecting. In-Reply-To: References: Message-ID: <20000701.2384300@estate1.whitemice.org> > I use to run a pptp connection with MPPE encryption over a > standard phone line with ppp protocol and everything works fine, but I got > yesterday a dedicated ADSL line and when I try to establish the pptp > connection over this ADSL line there is just no response from the other > side. I am able to ping the machine to which the connection is supposed to > be established, but it does not return the LCP configuration requests. The > ADSL line implements ethernet protocol. > I run pptp-linux 1.0.2 with some patches, thanks to Tom Eastep for > the configuration help! > For now I keep both lines - the 33.6k modem only for pptp > connection and the ADSL line for everything other. It messes my routing > tables and is quite awkward to have to drive an old chevy if you have new > Mercedes. Yep. They installed my ADSL line today, and PPTP stopped working. It does connect and start but then the whole thing dies (ppp has a read error) From dereks at kd-dev.com Fri Jun 30 21:02:56 2000 From: dereks at kd-dev.com (Derek Simkowiak) Date: Fri, 30 Jun 2000 19:02:56 -0700 (PDT) Subject: [pptp-server] ADSL line pptp client not connecting. In-Reply-To: <20000701.2384300@estate1.whitemice.org> Message-ID: -> > yesterday a dedicated ADSL line and when I try to establish the pptp -> > connection over this ADSL line there is just no response from the [...] -> Yep. They installed my ADSL line today, and PPTP stopped working. It -> does connect and start but then the whole thing dies (ppp has a read -> error) Could it be that your ISPs are doing some packet-filtering? Is there *anyone* who was used PoPToP over an ADSL connection successfully? It would be good to know that it _can_ work... --Derek From hshaw at healthcentralrx.com Fri Jun 30 22:19:57 2000 From: hshaw at healthcentralrx.com (Terrelle Shaw) Date: Fri, 30 Jun 2000 20:19:57 -0700 Subject: [pptp-server] ADSL line pptp client not connecting. In-Reply-To: Message-ID: Umm yes it works fine over ADSL ( at least with my pacific bell adsl line). Look in the archives for February detailing configs and steps i got the Linux pptp client to work. Terrelle Shaw -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Derek Simkowiak Sent: Friday, June 30, 2000 7:03 PM To: awilliam at whitemice.org Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] ADSL line pptp client not connecting. -> > yesterday a dedicated ADSL line and when I try to establish the pptp -> > connection over this ADSL line there is just no response from the [...] -> Yep. They installed my ADSL line today, and PPTP stopped working. It -> does connect and start but then the whole thing dies (ppp has a read -> error) Could it be that your ISPs are doing some packet-filtering? Is there *anyone* who was used PoPToP over an ADSL connection successfully? It would be good to know that it _can_ work... --Derek _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com!