From luyer at zip.com.au  Wed Mar  1 18:04:17 2000
From: luyer at zip.com.au (David Luyer)
Date: Wed Mar  1 18:04:17 2000
Subject: [pptp-server] Linux 2.2.15pre12 (fwd)
Message-ID: <200003020003.LAA09830@cactus.zip.net.au>


From kelly at dolphinsearch.com  Wed Mar  1 18:36:02 2000
From: kelly at dolphinsearch.com (Kelly Roestel)
Date: Wed Mar  1 18:36:02 2000
Subject: [pptp-server] netmask for pptpd client
Message-ID: <20000302.345600@crawler.dolphinsearch.com>

How do I change the netmask for the pptpd client.  Ex. When I start my 
pptp client and everything connects with my server I have a address of 
10.0.1.6 with a mask of 255.0.0.0, now I want a mask of 
255.255.255.128.  I have tried to change the pppd options file, with 
no success, I have tried to change /etc/pptpd.conf with a netmask 
statement with the same problem, even tried remotenetmask.  Any help? 

Kelly at dolphinsearch.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000301/0e4d22ac/attachment.html>

From scottven at umich.edu  Thu Mar  2 00:35:45 2000
From: scottven at umich.edu (Scott Venier)
Date: Thu Mar  2 00:35:45 2000
Subject: [pptp-server] client problem
Message-ID: <Pine.GSO.4.21.0003020110020.5817-100000@myke.itd.umich.edu>

Hello.  I'm having a problem with the pptp client.  I'm trying to use it
on a linux machine to connect to a winnt server.  If I use a windows 98
pptp client, I can connect just fine, so I know the route for GRE packets
is good in both directions.

I've pasted in the useful portions of syslog output below.  Using a packet
sniffer, I can confirm that the TCP controll channel gets established
correctly(?) (ethereal shows success in its disection of the TCP packets I
can past that too if you want to see it) and GRE packets are going onto
the wire.

I'm not getting any reply from the pptp server.  pppd complains that it's
LCP requests time out.

I've tried kernel 2.2.5-15 and 2.2.14, pppd version 2.3.10 with the
mschap/mppe patch applied.  I grabbed the rc4 files from SSLeay version
0.6.6b and I'm using pptp-linux-1.0.2.  I've tried just about every
possible combination of putting +chapms, +chapms-v2, mppe-40, mppe-128,
and mppe-stateless on the command line.  My options file just contains
lock and noauth.  I have my nt domain account and password in
/etc/ppp/chap-secrets.  But I don't think it's an auth problem, since I'm
not even getting an LCP Config Reply.

Anyone have any suggestions?

Thanks.

Scott

syslog snippets:
Mar  2 00:50:30 morph (unknown)[916]:
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection
established.
Mar  2 00:50:31 morph (unknown)[916]:
log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. 
Mar  2 00:50:32 morph pppd[919]: pppd 2.3.10 started by root, uid 0
Mar  2 00:51:53 morph kernel: ppp_ioctl: set dbg flags to 70000 
Mar  2 00:51:53 morph kernel: ppp_ioctl: set flags to 70000 
Mar  2 00:50:32 morph pppd[919]: Using interface ppp0
Mar  2 00:50:32 morph pppd[919]: Connect: ppp0 <--> /dev/ttya0
Mar  2 00:51:53 morph kernel: ppp_tty_ioctl: set xasyncmap 
Mar  2 00:51:53 morph kernel: ppp_tty_ioctl: set xmit asyncmap ffffffff 
Mar  2 00:51:53 morph kernel: ppp_ioctl: set flags to 70000 
Mar  2 00:51:53 morph kernel: ppp_ioctl: set mru to 5dc 
Mar  2 00:51:53 morph kernel: ppp_tty_ioctl: set rcv asyncmap ffffffff 
Mar  2 00:50:32 morph pppd[919]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap m$oft> <magic 0xd8f0a24b> <pcomp> <accomp>]
Mar  2 00:50:32 morph pppd[919]: Timeout 0x8050164:0x8077400 in 3 seconds.
***this is repeated 9 more times*****
Mar  2 00:52:23 morph pppd[923]: LCP: timeout sending Config-Requests 
Mar  2 00:52:23 morph pppd[923]: Connection terminated.
Mar  2 00:52:23 morph kernel: ppp: channel ppp0 closing. 
Mar  2 00:52:24 morph pppd[923]: Exit.




From johnny at booksys.com  Thu Mar  2 12:28:40 2000
From: johnny at booksys.com (Johnny L Wales)
Date: Thu Mar  2 12:28:40 2000
Subject: [pptp-server] Help!
Message-ID: <Pine.LNX.4.10.10003021134230.3311-100000@mail.booksys.com>

Here's some logs, I know this won't go through, so I won't explain.
Mar  2 11:34:05 mail pptpd[3307]: CTRL: Client 199.174.132.14 control
connection started
Mar  2 11:34:05 mail pptpd[3307]: CTRL: Starting call (launching pppd,
opening GRE)
Mar  2 11:34:05 mail pppd[3308]: pppd 2.3.11 started by root, uid 0
Mar  2 11:34:05 mail pppd[3308]: Using interface ppp1
Mar  2 11:34:05 mail pppd[3308]: Connect: ppp1 <--> /dev/pts/1
Mar  2 11:34:10 mail pptpd[3307]: CTRL: Error with select(), quitting
Mar  2 11:34:10 mail pptpd[3307]: CTRL: Client 199.174.132.14 control
connection finished
Mar  2 11:34:10 mail pppd[3308]: Modem hangup
Mar  2 11:34:10 mail pppd[3308]: Connection terminated.
Mar  2 11:34:10 mail pppd[3308]: Exit.





From johnny at booksys.com  Thu Mar  2 12:41:47 2000
From: johnny at booksys.com (Johnny L Wales)
Date: Thu Mar  2 12:41:47 2000
Subject: [pptp-server] Configuration Nightmares
Message-ID: <Pine.LNX.4.10.10003021137260.3311-100000@mail.booksys.com>

Hello! I'm having some serious problems getting PoPToP working correctly
on RedHat 6.1 with a Win98 client. Here's the deal: I set up a connection
on the windows machine exactly as specified on the PoPToP web page. I've
checked and rechecked this. Further, I set up the Linux machine running
the pptpd exactly as specified on the web page. Everything is an almost
exact copy of what is recommended. 

When I try to connect from said 98 machine, the logs on the redhat machine
look like this:
Mar  2 11:34:05 mail pptpd[3307]: CTRL: Client 199.174.132.14 control
connection started
Mar  2 11:34:05 mail pptpd[3307]: CTRL: Starting call (launching pppd,
opening GRE)
Mar  2 11:34:05 mail pppd[3308]: pppd 2.3.11 started by root, uid 0
Mar  2 11:34:05 mail pppd[3308]: Using interface ppp1
Mar  2 11:34:05 mail pppd[3308]: Connect: ppp1 <--> /dev/pts/1

At this point, the windows machine throws up an error box saying: "Error
645: The microsoft Dial-up adapter is in use or not responding properly.
Disconnect other connections and then try again. If this problem persists,
shut down and restart your computer." Gotta love that microsoft error
reporting! So helpful! :/ Upon closing this dialog box, the following
stuff shows up on the linux machine's log files:

Mar  2 11:34:10 mail pptpd[3307]: CTRL: Error with select(), quitting
Mar  2 11:34:10 mail pptpd[3307]: CTRL: Client 199.174.132.14 control
connection finished
Mar  2 11:34:10 mail pppd[3308]: Modem hangup
Mar  2 11:34:10 mail pppd[3308]: Connection terminated.
Mar  2 11:34:10 mail pppd[3308]: Exit.

And that, as they say, is pretty much that. I think it's relevant to note
that while the error message claims the "dial-up adapter is in use or not
responding correctly", the VPN Connection is set up to use the VPN adapter
and not the standard dialup adapter.

Another thing to note: The win98 machine is connected via modem to an
outside ISP, rather than already being on the LAN here. 

Any ideas what exactly is wrong here?

--Me

As a further service, here's a few selected config files for you all to
look over: 

/etc/ppp/options:

debug
name mail.booksys.com
auth
require-chap
proxyarp

/etc/pptpd.conf:

speed 115200
localip 192.168.10.1
remoteip 192.168.10.2-200

uname -a:
Linux mail.booksys.com 2.2.12 #6 Mon Oct 4 11:58:20 EDT 1999 i586 unknown

pppd version: pppd version 2.3.11

route -n:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
208.170.114.1   0.0.0.0         255.255.255.255 UH    0      0        0
eth1
208.170.114.0   0.0.0.0         255.255.255.224 U     0      0        0
eth1
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0
eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         208.170.114.30  0.0.0.0         UG    0      0        0
eth1





From tmk at netmagic.net  Thu Mar  2 16:21:14 2000
From: tmk at netmagic.net (tmk)
Date: Thu Mar  2 16:21:14 2000
Subject: [pptp-server] Configuration Nightmares
References: <Pine.LNX.4.10.10003021137260.3311-100000@mail.booksys.com>
Message-ID: <001201bf8495$585ac340$071c0fc0@lala.net>

have you uninstalled/reinstalled vpn and/or dial up networking? do it via
add-remove programs in teh control panel.

that seems to fix most of the problems like you seem to be having
it might be in the faq.. i know lots of people have had the same problem

Kevin
----- Original Message -----
From: Johnny L Wales <johnny at booksys.com>
To: <pptp-server at lists.schulte.org>
Sent: Thursday, March 02, 2000 9:48 AM
Subject: [pptp-server] Configuration Nightmares


> Hello! I'm having some serious problems getting PoPToP working correctly
> on RedHat 6.1 with a Win98 client. Here's the deal: I set up a connection
> on the windows machine exactly as specified on the PoPToP web page. I've
> checked and rechecked this. Further, I set up the Linux machine running
> the pptpd exactly as specified on the web page. Everything is an almost
> exact copy of what is recommended.
>
> When I try to connect from said 98 machine, the logs on the redhat machine
> look like this:
> Mar  2 11:34:05 mail pptpd[3307]: CTRL: Client 199.174.132.14 control
> connection started
> Mar  2 11:34:05 mail pptpd[3307]: CTRL: Starting call (launching pppd,
> opening GRE)
> Mar  2 11:34:05 mail pppd[3308]: pppd 2.3.11 started by root, uid 0
> Mar  2 11:34:05 mail pppd[3308]: Using interface ppp1
> Mar  2 11:34:05 mail pppd[3308]: Connect: ppp1 <--> /dev/pts/1
>
> At this point, the windows machine throws up an error box saying: "Error
> 645: The microsoft Dial-up adapter is in use or not responding properly.
> Disconnect other connections and then try again. If this problem persists,
> shut down and restart your computer." Gotta love that microsoft error
> reporting! So helpful! :/ Upon closing this dialog box, the following
> stuff shows up on the linux machine's log files:
>
> Mar  2 11:34:10 mail pptpd[3307]: CTRL: Error with select(), quitting
> Mar  2 11:34:10 mail pptpd[3307]: CTRL: Client 199.174.132.14 control
> connection finished
> Mar  2 11:34:10 mail pppd[3308]: Modem hangup
> Mar  2 11:34:10 mail pppd[3308]: Connection terminated.
> Mar  2 11:34:10 mail pppd[3308]: Exit.
>
> And that, as they say, is pretty much that. I think it's relevant to note
> that while the error message claims the "dial-up adapter is in use or not
> responding correctly", the VPN Connection is set up to use the VPN adapter
> and not the standard dialup adapter.
>
> Another thing to note: The win98 machine is connected via modem to an
> outside ISP, rather than already being on the LAN here.
>
> Any ideas what exactly is wrong here?
>
> --Me
>
> As a further service, here's a few selected config files for you all to
> look over:
>
> /etc/ppp/options:
>
> debug
> name mail.booksys.com
> auth
> require-chap
> proxyarp
>
> /etc/pptpd.conf:
>
> speed 115200
> localip 192.168.10.1
> remoteip 192.168.10.2-200
>
> uname -a:
> Linux mail.booksys.com 2.2.12 #6 Mon Oct 4 11:58:20 EDT 1999 i586 unknown
>
> pppd version: pppd version 2.3.11
>
> route -n:
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 208.170.114.1   0.0.0.0         255.255.255.255 UH    0      0        0
> eth1
> 208.170.114.0   0.0.0.0         255.255.255.224 U     0      0        0
> eth1
> 192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0
> eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         208.170.114.30  0.0.0.0         UG    0      0        0
> eth1
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From koschate at bigfoot.com  Thu Mar  2 19:51:44 2000
From: koschate at bigfoot.com (Thomas Koschate)
Date: Thu Mar  2 19:51:44 2000
Subject: [pptp-server] The First Step...
Message-ID: <5CA7FD5B7FCA3E9185256897000A2946.0000000000000000>

is driving me crazy!  I've got PoPToP 1.0 set up on a RedHat 6.1 box 
directly connected to the internet.  At this point, I haven't compiled in 
any of the MS-CHAP stuff - it's strictly the PoPToP distribution.  When I 
dial into it from an NT4 laptop using PPTP via an ISP, the laptop connects 
and is assigned a correct IP address according to the pptpd.conf file (i.e. 
on the same subnet as the rest of the private network), but it can't 
communicate with the private network (or even the PoPToP server), and none 
of the other machines can see it.  On the server side, an interface has 
been created and assigned an expected IP address, and a point-to-point 
route is set up. 

There are no obvious error messages in the pptpd.log or messages files, and 
the connection appears willing to remain up as long as I am willing to keep 
it up.  A status message is added to the pptpd.log on a periodic basis that 
seems totally benign, but I can't do a damned thing with the connection. 
I've tried variations in the client settings, including both alllowing the 
server to change the client gateway and not allowing the change, but the 
effect is the same.

Can anyone help me past this hurdle?



From rmorrell at linuxcare.com  Fri Mar  3 05:11:14 2000
From: rmorrell at linuxcare.com (Richard Morrell)
Date: Fri Mar  3 05:11:14 2000
Subject: [pptp-server] Has anyone used PoPToP with SecurID or Radius ?
Message-ID: <00030311120604.00630@linuxcareuk.techservices>

any implementations of authentication using Ace servers, Radius or SecurID out
there in the wild with PoPTop ??

Regards

Richard

 -- 
Richard Morrell, Technical Manager, Linuxcare Europe
+44 118 9880 774 tel, +44 118 9880 289 fax
rmorrell at linuxcare.com, http://www.linuxcare.com
Linuxcare: Support For The Revolution



From neale at lowendale.com.au  Fri Mar  3 06:18:12 2000
From: neale at lowendale.com.au (Neale Banks)
Date: Fri Mar  3 06:18:12 2000
Subject: [pptp-server] Has anyone used PoPToP with SecurID or Radius ?
In-Reply-To: <00030311120604.00630@linuxcareuk.techservices>
Message-ID: <Pine.LNX.4.05.10003032317100.26476-100000@marina.lowendale.com.au>

On Fri, 3 Mar 2000, Richard Morrell wrote:

> any implementations of authentication using Ace servers, Radius or SecurID out
> there in the wild with PoPTop ??

This is not specifically a PoPToP issue, but rather one of pppd
authentication.

Have you considered using PAM-ified pppd, with an appropraite
PAM-module(s)?

Although that could get a little tricky with CHAP (and MS-perversions
thereof) - CHAP requires access to the clear-text of the password, not
just a yay or nay on the validity of the offered username/password (as is
the case with PAP).

Anyone with specific PAM experience/knowledge able to comment further
here?

HTH,
Neale.




From hha at pine.dk  Fri Mar  3 06:28:53 2000
From: hha at pine.dk (Hans-Henrik Andresen)
Date: Fri Mar  3 06:28:53 2000
Subject: [pptp-server] How sure is it ??
Message-ID: <NDBBKCNKBKAIBJJHAMBIIECECAAA.hha@pine.dk>

	Hi,

I had just installed pptpd.rpm and it works ok - but how sure is it ??

/Hans-Henrik Andresen



From teastep at evergo.net  Fri Mar  3 12:04:50 2000
From: teastep at evergo.net (Tom Eastep)
Date: Fri Mar  3 12:04:50 2000
Subject: [pptp-server] client problem
In-Reply-To: <Pine.GSO.4.21.0003020110020.5817-100000@myke.itd.umich.edu>
Message-ID: <Pine.LNX.4.10.10003030959310.23628-100000@wookie.shoreline.tandem.com>

On Thu, 2 Mar 2000, Scott Venier wrote:

> Hello.  I'm having a problem with the pptp client.  I'm trying to use it
> on a linux machine to connect to a winnt server.  If I use a windows 98
> pptp client, I can connect just fine, so I know the route for GRE packets
> is good in both directions.
> 
> I've pasted in the useful portions of syslog output below.  Using a packet
> sniffer, I can confirm that the TCP controll channel gets established
> correctly(?) (ethereal shows success in its disection of the TCP packets I
> can past that too if you want to see it) and GRE packets are going onto
> the wire.
> 
> I'm not getting any reply from the pptp server.  pppd complains that it's
> LCP requests time out.
> 
> I've tried kernel 2.2.5-15 and 2.2.14, pppd version 2.3.10 with the
> mschap/mppe patch applied.  I grabbed the rc4 files from SSLeay version
> 0.6.6b and I'm using pptp-linux-1.0.2.  I've tried just about every
> possible combination of putting +chapms, +chapms-v2, mppe-40, mppe-128,
> and mppe-stateless on the command line.  My options file just contains
> lock and noauth.  I have my nt domain account and password in
> /etc/ppp/chap-secrets.  But I don't think it's an auth problem, since I'm
> not even getting an LCP Config Reply.
> 
> Anyone have any suggestions?
> 

No, but for what it's worth, I'm seeing the same behavior here when I try
to connect to a NT PPTP server at work. In addition to several Linux
boxes, I have NT/W2k and W98 systems here and they connect fine. My Linux
boxes can also connect locally to both the NT and W2k servers but I'm
seeing exactly the same thing in my log that you are when I attempt to
connect to work...

-Tom
-- 
Tom Eastep             \  Eastep's First Principle of Computing:
ICQ #60745924           \  "Any sane computer will tell you how it
teastep at evergo.net       \   works if you ask it the proper questions"
Shoreline, Washington USA ___________________________________________




From barjunk at attglobal.net  Fri Mar  3 12:41:32 2000
From: barjunk at attglobal.net (Michael Barsalou)
Date: Fri Mar  3 12:41:32 2000
Subject: [pptp-server] The First Step
Message-ID: <200003031841.MAA10356@snaildust.schulte.org>

Thomas,

What are the results when you ping another IP address on the 
private network?

Does anyone know if IP forwarding has to be turned on on the NT 
machine for this to work?  I know it has to be turned on at the linux 
box.  On the Linux box do a:

cat /proc/sys/net/ipv4/ip_forward

it should respond with a 1.

if not do:

echo 1 > /proc/sys/net/ipv4/ip_forward

You will have to do this again if you reboot the machine.


Mike


Message: 4
From: Thomas Koschate<koschate at bigfoot.com>
Date: Thu, 2 Mar 2000 20:51:26 -0500
To: pptp-server at lists.schulte.org
Subject: [pptp-server] The First Step...

is driving me crazy!  I've got PoPToP 1.0 set up on a RedHat 6.1 
box 
directly connected to the internet.  At this point, I haven't compiled 
in
any of the MS-CHAP stuff - it's strictly the PoPToP distribution.  
When I
dial into it from an NT4 laptop using PPTP via an ISP, the laptop 
connects
and is assigned a correct IP address according to the pptpd.conf 
file
(i.e. 
on the same subnet as the rest of the private network), but it can't 
communicate with the private network (or even the PoPToP server), 
and none
of the other machines can see it.  On the server side, an interface 
has 
been created and assigned an expected IP address, and a point-to-
point 
route is set up. 

There are no obvious error messages in the pptpd.log or messages 
files,
and 
the connection appears willing to remain up as long as I am willing 
to
keep 
it up.  A status message is added to the pptpd.log on a periodic 
basis
that 
seems totally benign, but I can't do a damned thing with the 
connection.
I've tried variations in the client settings, including both alllowing the
server to change the client gateway and not allowing the change, 
but the
effect is the same.

Can anyone help me past this hurdle?

--__--__--


Michael Barsalou
barjunk at attglobal.net



From alex at softproseinc.com  Fri Mar  3 13:32:51 2000
From: alex at softproseinc.com (Alex Stagg)
Date: Fri Mar  3 13:32:51 2000
Subject: [pptp-server] MS Client Error 645
Message-ID: <000701bf8545$a75582e0$0d01a8c0@boaz.dsm.softproseinc.com>

I'm just working on getting pptp running on our LInux firewall. I'm able to
successfully connect from the (ethernet) network outside our firewall.
But when I try to do the same from a dialup (via two ISPs), the MS client
reports "Error 645: The Microsoft Dial-Up Adapter is in use or not
responding
properly. Disconnect other connections and then try again."

On the firewall/pptp server I see in the logs (for the failure):
Mar  3 13:11:46 leon pptpd[9435]: CTRL: Client 209.234.65.40 control
connection
started
Mar  3 13:11:47 leon pptpd[9435]: CTRL: Starting call (launching pppd,
opening G
RE)
Mar  3 13:11:47 leon pppd[9436]: pppd 2.3.8 started by root, uid 0
Mar  3 13:11:47 leon pppd[9436]: Using interface ppp0
Mar  3 13:11:47 leon pppd[9436]: Connect: ppp0 <--> /dev/ttyp0
Mar  3 13:11:47 leon pppd[9436]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth c
hap 81> <magic 0xbcabdba> <pcomp> <accomp>]
Mar  3 13:11:49 leon pptpd[9435]: CTRL: Error with select(), quitting
Mar  3 13:11:49 leon pptpd[9435]: CTRL: Client 209.234.65.40 control
connection
finished
Mar  3 13:11:49 leon pppd[9436]: Modem hangup
Mar  3 13:11:49 leon pppd[9436]: Connection terminated.
Mar  3 13:11:49 leon pppd[9436]: Exit.

I've tried looking back in the June/July 99 archives, and tried some of the
things without success.

On the firewall, I'm running 2.0.36, ppp 2.3.8, pptpd 0.9.17.
On the client, its W98. Don't know about the DUN level - I may have
a tried installing a new one (dun40.exe) about a year ago.

Any idea if this is a client or server problem, or if it happens if GRE is
being blocked? How can I check if GRE is being blocked or not (or do
the log entries above prove it's not)?

Alex Stagg
SoftProse, Inc.
1776 22nd Street, Suite 100, West Des Moines, IA 50266
Direct: 515-988-4291, Main: 515-221-2220, Fax: 435-514-0727
email: alex at SoftProseInc.com
URL: http://www.softproseinc.com

Engineering Services for Digital TV






From koschate at bigfoot.com  Fri Mar  3 14:16:30 2000
From: koschate at bigfoot.com (Thomas Koschate)
Date: Fri Mar  3 14:16:30 2000
Subject: [pptp-server] The First Step
Message-ID: <99242324C792171785256897006E89D6.0000000000000000>

On 2000-03-03 13:20:00, Michael Barsalou wrote:

>What are the results when you ping another IP address on the 
>private network?


From alex at softproseinc.com  Fri Mar  3 14:27:39 2000
From: alex at softproseinc.com (Alex Stagg)
Date: Fri Mar  3 14:27:39 2000
Subject: [pptp-server] MS Client Error 645
Message-ID: <000d01bf854e$1e3caf20$0d01a8c0@boaz.dsm.softproseinc.com>

Yes, That did it.

Thank You!!!

Alex Stagg
SoftProse, Inc.
1776 22nd Street, Suite 100, West Des Moines, IA 50266
Direct: 515-988-4291, Main: 515-221-2220, Fax: 435-514-0727
email: alex at SoftProseInc.com
URL: http://www.softproseinc.com

Engineering Services for Digital TV


-----Original Message-----
From: Hytham <hytham at reamined.on.ca>
To: Alex Stagg <alex at softproseinc.com>
Date: Friday, March 03, 2000 1:59 PM
Subject: Re: [pptp-server] MS Client Error 645


>Very simple problem....take a look at this article in Microsoft's Knowledge
>Base for more info
>
>Article  Q188141
>
>This error could be caused if the dial up adapter #2 (vpn support) is not
>installed in your network properties dialog box.  All you have to do to
correct
>that problem is to re-install the vpn networking option.
>
>Hytham
>
>Alex Stagg wrote:
>
>> I'm just working on getting pptp running on our LInux firewall. I'm able
to
>> successfully connect from the (ethernet) network outside our firewall.
>> But when I try to do the same from a dialup (via two ISPs), the MS client
>> reports "Error 645: The Microsoft Dial-Up Adapter is in use or not
>> responding
>> properly. Disconnect other connections and then try again."
>>
>> On the firewall/pptp server I see in the logs (for the failure):
>> Mar  3 13:11:46 leon pptpd[9435]: CTRL: Client 209.234.65.40 control
>> connection
>> started
>> Mar  3 13:11:47 leon pptpd[9435]: CTRL: Starting call (launching pppd,
>> opening G
>> RE)
>> Mar  3 13:11:47 leon pppd[9436]: pppd 2.3.8 started by root, uid 0
>> Mar  3 13:11:47 leon pppd[9436]: Using interface ppp0
>> Mar  3 13:11:47 leon pppd[9436]: Connect: ppp0 <--> /dev/ttyp0
>> Mar  3 13:11:47 leon pppd[9436]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
>> <auth c
>> hap 81> <magic 0xbcabdba> <pcomp> <accomp>]
>> Mar  3 13:11:49 leon pptpd[9435]: CTRL: Error with select(), quitting
>> Mar  3 13:11:49 leon pptpd[9435]: CTRL: Client 209.234.65.40 control
>> connection
>> finished
>> Mar  3 13:11:49 leon pppd[9436]: Modem hangup
>> Mar  3 13:11:49 leon pppd[9436]: Connection terminated.
>> Mar  3 13:11:49 leon pppd[9436]: Exit.
>>
>> I've tried looking back in the June/July 99 archives, and tried some of
the
>> things without success.
>>
>> On the firewall, I'm running 2.0.36, ppp 2.3.8, pptpd 0.9.17.
>> On the client, its W98. Don't know about the DUN level - I may have
>> a tried installing a new one (dun40.exe) about a year ago.
>>
>> Any idea if this is a client or server problem, or if it happens if GRE
is
>> being blocked? How can I check if GRE is being blocked or not (or do
>> the log entries above prove it's not)?
>>
>> Alex Stagg
>> SoftProse, Inc.
>> 1776 22nd Street, Suite 100, West Des Moines, IA 50266
>> Direct: 515-988-4291, Main: 515-221-2220, Fax: 435-514-0727
>> email: alex at SoftProseInc.com
>> URL: http://www.softproseinc.com
>>
>> Engineering Services for Digital TV
>>
>> _______________________________________________
>> pptp-server maillist  -  pptp-server at lists.schulte.org
>> http://lists.schulte.org/mailman/listinfo/pptp-server
>> List services provided by www.schulte.org!
>




From avmanguni at comglasco.com  Fri Mar  3 19:01:35 2000
From: avmanguni at comglasco.com (Aristotle Manguni)
Date: Fri Mar  3 19:01:35 2000
Subject: [pptp-server] unsubscribe
Message-ID: <001301bf8575$a5c6cbc0$140101c8@MIS>

how to unsubscribe to the mailing list


Aristotle Manguni

------------------------------------------------------------
Reality is an obstacle to hallucination.
------------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000303/1f84e41e/attachment.html>

From ttsig at mindspring.com  Sat Mar  4 12:28:48 2000
From: ttsig at mindspring.com (Tom Sightler)
Date: Sat Mar  4 12:28:48 2000
Subject: [pptp-server] MPPE Modules on LinuxPPC
Message-ID: <000a01bf8607$2e385500$fe01a8c0@federationspace.org>

Hey guys, I've been trying to setup a PoPToP based PPTP server on a LinuxPPC box and have been unable to get encryption working.  Everything else seems to be fine, as long as I don't enable encrytion on the Client side everything works great, including MS-CHAP authentication, but as soon as I enable encryption, the connection still somes up, but I can't make it vary any traffic, even pings fail.

I've tried both 40 and 128 bit Stateless and non with both Win98 and WinNT clients.  No luck with any.  The ppp_mppe.o modules loads and shows as being in use whenever these connections are up, but the pppd keeps logging messages like the following:

Mar  4 13:12:46 janus pppd[9635]: MPPE 40 bit, non-stateless compression enabled
Mar  4 13:12:47 janus pppd[9635]: Unsupported protocol (0xd0ec) received
Mar  4 13:12:50 janus pppd[9635]: Unsupported protocol (0x9364) received
Mar  4 13:12:50 janus pppd[9635]: Unsupported protocol (0xd213) received

Mar  4 12:10:37 janus pppd[6555]: MPPE 40 bit, stateless compression enabled
Mar  4 12:10:37 janus pppd[6555]: Unsupported protocol (0xbb77) received
Mar  4 12:10:40 janus pppd[6555]: Unsupported protocol (0xea18) received
Mar  4 12:10:40 janus pppd[6555]: Unsupported protocol (0xb08) received
Mar  4 12:10:40 janus pppd[6555]: Unsupported protocol (0xf3b7) received

Could we possibly be seeing a endian problem here?  Does anyone know if there are protions of the ppp_mppe.c code that would need to be enfian aware?  I've seen this several times with other Linux code on PPC (and MIPS) since most code is written for Intel.

Anything else it could be?  I've tried everything I can think of.  I may try the Slirp implementation next.

Later,
Tom

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000304/49adb0bc/attachment.html>

From MJBarsalou at attglobal.net  Sat Mar  4 14:40:21 2000
From: MJBarsalou at attglobal.net (Barsalou)
Date: Sat Mar  4 14:40:21 2000
Subject: [pptp-server] Can't Ping machine
Message-ID: <200003042040.OAA19713@snaildust.schulte.org>

So do I have this right?:

Your NT box is connecting to an ISP via dialup.
Your Linux box is connected to an ISP (maybe the same one?)
You have PoPToP 1.0 running on a RedHat 6.1 server.
The Linux box is connected to several other machines (private network)
The private network is working well.
All boxes on the private network can browse the internet.
The Linux box is doing the authentication for the NT pptp client.
During initial testing you have no firewall.


What does the route table look like on the NT machine after you connect to 
the linux box?

Can you ping the ISP's internet address of the NT machine from the Linux 
box?

The reason I was thinking that you would need forwarding on is because let's 
say the ISP gives you an address like:209.124.23.90

Your private network for example is 192.168.1.0.  The address you get from 
the pptp server is 192.168.1.32

I'm not completely sure about this part, but if you are not forwarding IP 
packets then I don't believe any traffic will flow from the 192 network to the 
209 network, even if you have a route set.  Try turning it on just for the sake 
of the test.

Can anyone validate this?

Good Luck.

Mike



From neil.mccarthy2 at virgin.net  Sun Mar  5 16:20:27 2000
From: neil.mccarthy2 at virgin.net (Neil McCarthy)
Date: Sun Mar  5 16:20:27 2000
Subject: [pptp-server] Has anyone used PoPToP with SecurID or Radius ?
References: <00030311120604.00630@linuxcareuk.techservices>
Message-ID: <001101bf86f0$efbbd280$99ffa8c0@neilcpq>

Yes,

I have PoPToP configured with ACE Server (with the Radius server running on
the ACE box). I am using PAM to authenticate to radius.

The only limitation seems to be that you have to use PAP authentication,
which then disallows you from using MPPE encryption.

Regards

Neil
----- Original Message -----
From: Richard Morrell <rmorrell at linuxcare.com>
To: <pptp-server at lists.schulte.org>
Sent: Friday, March 03, 2000 11:11 AM
Subject: [pptp-server] Has anyone used PoPToP with SecurID or Radius ?


> any implementations of authentication using Ace servers, Radius or SecurID
out
> there in the wild with PoPTop ??
>
> Regards
>
> Richard
>
>  --
> Richard Morrell, Technical Manager, Linuxcare Europe
> +44 118 9880 774 tel, +44 118 9880 289 fax
> rmorrell at linuxcare.com, http://www.linuxcare.com
> Linuxcare: Support For The Revolution
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!




From macleajb at Trademart-1.ednet.ns.ca  Sun Mar  5 16:54:47 2000
From: macleajb at Trademart-1.ednet.ns.ca (James MacLean)
Date: Sun Mar  5 16:54:47 2000
Subject: [pptp-server] Has anyone used PoPToP with SecurID or Radius ?
In-Reply-To: <001101bf86f0$efbbd280$99ffa8c0@neilcpq>
Message-ID: <Pine.LNX.4.10.10003051849400.32644-100000@Trademart-1.ednet.ns.ca>

I began hacking ICradius to do the MSCHAP2 authentication. I had it
basically working with a hacked pppd. It was not pretty and I have not
been back at it lately. I do expect to over the next while.

The problem is that I could not find docs on the standard(tm) way to pass
mschap2 info via radius, so I made my own attribute pairs(again
non-standard) and even then, the ms_chap2 required the password hashed a
certain way, which for me meant storing it either cleartext or in an
Msformat (maybe Unix could have dealt with it but I just went the
clear-text route).

Not sure this info has value, but something to digest anyway :),
JES
--

On Sun, 5 Mar 2000, Neil McCarthy wrote:

> Yes,
> 
> I have PoPToP configured with ACE Server (with the Radius server running on
> the ACE box). I am using PAM to authenticate to radius.
> 
> The only limitation seems to be that you have to use PAP authentication,
> which then disallows you from using MPPE encryption.
> 
> Regards
> 
> Neil
> ----- Original Message -----
> From: Richard Morrell <rmorrell at linuxcare.com>
> To: <pptp-server at lists.schulte.org>
> Sent: Friday, March 03, 2000 11:11 AM
> Subject: [pptp-server] Has anyone used PoPToP with SecurID or Radius ?
> 
> 
> > any implementations of authentication using Ace servers, Radius or SecurID
> out
> > there in the wild with PoPTop ??
> >
> > Regards
> >
> > Richard
> >
> >  --
> > Richard Morrell, Technical Manager, Linuxcare Europe
> > +44 118 9880 774 tel, +44 118 9880 289 fax
> > rmorrell at linuxcare.com, http://www.linuxcare.com
> > Linuxcare: Support For The Revolution
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 

James B. MacLean        macleajb at ednet.ns.ca
Department of Education http://www.ednet.ns.ca/~macleajb
Nova Scotia, Canada
B3M 4B2




From willic2 at mail.auburn.edu  Sun Mar  5 18:37:47 2000
From: willic2 at mail.auburn.edu (Chris Williams)
Date: Sun Mar  5 18:37:47 2000
Subject: [pptp-server] Encryption ONLY??
Message-ID: <Pine.SOL.3.95.1000305183623.24774A-100000@mallard>

Hey, we've got PoPToP running with encryption (finally!).  I just found
out that clients are still able to connect without using encryption.  How
can we force the server to use only encryption?

Thanks,
Chris Williams




From compchat at home.com  Sun Mar  5 18:57:01 2000
From: compchat at home.com (Alan Ross)
Date: Sun Mar  5 18:57:01 2000
Subject: [pptp-server] NT PPTP NB Questions
Message-ID: <000e01bf8706$cb1f4180$8f800818@msnv1.occa.home.com>

Greetings,

I'm a newbee to PPTP and am planning to configure an NT PPTP Server to host
a VPN for our office.  The outside Clients will be Windoze 98.

I have the MS whitepaper and the book Creating and Implementing VPNs.  I am
planning to set up a Windows NT Server Gateway machine networked to our
Windows NT File Server.  The Gateway Machine will have Two Nics.  One
attached to aDSL modem and one attached to LAN. Newbee questions:
1.  Should the Gateway PPTP machine be configured as stand alone with trusts
or as a BDC ?
2.   With this configuration do I have to change the default entry of
0.0.0.0 in the routing table of the LAN side NIC, both nics or neither nic
on the Gateway Machine ?   Also what about the registry hack
"DontAddDefaultGateway" ?  Is it necessary ?
3.  Any additional "hints" which are not documented in the MS White Paper ?

TIA

Alan,
http://compchat.com





From davidmcse at home.com  Sun Mar  5 23:11:42 2000
From: davidmcse at home.com (David MCSE)
Date: Sun Mar  5 23:11:42 2000
Subject: [pptp-server] off topic question
Message-ID: <001601bf872a$5fccd9a0$7a537018@yec1.on.wave.home.com>

I've successfully configured PoPToP and many office members have been using it with full 128-bit encryption for the last couple of months on Win95/98 and NT.  All of my questions in terms of setup, configuration and tweaking were answered by searching the mailing list archives (tip for newbies!)  Thanx!

Now my off-topic question which I'm hoping someone can lead me somewhere to find more info.

I'm using gnu-pop3d for mail.  Is there a web-based interface available for this?  I would like to be able to offer people the ability to check their email via the web, similar to Outlook Web Access for MS Exchange.

Any help would be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000305/00aecca0/attachment.html>

From mspencer at accbiowa.com  Mon Mar  6 00:18:51 2000
From: mspencer at accbiowa.com (Spencer Jr., Michael)
Date: Mon Mar  6 00:18:51 2000
Subject: [pptp-server] The First Step...
Message-ID: <17CCCCF307B3D211B08C0080C84B2362868964@ACCBNT01>

You have to understand IP routing a little better to get tunnel connections
to work properly.  To be honest, I didn't know anything about IP routing and
subnetworking either, until I had to learn quickly to solve a company
problem.  Or in other words, you're not a stupid person, it's just natural
to put off really learning and tinkering with IP routing until you need to.

I'm not saying this because I think you don't know it, I'm saying it for
completion.

An IP network is made up of subnetworks connected by routers and routes.

When you send an IP packet, your stack first figures out whether to just
place it on the wire (because the destination is on the same wire as you
are) or to send it through a router.  It makes this decision by using your
network number (your IP number ANDed with your netmask) and the
destination's IP number (ANDed with your netmask).

If it has to send it through a router, it then has to figure out which
router to use.  For most simple networks and most home dial-up users, there
is one and only one router:  the DEFAULT route's router.  If you don't have
a default route, you can't ever get outside your local network.  If you have
multiple default routes, your traffic will probably alternate which router
it goes through.

In more complicated networks, you have a (non-trivial) routing table.  That
routing table is only used when a packet must be delivered and is not on the
local wire.  The outgoing packet is checked against the destination network
and netmask on each entry in the routing table.  If a match is found, that
route's router is used to send the packet.  If no match is found period, the
default route is used.

For example:  I'm running an internal NT network with addresses on the
192.100.90.0/24 network.  I'll have an external PoPToP user connect to us --
I'll give the user an obscure 10.139.200.0/24 network address.  On the
user's end (with a batch file, for example) he must run ROUTE ADD
192.100.90.0 MASK 255.255.255.0 10.130.200.1 -- this adds another route to
the client's routing table, so his 98 box knows to use the VPN link whenever
it needs to connect into our network.  Other than that, though, his default
route hasn't been changed...he's not going to try to use our VPN router
(PoPToP) to route internet traffic.

So in short, the most elegant solution isn't just adding another default
route, it's adding a route command on the client-side.  If you make your
'localip' in pptpd.conf be a single IP number, you can put that route
command in a batch file.  (Our Director of Food and Beverage is trained to
make his laptop connect to the internet, then double-click the PPTP dial-up
icon, then double-click the VPN ROUTE batch file icon.  It's not hard for
end-users, and they'll jump through considerable hoops to get their email
from off-property.)

The only other problem will be getting traffic from your internal network to
go back through the VPN router box to your remote location.  We give
everyone our linux box as a default route, even boxes that aren't supposed
to connect to the internet or corporate.  You may have to do some
reconfiguring.


I've given help, and now I'd like to request a little.  I don't have any
problems getting a client to connect to our network.  But:  our connections
aren't encrypted, because I can't figure out how to get MS-CHAP encryption
support to work...and I can't figure out how to connect a network to another
network, instead of just a single host to a network.  I'm looking for simple
procedures, not lengthy HOWTO-worthy discussion.  (Remember the doom-ps
documentation?  Get linux, make linux go, get doom, make doom go...that kind
of detail is fine.)  I know I didn't provide any necessary information, but
if someone is interested in helping, let me know and I'll fess up details.

Thanks!

--Michael Spencer Jr.
mjs00 at uswest.net

> -----Original Message-----
> From:	Thomas Koschate [SMTP:koschate at bigfoot.com]
> Sent:	Thursday, March 02, 2000 7:51 PM
> To:	pptp-server at lists.schulte.org
> Subject:	[pptp-server] The First Step...
> 
> is driving me crazy!  I've got PoPToP 1.0 set up on a RedHat 6.1 box 
> directly connected to the internet.  At this point, I haven't compiled in 
> any of the MS-CHAP stuff - it's strictly the PoPToP distribution.  When I 
> dial into it from an NT4 laptop using PPTP via an ISP, the laptop connects
> 
> and is assigned a correct IP address according to the pptpd.conf file
> (i.e. 
> on the same subnet as the rest of the private network), but it can't 
> communicate with the private network (or even the PoPToP server), and none
> 
> of the other machines can see it.  On the server side, an interface has 
> been created and assigned an expected IP address, and a point-to-point 
> route is set up. 
> 
> There are no obvious error messages in the pptpd.log or messages files,
> and 
> the connection appears willing to remain up as long as I am willing to
> keep 
> it up.  A status message is added to the pptpd.log on a periodic basis
> that 
> seems totally benign, but I can't do a damned thing with the connection. 
> I've tried variations in the client settings, including both alllowing the
> 
> server to change the client gateway and not allowing the change, but the 
> effect is the same.
> 
> Can anyone help me past this hurdle?
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!



From cmiller at gruuv.com  Mon Mar  6 01:21:48 2000
From: cmiller at gruuv.com (Chad Miller)
Date: Mon Mar  6 01:21:48 2000
Subject: [pptp-server] off topic question
In-Reply-To: <001601bf872a$5fccd9a0$7a537018@yec1.on.wave.home.com>
Message-ID: <Pine.LNX.4.10.10003060117210.7634-100000@plextor.gruuv.com>

David,

	Check out.. http://www.endymion.com/.  They have both Sakemail,
and Mailman.  Mailman standard is free, as is the pro version (just have
to give them a little more info. to get download access for it).  It's
VERY similar to what you requested.  The other nice thing is, Mailman
standard can simply be tar -zxvf'd, and walla, it works.  Of course there
is "tweaking" you can do to it, as well as graphics/html you will probably 
want to change.  All in all though, it's pretty darn good.  It's all done
in templates too, so easy to modify.  They're giving it away, and it 
works like a champ.  Enjoy!

Chad 

On Mon, 6 Mar 2000, David MCSE wrote:

> I've successfully configured PoPToP and many office members have been using it with full 128-bit encryption for the last couple of months on Win95/98 and NT.  All of my questions in terms of setup, configuration and tweaking were answered by searching the mailing list archives (tip for newbies!)  Thanx!
> 
> Now my off-topic question which I'm hoping someone can lead me somewhere to find more info.
> 
> I'm using gnu-pop3d for mail.  Is there a web-based interface available for this?  I would like to be able to offer people the ability to check their email via the web, similar to Outlook Web Access for MS Exchange.
> 
> Any help would be greatly appreciated.
> 




From hha at pine.dk  Mon Mar  6 05:04:42 2000
From: hha at pine.dk (Hans-Henrik Andresen)
Date: Mon Mar  6 05:04:42 2000
Subject: [pptp-server] How _SE_sure is it ??
In-Reply-To: <NDBBKCNKBKAIBJJHAMBIIECECAAA.hha@pine.dk>
Message-ID: <NDBBKCNKBKAIBJJHAMBIEEDJCAAA.hha@pine.dk>

> 
> 	Hi,
> 
> I had just installed pptpd.rpm and it works ok - but how sure is it ??

HMM - Off cause I ment how SECURE is it ???

/Hans-Henrik Andresen



From vigov at com2com.ru  Mon Mar  6 08:34:46 2000
From: vigov at com2com.ru (Evgeni)
Date: Mon Mar  6 08:34:46 2000
Subject: [pptp-server] label not found
Message-ID: <38C3C34C.364A4DB1@com2com.ru>

Hello evrebody. I've got a follow trouble: i use FBSD 3.4 and decided to
use PoPTop srver ported for BSD.
And i use Win98 as a client,
my pptpd.conf is
----------------------pptpd.conf----------------------------------
localip 192.168.32.20-25
remoteip 192.168.64.20-25
debug
----------------------pptpd.conf----------------------------------

and options file of pppd is
-------------------options---------------------------------------

lock
debug
proxyarp

-------------------options--------------------------------------

and also there's log of pptpd:

Mar  6 19:09:25 yasenevo ppp[1314]: Warning: Label pptp rejected -direct
connect
ion: Configuration label not found
Mar  6 19:09:25 yasenevo pptpd[1313]: GRE:
read(fd=6,buffer=804d000,len=8196) fr
om PTY failed: status = 0 error = No error
Mar  6 19:09:25 yasenevo pptpd[1313]: CTRL: PTY read or GRE write failed
(pty,gr
e)=(6,5)
Mar  6 19:10:23 yasenevo ppp[1330]: Warning: Label pptp rejected -direct
connect
ion: Configuration label not found
Mar  6 19:10:23 yasenevo pptpd[1329]: GRE:
read(fd=6,buffer=804d000,len=8196) fr
om PTY failed: status = 0 error = No error
Mar  6 19:10:23 yasenevo pptpd[1329]: CTRL: PTY read or GRE write failed
(pty,gr
e)=(6,5)
Mar  6 19:10:42 yasenevo ppp[1334]: Warning: Label pptp rejected -direct
connect
ion: Configuration label not found
Mar  6 19:10:42 yasenevo pptpd[1333]: GRE:
read(fd=6,buffer=804d000,len=8196) fr
om PTY failed: status = 0 error = No error
Mar  6 19:10:42 yasenevo pptpd[1333]: CTRL: PTY read or GRE write failed
(pty,gr
e)=(6,5)

Mar  6 19:02:51 yasenevo ppp[1299]: Warning: Label pptp rejected -direct
connect
ion: Configuration label not found
Mar  6 19:09:25 yasenevo ppp[1314]: Warning: Label pptp rejected -direct
connect
ion: Configuration label not found
Mar  6 19:10:23 yasenevo ppp[1330]: Warning: Label pptp rejected -direct
connect
ion: Configuration label not found
Mar  6 19:10:42 yasenevo ppp[1334]: Warning: Label pptp rejected -direct
connect
ion: Configuration label not found

Help me to find i do wrong
Thnax
Eugene





From chris.ellingsen at sympatico.ca  Mon Mar  6 09:52:58 2000
From: chris.ellingsen at sympatico.ca (Chris Ellingsen)
Date: Mon Mar  6 09:52:58 2000
Subject: [pptp-server] label not found
References: <38C3C34C.364A4DB1@com2com.ru>
Message-ID: <01fa01bf8783$eb07dd90$8d17858e@lmc.ericsson.se>

Hi, Privet,

You are using the version of PPTPD compiled for FreeBSD. When being compiled for
FreeBSD there are some changes in the code to support the FreeBSD (user) PPP
instead of the 'normal' linux pppd program that is usually discussed on this
list. The config for the FreeBSD PPP is in /etc/ppp/ppp.conf and when it is
called it is passed the parameters "-direct pptp" for which you need a section
with the heading "pptp" in the config file.

This is all nice in theory, but I have been playing with this under FreeBSD for
some time now, and I haven't managed to get it to work at all. There does not
seem to be any data passed between the PPTPD and the PPP process. I can't even
get it to connect without any encryption at all.

I have also tried the SLIRP that was recommended by someone on this list (Harald
Vogt, http://www.serc.nl/people/vogt/vpn/) and it doesn't compile. This is
unfortunate, as I would have liked to test that solution as well.

If you want to get it working with the linux pppd version, you might have to try
compiling PPTPD without the FreeBSD switches, so it includes the code to talk to
the linux version. I haven't tried this though.

Chris

----- Original Message -----
From: "Evgeni" <vigov at com2com.ru>
To: <pptp-server at lists.schulte.org>
Sent: Monday, March 06, 2000 9:40 AM
Subject: [pptp-server] label not found


> Hello evrebody. I've got a follow trouble: i use FBSD 3.4 and decided to
> use PoPTop srver ported for BSD.
> And i use Win98 as a client,
> my pptpd.conf is
> ----------------------pptpd.conf----------------------------------
> localip 192.168.32.20-25
> remoteip 192.168.64.20-25
> debug
> ----------------------pptpd.conf----------------------------------
>
> and options file of pppd is
> -------------------options---------------------------------------
>
> lock
> debug
> proxyarp
>
> -------------------options--------------------------------------
>
> and also there's log of pptpd:
>
> Mar  6 19:09:25 yasenevo ppp[1314]: Warning: Label pptp rejected -direct
> connect
> ion: Configuration label not found
> Mar  6 19:09:25 yasenevo pptpd[1313]: GRE:
> read(fd=6,buffer=804d000,len=8196) fr
> om PTY failed: status = 0 error = No error
> Mar  6 19:09:25 yasenevo pptpd[1313]: CTRL: PTY read or GRE write failed
> (pty,gr
> e)=(6,5)
> Mar  6 19:10:23 yasenevo ppp[1330]: Warning: Label pptp rejected -direct
> connect
> ion: Configuration label not found
> Mar  6 19:10:23 yasenevo pptpd[1329]: GRE:
> read(fd=6,buffer=804d000,len=8196) fr
> om PTY failed: status = 0 error = No error
> Mar  6 19:10:23 yasenevo pptpd[1329]: CTRL: PTY read or GRE write failed
> (pty,gr
> e)=(6,5)
> Mar  6 19:10:42 yasenevo ppp[1334]: Warning: Label pptp rejected -direct
> connect
> ion: Configuration label not found
> Mar  6 19:10:42 yasenevo pptpd[1333]: GRE:
> read(fd=6,buffer=804d000,len=8196) fr
> om PTY failed: status = 0 error = No error
> Mar  6 19:10:42 yasenevo pptpd[1333]: CTRL: PTY read or GRE write failed
> (pty,gr
> e)=(6,5)
>
> Mar  6 19:02:51 yasenevo ppp[1299]: Warning: Label pptp rejected -direct
> connect
> ion: Configuration label not found
> Mar  6 19:09:25 yasenevo ppp[1314]: Warning: Label pptp rejected -direct
> connect
> ion: Configuration label not found
> Mar  6 19:10:23 yasenevo ppp[1330]: Warning: Label pptp rejected -direct
> connect
> ion: Configuration label not found
> Mar  6 19:10:42 yasenevo ppp[1334]: Warning: Label pptp rejected -direct
> connect
> ion: Configuration label not found
>
> Help me to find i do wrong
> Thnax
> Eugene
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From johnny at booksys.com  Mon Mar  6 11:36:00 2000
From: johnny at booksys.com (Johnny L Wales)
Date: Mon Mar  6 11:36:00 2000
Subject: [pptp-server] Dialup Networking and VPN update
Message-ID: <Pine.LNX.4.10.10003060958130.17680-100000@mail.booksys.com>

Well, after my posting late last week, I got a bunch of very helpful
responses. Thanks to those who responded! However, I'm still having some
problems. I installed vpnupd, and am getting the same errors. Does anyone
know how to find out what version of Dialup Networking I'm using? And are
there any specific instructions on adding a second interface with no phone
number attached to it? And what is this I hear about needing to uninstall
and then reinstall VPN and DUN? 

A couple of people mentioned that this has been solved on the mailing list
at some time in the past, and one of you mentioned a particular knowledge
base article. Unfortunately, microsoft's website is a vile, overly pretty
abomination with very little useful functionality, so I couldn't retrieve
a specific knowledgebase article by number and I was unable to fully
figure out where to download DUN v1.3 or greater. 

Right now, I'm beginning to think that the logical course of action is to
de-install ding-dang near everything and reinstall it using the latest
versions from M$'s website. However, I'm guessing this will be a long and
time consuming task, and would rather avoid it if possible. 

So, to boil it all down, I'd very very very much appriciate any of the
following:

1> URLs to very useful prior postings to this mailing list
2> Specific instructions (with URLs to the software) on updating this
win98 machine
3> Specific setup instruction

If you folks can assist me in getting this thing working, I'll write up a
better Windows 98 installation instruction and hand it over for use at the
PPTP website. 

Thanky!

--me





From eswood at tor.dhs.org  Mon Mar  6 11:53:51 2000
From: eswood at tor.dhs.org (Ed Wood)
Date: Mon Mar  6 11:53:51 2000
Subject: [pptp-server] Inner workings of DNS
Message-ID: <Pine.LNX.4.10.10002291701360.2448-100000@tor.dhs.org>

Hey folks.
  Just looking for details on how DNS for poptop clients works.  I'm
curious to know how a [ping boxname] would know if it's looking on the
name server which is in the tcp/ip settings of the client or in the name
server which is passed to the client from the [ms-dns xx.xx.xx.xx] line in
the /etc/ppp/options files.
  I'd like to have poptop clients be able to see all of the boxes that are
on the same subnet as the VPN server by box name instead of IP. 
  Thanx in advance for any ideas.

Woody




From patrickl at cst.ca  Mon Mar  6 13:36:30 2000
From: patrickl at cst.ca (Patrick LIN)
Date: Mon Mar  6 13:36:30 2000
Subject: [pptp-server] PPPD Auth
Message-ID: <38C408AB.173E2A86@cst.ca>

hi,

I know it is not the goal of this Mailing List
but i want to know if someone know where i can 
have information about a way to patch (or something
else) pppd for make authentification on a mysql server or something
differente of the flat text file "chap-secret"

thanks a lot

patrick



From neale at lowendale.com.au  Mon Mar  6 15:12:33 2000
From: neale at lowendale.com.au (Neale Banks)
Date: Mon Mar  6 15:12:33 2000
Subject: [pptp-server] Dialup Networking and VPN update
In-Reply-To: <Pine.LNX.4.10.10003060958130.17680-100000@mail.booksys.com>
Message-ID: <Pine.LNX.4.05.10003070814050.2482-100000@marina.lowendale.com.au>

On Mon, 6 Mar 2000, Johnny L Wales wrote:

[...]
> A couple of people mentioned that this has been solved on the mailing list
> at some time in the past, and one of you mentioned a particular knowledge
> base article. Unfortunately, microsoft's website is a vile, overly pretty
> abomination with very little useful functionality, so I couldn't retrieve
> a specific knowledgebase article by number and I was unable to fully
> figure out where to download DUN v1.3 or greater. 

It's not-quite-so-painful if you start at http://support.microsoft.com


From sstone at taos.com  Mon Mar  6 15:44:30 2000
From: sstone at taos.com (Scott M. Stone)
Date: Mon Mar  6 15:44:30 2000
Subject: [pptp-server] complex VPN problem (fwd)
Message-ID: <Pine.LNX.4.10.10003061343030.26584-100000@armadillo.wink.com>

I'm hoping that someone on this list can answer this one, cuz it's weird.
It's similar to one of the problems in the FAQ, but in my case, the pptp
server machine and the firewall machine are the SAME BOX... which makes it
a bit different... any help greatly appreciated.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 

---------- Forwarded message ----------
Date: Mon, 6 Mar 2000 08:05:31 -0800 (PST)
From: Scott M. Stone <sstone at taos.com>
To: Taos Network List <network at vtc.teamtaos.com>
Subject: complex VPN problem


OK, this is a bit odd.. I have a Linux box with 2 ethernet cards.  One
card goes directly to my DSL line, with a static IP.  the other card goes
to an 8-port hub which has two other PCs attached to it.

Ok, so the IP masquerading/routing/firewalling/port forwarding seems to
work, all the machines can browse, etc, etc.  I have ipsec on the router
box as well, to connect to my client site for doing email at home through
their notes server, that works great as well.

HOWEVER, I tried to set up a pptp connection last night to a friend of
mine who's using Windows 98.  I installed and configured the linux pptpd
program, and installed PPP.  The pptp connection is established, pppd
starts and assigns IP addresses (I assigned my friend's remote machine an
IP on my private subnet, 192.168.81.0/24, and I'm using proxyarp with
pppd).  Now, pppd is working fine, or so I think.  From my ROUTER machine
(which is 192.168.81.1 (eth1), 63.248.27.129 (eth0), and now
192.168.81.100 (ppp0)), I can see the remote pc (on 192.168.81.101).  The
remote PC can ping ALL of the interfaces on the router, including
192.168.81.1.  HOWEVER, the problem is that the remote PC cannot access
192.168.81.2, which is one of my internal PCs on my 8-port hub.  Nor can
192.168.81.2 access the remote PC.  However, .2 can access the 'net
through that same gateway, and can access the LAN pointed to by ipsec0
without any problems.

What am I doing wrong here?  Should I be assigning ppp0 the same IP
address as eth1 (192.168.81.1?)  I also tried assigning a different subnet
for the ppp interface and then setting up routing -- same results, no
connectivity.

Any help is greatly appreciated... thanks.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 





From aaluosta at cc.helsinki.fi  Mon Mar  6 16:24:51 2000
From: aaluosta at cc.helsinki.fi (Antti A Luostarinen)
Date: Mon Mar  6 16:24:51 2000
Subject: [pptp-server] pptpd GRE/ICMP..ACL troubles - extensive debugging included
Message-ID: <200003062224.AAA22646@myntti.helsinki.fi>

Greetings, Sirs!

Here are my TONS of newbie questions and the problem with pptpd.


My /etc/pptpd.conf
------------------------------------------------------------------
speed 115200
localip 195.148.80.234-235
remoteip 195.148.80.236-237
------------------------------------------------------------------
 ^- I have assigned unused IPs from our main pool for the use of
    pptp VPN connections. I have no clue why you have to give a
    "local ip" PLUS a "remote ip", the IP of the machine I run
    pptpd on is in the same 195.148.80. network. Could I just
    create some bogus IPs such as 192.168.0.* and still have
    working connections towards the Internet?

    Also, what about the speed? We are planning on cable-modem
    connections, 115200 is far too slow for that or is it auto-
    negotiated?


My /etc/ppp/chap-secrets
-------------------------------------------------------------------
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
testuser     *       testtest     *
-------------------------------------------------------------------
 ^- So basically any machine from any IP would be able to connect
    with login testuser and password testtest? Please, someone brief
    me what does that "server" there stand for.. as I have bluntly
    put * there.


My /etc/ppp/options
-------------------------------------------------------------------
debug
name servername
auth
require-chap
proxyarp
-------------------------------------------------------------------
 ^- Hm now should I have name * or something here? I'm just trying
    to get the connection UP with these settings. Worry about other
    things later. I claim I have compiled everything correctly with
    ppp, pptpd and the linux kernel. Oh yeah, I tried the name *
    without any more success than before ;)



And now to the logs, these are a few days old (well as I got really
irritated with the pptp VPN situation I decided to leave it on hold)
...


On windows 98 side:
-------------------------------------------------------------------
02-18-2000 17:58:56.86 - Microsoft Dial Up Adapter log opened.
02-18-2000 17:58:56.86 - Server type is  PPP (Point to Point Protocol).
02-18-2000 17:58:56.86 - FSA : Adding Control Protocol 80fd (CCP) to
control protocol chain.
02-18-2000 17:58:56.86 - FSA : Protocol not bound - skipping control
protocol 803f (NBFCP).
02-18-2000 17:58:56.86 - FSA : Adding Control Protocol 8021 (IPCP) to
control protocol chain.
02-18-2000 17:58:56.86 - FSA : Protocol not bound - skipping control
protocol 802b (IPXCP).
02-18-2000 17:58:56.86 - FSA : Adding Control Protocol c029 (CallbackCP)
to control protocol chain.
02-18-2000 17:58:56.86 - FSA : Encrypted Password required.
02-18-2000 17:58:56.86 - FSA : Encrypted Password required.
02-18-2000 17:58:56.86 - FSA : Adding Control Protocol c223 (CHAP) to
control protocol chain.
02-18-2000 17:58:56.86 - FSA : Adding Control Protocol c021 (LCP) to
control protocol chain.
02-18-2000 17:58:56.86 - LCP : Layer started.
02-18-2000 17:58:56.86 - PPP : Transmitting Control Packet of length: 16
02-18-2000 17:58:56.86 - Data 0000: c0 21 01 01 00 0e 05 06 | .!......
02-18-2000 17:58:56.86 - Data 0008: 0a 6f a4 7f 07 02 08 02 | .o......
02-18-2000 17:58:57.34 - PPP : Received Control Packet of length: 27
02-18-2000 17:58:57.34 - Data 0000: c0 21 01 01 00 19 02 06 | .!.....
02-18-2000 17:58:57.34 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:58:57.34 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:58:57.34 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:58:57.34 - LCP : Received and accepted ACCM of 0.
02-18-2000 17:58:57.34 - LCP : Received and accepted authentication
protocol c223 (CHAP).
02-18-2000 17:58:57.34 - LCP : Received and accepted magic number
fa64690a.
02-18-2000 17:58:57.34 - LCP : Received and accepted protocol field
compression option.
02-18-2000 17:58:57.34 - LCP : Received and accepted address+control
field compression option.
02-18-2000 17:58:57.34 - PPP : Transmitting Control Packet of length: 27
02-18-2000 17:58:57.34 - Data 0000: c0 21 02 01 00 19 02 06 | .!.....
02-18-2000 17:58:57.34 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:58:57.34 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:58:57.34 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:58:59.86 - PPP : Transmitting Control Packet of length: 16
02-18-2000 17:58:59.86 - Data 0000: c0 21 01 02 00 0e 05 06 | .!......
02-18-2000 17:58:59.86 - Data 0008: 0a 6f a4 7f 07 02 08 02 | .o......
02-18-2000 17:59:00.15 - PPP : Received Control Packet of length: 27
02-18-2000 17:59:00.15 - Data 0000: c0 21 01 01 00 19 02 06 | .!.....
02-18-2000 17:59:00.15 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:00.15 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:00.15 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:00.15 - LCP : Received and accepted ACCM of 0.
02-18-2000 17:59:00.15 - LCP : Received and accepted authentication
protocol c223 (CHAP).
02-18-2000 17:59:00.15 - LCP : Received and accepted magic number
fa64690a.
02-18-2000 17:59:00.15 - LCP : Received and accepted protocol field
compression option.
02-18-2000 17:59:00.15 - LCP : Received and accepted address+control
field compression option.
02-18-2000 17:59:00.15 - PPP : Transmitting Control Packet of length: 27
02-18-2000 17:59:00.15 - Data 0000: c0 21 02 01 00 19 02 06 | .!.....
02-18-2000 17:59:00.15 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:00.15 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:00.15 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:02.86 - PPP : Transmitting Control Packet of length: 16
02-18-2000 17:59:02.86 - Data 0000: c0 21 01 03 00 0e 05 06 | .!......
02-18-2000 17:59:02.86 - Data 0008: 0a 6f a4 7f 07 02 08 02 | .o......
02-18-2000 17:59:03.16 - PPP : Received Control Packet of length: 27
02-18-2000 17:59:03.16 - Data 0000: c0 21 01 01 00 19 02 06 | .!.....
02-18-2000 17:59:03.16 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:03.16 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:03.16 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:03.16 - LCP : Received and accepted ACCM of 0.
02-18-2000 17:59:03.16 - LCP : Received and accepted authentication
protocol c223 (CHAP).
02-18-2000 17:59:03.16 - LCP : Received and accepted magic number
fa64690a.
02-18-2000 17:59:03.16 - LCP : Received and accepted protocol field
compression option.
02-18-2000 17:59:03.16 - LCP : Received and accepted address+control
field compression option.
02-18-2000 17:59:03.16 - PPP : Transmitting Control Packet of length: 27
02-18-2000 17:59:03.16 - Data 0000: c0 21 02 01 00 19 02 06 | .!.....
02-18-2000 17:59:03.16 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:03.16 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:03.16 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:05.86 - PPP : Transmitting Control Packet of length: 16
02-18-2000 17:59:05.86 - Data 0000: c0 21 01 04 00 0e 05 06 | .!......
02-18-2000 17:59:05.86 - Data 0008: 0a 6f a4 7f 07 02 08 02 | .o......
02-18-2000 17:59:06.16 - PPP : Received Control Packet of length: 27
02-18-2000 17:59:06.16 - Data 0000: c0 21 01 01 00 19 02 06 | .!.....
02-18-2000 17:59:06.16 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:06.16 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:06.16 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:06.16 - LCP : Received and accepted ACCM of 0.
02-18-2000 17:59:06.16 - LCP : Received and accepted authentication
protocol c223 (CHAP).
02-18-2000 17:59:06.16 - LCP : Received and accepted magic number
fa64690a.
02-18-2000 17:59:06.16 - LCP : Received and accepted protocol field
compression option.
02-18-2000 17:59:06.16 - LCP : Received and accepted address+control
field compression option.
02-18-2000 17:59:06.16 - PPP : Transmitting Control Packet of length: 27
02-18-2000 17:59:06.16 - Data 0000: c0 21 02 01 00 19 02 06 | .!.....
02-18-2000 17:59:06.16 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:06.16 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:06.16 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:08.86 - PPP : Transmitting Control Packet of length: 16
02-18-2000 17:59:08.86 - Data 0000: c0 21 01 05 00 0e 05 06 | .!......
02-18-2000 17:59:08.86 - Data 0008: 0a 6f a4 7f 07 02 08 02 | .o......
02-18-2000 17:59:09.18 - PPP : Received Control Packet of length: 27
02-18-2000 17:59:09.18 - Data 0000: c0 21 01 01 00 19 02 06 | .!.....
02-18-2000 17:59:09.18 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:09.18 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:09.18 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:09.18 - LCP : Received and accepted ACCM of 0.
02-18-2000 17:59:09.18 - LCP : Received and accepted authentication
protocol c223 (CHAP).
02-18-2000 17:59:09.18 - LCP : Received and accepted magic number
fa64690a.
02-18-2000 17:59:09.18 - LCP : Received and accepted protocol field
compression option.
02-18-2000 17:59:09.18 - LCP : Received and accepted address+control
field compression option.
02-18-2000 17:59:09.18 - PPP : Transmitting Control Packet of length: 27
02-18-2000 17:59:09.18 - Data 0000: c0 21 02 01 00 19 02 06 | .!.....
02-18-2000 17:59:09.18 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:09.18 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:09.18 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:11.86 - PPP : Transmitting Control Packet of length: 16
02-18-2000 17:59:11.86 - Data 0000: c0 21 01 06 00 0e 05 06 | .!......
02-18-2000 17:59:11.86 - Data 0008: 0a 6f a4 7f 07 02 08 02 | .o......
02-18-2000 17:59:12.19 - PPP : Received Control Packet of length: 27
02-18-2000 17:59:12.19 - Data 0000: c0 21 01 01 00 19 02 06 | .!.....
02-18-2000 17:59:12.19 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:12.19 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:12.19 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:12.19 - LCP : Received and accepted ACCM of 0.
02-18-2000 17:59:12.19 - LCP : Received and accepted authentication
protocol c223 (CHAP).
02-18-2000 17:59:12.19 - LCP : Received and accepted magic number
fa64690a.
02-18-2000 17:59:12.19 - LCP : Received and accepted protocol field
compression option.
02-18-2000 17:59:12.19 - LCP : Received and accepted address+control
field compression option.
02-18-2000 17:59:12.19 - PPP : Transmitting Control Packet of length: 27
02-18-2000 17:59:12.19 - Data 0000: c0 21 02 01 00 19 02 06 | .!.....
02-18-2000 17:59:12.19 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:12.19 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:12.19 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:14.85 - PPP : Transmitting Control Packet of length: 16
02-18-2000 17:59:14.85 - Data 0000: c0 21 01 07 00 0e 05 06 | .!......
02-18-2000 17:59:14.85 - Data 0008: 0a 6f a4 7f 07 02 08 02 | .o......
02-18-2000 17:59:15.20 - PPP : Received Control Packet of length: 27
02-18-2000 17:59:15.20 - Data 0000: c0 21 01 01 00 19 02 06 | .!.....
02-18-2000 17:59:15.20 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:15.20 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:15.20 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:15.20 - LCP : Received and accepted ACCM of 0.
02-18-2000 17:59:15.20 - LCP : Received and accepted authentication
protocol c223 (CHAP).
02-18-2000 17:59:15.20 - LCP : Received and accepted magic number
fa64690a.
02-18-2000 17:59:15.20 - LCP : Received and accepted protocol field
compression option.
02-18-2000 17:59:15.20 - LCP : Received and accepted address+control
field compression option.
02-18-2000 17:59:15.20 - PPP : Transmitting Control Packet of length: 27
02-18-2000 17:59:15.20 - Data 0000: c0 21 02 01 00 19 02 06 | .!.....
02-18-2000 17:59:15.20 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:15.20 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:15.20 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:17.85 - PPP : Transmitting Control Packet of length: 16
02-18-2000 17:59:17.85 - Data 0000: c0 21 01 08 00 0e 05 06 | .!......
02-18-2000 17:59:17.85 - Data 0008: 0a 6f a4 7f 07 02 08 02 | .o......
02-18-2000 17:59:18.20 - PPP : Received Control Packet of length: 27
02-18-2000 17:59:18.20 - Data 0000: c0 21 01 01 00 19 02 06 | .!.....
02-18-2000 17:59:18.20 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:18.20 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:18.20 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:18.20 - LCP : Received and accepted ACCM of 0.
02-18-2000 17:59:18.20 - LCP : Received and accepted authentication
protocol c223 (CHAP).
02-18-2000 17:59:18.20 - LCP : Received and accepted magic number
fa64690a.
02-18-2000 17:59:18.20 - LCP : Received and accepted protocol field
compression option.
02-18-2000 17:59:18.20 - LCP : Received and accepted address+control
field compression option.
02-18-2000 17:59:18.20 - PPP : Transmitting Control Packet of length: 27
02-18-2000 17:59:18.20 - Data 0000: c0 21 02 01 00 19 02 06 | .!.....
02-18-2000 17:59:18.20 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:18.20 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:18.20 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:20.86 - PPP : Transmitting Control Packet of length: 16
02-18-2000 17:59:20.86 - Data 0000: c0 21 01 09 00 0e 05 06 | .!......
02-18-2000 17:59:20.86 - Data 0008: 0a 6f a4 7f 07 02 08 02 | .o......
02-18-2000 17:59:21.22 - PPP : Received Control Packet of length: 27
02-18-2000 17:59:21.22 - Data 0000: c0 21 01 01 00 19 02 06 | .!.....
02-18-2000 17:59:21.22 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:21.22 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:21.22 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:24.23 - PPP : Received Control Packet of length: 27
02-18-2000 17:59:24.23 - Data 0000: c0 21 01 01 00 19 02 06 | .!.....
02-18-2000 17:59:24.23 - Data 0008: 00 00 00 00 03 05 c2 23 | .......#
02-18-2000 17:59:24.23 - Data 0010: 05 05 06 fa 64 69 0a 07 | ....di..
02-18-2000 17:59:24.23 - Data 0018: 02 08 02 00 00 00 00 00 | ........
02-18-2000 17:59:24.36 - LCP : Layer finished.
02-18-2000 17:59:24.37 - Remote access driver is shutting down.
02-18-2000 17:59:24.37 - CRC Errors             0
02-18-2000 17:59:24.37 - Timeout Errors         0
02-18-2000 17:59:24.37 - Alignment Errors       0
02-18-2000 17:59:24.37 - Overrun Errors         0
02-18-2000 17:59:24.37 - Framing Errors         0
02-18-2000 17:59:24.37 - Buffer Overrun Errors  0
02-18-2000 17:59:24.37 - Incomplete Packets     0
02-18-2000 17:59:24.37 - Bytes Received         290
02-18-2000 17:59:24.37 - Bytes Transmittted     376
02-18-2000 17:59:24.37 - Frames Received        10
02-18-2000 17:59:24.37 - Frames Transmitted     16
02-18-2000 17:59:24.37 - LCP : Layer started.
02-18-2000 17:59:24.37 - Microsoft Dial Up Adapter log closed.
-------------------------------------------------------------------


On Linux side:  (the clock was wrong on this machine :))
-------------------------------------------------------------------
Feb 18 18:52:08 www pptpd[15816]: MGR: Launching
/usr/local/sbin/pptpctrl to handle client
Feb 18 18:52:08 www pptpd[15816]: CTRL: local address = 195.148.80.235
Feb 18 18:52:08 www pptpd[15816]: CTRL: remote address = 195.148.80.238
Feb 18 18:52:08 www pptpd[15816]: CTRL: pppd speed = 115200
Feb 18 18:52:08 www pptpd[15816]: CTRL: Client 212.90.78.176 control
connection started
Feb 18 18:52:08 www pptpd[15816]: CTRL: Received PPTP Control Message
(type: 1)
Feb 18 18:52:08 www pptpd[15816]: CTRL: Made a START CTRL CONN RPLY
packet
Feb 18 18:52:08 www pptpd[15816]: CTRL: I wrote 156 bytes to the client.
Feb 18 18:52:08 www pptpd[15816]: CTRL: Sent packet to client
Feb 18 18:52:08 www pptpd[15816]: CTRL: Received PPTP Control Message
(type: 7)
Feb 18 18:52:08 www pptpd[15816]: CTRL: Set parameters to 0 maxbps, 16
window size
Feb 18 18:52:08 www pptpd[15816]: CTRL: Made a OUT CALL RPLY packet
Feb 18 18:52:08 www pptpd[15816]: CTRL: Starting call (launching pppd,
opening GRE)
Feb 18 18:52:08 www pptpd[15816]: CTRL: pty_fd = 4
Feb 18 18:52:08 www pptpd[15816]: CTRL: tty_fd = 5
Feb 18 18:52:08 www pptpd[15816]: CTRL: I wrote 32 bytes to the client.
Feb 18 18:52:08 www pptpd[15816]: CTRL: Sent packet to client
Feb 18 18:52:08 www pptpd[15817]: CTRL (PPPD Launcher): Connection speed
= 115200
Feb 18 18:52:08 www pptpd[15817]: CTRL (PPPD Launcher): local address =
195.148.80.235
Feb 18 18:52:08 www pptpd[15817]: CTRL (PPPD Launcher): remote address =
195.148.80.238
Feb 18 18:52:36 www pptpd[15816]: CTRL: Received PPTP Control Message
(type: 12)
Feb 18 18:52:36 www pptpd[15808]: MGR: Reaped child 15816
Feb 18 18:52:36 www pptpd[15816]: CTRL: Made a CALL DISCONNECT RPLY
packet
Feb 18 18:52:36 www pptpd[15816]: CTRL: Received CALL CLR request
(closing call)
Feb 18 18:52:36 www pptpd[15816]: CTRL: I wrote 148 bytes to the client.
Feb 18 18:52:36 www pptpd[15816]: CTRL: Sent packet to client
Feb 18 18:52:36 www pptpd[15816]: CTRL: Error with select(), quitting
Feb 18 18:52:36 www pptpd[15816]: CTRL: Client 212.90.78.176 control
connection finished
Feb 18 18:52:36 www pptpd[15816]: CTRL: Exiting now
-------------------------------------------------------------------


Taken actions :
***************
Ok, what I also have done is requested the port 1723 open on the
machine that I have /usr/local/sbin/pptpd -d running on. It is
open.

I also asked our guy responsible for the Cisco routers to put the
following lines into the access-lists: (he did)
-------------------------------------------------------------------
inbound acl to network with PPTP server:
access-list 100 permit gre any host 195.148.80.239

outbound acl from network with PPTP server:
access-list 101 permit gre host 195.138.80.239 any
-------------------------------------------------------------------
(these were kindly provided by David Luyer from this mailing list in
an earlier thread..)


As I try to connect I have the following options in Windows 98's
Dial-Up networking properties' (the icon):
-------------------------------------------------------------------
[X] Enable software compression
[X] Require encrypted password
[X] TCP/IP
     *server assigned ip address
     *server assigned name server addresses

I have turned use IP header compression and the default Gateway
settings off.
-------------------------------------------------------------------


What I also did is used NetXRay on my Win98SE box to see what was
going on while I was trying to connect.

Sadly NetXRay saves logs in an own format and doesn't seem to
support cut&paste.. But basically it says:
-------------------------------------------------------------------
Layer|Summary
-------------------------------------------------------------------
PPTP  Start-Control-Connection-Reply, Result=Successful Channel
Establishment
PPTP  Outgoing-Call-Request, Bearer=Call can be Placed on Any Type of
Channel
PPTP  Outgoing-Call-Reply, Result=Connected
LCP   Code=Configure Request,ID=0x01
ICMP  Type=Destination Unreachable,Code=Reserved
TCP   1027->PPTP,S=115479,A=1573303344,W=8572
LCP   Code=Configure Request,ID=0x01
LCP   Code=Configure Ack,ID=0x01
GREV2 cID=0x0000,pLen=0,Ack=0
LCP   Code=Configure Request,ID=0x02
ICMP  Type=Destination Unreachable,Code=Reserved
...etcetcetc.. runs over that Destination Unreachable several times.
-------------------------------------------------------------------
 ^- So WHAT is not getting through? Ideas how to go on checking on
    this? I heard there was a *nix based GRE traceroute but I cannot
    find it on the PoPToP site.


I hope this was extensive enough,


Antti
-- 
--axu at bat.org . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . Antti Aleksi Luostarinen a.k.a. Amarth Shadowstring of BatMUD . . .
. . . . . . . . . phone: +358 40 7306292 or 040-7306292 . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . antti.luostarinen at helsinki.fi--



From chris.ellingsen at sympatico.ca  Mon Mar  6 22:42:50 2000
From: chris.ellingsen at sympatico.ca (Chris Ellingsen)
Date: Mon Mar  6 22:42:50 2000
Subject: [pptp-server] complex VPN problem (fwd)
References: <Pine.LNX.4.10.10003061343030.26584-100000@armadillo.wink.com>
Message-ID: <00e301bf87ef$6c9f83b0$8d17858e@lmc.ericsson.se>

Hi,

Seems to me like your linux box is not forwarding packets between the local
subnet and the remote machine. You should check out the route tables to make
sure that all the correct routes are added. For example, you would need to
enable the 'use default gateway on remote' (or whatever the exact words are) in
your network settings on the Windows PC. You also do not really need a third
address on the Linux box, it should use the .1 address for the local end, so the
proxy arp will actually take care of  things. Also, ensure that packet
forwarding is enabled on the Linux box, and none of the firewall rules you may
have in place are blocking the packets... Since those are both 'inside'
interfaces, anything should be allowed to pass through from the remote to the
local net.

Hope this helps...
Chris

----- Original Message -----
From: "Scott M. Stone" <sstone at taos.com>
To: "PPTP Mailing List" <pptp-server at lists.schulte.org>
Sent: Monday, March 06, 2000 4:43 PM
Subject: [pptp-server] complex VPN problem (fwd)


>
> I'm hoping that someone on this list can answer this one, cuz it's weird.
> It's similar to one of the problems in the FAQ, but in my case, the pptp
> server machine and the firewall machine are the SAME BOX... which makes it
> a bit different... any help greatly appreciated.
>
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company
>
> ---------- Forwarded message ----------
> Date: Mon, 6 Mar 2000 08:05:31 -0800 (PST)
> From: Scott M. Stone <sstone at taos.com>
> To: Taos Network List <network at vtc.teamtaos.com>
> Subject: complex VPN problem
>
>
> OK, this is a bit odd.. I have a Linux box with 2 ethernet cards.  One
> card goes directly to my DSL line, with a static IP.  the other card goes
> to an 8-port hub which has two other PCs attached to it.
>
> Ok, so the IP masquerading/routing/firewalling/port forwarding seems to
> work, all the machines can browse, etc, etc.  I have ipsec on the router
> box as well, to connect to my client site for doing email at home through
> their notes server, that works great as well.
>
> HOWEVER, I tried to set up a pptp connection last night to a friend of
> mine who's using Windows 98.  I installed and configured the linux pptpd
> program, and installed PPP.  The pptp connection is established, pppd
> starts and assigns IP addresses (I assigned my friend's remote machine an
> IP on my private subnet, 192.168.81.0/24, and I'm using proxyarp with
> pppd).  Now, pppd is working fine, or so I think.  From my ROUTER machine
> (which is 192.168.81.1 (eth1), 63.248.27.129 (eth0), and now
> 192.168.81.100 (ppp0)), I can see the remote pc (on 192.168.81.101).  The
> remote PC can ping ALL of the interfaces on the router, including
> 192.168.81.1.  HOWEVER, the problem is that the remote PC cannot access
> 192.168.81.2, which is one of my internal PCs on my 8-port hub.  Nor can
> 192.168.81.2 access the remote PC.  However, .2 can access the 'net
> through that same gateway, and can access the LAN pointed to by ipsec0
> without any problems.
>
> What am I doing wrong here?  Should I be assigning ppp0 the same IP
> address as eth1 (192.168.81.1?)  I also tried assigning a different subnet
> for the ppp interface and then setting up routing -- same results, no
> connectivity.
>
> Any help is greatly appreciated... thanks.
>
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From barjunk at attglobal.net  Mon Mar  6 23:02:49 2000
From: barjunk at attglobal.net (Barsalou)
Date: Mon Mar  6 23:02:49 2000
Subject: [pptp-server] Where to get DUN
Message-ID: <200003070502.XAA09605@snaildust.schulte.org>

In addtition to this information, look here:

http://www.moretonbay.com/vpn/help.html

There are some word documents that have information on how to setup windows 
clients (with pictures!).

Here is some info that should be helpful.

5.0 Windows Client Setup
------------------------ 
Note that the Win95 routine is similar but requires Dial Up Networking Update 
1.3 and both the Win95 and Win98 need the vpnupdate (free from Microsoft) to 
be installed first. Try here for the DUN1.3 and the vpnupdate: 
Windows 95 
http://www.microsoft.com/windows95/downloads 
Windows 98 
http://www.microsoft.com/windows98/downloads/corporate.asp 
1a. For Win95 machines install the DUN 1.3. 
1b. For Win98 machines use the add-remove programs tool to uninstall the VPN 
software. Some of the OEM's don't install this properly. Re-Install it using the 
add-remove programs tool. Go to windows setup (tab) select communications 
and press the details button. Scroll down and check the VPN support. 
2. Install the vpupdate for your particular machine (win95/98 not 98SE). take a 
little nap here... Once your Machine is back 
1.go to dial-up networking (usually start-programs-Accessories-communications-
Dial-up Networking) YMMV 
2.Click make new connection 
3.Name the Connection whatever you'd like. 
4.Select Microsoft VPN adapter as the device 
5.click next 
6.type in the ip address or hostname of your pptp server 
7.click next 
8.click finish 
9.Right-click on the intranet icon 
10.select properties 
11.choose server types 
12.check require encrypted password 
13.uncheck netbeui, ipx/spx compatible 
14.click tcp/ip settings 
15.turn off use IP header compression (May not be necessary) 
16.turn off use default gw on remote network 
17.click ok. 
18.start that connection 
19.type in your username and pw (yadda, yadda, yadda) 
20.once it finishes its connection your up. 






From bill at cerebro.dhs.org  Tue Mar  7 09:53:01 2000
From: bill at cerebro.dhs.org (Bill Yosmanovich)
Date: Tue Mar  7 09:53:01 2000
Subject: [pptp-server] pptp-server? 40-bit? 128-bit Data Encryption
In-Reply-To: <200003062224.AAA22646@myntti.helsinki.fi>
Message-ID: <Pine.LNX.4.10.10003071057110.25318-100000@cerebro.dhs.org>

Hey, I have a question regarding the encryption portion of pptpd. I made
all the patches to the pppd to get the server up to par encryption-wise
and I have enabled data encryption on my clients. My problem is that when
they connect, the encryption level is only 40-bit! I edited the
/etc/ppp/options file to only allow 128 bit encryption and I don't get
connected. I have Windoze 98 SE boxes with the 128 bit encryption patch.
Does anyone have any insight?
Thanks
Bill




From aaluosta at cc.helsinki.fi  Tue Mar  7 09:58:11 2000
From: aaluosta at cc.helsinki.fi (Antti A Luostarinen)
Date: Tue Mar  7 09:58:11 2000
Subject: [pptp-server] PPTP VPN up, but how to forward all traffic through the VPN?
Message-ID: <200003071558.RAA21627@myntti.helsinki.fi>

Ok, I have successfully created the PPTP VPN (guys, the GRE didn't go
through, there was a little fumble in the router access-lists :)) but
now my problem is the following..


What I want:

I'm on a cable-modem. I want to tunnel all traffic through the VPN to
the pptpd (I mean ALL traffic that happens after I have made the
connection) and onwards to the Internet. (Why: where the pptpd resides,
I have much better routes to the World than which my cable-modem
operator has.)

How do I do this? If I mark "use default gateway" on the TCP/IP
properties of the connection icon, it seems to try to use my PPTP VPN
but I get nothing through.. In the FAQ/HOWTO's ppl are suggesting to
turn it off..

If I turn it off, my routes are whatever my cable-modem ISP routes are
regardless if the VPN connection was made or not.



Antti

-- 
--axu at bat.org . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . Antti Aleksi Luostarinen a.k.a. Amarth Shadowstring of BatMUD . . .
. . . . . . . . . phone: +358 40 7306292 or 040-7306292 . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . antti.luostarinen at helsinki.fi--



From sstone at taos.com  Tue Mar  7 10:10:29 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 10:10:29 2000
Subject: [pptp-server] complex VPN problem (fwd)
In-Reply-To: <00e301bf87ef$6c9f83b0$8d17858e@lmc.ericsson.se>
Message-ID: <Pine.LNX.4.10.10003070809020.26584-100000@armadillo.wink.com>

On Mon, 6 Mar 2000, Chris Ellingsen wrote:

> Hi,
> 
> Seems to me like your linux box is not forwarding packets between the local
> subnet and the remote machine. You should check out the route tables to make
> sure that all the correct routes are added. For example, you would need to
> enable the 'use default gateway on remote' (or whatever the exact words are) in
> your network settings on the Windows PC. You also do not really need a third
> address on the Linux box, it should use the .1 address for the local end, so the
> proxy arp will actually take care of  things. Also, ensure that packet
> forwarding is enabled on the Linux box, and none of the firewall rules you may
> have in place are blocking the packets... Since those are both 'inside'
> interfaces, anything should be allowed to pass through from the remote to the
> local net.
> 
> Hope this helps...

Turns out it was just ipchains not forwarding the packets... the
forwarding chain was defaulting to 'DENY', so I had to add a couple of
rules.. thanks for everyones' suggestions, though :)

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From sstone at taos.com  Tue Mar  7 10:17:53 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 10:17:53 2000
Subject: [pptp-server] PPTP VPN up, but how to forward all traffic through
 the VPN?
In-Reply-To: <200003071558.RAA21627@myntti.helsinki.fi>
Message-ID: <Pine.LNX.4.10.10003070815170.26584-100000@armadillo.wink.com>

On Tue, 7 Mar 2000, Antti A Luostarinen wrote:

> Ok, I have successfully created the PPTP VPN (guys, the GRE didn't go
> through, there was a little fumble in the router access-lists :)) but
> now my problem is the following..
> 
> 
> What I want:
> 
> I'm on a cable-modem. I want to tunnel all traffic through the VPN to
> the pptpd (I mean ALL traffic that happens after I have made the
> connection) and onwards to the Internet. (Why: where the pptpd resides,
> I have much better routes to the World than which my cable-modem
> operator has.)
> 
> How do I do this? If I mark "use default gateway" on the TCP/IP
> properties of the connection icon, it seems to try to use my PPTP VPN
> but I get nothing through.. In the FAQ/HOWTO's ppl are suggesting to
> turn it off..
> 
> If I turn it off, my routes are whatever my cable-modem ISP routes are
> regardless if the VPN connection was made or not.

Because nothing on the outside has any idea how to route traffic BACK to
you.  Make sure that your pptp client is being assigned an IP address
that's on the same local subnet as the ethernet interface on the pptpd
server, and that you're using proxyarp on the server.  Otherwise the
routing will never work unless your ISP's distribution/core routers have a
route added to point back to your private subnet, which Probably Isn't
Going To Happen. :)

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From rpm at interworxconsulting.com  Tue Mar  7 10:28:36 2000
From: rpm at interworxconsulting.com (Ryan Matijcio)
Date: Tue Mar  7 10:28:36 2000
Subject: [pptp-server] Authentication and Firewall Issues
Message-ID: <PCEPICDJFEBDKGIGCBIIOEJLCBAA.rpm@interworxconsulting.com>

Hello!

I am having some problems with PPTP.  First, I can't seem to find a
definition of the sequence of events in a PPTP session.  For example, the
client talks to the server over port x and the server responds over x to set
up a session on port y.  If anyone know how the interaction goes I'd
apprecaite knowing.

Secondly, I seem to be having an authentication issue and I can't seem to
figure out why.  Here's my log:

Mar  6 19:58:12 localhost pptpd[956]: CTRL: Client 206.172.224.166 control
connection started
Mar  6 19:58:13 localhost pptpd[956]: CTRL: Starting call (launching pppd,
opening GRE)
Mar  6 19:58:13 localhost modprobe: can't locate module char-major-108
Mar  6 19:58:14 localhost pppd[957]: pppd 2.3.10 started by root, uid 0
Mar  6 19:58:14 localhost pppd[957]: Using interface ppp1
Mar  6 19:58:14 localhost pppd[957]: Connect: ppp1 <--> /dev/pts/1
Mar  6 19:58:14 localhost pptpd[956]: GRE: Discarding duplicate packet
Mar  6 19:58:15 localhost pptpd[956]: CTRL: Ignored a SET LINK INFO packet
with real ACCMs!
Mar  6 19:58:15 localhost pppd[957]: No CHAP secret found for authenticating
RMatijcio
Mar  6 19:58:15 localhost pppd[957]: CHAP peer authentication failed for
remote host RMatijcio
Mar  6 19:58:16 localhost pptpd[956]: CTRL: Ignored a SET LINK INFO packet
with real ACCMs!
Mar  6 19:58:16 localhost pptpd[956]: CTRL: Error with select(), quitting
Mar  6 19:58:16 localhost pptpd[956]: CTRL: Client 206.172.224.166 control
connection finished
Mar  6 19:58:16 localhost pppd[957]: Modem hangup
Mar  6 19:58:16 localhost pppd[957]: Connection terminated.
Mar  6 19:58:16 localhost pppd[957]: Exit.

My /etc/ppp/options file:

lock
debug
#name fw-1
#auth
#require-chap
#proxyarp

I have the bottem 4 lines commented out because it was causing a problem
with my DSL connection.  I use pppd to drive a pppoe connection to my
service provider.  I did try taking these out and connecting to the PPTP
server directly (with both machines on the same subnet.)

Thanks!
Ryan P. Matijcio
Interworx Consulting Corporation
rpm at interworxconsulting.com





From noel at koethe.net  Tue Mar  7 10:37:00 2000
From: noel at koethe.net (Noel Koethe)
Date: Tue Mar  7 10:37:00 2000
Subject: [pptp-server] Authentication and Firewall Issues
In-Reply-To: <PCEPICDJFEBDKGIGCBIIOEJLCBAA.rpm@interworxconsulting.com>
Message-ID: <Pine.LNX.3.96.1000307173414.12243A-100000@heidi.wipol.uni-bonn.de>

On Tue, 7 Mar 2000, Ryan Matijcio wrote:

> Secondly, I seem to be having an authentication issue and I can't seem to
> figure out why.  Here's my log:
> 
> Mar  6 19:58:15 localhost pppd[957]: No CHAP secret found for authenticating
> RMatijcio
> Mar  6 19:58:15 localhost pppd[957]: CHAP peer authentication failed for
> remote host RMatijcio

Is there a User with this name in /etc/ppp/chap-secrets?

Like:

RMatijcio	*	thisistheppppassword	*

-- 
Noel Koethe
						www.linuxhq.de




From sstone at taos.com  Tue Mar  7 10:48:16 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 10:48:16 2000
Subject: [pptp-server] Authentication and Firewall Issues
In-Reply-To: <PCEPICDJFEBDKGIGCBIIOEJLCBAA.rpm@interworxconsulting.com>
Message-ID: <Pine.LNX.4.10.10003070846520.26584-100000@armadillo.wink.com>

On Tue, 7 Mar 2000, Ryan Matijcio wrote:

> 
> Hello!
> 
> Secondly, I seem to be having an authentication issue and I can't seem to
> figure out why.  Here's my log:
> 
> Mar  6 19:58:15 localhost pppd[957]: No CHAP secret found for authenticating
> RMatijcio
> Mar  6 19:58:15 localhost pppd[957]: CHAP peer authentication failed for
> remote host RMatijcio

um... this doesn't give you any hints?? :)

Add an appropriate line in /etc/ppp/chap-secrets.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From rpm at interworxconsulting.com  Tue Mar  7 10:57:47 2000
From: rpm at interworxconsulting.com (Ryan Matijcio)
Date: Tue Mar  7 10:57:47 2000
Subject: [pptp-server] Issues continued....
Message-ID: <PCEPICDJFEBDKGIGCBIIAEJNCBAA.rpm@interworxconsulting.com>

I attemtped to try my PPTP connection again this moring.  This time from a
client site.  They're firewall's basic ruleset allows all traffic out and
replies in.  Here's what happens:

Mar  7 11:42:11 localhost modprobe: can't locate module char-major-108

I still for the life of me can't figure out what this error is! :-(

Mar  7 11:42:11 localhost pppd[1537]: pppd 2.3.10 started by root, uid 0
Mar  7 11:42:11 localhost pppd[1537]: Using interface ppp1
Mar  7 11:42:11 localhost pppd[1537]: Connect: ppp1 <--> /dev/pts/2
Mar  7 11:42:41 localhost pppd[1537]: LCP: timeout sending Config-Requests
Mar  7 11:42:41 localhost pppd[1537]: Connection terminated.
Mar  7 11:42:41 localhost pppd[1537]: Exit.
Mar  7 11:42:41 localhost pptpd[1536]: GRE:
read(fd=4,buffer=804d7c0,len=8196) f
rom PTY failed: status = -1 error = Input/output error
Mar  7 11:42:41 localhost pptpd[1536]: CTRL: PTY read or GRE write failed
(pty,g
re)=(4,5)
Mar  7 11:42:41 localhost pptpd[1536]: CTRL: Client 216.13.96.10 control
connect
ion finished

This looks more like a firewall issue.  I hoping that dial up VPN for PPTP
can be done without fixing up firewalls to allow it.  Obviously this depends
on the sequence of events for PPTP.  When I'm at different client site's I'd
like to be able to connect a la VPN.  However, considering the syslog
capture above, I'm starting to think this won't be possible.

Ryan P. Matijcio
Interworx Consulting Corporation
rpm at interworxconsulting.com
416-832-1538





From rpm at interworxconsulting.com  Tue Mar  7 10:57:48 2000
From: rpm at interworxconsulting.com (Ryan Matijcio)
Date: Tue Mar  7 10:57:48 2000
Subject: [pptp-server] Authentication and Firewall Issues
In-Reply-To: <Pine.LNX.3.96.1000307173414.12243A-100000@heidi.wipol.uni-bonn.de>
Message-ID: <PCEPICDJFEBDKGIGCBIICEJNCBAA.rpm@interworxconsulting.com>

Yes there is.  It may be important to note I also have a pap-secrets with my
username and password for my PPOE connection to my DSL provider.

Ryan P. Matijcio
Interworx Consulting Corporation
rpm at interworxconsulting.com
416-832-1538

-----Original Message-----
From: Noel Koethe [mailto:noel at koethe.net]
Sent: Tuesday, March 07, 2000 11:36 AM
To: Ryan Matijcio
Cc: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] Authentication and Firewall Issues


On Tue, 7 Mar 2000, Ryan Matijcio wrote:

> Secondly, I seem to be having an authentication issue and I can't seem to
> figure out why.  Here's my log:
>
> Mar  6 19:58:15 localhost pppd[957]: No CHAP secret found for
authenticating
> RMatijcio
> Mar  6 19:58:15 localhost pppd[957]: CHAP peer authentication failed for
> remote host RMatijcio

Is there a User with this name in /etc/ppp/chap-secrets?

Like:

RMatijcio	*	thisistheppppassword	*

--
Noel Koethe
						www.linuxhq.de






From MERolen at APACMail.com  Tue Mar  7 11:07:38 2000
From: MERolen at APACMail.com (Rolen, Mark E.)
Date: Tue Mar  7 11:07:38 2000
Subject: [pptp-server] Authentication and Firewall Issues
Message-ID: <27C2C8885E15D311853F0008C7B1387ECD73C7@ntcr1102.apacteleservices.com>

On the subject of authentication, I thought that I'd seen in the
documentation that the domain part of the usename supplied by a win machine
( DOMAIN\\username ) was removed at the pptpd side.  Did I miss a patch
somewhere, or is this not the case?  It would be far easier for me to add
users if I didn't have to know what the DOMAIN\\ would be when they
connected (this is utterly useless, it seems.  Why wouldn't MS just pass a
username/password?  I know... I know...).  As it is, I have to have them
connect to the server, then look through the logs to find the rejected
username, then go back to chap-secrets and add their DOMAIN\\.  Ugh...

Anyone know how to force the removal of that
godforsaken-absolutley-unnecessary-ridiculous-just-make-it-go-away prefix??



-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Scott M. Stone
Sent: Tuesday, March 07, 2000 10:48 AM
To: Ryan Matijcio
Cc: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] Authentication and Firewall Issues


On Tue, 7 Mar 2000, Ryan Matijcio wrote:

> 
> Hello!
> 
> Secondly, I seem to be having an authentication issue and I can't seem to
> figure out why.  Here's my log:
> 
> Mar  6 19:58:15 localhost pppd[957]: No CHAP secret found for
authenticating
> RMatijcio
> Mar  6 19:58:15 localhost pppd[957]: CHAP peer authentication failed for
> remote host RMatijcio

um... this doesn't give you any hints?? :)

Add an appropriate line in /etc/ppp/chap-secrets.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 


_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!



From johnny at booksys.com  Tue Mar  7 11:31:39 2000
From: johnny at booksys.com (Johnny L Wales)
Date: Tue Mar  7 11:31:39 2000
Subject: [pptp-server] Dialup Networking and VPN update
In-Reply-To: <Pine.LNX.4.05.10003070814050.2482-100000@marina.lowendale.com.au>
Message-ID: <Pine.LNX.4.10.10003070957240.3594-100000@mail.booksys.com>

Thanks a bunch. You Rock. You Rock. You Rock. This apparently meaningless
task (click the check box, then click apply, then click the checkbox again
and Viola! Everything works!) seems to have fixed 99% of all of the
problems I've had. As promised, I modified the page of Win98 setup
instructions to contain this information. New page can be seen at:
http://mail.booksys.com/win98.html

and should be able to replace the current page at
http://www.moretonbay.com/vpn/win98.html

However, I still have a bit of a problem: How do I get a WINS server to be
automatically handed out by pptp or somehow automatically configured when
they connect? Second, is there any reason why microsoft-oriented
networking tasks (such as the network neighborhood) don't seem to work? I
think it's that the username that I'm using to authenticate on the PPP
connection is not valid for the internal network. I'll try this out a bit
later. However, a password is only requested if I do something like
start/run \\192.168.10.21 (which is a valid machine on the internal
network running NT) or \\ezhost (my machine on the internal network). When
I click 'network neighborhood' and then 'entire network', it just tells me
that the network is not available or not browsable. At any rate, it
doesn't ask me for a password (and, since there's no decent equivalent of
/var/log/messages on windows machines... I don't know if it's trying to
authenticate or not.. :/)

At any rate, if anyone has any immeadiate answers to any of this, feel
free to let me know, but it's not a huge priority as I think I can fix it
with a bit of tinkering. Mostly I just wanted to say: Thanks a bunch, you
all rock, especially you, Neale. The rest of you merely rock, where as
Neale rocks -and- rolls. :)

--Me


On Tue, 7 Mar 2000, Neale Banks wrote:

> On Mon, 6 Mar 2000, Johnny L Wales wrote:
> 
> [...]
> > A couple of people mentioned that this has been solved on the mailing list
> > at some time in the past, and one of you mentioned a particular knowledge
> > base article. Unfortunately, microsoft's website is a vile, overly pretty
> > abomination with very little useful functionality, so I couldn't retrieve
> > a specific knowledgebase article by number and I was unable to fully
> > figure out where to download DUN v1.3 or greater. 
> 
> It's not-quite-so-painful if you start at http://support.microsoft.com
> 
> >From there I was able to enter Q188141 in teh search box and very quickly
> get to
> <URL:http://support.microsoft.com/support/kb/articles/Q188/1/41.ASP>
> 
> > Right now, I'm beginning to think that the logical course of action is to
> > de-install ding-dang near everything and reinstall it using the latest
> > versions from M$'s website. However, I'm guessing this will be a long and
> > time consuming task, and would rather avoid it if possible. 
> 
> The catch is, it seems to depend on *how* you install some of these bits
> (darn MS: why do they let you do it a different way if it won't work that 
> way? {:-( )
> 
> HTH,
> Neale.
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 





From sstone at taos.com  Tue Mar  7 11:41:36 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 11:41:36 2000
Subject: [pptp-server] Authentication and Firewall Issues
In-Reply-To: <PCEPICDJFEBDKGIGCBIICEJNCBAA.rpm@interworxconsulting.com>
Message-ID: <Pine.LNX.4.10.10003070940100.26584-100000@armadillo.wink.com>

On Tue, 7 Mar 2000, Ryan Matijcio wrote:

> 
> Yes there is.  It may be important to note I also have a pap-secrets with my
> username and password for my PPOE connection to my DSL provider.

make /etc/ppp/options2 and put 'require-chap' and 'proxyarp' in it.  Then
have pptp call pppd with the option to use the alternate config file.  I'm
not sure how to make pptpd do that out of the box, but... you have the
source, right? :)

> 
> Ryan P. Matijcio
> Interworx Consulting Corporation
> rpm at interworxconsulting.com
> 416-832-1538
> 
> -----Original Message-----
> From: Noel Koethe [mailto:noel at koethe.net]
> Sent: Tuesday, March 07, 2000 11:36 AM
> To: Ryan Matijcio
> Cc: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] Authentication and Firewall Issues
> 
> 
> On Tue, 7 Mar 2000, Ryan Matijcio wrote:
> 
> > Secondly, I seem to be having an authentication issue and I can't seem to
> > figure out why.  Here's my log:
> >
> > Mar  6 19:58:15 localhost pppd[957]: No CHAP secret found for
> authenticating
> > RMatijcio
> > Mar  6 19:58:15 localhost pppd[957]: CHAP peer authentication failed for
> > remote host RMatijcio
> 
> Is there a User with this name in /etc/ppp/chap-secrets?
> 
> Like:
> 
> RMatijcio	*	thisistheppppassword	*
> 
> --
> Noel Koethe
> 						www.linuxhq.de
> 
> 
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From sstone at taos.com  Tue Mar  7 11:51:24 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 11:51:24 2000
Subject: [pptp-server] broadcast resolution with pptp/ppp/whatever...
Message-ID: <Pine.LNX.4.10.10003070946350.26584-100000@armadillo.wink.com>

OK, this is kind of cheesy, but one thing I'm trying to get working
through this PPTP link of mine is Homeworld (yeah, it's a game).  It has
an option for "TCP/IP LAN Connection"... it never lets you specify any IP
address for a server, though, so I'm *assuming* it's trying to resolve via
broadcast.  The remote pptp client is being assigned an IP on my local
subnet and is using proxyarp.  All forwarding between my local ethernet
network and the pptp link is enabled.  however, the machines never see
each other as being on the same 'lan'.  

If I do a broadcast ping from my firewall/pptp server, all it sees is its
OWN ip address (ie, not even ones on the local subnet), so I'm thinking
that ipchains might filter broadcast packets..?  (anyone confirm this?
can it be changed?  no mention of 'broadcast' in ipchains's man page).

HOWEVER, when I do the broadcast ping from my Win98SE box, if I look at my
ethernet hub, all of the lights blink while I'm doing it.  If I try to
play Homeworld, while it's trying to look for other players on the local
net, ONLY THE LIGHT FOR THE WIN98SE box (the one running homeworld)
blinks... so I'm not *sure* that it's using broadcast to resolve.

Anyway, if anyone has any clues on this, I'd appreciate it.  Poo on Sierra
for designing an otherwise excellent game with such anemic network play
options.  I guess they *really* want you to play on won.net and don't want
you 'faking' LAN connections..

... I guess I could always enable IPX over pptp, though, but that's
another bitch and a half in and of itself... IPX...eech.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From rpm at interworxconsulting.com  Tue Mar  7 11:56:51 2000
From: rpm at interworxconsulting.com (Ryan Matijcio)
Date: Tue Mar  7 11:56:51 2000
Subject: [pptp-server] Authentication and Firewall Issues
In-Reply-To: <Pine.LNX.4.10.10003070846520.26584-100000@armadillo.wink.com>
Message-ID: <PCEPICDJFEBDKGIGCBIIIEJOCBAA.rpm@interworxconsulting.com>

Already have one. (I did read the FAQ! :-)

Here's the contents, and no thats not the real password. :-)

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
rmatijcio * password *

Ryan P. Matijcio
Interworx Consulting Corporation
rpm at interworxconsulting.com
416-832-1538

-----Original Message-----
From: Scott M. Stone [mailto:sstone at taos.com]
Sent: Tuesday, March 07, 2000 11:48 AM
To: Ryan Matijcio
Cc: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] Authentication and Firewall Issues


On Tue, 7 Mar 2000, Ryan Matijcio wrote:

>
> Hello!
>
> Secondly, I seem to be having an authentication issue and I can't seem to
> figure out why.  Here's my log:
>
> Mar  6 19:58:15 localhost pppd[957]: No CHAP secret found for
authenticating
> RMatijcio
> Mar  6 19:58:15 localhost pppd[957]: CHAP peer authentication failed for
> remote host RMatijcio

um... this doesn't give you any hints?? :)

Add an appropriate line in /etc/ppp/chap-secrets.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company





From natecars at real-time.com  Tue Mar  7 12:24:57 2000
From: natecars at real-time.com (Nate Carlson)
Date: Tue Mar  7 12:24:57 2000
Subject: [pptp-server] Authentication and Firewall Issues
In-Reply-To: <PCEPICDJFEBDKGIGCBIIIEJOCBAA.rpm@interworxconsulting.com>
Message-ID: <Pine.LNX.4.10.10003071224230.13615-100000@enchanter.real-time.com>

On Tue, 7 Mar 2000, Ryan Matijcio wrote:
> Already have one. (I did read the FAQ! :-)
> 
> Here's the contents, and no thats not the real password. :-)
> 
> # Secrets for authentication using CHAP
> # client        server  secret                  IP addresses
> rmatijcio * password *

hmmm.. case sensitivity maybe? try changing the 'rm' to 'RM'..

-- 
Nate Carlson <carlson at real-time.com>    | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From sstone at taos.com  Tue Mar  7 13:05:34 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 13:05:34 2000
Subject: [pptp-server] Authentication and Firewall Issues
In-Reply-To: <PCEPICDJFEBDKGIGCBIIIEJOCBAA.rpm@interworxconsulting.com>
Message-ID: <Pine.LNX.4.10.10003071101100.26584-100000@armadillo.wink.com>

On Tue, 7 Mar 2000, Ryan Matijcio wrote:

> 
> Already have one. (I did read the FAQ! :-)
> 
> Here's the contents, and no thats not the real password. :-)
> 
> # Secrets for authentication using CHAP
> # client        server  secret                  IP addresses
> rmatijcio * password *

ah, it's probably because 'rmatijcio' is more than 8 characters long.  You
must limit yourself to 8 characters, I believe... 

something to try, at least.

> 
> Ryan P. Matijcio
> Interworx Consulting Corporation
> rpm at interworxconsulting.com
> 416-832-1538
> 
> -----Original Message-----
> From: Scott M. Stone [mailto:sstone at taos.com]
> Sent: Tuesday, March 07, 2000 11:48 AM
> To: Ryan Matijcio
> Cc: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] Authentication and Firewall Issues
> 
> 
> On Tue, 7 Mar 2000, Ryan Matijcio wrote:
> 
> >
> > Hello!
> >
> > Secondly, I seem to be having an authentication issue and I can't seem to
> > figure out why.  Here's my log:
> >
> > Mar  6 19:58:15 localhost pppd[957]: No CHAP secret found for
> authenticating
> > RMatijcio
> > Mar  6 19:58:15 localhost pppd[957]: CHAP peer authentication failed for
> > remote host RMatijcio
> 
> um... this doesn't give you any hints?? :)
> 
> Add an appropriate line in /etc/ppp/chap-secrets.
> 
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company
> 
> 
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From rpm at interworxconsulting.com  Tue Mar  7 13:22:02 2000
From: rpm at interworxconsulting.com (Ryan Matijcio)
Date: Tue Mar  7 13:22:02 2000
Subject: [pptp-server] Authentication and Firewall Issues
In-Reply-To: <Pine.LNX.4.10.10003071224230.13615-100000@enchanter.real-time.com>
Message-ID: <PCEPICDJFEBDKGIGCBIIIEJPCBAA.rpm@interworxconsulting.com>

Perhaps, I'll try making sure that everything is the same case on both the
client and server side.

Ryan P. Matijcio
Interworx Consulting Corporation
rpm at interworxconsulting.com
416-832-1538

-----Original Message-----
From: Nate Carlson [mailto:natecars at real-time.com]
Sent: Tuesday, March 07, 2000 1:25 PM
To: Ryan Matijcio
Cc: Scott M. Stone; pptp-server at lists.schulte.org
Subject: RE: [pptp-server] Authentication and Firewall Issues


On Tue, 7 Mar 2000, Ryan Matijcio wrote:
> Already have one. (I did read the FAQ! :-)
>
> Here's the contents, and no thats not the real password. :-)
>
> # Secrets for authentication using CHAP
> # client        server  secret                  IP addresses
> rmatijcio * password *

hmmm.. case sensitivity maybe? try changing the 'rm' to 'RM'..

--
Nate Carlson <carlson at real-time.com>    | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500





From rpm at interworxconsulting.com  Tue Mar  7 13:22:03 2000
From: rpm at interworxconsulting.com (Ryan Matijcio)
Date: Tue Mar  7 13:22:03 2000
Subject: [pptp-server] Authentication and Firewall Issues
In-Reply-To: <Pine.LNX.4.10.10003071101100.26584-100000@armadillo.wink.com>
Message-ID: <PCEPICDJFEBDKGIGCBIIKEJPCBAA.rpm@interworxconsulting.com>

Another thing to try as well.

I did take a look at the man page for pppd about loading an alternate
options file:

---
file name
              Read   options   from  file  name  (the  format  is
              described below).  The file must be readable by the
              user who has invoked pppd.
---

Any ideas as to what I should have in my options file for pptp?

Ryan P. Matijcio
Interworx Consulting Corporation
rpm at interworxconsulting.com
416-832-1538

-----Original Message-----
From: Scott M. Stone [mailto:sstone at taos.com]
Sent: Tuesday, March 07, 2000 2:05 PM
To: Ryan Matijcio
Cc: pptp-server at lists.schulte.org
Subject: RE: [pptp-server] Authentication and Firewall Issues


On Tue, 7 Mar 2000, Ryan Matijcio wrote:

>
> Already have one. (I did read the FAQ! :-)
>
> Here's the contents, and no thats not the real password. :-)
>
> # Secrets for authentication using CHAP
> # client        server  secret                  IP addresses
> rmatijcio * password *

ah, it's probably because 'rmatijcio' is more than 8 characters long.  You
must limit yourself to 8 characters, I believe...

something to try, at least.

>
> Ryan P. Matijcio
> Interworx Consulting Corporation
> rpm at interworxconsulting.com
> 416-832-1538
>
> -----Original Message-----
> From: Scott M. Stone [mailto:sstone at taos.com]
> Sent: Tuesday, March 07, 2000 11:48 AM
> To: Ryan Matijcio
> Cc: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] Authentication and Firewall Issues
>
>
> On Tue, 7 Mar 2000, Ryan Matijcio wrote:
>
> >
> > Hello!
> >
> > Secondly, I seem to be having an authentication issue and I can't seem
to
> > figure out why.  Here's my log:
> >
> > Mar  6 19:58:15 localhost pppd[957]: No CHAP secret found for
> authenticating
> > RMatijcio
> > Mar  6 19:58:15 localhost pppd[957]: CHAP peer authentication failed for
> > remote host RMatijcio
>
> um... this doesn't give you any hints?? :)
>
> Add an appropriate line in /etc/ppp/chap-secrets.
>
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company
>
>
>

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company






From rpm at interworxconsulting.com  Tue Mar  7 13:53:04 2000
From: rpm at interworxconsulting.com (Ryan Matijcio)
Date: Tue Mar  7 13:53:04 2000
Subject: [pptp-server] PPTP and Firewalls?
Message-ID: <PCEPICDJFEBDKGIGCBIIGEKACBAA.rpm@interworxconsulting.com>

Ok I made my changes to the options file.  However I'm wondering if perhaps
now I have a firewall issue.  Today I am trying to connect to the vpn from a
client site.  At this site they have a very basic ruleset that allows all
traffic out and responses back in.  I'm not what the sequence with pptp is
however the syslog capture below seems to indicate that perhaps the traffic
may be getting stopped by the firewall.

Mar  7 14:48:22 localhost pppd[856]: pppd 2.3.10 started by root, uid 0
Mar  7 14:48:22 localhost pppd[856]: Using interface ppp1
Mar  7 14:48:22 localhost pppd[856]: Connect: ppp1 <--> /dev/pts/2
Mar  7 14:48:52 localhost pppd[856]: LCP: timeout sending Config-Requests
Mar  7 14:48:52 localhost pppd[856]: Connection terminated.
Mar  7 14:48:52 localhost pppd[856]: Exit.
Mar  7 14:48:52 localhost pptpd[855]: GRE:
read(fd=4,buffer=804d7c0,len=8196) fr
om PTY failed: status = -1 error = Input/output error
Mar  7 14:48:52 localhost pptpd[855]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
Mar  7 14:48:52 localhost pptpd[855]: CTRL: Client 216.13.96.10 control
connection finished

Ryan P. Matijcio
Interworx Consulting Corporation
rpm at interworxconsulting.com
416-832-1538





From sstone at taos.com  Tue Mar  7 14:14:54 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 14:14:54 2000
Subject: [pptp-server] Authentication and Firewall Issues
In-Reply-To: <PCEPICDJFEBDKGIGCBIIKEJPCBAA.rpm@interworxconsulting.com>
Message-ID: <Pine.LNX.4.10.10003071213530.26584-100000@armadillo.wink.com>

On Tue, 7 Mar 2000, Ryan Matijcio wrote:

> 
> Another thing to try as well.
> 
> I did take a look at the man page for pppd about loading an alternate
> options file:
> 
> ---
> file name
>               Read   options   from  file  name  (the  format  is
>               described below).  The file must be readable by the
>               user who has invoked pppd.
> ---
> 
> Any ideas as to what I should have in my options file for pptp?

lock
auth
require-chap
proxyarp


works for me at least.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From jasonj+pptp at uui-alaska.com  Tue Mar  7 14:28:54 2000
From: jasonj+pptp at uui-alaska.com (Jason Jeremias)
Date: Tue Mar  7 14:28:54 2000
Subject: [pptp-server] MGR: Couldn't create host socket?????
References: <Pine.LNX.4.10.10003070946350.26584-100000@armadillo.wink.com>
Message-ID: <38C56628.689B82CE@uui-alaska.com>

Could someone tell me what this is all about?  How do I fix it?

Mar  7 11:25:09 zip pptpd[12382]: MGR: Manager process started
Mar  7 11:25:09 zip pptpd[12382]: MGR: Couldn't create host socket
Mar  7 11:25:09 zip init: Id "pptp" respawning too fast: disabled for 5
minutes

Thanks in advance!

-Jason
-- 
Great acts are made up of small deeds.
                -- Lao Tsu



From sstone at taos.com  Tue Mar  7 15:56:32 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 15:56:32 2000
Subject: [pptp-server] MGR: Couldn't create host socket?????
In-Reply-To: <38C56628.689B82CE@uui-alaska.com>
Message-ID: <Pine.LNX.4.10.10003071354510.26584-100000@armadillo.wink.com>

On Tue, 7 Mar 2000, Jason Jeremias wrote:

> Could someone tell me what this is all about?  How do I fix it?
> 
> Mar  7 11:25:09 zip pptpd[12382]: MGR: Manager process started
> Mar  7 11:25:09 zip pptpd[12382]: MGR: Couldn't create host socket
> Mar  7 11:25:09 zip init: Id "pptp" respawning too fast: disabled for 5
> minutes
> 
> Thanks in advance!
> 
> -Jason
> 

either your kernel is compiled wrong or you're out of file descriptors.
do:

netstat | wc -l

what is the result?  If it's a really really high number then you're
probably out of file descriptors.  I think if you edit
/usr/src/linux/include/limits.h you can increase the maximum... you'll
have to recompile the kernel, of course, but...

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From david at solutionsfirst.net  Tue Mar  7 16:04:12 2000
From: david at solutionsfirst.net (David Kempe)
Date: Tue Mar  7 16:04:12 2000
Subject: [pptp-server] MGR: Couldn't create host socket?????
In-Reply-To: <38C56628.689B82CE@uui-alaska.com>
Message-ID: <EFELIGDMJHPMFJFIFPIGKEBJCEAA.david@solutionsfirst.net>

no
its not that you are out of descriptors... it is taht you have tried to
start pptpd manually when it is in /etc/inittab
remove the entry from the line in there that mentions pptpd or killall pptpd
and wait five min for it to respawn.
you can have 2 pptpd running at once.. hence the error..

dave

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jason Jeremias
Sent: Wednesday, 8 March 2000 7:27 AM
To: PPTP Mailing List ]
Subject: [pptp-server] MGR: Couldn't create host socket?????


Could someone tell me what this is all about?  How do I fix it?

Mar  7 11:25:09 zip pptpd[12382]: MGR: Manager process started
Mar  7 11:25:09 zip pptpd[12382]: MGR: Couldn't create host socket
Mar  7 11:25:09 zip init: Id "pptp" respawning too fast: disabled for 5
minutes

Thanks in advance!

-Jason
--
Great acts are made up of small deeds.
                -- Lao Tsu

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!




From jasonj at uui-alaska.com  Tue Mar  7 16:33:07 2000
From: jasonj at uui-alaska.com (Jason Jeremias)
Date: Tue Mar  7 16:33:07 2000
Subject: [pptp-server] MGR: Couldn't create host socket?????
References: <EFELIGDMJHPMFJFIFPIGKEBJCEAA.david@solutionsfirst.net>
Message-ID: <38C58314.3D7C92B8@uui-alaska.com>

That was it, thanks for the quick reply!

-Jason

David Kempe wrote:
> 
> no
> its not that you are out of descriptors... it is taht you have tried to
> start pptpd manually when it is in /etc/inittab
> remove the entry from the line in there that mentions pptpd or killall pptpd
> and wait five min for it to respawn.
> you can have 2 pptpd running at once.. hence the error..
> 
> dave
> 
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jason Jeremias
> Sent: Wednesday, 8 March 2000 7:27 AM
> To: PPTP Mailing List ]
> Subject: [pptp-server] MGR: Couldn't create host socket?????
> 
> Could someone tell me what this is all about?  How do I fix it?
> 
> Mar  7 11:25:09 zip pptpd[12382]: MGR: Manager process started
> Mar  7 11:25:09 zip pptpd[12382]: MGR: Couldn't create host socket
> Mar  7 11:25:09 zip init: Id "pptp" respawning too fast: disabled for 5
> minutes
> 
> Thanks in advance!
> 
> -Jason
> --
> Great acts are made up of small deeds.
>                 -- Lao Tsu
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!

-- 
Great acts are made up of small deeds.
                -- Lao Tsu



From compchat at home.com  Tue Mar  7 16:37:01 2000
From: compchat at home.com (Alan Ross)
Date: Tue Mar  7 16:37:01 2000
Subject: [pptp-server] LINUX
Message-ID: <002a01bf8885$8c78ad10$8f800818@msnv1.occa.home.com>

It appears I am on the wrong list (blush).  This is a dedicated Linux list ?
Does anyone know of a Windows NT list.    Is Linux easier to configure then
NT ?  Also are you able to configure a Linux pptp gateway so that it can
forward ip packets to an NT file server ?


Alan,
http://compchat.com
compchat at exo.com
compchat at home.com




From jasonj at uui-alaska.com  Tue Mar  7 16:48:51 2000
From: jasonj at uui-alaska.com (Jason Jeremias)
Date: Tue Mar  7 16:48:51 2000
Subject: [pptp-server] Connect to PPTP server though Linux IPMASQ
References: <EFELIGDMJHPMFJFIFPIGKEBJCEAA.david@solutionsfirst.net> <38C58314.3D7C92B8@uui-alaska.com>
Message-ID: <38C586FC.97EC4B35@uui-alaska.com>

Okay I tested a PoPToP machine and everything worked so I'm assuming the
problem I'm having today is I'm going through Linux IPMASQ firewall to
connect to it. Looks like this:


 ----                 --------------                              
--------
| me |  -----------  | Linux IPMASQ | ----------Internet--------- |
PoPToP |
 ----                 --------------                              
--------

So the question is what do I need to do on the Linux IPMASQ box to get
this working?  I'm assuming I need to make it forward some ports back
and forth.  Any hints?

Thanks Again.

-Jason
-- 
Great acts are made up of small deeds.
                -- Lao Tsu



From stan at rogge.net  Tue Mar  7 17:01:07 2000
From: stan at rogge.net (Stan A. Rogge)
Date: Tue Mar  7 17:01:07 2000
Subject: [pptp-server] Lots of Concurrent PPP interfaces
Message-ID: <005b01bf8888$6425ec80$fd01fb0a@harmonic.com>

Anyone out there ever configured a server for quite a lot of concurrent
VPNs?

I have managed to get 100 concurrent connections, but pppd will not build an
interface beyond ppp99.

I get this error:

kernel: ppp: dev_alloc_name failed (-23)
kernel: ppp: ppp_alloc failed
pppd[1722]: ioctl(TIOCSETD): Too many open files in system(23)


I have already adjusted a few things in the kernel, like:

netlink.h    MAX_LINKS    2048
limits.h    NR_OPEN    2048
limits.h    OPEN_MAx    1024
tty.h    MAX_NR_CONSOLES    2047

In the kernel's .config I have:

CONFIG_UNIX98_PTYS=y
CONFIG_UNIX98_PTY_COUNT=2048

I am using linux-2.2.13 with ppp-2.3.8 with the microsoft patches for their
gay encryption.  My setup works ok.  Been using it all for quite a while for
both PPTP and SSH VPNs, at least thats my story.

My last assigned device to pppd was pts/100.  I have 235 processes on the
box.

My target is to see how many concurrent PPP interfaces can be achieved
concurrently.  I want around 1300 or so, but am stuck with PPP0 - PPP99.

If anyone has been here before, please share your wisdom.  I really have not
seen any info on this in the traditional documentation.  I have look around
at some of the code for PPP, but do not see this particular limit.  I fear
it may be ioctl stuff.

Thanks in advance.








From teastep at evergo.net  Tue Mar  7 17:07:09 2000
From: teastep at evergo.net (Tom Eastep)
Date: Tue Mar  7 17:07:09 2000
Subject: [pptp-server] Connect to PPTP server though Linux IPMASQ
In-Reply-To: <38C586FC.97EC4B35@uui-alaska.com>
Message-ID: <Pine.LNX.4.10.10003071506170.13291-100000@wookie.shoreline.tandem.com>

On Tue, 7 Mar 2000, Jason Jeremias wrote:

> Okay I tested a PoPToP machine and everything worked so I'm assuming the
> problem I'm having today is I'm going through Linux IPMASQ firewall to
> connect to it. Looks like this:
> 
> 
>  ----                 --------------                              
> --------
> | me |  -----------  | Linux IPMASQ | ----------Internet--------- |
> PoPToP |
>  ----                 --------------                              
> --------
> 
> So the question is what do I need to do on the Linux IPMASQ box to get
> this working?  I'm assuming I need to make it forward some ports back
> and forth.  Any hints?
> 

http://www.wolfenet.com/~jhardin/ip_masq_vpn.html

-Tom
-- 
Tom Eastep             \  Eastep's First Principle of Computing:
ICQ #60745924           \  "Any sane computer will tell you how it
teastep at evergo.net       \   works if you ask it the proper questions"
Shoreline, Washington USA ___________________________________________




From rpm at interworxconsulting.com  Tue Mar  7 17:09:20 2000
From: rpm at interworxconsulting.com (Ryan Matijcio)
Date: Tue Mar  7 17:09:20 2000
Subject: [pptp-server] LINUX
In-Reply-To: <002a01bf8885$8c78ad10$8f800818@msnv1.occa.home.com>
Message-ID: <PCEPICDJFEBDKGIGCBIIOEKCCBAA.rpm@interworxconsulting.com>

Hi Alan,

One problem I can see with a Linux pptp server in a large NT enviroment is
account management.  I can see it being a real nightmare maintaining the
chap-secrets file (the one that maintains the username and password for the
vpn accounts.)  As far as I've read there is nothing to handle this.  In NT
you can easily just turn PPTP on or off for an account in user manager.

However for my own purposes I really like what I've seen so far with Linux
and pptpd.  I'd urge you to take a look.  (This comming from an MCSE too!
:-)

Ryan P. Matijcio
Interworx Consulting Corporation
rpm at interworxconsulting.com
416-832-1538

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Alan Ross
Sent: Tuesday, March 07, 2000 5:36 PM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] LINUX


It appears I am on the wrong list (blush).  This is a dedicated Linux list ?
Does anyone know of a Windows NT list.    Is Linux easier to configure then
NT ?  Also are you able to configure a Linux pptp gateway so that it can
forward ip packets to an NT file server ?


Alan,
http://compchat.com
compchat at exo.com
compchat at home.com


_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!





From sstone at taos.com  Tue Mar  7 17:10:58 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 17:10:58 2000
Subject: [pptp-server] LINUX
In-Reply-To: <002a01bf8885$8c78ad10$8f800818@msnv1.occa.home.com>
Message-ID: <Pine.LNX.4.10.10003071507280.26584-100000@armadillo.wink.com>

On Tue, 7 Mar 2000, Alan Ross wrote:

> It appears I am on the wrong list (blush).  This is a dedicated Linux list ?
> Does anyone know of a Windows NT list.    Is Linux easier to configure then
> NT ?  Also are you able to configure a Linux pptp gateway so that it can
> forward ip packets to an NT file server ?

let's see.. answers, in order:

1. yes it does appear you're on the wrong list,
2. yes it is a dedicated linux list, 
3. I don't know of an NT PPTP list,
4. Linux is easier to configure than NT (in general, and pptp
   specifically),
5. Yes you can make a Linux pptp gateway forward any and all kinds of IP
   or IPX traffic.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From sstone at taos.com  Tue Mar  7 17:11:59 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 17:11:59 2000
Subject: [pptp-server] Connect to PPTP server though Linux IPMASQ
In-Reply-To: <38C586FC.97EC4B35@uui-alaska.com>
Message-ID: <Pine.LNX.4.10.10003071510281.26584-100000@armadillo.wink.com>

On Tue, 7 Mar 2000, Jason Jeremias wrote:

> Okay I tested a PoPToP machine and everything worked so I'm assuming the
> problem I'm having today is I'm going through Linux IPMASQ firewall to
> connect to it. Looks like this:
> 
> 
>  ----                 --------------                              
> --------
> | me |  -----------  | Linux IPMASQ | ----------Internet--------- |
> PoPToP |
>  ----                 --------------                              
> --------
> 
> So the question is what do I need to do on the Linux IPMASQ box to get
> this working?  I'm assuming I need to make it forward some ports back
> and forth.  Any hints?
> 
> Thanks Again.

easy solution is to run PoPToP on the IPMASQ box itself.  Works for me,
and you don't have to worry about forwarding ports and such.  And it
eliminates the need for another box to handle the PPTP serving.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From sergio at omnitracs.com.mx  Tue Mar  7 17:24:30 2000
From: sergio at omnitracs.com.mx (Sergio Dominguez)
Date: Tue Mar  7 17:24:30 2000
Subject: [pptp-server] LINUX PPTPD VS NT PPTP
Message-ID: <38C58E3F.A16A6775@omnitracs.com.mx>

Hi:

 I have a working PPTP server with Linux. I was told to do
VPN with PPTP at my work and I did it with LInux, simply cause
I didnt want to get into problems with NT.

  Thing is, now my boss is asking pros and cons about using
Linux instead of NT for PPTP, so I dont know ir for sure.

 I know the big pros about Linux as an OS ( thats why I used
it in the first place ) but what I want is a more precise list
of pros in the PPTP server area.

 the first thing that comes to my mind is that an NT server
can handles only three PPTP processes at atime, is it right?

 TIA for your comments.





From knup at home.com  Tue Mar  7 17:38:53 2000
From: knup at home.com (knup)
Date: Tue Mar  7 17:38:53 2000
Subject: [pptp-server] Lots of Concurrent PPP interfaces
References: <005b01bf8888$6425ec80$fd01fb0a@harmonic.com>
Message-ID: <001601bf888e$08e7b640$071c0fc0@lala.net>

i forget where it is, but early on there was a bit of discussinon about what
was needed to run poptop with ~2048 connections.. search the first few
months of the archives.

the pppd numbering thing is just another #define i think

Kevin

----- Original Message -----
From: Stan A. Rogge <stan at rogge.net>
To: poptop <pptp-server at lists.schulte.org>
Sent: Tuesday, March 07, 2000 2:56 PM
Subject: [pptp-server] Lots of Concurrent PPP interfaces


> Anyone out there ever configured a server for quite a lot of concurrent
> VPNs?
>
> I have managed to get 100 concurrent connections, but pppd will not build
an
> interface beyond ppp99.
>
> I get this error:
>
> kernel: ppp: dev_alloc_name failed (-23)
> kernel: ppp: ppp_alloc failed
> pppd[1722]: ioctl(TIOCSETD): Too many open files in system(23)
>
>
> I have already adjusted a few things in the kernel, like:
>
> netlink.h    MAX_LINKS    2048
> limits.h    NR_OPEN    2048
> limits.h    OPEN_MAx    1024
> tty.h    MAX_NR_CONSOLES    2047
>
> In the kernel's .config I have:
>
> CONFIG_UNIX98_PTYS=y
> CONFIG_UNIX98_PTY_COUNT=2048
>
> I am using linux-2.2.13 with ppp-2.3.8 with the microsoft patches for
their
> gay encryption.  My setup works ok.  Been using it all for quite a while
for
> both PPTP and SSH VPNs, at least thats my story.
>
> My last assigned device to pppd was pts/100.  I have 235 processes on the
> box.
>
> My target is to see how many concurrent PPP interfaces can be achieved
> concurrently.  I want around 1300 or so, but am stuck with PPP0 - PPP99.
>
> If anyone has been here before, please share your wisdom.  I really have
not
> seen any info on this in the traditional documentation.  I have look
around
> at some of the code for PPP, but do not see this particular limit.  I fear
> it may be ioctl stuff.
>
> Thanks in advance.
>
>
>
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>





From sstone at taos.com  Tue Mar  7 17:47:08 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar  7 17:47:08 2000
Subject: [pptp-server] LINUX
In-Reply-To: <PCEPICDJFEBDKGIGCBIIOEKCCBAA.rpm@interworxconsulting.com>
Message-ID: <Pine.LNX.4.10.10003071545240.26584-100000@armadillo.wink.com>

On Tue, 7 Mar 2000, Ryan Matijcio wrote:

> 
> Hi Alan,
> 
> One problem I can see with a Linux pptp server in a large NT enviroment is
> account management.  I can see it being a real nightmare maintaining the
> chap-secrets file (the one that maintains the username and password for the
> vpn accounts.)  As far as I've read there is nothing to handle this.  In NT
> you can easily just turn PPTP on or off for an account in user manager.

that's a good point, though -- I wonder how hard it would be to patch pppd
to use the system's getpasswd() functions instead of reading chap-secrets?
ie, compare the inputted password from the client with the system password
table instead of having it separate..?  

Probably not THAT difficult, I'd think, but who knows.  Maybe I'll try it
sometime..

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From nmeyers at javalinux.net  Tue Mar  7 18:17:32 2000
From: nmeyers at javalinux.net (Nathan Meyers)
Date: Tue Mar  7 18:17:32 2000
Subject: [pptp-server] LINUX
In-Reply-To: <Pine.LNX.4.10.10003071545240.26584-100000@armadillo.wink.com>; from Scott M. Stone on Tue, Mar 07, 2000 at 03:46:23PM -0800
References: <PCEPICDJFEBDKGIGCBIIOEKCCBAA.rpm@interworxconsulting.com> <Pine.LNX.4.10.10003071545240.26584-100000@armadillo.wink.com>
Message-ID: <20000307161712.A20594@javalinux.net>

On Tue, Mar 07, 2000 at 03:46:23PM -0800, Scott M. Stone wrote:
> On Tue, 7 Mar 2000, Ryan Matijcio wrote:
> 
> > 
> > Hi Alan,
> > 
> > One problem I can see with a Linux pptp server in a large NT enviroment is
> > account management.  I can see it being a real nightmare maintaining the
> > chap-secrets file (the one that maintains the username and password for the
> > vpn accounts.)  As far as I've read there is nothing to handle this.  In NT
> > you can easily just turn PPTP on or off for an account in user manager.
> 
> that's a good point, though -- I wonder how hard it would be to patch pppd
> to use the system's getpasswd() functions instead of reading chap-secrets?
> ie, compare the inputted password from the client with the system password
> table instead of having it separate..?  

Not hard at all, but it won't work the way you hope.

It's the nature of the CHAP protocol to use the same secret on both
ends of the connection, without ever sending the secret in any form
(encrypted or otherwise). So both ends must know the same string. If
all it knows on the server end is the encrypted text it retrieves from
getpasswd() call, that's the "password" you must use from the client
side - not the user's real password.

Nathan

> 
> Probably not THAT difficult, I'd think, but who knows.  Maybe I'll try it
> sometime..
> 
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company 
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!



From rpm at interworxconsulting.com  Tue Mar  7 21:46:44 2000
From: rpm at interworxconsulting.com (Ryan Matijcio)
Date: Tue Mar  7 21:46:44 2000
Subject: [pptp-server] pptpd and Encryption
Message-ID: <PCEPICDJFEBDKGIGCBIICEKFCBAA.rpm@interworxconsulting.com>

Whats required to get pptpd and a Windows 2000 client to do an encrypted
pptp session?  I got my pptpd server working, and the Windows 2000 box seems
to connect fine when set to optional encyrption.  When I set it to connect
only if there is encyrption it doesn't work.  ie.  2000 disconnects because
it can't establish an excrypted session with the pptpd server.  I'm running
pppd 2.3.10 from the Redhat 6.1 installation.

Cheers,
Ryan P. Matijcio
Interworx Consulting Corporation
rpm at interworxconsulting.com
416-832-1538





From knup at home.com  Wed Mar  8 01:03:11 2000
From: knup at home.com (knup)
Date: Wed Mar  8 01:03:11 2000
Subject: [pptp-server] pptpd and Encryption
References: <PCEPICDJFEBDKGIGCBIICEKFCBAA.rpm@interworxconsulting.com>
Message-ID: <001201bf88cc$1eb75320$071c0fc0@lala.net>

there is a patch for pppd and the kernel to enable encryption
read more on the poptop website
Kevin
----- Original Message -----
From: Ryan Matijcio <rpm at interworxconsulting.com>
To: <pptp-server at lists.schulte.org>
Sent: Tuesday, March 07, 2000 7:43 PM
Subject: [pptp-server] pptpd and Encryption


>
> Whats required to get pptpd and a Windows 2000 client to do an encrypted
> pptp session?  I got my pptpd server working, and the Windows 2000 box
seems
> to connect fine when set to optional encyrption.  When I set it to connect
> only if there is encyrption it doesn't work.  ie.  2000 disconnects
because
> it can't establish an excrypted session with the pptpd server.  I'm
running
> pppd 2.3.10 from the Redhat 6.1 installation.
>
> Cheers,
> Ryan P. Matijcio
> Interworx Consulting Corporation
> rpm at interworxconsulting.com
> 416-832-1538
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>





From schoepf at uni-mainz.de  Wed Mar  8 02:34:09 2000
From: schoepf at uni-mainz.de (Rainer Schoepf)
Date: Wed Mar  8 02:34:09 2000
Subject: [pptp-server] LINUX PPTPD VS NT PPTP
In-Reply-To: <38C58E3F.A16A6775@omnitracs.com.mx>
References: <38C58E3F.A16A6775@omnitracs.com.mx>
Message-ID: <14534.4217.357127.21218@perdita.zdv.Uni-Mainz.DE>

Sergio Dominguez writes:

 >   Thing is, now my boss is asking pros and cons about using
 > Linux instead of NT for PPTP, so I dont know ir for sure.

One Pro for NT that might or might not be relevant: you can
authenticate against the NT domain controller. 

If Linux PPTP could do that it would be perfect. Unfortunately, it's
nontrivial to implement, especially with MS-CHAPv2.

-- 
   Rainer Sch?pf
   Zentrum f?r Datenverarbeitung           A point of view can be a dangerous
    der Universit?t Mainz                  luxury when substituted for insight
   Anselm-Franz-von-Bentzel-Weg 12         and understanding.
   D-55099 Mainz
   Germany                                  Herbert Marshall McLuhan:
   <Schoepf at Uni-Mainz.DE>                          The Gutenberg Galaxy



From david at solutionsfirst.net  Wed Mar  8 03:23:29 2000
From: david at solutionsfirst.net (David Kempe)
Date: Wed Mar  8 03:23:29 2000
Subject: [pptp-server] LINUX
In-Reply-To: <20000307161712.A20594@javalinux.net>
Message-ID: <EFELIGDMJHPMFJFIFPIGAEDICEAA.david@solutionsfirst.net>

The way we have solved this problem is to develop an intranet web page and
you can add people to the bottom of the chap secrets file using some special
scripting and apache..
You can develop of whole user interface.
The other option is to work with webmi or something like that..Im going to
start working on a plugin for webmin that allows pptp user management.
(www.webmin.com)

dave

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Nathan Meyers
Sent: Wednesday, 8 March 2000 11:17 AM
To: Scott M. Stone; Ryan Matijcio
Cc: Alan Ross; pptp-server at lists.schulte.org
Subject: Re: [pptp-server] LINUX


On Tue, Mar 07, 2000 at 03:46:23PM -0800, Scott M. Stone wrote:
> On Tue, 7 Mar 2000, Ryan Matijcio wrote:
>
> >
> > Hi Alan,
> >
> > One problem I can see with a Linux pptp server in a large NT enviroment
is
> > account management.  I can see it being a real nightmare maintaining the
> > chap-secrets file (the one that maintains the username and password for
the
> > vpn accounts.)  As far as I've read there is nothing to handle this.  In
NT
> > you can easily just turn PPTP on or off for an account in user manager.
>
> that's a good point, though -- I wonder how hard it would be to patch pppd
> to use the system's getpasswd() functions instead of reading chap-secrets?
> ie, compare the inputted password from the client with the system password
> table instead of having it separate..?

Not hard at all, but it won't work the way you hope.

It's the nature of the CHAP protocol to use the same secret on both
ends of the connection, without ever sending the secret in any form
(encrypted or otherwise). So both ends must know the same string. If
all it knows on the server end is the encrypted text it retrieves from
getpasswd() call, that's the "password" you must use from the client
side - not the user's real password.

Nathan

>
> Probably not THAT difficult, I'd think, but who knows.  Maybe I'll try it
> sometime..
>
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!




From yan at cardinalengineering.com  Wed Mar  8 05:02:47 2000
From: yan at cardinalengineering.com (Yan Seiner)
Date: Wed Mar  8 05:02:47 2000
Subject: [pptp-server] LINUX
References: <PCEPICDJFEBDKGIGCBIIOEKCCBAA.rpm@interworxconsulting.com>
Message-ID: <38C6336E.19B9CE65@cardinalengineering.com>

See inline...

Ryan Matijcio wrote:
> 
> Hi Alan,
> 
> One problem I can see with a Linux pptp server in a large NT enviroment is
> account management.  I can see it being a real nightmare maintaining the
> chap-secrets file (the one that maintains the username and password for the
> vpn accounts.)  As far as I've read there is nothing to handle this.  In NT
> you can easily just turn PPTP on or off for an account in user manager.

Actually, you _may_ be able to work around this via a combination of
samba and pptp.  Use a single secret for everyone and make sure it's not
a valid user account, then control access to the linux shares via user
accounts.  The user accounts can be provided by an NT server.

You'd still have old employees being able to connect to the server, but
nnot actually connect to anything once there.

Periodically change the secret...

Just a random thought.

--Yan

> 
> However for my own purposes I really like what I've seen so far with Linux
> and pptpd.  I'd urge you to take a look.  (This comming from an MCSE too!
> :-)
> 
> Ryan P. Matijcio
> Interworx Consulting Corporation
> rpm at interworxconsulting.com
> 416-832-1538
> 
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Alan Ross
> Sent: Tuesday, March 07, 2000 5:36 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] LINUX
> 
> It appears I am on the wrong list (blush).  This is a dedicated Linux list ?
> Does anyone know of a Windows NT list.    Is Linux easier to configure then
> NT ?  Also are you able to configure a Linux pptp gateway so that it can
> forward ip packets to an NT file server ?
> 
> Alan,
> http://compchat.com
> compchat at exo.com
> compchat at home.com
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!



From yan at cardinalengineering.com  Wed Mar  8 05:09:17 2000
From: yan at cardinalengineering.com (Yan Seiner)
Date: Wed Mar  8 05:09:17 2000
Subject: [pptp-server] LINUX PPTPD VS NT PPTP
References: <38C58E3F.A16A6775@omnitracs.com.mx>
Message-ID: <38C634ED.E0CF2745@cardinalengineering.com>

See inline.

Sergio Dominguez wrote:
> 
> Hi:
> 
>  I have a working PPTP server with Linux. I was told to do
> VPN with PPTP at my work and I did it with LInux, simply cause
> I didnt want to get into problems with NT.
> 
>   Thing is, now my boss is asking pros and cons about using
> Linux instead of NT for PPTP, so I dont know ir for sure.
> 
>  I know the big pros about Linux as an OS ( thats why I used
> it in the first place ) but what I want is a more precise list
> of pros in the PPTP server area.
> 

Pros:  	more stable than NT RAS (I have had absolutely horrible luck
with RAS)
	Easier to administer remotely (I have diagnosed a network failure from
half a world away on a borrowed computer)
	Rock reliable once configured

Cons:	Takes a while to get configured (NT is quicker out of the box)
	NT account management is more integrated (but see my response to
another thread)

>  the first thing that comes to my mind is that an NT server
> can handles only three PPTP processes at atime, is it right?
> 

Actually, it will handle as many as you configure AFAIK.  There may be
some resource starvation with RAS, though.  RAS is the most buggy piece
of commercial software I have ever encoutered.

--Yan

>  TIA for your comments.
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!



From sgodsell at comsrvinc.com  Wed Mar  8 05:34:00 2000
From: sgodsell at comsrvinc.com (Sean Godsell)
Date: Wed Mar  8 05:34:00 2000
Subject: [pptp-server] LINUX PPTPD VS NT PPTP
References: <38C58E3F.A16A6775@omnitracs.com.mx> <38C634ED.E0CF2745@cardinalengineering.com>
Message-ID: <38C63960.EC41AC5F@comsrvinc.com>

Hello Yan,

One major pro/con is the price difference, and total control when using linux!
With NT who really know's what is going on underneth the covers of NT.

Also I am attaching a few script commands that might help you.

Good Luck, and have fun!!!

Sean Godsell    sgodsell at comsrvinc.com

Yan Seiner wrote:

> See inline.
>
> Sergio Dominguez wrote:
> >
> > Hi:
> >
> >  I have a working PPTP server with Linux. I was told to do
> > VPN with PPTP at my work and I did it with LInux, simply cause
> > I didnt want to get into problems with NT.
> >
> >   Thing is, now my boss is asking pros and cons about using
> > Linux instead of NT for PPTP, so I dont know ir for sure.
> >
> >  I know the big pros about Linux as an OS ( thats why I used
> > it in the first place ) but what I want is a more precise list
> > of pros in the PPTP server area.
> >
>
> Pros:   more stable than NT RAS (I have had absolutely horrible luck
> with RAS)
>         Easier to administer remotely (I have diagnosed a network failure from
> half a world away on a borrowed computer)
>         Rock reliable once configured
>
> Cons:   Takes a while to get configured (NT is quicker out of the box)
>         NT account management is more integrated (but see my response to
> another thread)
>
> >  the first thing that comes to my mind is that an NT server
> > can handles only three PPTP processes at atime, is it right?
> >
>
> Actually, it will handle as many as you configure AFAIK.  There may be
> some resource starvation with RAS, though.  RAS is the most buggy piece
> of commercial software I have ever encoutered.
>
> --Yan
>
> >  TIA for your comments.
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vpnlist
Type: application/octet-stream
Size: 139 bytes
Desc: not available
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000308/2322c0c8/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vpnpasswd
Type: application/octet-stream
Size: 548 bytes
Desc: not available
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000308/2322c0c8/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vpnuseradd
Type: application/octet-stream
Size: 222 bytes
Desc: not available
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000308/2322c0c8/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vpnuserdel
Type: application/octet-stream
Size: 497 bytes
Desc: not available
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000308/2322c0c8/attachment-0003.obj>

From stan at rogge.net  Wed Mar  8 06:52:12 2000
From: stan at rogge.net (Stan A. Rogge)
Date: Wed Mar  8 06:52:12 2000
Subject: [pptp-server] Lots of Concurrent PPP interfaces
References: <005b01bf8888$6425ec80$fd01fb0a@harmonic.com> <001601bf888e$08e7b640$071c0fc0@lala.net>
Message-ID: <004c01bf88fc$7dcd35c0$fd01fb0a@harmonic.com>

Yes I saw the discussion in the June 1999 archives.  The 100 limit is the
dev_alloc_name () found in /usr/src/linux/net/core/dev.c

It was hardcoded to 100.  The other limits are apparently straight forward.

Thanks for the point.

----- Original Message -----
From: "knup" <knup at home.com>
To: "poptop" <pptp-server at lists.schulte.org>
Sent: Tuesday, March 07, 2000 5:37 PM
Subject: Re: [pptp-server] Lots of Concurrent PPP interfaces


| i forget where it is, but early on there was a bit of discussinon about
what
| was needed to run poptop with ~2048 connections.. search the first few
| months of the archives.
|
| the pppd numbering thing is just another #define i think
|
| Kevin
|
| ----- Original Message -----
| From: Stan A. Rogge <stan at rogge.net>
| To: poptop <pptp-server at lists.schulte.org>
| Sent: Tuesday, March 07, 2000 2:56 PM
| Subject: [pptp-server] Lots of Concurrent PPP interfaces
|
|
| > Anyone out there ever configured a server for quite a lot of concurrent
| > VPNs?
| >
| > I have managed to get 100 concurrent connections, but pppd will not
build
| an
| > interface beyond ppp99.
| >
| > I get this error:
| >
| > kernel: ppp: dev_alloc_name failed (-23)
| > kernel: ppp: ppp_alloc failed
| > pppd[1722]: ioctl(TIOCSETD): Too many open files in system(23)
| >
| >
| > I have already adjusted a few things in the kernel, like:
| >
| > netlink.h    MAX_LINKS    2048
| > limits.h    NR_OPEN    2048
| > limits.h    OPEN_MAx    1024
| > tty.h    MAX_NR_CONSOLES    2047
| >
| > In the kernel's .config I have:
| >
| > CONFIG_UNIX98_PTYS=y
| > CONFIG_UNIX98_PTY_COUNT=2048
| >
| > I am using linux-2.2.13 with ppp-2.3.8 with the microsoft patches for
| their
| > gay encryption.  My setup works ok.  Been using it all for quite a while
| for
| > both PPTP and SSH VPNs, at least thats my story.
| >
| > My last assigned device to pppd was pts/100.  I have 235 processes on
the
| > box.
| >
| > My target is to see how many concurrent PPP interfaces can be achieved
| > concurrently.  I want around 1300 or so, but am stuck with PPP0 - PPP99.
| >
| > If anyone has been here before, please share your wisdom.  I really have
| not
| > seen any info on this in the traditional documentation.  I have look
| around
| > at some of the code for PPP, but do not see this particular limit.  I
fear
| > it may be ioctl stuff.
| >
| > Thanks in advance.
| >
| >
| >
| >
| >
| >
| > _______________________________________________
| > pptp-server maillist  -  pptp-server at lists.schulte.org
| > http://lists.schulte.org/mailman/listinfo/pptp-server
| > List services provided by www.schulte.org!
| >
|
|
|
| _______________________________________________
| pptp-server maillist  -  pptp-server at lists.schulte.org
| http://lists.schulte.org/mailman/listinfo/pptp-server
| List services provided by www.schulte.org!
|




From natecars at real-time.com  Wed Mar  8 09:33:26 2000
From: natecars at real-time.com (Nate Carlson)
Date: Wed Mar  8 09:33:26 2000
Subject: [pptp-server] pptpd and Encryption
In-Reply-To: <PCEPICDJFEBDKGIGCBIICEKFCBAA.rpm@interworxconsulting.com>
Message-ID: <Pine.LNX.4.10.10003080932290.15352-100000@enchanter.real-time.com>

On Tue, 7 Mar 2000, Ryan Matijcio wrote:
> Whats required to get pptpd and a Windows 2000 client to do an encrypted
> pptp session?  I got my pptpd server working, and the Windows 2000 box seems
> to connect fine when set to optional encyrption.  When I set it to connect
> only if there is encyrption it doesn't work.  ie.  2000 disconnects because
> it can't establish an excrypted session with the pptpd server.  I'm running
> pppd 2.3.10 from the Redhat 6.1 installation.

Have you tested against win95/98 to make sure your kernel is patched
properly for ppp encryption? I've been using win2k clients for the last
few months, never had a problem requiring encryption..

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From natecars at real-time.com  Wed Mar  8 10:18:15 2000
From: natecars at real-time.com (Nate Carlson)
Date: Wed Mar  8 10:18:15 2000
Subject: [pptp-server] Maximum PPTP Connections?
Message-ID: <Pine.LNX.4.10.10003081017010.15352-100000@enchanter.real-time.com>

One of our clients is looking at a very high-load pptp server, and we are
wondering what the maximum (safe) number of simultaneous PPTP connections
would be on a dual-p3/700 with 1gb of memory.. I know we have to do some
kernel patches to support > 100 users, but assuming we do those patches,
would it be safe to have say 150 simultaneous users? Thanks!

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From sstone at taos.com  Wed Mar  8 10:22:15 2000
From: sstone at taos.com (Scott M. Stone)
Date: Wed Mar  8 10:22:15 2000
Subject: [pptp-server] pptpd and Encryption
In-Reply-To: <PCEPICDJFEBDKGIGCBIICEKFCBAA.rpm@interworxconsulting.com>
Message-ID: <Pine.LNX.4.10.10003080820480.26584-100000@armadillo.wink.com>

On Tue, 7 Mar 2000, Ryan Matijcio wrote:

> 
> Whats required to get pptpd and a Windows 2000 client to do an encrypted
> pptp session?  I got my pptpd server working, and the Windows 2000 box seems
> to connect fine when set to optional encyrption.  When I set it to connect
> only if there is encyrption it doesn't work.  ie.  2000 disconnects because
> it can't establish an excrypted session with the pptpd server.  I'm running
> pppd 2.3.10 from the Redhat 6.1 installation.

you have to patch pppd for encryption, see the poptop homepage...

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From johnny at booksys.com  Wed Mar  8 10:58:19 2000
From: johnny at booksys.com (Johnny L Wales)
Date: Wed Mar  8 10:58:19 2000
Subject: [pptp-server] LINUX
In-Reply-To: <Pine.LNX.4.10.10003071545240.26584-100000@armadillo.wink.com>
Message-ID: <Pine.LNX.4.10.10003081002400.22360-100000@mail.booksys.com>

This would be quite good, to be sure. My boss was just asking me this
morning about how we could do this and I told him I didn't think it was
possible without digging into the pptpd and pppd code. Which, of course,
he doesn't want to do. I'd really like to see something like this, wherein
users don't have to remember a third password (one for their email, one
for the NT network, and now one for a VPN (and some even have SOCKS5
passwords to remember as well!))

Also, this would provide the extra security of having the passwords
crypted in case of a root compromise.

--Me

On Tue, 7 Mar 2000, Scott M. Stone wrote:

> On Tue, 7 Mar 2000, Ryan Matijcio wrote:
> 
> > 
> > Hi Alan,
> > 
> > One problem I can see with a Linux pptp server in a large NT enviroment is
> > account management.  I can see it being a real nightmare maintaining the
> > chap-secrets file (the one that maintains the username and password for the
> > vpn accounts.)  As far as I've read there is nothing to handle this.  In NT
> > you can easily just turn PPTP on or off for an account in user manager.
> 
> that's a good point, though -- I wonder how hard it would be to patch pppd
> to use the system's getpasswd() functions instead of reading chap-secrets?
> ie, compare the inputted password from the client with the system password
> table instead of having it separate..?  
> 
> Probably not THAT difficult, I'd think, but who knows.  Maybe I'll try it
> sometime..
> 
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company 
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 




From joe at nall.com  Wed Mar  8 10:58:47 2000
From: joe at nall.com (Joe Nall)
Date: Wed Mar  8 10:58:47 2000
Subject: [pptp-server] BSD & encryption
Message-ID: <38C685D7.50B01F5F@nall.com>

Anyone get PoPToP to work with encryption on OpenBSD or FreeBSD?
joe



From johnny at booksys.com  Wed Mar  8 11:09:35 2000
From: johnny at booksys.com (Johnny L Wales)
Date: Wed Mar  8 11:09:35 2000
Subject: [pptp-server] Maximum PPTP Connections?
In-Reply-To: <Pine.LNX.4.10.10003081017010.15352-100000@enchanter.real-time.com>
Message-ID: <Pine.LNX.4.10.10003081010410.22360-100000@mail.booksys.com>

I'm no true guru on this sort of thing to be sure, but I'll tell you what
I do know:

A company I used to work for (and still do contract stuff for from time to
time) got themselves a set of shiny new servers. These 3 machines are
single-P3-Xeon-600's with 500M of RAM in them. They're used as web
servers. The kernels have been modified to handle the unbelievable amount
of load placed on them. Before a pseudo-merger with Snap.com, we were
rated as high as the 25th most popular site in the world. Lots of traffic.
About 1/3 that of MP3.com in bandwidth, about 1/20 of Yahoo in pageviews
(Which is a lot, believe me. :)

At any rate, these machines are routinely handling several thousand open
descriptors with no problem. The kernel is modified to allow 2048
children, and 2048 descriptors-per-process, and nothing seems to have
blown up yet (4 months of uptime...), so I suppose it's safe enough. And,
we have half the power of the unholy beast you're talking about building.
Plus, we're just doing web and mail serving, which is relatively complex
(at a processor level) compared to pptp connections (far as I know,
anyway).

--Me

On Wed, 8 Mar 2000, Nate Carlson wrote:

> One of our clients is looking at a very high-load pptp server, and we are
> wondering what the maximum (safe) number of simultaneous PPTP connections
> would be on a dual-p3/700 with 1gb of memory.. I know we have to do some
> kernel patches to support > 100 users, but assuming we do those patches,
> would it be safe to have say 150 simultaneous users? Thanks!
> 
> -- 
> Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
> http://www.real-time.com                | Fax   : (612)943-8500
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 




From natecars at real-time.com  Wed Mar  8 11:16:16 2000
From: natecars at real-time.com (Nate Carlson)
Date: Wed Mar  8 11:16:16 2000
Subject: [pptp-server] Maximum PPTP Connections?
In-Reply-To: <Pine.LNX.4.10.10003081010410.22360-100000@mail.booksys.com>
Message-ID: <Pine.LNX.4.10.10003081115120.15352-100000@enchanter.real-time.com>

On Wed, 8 Mar 2000, Johnny L Wales wrote:
> At any rate, these machines are routinely handling several thousand open
> descriptors with no problem. The kernel is modified to allow 2048
> children, and 2048 descriptors-per-process, and nothing seems to have
> blown up yet (4 months of uptime...), so I suppose it's safe enough. And,
> we have half the power of the unholy beast you're talking about building.
> Plus, we're just doing web and mail serving, which is relatively complex
> (at a processor level) compared to pptp connections (far as I know,
> anyway).

Thing I'm worried about is the load encryption for large amounts of
traffic would place on the CPU.. or is this minimal?

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From johnny at booksys.com  Wed Mar  8 12:44:48 2000
From: johnny at booksys.com (Johnny L Wales)
Date: Wed Mar  8 12:44:48 2000
Subject: [pptp-server] Maximum PPTP Connections?
In-Reply-To: <Pine.LNX.4.10.10003081115120.15352-100000@enchanter.real-time.com>
Message-ID: <Pine.LNX.4.10.10003081148550.24390-100000@mail.booksys.com>

> Thing I'm worried about is the load encryption for large amounts of
> traffic would place on the CPU.. or is this minimal?

Hmm. That's a good question and one which I am sadly underqualified to
answer. Sorry to say I know little-to-nothing about the actual type of
encryption used or how processor-intensive it is. So, I'll leave it to the
gurus on the list to answer this one: How much processing power does it
take to properly encrypt and decrypt 1 packet which is being transferred
across a VPN?

Then, take that number, multiply by 10,000 and if it sounds like you can
handle that, you'll probably be able to handle your real world situation
well. Heh. I suppose a better question for the gurus would be 'How many
CPU seconds would it take to encrypt/decrypt 10,000 more-or-less standard
sized packets?'

--Me




From rpm at interworxconsulting.com  Wed Mar  8 12:54:01 2000
From: rpm at interworxconsulting.com (Ryan Matijcio)
Date: Wed Mar  8 12:54:01 2000
Subject: [pptp-server] LINUX
In-Reply-To: <38C6336E.19B9CE65@cardinalengineering.com>
Message-ID: <PCEPICDJFEBDKGIGCBIIMEKICBAA.rpm@interworxconsulting.com>

This may be true.  However, depending how how serious a Microsoft shop this
is I would be careful about hacking solutions togeather.  Many shops
migrating to Win2k will be looking at an Cisco/Microsoft solution  and you
may find yourself retuning everything over and over again.

My 2 cents worth anyways.

Ryan P. Matijcio
Interworx Consulting Corporation
rpm at interworxconsulting.com
416-832-1538

-----Original Message-----
From: Yan Seiner [mailto:yan at cardinalengineering.com]
Sent: Wednesday, March 08, 2000 6:03 AM
To: Ryan Matijcio
Cc: Alan Ross; pptp-server at lists.schulte.org
Subject: Re: [pptp-server] LINUX


See inline...

Ryan Matijcio wrote:
>
> Hi Alan,
>
> One problem I can see with a Linux pptp server in a large NT enviroment is
> account management.  I can see it being a real nightmare maintaining the
> chap-secrets file (the one that maintains the username and password for
the
> vpn accounts.)  As far as I've read there is nothing to handle this.  In
NT
> you can easily just turn PPTP on or off for an account in user manager.

Actually, you _may_ be able to work around this via a combination of
samba and pptp.  Use a single secret for everyone and make sure it's not
a valid user account, then control access to the linux shares via user
accounts.  The user accounts can be provided by an NT server.

You'd still have old employees being able to connect to the server, but
nnot actually connect to anything once there.

Periodically change the secret...

Just a random thought.

--Yan

>
> However for my own purposes I really like what I've seen so far with Linux
> and pptpd.  I'd urge you to take a look.  (This comming from an MCSE too!
> :-)
>
> Ryan P. Matijcio
> Interworx Consulting Corporation
> rpm at interworxconsulting.com
> 416-832-1538
>
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Alan Ross
> Sent: Tuesday, March 07, 2000 5:36 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] LINUX
>
> It appears I am on the wrong list (blush).  This is a dedicated Linux list
?
> Does anyone know of a Windows NT list.    Is Linux easier to configure
then
> NT ?  Also are you able to configure a Linux pptp gateway so that it can
> forward ip packets to an NT file server ?
>
> Alan,
> http://compchat.com
> compchat at exo.com
> compchat at home.com
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!





From yan at cardinalengineering.com  Wed Mar  8 13:25:13 2000
From: yan at cardinalengineering.com (Yan Seiner)
Date: Wed Mar  8 13:25:13 2000
Subject: [pptp-server] LINUX
References: <PCEPICDJFEBDKGIGCBIIMEKICBAA.rpm@interworxconsulting.com>
Message-ID: <38C6AA93.951B23B4@cardinalengineering.com>

True.  Samba is in a state of flux, and MS is not very open about its
networking.  They have been known to intentionally break samba with
service packs for NT....

That being said, I've been running samba for well over a year now with a
mix of NT, 95, and 98 clients and have had no problems at all, so for me
at least it's stable...  I had samba acting as a domain server at one
point with no problems.  I have not tried W2k.  YMMV.

--Yan

Ryan Matijcio wrote:
> 
> This may be true.  However, depending how how serious a Microsoft shop this
> is I would be careful about hacking solutions togeather.  Many shops
> migrating to Win2k will be looking at an Cisco/Microsoft solution  and you
> may find yourself retuning everything over and over again.
> 
> My 2 cents worth anyways.
> 
> Ryan P. Matijcio
> Interworx Consulting Corporation
> rpm at interworxconsulting.com
> 416-832-1538
> 
-- 

Think different
	ride a recumbent
		use Linux.



From gbowers at itrus.net  Wed Mar  8 15:27:47 2000
From: gbowers at itrus.net (Gary Bowers)
Date: Wed Mar  8 15:27:47 2000
Subject: [pptp-server] Can't ping the local LAN
Message-ID: <NDBBIFMMCODKHNMIGAKAIECGCAAA.gbowers@itrus.net>

OK

I have read all that I can, and now I need some help.

I have got poptop configured, and I can make a connection, but I cannot ping
past the poptop server.

I have tried so many different combinations now, that I could not give you
an accurate picture of my environment.

I have turned on proxyarp, and i have made the remore and localIPs to be on
my local lan.  I still get request timed out when trying to ping.

Tell me what you need to help me, and its yours.

Thanks in advance,

Gary

Gary Bowers
Itrus Technologies Inc.
AIX,HACMP, SP, ADSM Consultant
(972) 365-4962
gbowers at itrus.net




From sstone at taos.com  Wed Mar  8 15:47:06 2000
From: sstone at taos.com (Scott M. Stone)
Date: Wed Mar  8 15:47:06 2000
Subject: [pptp-server] LINUX
In-Reply-To: <PCEPICDJFEBDKGIGCBIIMEKICBAA.rpm@interworxconsulting.com>
Message-ID: <Pine.LNX.4.10.10003081345370.26584-100000@armadillo.wink.com>

On Wed, 8 Mar 2000, Ryan Matijcio wrote:

> 
> This may be true.  However, depending how how serious a Microsoft shop this
> is I would be careful about hacking solutions togeather.  Many shops
> migrating to Win2k will be looking at an Cisco/Microsoft solution  and you
> may find yourself retuning everything over and over again.

If you're doing that, then get an ipsec-3des feature pack for the Cisco
router(s), and have your VPN clients use Win2k's built-in ipsec support... 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From sstone at taos.com  Wed Mar  8 16:01:11 2000
From: sstone at taos.com (Scott M. Stone)
Date: Wed Mar  8 16:01:11 2000
Subject: [pptp-server] Can't ping the local LAN
In-Reply-To: <NDBBIFMMCODKHNMIGAKAIECGCAAA.gbowers@itrus.net>
Message-ID: <Pine.LNX.4.10.10003081359270.26584-100000@armadillo.wink.com>

On Wed, 8 Mar 2000, Gary Bowers wrote:

> OK
> 
> I have read all that I can, and now I need some help.
> 
> I have got poptop configured, and I can make a connection, but I cannot ping
> past the poptop server.
> 
> I have tried so many different combinations now, that I could not give you
> an accurate picture of my environment.
> 
> I have turned on proxyarp, and i have made the remore and localIPs to be on
> my local lan.  I still get request timed out when trying to ping.
> 
> Tell me what you need to help me, and its yours.

ok, assuming your local net is 192.168.81.0/24 and your remote side of the
pptp connection is being assigned 192.168.81.101, do:

ipchains -P forward DENY
ipchains -A forward -s 192.168.81.0/24 -d 192.168.81.101 -j ACCEPT
ipchains -A forward -s 192.168.81.101 -d 192.168.81.0/24 -j ACCEPT

see if that helps

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From natecars at real-time.com  Wed Mar  8 16:31:46 2000
From: natecars at real-time.com (Nate Carlson)
Date: Wed Mar  8 16:31:46 2000
Subject: [pptp-server] Can't ping the local LAN
In-Reply-To: <NDBBIFMMCODKHNMIGAKAIECGCAAA.gbowers@itrus.net>
Message-ID: <Pine.LNX.4.10.10003081630380.15352-100000@enchanter.real-time.com>

On Wed, 8 Mar 2000, Gary Bowers wrote:

> OK
> 
> I have read all that I can, and now I need some help.
> 
> I have got poptop configured, and I can make a connection, but I cannot ping
> past the poptop server.
> 
> I have tried so many different combinations now, that I could not give you
> an accurate picture of my environment.
> 
> I have turned on proxyarp, and i have made the remore and localIPs to be on
> my local lan.  I still get request timed out when trying to ping.
> 
> Tell me what you need to help me, and its yours.
> 
> Thanks in advance,
> 
> Gary

Gary,

Do you have ip forwarding enabled?

echo 1 > /proc/sys/net/ipv4/ip_forward
ipchains -P forward ACCEPT

(add real firewall rules later.. just use that for testing.)

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From noel at koethe.net  Wed Mar  8 16:34:00 2000
From: noel at koethe.net (Noel Koethe)
Date: Wed Mar  8 16:34:00 2000
Subject: [pptp-server] LINUX
In-Reply-To: <38C6336E.19B9CE65@cardinalengineering.com>
Message-ID: <Pine.LNX.3.96.1000308232521.16295D-100000@heidi.wipol.uni-bonn.de>

On Wed, 8 Mar 2000, Yan Seiner wrote:

> > One problem I can see with a Linux pptp server in a large NT enviroment is
> > account management.  I can see it being a real nightmare maintaining the
> > chap-secrets file (the one that maintains the username and password for the
> > vpn accounts.)  As far as I've read there is nothing to handle this.  In NT
> > you can easily just turn PPTP on or off for an account in user manager.
> 
> Actually, you _may_ be able to work around this via a combination of
> samba and pptp.  Use a single secret for everyone and make sure it's not
> a valid user account, then control access to the linux shares via user
> accounts.  The user accounts can be provided by an NT server.

It would be great if its will be possible to authenticate against a NT
domain controllers. Are there any plans to insert this?

Maybe these hints can help:
We are using squid on linux and we authenticate the useres with smb_auth
on the proxy:

http://de.eu.mirrors.freshmeat.net/appindex/1999/09/09/936890596.html

Or this one sound also quite good:

http://de.eu.mirrors.freshmeat.net/appindex/1999/03/21/922048570.html
"Authen::Smb allows you to authenticate against NT domain controllers from
a UNIX environment..."

Maybe a more proffessional administrator with PoPToP find a solution and
post it here.

-- 
Noel Koethe
							www.linuxhq.de




From spencer at accbiowa.com  Wed Mar  8 17:51:59 2000
From: spencer at accbiowa.com (Spencer Jr., Michael)
Date: Wed Mar  8 17:51:59 2000
Subject: [pptp-server] Connect to PPTP server though Linux IPMASQ
Message-ID: <17CCCCF307B3D211B08C0080C84B236286896A@ACCBNT01>

Linux IP Masquerade won't route GRE packets without a special kernel module.
Look on www.freshmeat.net ...or wait for someone more knowledgeable than I
to post real info.  :)

--Michael Spencer Jr.
LAN Administrator Trainee
Ameristar Casino Council Bluffs
spencer at accbiowa.com

> -----Original Message-----
> From:	Jason Jeremias [SMTP:jasonj at uui-alaska.com]
> Sent:	Tuesday, March 07, 2000 4:47 PM
> To:	PPTP Mailing List ]
> Subject:	[pptp-server] Connect to PPTP server though Linux IPMASQ
> 
> Okay I tested a PoPToP machine and everything worked so I'm assuming the
> problem I'm having today is I'm going through Linux IPMASQ firewall to
> connect to it. Looks like this:
> 
> 
>  ----                 --------------                              
> --------
> | me |  -----------  | Linux IPMASQ | ----------Internet--------- |
> PoPToP |
>  ----                 --------------                              
> --------
> 
> So the question is what do I need to do on the Linux IPMASQ box to get
> this working?  I'm assuming I need to make it forward some ports back
> and forth.  Any hints?
> 
> Thanks Again.
> 
> -Jason
> -- 
> Great acts are made up of small deeds.
>                 -- Lao Tsu
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!



From spencer at accbiowa.com  Wed Mar  8 17:52:25 2000
From: spencer at accbiowa.com (Spencer Jr., Michael)
Date: Wed Mar  8 17:52:25 2000
Subject: [pptp-server] LINUX
Message-ID: <17CCCCF307B3D211B08C0080C84B2362868969@ACCBNT01>

Note:  I'm a Linux fanatic and think it's the best thing since sliced bread.
However, I'll put my MCSE-wannabe hat on and speak objectively.  Fellow
Linux fanatics, please don't kill me.  :)

Linux and Windows NT are similar, in that they're both very effective server
operating systems.  However, Windows NT is more expensive and easier, while
Linux is less expensive and harder.  Or to put it more accurately, Microsoft
spent a lot of money on 'idiot-proofing' Windows NT, making lots of wizards
and helpers.  You pay for all that convenience, however, with stability
(Windows NT crashes a lot, the busier the machine gets) and price (How much
for a CAL?!!).  Linux is better technology (from a techie standpoint), but
harder to use.  You'll spend a lot of time reading HOWTO's and editing text
files and playing trial-and-error games.  But once something's working, it
WORKS well for a long time.  And since you've put all the effort into
reading the HOWTO, you know how it REALLY works and are no longer dependent
on Microsoft to do things for you.

PPTP:  All I know is this:  I had to set up a VPN server so one of our
vendors could get to vendor-owned servers on our network.  Linux had me
pouring over documentation for about three hours, but now I know a ton about
PPTP.  The PoPToP server works flawlessly and consistently, with no need to
reapply service packs or reinstall RAS services.

Testimonial?  The company was very resistant to using PPTP because they said
they've had nothing but problems.  It's flaky and unreliable, they said.  We
found out that we HAD to do VPN -- there was no other way to do what we
needed to do.  I set up PoPToP on our Linux internet gateway machine, walked
their people through setting up the connection, and they tell me it works
flawlessly and effortlessly.  They asked me for my 'secret' -- how did I get
PPTP to behave?  And I told them about Linux.

--Michael Spencer Jr.
LAN Administrator Trainee
Ameristar Casino Council Bluffs
spencer at accbiowa.com

> -----Original Message-----
> From:	Alan Ross [SMTP:compchat at home.com]
> Sent:	Tuesday, March 07, 2000 4:36 PM
> To:	pptp-server at lists.schulte.org
> Subject:	[pptp-server] LINUX
> 
> It appears I am on the wrong list (blush).  This is a dedicated Linux list
> ?
> Does anyone know of a Windows NT list.    Is Linux easier to configure
> then
> NT ?  Also are you able to configure a Linux pptp gateway so that it can
> forward ip packets to an NT file server ?
> 
> 
> Alan,
> http://compchat.com
> compchat at exo.com
> compchat at home.com
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!



From sstone at taos.com  Wed Mar  8 19:02:10 2000
From: sstone at taos.com (Scott M. Stone)
Date: Wed Mar  8 19:02:10 2000
Subject: [pptp-server] LINUX
In-Reply-To: <17CCCCF307B3D211B08C0080C84B2362868969@ACCBNT01>
Message-ID: <Pine.LNX.4.10.10003081700100.26584-100000@armadillo.wink.com>

On Wed, 8 Mar 2000, Spencer Jr., Michael wrote:

> Note:  I'm a Linux fanatic and think it's the best thing since sliced bread.
> However, I'll put my MCSE-wannabe hat on and speak objectively.  Fellow
> Linux fanatics, please don't kill me.  :)
> 
> Linux and Windows NT are similar, in that they're both very effective server
> operating systems.  However, Windows NT is more expensive and easier, while
> Linux is less expensive and harder.  Or to put it more accurately, Microsoft
> spent a lot of money on 'idiot-proofing' Windows NT, making lots of wizards
> and helpers.  You pay for all that convenience, however, with stability
> (Windows NT crashes a lot, the busier the machine gets) and price (How much
> for a CAL?!!).  Linux is better technology (from a techie standpoint), but
> harder to use.  You'll spend a lot of time reading HOWTO's and editing text
> files and playing trial-and-error games.  But once something's working, it
> WORKS well for a long time.  And since you've put all the effort into
> reading the HOWTO, you know how it REALLY works and are no longer dependent
> on Microsoft to do things for you.

I would disagree only on the 'trial and error' part -- with Linux it's a
lot easier to know exactly how to fix something and go after it.  Windows
isolates you from stuff enough that it almost *must* be done via trial and
error....

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From powell at agande.com  Thu Mar  9 08:20:59 2000
From: powell at agande.com (Eric B Powell)
Date: Thu Mar  9 08:20:59 2000
Subject: [pptp-server] GRE: discarding out of order packet
Message-ID: <Pine.LNX.4.10.10003090858300.30232-100000@Tux.AGandE.com>

Hello All!

Been reading the list for a couple of months while getting our PPTP server
up and running. So far so good, but...One client (Win98) using Mindspring
is generating "GRE: discarding out of order packet" errors out wazoo when
he connects. Three other clinets (all three Win98 on different ISP's
(Quest Internet, Netpath and Bellsouth)) can all successfully connect
without problems. I am inclined to believe the problem is on the one
machine or in Mindsprings set-up. Has anyone encountered anything similar?

The last time the client connected, he reported being able to transmitt
data but that the connection was extremely slow (even though it showed a
conenct speed of 48000kbs). Any thoughts?

A snippet from the log from this connection and the traceroute info for
this connection follows.

TIA

Eric

# Start pptpd.log snippet #

Mar  7 09:40:27 poptop pptpd[11634]: CTRL: Client 165.247.116.251 control
connection started
Mar  7 09:40:27 poptop pptpd[11634]: CTRL: Starting call (launching pppd,
opening GRE)
Mar  7 09:40:29 poptop pppd[11635]: pppd 2.3.8 started by root, uid 0
Mar  7 09:40:29 poptop pppd[11635]: Using interface ppp0
Mar  7 09:40:29 poptop pppd[11635]: Connect: ppp0 <--> /dev/pts/2
Mar  7 09:40:29 poptop pppd[11635]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap 81> <magic 0x8bbdb282> <pcomp> <accomp>]
Mar  7 09:40:31 poptop pppd[11635]: rcvd [LCP ConfReq id=0x1 <asyncmap
0xa0000> <magic 0x44d7d> <pcomp> <accomp> < 0d 03 06>]
Mar  7 09:40:31 poptop pppd[11635]: sent [LCP ConfRej id=0x1 < 0d 03 06>]
Mar  7 09:40:31 poptop pppd[11635]: rcvd [LCP ConfReq id=0x2 <asyncmap
0xa0000> <magic 0x44d7d> <pcomp> <accomp>]
Mar  7 09:40:31 poptop pppd[11635]: sent [LCP ConfAck id=0x2 <asyncmap
0xa0000> <magic 0x44d7d> <pcomp> <accomp>]
Mar  7 09:40:32 poptop pppd[11635]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap 81> <magic 0x8bbdb282> <pcomp> <accomp>]
Mar  7 09:40:32 poptop pppd[11635]: rcvd [LCP ConfNak id=0x1 <auth chap
m$oft> <magic 0x8bbdb282>]
Mar  7 09:40:32 poptop pppd[11635]: sent [LCP ConfReq id=0x2 <asyncmap
0x0> <auth chap m$oft> <magic 0x2191067b> <pcomp> <accomp>]
Mar  7 09:40:33 poptop pppd[11635]: rcvd [LCP ConfAck id=0x2 <asyncmap
0x0> <auth chap m$oft> <magic 0x2191067b> <pcomp> <accomp>]
Mar  7 09:40:33 poptop pppd[11635]: sent [CHAP Challenge id=0x1
<81b5977075950c47>, name = "poptop"]
Mar  7 09:40:33 poptop pppd[11635]: rcvd [CHAP Response id=0x1
<065b8c46c4ee37fb6dde4b2976e9d6fc7ec36e6aa34189d0e3ce224862d560a6a35c53cfd17c4d5b6a7499a0766d258b01>,
name = "XXXXX"]
Mar  7 09:40:33 poptop pppd[11635]: sent [CHAP Success id=0x1 "Welcome to
poptop."]
Mar  7 09:40:33 poptop pppd[11635]: sent [IPCP ConfReq id=0x1 <addr
207.3.16.162> <compress VJ 0f 01>]
Mar  7 09:40:35 poptop modprobe: can't locate module ppp-compress-18
Mar  7 09:40:38 poptop modprobe: can't locate module ppp-compress-18
Mar  7 09:40:38 poptop pppd[11635]: sent [CCP ConfReq id=0x1 <deflate 15>
<deflate(old#) 15> <bsd v1 15>]
Mar  7 09:40:38 poptop pppd[11635]: MSCHAP peer authentication succeeded
for xxxxxx
Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfReq id=0x1 <addr
207.3.16.162> <compress VJ 0f 01>]
Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x1 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 192.168.1.1> <ms-dns3 0.0.0.0>
<ms-wins 0.0.0.0>]
Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfRej id=0x1 <ms-dns1
0.0.0.0> <ms-dns3 0.0.0.0>]
Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x2 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 192.168.1.1> <ms-dns3 0.0.0.0>
<ms-wins 0.0.0.0>]
Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfRej id=0x2 <ms-dns1
0.0.0.0> <ms-dns3 0.0.0.0>]
Mar  7 09:40:38 poptop pppd[11635]: rcvd [LCP ProtRej id=0x3 80 fd 01 01
00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfRej id=0x1 <compress VJ
0f 01>]
Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfReq id=0x2 <addr
207.3.16.162>]
Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x3 <addr
0.0.0.0> <ms-wins 192.168.1.1> <ms-wins 0.0.0.0>]
Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfNak id=0x3 <addr
192.168.1.126> <ms-wins 192.168.1.1>]
Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfAck id=0x2 <addr
207.3.16.162>]
Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x4 <addr
192.168.1.126> <ms-wins 192.168.1.1> <ms-wins 192.168.1.1>]
Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfAck id=0x4 <addr
192.168.1.126> <ms-wins 192.168.1.1> <ms-wins 192.168.1.1>]
Mar  7 09:40:38 poptop pppd[11635]: found interface eth0 for proxy arp
Mar  7 09:40:38 poptop pppd[11635]: local  IP address 207.3.16.162
Mar  7 09:40:38 poptop pppd[11635]: remote IP address 192.168.1.126
Mar  7 09:40:38 poptop pppd[11635]: Script /etc/ppp/ip-up started (pid
11645)
Mar  7 09:40:41 poptop pppd[11635]: Script /etc/ppp/ip-up finished (pid
11645), status = 0x0
Mar  7 09:42:16 poptop pptpd[11634]: GRE: Discarding out of order packet
Mar  7 09:42:53 poptop last message repeated 3 times
Mar  7 09:43:54 poptop last message repeated 7 times
Mar  7 09:44:56 poptop last message repeated 7 times
Mar  7 09:45:58 poptop last message repeated 8 times
Mar  7 09:47:18 poptop last message repeated 10 times
Mar  7 09:48:21 poptop last message repeated 7 times
Mar  7 09:49:29 poptop last message repeated 15 times
Mar  7 09:50:37 poptop last message repeated 9 times
Mar  7 09:51:49 poptop last message repeated 8 times
Mar  7 09:52:50 poptop last message repeated 9 times
Mar  7 09:53:07 poptop last message repeated 5 times
Mar  7 09:53:43 poptop pppd[11635]: rcvd [LCP TermReq id=0x4]
Mar  7 09:53:43 poptop pppd[11635]: LCP terminated by peer
Mar  7 09:53:43 poptop pppd[11635]: Script /etc/ppp/ip-down started (pid
11678)
Mar  7 09:53:43 poptop pppd[11635]: sent [LCP TermAck id=0x4]
Mar  7 09:53:44 poptop pptpd[11634]: CTRL: Error with select(), quitting
Tue Mar  7 09:53:44 EST 2000: ip-down   1:ppp0 2:/dev/pts/2 3:115200
4:207.3.16.162 5:192.168.1.126 6:
Mar  7 09:53:44 poptop pptpd[11634]: CTRL: Client 165.247.116.251 control
connection finished
Mar  7 09:53:44 poptop pppd[11635]: Modem hangup
Mar  7 09:53:44 poptop pppd[11635]: Connection terminated.
Mar  7 09:53:44 poptop pppd[11635]: Connect time 13.3 minutes.
Mar  7 09:53:44 poptop pppd[11635]: Sent 162963 bytes, received 1130489
bytes.
Mar  7 09:53:44 poptop pppd[11635]: Waiting for 1 child processes...
Mar  7 09:53:44 poptop pppd[11635]:   script /etc/ppp/ip-down, pid 11678
Tue Mar  7 09:53:44 EST 2000: ip-down  Firewall rules removed for
ppp0:192.168.1.126
Mar  7 09:53:45 poptop pppd[11635]: Script /etc/ppp/ip-down finished (pid
11678), status = 0x0
Mar  7 09:53:45 poptop pppd[11635]: Exit.
Mar  9 08:50:21 poptop ftpd[12715]: FTP LOGIN FROM powell @ Tux.agande.com
[192.168.1.121], ebpowell

# End snippet#

Traceoute data from our location to his address:

# begin traceroute: #

 1  ADSL.ATM40.RedBack.Greensboro.netmcr.com (207.3.16.1)  56.501 ms
26.970 ms  16.658 ms
 2  Ethernet1.Cisco4700M.Greensboro.netmcr.com (206.154.10.1)  19.758 ms
14.346 ms  17.496 ms
 3  border7-serial4-1-4.Greensboro.cw.net (204.70.227.125)  50.933 ms
23.291 ms  22.070 ms
 4  core2-fddi-0.Greensboro.cw.net (204.70.80.49)  133.869 ms  204.526 ms
256.648 ms
 5  core7.Washington.cw.net (204.70.4.117)  33.220 ms  71.556 ms  28.342
ms
 6  dca1-core10-s3-1.atlas.digex.net (165.117.59.25)  44.118 ms  48.390 ms
35.243 ms
 7  dca1-core11-pos7-0.atlas.digex.net (165.117.48.198)  41.653 ms  27.510
ms  30.565 ms
 8  dca1-core12-pos7-0.atlas.digex.net (165.117.48.202)  61.445 ms  28.905
ms  38.940 ms
 9  atl2-core2-s1-1-0.atlas.digex.net (165.117.51.109)  68.578 ms  98.246
ms  68.290 ms
10  cisco-2-h1-0.atl2.mindspring.net (209.49.169.166)  61.072 ms  70.494
ms  73.074 ms
11  cisco-3-f4-1-0.atl2.mindspring.net (207.69.223.172)  55.963 ms  58.863
ms  67.215 ms
12  cisco-s0-0-1-1.colum2.mindspring.net (207.69.131.118)  50.998 ms
79.489 ms  55.257 ms
13  cisco-s6-0-0.rtp.mindspring.net (207.69.131.114)  75.893 ms  66.152 ms
69.253 ms
14  cisco-s2-0-1.norva2.mindspring.net (207.69.230.241)  90.486 ms
127.399 ms  91.651 ms
15  209.86.66.174 (209.86.66.174)  108.627 ms  97.339 ms  101.990 ms
16  arc-5a.rmond.mindspring.net (207.69.144.92)  114.204 ms  100.371 ms
97.749 ms
17  user-2ivet7r.dialup.mindspring.com (165.247.116.251)  215.855 ms
211.286 ms  216.013 ms

#End traceroute

Eric B Powell
Network Administrator
Applied Geosciences and Engineering
405-A Parkway Dr
Greensboro, NC 27401
Phone: (336) 274-9456
Fax: (336) 274-9486
E-mail: Powell at AGandE.com
Website: http://www.agande.com





From johnny at booksys.com  Thu Mar  9 10:33:55 2000
From: johnny at booksys.com (Johnny L Wales)
Date: Thu Mar  9 10:33:55 2000
Subject: [pptp-server] GRE: discarding out of order packet
In-Reply-To: <Pine.LNX.4.10.10003090858300.30232-100000@Tux.AGandE.com>
Message-ID: <Pine.LNX.4.10.10003090858400.6727-100000@mail.booksys.com>

I've had problems with mindspring before. If you can believe it, they
block connections to port 25 on any machine they don't own (!) in order to
'prevent spamming from a mindspring dialup account'. It also happens to
prevent my legit users from sending mail through me. -grumble- 

At any rate, they obviously do some filtering based on ports.

--me

On Thu, 9 Mar 2000, Eric B Powell wrote:

> 
> Hello All!
> 
> Been reading the list for a couple of months while getting our PPTP server
> up and running. So far so good, but...One client (Win98) using Mindspring
> is generating "GRE: discarding out of order packet" errors out wazoo when
> he connects. Three other clinets (all three Win98 on different ISP's
> (Quest Internet, Netpath and Bellsouth)) can all successfully connect
> without problems. I am inclined to believe the problem is on the one
> machine or in Mindsprings set-up. Has anyone encountered anything similar?
> 
> The last time the client connected, he reported being able to transmitt
> data but that the connection was extremely slow (even though it showed a
> conenct speed of 48000kbs). Any thoughts?
> 
> A snippet from the log from this connection and the traceroute info for
> this connection follows.
> 
> TIA
> 
> Eric
> 
> # Start pptpd.log snippet #
> 
> Mar  7 09:40:27 poptop pptpd[11634]: CTRL: Client 165.247.116.251 control
> connection started
> Mar  7 09:40:27 poptop pptpd[11634]: CTRL: Starting call (launching pppd,
> opening GRE)
> Mar  7 09:40:29 poptop pppd[11635]: pppd 2.3.8 started by root, uid 0
> Mar  7 09:40:29 poptop pppd[11635]: Using interface ppp0
> Mar  7 09:40:29 poptop pppd[11635]: Connect: ppp0 <--> /dev/pts/2
> Mar  7 09:40:29 poptop pppd[11635]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <auth chap 81> <magic 0x8bbdb282> <pcomp> <accomp>]
> Mar  7 09:40:31 poptop pppd[11635]: rcvd [LCP ConfReq id=0x1 <asyncmap
> 0xa0000> <magic 0x44d7d> <pcomp> <accomp> < 0d 03 06>]
> Mar  7 09:40:31 poptop pppd[11635]: sent [LCP ConfRej id=0x1 < 0d 03 06>]
> Mar  7 09:40:31 poptop pppd[11635]: rcvd [LCP ConfReq id=0x2 <asyncmap
> 0xa0000> <magic 0x44d7d> <pcomp> <accomp>]
> Mar  7 09:40:31 poptop pppd[11635]: sent [LCP ConfAck id=0x2 <asyncmap
> 0xa0000> <magic 0x44d7d> <pcomp> <accomp>]
> Mar  7 09:40:32 poptop pppd[11635]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <auth chap 81> <magic 0x8bbdb282> <pcomp> <accomp>]
> Mar  7 09:40:32 poptop pppd[11635]: rcvd [LCP ConfNak id=0x1 <auth chap
> m$oft> <magic 0x8bbdb282>]
> Mar  7 09:40:32 poptop pppd[11635]: sent [LCP ConfReq id=0x2 <asyncmap
> 0x0> <auth chap m$oft> <magic 0x2191067b> <pcomp> <accomp>]
> Mar  7 09:40:33 poptop pppd[11635]: rcvd [LCP ConfAck id=0x2 <asyncmap
> 0x0> <auth chap m$oft> <magic 0x2191067b> <pcomp> <accomp>]
> Mar  7 09:40:33 poptop pppd[11635]: sent [CHAP Challenge id=0x1
> <81b5977075950c47>, name = "poptop"]
> Mar  7 09:40:33 poptop pppd[11635]: rcvd [CHAP Response id=0x1
> <065b8c46c4ee37fb6dde4b2976e9d6fc7ec36e6aa34189d0e3ce224862d560a6a35c53cfd17c4d5b6a7499a0766d258b01>,
> name = "XXXXX"]
> Mar  7 09:40:33 poptop pppd[11635]: sent [CHAP Success id=0x1 "Welcome to
> poptop."]
> Mar  7 09:40:33 poptop pppd[11635]: sent [IPCP ConfReq id=0x1 <addr
> 207.3.16.162> <compress VJ 0f 01>]
> Mar  7 09:40:35 poptop modprobe: can't locate module ppp-compress-18
> Mar  7 09:40:38 poptop modprobe: can't locate module ppp-compress-18
> Mar  7 09:40:38 poptop pppd[11635]: sent [CCP ConfReq id=0x1 <deflate 15>
> <deflate(old#) 15> <bsd v1 15>]
> Mar  7 09:40:38 poptop pppd[11635]: MSCHAP peer authentication succeeded
> for xxxxxx
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfReq id=0x1 <addr
> 207.3.16.162> <compress VJ 0f 01>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x1 <addr
> 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 192.168.1.1> <ms-dns3 0.0.0.0>
> <ms-wins 0.0.0.0>]
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfRej id=0x1 <ms-dns1
> 0.0.0.0> <ms-dns3 0.0.0.0>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x2 <addr
> 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 192.168.1.1> <ms-dns3 0.0.0.0>
> <ms-wins 0.0.0.0>]
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfRej id=0x2 <ms-dns1
> 0.0.0.0> <ms-dns3 0.0.0.0>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [LCP ProtRej id=0x3 80 fd 01 01
> 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfRej id=0x1 <compress VJ
> 0f 01>]
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfReq id=0x2 <addr
> 207.3.16.162>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x3 <addr
> 0.0.0.0> <ms-wins 192.168.1.1> <ms-wins 0.0.0.0>]
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfNak id=0x3 <addr
> 192.168.1.126> <ms-wins 192.168.1.1>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfAck id=0x2 <addr
> 207.3.16.162>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x4 <addr
> 192.168.1.126> <ms-wins 192.168.1.1> <ms-wins 192.168.1.1>]
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfAck id=0x4 <addr
> 192.168.1.126> <ms-wins 192.168.1.1> <ms-wins 192.168.1.1>]
> Mar  7 09:40:38 poptop pppd[11635]: found interface eth0 for proxy arp
> Mar  7 09:40:38 poptop pppd[11635]: local  IP address 207.3.16.162
> Mar  7 09:40:38 poptop pppd[11635]: remote IP address 192.168.1.126
> Mar  7 09:40:38 poptop pppd[11635]: Script /etc/ppp/ip-up started (pid
> 11645)
> Mar  7 09:40:41 poptop pppd[11635]: Script /etc/ppp/ip-up finished (pid
> 11645), status = 0x0
> Mar  7 09:42:16 poptop pptpd[11634]: GRE: Discarding out of order packet
> Mar  7 09:42:53 poptop last message repeated 3 times
> Mar  7 09:43:54 poptop last message repeated 7 times
> Mar  7 09:44:56 poptop last message repeated 7 times
> Mar  7 09:45:58 poptop last message repeated 8 times
> Mar  7 09:47:18 poptop last message repeated 10 times
> Mar  7 09:48:21 poptop last message repeated 7 times
> Mar  7 09:49:29 poptop last message repeated 15 times
> Mar  7 09:50:37 poptop last message repeated 9 times
> Mar  7 09:51:49 poptop last message repeated 8 times
> Mar  7 09:52:50 poptop last message repeated 9 times
> Mar  7 09:53:07 poptop last message repeated 5 times
> Mar  7 09:53:43 poptop pppd[11635]: rcvd [LCP TermReq id=0x4]
> Mar  7 09:53:43 poptop pppd[11635]: LCP terminated by peer
> Mar  7 09:53:43 poptop pppd[11635]: Script /etc/ppp/ip-down started (pid
> 11678)
> Mar  7 09:53:43 poptop pppd[11635]: sent [LCP TermAck id=0x4]
> Mar  7 09:53:44 poptop pptpd[11634]: CTRL: Error with select(), quitting
> Tue Mar  7 09:53:44 EST 2000: ip-down   1:ppp0 2:/dev/pts/2 3:115200
> 4:207.3.16.162 5:192.168.1.126 6:
> Mar  7 09:53:44 poptop pptpd[11634]: CTRL: Client 165.247.116.251 control
> connection finished
> Mar  7 09:53:44 poptop pppd[11635]: Modem hangup
> Mar  7 09:53:44 poptop pppd[11635]: Connection terminated.
> Mar  7 09:53:44 poptop pppd[11635]: Connect time 13.3 minutes.
> Mar  7 09:53:44 poptop pppd[11635]: Sent 162963 bytes, received 1130489
> bytes.
> Mar  7 09:53:44 poptop pppd[11635]: Waiting for 1 child processes...
> Mar  7 09:53:44 poptop pppd[11635]:   script /etc/ppp/ip-down, pid 11678
> Tue Mar  7 09:53:44 EST 2000: ip-down  Firewall rules removed for
> ppp0:192.168.1.126
> Mar  7 09:53:45 poptop pppd[11635]: Script /etc/ppp/ip-down finished (pid
> 11678), status = 0x0
> Mar  7 09:53:45 poptop pppd[11635]: Exit.
> Mar  9 08:50:21 poptop ftpd[12715]: FTP LOGIN FROM powell @ Tux.agande.com
> [192.168.1.121], ebpowell
> 
> # End snippet#
> 
> Traceoute data from our location to his address:
> 
> # begin traceroute: #
> 
>  1  ADSL.ATM40.RedBack.Greensboro.netmcr.com (207.3.16.1)  56.501 ms
> 26.970 ms  16.658 ms
>  2  Ethernet1.Cisco4700M.Greensboro.netmcr.com (206.154.10.1)  19.758 ms
> 14.346 ms  17.496 ms
>  3  border7-serial4-1-4.Greensboro.cw.net (204.70.227.125)  50.933 ms
> 23.291 ms  22.070 ms
>  4  core2-fddi-0.Greensboro.cw.net (204.70.80.49)  133.869 ms  204.526 ms
> 256.648 ms
>  5  core7.Washington.cw.net (204.70.4.117)  33.220 ms  71.556 ms  28.342
> ms
>  6  dca1-core10-s3-1.atlas.digex.net (165.117.59.25)  44.118 ms  48.390 ms
> 35.243 ms
>  7  dca1-core11-pos7-0.atlas.digex.net (165.117.48.198)  41.653 ms  27.510
> ms  30.565 ms
>  8  dca1-core12-pos7-0.atlas.digex.net (165.117.48.202)  61.445 ms  28.905
> ms  38.940 ms
>  9  atl2-core2-s1-1-0.atlas.digex.net (165.117.51.109)  68.578 ms  98.246
> ms  68.290 ms
> 10  cisco-2-h1-0.atl2.mindspring.net (209.49.169.166)  61.072 ms  70.494
> ms  73.074 ms
> 11  cisco-3-f4-1-0.atl2.mindspring.net (207.69.223.172)  55.963 ms  58.863
> ms  67.215 ms
> 12  cisco-s0-0-1-1.colum2.mindspring.net (207.69.131.118)  50.998 ms
> 79.489 ms  55.257 ms
> 13  cisco-s6-0-0.rtp.mindspring.net (207.69.131.114)  75.893 ms  66.152 ms
> 69.253 ms
> 14  cisco-s2-0-1.norva2.mindspring.net (207.69.230.241)  90.486 ms
> 127.399 ms  91.651 ms
> 15  209.86.66.174 (209.86.66.174)  108.627 ms  97.339 ms  101.990 ms
> 16  arc-5a.rmond.mindspring.net (207.69.144.92)  114.204 ms  100.371 ms
> 97.749 ms
> 17  user-2ivet7r.dialup.mindspring.com (165.247.116.251)  215.855 ms
> 211.286 ms  216.013 ms
> 
> #End traceroute
> 
> Eric B Powell
> Network Administrator
> Applied Geosciences and Engineering
> 405-A Parkway Dr
> Greensboro, NC 27401
> Phone: (336) 274-9456
> Fax: (336) 274-9486
> E-mail: Powell at AGandE.com
> Website: http://www.agande.com
> 
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 





From hshaw at healthcentralrx.com  Thu Mar  9 10:37:24 2000
From: hshaw at healthcentralrx.com (Terrelle Shaw)
Date: Thu Mar  9 10:37:24 2000
Subject: [pptp-server] GRE: discarding out of order packet
References: <Pine.LNX.4.10.10003090858300.30232-100000@Tux.AGandE.com>
Message-ID: <38C7D39B.FCDCF948@healthcentralrx.com>

In short, YES! i have started to see this very same thing. 1 MS client i have is getting this when they
are trying to loggin and its throwing this error. It is generated when they are being authenticated
though. Problem is there username and password hasn't changed, and they were able to get in before with
no problem. They are running NT with service pack 6a. Not sure whats the deal with that 1 client tho..

Eric B Powell wrote:

> Hello All!
>
> Been reading the list for a couple of months while getting our PPTP server
> up and running. So far so good, but...One client (Win98) using Mindspring
> is generating "GRE: discarding out of order packet" errors out wazoo when
> he connects. Three other clinets (all three Win98 on different ISP's
> (Quest Internet, Netpath and Bellsouth)) can all successfully connect
> without problems. I am inclined to believe the problem is on the one
> machine or in Mindsprings set-up. Has anyone encountered anything similar?
>
> The last time the client connected, he reported being able to transmitt
> data but that the connection was extremely slow (even though it showed a
> conenct speed of 48000kbs). Any thoughts?
>
> A snippet from the log from this connection and the traceroute info for
> this connection follows.
>
> TIA
>
> Eric
>
> # Start pptpd.log snippet #
>
> Mar  7 09:40:27 poptop pptpd[11634]: CTRL: Client 165.247.116.251 control
> connection started
> Mar  7 09:40:27 poptop pptpd[11634]: CTRL: Starting call (launching pppd,
> opening GRE)
> Mar  7 09:40:29 poptop pppd[11635]: pppd 2.3.8 started by root, uid 0
> Mar  7 09:40:29 poptop pppd[11635]: Using interface ppp0
> Mar  7 09:40:29 poptop pppd[11635]: Connect: ppp0 <--> /dev/pts/2
> Mar  7 09:40:29 poptop pppd[11635]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <auth chap 81> <magic 0x8bbdb282> <pcomp> <accomp>]
> Mar  7 09:40:31 poptop pppd[11635]: rcvd [LCP ConfReq id=0x1 <asyncmap
> 0xa0000> <magic 0x44d7d> <pcomp> <accomp> < 0d 03 06>]
> Mar  7 09:40:31 poptop pppd[11635]: sent [LCP ConfRej id=0x1 < 0d 03 06>]
> Mar  7 09:40:31 poptop pppd[11635]: rcvd [LCP ConfReq id=0x2 <asyncmap
> 0xa0000> <magic 0x44d7d> <pcomp> <accomp>]
> Mar  7 09:40:31 poptop pppd[11635]: sent [LCP ConfAck id=0x2 <asyncmap
> 0xa0000> <magic 0x44d7d> <pcomp> <accomp>]
> Mar  7 09:40:32 poptop pppd[11635]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <auth chap 81> <magic 0x8bbdb282> <pcomp> <accomp>]
> Mar  7 09:40:32 poptop pppd[11635]: rcvd [LCP ConfNak id=0x1 <auth chap
> m$oft> <magic 0x8bbdb282>]
> Mar  7 09:40:32 poptop pppd[11635]: sent [LCP ConfReq id=0x2 <asyncmap
> 0x0> <auth chap m$oft> <magic 0x2191067b> <pcomp> <accomp>]
> Mar  7 09:40:33 poptop pppd[11635]: rcvd [LCP ConfAck id=0x2 <asyncmap
> 0x0> <auth chap m$oft> <magic 0x2191067b> <pcomp> <accomp>]
> Mar  7 09:40:33 poptop pppd[11635]: sent [CHAP Challenge id=0x1
> <81b5977075950c47>, name = "poptop"]
> Mar  7 09:40:33 poptop pppd[11635]: rcvd [CHAP Response id=0x1
> <065b8c46c4ee37fb6dde4b2976e9d6fc7ec36e6aa34189d0e3ce224862d560a6a35c53cfd17c4d5b6a7499a0766d258b01>,
> name = "XXXXX"]
> Mar  7 09:40:33 poptop pppd[11635]: sent [CHAP Success id=0x1 "Welcome to
> poptop."]
> Mar  7 09:40:33 poptop pppd[11635]: sent [IPCP ConfReq id=0x1 <addr
> 207.3.16.162> <compress VJ 0f 01>]
> Mar  7 09:40:35 poptop modprobe: can't locate module ppp-compress-18
> Mar  7 09:40:38 poptop modprobe: can't locate module ppp-compress-18
> Mar  7 09:40:38 poptop pppd[11635]: sent [CCP ConfReq id=0x1 <deflate 15>
> <deflate(old#) 15> <bsd v1 15>]
> Mar  7 09:40:38 poptop pppd[11635]: MSCHAP peer authentication succeeded
> for xxxxxx
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfReq id=0x1 <addr
> 207.3.16.162> <compress VJ 0f 01>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x1 <addr
> 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 192.168.1.1> <ms-dns3 0.0.0.0>
> <ms-wins 0.0.0.0>]
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfRej id=0x1 <ms-dns1
> 0.0.0.0> <ms-dns3 0.0.0.0>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x2 <addr
> 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 192.168.1.1> <ms-dns3 0.0.0.0>
> <ms-wins 0.0.0.0>]
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfRej id=0x2 <ms-dns1
> 0.0.0.0> <ms-dns3 0.0.0.0>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [LCP ProtRej id=0x3 80 fd 01 01
> 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfRej id=0x1 <compress VJ
> 0f 01>]
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfReq id=0x2 <addr
> 207.3.16.162>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x3 <addr
> 0.0.0.0> <ms-wins 192.168.1.1> <ms-wins 0.0.0.0>]
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfNak id=0x3 <addr
> 192.168.1.126> <ms-wins 192.168.1.1>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfAck id=0x2 <addr
> 207.3.16.162>]
> Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x4 <addr
> 192.168.1.126> <ms-wins 192.168.1.1> <ms-wins 192.168.1.1>]
> Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfAck id=0x4 <addr
> 192.168.1.126> <ms-wins 192.168.1.1> <ms-wins 192.168.1.1>]
> Mar  7 09:40:38 poptop pppd[11635]: found interface eth0 for proxy arp
> Mar  7 09:40:38 poptop pppd[11635]: local  IP address 207.3.16.162
> Mar  7 09:40:38 poptop pppd[11635]: remote IP address 192.168.1.126
> Mar  7 09:40:38 poptop pppd[11635]: Script /etc/ppp/ip-up started (pid
> 11645)
> Mar  7 09:40:41 poptop pppd[11635]: Script /etc/ppp/ip-up finished (pid
> 11645), status = 0x0
> Mar  7 09:42:16 poptop pptpd[11634]: GRE: Discarding out of order packet
> Mar  7 09:42:53 poptop last message repeated 3 times
> Mar  7 09:43:54 poptop last message repeated 7 times
> Mar  7 09:44:56 poptop last message repeated 7 times
> Mar  7 09:45:58 poptop last message repeated 8 times
> Mar  7 09:47:18 poptop last message repeated 10 times
> Mar  7 09:48:21 poptop last message repeated 7 times
> Mar  7 09:49:29 poptop last message repeated 15 times
> Mar  7 09:50:37 poptop last message repeated 9 times
> Mar  7 09:51:49 poptop last message repeated 8 times
> Mar  7 09:52:50 poptop last message repeated 9 times
> Mar  7 09:53:07 poptop last message repeated 5 times
> Mar  7 09:53:43 poptop pppd[11635]: rcvd [LCP TermReq id=0x4]
> Mar  7 09:53:43 poptop pppd[11635]: LCP terminated by peer
> Mar  7 09:53:43 poptop pppd[11635]: Script /etc/ppp/ip-down started (pid
> 11678)
> Mar  7 09:53:43 poptop pppd[11635]: sent [LCP TermAck id=0x4]
> Mar  7 09:53:44 poptop pptpd[11634]: CTRL: Error with select(), quitting
> Tue Mar  7 09:53:44 EST 2000: ip-down   1:ppp0 2:/dev/pts/2 3:115200
> 4:207.3.16.162 5:192.168.1.126 6:
> Mar  7 09:53:44 poptop pptpd[11634]: CTRL: Client 165.247.116.251 control
> connection finished
> Mar  7 09:53:44 poptop pppd[11635]: Modem hangup
> Mar  7 09:53:44 poptop pppd[11635]: Connection terminated.
> Mar  7 09:53:44 poptop pppd[11635]: Connect time 13.3 minutes.
> Mar  7 09:53:44 poptop pppd[11635]: Sent 162963 bytes, received 1130489
> bytes.
> Mar  7 09:53:44 poptop pppd[11635]: Waiting for 1 child processes...
> Mar  7 09:53:44 poptop pppd[11635]:   script /etc/ppp/ip-down, pid 11678
> Tue Mar  7 09:53:44 EST 2000: ip-down  Firewall rules removed for
> ppp0:192.168.1.126
> Mar  7 09:53:45 poptop pppd[11635]: Script /etc/ppp/ip-down finished (pid
> 11678), status = 0x0
> Mar  7 09:53:45 poptop pppd[11635]: Exit.
> Mar  9 08:50:21 poptop ftpd[12715]: FTP LOGIN FROM powell @ Tux.agande.com
> [192.168.1.121], ebpowell
>
> # End snippet#
>
> Traceoute data from our location to his address:
>
> # begin traceroute: #
>
>  1  ADSL.ATM40.RedBack.Greensboro.netmcr.com (207.3.16.1)  56.501 ms
> 26.970 ms  16.658 ms
>  2  Ethernet1.Cisco4700M.Greensboro.netmcr.com (206.154.10.1)  19.758 ms
> 14.346 ms  17.496 ms
>  3  border7-serial4-1-4.Greensboro.cw.net (204.70.227.125)  50.933 ms
> 23.291 ms  22.070 ms
>  4  core2-fddi-0.Greensboro.cw.net (204.70.80.49)  133.869 ms  204.526 ms
> 256.648 ms
>  5  core7.Washington.cw.net (204.70.4.117)  33.220 ms  71.556 ms  28.342
> ms
>  6  dca1-core10-s3-1.atlas.digex.net (165.117.59.25)  44.118 ms  48.390 ms
> 35.243 ms
>  7  dca1-core11-pos7-0.atlas.digex.net (165.117.48.198)  41.653 ms  27.510
> ms  30.565 ms
>  8  dca1-core12-pos7-0.atlas.digex.net (165.117.48.202)  61.445 ms  28.905
> ms  38.940 ms
>  9  atl2-core2-s1-1-0.atlas.digex.net (165.117.51.109)  68.578 ms  98.246
> ms  68.290 ms
> 10  cisco-2-h1-0.atl2.mindspring.net (209.49.169.166)  61.072 ms  70.494
> ms  73.074 ms
> 11  cisco-3-f4-1-0.atl2.mindspring.net (207.69.223.172)  55.963 ms  58.863
> ms  67.215 ms
> 12  cisco-s0-0-1-1.colum2.mindspring.net (207.69.131.118)  50.998 ms
> 79.489 ms  55.257 ms
> 13  cisco-s6-0-0.rtp.mindspring.net (207.69.131.114)  75.893 ms  66.152 ms
> 69.253 ms
> 14  cisco-s2-0-1.norva2.mindspring.net (207.69.230.241)  90.486 ms
> 127.399 ms  91.651 ms
> 15  209.86.66.174 (209.86.66.174)  108.627 ms  97.339 ms  101.990 ms
> 16  arc-5a.rmond.mindspring.net (207.69.144.92)  114.204 ms  100.371 ms
> 97.749 ms
> 17  user-2ivet7r.dialup.mindspring.com (165.247.116.251)  215.855 ms
> 211.286 ms  216.013 ms
>
> #End traceroute
>
> Eric B Powell
> Network Administrator
> Applied Geosciences and Engineering
> 405-A Parkway Dr
> Greensboro, NC 27401
> Phone: (336) 274-9456
> Fax: (336) 274-9486
> E-mail: Powell at AGandE.com
> Website: http://www.agande.com
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!




From koschate at bigfoot.com  Thu Mar  9 14:47:45 2000
From: koschate at bigfoot.com (Thomas Koschate)
Date: Thu Mar  9 14:47:45 2000
Subject: [pptp-server] Can't ping the local LAN
Message-ID: <AEF0599D9B698E978525689D007181BD.0000000000000000>

On 2000-03-08 17:00:26, Scott M. Stone wrote:

>ok, assuming your local net is 192.168.81.0/24 and your remote side of the
>pptp connection is being assigned 192.168.81.101, do:
>
>ipchains -P forward DENY
>ipchains -A forward -s 192.168.81.0/24 -d 192.168.81.101 -j ACCEPT
>ipchains -A forward -s 192.168.81.101 -d 192.168.81.0/24 -j ACCEPT
>
>see if that helps

Well, I don't know about Gary, but it certainly helped me with a similar 
problem.  I disabled my firewalling, tried these commands, and everything 
was wonderful.  Now the trick is to get the darned thing working _with_ the 
firewalling.

I put in the following script:
---------------------------------
#!/bin/sh
# /etc/ppp/ip-up.local
case $2
  in
  /dev/pts/*)
    echo "$(date): ip-up   1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" >> 
/var/log/pptpd.log
    /sbin/ipchains --insert forward -j ACCEPT -s $5 -i eth1
    /sbin/ipchains --insert forward -j ACCEPT -d $5 -i $1 
    echo "$(date): ip-up  Firewall rules set for $1:$5" >> 
/var/log/pptpd.log
                ;;
esac
---------------------------------

And a corresponding ip-down.local, re-enabled my firewalling, and got zippo 
again.  Where to go from here?
=============================================================
Thomas Koschate
koschate at bigfoot.com

For PGP Key, see
http://keys.pgp.com:11371/pks/lookup?op=get&search=0xF45280AD
=============================================================
"Lawyers, I suppose, were children once."

     Charles Lamb




From sstone at taos.com  Thu Mar  9 16:08:12 2000
From: sstone at taos.com (Scott M. Stone)
Date: Thu Mar  9 16:08:12 2000
Subject: [pptp-server] Can't ping the local LAN
In-Reply-To: <AEF0599D9B698E978525689D007181BD.0000000000000000>
Message-ID: <Pine.LNX.4.10.10003091406340.26584-100000@armadillo.wink.com>

On Thu, 9 Mar 2000, Thomas Koschate wrote:

> On 2000-03-08 17:00:26, Scott M. Stone wrote:
> 
> >ok, assuming your local net is 192.168.81.0/24 and your remote side of the
> >pptp connection is being assigned 192.168.81.101, do:
> >
> >ipchains -P forward DENY
> >ipchains -A forward -s 192.168.81.0/24 -d 192.168.81.101 -j ACCEPT
> >ipchains -A forward -s 192.168.81.101 -d 192.168.81.0/24 -j ACCEPT
> >
> >see if that helps
> 
> Well, I don't know about Gary, but it certainly helped me with a similar 
> problem.  I disabled my firewalling, tried these commands, and everything 
> was wonderful.  Now the trick is to get the darned thing working _with_ the 
> firewalling.

well, my above ipchains commands will keep your general policy of denying
forwarding, but allows forwarding between the remote pptp client and the
rest of your local subnet, which is what you want.  Try my lines instead
of the ones below....?

> 
> I put in the following script:
> ---------------------------------
> #!/bin/sh
> # /etc/ppp/ip-up.local
> case $2
>   in
>   /dev/pts/*)
>     echo "$(date): ip-up   1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" >> 
> /var/log/pptpd.log
>     /sbin/ipchains --insert forward -j ACCEPT -s $5 -i eth1
>     /sbin/ipchains --insert forward -j ACCEPT -d $5 -i $1 
>     echo "$(date): ip-up  Firewall rules set for $1:$5" >> 
> /var/log/pptpd.log
>                 ;;
> esac
> ---------------------------------
> 
> And a corresponding ip-down.local, re-enabled my firewalling, and got zippo 
> again.  Where to go from here?
> =============================================================
> Thomas Koschate
> koschate at bigfoot.com
> 
> For PGP Key, see
> http://keys.pgp.com:11371/pks/lookup?op=get&search=0xF45280AD
> =============================================================
> "Lawyers, I suppose, were children once."
> 
>      Charles Lamb
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From don at spr0cket.lindner2k.com  Thu Mar  9 20:07:02 2000
From: don at spr0cket.lindner2k.com (Don Lindner)
Date: Thu Mar  9 20:07:02 2000
Subject: [pptp-server] Missing module: char-major-108
Message-ID: <001201bf8a35$45f5ce20$0800000a@lindner2k.com>

I've set up PoPToP, and Win9x does authenticate and initiate pppd -- then it
hangs with the error (on the win9x box) to the effect that the Linux box is
not responding. The entry in messages states that module char-major-108
could not be found.

I've downloaded source for three revisions of recent kernels, and have not
been able to produce this module from any of them. Ideas, anyone?...

 --
Ron went to venus and all I got was this stupid t-shirt!

http://www.xenu.net    http://www.fza.org





From tmk at netmagic.net  Thu Mar  9 21:30:20 2000
From: tmk at netmagic.net (tmk)
Date: Thu Mar  9 21:30:20 2000
Subject: [pptp-server] Missing module: char-major-108
References: <001201bf8a35$45f5ce20$0800000a@lindner2k.com>
Message-ID: <000701bf8a41$40ef5fc0$071c0fc0@lala.net>

that is the mppe (encryption) module

search the archives for that error - you need to add an alias line in your
/etc/conf.modules file to fix it

Kevin
----- Original Message -----
From: Don Lindner <don at spr0cket.lindner2k.com>
To: <pptp-server at lists.schulte.org>
Sent: Thursday, March 09, 2000 6:06 PM
Subject: [pptp-server] Missing module: char-major-108


> I've set up PoPToP, and Win9x does authenticate and initiate pppd -- then
it
> hangs with the error (on the win9x box) to the effect that the Linux box
is
> not responding. The entry in messages states that module char-major-108
> could not be found.
>
> I've downloaded source for three revisions of recent kernels, and have not
> been able to produce this module from any of them. Ideas, anyone?...
>
>  --
> Ron went to venus and all I got was this stupid t-shirt!
>
> http://www.xenu.net    http://www.fza.org
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From don at spr0cket.lindner2k.com  Fri Mar 10 01:53:02 2000
From: don at spr0cket.lindner2k.com (Don Lindner)
Date: Fri Mar 10 01:53:02 2000
Subject: [pptp-server] Missing module: char-major-108
References: <001201bf8a35$45f5ce20$0800000a@lindner2k.com> <000701bf8a41$40ef5fc0$071c0fc0@lala.net>
Message-ID: <000a01bf8a65$9d678380$0800000a@lindner2k.com>

That did the trick -- except that now I'm getting:

Mar  9 23:39:25 spr0cket pptpd[3518]: CTRL: Error with select(), quitting

I've been force-reinstalling library rpm's, but no go...

----- Original Message -----
From: "tmk" <tmk at netmagic.net>
To: <pptp-server at lists.schulte.org>
Sent: Thursday, March 09, 2000 7:32 PM
Subject: Re: [pptp-server] Missing module: char-major-108


> that is the mppe (encryption) module
>
> search the archives for that error - you need to add an alias line in your
> /etc/conf.modules file to fix it
>
> Kevin
> ----- Original Message -----
> From: Don Lindner <don at spr0cket.lindner2k.com>
> To: <pptp-server at lists.schulte.org>
> Sent: Thursday, March 09, 2000 6:06 PM
> Subject: [pptp-server] Missing module: char-major-108
>
>
> > I've set up PoPToP, and Win9x does authenticate and initiate pppd --
then
> it
> > hangs with the error (on the win9x box) to the effect that the Linux box
> is
> > not responding. The entry in messages states that module char-major-108
> > could not be found.
> >
> > I've downloaded source for three revisions of recent kernels, and have
not
> > been able to produce this module from any of them. Ideas, anyone?...
> >
> >  --
> > Ron went to venus and all I got was this stupid t-shirt!
> >
> > http://www.xenu.net    http://www.fza.org
> >
> >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> >
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From tmk at netmagic.net  Fri Mar 10 02:37:15 2000
From: tmk at netmagic.net (tmk)
Date: Fri Mar 10 02:37:15 2000
Subject: [pptp-server] Missing module: char-major-108
References: <001201bf8a35$45f5ce20$0800000a@lindner2k.com> <000701bf8a41$40ef5fc0$071c0fc0@lala.net> <000a01bf8a65$9d678380$0800000a@lindner2k.com>
Message-ID: <000701bf8a6c$2431ae80$071c0fc0@lala.net>

looks like gre packets arent getting through.. make sure your firewall is
set up to allow them.. i think this is in the faq.

it will look like
ipchains -I input -p 47 -j ACCEPT

Kevin
----- Original Message -----
From: Don Lindner <don at spr0cket.lindner2k.com>
To: <pptp-server at lists.schulte.org>
Sent: Thursday, March 09, 2000 11:52 PM
Subject: Re: [pptp-server] Missing module: char-major-108


> That did the trick -- except that now I'm getting:
>
> Mar  9 23:39:25 spr0cket pptpd[3518]: CTRL: Error with select(), quitting
>
> I've been force-reinstalling library rpm's, but no go...
>
> ----- Original Message -----
> From: "tmk" <tmk at netmagic.net>
> To: <pptp-server at lists.schulte.org>
> Sent: Thursday, March 09, 2000 7:32 PM
> Subject: Re: [pptp-server] Missing module: char-major-108
>
>
> > that is the mppe (encryption) module
> >
> > search the archives for that error - you need to add an alias line in
your
> > /etc/conf.modules file to fix it
> >
> > Kevin
> > ----- Original Message -----
> > From: Don Lindner <don at spr0cket.lindner2k.com>
> > To: <pptp-server at lists.schulte.org>
> > Sent: Thursday, March 09, 2000 6:06 PM
> > Subject: [pptp-server] Missing module: char-major-108
> >
> >
> > > I've set up PoPToP, and Win9x does authenticate and initiate pppd --
> then
> > it
> > > hangs with the error (on the win9x box) to the effect that the Linux
box
> > is
> > > not responding. The entry in messages states that module
char-major-108
> > > could not be found.
> > >
> > > I've downloaded source for three revisions of recent kernels, and have
> not
> > > been able to produce this module from any of them. Ideas, anyone?...
> > >
> > >  --
> > > Ron went to venus and all I got was this stupid t-shirt!
> > >
> > > http://www.xenu.net    http://www.fza.org
> > >
> > >
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulte.org!
> > >
> >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> >
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From don at spr0cket.lindner2k.com  Fri Mar 10 03:21:55 2000
From: don at spr0cket.lindner2k.com (Don Lindner)
Date: Fri Mar 10 03:21:55 2000
Subject: [pptp-server] Missing module: char-major-108
References: <001201bf8a35$45f5ce20$0800000a@lindner2k.com> <000701bf8a41$40ef5fc0$071c0fc0@lala.net> <000a01bf8a65$9d678380$0800000a@lindner2k.com> <000701bf8a6c$2431ae80$071c0fc0@lala.net>
Message-ID: <000a01bf8a72$0da53960$0800000a@lindner2k.com>

Done -- same error.

Error on Win98 VPN / DUN:

: The computer you're dialing in to does not respond to a network request.
: Check your server type setting in the properties of the connection.
: If this problem persists, check with your network administrator.

Log from system console:

: Mar 10 01:14:48 spr0cket pptpd[16276]: \
    CTRL: Client 63.198.144.210 control connection started
: Mar 10 01:14:48 spr0cket pptpd[16276]: \
    CTRL: Starting call (launching pppd, opening GRE)
: Mar 10 01:14:48 spr0cket pppd[16277]: pppd 2.3.10 started by root, uid 0
: Mar 10 01:14:48 spr0cket pppd[16277]: Using interface ppp0
: Mar 10 01:14:48 spr0cket pppd[16277]: Connect: ppp0 <--> /dev/pts/2
: Mar 10 01:15:18 spr0cket pptpd[16276]: CTRL: Error with select(), quitting
: Mar 10 01:15:18 spr0cket pptpd[16276]: \
    CTRL: Client 63.198.144.210 control connection finished
: Mar 10 01:15:18 spr0cket pppd[16277]: Modem hangup
: Mar 10 01:15:18 spr0cket pppd[16277]: Connection terminated.
: Mar 10 01:15:18 spr0cket pppd[16277]: Exit.


----- Original Message -----
From: "tmk" <tmk at netmagic.net>
To: <pptp-server at lists.schulte.org>
Sent: Friday, March 10, 2000 12:39 AM
Subject: Re: [pptp-server] Missing module: char-major-108


> looks like gre packets arent getting through.. make sure your firewall is
> set up to allow them.. i think this is in the faq.
>
> it will look like
> ipchains -I input -p 47 -j ACCEPT
>
> Kevin
> ----- Original Message -----
> From: Don Lindner <don at spr0cket.lindner2k.com>
> To: <pptp-server at lists.schulte.org>
> Sent: Thursday, March 09, 2000 11:52 PM
> Subject: Re: [pptp-server] Missing module: char-major-108
>
>
> > That did the trick -- except that now I'm getting:
> >
> > Mar  9 23:39:25 spr0cket pptpd[3518]: CTRL: Error with select(),
quitting
> >
> > I've been force-reinstalling library rpm's, but no go...
> >
> > ----- Original Message -----
> > From: "tmk" <tmk at netmagic.net>
> > To: <pptp-server at lists.schulte.org>
> > Sent: Thursday, March 09, 2000 7:32 PM
> > Subject: Re: [pptp-server] Missing module: char-major-108
> >
> >
> > > that is the mppe (encryption) module
> > >
> > > search the archives for that error - you need to add an alias line in
> your
> > > /etc/conf.modules file to fix it
> > >
> > > Kevin
> > > ----- Original Message -----
> > > From: Don Lindner <don at spr0cket.lindner2k.com>
> > > To: <pptp-server at lists.schulte.org>
> > > Sent: Thursday, March 09, 2000 6:06 PM
> > > Subject: [pptp-server] Missing module: char-major-108
> > >
> > >
> > > > I've set up PoPToP, and Win9x does authenticate and initiate pppd --
> > then
> > > it
> > > > hangs with the error (on the win9x box) to the effect that the Linux
> box
> > > is
> > > > not responding. The entry in messages states that module
> char-major-108
> > > > could not be found.
> > > >
> > > > I've downloaded source for three revisions of recent kernels, and
have
> > not
> > > > been able to produce this module from any of them. Ideas, anyone?...
> > > >
> > > >  --
> > > > Ron went to venus and all I got was this stupid t-shirt!
> > > >
> > > > http://www.xenu.net    http://www.fza.org
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > > List services provided by www.schulte.org!
> > > >
> > >
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulte.org!
> > >
> >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> >
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From gbowers at itrus.net  Fri Mar 10 07:45:16 2000
From: gbowers at itrus.net (Gary Bowers)
Date: Fri Mar 10 07:45:16 2000
Subject: [pptp-server] Can't ping the local LAN
In-Reply-To: <Pine.LNX.4.10.10003081359270.26584-100000@armadillo.wink.com>
Message-ID: <NDBBIFMMCODKHNMIGAKAKEDACAAA.gbowers@itrus.net>

Thanks,

Ipforwaring was on, but my firewall was blocking forwarding.  I put the
extra rules in the IPup script, and it works great now.

Gary

PS anyone know how to make the #$&%^ Network Neighborhood work?

-----Original Message-----
From: Scott M. Stone [mailto:sstone at taos.com]
Sent: Wednesday, March 08, 2000 4:00 PM
To: Gary Bowers
Cc: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] Can't ping the local LAN


On Wed, 8 Mar 2000, Gary Bowers wrote:

> OK
>
> I have read all that I can, and now I need some help.
>
> I have got poptop configured, and I can make a connection, but I cannot
ping
> past the poptop server.
>
> I have tried so many different combinations now, that I could not give you
> an accurate picture of my environment.
>
> I have turned on proxyarp, and i have made the remore and localIPs to be
on
> my local lan.  I still get request timed out when trying to ping.
>
> Tell me what you need to help me, and its yours.

ok, assuming your local net is 192.168.81.0/24 and your remote side of the
pptp connection is being assigned 192.168.81.101, do:

ipchains -P forward DENY
ipchains -A forward -s 192.168.81.0/24 -d 192.168.81.101 -j ACCEPT
ipchains -A forward -s 192.168.81.101 -d 192.168.81.0/24 -j ACCEPT

see if that helps

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company




From powell at agande.com  Fri Mar 10 08:19:51 2000
From: powell at agande.com (Eric B Powell)
Date: Fri Mar 10 08:19:51 2000
Subject: [pptp-server] GRE: discarding out of order packet
In-Reply-To: <38C7D39B.FCDCF948@healthcentralrx.com>
Message-ID: <Pine.LNX.4.10.10003100904410.30981-100000@Tux.AGandE.com>

Here's a thought....

Maybe the culprit on these boxes is the modem or modem driver. I had the
client remove the entire network stack including LAN and modem drivers,
run regclean and then re-install the whole shooting match because of one
symptom dhe reported: after making a PPTP connection, none of his
DUN functions worked until he rebooted the computer.

I'll let everyone know what the outcome is.

I will also submit some detailed "Win 9x client" instructions once I get
the documnet finalized and stress tested. Perhaps if several people 
contribute a version of these instrctions we can narrow down what works
and what doesn't into a "Win 9x PPTP How-To" or some such idea.

In the near future I'll also be working on getting the users who use AOL
for their connectivity connected via the tunnel...this oughta really suck
;)

E-

Eric B Powell
Geologist / Network Administrator
Applied Geosciences and Engineering
405-A Parkway Dr
Greensboro, NC 27401
Phone: (336) 274-9456
Fax: (336) 274-9486
E-mail: Powell at AGandE.com
Website: http://www.agande.com
Powered by Linux

On Thu, 9 Mar 2000, Terrelle Shaw wrote:

> In short, YES! i have started to see this very same thing. 1 MS client i have is getting this when they
> are trying to loggin and its throwing this error. It is generated when they are being authenticated
> though. Problem is there username and password hasn't changed, and they were able to get in before with
> no problem. They are running NT with service pack 6a. Not sure whats the deal with that 1 client tho..
> 
> Eric B Powell wrote:
> 
> > Hello All!
> >
> > Been reading the list for a couple of months while getting our PPTP server
> > up and running. So far so good, but...One client (Win98) using Mindspring
> > is generating "GRE: discarding out of order packet" errors out wazoo when
> > he connects. Three other clinets (all three Win98 on different ISP's
> > (Quest Internet, Netpath and Bellsouth)) can all successfully connect
> > without problems. I am inclined to believe the problem is on the one
> > machine or in Mindsprings set-up. Has anyone encountered anything similar?
> >
> > The last time the client connected, he reported being able to transmitt
> > data but that the connection was extremely slow (even though it showed a
> > conenct speed of 48000kbs). Any thoughts?
> >
> > A snippet from the log from this connection and the traceroute info for
> > this connection follows.
> >
> > TIA
> >
> > Eric
> >
> > # Start pptpd.log snippet #
> >
> > Mar  7 09:40:27 poptop pptpd[11634]: CTRL: Client 165.247.116.251 control
> > connection started
> > Mar  7 09:40:27 poptop pptpd[11634]: CTRL: Starting call (launching pppd,
> > opening GRE)
> > Mar  7 09:40:29 poptop pppd[11635]: pppd 2.3.8 started by root, uid 0
> > Mar  7 09:40:29 poptop pppd[11635]: Using interface ppp0
> > Mar  7 09:40:29 poptop pppd[11635]: Connect: ppp0 <--> /dev/pts/2
> > Mar  7 09:40:29 poptop pppd[11635]: sent [LCP ConfReq id=0x1 <asyncmap
> > 0x0> <auth chap 81> <magic 0x8bbdb282> <pcomp> <accomp>]
> > Mar  7 09:40:31 poptop pppd[11635]: rcvd [LCP ConfReq id=0x1 <asyncmap
> > 0xa0000> <magic 0x44d7d> <pcomp> <accomp> < 0d 03 06>]
> > Mar  7 09:40:31 poptop pppd[11635]: sent [LCP ConfRej id=0x1 < 0d 03 06>]
> > Mar  7 09:40:31 poptop pppd[11635]: rcvd [LCP ConfReq id=0x2 <asyncmap
> > 0xa0000> <magic 0x44d7d> <pcomp> <accomp>]
> > Mar  7 09:40:31 poptop pppd[11635]: sent [LCP ConfAck id=0x2 <asyncmap
> > 0xa0000> <magic 0x44d7d> <pcomp> <accomp>]
> > Mar  7 09:40:32 poptop pppd[11635]: sent [LCP ConfReq id=0x1 <asyncmap
> > 0x0> <auth chap 81> <magic 0x8bbdb282> <pcomp> <accomp>]
> > Mar  7 09:40:32 poptop pppd[11635]: rcvd [LCP ConfNak id=0x1 <auth chap
> > m$oft> <magic 0x8bbdb282>]
> > Mar  7 09:40:32 poptop pppd[11635]: sent [LCP ConfReq id=0x2 <asyncmap
> > 0x0> <auth chap m$oft> <magic 0x2191067b> <pcomp> <accomp>]
> > Mar  7 09:40:33 poptop pppd[11635]: rcvd [LCP ConfAck id=0x2 <asyncmap
> > 0x0> <auth chap m$oft> <magic 0x2191067b> <pcomp> <accomp>]
> > Mar  7 09:40:33 poptop pppd[11635]: sent [CHAP Challenge id=0x1
> > <81b5977075950c47>, name = "poptop"]
> > Mar  7 09:40:33 poptop pppd[11635]: rcvd [CHAP Response id=0x1
> > <065b8c46c4ee37fb6dde4b2976e9d6fc7ec36e6aa34189d0e3ce224862d560a6a35c53cfd17c4d5b6a7499a0766d258b01>,
> > name = "XXXXX"]
> > Mar  7 09:40:33 poptop pppd[11635]: sent [CHAP Success id=0x1 "Welcome to
> > poptop."]
> > Mar  7 09:40:33 poptop pppd[11635]: sent [IPCP ConfReq id=0x1 <addr
> > 207.3.16.162> <compress VJ 0f 01>]
> > Mar  7 09:40:35 poptop modprobe: can't locate module ppp-compress-18
> > Mar  7 09:40:38 poptop modprobe: can't locate module ppp-compress-18
> > Mar  7 09:40:38 poptop pppd[11635]: sent [CCP ConfReq id=0x1 <deflate 15>
> > <deflate(old#) 15> <bsd v1 15>]
> > Mar  7 09:40:38 poptop pppd[11635]: MSCHAP peer authentication succeeded
> > for xxxxxx
> > Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfReq id=0x1 <addr
> > 207.3.16.162> <compress VJ 0f 01>]
> > Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x1 <addr
> > 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 192.168.1.1> <ms-dns3 0.0.0.0>
> > <ms-wins 0.0.0.0>]
> > Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfRej id=0x1 <ms-dns1
> > 0.0.0.0> <ms-dns3 0.0.0.0>]
> > Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x2 <addr
> > 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 192.168.1.1> <ms-dns3 0.0.0.0>
> > <ms-wins 0.0.0.0>]
> > Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfRej id=0x2 <ms-dns1
> > 0.0.0.0> <ms-dns3 0.0.0.0>]
> > Mar  7 09:40:38 poptop pppd[11635]: rcvd [LCP ProtRej id=0x3 80 fd 01 01
> > 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
> > Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfRej id=0x1 <compress VJ
> > 0f 01>]
> > Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfReq id=0x2 <addr
> > 207.3.16.162>]
> > Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x3 <addr
> > 0.0.0.0> <ms-wins 192.168.1.1> <ms-wins 0.0.0.0>]
> > Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfNak id=0x3 <addr
> > 192.168.1.126> <ms-wins 192.168.1.1>]
> > Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfAck id=0x2 <addr
> > 207.3.16.162>]
> > Mar  7 09:40:38 poptop pppd[11635]: rcvd [IPCP ConfReq id=0x4 <addr
> > 192.168.1.126> <ms-wins 192.168.1.1> <ms-wins 192.168.1.1>]
> > Mar  7 09:40:38 poptop pppd[11635]: sent [IPCP ConfAck id=0x4 <addr
> > 192.168.1.126> <ms-wins 192.168.1.1> <ms-wins 192.168.1.1>]
> > Mar  7 09:40:38 poptop pppd[11635]: found interface eth0 for proxy arp
> > Mar  7 09:40:38 poptop pppd[11635]: local  IP address 207.3.16.162
> > Mar  7 09:40:38 poptop pppd[11635]: remote IP address 192.168.1.126
> > Mar  7 09:40:38 poptop pppd[11635]: Script /etc/ppp/ip-up started (pid
> > 11645)
> > Mar  7 09:40:41 poptop pppd[11635]: Script /etc/ppp/ip-up finished (pid
> > 11645), status = 0x0
> > Mar  7 09:42:16 poptop pptpd[11634]: GRE: Discarding out of order packet
> > Mar  7 09:42:53 poptop last message repeated 3 times
> > Mar  7 09:43:54 poptop last message repeated 7 times
> > Mar  7 09:44:56 poptop last message repeated 7 times
> > Mar  7 09:45:58 poptop last message repeated 8 times
> > Mar  7 09:47:18 poptop last message repeated 10 times
> > Mar  7 09:48:21 poptop last message repeated 7 times
> > Mar  7 09:49:29 poptop last message repeated 15 times
> > Mar  7 09:50:37 poptop last message repeated 9 times
> > Mar  7 09:51:49 poptop last message repeated 8 times
> > Mar  7 09:52:50 poptop last message repeated 9 times
> > Mar  7 09:53:07 poptop last message repeated 5 times
> > Mar  7 09:53:43 poptop pppd[11635]: rcvd [LCP TermReq id=0x4]
> > Mar  7 09:53:43 poptop pppd[11635]: LCP terminated by peer
> > Mar  7 09:53:43 poptop pppd[11635]: Script /etc/ppp/ip-down started (pid
> > 11678)
> > Mar  7 09:53:43 poptop pppd[11635]: sent [LCP TermAck id=0x4]
> > Mar  7 09:53:44 poptop pptpd[11634]: CTRL: Error with select(), quitting
> > Tue Mar  7 09:53:44 EST 2000: ip-down   1:ppp0 2:/dev/pts/2 3:115200
> > 4:207.3.16.162 5:192.168.1.126 6:
> > Mar  7 09:53:44 poptop pptpd[11634]: CTRL: Client 165.247.116.251 control
> > connection finished
> > Mar  7 09:53:44 poptop pppd[11635]: Modem hangup
> > Mar  7 09:53:44 poptop pppd[11635]: Connection terminated.
> > Mar  7 09:53:44 poptop pppd[11635]: Connect time 13.3 minutes.
> > Mar  7 09:53:44 poptop pppd[11635]: Sent 162963 bytes, received 1130489
> > bytes.
> > Mar  7 09:53:44 poptop pppd[11635]: Waiting for 1 child processes...
> > Mar  7 09:53:44 poptop pppd[11635]:   script /etc/ppp/ip-down, pid 11678
> > Tue Mar  7 09:53:44 EST 2000: ip-down  Firewall rules removed for
> > ppp0:192.168.1.126
> > Mar  7 09:53:45 poptop pppd[11635]: Script /etc/ppp/ip-down finished (pid
> > 11678), status = 0x0
> > Mar  7 09:53:45 poptop pppd[11635]: Exit.
> > Mar  9 08:50:21 poptop ftpd[12715]: FTP LOGIN FROM powell @ Tux.agande.com
> > [192.168.1.121], ebpowell
> >
> > # End snippet#
> >
> > Traceoute data from our location to his address:
> >
> > # begin traceroute: #
> >
> >  1  ADSL.ATM40.RedBack.Greensboro.netmcr.com (207.3.16.1)  56.501 ms
> > 26.970 ms  16.658 ms
> >  2  Ethernet1.Cisco4700M.Greensboro.netmcr.com (206.154.10.1)  19.758 ms
> > 14.346 ms  17.496 ms
> >  3  border7-serial4-1-4.Greensboro.cw.net (204.70.227.125)  50.933 ms
> > 23.291 ms  22.070 ms
> >  4  core2-fddi-0.Greensboro.cw.net (204.70.80.49)  133.869 ms  204.526 ms
> > 256.648 ms
> >  5  core7.Washington.cw.net (204.70.4.117)  33.220 ms  71.556 ms  28.342
> > ms
> >  6  dca1-core10-s3-1.atlas.digex.net (165.117.59.25)  44.118 ms  48.390 ms
> > 35.243 ms
> >  7  dca1-core11-pos7-0.atlas.digex.net (165.117.48.198)  41.653 ms  27.510
> > ms  30.565 ms
> >  8  dca1-core12-pos7-0.atlas.digex.net (165.117.48.202)  61.445 ms  28.905
> > ms  38.940 ms
> >  9  atl2-core2-s1-1-0.atlas.digex.net (165.117.51.109)  68.578 ms  98.246
> > ms  68.290 ms
> > 10  cisco-2-h1-0.atl2.mindspring.net (209.49.169.166)  61.072 ms  70.494
> > ms  73.074 ms
> > 11  cisco-3-f4-1-0.atl2.mindspring.net (207.69.223.172)  55.963 ms  58.863
> > ms  67.215 ms
> > 12  cisco-s0-0-1-1.colum2.mindspring.net (207.69.131.118)  50.998 ms
> > 79.489 ms  55.257 ms
> > 13  cisco-s6-0-0.rtp.mindspring.net (207.69.131.114)  75.893 ms  66.152 ms
> > 69.253 ms
> > 14  cisco-s2-0-1.norva2.mindspring.net (207.69.230.241)  90.486 ms
> > 127.399 ms  91.651 ms
> > 15  209.86.66.174 (209.86.66.174)  108.627 ms  97.339 ms  101.990 ms
> > 16  arc-5a.rmond.mindspring.net (207.69.144.92)  114.204 ms  100.371 ms
> > 97.749 ms
> > 17  user-2ivet7r.dialup.mindspring.com (165.247.116.251)  215.855 ms
> > 211.286 ms  216.013 ms
> >
> > #End traceroute
> >
> > Eric B Powell
> > Network Administrator
> > Applied Geosciences and Engineering
> > 405-A Parkway Dr
> > Greensboro, NC 27401
> > Phone: (336) 274-9456
> > Fax: (336) 274-9486
> > E-mail: Powell at AGandE.com
> > Website: http://www.agande.com
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 




From natecars at real-time.com  Fri Mar 10 09:44:32 2000
From: natecars at real-time.com (Nate Carlson)
Date: Fri Mar 10 09:44:32 2000
Subject: [pptp-server] Can't ping the local LAN
In-Reply-To: <NDBBIFMMCODKHNMIGAKAKEDACAAA.gbowers@itrus.net>
Message-ID: <Pine.LNX.4.10.10003100942150.18641-100000@enchanter.real-time.com>

On Fri, 10 Mar 2000, Gary Bowers wrote:

> Thanks,
> 
> Ipforwaring was on, but my firewall was blocking forwarding.  I put the
> extra rules in the IPup script, and it works great now.

Ah, yeah, that'd do it.  :)


> PS anyone know how to make the #$&%^ Network Neighborhood work?

Easiest way is to make the pptp clients set their machine's workgroup at
whatever your domain name is, put a WINS server on your network, and have
them use it in their dial-up profile (and/or add the 'ms-wins x.x.x.x' tag
to the ppp options file). This one can be _really_ tricky to get working,
but usually isn't too bad...

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From tmk at netmagic.net  Fri Mar 10 10:15:14 2000
From: tmk at netmagic.net (tmk)
Date: Fri Mar 10 10:15:14 2000
Subject: [pptp-server] Can't ping the local LAN
References: <NDBBIFMMCODKHNMIGAKAKEDACAAA.gbowers@itrus.net>
Message-ID: <001b01bf8aac$1e2c7020$071c0fc0@lala.net>

you'll need to set up a wins server in order to be able to browse the
private lan

you can either have and NT machine do it or set up samba to do it.

tell the clients what its ip addr is by adding the
ms-wins <ip>
to your ppp options file

Kevin
----- Original Message -----
From: Gary Bowers <gbowers at itrus.net>
To: Scott M. Stone <sstone at taos.com>
Cc: <pptp-server at lists.schulte.org>
Sent: Friday, March 10, 2000 5:42 AM
Subject: RE: [pptp-server] Can't ping the local LAN


> Thanks,
>
> Ipforwaring was on, but my firewall was blocking forwarding.  I put the
> extra rules in the IPup script, and it works great now.
>
> Gary
>
> PS anyone know how to make the #$&%^ Network Neighborhood work?
>
> -----Original Message-----
> From: Scott M. Stone [mailto:sstone at taos.com]
> Sent: Wednesday, March 08, 2000 4:00 PM
> To: Gary Bowers
> Cc: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] Can't ping the local LAN
>
>
> On Wed, 8 Mar 2000, Gary Bowers wrote:
>
> > OK
> >
> > I have read all that I can, and now I need some help.
> >
> > I have got poptop configured, and I can make a connection, but I cannot
> ping
> > past the poptop server.
> >
> > I have tried so many different combinations now, that I could not give
you
> > an accurate picture of my environment.
> >
> > I have turned on proxyarp, and i have made the remore and localIPs to be
> on
> > my local lan.  I still get request timed out when trying to ping.
> >
> > Tell me what you need to help me, and its yours.
>
> ok, assuming your local net is 192.168.81.0/24 and your remote side of the
> pptp connection is being assigned 192.168.81.101, do:
>
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.81.0/24 -d 192.168.81.101 -j ACCEPT
> ipchains -A forward -s 192.168.81.101 -d 192.168.81.0/24 -j ACCEPT
>
> see if that helps
>
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From jandeep at interspeed.com  Fri Mar 10 10:19:51 2000
From: jandeep at interspeed.com (Jandeep Kang)
Date: Fri Mar 10 10:19:51 2000
Subject: [pptp-server] URGENT-- need help (Linux pptp server/win clients through the fir
 ewall)
Message-ID: <DFC46331B7D1D3118F99009027C3CFAB81F1@MAIL2>

Hi, 
We have set up the Linux pptp server and have win 98/ NT clients. The server
sits behind a firewall (also linux). I can connect to the Linux PPTP server
using NT/98 from within the network but can't do it through the firewall. We
have the tcp port 1723 redirected through the firewall to the PPTP server
and are forwarding the GRE protocol using Ipfwd to the linux PPTP server. I
can see the Ipfwd in action using the debug mode but I can't establish a
connection. The excerpts from log on the linux box says the following:

pppd[1208] : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap 81> <magic
0xf2ab6569> <pcomp> <accomp>]
last message repeated 9 times
pppd[1208] : LCP: timeout sending Config-Requests
pppd[1208]: Connection terminated.
pppd[1208]: Exit.
pptpd[1207] : GRE: read(fd=4, buffer=804d7c0, len=8196) from PTY failed:
status = -1 error = input/output error
pptpd[1207] : CTRL: PTY read or GRE write failed (pty,gre)=(4,5)
pptpd[1207] : CTRL: Client x.x.x.x control connection finished

the client is a win98 SE.
where is the problem? Is it a problem with PPP implementation on Linux box?
I would really appreciate it if someone who has a similar configuration
could shed some light on it. 
Thanks a lot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000310/f10bf258/attachment.html>

From tmk at netmagic.net  Fri Mar 10 10:44:11 2000
From: tmk at netmagic.net (tmk)
Date: Fri Mar 10 10:44:11 2000
Subject: [pptp-server] URGENT-- need help (Linux pptp server/win clients through the firewall)
References: <DFC46331B7D1D3118F99009027C3CFAB81F1@MAIL2>
Message-ID: <000b01bf8ab0$28c2de80$071c0fc0@lala.net>

URGENT-- need help (Linux pptp server/win clients through the firewall)make sure GRE packets are getting through both ways.. it doesnt look to me like they are.. that is the #1 cause of ppp connections failing if the initial pptp stuff works.

Kevin
  ----- Original Message ----- 
  From: Jandeep Kang 
  To: 'pptp-server at lists.schulte.org' 
  Sent: Friday, March 10, 2000 8:19 AM
  Subject: [pptp-server] URGENT-- need help (Linux pptp server/win clients through the firewall)


  Hi, 
  We have set up the Linux pptp server and have win 98/ NT clients. The server sits behind a firewall (also linux). I can connect to the Linux PPTP server using NT/98 from within the network but can't do it through the firewall. We have the tcp port 1723 redirected through the firewall to the PPTP server and are forwarding the GRE protocol using Ipfwd to the linux PPTP server. I can see the Ipfwd in action using the debug mode but I can't establish a connection. The excerpts from log on the linux box says the following:

  pppd[1208] : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap 81> <magic 0xf2ab6569> <pcomp> <accomp>] 
  last message repeated 9 times 
  pppd[1208] : LCP: timeout sending Config-Requests 
  pppd[1208]: Connection terminated. 
  pppd[1208]: Exit. 
  pptpd[1207] : GRE: read(fd=4, buffer=804d7c0, len=8196) from PTY failed: status = -1 error = input/output error 
  pptpd[1207] : CTRL: PTY read or GRE write failed (pty,gre)=(4,5) 
  pptpd[1207] : CTRL: Client x.x.x.x control connection finished 

  the client is a win98 SE. 
  where is the problem? Is it a problem with PPP implementation on Linux box? I would really appreciate it if someone who has a similar configuration could shed some light on it. 

  Thanks a lot. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000310/4f99243e/attachment.html>

From Steve.Cowles at gte.net  Fri Mar 10 10:54:44 2000
From: Steve.Cowles at gte.net (Cowles, Steve)
Date: Fri Mar 10 10:54:44 2000
Subject: [pptp-server] URGENT-- need help (Linux pptp server/win clien
	ts through the fir ewall)
Message-ID: <31361954B2ADD2118B0900A0C90AFC3E21F6@defiant.dsl.gtei.net>

-----Original Message-----
From: Jandeep Kang [mailto:jandeep at interspeed.com]
Sent: Friday, March 10, 2000 10:19 AM
To: 'pptp-server at lists.schulte.org'
Subject: [pptp-server] URGENT-- need help (Linux pptp server/win clients
through the fir ewall)
Importance: High


Hi, 
We have set up the Linux pptp server and have win 98/ NT clients. The server
sits behind a firewall (also linux). I can connect to the Linux PPTP server
using NT/98 from within the network but can't do it through the firewall. We
have the tcp port 1723 redirected through the firewall to the PPTP server
and are forwarding the GRE protocol using Ipfwd to the linux PPTP server. I
can see the Ipfwd in action using the debug mode but I can't establish a
connection. The excerpts from log on the linux box says the following:
pppd[1208] : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap 81> <magic
0xf2ab6569> <pcomp> <accomp>] 
last message repeated 9 times 
pppd[1208] : LCP: timeout sending Config-Requests 
pppd[1208]: Connection terminated. 
pppd[1208]: Exit. 
pptpd[1207] : GRE: read(fd=4, buffer=804d7c0, len=8196) from PTY failed:
status = -1 error = input/output error 
pptpd[1207] : CTRL: PTY read or GRE write failed (pty,gre)=(4,5) 
pptpd[1207] : CTRL: Client x.x.x.x control connection finished 
the client is a win98 SE. 
where is the problem? Is it a problem with PPP implementation on Linux box?
I would really appreciate it if someone who has a similar configuration
could shed some light on it. 
Thanks a lot. 

-----------------------------
Have you applied John Hardin's pptp masq patch to the kernel on your
firewall? This is necessary in addition to ipfwd and port forwarding of port
1723. I use ipmasqadm to port forward 1723.

On my firewall (running 2.2.14), I see the following when a pptp connection
is allowed through my firewall to my internal poptop/pppd server.

Mar  9 07:44:50 firewall kernel: ip_masq_gre(): creating GRE masq for
192.168.9.3 -> xxx.xxx.xxx.xxx CID=0 MCID=1F18

The xxx is the remote system's IP address.

Also, your ipchain rules need to be setup to allow proto 47 and port 1723.

Checkout this site to obtain the patch.

ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html


Steve Cowles



From patl at cag.lcs.mit.edu  Fri Mar 10 11:26:19 2000
From: patl at cag.lcs.mit.edu (Patrick J. LoPresti)
Date: Fri Mar 10 11:26:19 2000
Subject: [pptp-server] GRE: discarding out of order packet
In-Reply-To: Eric B Powell's message of "Thu, 9 Mar 2000 09:17:01 -0500 (EST)"
References: <Pine.LNX.4.10.10003090858300.30232-100000@Tux.AGandE.com>
Message-ID: <s5gbt4magpa.fsf@egghead.curl.com>

Eric B Powell <powell at agande.com> writes:

> Been reading the list for a couple of months while getting our PPTP
> server up and running. So far so good, but...One client (Win98)
> using Mindspring is generating "GRE: discarding out of order packet"
> errors out wazoo when he connects.

PoPToP 1.1.1 includes a rewrite of the GRE code which gives a more
complete diagnostic for out-of-order packets.  You might try that, to
see if the problem really is packet reordering or if it is some kind
of data corruption.  (If the sequence numbers are close together but
scrambled, then there is a reordering problem.  If the sequence
numbers are all over the map, then they are being corrupted.)

This probably won't solve your problem, but at least it would narrow
it down.

 - Pat



From mstanton at lumend.com  Fri Mar 10 12:21:54 2000
From: mstanton at lumend.com (Mike Stanton)
Date: Fri Mar 10 12:21:54 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
Message-ID: <D094EB914000D3119C9A00A0C99D9337011647@lumend_corp.internal.lumend.com>

Hello everyone,

I'm running PoPToP 1.0.0 on Linux Mandrake 7.0. w/ Samba 2.0.6. My Win98
client (w/ updated 128-bit patch) can establish a 128-bit connection without
incident, but cannot authenticate to the Win NT Domain.  I keep receiving an
error message saying that no NT domain is available. I've tried specifying
in the lmhosts file the domain and PDC and I've also tried specifying the
WINS and DNS servers in the TCP settings of the VPN connectoid.

Can anyone tell me what I'm doing wrong?  I'm so close, yet so far...

Thanks,

Mike



From hshaw at healthcentralrx.com  Fri Mar 10 12:23:29 2000
From: hshaw at healthcentralrx.com (Terrelle Shaw)
Date: Fri Mar 10 12:23:29 2000
Subject: [pptp-server] GRE: discarding out of order packet
References: <Pine.LNX.4.10.10003100904410.30981-100000@Tux.AGandE.com>
Message-ID: <38C93DD1.8A57D48A@healthcentralrx.com>

Well at least in my case.. everyone who's connecting to my VPN server are doing so via DSL or  ethernet
connected machines versus dialup modems.
Not sure what this means tho..
Terrelle


Eric B Powell wrote:

> Here's a thought....
>
> Maybe the culprit on these boxes is the modem or modem driver. I had the
> client remove the entire network stack including LAN and modem drivers,
> run regclean and then re-install the whole shooting match because of one
> symptom dhe reported: after making a PPTP connection, none of his
> DUN functions worked until he rebooted the computer.
>
> I'll let everyone know what the outcome is.
>
> I will also submit some detailed "Win 9x client" instructions once I get
> the documnet finalized and stress tested. Perhaps if several people
> contribute a version of these instrctions we can narrow down what works
> and what doesn't into a "Win 9x PPTP How-To" or some such idea.
>
> In the near future I'll also be working on getting the users who use AOL
> for their connectivity connected via the tunnel...this oughta really suck
> ;)
>
> E-
>
> Eric B Powell
> Geologist / Network Administrator
> Applied Geosciences and Engineering
> 405-A Parkway Dr
> Greensboro, NC 27401
> Phone: (336) 274-9456
> Fax: (336) 274-9486
> E-mail: Powell at AGandE.com
> Website: http://www.agande.com
> Powered by Linux
>
> On Thu, 9 Mar 2000, Terrelle Shaw wrote:
>
> > In short, YES! i have started to see this very same thing. 1 MS client i have is getting this when they
> > are trying to loggin and its throwing this error. It is generated when they are being authenticated
> > though. Problem is there username and password hasn't changed, and they were able to get in before with
> > no problem. They are running NT with service pack 6a. Not sure whats the deal with that 1 client tho..
> >
> > Eric B Powell wrote:
> >
> > > Hello All!
> > >
> > > Been reading the list for a couple of months while getting our PPTP server
> > > up and running. So far so good, but...One client (Win98) using Mindspring
> > > is generating "GRE: discarding out of order packet" errors out wazoo when
> > > he connects. Three other clinets (all three Win98 on different ISP's
> > > (Quest Internet, Netpath and Bellsouth)) can all successfully connect
> > > without problems. I am inclined to believe the problem is on the one
> > > machine or in Mindsprings set-up. Has anyone encountered anything similar?
> > >
> > > The last time the client connected, he reported being able to transmitt
> > > data but that the connection was extremely slow (even though it showed a
> > > conenct speed of 48000kbs). Any thoughts?
> > >
>

> [lots snipped]

>
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> >




From sstone at taos.com  Fri Mar 10 12:41:31 2000
From: sstone at taos.com (Scott M. Stone)
Date: Fri Mar 10 12:41:31 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
In-Reply-To: <D094EB914000D3119C9A00A0C99D9337011647@lumend_corp.internal.lumend.com>
Message-ID: <Pine.LNX.4.10.10003101040100.720-100000@armadillo.wink.com>

On Fri, 10 Mar 2000, Mike Stanton wrote:

> Hello everyone,
> 
> I'm running PoPToP 1.0.0 on Linux Mandrake 7.0. w/ Samba 2.0.6. My Win98
> client (w/ updated 128-bit patch) can establish a 128-bit connection without
> incident, but cannot authenticate to the Win NT Domain.  I keep receiving an
> error message saying that no NT domain is available. I've tried specifying
> in the lmhosts file the domain and PDC and I've also tried specifying the
> WINS and DNS servers in the TCP settings of the VPN connectoid.
> 
> Can anyone tell me what I'm doing wrong?  I'm so close, yet so far...
> 
> Thanks,
> 
> Mike

after the connection is established, can the 98 box ping the NT PDC?  Or
is the Linux box providing PDC services through Samba?

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From sstone at taos.com  Fri Mar 10 12:51:07 2000
From: sstone at taos.com (Scott M. Stone)
Date: Fri Mar 10 12:51:07 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
In-Reply-To: <D094EB914000D3119C9A00A0C99D9337011649@lumend_corp.internal.lumend.com>
Message-ID: <Pine.LNX.4.10.10003101050070.720-100000@armadillo.wink.com>

On Fri, 10 Mar 2000, Mike Stanton wrote:

> Oooh, Good call!  I'm not able to ping the NT PDC from the client, so it
> looks like I need to add another route on the client side. Agree?

... or it could be that your firewall isn't forwarding traffic properly,
too.

> 
> -Mike
> 
> -----Original Message-----
> From: Scott M. Stone [mailto:sstone at taos.com]
> Sent: Friday, March 10, 2000 10:41 AM
> To: Mike Stanton
> Cc: 'pptp-server at lists.schulte.org'
> Subject: Re: [pptp-server] Need Help-Domain Auth. via PoPToP
> 
> 
> On Fri, 10 Mar 2000, Mike Stanton wrote:
> 
> > Hello everyone,
> > 
> > I'm running PoPToP 1.0.0 on Linux Mandrake 7.0. w/ Samba 2.0.6. My Win98
> > client (w/ updated 128-bit patch) can establish a 128-bit connection
> without
> > incident, but cannot authenticate to the Win NT Domain.  I keep receiving
> an
> > error message saying that no NT domain is available. I've tried specifying
> > in the lmhosts file the domain and PDC and I've also tried specifying the
> > WINS and DNS servers in the TCP settings of the VPN connectoid.
> > 
> > Can anyone tell me what I'm doing wrong?  I'm so close, yet so far...
> > 
> > Thanks,
> > 
> > Mike
> 
> after the connection is established, can the 98 box ping the NT PDC?  Or
> is the Linux box providing PDC services through Samba?
> 
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company 
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From mstanton at lumend.com  Fri Mar 10 12:52:34 2000
From: mstanton at lumend.com (Mike Stanton)
Date: Fri Mar 10 12:52:34 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
Message-ID: <D094EB914000D3119C9A00A0C99D9337011649@lumend_corp.internal.lumend.com>

Oooh, Good call!  I'm not able to ping the NT PDC from the client, so it
looks like I need to add another route on the client side. Agree?

-Mike

-----Original Message-----
From: Scott M. Stone [mailto:sstone at taos.com]
Sent: Friday, March 10, 2000 10:41 AM
To: Mike Stanton
Cc: 'pptp-server at lists.schulte.org'
Subject: Re: [pptp-server] Need Help-Domain Auth. via PoPToP


On Fri, 10 Mar 2000, Mike Stanton wrote:

> Hello everyone,
> 
> I'm running PoPToP 1.0.0 on Linux Mandrake 7.0. w/ Samba 2.0.6. My Win98
> client (w/ updated 128-bit patch) can establish a 128-bit connection
without
> incident, but cannot authenticate to the Win NT Domain.  I keep receiving
an
> error message saying that no NT domain is available. I've tried specifying
> in the lmhosts file the domain and PDC and I've also tried specifying the
> WINS and DNS servers in the TCP settings of the VPN connectoid.
> 
> Can anyone tell me what I'm doing wrong?  I'm so close, yet so far...
> 
> Thanks,
> 
> Mike

after the connection is established, can the 98 box ping the NT PDC?  Or
is the Linux box providing PDC services through Samba?

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 



From Steve.Cowles at gte.net  Fri Mar 10 12:56:29 2000
From: Steve.Cowles at gte.net (Cowles, Steve)
Date: Fri Mar 10 12:56:29 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
Message-ID: <31361954B2ADD2118B0900A0C90AFC3E21F7@defiant.dsl.gtei.net>


-----Original Message-----
From: Mike Stanton [mailto:mstanton at lumend.com]
Sent: Friday, March 10, 2000 12:14 PM
To: 'pptp-server at lists.schulte.org'
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP


Hello everyone,

I'm running PoPToP 1.0.0 on Linux Mandrake 7.0. w/ Samba 2.0.6. My Win98
client (w/ updated 128-bit patch) can establish a 128-bit connection without
incident, but cannot authenticate to the Win NT Domain.  I keep receiving an
error message saying that no NT domain is available. I've tried specifying
in the lmhosts file the domain and PDC and I've also tried specifying the
WINS and DNS servers in the TCP settings of the VPN connectoid.

Can anyone tell me what I'm doing wrong?  I'm so close, yet so far...

Thanks,

Mike

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!

1) Can you ping the PDC server after you create the VPN?
2) Can you ping the WINS server after you create the VPN?
3) Does "winipcfg" show the proper settings? e.g. WINS server.
4) Do you see the following (similer) line in your log files when
establishing a connection?
Mar 10 11:43:06 voyager pppd[725]: found interface eth0 for proxy arp

If your unable to ping the PDC or WINS server (from the remote) then this is
a network routing problem which is usually caused by the linux pppd server
not acting as a proxy arp for your connection.

5) What error do you see when typing: net view /domain:<MS Domain Name> fro
the remote.

Steve Cowles



From mstanton at lumend.com  Fri Mar 10 12:59:53 2000
From: mstanton at lumend.com (Mike Stanton)
Date: Fri Mar 10 12:59:53 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
Message-ID: <D094EB914000D3119C9A00A0C99D933701164A@lumend_corp.internal.lumend.com>

Hmmm... I assumed that since both my PPTP server and Firewall are straddling
the same subnets, that reply traffic destined for PPTP clients would travel
back through the PPTP server and not through the firewall, since I disabled
the default route option on the Win98 client.  Is this a correct assumption?

-----Original Message-----
From: Scott M. Stone [mailto:sstone at taos.com]
Sent: Friday, March 10, 2000 10:50 AM
To: Mike Stanton
Cc: 'pptp-server at lists.schulte.org'
Subject: RE: [pptp-server] Need Help-Domain Auth. via PoPToP


On Fri, 10 Mar 2000, Mike Stanton wrote:

> Oooh, Good call!  I'm not able to ping the NT PDC from the client, so it
> looks like I need to add another route on the client side. Agree?

... or it could be that your firewall isn't forwarding traffic properly,
too.

> 
> -Mike
> 
> -----Original Message-----
> From: Scott M. Stone [mailto:sstone at taos.com]
> Sent: Friday, March 10, 2000 10:41 AM
> To: Mike Stanton
> Cc: 'pptp-server at lists.schulte.org'
> Subject: Re: [pptp-server] Need Help-Domain Auth. via PoPToP
> 
> 
> On Fri, 10 Mar 2000, Mike Stanton wrote:
> 
> > Hello everyone,
> > 
> > I'm running PoPToP 1.0.0 on Linux Mandrake 7.0. w/ Samba 2.0.6. My Win98
> > client (w/ updated 128-bit patch) can establish a 128-bit connection
> without
> > incident, but cannot authenticate to the Win NT Domain.  I keep
receiving
> an
> > error message saying that no NT domain is available. I've tried
specifying
> > in the lmhosts file the domain and PDC and I've also tried specifying
the
> > WINS and DNS servers in the TCP settings of the VPN connectoid.
> > 
> > Can anyone tell me what I'm doing wrong?  I'm so close, yet so far...
> > 
> > Thanks,
> > 
> > Mike
> 
> after the connection is established, can the 98 box ping the NT PDC?  Or
> is the Linux box providing PDC services through Samba?
> 
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company 
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 



From mstanton at lumend.com  Fri Mar 10 13:12:32 2000
From: mstanton at lumend.com (Mike Stanton)
Date: Fri Mar 10 13:12:32 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
Message-ID: <D094EB914000D3119C9A00A0C99D933701164C@lumend_corp.internal.lumend.com>

1.) No
2.) No
3.) Yes
4.) I do have a similar message in my log file, however, it is referring to
the eth1, my internal network interface.
5.) Error 6118: The computer(s) sharing resources in this workgroup cannot
be located. The computer(s) might have been restarted. Wait a few minutes...

-----Original Message-----
From: Cowles, Steve [mailto:Steve.Cowles at gte.net]
Sent: Friday, March 10, 2000 10:56 AM
To: 'pptp-server at lists.schulte.org'
Subject: RE: [pptp-server] Need Help-Domain Auth. via PoPToP




-----Original Message-----
From: Mike Stanton [mailto:mstanton at lumend.com]
Sent: Friday, March 10, 2000 12:14 PM
To: 'pptp-server at lists.schulte.org'
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP


Hello everyone,

I'm running PoPToP 1.0.0 on Linux Mandrake 7.0. w/ Samba 2.0.6. My Win98
client (w/ updated 128-bit patch) can establish a 128-bit connection without
incident, but cannot authenticate to the Win NT Domain.  I keep receiving an
error message saying that no NT domain is available. I've tried specifying
in the lmhosts file the domain and PDC and I've also tried specifying the
WINS and DNS servers in the TCP settings of the VPN connectoid.

Can anyone tell me what I'm doing wrong?  I'm so close, yet so far...

Thanks,

Mike

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!

1) Can you ping the PDC server after you create the VPN?
2) Can you ping the WINS server after you create the VPN?
3) Does "winipcfg" show the proper settings? e.g. WINS server.
4) Do you see the following (similer) line in your log files when
establishing a connection?
Mar 10 11:43:06 voyager pppd[725]: found interface eth0 for proxy arp

If your unable to ping the PDC or WINS server (from the remote) then this is
a network routing problem which is usually caused by the linux pppd server
not acting as a proxy arp for your connection.

5) What error do you see when typing: net view /domain:<MS Domain Name> fro
the remote.

Steve Cowles

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!



From Steve.Cowles at gte.net  Fri Mar 10 13:18:33 2000
From: Steve.Cowles at gte.net (Cowles, Steve)
Date: Fri Mar 10 13:18:33 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
Message-ID: <31361954B2ADD2118B0900A0C90AFC3E21F8@defiant.dsl.gtei.net>

Your propably going to have to post the output of "netstat -rn" from both
the linux box (poptop server) and the remote client. Also "ifconfig" output
might help also.

BTW: Is your linux box acting as a firewall? If so, have you enabled
(ACCEPT) proto 47 and port 1723?? This bit me the first time I setup Poptop.

Steve Cowles

-----Original Message-----
From: Mike Stanton [mailto:mstanton at lumend.com]
Sent: Friday, March 10, 2000 1:05 PM
To: 'Cowles, Steve'; 'pptp-server at lists.schulte.org'
Subject: RE: [pptp-server] Need Help-Domain Auth. via PoPToP


1.) No
2.) No
3.) Yes
4.) I do have a similar message in my log file, however, it is referring to
the eth1, my internal network interface.
5.) Error 6118: The computer(s) sharing resources in this workgroup cannot
be located. The computer(s) might have been restarted. Wait a few minutes...

-----Original Message-----
From: Cowles, Steve [mailto:Steve.Cowles at gte.net]
Sent: Friday, March 10, 2000 10:56 AM
To: 'pptp-server at lists.schulte.org'
Subject: RE: [pptp-server] Need Help-Domain Auth. via PoPToP




-----Original Message-----
From: Mike Stanton [mailto:mstanton at lumend.com]
Sent: Friday, March 10, 2000 12:14 PM
To: 'pptp-server at lists.schulte.org'
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP


Hello everyone,

I'm running PoPToP 1.0.0 on Linux Mandrake 7.0. w/ Samba 2.0.6. My Win98
client (w/ updated 128-bit patch) can establish a 128-bit connection without
incident, but cannot authenticate to the Win NT Domain.  I keep receiving an
error message saying that no NT domain is available. I've tried specifying
in the lmhosts file the domain and PDC and I've also tried specifying the
WINS and DNS servers in the TCP settings of the VPN connectoid.

Can anyone tell me what I'm doing wrong?  I'm so close, yet so far...

Thanks,

Mike

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!

1) Can you ping the PDC server after you create the VPN?
2) Can you ping the WINS server after you create the VPN?
3) Does "winipcfg" show the proper settings? e.g. WINS server.
4) Do you see the following (similer) line in your log files when
establishing a connection?
Mar 10 11:43:06 voyager pppd[725]: found interface eth0 for proxy arp

If your unable to ping the PDC or WINS server (from the remote) then this is
a network routing problem which is usually caused by the linux pppd server
not acting as a proxy arp for your connection.

5) What error do you see when typing: net view /domain:<MS Domain Name> fro
the remote.

Steve Cowles

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!



From jandeep at interspeed.com  Fri Mar 10 13:42:29 2000
From: jandeep at interspeed.com (Jandeep Kang)
Date: Fri Mar 10 13:42:29 2000
Subject: [pptp-server] How to get network Neighbourhood working once the connection is e
 stablished
Message-ID: <DFC46331B7D1D3118F99009027C3CFAB81F6@MAIL2>

Hello everybody,
I have gone through all the papers and provided I can establish a connection
using linux pptp server and windows clients, the question is linux pptp
authenticates the machine names (CHAP) not the users, so how do I go about
logging into the NT domain using linux PPTP server and most importantly how
to get the Network Neighbourhood stuff working?
Anybody who has this setup running, please help.
Thanking you in anticipation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000310/97e829db/attachment.html>

From mstanton at lumend.com  Fri Mar 10 13:49:13 2000
From: mstanton at lumend.com (Mike Stanton)
Date: Fri Mar 10 13:49:13 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
Message-ID: <D094EB914000D3119C9A00A0C99D933701164D@lumend_corp.internal.lumend.com>

Steve,

Thanks for your time...

No, my linux box is not yet a firewall. I do have TCP port 1723 specified in
the services file though.

Here is the netstat -rn output from the Win98 client:

Active Routes:

  Network Address          Netmask  Gateway Address        Interface  Metric
          0.0.0.0          0.0.0.0    206.170.6.130    206.170.6.130       1
         10.0.0.0        255.0.0.0      10.0.10.101      10.0.10.101       1
(win98)10.0.10.101 255.255.255.255        127.0.0.1        127.0.0.1       1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1       1
(linux) 170.1.x.x  255.255.255.255    206.170.6.130    206.170.6.130       1
      206.170.6.0    255.255.255.0    206.170.6.130    206.170.6.130       1
    206.170.6.130  255.255.255.255        127.0.0.1        127.0.0.1       1
    206.170.6.255  255.255.255.255    206.170.6.130    206.170.6.130       1
        224.0.0.0        224.0.0.0    206.170.6.130    206.170.6.130       1
        224.0.0.0        224.0.0.0      10.0.10.101      10.0.10.101       1
  255.255.255.255  255.255.255.255    206.170.6.130    206.170.6.130       1

Route Table

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    206.170.6.130:1035     170.1.x.x:1723      ESTABLISHED

Here is the server output:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
10.0.10.101     0.0.0.0         255.255.255.255 UH        0 0          0
ppp0
170.1.x.x       0.0.0.0         255.255.255.255 UH        0 0          0
eth0
10.0.10.250     0.0.0.0         255.255.255.255 UH        0 0          0
eth1
170.1.x.0       0.0.0.0         255.255.255.192 U         0 0          0
eth0
10.0.10.0       0.0.0.0         255.255.255.0   U         0 0          0
eth1
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         170.1.x.x       0.0.0.0         UG        0 0          0
eth0

eth0      Link encap:Ethernet  HWaddr 00:60:97:05:4F:0E  
          inet addr:170.1.x.x  Bcast:170.1.x.255  Mask:255.255.255.192
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1725 errors:0 dropped:0 overruns:0 frame:0
          TX packets:826 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          Interrupt:9 Base address:0xfcc0 

eth1      Link encap:Ethernet  HWaddr 00:50:04:CF:96:14  
          inet addr:10.0.10.250  Bcast:10.0.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:861 errors:0 dropped:0 overruns:0 frame:0
          TX packets:184 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          Interrupt:11 Base address:0xfc00 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.0.10.250  P-t-P:10.0.10.101  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:376 errors:7 dropped:0 overruns:0 frame:0
          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10

-----Original Message-----
From: Cowles, Steve [mailto:Steve.Cowles at gte.net]
Sent: Friday, March 10, 2000 11:18 AM
To: 'pptp-server at lists.schulte.org'
Subject: RE: [pptp-server] Need Help-Domain Auth. via PoPToP


Your propably going to have to post the output of "netstat -rn" from both
the linux box (poptop server) and the remote client. Also "ifconfig" output
might help also.

BTW: Is your linux box acting as a firewall? If so, have you enabled
(ACCEPT) proto 47 and port 1723?? This bit me the first time I setup Poptop.

Steve Cowles

-----Original Message-----
From: Mike Stanton [mailto:mstanton at lumend.com]
Sent: Friday, March 10, 2000 1:05 PM
To: 'Cowles, Steve'; 'pptp-server at lists.schulte.org'
Subject: RE: [pptp-server] Need Help-Domain Auth. via PoPToP


1.) No
2.) No
3.) Yes
4.) I do have a similar message in my log file, however, it is referring to
the eth1, my internal network interface.
5.) Error 6118: The computer(s) sharing resources in this workgroup cannot
be located. The computer(s) might have been restarted. Wait a few minutes...

-----Original Message-----
From: Cowles, Steve [mailto:Steve.Cowles at gte.net]
Sent: Friday, March 10, 2000 10:56 AM
To: 'pptp-server at lists.schulte.org'
Subject: RE: [pptp-server] Need Help-Domain Auth. via PoPToP




-----Original Message-----
From: Mike Stanton [mailto:mstanton at lumend.com]
Sent: Friday, March 10, 2000 12:14 PM
To: 'pptp-server at lists.schulte.org'
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP


Hello everyone,

I'm running PoPToP 1.0.0 on Linux Mandrake 7.0. w/ Samba 2.0.6. My Win98
client (w/ updated 128-bit patch) can establish a 128-bit connection without
incident, but cannot authenticate to the Win NT Domain.  I keep receiving an
error message saying that no NT domain is available. I've tried specifying
in the lmhosts file the domain and PDC and I've also tried specifying the
WINS and DNS servers in the TCP settings of the VPN connectoid.

Can anyone tell me what I'm doing wrong?  I'm so close, yet so far...

Thanks,

Mike

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!

1) Can you ping the PDC server after you create the VPN?
2) Can you ping the WINS server after you create the VPN?
3) Does "winipcfg" show the proper settings? e.g. WINS server.
4) Do you see the following (similer) line in your log files when
establishing a connection?
Mar 10 11:43:06 voyager pppd[725]: found interface eth0 for proxy arp

If your unable to ping the PDC or WINS server (from the remote) then this is
a network routing problem which is usually caused by the linux pppd server
not acting as a proxy arp for your connection.

5) What error do you see when typing: net view /domain:<MS Domain Name> fro
the remote.

Steve Cowles

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!



From Steve.Cowles at gte.net  Fri Mar 10 15:02:11 2000
From: Steve.Cowles at gte.net (Cowles, Steve)
Date: Fri Mar 10 15:02:11 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
Message-ID: <31361954B2ADD2118B0900A0C90AFC3E21F9@defiant.dsl.gtei.net>

Mike,

I must admit, I do not see anything wrong with the route tables. Except on
the windows side for the 10.0.0.0 network netmask not matching the netmask
your linux box (10.0.10.0). But, based on the netmask (on the windows box)
this should not cause a problem. Ifconfig does show the linux box is
receiveing data on ppp0, but very few transmits.

I also noticed that your have two interfaces on the linux box.

1) Have you enabled IP_FORWARDING?
2) Can you ping the linux box from the Windows box?
3) Can you ping the Windows box fron the linux box?
4) What does the output of "ipchains -L -n -v" show?

If you truly have ipchains disabled (as you stated earlier), there should
only be 3 lines printed out that show a default policy of ACCEPT for
input/ouput/forward.

5) What does the output of "arp -a" show when your connected. You should see
refernece for your remote address.

Thats all I can think of.

Steve Cowles



From sstone at taos.com  Fri Mar 10 15:21:39 2000
From: sstone at taos.com (Scott M. Stone)
Date: Fri Mar 10 15:21:39 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
In-Reply-To: <D094EB914000D3119C9A00A0C99D933701164A@lumend_corp.internal.lumend.com>
Message-ID: <Pine.LNX.4.10.10003101320360.720-100000@armadillo.wink.com>

On Fri, 10 Mar 2000, Mike Stanton wrote:

> Hmmm... I assumed that since both my PPTP server and Firewall are straddling
> the same subnets, that reply traffic destined for PPTP clients would travel
> back through the PPTP server and not through the firewall, since I disabled
> the default route option on the Win98 client.  Is this a correct assumption?

only if you're using proxyarp.

> 
> -----Original Message-----
> From: Scott M. Stone [mailto:sstone at taos.com]
> Sent: Friday, March 10, 2000 10:50 AM
> To: Mike Stanton
> Cc: 'pptp-server at lists.schulte.org'
> Subject: RE: [pptp-server] Need Help-Domain Auth. via PoPToP
> 
> 
> On Fri, 10 Mar 2000, Mike Stanton wrote:
> 
> > Oooh, Good call!  I'm not able to ping the NT PDC from the client, so it
> > looks like I need to add another route on the client side. Agree?
> 
> ... or it could be that your firewall isn't forwarding traffic properly,
> too.
> 
> > 
> > -Mike
> > 
> > -----Original Message-----
> > From: Scott M. Stone [mailto:sstone at taos.com]
> > Sent: Friday, March 10, 2000 10:41 AM
> > To: Mike Stanton
> > Cc: 'pptp-server at lists.schulte.org'
> > Subject: Re: [pptp-server] Need Help-Domain Auth. via PoPToP
> > 
> > 
> > On Fri, 10 Mar 2000, Mike Stanton wrote:
> > 
> > > Hello everyone,
> > > 
> > > I'm running PoPToP 1.0.0 on Linux Mandrake 7.0. w/ Samba 2.0.6. My Win98
> > > client (w/ updated 128-bit patch) can establish a 128-bit connection
> > without
> > > incident, but cannot authenticate to the Win NT Domain.  I keep
> receiving
> > an
> > > error message saying that no NT domain is available. I've tried
> specifying
> > > in the lmhosts file the domain and PDC and I've also tried specifying
> the
> > > WINS and DNS servers in the TCP settings of the VPN connectoid.
> > > 
> > > Can anyone tell me what I'm doing wrong?  I'm so close, yet so far...
> > > 
> > > Thanks,
> > > 
> > > Mike
> > 
> > after the connection is established, can the 98 box ping the NT PDC?  Or
> > is the Linux box providing PDC services through Samba?
> > 
> > --------------------------
> > Scott M. Stone, CCNA <sstone at taos.com>
> > UNIX Systems and Network Engineer
> > Taos - The SysAdmin Company 
> > 
> 
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company 
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From Steve.Cowles at gte.net  Fri Mar 10 15:33:25 2000
From: Steve.Cowles at gte.net (Cowles, Steve)
Date: Fri Mar 10 15:33:25 2000
Subject: [pptp-server] How to get network Neighbourhood working once t
	he connection is e stablished
Message-ID: <31361954B2ADD2118B0900A0C90AFC3E21FA@defiant.dsl.gtei.net>

-----Original Message-----
From: Jandeep Kang [mailto:jandeep at interspeed.com]
Sent: Friday, March 10, 2000 1:42 PM
To: 'pptp-server at lists.schulte.org'
Subject: [pptp-server] How to get network Neighbourhood working once the
connection is e stablished


Hello everybody, 
I have gone through all the papers and provided I can establish a connection
using linux pptp server and windows clients, the question is linux pptp
authenticates the machine names (CHAP) not the users, so how do I go about
logging into the NT domain using linux PPTP server and most importantly how
to get the Network Neighbourhood stuff working?
Anybody who has this setup running, please help. 
Thanking you in anticipation. 

---- Disabled HTML Tags for reply -----
[Cowles, Steve] 
In order to authenticate to a MS Domain Controller and use Network
Neighborhood from a Windows based client... using Poptop

1) you must have a WINS server running on your local network.
2) on your poptop server, /etc/ppp/options must contain a "ms-wins"
directive which is set to the IP address of the WINS server. This IP address
will be sent to the client when they establish their PPTP connection.
3) Obviously, your Windows client "Client for MS Networking" must be setup
to login to a MS domain and also have its workgroup setting match that
domain.

A typical dialup scenario (at least for me using NT Workstation, NOT Win98)
is
1) Turn on Laptop and login (I will get the NO Doamin Controller Found
message) Duh!
2) Dial into local ISP using dialup networking. (standard ppp)
3) Create the PPTP tunnel using Dialup Networking. Within about a minute, my
laptop will finally authenticate with the PDC and the browser info is now
available for network neighborhood. This happens because the WINS server can
now be queried by my laptop for the PDC record and the __MASTER_BROWSER__
record.

Steve Cowles



From mstanton at lumend.com  Fri Mar 10 16:14:47 2000
From: mstanton at lumend.com (Mike Stanton)
Date: Fri Mar 10 16:14:47 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
Message-ID: <D094EB914000D3119C9A00A0C99D933701164E@lumend_corp.internal.lumend.com>

Oh, man- if it were a snake, if would have bit me! No matter how hard I was
trying, those packets wouldn't jump the chasm between interfaces without
enabling IP FORWARDING! (such a tiny little box to be checked)Duh!

Thanks for pointing that out. All is working well.

M

-----Original Message-----
From: Cowles, Steve [mailto:Steve.Cowles at gte.net]
Sent: Friday, March 10, 2000 1:01 PM
To: 'pptp-server at lists.schulte.org'
Subject: RE: [pptp-server] Need Help-Domain Auth. via PoPToP


Mike,

I must admit, I do not see anything wrong with the route tables. Except on
the windows side for the 10.0.0.0 network netmask not matching the netmask
your linux box (10.0.10.0). But, based on the netmask (on the windows box)
this should not cause a problem. Ifconfig does show the linux box is
receiveing data on ppp0, but very few transmits.

I also noticed that your have two interfaces on the linux box.

1) Have you enabled IP_FORWARDING?
2) Can you ping the linux box from the Windows box?
3) Can you ping the Windows box fron the linux box?
4) What does the output of "ipchains -L -n -v" show?

If you truly have ipchains disabled (as you stated earlier), there should
only be 3 lines printed out that show a default policy of ACCEPT for
input/ouput/forward.

5) What does the output of "arp -a" show when your connected. You should see
refernece for your remote address.

Thats all I can think of.

Steve Cowles

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!



From mstanton at lumend.com  Fri Mar 10 17:06:49 2000
From: mstanton at lumend.com (Mike Stanton)
Date: Fri Mar 10 17:06:49 2000
Subject: [pptp-server] Need Help-Domain Auth. via PoPToP
Message-ID: <D094EB914000D3119C9A00A0C99D933701164F@lumend_corp.internal.lumend.com>

Not quite there...

What's happening is when I initiate the VPN connection, I still get the
dialog box telling me that no domain server is available, I then click OK
and it stops trying to log in and minimizes the connection dialog box.
However, I can ping any box on the local network by either it's netbios name
or ip address, the linux box can ping the remote client, and I can see all
of the other computers through network neighborhood and can connect to
them?!! Why am I not able to run the NT login script, and if a domain
controller cannot be found why is my message log telling me that MSCHAP-v2
peer authentication has succeeded for 'domain\\username' and allows me to
access server folders? 

BTW, here is my ppp/options file:

lock
debug
name pptp
auth
+chap
+mschap
+mschap-v2
mppe-40
mppe-128
mppe-stateless
require-mschap-v2
ms-wins = 10.0.10.10
proxyarp

Could this be more of a Samba issue?

-----Original Message-----
From: Cowles, Steve [mailto:Steve.Cowles at gte.net]
Sent: Friday, March 10, 2000 1:01 PM
To: 'pptp-server at lists.schulte.org'
Subject: RE: [pptp-server] Need Help-Domain Auth. via PoPToP


Mike,

I must admit, I do not see anything wrong with the route tables. Except on
the windows side for the 10.0.0.0 network netmask not matching the netmask
your linux box (10.0.10.0). But, based on the netmask (on the windows box)
this should not cause a problem. Ifconfig does show the linux box is
receiveing data on ppp0, but very few transmits.

I also noticed that your have two interfaces on the linux box.

1) Have you enabled IP_FORWARDING?
2) Can you ping the linux box from the Windows box?
3) Can you ping the Windows box fron the linux box?
4) What does the output of "ipchains -L -n -v" show?

If you truly have ipchains disabled (as you stated earlier), there should
only be 3 lines printed out that show a default policy of ACCEPT for
input/ouput/forward.

5) What does the output of "arp -a" show when your connected. You should see
refernece for your remote address.

Thats all I can think of.

Steve Cowles

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!



From jsholmes at MIT.EDU  Fri Mar 10 20:04:54 2000
From: jsholmes at MIT.EDU (John Holmes)
Date: Fri Mar 10 20:04:54 2000
Subject: [pptp-server] can't ping past server
Message-ID: <FAENLCMGBDIHJDFHKNGCEELPCCAA.jsholmes@mit.edu>

hi there. the problem i'm having is that i can ping the ip of the server and
the ip it is assigning me just fine, but can't seem to ping anything else.
anyone know what i'm doing wrong? i'm convinced it's a simple routing
detail, but i'm confusing myself with tunnels within tunnels. thanks.

here's the setup i'm trying to get to work:

i have a win2k client on a local, private network behind a freebsd nat. this
is connected via cablemodem to an isp and the internet. i want to tunnel
into a public network so it appears as if my computer is on that network,
instead of the local, private one. this is largely so that am externally
reachable with udp. in any event, here are my config details:

The address of the server on the public (mit) network is 18.245.0.173
(cerebral.mit.edu). i want my home machine to appear as 18.245.1.107
(x-rated.mit.edu).

on the redhat SERVER:

/etc/pptpd.conf:
localip 18.245.1.107
remoteip 10.255.254.107

[root at cerebral /etc]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
10.255.254.107  *               255.255.255.255 UH    0      0        0 ppp0
18.245.0.173    *               255.255.255.255 UH    0      0        0 eth0
18.245.0.0      *               255.255.0.0     U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         NW12-RTR-W7-ETH 0.0.0.0         UG    0      0        0 eth0

[root at cerebral /etc]# ipchains --list
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination           ports
ACCEPT     all  ------  X-RATED.MIT.EDU       10.255.254.107        n/a
ACCEPT     all  ------  10.255.254.107        X-RATED.MIT.EDU       n/a
Chain output (policy ACCEPT):


on the win2k CLIENT, here is the routing table (yes, it looks weird. the
complication is that the freebsd nat has an ip in ip encapsulator that is
connected to the 18.101 subnet. this lets the win2k client also be known as
18.101.0.181. i'm trying to set up a pptp tunnel through this ip in ip
tunnel) :

D:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 60 08 35 d2 8d ...... 3Com 3C90x Ethernet Adapter
0x10000004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   10.255.254.107  10.255.254.107       1
          0.0.0.0          0.0.0.0     18.101.0.177    18.101.0.181       2
   10.255.254.107  255.255.255.255        127.0.0.1       127.0.0.1       1
   10.255.255.255  255.255.255.255   10.255.254.107  10.255.254.107       1
       18.26.2.13  255.255.255.255     18.101.0.177    18.101.0.181       1
     18.101.0.176  255.255.255.240     18.101.0.181    18.101.0.181       1
     18.101.0.181  255.255.255.255        127.0.0.1       127.0.0.1       1
     18.245.0.173  255.255.255.255     18.101.0.177    18.101.0.181       1
     18.245.1.107  255.255.255.255   10.255.254.107  10.255.254.107       1
   18.255.255.255  255.255.255.255     18.101.0.181    18.101.0.181       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
   206.154.102.12  255.255.255.255     18.101.0.177    18.101.0.181       1
        224.0.0.0        224.0.0.0   10.255.254.107  10.255.254.107       1
        224.0.0.0        224.0.0.0     18.101.0.181    18.101.0.181       1
  255.255.255.255  255.255.255.255     18.101.0.181    18.101.0.181       1
Default Gateway:    10.255.254.107
===========================================================================
Persistent Routes:
  None


Thanks,
John




From mrolen at uswest.net  Fri Mar 10 23:24:46 2000
From: mrolen at uswest.net (Mark Rolen)
Date: Fri Mar 10 23:24:46 2000
Subject: [pptp-server] domain\\username
Message-ID: <NDBBLAAHILCDDEMGEBDCCECMCBAA.mrolen@uswest.net>

Hey, thought I'd seen mention that one of the patches would strip the
'domain\\' part of a user's login?  Was I dreaming, or is this possible?
It'd make things far, far easier for my implementation if I could actually
authenticate on username ONLY, not having to worry about what cute workgroup
names 40 different people have put on their home PCs and having to change
chap-secrets every time one of them changes it on their side...    : )


mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 1716 bytes
Desc: not available
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000310/6ad0f301/attachment.bin>

From barjunk at attglobal.net  Sat Mar 11 13:05:57 2000
From: barjunk at attglobal.net (Barsalou)
Date: Sat Mar 11 13:05:57 2000
Subject: [pptp-server] domain\\username
In-Reply-To: <200003111800.MAA30657@snaildust.schulte.org>
Message-ID: <200003111905.NAA30987@snaildust.schulte.org>

I am assuming there are two different authentications happening.  One is 
with the PPTP server and the other is with the NT domain.

Why don't we make this an option in the pptp option file.  That way some of 
us who don't mind it being there can keep it?  Or what about stripping it for 
the Chap authentication part but leaving it so that the user who needs to 
authenticate to the PDC, can?

Maybe both of these things can be options?

stripdomain - for the chap authentication and the domain authentication
stripauth - for just the chap authentication.

> 
> Hey, thought I'd seen mention that one of the patches would strip the
> 'domain\\' part of a user's login?  Was I dreaming, or is this possible?
> It'd make things far, far easier for my implementation if I could
> actually
> authenticate on username ONLY, not having to worry about what cute
> workgroup
> names 40 different people have put on their home PCs and having to
> change
> chap-secrets every time one of them changes it on their side...    : )
> 
> 
> mark
> 





From tmk at netmagic.net  Sat Mar 11 15:55:14 2000
From: tmk at netmagic.net (tmk)
Date: Sat Mar 11 15:55:14 2000
Subject: [pptp-server] domain\\username
References: <200003111905.NAA30987@snaildust.schulte.org>
Message-ID: <000e01bf8ba4$bfbd12c0$071c0fc0@lala.net>

since pptp doesnt actually do any authentication, and since these patches
are for pppd, not pptpd, those options wouldnt make sense for pptpd.

if you really want them, you could suggest it to the pppd folks

Kevin
----- Original Message -----
From: Barsalou <barjunk at attglobal.net>
To: <pptp-server at lists.schulte.org>
Sent: Saturday, March 11, 2000 11:06 AM
Subject: [pptp-server] domain\\username


> I am assuming there are two different authentications happening.  One is
> with the PPTP server and the other is with the NT domain.
>
> Why don't we make this an option in the pptp option file.  That way some
of
> us who don't mind it being there can keep it?  Or what about stripping it
for
> the Chap authentication part but leaving it so that the user who needs to
> authenticate to the PDC, can?
>
> Maybe both of these things can be options?
>
> stripdomain - for the chap authentication and the domain authentication
> stripauth - for just the chap authentication.
>
> >
> > Hey, thought I'd seen mention that one of the patches would strip the
> > 'domain\\' part of a user's login?  Was I dreaming, or is this possible?
> > It'd make things far, far easier for my implementation if I could
> > actually
> > authenticate on username ONLY, not having to worry about what cute
> > workgroup
> > names 40 different people have put on their home PCs and having to
> > change
> > chap-secrets every time one of them changes it on their side...    : )
> >
> >
> > mark
> >
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From vigov at com2com.ru  Sun Mar 12 16:21:50 2000
From: vigov at com2com.ru (vigov)
Date: Sun Mar 12 16:21:50 2000
Subject: [pptp-server] remote and local IPs
Message-ID: <6934.000312@com2com.ru>

Hello Evrebody.
I've got the follow situation.
There's a private untrusted network with 192.168.X.X
and this network connected to Inet through FBSD 3.4 with nat.
I have to do ppl from workstations in private net can log in to server
(PoPTop under FBSD) and walk out to Inet. What ips must i assign as
local and as remote.

There's scheme
                    if1 = 192.168.32.20
!--------------!         !----------!
! ws           !---------! FBSD     !-------- to Internet
!192.168.32.18 !         ! pptpd    ! if2 = real ip
!--------------!         !----------!
-- 
Best regards,
 vigov                          mailto:vigov at com2com.ru





From bhorton at pneumasoft.com  Sun Mar 12 16:58:03 2000
From: bhorton at pneumasoft.com (Bob Horton)
Date: Sun Mar 12 16:58:03 2000
Subject: [pptp-server] Can't see anything at the other end of the tunnel!
Message-ID: <001001bf8c76$39e1eb80$190d4818@AMD333.pneumasoft.com>

I'm trying to set up PoPToP to allow me to get from my machine (Win 9x)
connected to the Internet via cable modem to a Linux box (RedHat 6.1) with
PoPToP that will allow me to then connect to and use resources on the Lan on
the other side ("internal") of the Linux box.


Win 9x --> Internet --> RedHat 6.1 w/ PoPToP --> Destination Lan

I have gotten it working well enough to allow me to ping the ethernet card
connected to the destination Lan but I can't seem to go beyond that.

I have set the IP address of my VPN connection on Win 9x to be in the same
subnet as the Destination LAN (I hope that was correct).

IP Addresses are as follows:

Win 9x          RedHat External    RedHat Internal      LAN
24.72.xx.xx     24.72.yy.yy         192.68.0.230         192.68.0.xxx

VPN "Connector" on Win 9x box
192.68.0.231

As stated, I can ping 192.68.0.230 but nothing else inside the LAN.

I have my config file set up with
speed 115200
localip 24.72.3.37
remoteip 192.68.0.230

I also keep getting an error message on the display for the Linux box every
time I try and connect after the first time saying there are no more ports
available ... again, I'm not sure why.

Any help would be much appreciated.

Thanks.

Bob Horton.





From bhorton at pneumasoft.com  Sun Mar 12 17:05:05 2000
From: bhorton at pneumasoft.com (Bob Horton)
Date: Sun Mar 12 17:05:05 2000
Subject: [pptp-server] Can't see anything at the other end of the tunnel! - Part 2
Message-ID: <001101bf8c77$2a4f4c20$190d4818@AMD333.pneumasoft.com>

Sorry, forgot to mention that most of the resources on the other end of the
Tunnel are Windows based.

Bob Horton





From andy at cablecom.co.uk  Mon Mar 13 04:05:58 2000
From: andy at cablecom.co.uk (Andy Coy)
Date: Mon Mar 13 04:05:58 2000
Subject: [pptp-server] FreeBSD
Message-ID: <NDBBILEIMMEHGADHGMGKGEFMCBAA.andy@cablecom.co.uk>

Hi,

I have set up poptop on FreeBSD, from the ports selection. It didn't seem to
make the config files, so I did myself then ran pptpd -c /file. The daemon
starts but when a win 98 client tries to connect I get the error message:
Configuration label not found
My BSD box has 2 network cards, one with a ripe registered IP Address, one
with a LAN IP Address. The box does NAT for our net access, will this cause
problems??
Thanks in advance, any help you can give will be greatly appreciated.

Andy




From Steve.Cowles at gte.net  Mon Mar 13 07:40:29 2000
From: Steve.Cowles at gte.net (Cowles, Steve)
Date: Mon Mar 13 07:40:29 2000
Subject: [pptp-server] Can't see anything at the other end of the tunn
	el!
Message-ID: <31361954B2ADD2118B0900A0C90AFC3E21FB@defiant.dsl.gtei.net>


> -----Original Message-----
> From: Bob Horton [mailto:bhorton at pneumasoft.com]
> Sent: Sunday, March 12, 2000 4:57 PM
> To: Pptp-Server Mailing List
> Subject: [pptp-server] Can't see anything at the other end of the
> tunnel!
> 
> 
> I'm trying to set up PoPToP to allow me to get from my 
> machine (Win 9x)
> connected to the Internet via cable modem to a Linux box 
> (RedHat 6.1) with
> PoPToP that will allow me to then connect to and use 
> resources on the Lan on
> the other side ("internal") of the Linux box.
> 
> 
> Win 9x --> Internet --> RedHat 6.1 w/ PoPToP --> Destination Lan
> 
> I have gotten it working well enough to allow me to ping the 
> ethernet card
> connected to the destination Lan but I can't seem to go beyond that.
> 
> I have set the IP address of my VPN connection on Win 9x to 
> be in the same
> subnet as the Destination LAN (I hope that was correct).
> 
> IP Addresses are as follows:
> 
> Win 9x          RedHat External    RedHat Internal      LAN
> 24.72.xx.xx     24.72.yy.yy         192.68.0.230         192.68.0.xxx
> 
> VPN "Connector" on Win 9x box
> 192.68.0.231

If I understand the above... your assigning your IP address (statically).
You should set this "server assigned". Let the PopTop server assign the
"remote" IP address. 

> 
> As stated, I can ping 192.68.0.230 but nothing else inside the LAN.
> 
> I have my config file set up with
> speed 115200
> localip 24.72.3.37
> remoteip 192.68.0.230

In order for the remote to be able to communicate with other resources
(PC's/Servers/Printers) on your internal network, pppd must be configured to
do a "proxyarp" on the internal interface. e.g. It must answer arp requests
on behalf of the remote. 

Plus, is the above a type-o?? Is your internal really 192.68 or is it the
standard un-assigned 192.168.x.x??? If the above LAN is masq'd it does not
really matter, until you try to access a "real" WEB site that has a
192.68.x.x address. Just a consistency concern.

Using the above information from your post, your pptp.conf should be set to
the following to allow the internal interface to proxyarp.

speed 115200
localip 192.68.0.230
remoteip 192.68.0.231

When you connect to your PoptTop/pppd server you should see a "similar"
entry as follows... NOTE: Eth0 is my internal interface. Without the "proxy
arp" entry, you will not be able to communicate with the other servers on
your local LAN.

Mar  7 15:35:21 voyager pppd[14442]: found interface eth0 for proxy arp
Mar  7 15:35:21 voyager pppd[14442]: local  IP address 192.168.9.3
Mar  7 15:35:21 voyager pppd[14442]: remote IP address 192.168.9.101

Also, if your server infrastructure is all MS based, then you
/etc/ppp/options file will need to contain the "ms-wins" directive that
points to the IP address of the your WINS server. type: man pppd   for more
info. Without a WINS server, "Network Neighborhood" will be useless at the
remote.

For reference... my /etc/ppp/options is setup like this. Make the
appropriate changes to fit your environment.

lock
auth
ms-dns 192.168.9.3
ms-dns 192.168.9.2
ms-wins 192.168.9.2
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
proxyarp
 
> 
> I also keep getting an error message on the display for the 
> Linux box every
> time I try and connect after the first time saying there are 
> no more ports
> available ... again, I'm not sure why.

This is a "warning" only. Your pptp.conf file is "currently" configured to
only handout 1 IP address, the next person trying to connect to your server
will NOT be assigned an IP address, which is what the warning message is
stating. This is easily fixed by specifying a range of IP's in your
pptp.conf file for the remotes. e.g. 192.168.0.231-235
 
> 
> Any help would be much appreciated.
> 
> Thanks.
> 
> Bob Horton.

Also, if your linux box is a firewall and the PopTop server... you will need
to ACCEPT protocol 47 (gre) and port 1723 on your external interface. If you
have not already done so.

Steve Cowles



From amacc at iron-bridge.net  Mon Mar 13 08:56:46 2000
From: amacc at iron-bridge.net (Andrew McRory)
Date: Mon Mar 13 08:56:46 2000
Subject: [pptp-server] Weird connection problem
Message-ID: <Pine.LNX.4.02.10003130849260.20537-100000@ns1.mailer.org>

Hello,

I have setup several PoPToP servers and until we tried to put one on a
cable modem have had great success! I have been through the configuration
time and time again but am stuck so I'm asking for help...

We have a server on a cable modem with 2 ethernet cards. eth1 is connected
directly to the cable modem and for illustrative purposes we'll say it's
assigned a static IP of 192.168.3.100. the cable modem is behind two
routers/firewalls and the cable company has assigned an external IP of
192.168.1.100 (forget this is not a valid INternet address - it's just an
example).

192.168.1.100 is translated to the actual cable modem IP 192.168.3.100 so
all connections from the internet make it to the destination. I can SSH
into ther server and can telnet to port 1723 just fine. The problem starts
when we try to initiate a connection from the Windows 98 machine we get an
"error 629 you have been disconnected from the machine you dialed...". My
Windows machine will connect to other PoPToP servers but not this one.

At first GRE was not getting through their firewall. They allowed GRE
through and now my traceroutes get up to the eth1 interface and fail(?)

=========================================================================
traceroute -G some.machine.dom
...
16  some.machine.dom (192.168.1.100)  78.001 ms  78.636 ms  77.562 ms
17  some.machine.dom (192.168.1.100)  94.262 ms  102.853 ms  124.614 ms
18  some.machine.dom (192.168.1.100)  104.934 ms !P  123.807 ms !P 109.413ms !P
=========================================================================

The traceroute man page explains !P is protocol unreachable. Hop 16 is
the cable modem providers internet side firewall. Hop 17 is an internal
router and hop 18 is eth1...

I've run tcpdump on the eth1 but am not real sure what it is saying:

=========================================================================
tcpdump: listening on eth1
09:04:08.768530 me.62367 > 192.168.3.100.1723: S 159332:159332(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
09:04:08.768636 192.168.3.100.1723 > me.62367: S 2999017208:29990 17208(0) ack 159333 win 32120 <mss 1460,nop,nop,sackOK> (DF)
09:04:08.874649 me.62367 > 192.168.3.100.1723: . ack 1 win 8760 (DF)
09:04:08.875933 me.62367 > 192.168.3.100.1723: P 1:157(156) ack 1 win 8760 (DF)
09:04:08.876054 192.168.3.100.1723 > me.62367: . ack 157 win 3196 4 (DF)
09:04:08.881557 192.168.3.100.1723 > me.62367: R 1:1(0) ack 157 win 32120 (DF)
=========================================================================

I've removed all firewalling on the Linux server double and triple checled
the config files. 

Here is my /etc/pptp.conf file

=========================================================================
# default connection speed
speed 115200
# options for pppd
option /etc/pptpd.options
# Debug or no debug
debug
# This machines IP Address
localip 192.168.100.5
# Assigned IP Addresses
remoteip 192.168.100.211-219
# For IPX Only
ipxnets 00001000-00001FFF
# Listen on the interface
listen 192.168.3.100
# Where to keep the pid file (don't set)
#pidfile /var/run/pptpd.pid
=========================================================================

192.168.100. is the internal network I'm trying to connect to...

here is my /etc/pptp.options

=========================================================================
lock
auth
login
proxyarp
name pptpd
require-pap
require-chap
require-chapms
require-chapms-v2
mppe-40
mppe-128
mppe-stateless
=========================================================================

The cable guys have replaced the original Toshiba modem with a Cisco
modem, just in case. eth1 is an Intel 10/100+ PCI if that matters. I can
connect to other PPTP servers with the Windows 98 machine I'm using so I
can't believe it's the client. This configuration is very similar to
several running and working PoPToP servers.

Any help is greatly appreciated!!


WBR,

Andrew McRory / CTO                                  amacc at iron-bridge.net
Iron Bridge Communications                             www.iron-bridge.net
Caldera OpenLinux Contrib RPMS             ftp.iron-bridge.net/pub/Caldera




From natecars at real-time.com  Mon Mar 13 09:42:43 2000
From: natecars at real-time.com (Nate Carlson)
Date: Mon Mar 13 09:42:43 2000
Subject: [pptp-server] remote and local IPs
In-Reply-To: <6934.000312@com2com.ru>
Message-ID: <Pine.LNX.4.10.10003130941150.21576-100000@enchanter.real-time.com>

On Sun, 12 Mar 2000, vigov wrote:

> Hello Evrebody.
> I've got the follow situation.
> There's a private untrusted network with 192.168.X.X
> and this network connected to Inet through FBSD 3.4 with nat.
> I have to do ppl from workstations in private net can log in to server
> (PoPTop under FBSD) and walk out to Inet. What ips must i assign as
> local and as remote.
> 
> There's scheme
>                     if1 = 192.168.32.20
> !--------------!         !----------!
> ! ws           !---------! FBSD     !-------- to Internet
> !192.168.32.18 !         ! pptpd    ! if2 = real ip
> !--------------!         !----------!
> -- 
> Best regards,
>  vigov                          mailto:vigov at com2com.ru

Easiest way is to say local ip = 192.168.32.20, and remote ip's = some
unused ip addresses in the 192.168.32.20/24 network. so, for example, if
the ip addresses of .200+ were unused, you could set the remote ip's to
192.168.32.200-250 to get 51 usable ip's for remote connections..

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From natecars at real-time.com  Mon Mar 13 09:47:41 2000
From: natecars at real-time.com (Nate Carlson)
Date: Mon Mar 13 09:47:41 2000
Subject: [pptp-server] Weird connection problem
In-Reply-To: <Pine.LNX.4.02.10003130849260.20537-100000@ns1.mailer.org>
Message-ID: <Pine.LNX.4.10.10003130946170.21576-100000@enchanter.real-time.com>

On Mon, 13 Mar 2000, Andrew McRory wrote:

> 
> Hello,
> 
> I have setup several PoPToP servers and until we tried to put one on a
> cable modem have had great success! I have been through the configuration
> time and time again but am stuck so I'm asking for help...
> 
> We have a server on a cable modem with 2 ethernet cards. eth1 is connected
> directly to the cable modem and for illustrative purposes we'll say it's
> assigned a static IP of 192.168.3.100. the cable modem is behind two
> routers/firewalls and the cable company has assigned an external IP of
> 192.168.1.100 (forget this is not a valid INternet address - it's just an
> example).
> 
> 192.168.1.100 is translated to the actual cable modem IP 192.168.3.100 so
> all connections from the internet make it to the destination. I can SSH
> into ther server and can telnet to port 1723 just fine. The problem starts
> when we try to initiate a connection from the Windows 98 machine we get an
> "error 629 you have been disconnected from the machine you dialed...". My
> Windows machine will connect to other PoPToP servers but not this one.

*massive snip*

According to the above, the cable modem has it's own IP address, and then
NAT translates traffic to your machine. Are you _positive_ that it is
translating & allowing GRE? From what I can tell, it doesn't sound like
the GRE traffic is ever getting to the linux box... I've heard of tons of
problems using cable modems with weird protocols, this could be another
one of those..

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From amacc at iron-bridge.net  Mon Mar 13 09:52:35 2000
From: amacc at iron-bridge.net (Andrew McRory)
Date: Mon Mar 13 09:52:35 2000
Subject: [pptp-server] Weird connection problem
In-Reply-To: <Pine.LNX.4.10.10003130946170.21576-100000@enchanter.real-time.com>
Message-ID: <Pine.LNX.4.02.10003131048200.20537-100000@ns1.mailer.org>

On Mon, 13 Mar 2000, Nate Carlson wrote:

<snip>

> > into ther server and can telnet to port 1723 just fine. The problem starts
> > when we try to initiate a connection from the Windows 98 machine we get an
> > "error 629 you have been disconnected from the machine you dialed...". My
> > Windows machine will connect to other PoPToP servers but not this one.
> 
> *massive snip*
> 
> According to the above, the cable modem has it's own IP address, and then
> NAT translates traffic to your machine. Are you _positive_ that it is
> translating & allowing GRE? From what I can tell, it doesn't sound like
> the GRE traffic is ever getting to the linux box... I've heard of tons of
> problems using cable modems with weird protocols, this could be another
> one of those..

AFAIK the GRE is being allowed. Running the GRE modified traceroute shows
GRE being passed up until the final interface, eth1 on the linux box. It
looks to me like eth1 won't allow GRE OR the cable modem is not bridging
correctly... 

Thanks,

Andrew McRory / CTO                                  amacc at iron-bridge.net
Iron Bridge Communications                             www.iron-bridge.net
Caldera OpenLinux Contrib RPMS             ftp.iron-bridge.net/pub/Caldera




From natecars at real-time.com  Mon Mar 13 09:57:18 2000
From: natecars at real-time.com (Nate Carlson)
Date: Mon Mar 13 09:57:18 2000
Subject: [pptp-server] Weird connection problem
In-Reply-To: <Pine.LNX.4.02.10003131048200.20537-100000@ns1.mailer.org>
Message-ID: <Pine.LNX.4.10.10003130954580.21576-100000@enchanter.real-time.com>

On Mon, 13 Mar 2000, Andrew McRory wrote:

> On Mon, 13 Mar 2000, Nate Carlson wrote:
> 
> <snip>
> 
> > > into ther server and can telnet to port 1723 just fine. The problem starts
> > > when we try to initiate a connection from the Windows 98 machine we get an
> > > "error 629 you have been disconnected from the machine you dialed...". My
> > > Windows machine will connect to other PoPToP servers but not this one.
> > 
> > *massive snip*
> > 
> > According to the above, the cable modem has it's own IP address, and then
> > NAT translates traffic to your machine. Are you _positive_ that it is
> > translating & allowing GRE? From what I can tell, it doesn't sound like
> > the GRE traffic is ever getting to the linux box... I've heard of tons of
> > problems using cable modems with weird protocols, this could be another
> > one of those..
> 
> AFAIK the GRE is being allowed. Running the GRE modified traceroute shows
> GRE being passed up until the final interface, eth1 on the linux box. It
> looks to me like eth1 won't allow GRE OR the cable modem is not bridging
> correctly... 
> 

Yeah... my bet is that the cable modem is not translating it across the
connection.. have you looked for any configuration options on it to allow
you to configure what protocols are allowed through/filtered/etc? Also,
just for the sake of experimentation, have you tried making and outgoing
pptp connection from that Linux box to see if GRE will go across the
connection? Another good troubleshooting step would be to use the GRE
traceroute from the pptp server out to the internet..

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From amacc at iron-bridge.net  Mon Mar 13 10:21:25 2000
From: amacc at iron-bridge.net (Andrew McRory)
Date: Mon Mar 13 10:21:25 2000
Subject: [pptp-server] Weird connection problem
In-Reply-To: <Pine.LNX.4.10.10003130954580.21576-100000@enchanter.real-time.com>
Message-ID: <Pine.LNX.4.02.10003131109090.20537-100000@ns1.mailer.org>

On Mon, 13 Mar 2000, Nate Carlson wrote:

> > looks to me like eth1 won't allow GRE OR the cable modem is not bridging
> > correctly... 
> > 
> 
> Yeah... my bet is that the cable modem is not translating it across the
> connection.. have you looked for any configuration options on it to allow
> you to configure what protocols are allowed through/filtered/etc? Also,
> just for the sake of experimentation, have you tried making and outgoing
> pptp connection from that Linux box to see if GRE will go across the
> connection? Another good troubleshooting step would be to use the GRE
> traceroute from the pptp server out to the internet..

Dooh! OK.

I just tried that and it worked all the way until it got back to my router
on the other side of my Cisco 2501! Here it is:

=========================================================================
17  XXXX  292.540 ms  309.350 ms 243.571 ms
18  XXXX  78.721 ms  80.244 ms  78.228 ms
19  XXXX  109.649 ms  106.649 ms  101.755 ms
20  XXXX  110.863 ms  105.008 ms 108.737 ms
21  XXXX  114.094 ms  110.537 ms  109.662 ms
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
=========================================================================

Would/Could this prevent connecting to the cable modem server?


Thanks,

Andrew McRory / CTO                                  amacc at iron-bridge.net
Iron Bridge Communications                             www.iron-bridge.net
Caldera OpenLinux Contrib RPMS             ftp.iron-bridge.net/pub/Caldera





From bjeung at teamlynx.com  Mon Mar 13 15:21:42 2000
From: bjeung at teamlynx.com (bjeung at teamlynx.com)
Date: Mon Mar 13 15:21:42 2000
Subject: [pptp-server] PoPToP and Authentication Questions
Message-ID: <40E4A456ED75D311AD7300104B75E7B20120E3@adsl-63-196-211-60.dsl.snfc21.pacbell.net>

A quick glance thru the site and mailing list archives didn't sufficiently
answer my questions or provide the documentation I was looking for. My
question is this: Does PoPToP support authentication against NT Domain
controllers by itself, or does the box running PoPToP work through Samba to
provide this feature? Or is there some other way of doing this that I
missed? Regardless of the ansewr, can someone provide me with a link to
documentation detailing the setup of such a scenario? Thanks

--
Barry Jeung                    Lynx
Senior System Engineer         1501 El Camino Real, Suite D
HTTP://www.TeamLynx.com        Belmont, CA 94002-3946
HTTP://www.ShoppingLynx.com    Phone: 650.596.5777
E-Mail: BJeung at TeamLynx.com    Fax:   650.596.5743




From adam at morrison-ind.com  Mon Mar 13 15:41:52 2000
From: adam at morrison-ind.com (Adam Williams)
Date: Mon Mar 13 15:41:52 2000
Subject: [pptp-server] PoPToP and Authentication Questions
Message-ID: <200003132141.QAA56954@morrison.iserv.net.>

 From          : lists>pptp-server-admin
 To            : adam
 Subject       : [pptp-server] PoPToP and Authentication Questions
 Date          : 01/01/70 01:01


>A quick glance thru the site and mailing list archives didn't sufficiently
>answer my questions or provide the documentation I was looking for. My
>question is this: Does PoPToP support authentication against NT Domain
>controllers by itself, or does the box running PoPToP work through Samba to
>provide this feature? Or is there some other way of doing this that I

No. No. No. and No.~

>missed? Regardless of the ansewr, can someone provide me with a link to
>documentation detailing the setup of such a scenario? Thanks

Authentication is actually handled by PPP.  PPP supports PAM if you use PAP
authentication, which means no encryption.  With PAM you can authenticate
against anything you want.  With CHAP  you must maintain a hideous secrets
file on the PPP server, because you don't have the password you can't auth
against something like PAM.  A couple of people are pondering this dilemma,
but I haven't seen anything come through.  I am also eagerly awaiting this
feature (I want to auth with PAM against an LDAP server).  I'll buy pizza for
anyone who can provide a patch to let me CHAP against PAM.



From Steve.Cowles at gte.net  Mon Mar 13 15:52:34 2000
From: Steve.Cowles at gte.net (Cowles, Steve)
Date: Mon Mar 13 15:52:34 2000
Subject: [pptp-server] PoPToP and Authentication Questions
Message-ID: <31361954B2ADD2118B0900A0C90AFC3E21FC@defiant.dsl.gtei.net>

To answer your question regarding NT Domain Authentication... The answer is
yes and no (I know!!!)

Let me explain:

No... PopTop (itself) does not authenticate you against your NT PDC. Its
role is to authenticate your PPTP/pppd encrypted session (tunnel) through
the use of CHAP. This requires a separate username/password entry on the
linux box running PopTop. <groan>

Yes... Once your PPTP tunnel is established, your client PC running
Win98/WinNT will be able to authenticate to the PDC. Obviously, the
authentication will not occur until the tunnel is brought up. This of course
requires PopTop/pppd to be setup properly and a functional WINS server on
the local LAN so that once the tunnel is brought up, the client PC can
obtain the PDC record from the WINS server. Samba really has nothing to do
with the authentication process unless your using it as a WINS server or a
PDC.

The topic of being able to have pppd authenticate against a MS PDC has been
brought up before in this list. I must admit, it would be nice. I know I
don't like having to maintain two sets of username/passwords on each system.

Steve Cowles


> -----Original Message-----
> From: bjeung at teamlynx.com [mailto:bjeung at teamlynx.com]
> Sent: Monday, March 13, 2000 3:25 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] PoPToP and Authentication Questions
> 
> 
> A quick glance thru the site and mailing list archives didn't 
> sufficiently
> answer my questions or provide the documentation I was looking for. My
> question is this: Does PoPToP support authentication against NT Domain
> controllers by itself, or does the box running PoPToP work 
> through Samba to
> provide this feature? Or is there some other way of doing this that I
> missed? Regardless of the ansewr, can someone provide me with 
> a link to
> documentation detailing the setup of such a scenario? Thanks
> 
> --
> Barry Jeung                    Lynx
> Senior System Engineer         1501 El Camino Real, Suite D
> HTTP://www.TeamLynx.com        Belmont, CA 94002-3946
> HTTP://www.ShoppingLynx.com    Phone: 650.596.5777
> E-Mail: BJeung at TeamLynx.com    Fax:   650.596.5743
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 



From sstone at taos.com  Mon Mar 13 16:04:53 2000
From: sstone at taos.com (Scott M. Stone)
Date: Mon Mar 13 16:04:53 2000
Subject: [pptp-server] PoPToP and Authentication Questions
In-Reply-To: <40E4A456ED75D311AD7300104B75E7B20120E3@adsl-63-196-211-60.dsl.snfc21.pacbell.net>
Message-ID: <Pine.LNX.4.10.10003131403460.672-100000@armadillo.wink.com>

On Mon, 13 Mar 2000 bjeung at teamlynx.com wrote:

> A quick glance thru the site and mailing list archives didn't sufficiently
> answer my questions or provide the documentation I was looking for. My
> question is this: Does PoPToP support authentication against NT Domain
> controllers by itself, or does the box running PoPToP work through Samba to
> provide this feature? Or is there some other way of doing this that I
> missed? Regardless of the ansewr, can someone provide me with a link to
> documentation detailing the setup of such a scenario? Thanks

AFAICT it does neither straight out of the box...

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From macleajb at Trademart-1.ednet.ns.ca  Mon Mar 13 16:17:46 2000
From: macleajb at Trademart-1.ednet.ns.ca (James MacLean)
Date: Mon Mar 13 16:17:46 2000
Subject: [pptp-server] PoPToP and Authentication Questions
In-Reply-To: <200003132141.QAA56954@morrison.iserv.net.>
Message-ID: <Pine.LNX.4.10.10003131813040.4766-100000@Trademart-1.ednet.ns.ca>

On Mon, 13 Mar 2000, Adam Williams wrote:
> >missed? Regardless of the ansewr, can someone provide me with a link to
> >documentation detailing the setup of such a scenario? Thanks
> 
> Authentication is actually handled by PPP.  PPP supports PAM if you use PAP
> authentication, which means no encryption.  With PAM you can authenticate
> against anything you want.  With CHAP  you must maintain a hideous secrets
> file on the PPP server, because you don't have the password you can't auth
> against something like PAM.  A couple of people are pondering this dilemma,
> but I haven't seen anything come through.  I am also eagerly awaiting this
> feature (I want to auth with PAM against an LDAP server).  I'll buy pizza for
> anyone who can provide a patch to let me CHAP against PAM.

Interesting... The pizza that is :).

Since one needs that password to CHAPinate, would you care if it was bare
text stored ACL'd on the LDAP server?

I've had it working this way against ICRadius, but never completed that
project. It was quite an ugly hack at best, but the underlying pain in
the neck was that to make the CHAP compares work, you start with the plain
text password and go forward, not take and MD5, etc... password and work
any other way.

Possibly I missed the obvious solution, but that was the problem as I saw
it and went onward using clear passwords.

JES
--
James B. MacLean        macleajb at ednet.ns.ca
Department of Education http://www.ednet.ns.ca/~macleajb
Nova Scotia, Canada
B3M 4B2




From mm at lunetix.de  Tue Mar 14 06:24:08 2000
From: mm at lunetix.de (Martin Mueller)
Date: Tue Mar 14 06:24:08 2000
Subject: [pptp-server] MPPE encryption failing after some packets
Message-ID: <20000314132428.A26156@cicero.werkleitz.de>

Hi alltogether,

I just set up pptp from a Win98SE client to my linux server. The
server is running on the firewall itself and works just fine
as long as I don't use any form of encryption. The encryption
negotiation also works fine and the systems start to comunicate
in encrypted mode. After a variable number of packets the Win
client starts to send "CCP ResetReq" packets which considerably
lower performance. After again some time the encryption seems to
run out of sync since the pppd on linux writes messages like:

	rcvd [Compressed data] 90 55 58 59 13 e4 a1 10 ...


From Thierry.Coutelier at prophecy.lu  Tue Mar 14 07:59:01 2000
From: Thierry.Coutelier at prophecy.lu (Thierry Coutelier)
Date: Tue Mar 14 07:59:01 2000
Subject: [pptp-server] Disconnection not stopping the pppd process
Message-ID: <38CE4131.A0E8E2CB@prophecy.lu>

Hello,

When a user connects to the pptp server and then disconnects
  from his ISP I still see the pppd connection.
Is there a way to get it disconnected.

For the moment I use a perl scrip to disconnect  reconnecting
  users. Not a good solution as I have to keep track of the connections.

Is this a bug or simply a misconfiguration ?

PPTP version is PoPToP v1.1.1 , Linux Kernel 2.3.47 pppd 2.3.10
  using transparent proxy with netfilters.

---
Thierry.Coutelier at linux.lu
http://www.linux.lu



From Steve.Cowles at gte.net  Tue Mar 14 09:04:32 2000
From: Steve.Cowles at gte.net (Cowles, Steve)
Date: Tue Mar 14 09:04:32 2000
Subject: [pptp-server] Disconnection not stopping the pppd process
Message-ID: <31361954B2ADD2118B0900A0C90AFC3E21FD@defiant.dsl.gtei.net>

Good question... I am also having a problem with this. e.g. If I forget to
"tear down" my PPTP connection "first" before logging out from my ISP, then
the connection on my linux box remains open.

Is their an equivelent to what "mgetty" is doing by monitoring the modems
DCD (or whatever) so that when it detects that the remote has hung-up, it
will properly tear down the pppd session. Couldn't this be done through...
(from man pppd)

       chap-interval n
              If this option is given, pppd will rechallenge  the
              peer every n seconds.

       chap-max-challenge n
              Set  the maximum number of CHAP challenge transmis?
              sions to n (default 10).

e.g. If a chap re-challenge fails... tear down the connection. Or is pppd
already doing this and my system is not properly configured.

Steve Cowles

> -----Original Message-----
> From: Thierry Coutelier [mailto:Thierry.Coutelier at prophecy.lu]
> Sent: Tuesday, March 14, 2000 7:40 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Disconnection not stopping the pppd process
> 
> 
> Hello,
> 
> When a user connects to the pptp server and then disconnects
>   from his ISP I still see the pppd connection.
> Is there a way to get it disconnected.
> 
> For the moment I use a perl scrip to disconnect  reconnecting
>   users. Not a good solution as I have to keep track of the 
> connections.
> 
> Is this a bug or simply a misconfiguration ?
> 
> PPTP version is PoPToP v1.1.1 , Linux Kernel 2.3.47 pppd 2.3.10
>   using transparent proxy with netfilters.
> 
> ---
> Thierry.Coutelier at linux.lu
> http://www.linux.lu
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 



From tmk at netmagic.net  Tue Mar 14 11:41:54 2000
From: tmk at netmagic.net (tmk)
Date: Tue Mar 14 11:41:54 2000
Subject: [pptp-server] Disconnection not stopping the pppd process
References: <38CE4131.A0E8E2CB@prophecy.lu>
Message-ID: <001501bf8ddc$e0e21e20$071c0fc0@lala.net>

last i knew, when pptpctrl was killed, it closed the gre tty and pppd
noticed that and quit.. i'm not sure exactly how long it took, for pppd to
notice, but i dont imagine it would take more than a few seconds at worst.

I know they redid the GRE stuff in 1.1.1.. you might try 1.0? (1.1.1 is sort
of a hackers release)

Kevin
----- Original Message -----
From: Thierry Coutelier <Thierry.Coutelier at prophecy.lu>
To: <pptp-server at lists.schulte.org>
Sent: Tuesday, March 14, 2000 5:40 AM
Subject: [pptp-server] Disconnection not stopping the pppd process


> Hello,
>
> When a user connects to the pptp server and then disconnects
>   from his ISP I still see the pppd connection.
> Is there a way to get it disconnected.
>
> For the moment I use a perl scrip to disconnect  reconnecting
>   users. Not a good solution as I have to keep track of the connections.
>
> Is this a bug or simply a misconfiguration ?
>
> PPTP version is PoPToP v1.1.1 , Linux Kernel 2.3.47 pppd 2.3.10
>   using transparent proxy with netfilters.
>
> ---
> Thierry.Coutelier at linux.lu
> http://www.linux.lu
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From adam at morrison-ind.com  Tue Mar 14 12:50:15 2000
From: adam at morrison-ind.com (Adam Williams)
Date: Tue Mar 14 12:50:15 2000
Subject: [pptp-server] PoPToP and Authentication Questions
Message-ID: <200003141850.NAA37618@morrison.iserv.net.>

 From          : lists>pptp-server-admin
 To            : adam
 Subject       : Re: [pptp-server] PoPToP and Authentication Questions
 Date          : 01/01/70 01:01


>>>missed? Regardless of the ansewr, can someone provide me with a link to
>>>documentation detailing the setup of such a scenario? Thanks
>>Authentication is actually handled by PPP.  PPP supports PAM if you use PAP
>>authentication, which means no encryption.  With PAM you can authenticate
>>against anything you want.  With CHAP  you must maintain a hideous secrets
>>file on the PPP server, because you don't have the password you can't auth
>>against something like PAM.  A couple of people are pondering this dilemma,
>>but I haven't seen anything come through.  I am also eagerly awaiting this
>>feature (I want to auth with PAM against an LDAP server).  I'll buy pizza
>>for anyone who can provide a patch to let me CHAP against PAM.
>Interesting... The pizza that is :).

Hey, I'm serious.~

>Since one needs that password to CHAPinate, would you care if it was bare
>text stored ACL'd on the LDAP server?

I suppose if I don't have a choice, then I don't have one, but i'm not too
excited about storing a plain text password.  Is it possible to CHAPinate
first, and store the chapination?

>I've had it working this way against ICRadius, but never completed that
>project. It was quite an ugly hack at best, but the underlying pain in
>the neck was that to make the CHAP compares work, you start with the plain
>text password and go forward, not take and MD5, etc... password and work
>any other way.

Yep, I relize this and am curious how NT gets around this problem?  Certainly
they don't store the plain text password?~

>Possibly I missed the obvious solution, but that was the problem as I saw
>it and went onward using clear passwords.



From neale at lowendale.com.au  Tue Mar 14 15:25:22 2000
From: neale at lowendale.com.au (Neale Banks)
Date: Tue Mar 14 15:25:22 2000
Subject: [pptp-server] PoPToP and Authentication Questions
In-Reply-To: <200003141850.NAA37618@morrison.iserv.net.>
Message-ID: <Pine.LNX.4.05.10003150802090.22342-100000@marina.lowendale.com.au>

On Tue, 14 Mar 2000, Adam Williams wrote:

[...]
> >>Authentication is actually handled by PPP.  PPP supports PAM if you use PAP
> >>authentication, which means no encryption.  With PAM you can authenticate
> >>against anything you want.  With CHAP  you must maintain a hideous secrets
> >>file on the PPP server, because you don't have the password you can't auth
> >>against something like PAM.  A couple of people are pondering this dilemma,
> >>but I haven't seen anything come through.  I am also eagerly awaiting this
> >>feature (I want to auth with PAM against an LDAP server).  I'll buy pizza
> >>for anyone who can provide a patch to let me CHAP against PAM.
> >Interesting... The pizza that is :).
> 
> Hey, I'm serious.~

Well, I'm not up to producing the patch (so I guess I forgo the pizza),
but here's a few hypotheses on the directions required...

> >Since one needs that password to CHAPinate, would you care if it was bare
> >text stored ACL'd on the LDAP server?
> 
> I suppose if I don't have a choice, then I don't have one, but i'm not too
> excited about storing a plain text password.  Is it possible to CHAPinate
> first, and store the chapination?

In theory yes, but you'd lose advantages of CHAP - starting with leaving
yourself wide open to replay attack (in essence you have reverted to PAP)
as the random challenge used in teh CHAP computation would be fixed in
advance.  In short, if you are seriously tempted to go down this path then
you can probably save yourself a lot of hassle by just using PAP as it is.

> >I've had it working this way against ICRadius, but never completed that
> >project. It was quite an ugly hack at best, but the underlying pain in
> >the neck was that to make the CHAP compares work, you start with the plain
> >text password and go forward, not take and MD5, etc... password and work
> >any other way.
> 
> Yep, I relize this and am curious how NT gets around this problem?  Certainly
> they don't store the plain text password?~

Correct.  But MS-CHAP is not CHAP ;-)  They perverted the original
standard (how surprising ;-).

> >Possibly I missed the obvious solution, but that was the problem as I saw
> >it and went onward using clear passwords.

Taking a brief look at some (now aging) PAM docs and considering the
exchanges in CHAP, it appears to me that this *might* be possible, with
some non-trivial restrictions - starting with the PAM module:

1) being specifically written for CHAP

2) having access to the cleartext (or the hash, in the case of MS-CHAP)

In the PAM Applications docs, there is reference to a "conversational"
state.  If I've understood this correctly (big if ;-) the idea is that an
application calls a PAM-module to request authentication and the module
can then call back to the application for such things as prompting for a
password.  It occurs to me that this conversation might be hackable for
CHAP:

(a) the PAM-module passes the clear-text password back to the calling pppd
- this minimises the hacks required in pppd but is a REALLY EVIL idea for
security - exposing the bare password places a lot of trust i the calling
application.  Please don't be tempted to implement this.

(b) the PAM-module passes a random challenge back to the calling pppd
which, in the normal manner of CHAP, passes this challenge to the other
side and receives the computed response back - this computed response is
then passed back to the CHAP-aware PAM-module.  The PAM-module then also
performs the CHAP-function on its copy of the shared secret and the random
chalenge it issued to arrive at it's version of the CHAP-response - if
the received and computed CHAP-responses match then the PAM-module returns
"authentication succeeded".  This obviously require relocating the CHAP
handling from pppd into the PAM-module but is arguably the correct way of
doing things.

Question: is anyone with PAM-hacking experience able to comment of the
feasibility of the above?

A completely different approach would be to hack upon pppd and create a
generic PAM-like interface in place of the current reading of the
chap-secrets file.

HTH,
Neale.




From bojan at binarix.com  Tue Mar 14 16:49:04 2000
From: bojan at binarix.com (bojan at binarix.com)
Date: Tue Mar 14 16:49:04 2000
Subject: [pptp-server] MPPE patches for PPP with cryto
Message-ID: <38CEBAEC.D517B10C@binarix.com>

Just to summarise, several MPPE patches for PPP 2.3.10/2.3.11 with crypto from
OpenSSL-0.9.4/0.9.5 are available from ftp://ftp.binarix.com/pub/ppp-mppe/.
Please check out README.ASC file before using them.

Regards,
Bojan Smojver
bojan at binarix.com



From macleajb at Trademart-1.ednet.ns.ca  Tue Mar 14 18:01:11 2000
From: macleajb at Trademart-1.ednet.ns.ca (James MacLean)
Date: Tue Mar 14 18:01:11 2000
Subject: [pptp-server] PoPToP and Authentication Questions
In-Reply-To: <Pine.LNX.4.05.10003150802090.22342-100000@marina.lowendale.com.au>
Message-ID: <Pine.LNX.4.10.10003141941560.16603-100000@Trademart-1.ednet.ns.ca>

On Wed, 15 Mar 2000, Neale Banks wrote:
> On Tue, 14 Mar 2000, Adam Williams wrote:
> > >Interesting... The pizza that is :).
> > Hey, I'm serious.~

Me too, but I've asked lists for quite a while before I began my home-brew
and I am surprised the interest was there and never came forth before.

My desire was to have a centralized radius solution. Now that I _finally_
am starting to see a _bit_ of the LDAP light, I am seeing other
opportunities. But I only asked here (PPTP) and the Radius lists for
interest. There may be some help from the LDAP crew, or as sugested
below, from the PAM'ers.
 
> > >Since one needs that password to CHAPinate, would you care if it was bare
> > >text stored ACL'd on the LDAP server?
> > I suppose if I don't have a choice, then I don't have one, but i'm not too
> > excited about storing a plain text password.  Is it possible to CHAPinate
> > first, and store the chapination?

Nor was I. One other option not exactly elluded to here is to go the way
that Samba does and use PAM to keep a current NT hashed password as well
as a MD5 Linux/Unix password.(And Samba too if you need it). Then you
don't need to store the plain password. Understand that this would work
for MS-CHAPv2. Or, I think it would :).
 
> In theory yes, but you'd lose advantages of CHAP - starting with leaving
> yourself wide open to replay attack (in essence you have reverted to PAP)
> as the random challenge used in teh CHAP computation would be fixed in
> advance.  In short, if you are seriously tempted to go down this path then
> you can probably save yourself a lot of hassle by just using PAP as it is.

Understood. But if you want to play ball with Windows machines and PPTP,
it appears they use the MS-ChapV2 for creating the encryption keys, and
ergo, you can't have one with out.... the other :). Oh what a tangled web
we weave :).

> > >I've had it working this way against ICRadius, but never completed that
> > >project. It was quite an ugly hack at best, but the underlying pain in
> > >the neck was that to make the CHAP compares work, you start with the plain
> > >text password and go forward, not take and MD5, etc... password and work
> > >any other way.
> > Yep, I relize this and am curious how NT gets around this problem?  Certainly
> > they don't store the plain text password?~

I believe the are using their normal NT hash passwords. But I could be
wrong.
 
> Correct.  But MS-CHAP is not CHAP ;-)  They perverted the original
> standard (how surprising ;-).

This is how I understood it too :(.

> (a) the PAM-module passes the clear-text password back to the calling pppd
> - this minimises the hacks required in pppd but is a REALLY EVIL idea for
> security - exposing the bare password places a lot of trust i the calling
> application.  Please don't be tempted to implement this.

If the link endpoints are secured (IPSec, Vtund, etc...) then one could
start the arguement. But I think this is definetly not very smooth.
 
> (b) the PAM-module passes a random challenge back to the calling pppd
> which, in the normal manner of CHAP, passes this challenge to the other
> side and receives the computed response back - this computed response is
> then passed back to the CHAP-aware PAM-module.  The PAM-module then also
> performs the CHAP-function on its copy of the shared secret and the random
> chalenge it issued to arrive at it's version of the CHAP-response - if
> the received and computed CHAP-responses match then the PAM-module returns
> "authentication succeeded".  This obviously require relocating the CHAP
> handling from pppd into the PAM-module but is arguably the correct way of
> doing things.

If the chap-hashy thing is available to use for the encryption, then it
sounds doable :). I like the idea that the passwd (hashed or not) is left
on the server and not dished out.

> A completely different approach would be to hack upon pppd and create a
> generic PAM-like interface in place of the current reading of the
> chap-secrets file.

I thought there was a PAM insert in the latest pppd's. It's just meant to
verify for PAP though I think. Your suggestion requires multiple back and
forths from PAM. If that is ok under PAM, then you get my thumbs up :).

But _you'll_ have to make the changes to the current pppd :).
 
> HTH,
> Neale.

take care,
JES
--
James B. MacLean        macleajb at ednet.ns.ca
Department of Education http://www.ednet.ns.ca/~macleajb
Nova Scotia, Canada
B3M 4B2




From noel at koethe.net  Tue Mar 14 18:10:59 2000
From: noel at koethe.net (Noel Koethe)
Date: Tue Mar 14 18:10:59 2000
Subject: [pptp-server] poptop and password guessing
Message-ID: <Pine.LNX.3.96.1000315020143.3578A-100000@heidi.wipol.uni-bonn.de>

Hello,

is there any mechanism against password guessing?
Like on telnet a timedelay after 3 attempts?

-- 
Noch einen sch?nen Tag
					www.linuxhq.de
        Noel K?the




From jandeep at interspeed.com  Tue Mar 14 18:28:23 2000
From: jandeep at interspeed.com (Jandeep Kang)
Date: Tue Mar 14 18:28:23 2000
Subject: [pptp-server] problems installing mppe patch to PPP
Message-ID: <DFC46331B7D1D3118F99009027C3CFAB820E@MAIL2>

Hello everybody,
I have been trying to reinstall the pptp so I got ppp 2.3.10 and was trying
to patch it with the mppe patch file from the
www.moretonbay.com/vpn/releases <http://www.moretonbay.com/vpn/releases> 
Web site. The problem is whichever way I download the
ppp-2_3_10-openssl-norc4-mppe_patch.gz and when I try to gunzip it, it says
it is not a valid gzip file!?
My guess is downloading via http to a win NT machine is corrupting the
patch. Is it available somewhere else via ftp? How did you solve this
problem?
Secondly, will this give me 40 bit encryption? Where do I get a patch if I
have to do 128 bit encryption?
Please help.
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000314/b04ae96c/attachment.html>

From dextro at mail.utexas.edu  Tue Mar 14 19:28:39 2000
From: dextro at mail.utexas.edu (bryan tholen)
Date: Tue Mar 14 19:28:39 2000
Subject: [pptp-server] pppd LCP timeout
Message-ID: <MDEAILPCGCEJOKLPKIDEGEHACAAA.dextro@mail.utexas.edu>

I am on a small home network with a firewall and I am trying to connect to
my VPN at work. the server at work is running redhat6.1 with updates and a
variant on the ipchains-firewall script. I have set up pptp on the server
and can verify it is functional from within the network (i.e. I can
establish a connection. with password/data encryption) but I am unable to
connect from home. my windows client times out while verifying user/pass.
I have tried disabling all encryption requirements and I still have the same
trouble.

pasted below are my server and client logs.

any suggestions? I am going to get the pptp-traceroute.patch next and see if
I can find out more. I am most grateful
for any help.


---server debug log---
Mar 14 14:46:27 test pptpd[1597]: MGR: Launching /usr/sbin/pptpctrl to
handle client
Mar 14 14:46:27 test pptpd[1597]: CTRL: local address = 192.168.0.200
Mar 14 14:46:27 test pptpd[1597]: CTRL: remote address = 192.168.1.2
Mar 14 14:46:27 test pptpd[1597]: CTRL: Client 206.225.63.176 control
connection started
Mar 14 14:46:27 test pptpd[1597]: CTRL: Received PPTP Control Message (type:
1)
Mar 14 14:46:27 test pptpd[1597]: CTRL: Made a START CTRL CONN RPLY packet
Mar 14 14:46:27 test pptpd[1597]: CTRL: I wrote 156 bytes to the client.
Mar 14 14:46:27 test pptpd[1597]: CTRL: Sent packet to client
Mar 14 14:46:27 test pptpd[1597]: CTRL: Received PPTP Control Message (type:
7)
Mar 14 14:46:27 test pptpd[1597]: CTRL: Set parameters to 0 maxbps, 16
window size
Mar 14 14:46:27 test pptpd[1597]: CTRL: Made a OUT CALL RPLY packet
Mar 14 14:46:27 test pptpd[1597]: CTRL: Starting call (launching pppd,
opening GRE)
Mar 14 14:46:27 test pptpd[1597]: CTRL: pty_fd = 5
Mar 14 14:46:27 test pptpd[1597]: CTRL: tty_fd = 6
Mar 14 14:46:27 test pptpd[1598]: CTRL (PPPD Launcher): Connection speed =
115200
Mar 14 14:46:27 test pptpd[1597]: CTRL: I wrote 32 bytes to the client.
Mar 14 14:46:27 test pptpd[1597]: CTRL: Sent packet to client
Mar 14 14:46:27 test pptpd[1598]: CTRL (PPPD Launcher): local address =
192.168.0.200
Mar 14 14:46:27 test pptpd[1598]: CTRL (PPPD Launcher): remote address =
192.168.1.2
Mar 14 14:46:27 test pppd[1598]: pppd 2.3.10 started by root, uid 0
Mar 14 14:46:27 test pppd[1598]: Using interface ppp0
Mar 14 14:46:27 test pppd[1598]: Connect: ppp0 <--> /dev/pts/0
Mar 14 14:46:27 test pppd[1598]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <magic 0x19ca90f6> <pcomp> <accomp>]
Mar 14 14:46:27 test pppd[1598]: Timeout 0x8050164:0x8077660 in 3 seconds.
Mar 14 14:46:30 test pppd[1598]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <magic 0x19ca90f6> <pcomp> <accomp>]
Mar 14 14:46:30 test pppd[1598]: Timeout 0x8050164:0x8077660 in 3 seconds.
Mar 14 14:46:33 test pppd[1598]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <magic 0x19ca90f6> <pcomp> <accomp>]
Mar 14 14:46:33 test pppd[1598]: Timeout 0x8050164:0x8077660 in 3 seconds.
Mar 14 14:46:36 test pppd[1598]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <magic 0x19ca90f6> <pcomp> <accomp>]
Mar 14 14:46:36 test pppd[1598]: Timeout 0x8050164:0x8077660 in 3 seconds.
Mar 14 14:46:39 test pppd[1598]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <magic 0x19ca90f6> <pcomp> <accomp>]
Mar 14 14:46:39 test pppd[1598]: Timeout 0x8050164:0x8077660 in 3 seconds.
Mar 14 14:46:42 test pppd[1598]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <magic 0x19ca90f6> <pcomp> <accomp>]
Mar 14 14:46:42 test pppd[1598]: Timeout 0x8050164:0x8077660 in 3 seconds.
Mar 14 14:46:45 test pppd[1598]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <magic 0x19ca90f6> <pcomp> <accomp>]
Mar 14 14:46:45 test pppd[1598]: Timeout 0x8050164:0x8077660 in 3 seconds.
Mar 14 14:46:48 test pppd[1598]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <magic 0x19ca90f6> <pcomp> <accomp>]
Mar 14 14:46:48 test pppd[1598]: Timeout 0x8050164:0x8077660 in 3 seconds.
Mar 14 14:46:51 test pppd[1598]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <magic 0x19ca90f6> <pcomp> <accomp>]
Mar 14 14:46:51 test pppd[1598]: Timeout 0x8050164:0x8077660 in 3 seconds.
Mar 14 14:46:54 test pppd[1598]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap 81> <magic 0x19ca90f6> <pcomp> <accomp>]
Mar 14 14:46:54 test pppd[1598]: Timeout 0x8050164:0x8077660 in 3 seconds.
Mar 14 14:46:57 test pptpd[1597]: CTRL: Received PPTP Control Message (type:
12)
Mar 14 14:46:57 test pptpd[1597]: CTRL: Made a CALL DISCONNECT RPLY packet
Mar 14 14:46:57 test pptpd[1597]: CTRL: Received CALL CLR request (closing
call)
Mar 14 14:46:57 test pptpd[1597]: CTRL: I wrote 148 bytes to the client.
Mar 14 14:46:57 test pptpd[1597]: CTRL: Sent packet to client
Mar 14 14:46:57 test pptpd[1597]: CTRL: Error with select(), quitting
Mar 14 14:46:57 test pptpd[1597]: CTRL: Client 206.225.63.176 control
connection finished
Mar 14 14:46:57 test pptpd[1597]: CTRL: Exiting now
Mar 14 14:46:57 test pptpd[629]: MGR: Reaped child 1597
Mar 14 14:46:57 test pppd[1598]: Modem hangup
Mar 14 14:46:57 test pppd[1598]: Untimeout 0x8050164:0x8077660.
Mar 14 14:46:57 test pppd[1598]: Connection terminated.
Mar 14 14:46:57 test pppd[1598]: Exit.




---win98 client---
01-03-1980 21:19:40.22 - Microsoft Dial Up Adapter log opened.
01-03-1980 21:19:40.22 - Server type is  PPP (Point to Point Protocol).
01-03-1980 21:19:40.22 - FSA : Adding Control Protocol 80fd (CCP) to control
protocol chain.
01-03-1980 21:19:40.22 - FSA : Protocol not bound - skipping control
protocol 803f (NBFCP).
01-03-1980 21:19:40.22 - FSA : Adding Control Protocol 8021 (IPCP) to
control protocol chain.
01-03-1980 21:19:40.22 - FSA : Protocol not bound - skipping control
protocol 802b (IPXCP).
01-03-1980 21:19:40.22 - FSA : Adding Control Protocol c029 (CallbackCP) to
control protocol chain.
01-03-1980 21:19:40.22 - FSA : Encrypted Password required.
01-03-1980 21:19:40.22 - FSA : Encrypted Password required.
01-03-1980 21:19:40.22 - FSA : Adding Control Protocol c223 (CHAP) to
control protocol chain.
01-03-1980 21:19:40.22 - FSA : Adding Control Protocol c021 (LCP) to control
protocol chain.
01-03-1980 21:19:40.22 - LCP : Layer started.
01-03-1980 21:19:40.22 - PPP : Transmitting Control Packet of length: 16
01-03-1980 21:19:40.22 - Data 0000: c0 21 01 01 00 0e 05 06 | .!......
01-03-1980 21:19:40.22 - Data 0008: 04 96 e4 7d 07 02 08 02 | ...}....
01-03-1980 21:19:43.22 - PPP : Transmitting Control Packet of length: 16
01-03-1980 21:19:43.22 - Data 0000: c0 21 01 02 00 0e 05 06 | .!......
01-03-1980 21:19:43.22 - Data 0008: 04 96 e4 7d 07 02 08 02 | ...}....
01-03-1980 21:19:46.22 - PPP : Transmitting Control Packet of length: 16
01-03-1980 21:19:46.22 - Data 0000: c0 21 01 03 00 0e 05 06 | .!......
01-03-1980 21:19:46.22 - Data 0008: 04 96 e4 7d 07 02 08 02 | ...}....
01-03-1980 21:19:49.22 - PPP : Transmitting Control Packet of length: 16
01-03-1980 21:19:49.22 - Data 0000: c0 21 01 04 00 0e 05 06 | .!......
01-03-1980 21:19:49.22 - Data 0008: 04 96 e4 7d 07 02 08 02 | ...}....
01-03-1980 21:19:52.22 - PPP : Transmitting Control Packet of length: 16
01-03-1980 21:19:52.22 - Data 0000: c0 21 01 05 00 0e 05 06 | .!......
01-03-1980 21:19:52.22 - Data 0008: 04 96 e4 7d 07 02 08 02 | ...}....
01-03-1980 21:19:55.22 - PPP : Transmitting Control Packet of length: 16
01-03-1980 21:19:55.22 - Data 0000: c0 21 01 06 00 0e 05 06 | .!......
01-03-1980 21:19:55.22 - Data 0008: 04 96 e4 7d 07 02 08 02 | ...}....
01-03-1980 21:19:58.22 - PPP : Transmitting Control Packet of length: 16
01-03-1980 21:19:58.22 - Data 0000: c0 21 01 07 00 0e 05 06 | .!......
01-03-1980 21:19:58.22 - Data 0008: 04 96 e4 7d 07 02 08 02 | ...}....
01-03-1980 21:20:01.22 - PPP : Transmitting Control Packet of length: 16
01-03-1980 21:20:01.22 - Data 0000: c0 21 01 08 00 0e 05 06 | .!......
01-03-1980 21:20:01.22 - Data 0008: 04 96 e4 7d 07 02 08 02 | ...}....
01-03-1980 21:20:04.22 - PPP : Transmitting Control Packet of length: 16
01-03-1980 21:20:04.22 - Data 0000: c0 21 01 09 00 0e 05 06 | .!......
01-03-1980 21:20:04.22 - Data 0008: 04 96 e4 7d 07 02 08 02 | ...}....
01-03-1980 21:20:07.22 - PPP : Transmitting Control Packet of length: 16
01-03-1980 21:20:07.22 - Data 0000: c0 21 01 0a 00 0e 05 06 | .!......
01-03-1980 21:20:07.22 - Data 0008: 04 96 e4 7d 07 02 08 02 | ...}....
01-03-1980 21:20:10.22 - LCP : Layer finished.
01-03-1980 21:20:10.24 - Remote access driver is shutting down.
01-03-1980 21:20:10.24 - CRC Errors             0
01-03-1980 21:20:10.24 - Timeout Errors         0
01-03-1980 21:20:10.24 - Alignment Errors       0
01-03-1980 21:20:10.24 - Overrun Errors         0
01-03-1980 21:20:10.24 - Framing Errors         0
01-03-1980 21:20:10.24 - Buffer Overrun Errors  0
01-03-1980 21:20:10.24 - Incomplete Packets     0
01-03-1980 21:20:10.24 - Bytes Received         0
01-03-1980 21:20:10.24 - Bytes Transmittted     180
01-03-1980 21:20:10.24 - Frames Received        0
01-03-1980 21:20:10.24 - Frames Transmitted     10
01-03-1980 21:20:10.24 - LCP : Layer started.
01-03-1980 21:20:10.24 - Microsoft Dial Up Adapter log closed.




From rwierzbicki at stryker.ca  Wed Mar 15 00:06:07 2000
From: rwierzbicki at stryker.ca (Wierzbicki, Ralf)
Date: Wed Mar 15 00:06:07 2000
Subject: [pptp-server] PoPToP and Authentication Questions
Message-ID: <8142BE56BFF7D311BC4E00B0D0219AF57733@SYKBDCA1>

There will be beer to go with that pizza if someone can get pppd
to authenticate against an NT PDC using pam_smb_auth :)

---
Ralf


-----Original Message-----
From: James MacLean [mailto:macleajb at Trademart-1.ednet.ns.ca]
Sent: Tuesday, March 14, 2000 7:01 PM
To: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] PoPToP and Authentication Questions


On Wed, 15 Mar 2000, Neale Banks wrote:
> On Tue, 14 Mar 2000, Adam Williams wrote:
> > >Interesting... The pizza that is :).
> > Hey, I'm serious.~

Me too, but I've asked lists for quite a while before I began my home-brew
and I am surprised the interest was there and never came forth before.

My desire was to have a centralized radius solution. Now that I _finally_
am starting to see a _bit_ of the LDAP light, I am seeing other
opportunities. But I only asked here (PPTP) and the Radius lists for
interest. There may be some help from the LDAP crew, or as sugested
below, from the PAM'ers.
 
> > >Since one needs that password to CHAPinate, would you care if it was
bare
> > >text stored ACL'd on the LDAP server?
> > I suppose if I don't have a choice, then I don't have one, but i'm not
too
> > excited about storing a plain text password.  Is it possible to
CHAPinate
> > first, and store the chapination?

Nor was I. One other option not exactly elluded to here is to go the way
that Samba does and use PAM to keep a current NT hashed password as well
as a MD5 Linux/Unix password.(And Samba too if you need it). Then you
don't need to store the plain password. Understand that this would work
for MS-CHAPv2. Or, I think it would :).
 
> In theory yes, but you'd lose advantages of CHAP - starting with leaving
> yourself wide open to replay attack (in essence you have reverted to PAP)
> as the random challenge used in teh CHAP computation would be fixed in
> advance.  In short, if you are seriously tempted to go down this path then
> you can probably save yourself a lot of hassle by just using PAP as it is.

Understood. But if you want to play ball with Windows machines and PPTP,
it appears they use the MS-ChapV2 for creating the encryption keys, and
ergo, you can't have one with out.... the other :). Oh what a tangled web
we weave :).

> > >I've had it working this way against ICRadius, but never completed that
> > >project. It was quite an ugly hack at best, but the underlying pain in
> > >the neck was that to make the CHAP compares work, you start with the
plain
> > >text password and go forward, not take and MD5, etc... password and
work
> > >any other way.
> > Yep, I relize this and am curious how NT gets around this problem?
Certainly
> > they don't store the plain text password?~

I believe the are using their normal NT hash passwords. But I could be
wrong.
 
> Correct.  But MS-CHAP is not CHAP ;-)  They perverted the original
> standard (how surprising ;-).

This is how I understood it too :(.

> (a) the PAM-module passes the clear-text password back to the calling pppd
> - this minimises the hacks required in pppd but is a REALLY EVIL idea for
> security - exposing the bare password places a lot of trust i the calling
> application.  Please don't be tempted to implement this.

If the link endpoints are secured (IPSec, Vtund, etc...) then one could
start the arguement. But I think this is definetly not very smooth.
 
> (b) the PAM-module passes a random challenge back to the calling pppd
> which, in the normal manner of CHAP, passes this challenge to the other
> side and receives the computed response back - this computed response is
> then passed back to the CHAP-aware PAM-module.  The PAM-module then also
> performs the CHAP-function on its copy of the shared secret and the random
> chalenge it issued to arrive at it's version of the CHAP-response - if
> the received and computed CHAP-responses match then the PAM-module returns
> "authentication succeeded".  This obviously require relocating the CHAP
> handling from pppd into the PAM-module but is arguably the correct way of
> doing things.

If the chap-hashy thing is available to use for the encryption, then it
sounds doable :). I like the idea that the passwd (hashed or not) is left
on the server and not dished out.

> A completely different approach would be to hack upon pppd and create a
> generic PAM-like interface in place of the current reading of the
> chap-secrets file.

I thought there was a PAM insert in the latest pppd's. It's just meant to
verify for PAP though I think. Your suggestion requires multiple back and
forths from PAM. If that is ok under PAM, then you get my thumbs up :).

But _you'll_ have to make the changes to the current pppd :).
 
> HTH,
> Neale.

take care,
JES
--
James B. MacLean        macleajb at ednet.ns.ca
Department of Education http://www.ednet.ns.ca/~macleajb
Nova Scotia, Canada
B3M 4B2


_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!



From dimambro at pacbell.net  Wed Mar 15 01:00:44 2000
From: dimambro at pacbell.net (Brian L. DiMambro)
Date: Wed Mar 15 01:00:44 2000
Subject: [pptp-server] Assigning netmasks int pptpd.conf file
Message-ID: <38CD72D6.F500D21D@pacbell.net>

Hi all.

I've just installed PopToP 1.0 on a RH 6.2 Ultra on a SPARC5 that I will
be using for a FW and VPN server. My inside IP (behind the FW) address
range is 10.10.20.0/24 and my outside (on the Internet) IP netmask uses
255.255.255.240 as a netmask. All appears to work fine. The install of
PoPTop was very easy and worked the 1st time. I connected and
authenticated just fine from my Windoze 98 VPN client. The only problem
is that when I ipconfig the Windoze box to see if the client was
assigned properly, I find the IP is assigned as I have configured it in
the pptpd.conf file but the netmask is a very classfull 255.0.0.0. This
is causing mucho problems. I tried to set the remoteip to
10.10.20.230-239/24 in the pptpd.conf file with no luck (pppd would not
start) and I even tried 10.10.20.230-239 255.255.255.0 with no luck.
Does anybody know how to assign netmasks to IP's in the pptpd.conf file.
Can it be done???

Thanks in advance

Brian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dimambro.vcf
Type: text/x-vcard
Size: 178 bytes
Desc: Card for Brian L. DiMambro
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/e67acd86/attachment.vcf>

From pf at sxb.bsf.alcatel.fr  Wed Mar 15 03:07:58 2000
From: pf at sxb.bsf.alcatel.fr (Pascal Fremaux)
Date: Wed Mar 15 03:07:58 2000
Subject: [pptp-server] problems installing mppe patch to PPP
References: <DFC46331B7D1D3118F99009027C3CFAB820E@MAIL2>
Message-ID: <38CF52AE.F1504DAA@sxb.bsf.alcatel.fr>

ppp-2_3_10-openssl-norc4-mppe_patch.gz is not a gz file. It's an error
Rename it ppp-2_3_10-openssl-norc4-mppe.patch and use it

Jandeep Kang wrote:

>
>
> Hello everybody,
> I have been trying to reinstall the pptp so I got ppp 2.3.10 and was
> trying to patch it with the mppe patch file from the
> www.moretonbay.com/vpn/releases
>
> Web site. The problem is whichever way I download the
> ppp-2_3_10-openssl-norc4-mppe_patch.gz and when I try to gunzip it, it
> says it is not a valid gzip file!?
>
> My guess is downloading via http to a win NT machine is corrupting the
> patch. Is it available somewhere else via ftp? How did you solve this
> problem?
>
> Secondly, will this give me 40 bit encryption? Where do I get a patch
> if I have to do 128 bit encryption?
> Please help.
> Thanks in advance.

--
 Pascal Fremaux, SSII Alten
 Study Engineer at Alcatel Telecom
 R&D, Illkirch, France






From vigov at com2com.ru  Wed Mar 15 05:58:12 2000
From: vigov at com2com.ru (vigov)
Date: Wed Mar 15 05:58:12 2000
Subject: [pptp-server] FreeBSD + Data encyption
Message-ID: <17627.000315@com2com.ru>

Hello All.
Have anybody got working FreeBSD box with pppd or slirp with data
encryptions.
It seems to me nobody has it.

Thanx

Eugene.





From soriordain at asitatech.com  Wed Mar 15 06:39:45 2000
From: soriordain at asitatech.com (=?iso-8859-1?Q?Seosamh_D._=D3_Riord=E1in?=)
Date: Wed Mar 15 06:39:45 2000
Subject: [pptp-server] PPTP Implementation Issues
Message-ID: <026101bf8e7a$b87605c0$8c7fa8c0@typhoon.asitatech.ie>

Hi PoPToP developers,

I have been looking at the implementation of PPTP for a while
now and have successfully got a VPN up and running using it.
First of all, I do my testing on a LAN, but have used dialup also.
I have a few questions/problems below relating to the
implementation and would appreciate your views on them. TIA.

Software used: PPTP 1.0, PPP2.3.10 and respective MPPE
patches.

1) Data sent in the clear!
----------------------------------
This is a problem that I came across when I found the following
kernel messages on my PoPToP server:
"Not enough space to encrypt packet: 1504<1504+4!"

I found 2 messages before on the list querying this message
but I dont think they got a response.

My test rig setup is on an Ethernet LAN as follows:
Priv LAN-------PoPToP -------LAN----- NT (6a) Client
or
Priv LAN-------PoPToP -------LAN----- Linux Client (pptp-linux-1.2)

On further analysis I made the following observations:
a) Large messages sent from Linux Client to Priv Lan do work -
however data is sent in the clear! I've attached a mail that shows
how I verified this.
Anyway from browsing the PPP code, it can be clearly seen in the
function ppp_send_frame (ppp.c) that if the mppe compression
fails the unencrypted data packet is sent!

b) With the same PoPToP server configuration, large pings to/from the
NT machine do not work, eg using the comand 'ping -l 1500 10.0.1.1',
i.e NT drops them - properly handled.

A Solution:
I've attached a file with the modifications I made to ppp.c to
fix this problem. This is tested on the LAN only, maybe this will bring
up problems for other configurations,  if any other testers could try
it out that would be great. Anyway with these mods large pings do
work, the NT client gets the properly encrypted packets and replies
to them, and the linux client does encrypt the packets properly.

2) HDLC framing
------------------------
The HDLC framing carried out in pptpgre.c is an expensive
operation but necessary to interoperate with PPP tty driver.
Has anyone looked at implementing some from of GRE
tunnelling where by a 'GRE driver' can pass the data
to the PPP driver without having to come back up the stack
to the PPTP ctrl manager process?


Now, this mail is getting too long.
All comments welcome.

Regards,
Seosamh.
---------------
Seosamh D. ? Riord?in,            [soriordain at asitatech.com]

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: MPPE_Verify.txt
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/d2c962e8/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ppp-mtu-patch.txt
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/d2c962e8/attachment-0001.txt>

From adam at morrison-ind.com  Wed Mar 15 06:54:47 2000
From: adam at morrison-ind.com (Adam Williams)
Date: Wed Mar 15 06:54:47 2000
Subject: [pptp-server] PoPToP and Authentication Questions
Message-ID: <200003151254.HAA169794@morrison.iserv.net.>

 From          : lists>pptp-server-admin
 To            : adam
 Subject       : Re: [pptp-server] PoPToP and Authentication Questions
 Date          : 01/01/70 01:01


>>>>Interesting... The pizza that is :).
>>>Hey, I'm serious.~
>Me too, but I've asked lists for quite a while before I began my home-brew
>and I am surprised the interest was there and never came forth before.

I've asked before, we must have missed each other.~

>My desire was to have a centralized radius solution. Now that I _finally_
>am starting to see a _bit_ of the LDAP light, I am seeing other
>opportunities. But I only asked here (PPTP) and the Radius lists for
>interest. There may be some help from the LDAP crew, or as sugested
>below, from the PAM'ers.

I know how to "program" for LDAP, but little or nothing about the API for
PAM (although it don't look too complicated).~

>>>Since one needs that password to CHAPinate, would you care if it was bare
>>>text stored ACL'd on the LDAP server?
>>I suppose if I don't have a choice, then I don't have one, but i'm not too
>>excited about storing a plain text password.  Is it possible to CHAPinate
>>first, and store the chapination?
>Nor was I. One other option not exactly elluded to here is to go the way
>that Samba does and use PAM to keep a current NT hashed password as well
>as a MD5 Linux/Unix password.(And Samba too if you need it). Then you
>don't need to store the plain password. Understand that this would work
>for MS-CHAPv2. Or, I think it would :).

I have the NT, DES, and LanMAN hashes in the LDAP directory, as with Samba
that is a very easy and convenient thing to do.  I assume that M$ uses the NT
hash as the beginning of thier CHAP sequence, but that is only an assumption
from the documentation I have found.

>>In theory yes, but you'd lose advantages of CHAP - starting with leaving
>>yourself wide open to replay attack (in essence you have reverted to PAP)
>>as the random challenge used in teh CHAP computation would be fixed in
>>advance.  In short, if you are seriously tempted to go down this path then
>>you can probably save yourself a lot of hassle by just using PAP as it is



From sergio at omnitracs.com.mx  Wed Mar 15 12:36:20 2000
From: sergio at omnitracs.com.mx (Sergio Dominguez)
Date: Wed Mar 15 12:36:20 2000
Subject: [pptp-server] PTY read or GRE write failed
Message-ID: <38CFC98D.6439F089@omnitracs.com.mx>

Hello Fellow listers:

 I'm about to deploy my VPN. But before doing that I would like to
know a little details.

  Sometimes when I try to make a VPN connection, I get this
"PTY read or GRE write failed" error. If I try again the connection
is succesfully being made.

  Is it a common behavior?
  This is my pptpd.log file:


Mar 15 00:28:44 vpn pptpd[11140]: CTRL: Client 148.233.125.8 control
connection started
Mar 15 00:28:45 vpn pptpd[11140]: CTRL: Starting call (launching pppd,
opening GRE)
Mar 15 00:28:45 vpn kernel: CSLIP: code copyright 1989 Regents of the
University of California
Mar 15 00:28:45 vpn kernel: PPP: version 2.3.8 (demand dialling)
Mar 15 00:28:45 vpn kernel: PPP line discipline registered.
Mar 15 00:28:45 vpn kernel: registered device ppp0
Mar 15 00:28:45 vpn pppd[11141]: pppd 2.3.8 started by root, uid 0
Mar 15 00:28:45 vpn pppd[11141]: Using interface ppp0
Mar 15 00:28:45 vpn pppd[11141]: Connect: ppp0 <--> /dev/pts/1
Mar 15 00:29:15 vpn pppd[11141]: LCP: timeout sending Config-Requests
Mar 15 00:29:15 vpn pptpd[11140]: GRE:
read(fd=4,buffer=804d7e0,len=8196) from PTY failed: s
tatus = -1 error = Input/output error
Mar 15 00:29:15 vpn pptpd[11140]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
Mar 15 00:29:15 vpn pptpd[11140]: CTRL: Client 148.233.125.8 control
connection finished
Mar 15 00:29:15 vpn pppd[11141]: Connection terminated.
Mar 15 00:29:15 vpn pppd[11141]: Exit.
Mar 15 00:29:44 vpn pptpd[11145]: CTRL: Client 148.233.125.8 control
connection started
Mar 15 00:30:05 vpn pptpd[11145]: CTRL: Starting call (launching pppd,
opening GRE)
Mar 15 00:30:05 vpn pppd[11148]: pppd 2.3.8 started by root, uid 0
Mar 15 00:30:05 vpn pppd[11148]: Using interface ppp0
Mar 15 00:30:05 vpn pppd[11148]: Connect: ppp0 <--> /dev/pts/1
Mar 15 00:30:33 vpn kernel: PPP BSD Compression module registered
Mar 15 00:30:33 vpn kernel: PPP MPPE compression module registered
Mar 15 00:30:33 vpn kernel: PPP Deflate Compression module registered
Mar 15 00:30:33 vpn pppd[11148]: MSCHAP-v2 peer authentication succeeded
for usr2
Mar 15 00:30:34 vpn pppd[11148]: found interface eth0 for proxy arp
Mar 15 00:30:34 vpn pppd[11148]: local  IP address 172.23.1.65
Mar 15 00:30:34 vpn pppd[11148]: remote IP address 172.23.1.67
Mar 15 00:30:34 vpn pppd[11148]: MPPE 40 bit, stateless compression
enabled




From chris at pds2k.com  Wed Mar 15 12:38:10 2000
From: chris at pds2k.com (Christopher Tarricone)
Date: Wed Mar 15 12:38:10 2000
Subject: [pptp-server] Appletalk Protocal
Message-ID: <38CF9083.35A2@pds2k.com>

Is there support for the appletalk protocal and if not will it be
implimented?



From sstone at taos.com  Wed Mar 15 12:52:19 2000
From: sstone at taos.com (Scott M. Stone)
Date: Wed Mar 15 12:52:19 2000
Subject: [pptp-server] Appletalk Protocal
In-Reply-To: <38CF9083.35A2@pds2k.com>
Message-ID: <Pine.LNX.4.10.10003151051020.9254-100000@armadillo.wink.com>

On Wed, 15 Mar 2000, Christopher Tarricone wrote:

> Is there support for the appletalk protocal and if not will it be
> implimented?

not natively -- however it is now possible to do appletalk-over-ip, which
would work fine with pptp, since you're encapsulating your appletalk
inside IP, which is supported.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From chris at pds2k.com  Wed Mar 15 13:57:51 2000
From: chris at pds2k.com (Christopher Tarricone)
Date: Wed Mar 15 13:57:51 2000
Subject: [pptp-server] Help please
Message-ID: <38CFA329.6547@pds2k.com>

After I connect with my client and I load netscape this is the error
that I start to get from syslog


Mar 15 14:47:17 tar-valon pppd[18618]: Unsupported protocol (0x811d)
received
Mar 15 14:47:18 tar-valon pppd[18618]: Unsupported protocol (0x1062)
received
Mar 15 14:47:19 tar-valon pppd[18618]: Unsupported protocol (0xe5ac)
received
Mar 15 14:47:21 tar-valon pppd[18618]: Unsupported protocol (0x4500)
received
Mar 15 14:47:25 tar-valon pppd[18618]: Unsupported protocol (0x7b56)
received

Does anyone know what I might be doing wrong?



From chris at pds2k.com  Wed Mar 15 14:02:51 2000
From: chris at pds2k.com (Christopher Tarricone)
Date: Wed Mar 15 14:02:51 2000
Subject: [pptp-server] Ack.. Errors!?
Message-ID: <38CFA45F.7E6E@pds2k.com>

Sorry, I didn't really include much information in the first message.
After I connect with my client and I load netscape this is the error
that I start to get from syslog.


Syslog
----------
Mar 15 14:47:17 tar-valon pppd[18618]: Unsupported protocol (0x811d)
received
Mar 15 14:47:18 tar-valon pppd[18618]: Unsupported protocol (0x1062)
received
Mar 15 14:47:19 tar-valon pppd[18618]: Unsupported protocol (0xe5ac)
received
Mar 15 14:47:21 tar-valon pppd[18618]: Unsupported protocol (0x4500)
received
Mar 15 14:47:25 tar-valon pppd[18618]: Unsupported protocol (0x7b56)
received



Copy of /etc/options
------------------------
debug
name tar-valon.pds2k.com
auth
proxyarp
ms-dns 63.89.28.4
ms-dns 198.6.1.83
+chapms-v2
mppe-40
mppe-128
mppe-stateless
+chap
+chapms

Copy of /etc/pptp.conf
speed 115200
localip 63.89.28.200-210
remoteip 63.89.28.220-230



From natecars at real-time.com  Wed Mar 15 14:19:57 2000
From: natecars at real-time.com (Nate Carlson)
Date: Wed Mar 15 14:19:57 2000
Subject: [pptp-server] Help please
In-Reply-To: <38CFA329.6547@pds2k.com>
Message-ID: <Pine.LNX.4.10.10003151419210.25350-100000@enchanter.real-time.com>

On Wed, 15 Mar 2000, Christopher Tarricone wrote:

> After I connect with my client and I load netscape this is the error
> that I start to get from syslog
> 
> 
> Mar 15 14:47:17 tar-valon pppd[18618]: Unsupported protocol (0x811d)
> received
> Mar 15 14:47:18 tar-valon pppd[18618]: Unsupported protocol (0x1062)
> received
> Mar 15 14:47:19 tar-valon pppd[18618]: Unsupported protocol (0xe5ac)
> received
> Mar 15 14:47:21 tar-valon pppd[18618]: Unsupported protocol (0x4500)
> received
> Mar 15 14:47:25 tar-valon pppd[18618]: Unsupported protocol (0x7b56)
> received
> 
> Does anyone know what I might be doing wrong?
> 

Sounds like you need to apply the newest patches to Windoze.. if you are
running win98, you need to install dun40.exe.

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From chris at pds2k.com  Wed Mar 15 15:07:52 2000
From: chris at pds2k.com (Christopher Tarricone)
Date: Wed Mar 15 15:07:52 2000
Subject: [pptp-server] Help please
References: <Pine.LNX.4.10.10003151451530.25350-100000@enchanter.real-time.com>
Message-ID: <38CFB394.5281@pds2k.com>

I have to agree with you on the broken encryption. When I do not use
MPPE I can connect to my Apple Servers, but then there is no encryption.
When I turn on MPPE I authenticate at 40bit but I cannot transfer
anyinformation. I just get that error Unsupported Prototcal
(some-hex-address)



From natecars at real-time.com  Wed Mar 15 15:29:59 2000
From: natecars at real-time.com (Nate Carlson)
Date: Wed Mar 15 15:29:59 2000
Subject: [pptp-server] Help please
In-Reply-To: <38CFB394.5281@pds2k.com>
Message-ID: <Pine.LNX.4.10.10003151529170.25350-100000@enchanter.real-time.com>

On Wed, 15 Mar 2000, Christopher Tarricone wrote:

> I have to agree with you on the broken encryption. When I do not use
> MPPE I can connect to my Apple Servers, but then there is no encryption.
> When I turn on MPPE I authenticate at 40bit but I cannot transfer
> anyinformation. I just get that error Unsupported Prototcal
> (some-hex-address)

Have you made sure you are running the newest version of the PPTP client
on the mac? They could have fixed something.. oh, and have you tried
128bit?

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From don at lindner2k.com  Wed Mar 15 16:34:54 2000
From: don at lindner2k.com (Don Lindner)
Date: Wed Mar 15 16:34:54 2000
Subject: [pptp-server] Error with select() ?...
Message-ID: <002801bf8ece$a3cb9aa0$0800000a@lindner2k.com>

Running PoPToP on a Mandrake (redhat variant) 7.0 box -- have used rpm as
well as compiled, have compiled ppp with patches, etc per doc at
http://www.moretonbay.com/vpn/releases/PoPToP-RedHat-HOWTO.txt -- pap/chap
et all seem OK...

Error on Win98 side:

Dial-Up Networking could not negotiate a compatible set of network protocols
you specified in the Server Type settings.
Check your network configuration in the Control Panel then try the
connection again.

Error on server side:

[root at spr0cket log]# cat messages
Mar 15 14:20:42 spr0cket pptpd[8154]: CTRL: Client 63.198.86.96 control
connecti
on started
Mar 15 14:20:42 spr0cket pptpd[8154]: CTRL: Starting call (launching pppd,
openi
ng GRE)
Mar 15 14:20:43 spr0cket pppd[8155]: pppd 2.3.10 started by root, uid 0
Mar 15 14:20:43 spr0cket pppd[8155]: Using interface ppp0
Mar 15 14:20:43 spr0cket pppd[8155]: Connect: ppp0 <--> /dev/pts/1
Mar 15 14:20:43 spr0cket kernel: PPP BSD Compression module registered
Mar 15 14:20:43 spr0cket kernel: PPP MPPE compression module registered
Mar 15 14:20:43 spr0cket kernel: PPP Deflate Compression module registered
Mar 15 14:20:43 spr0cket pppd[8155]: MSCHAP-v2 peer authentication succeeded
for
 abivpn
Mar 15 14:20:47 spr0cket pppd[8155]: LCP terminated by peer
Mar 15 14:20:47 spr0cket pptpd[8154]: CTRL: Error with select(), quitting
Mar 15 14:20:47 spr0cket pptpd[8154]: CTRL: Client 63.198.86.96 control
connecti
on finished
Mar 15 14:20:47 spr0cket pppd[8155]: Modem hangup
Mar 15 14:20:47 spr0cket pppd[8155]: Connection terminated.
Mar 15 14:20:47 spr0cket pppd[8155]: Connect time 0.1 minutes.
Mar 15 14:20:47 spr0cket pppd[8155]: Sent 466 bytes, received 461 bytes.
Mar 15 14:20:47 spr0cket pppd[8155]: Exit.
[root at spr0cket log]#

I'm stumped -- and VPN support for MS clients coming in via the net is
critical to our future sales of Linux as a "turnkey" small business server.

I'll personally buy pizza and a 12-pack for whoever can resolve this one...
:)

 --
Ron went to venus and all I got was this stupid t-shirt!
http://www.xenu.net    http://www.fza.org






From jandeep at interspeed.com  Wed Mar 15 16:58:50 2000
From: jandeep at interspeed.com (Jandeep Kang)
Date: Wed Mar 15 16:58:50 2000
Subject: [pptp-server] NetBios issue - Help Please
Message-ID: <DFC46331B7D1D3118F99009027C3CFAB8214@MAIL2>

I am able to log in using win98 SE client to 2.3.10 ppp on red hat 6.1 linux
with 2.2.12-20 kernel. The problem is I can"t see anything in the network
neighbourhood, but I can ping everything in the network by IP or by name.
But I can't find a computer in the internal network using network
neighbourhood. I have the "use default route on the network" clicked since
the WINS server is on a different subnet.
Anybody had the similar problem? Am I missing something?
Thanks in advance,
Jandeep.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/4f923b7b/attachment.html>

From tmk at netmagic.net  Wed Mar 15 18:33:22 2000
From: tmk at netmagic.net (tmk)
Date: Wed Mar 15 18:33:22 2000
Subject: [pptp-server] Error with select() ?...
References: <002801bf8ece$a3cb9aa0$0800000a@lindner2k.com>
Message-ID: <000901bf8edf$7fc2fe80$071c0fc0@lala.net>

uninstall vpn then reinstall.. (use the control-panel, add remove, windows
setup, communications, vpn)

it may also be a dsl issue.. some dsl providers do NAT on their subnets..
make sure GRE can get to the linux server ok.. also call your dsl provider
to make sure you have a 'real' internet connection

Kevin
----- Original Message -----
From: Don Lindner <don at lindner2k.com>
To: <pptp-server at lists.schulte.org>
Sent: Wednesday, March 15, 2000 2:34 PM
Subject: [pptp-server] Error with select() ?...


> Running PoPToP on a Mandrake (redhat variant) 7.0 box -- have used rpm as
> well as compiled, have compiled ppp with patches, etc per doc at
> http://www.moretonbay.com/vpn/releases/PoPToP-RedHat-HOWTO.txt -- pap/chap
> et all seem OK...
>
> Error on Win98 side:
>
> Dial-Up Networking could not negotiate a compatible set of network
protocols
> you specified in the Server Type settings.
> Check your network configuration in the Control Panel then try the
> connection again.
>
> Error on server side:
>
> [root at spr0cket log]# cat messages
> Mar 15 14:20:42 spr0cket pptpd[8154]: CTRL: Client 63.198.86.96 control
> connecti
> on started
> Mar 15 14:20:42 spr0cket pptpd[8154]: CTRL: Starting call (launching pppd,
> openi
> ng GRE)
> Mar 15 14:20:43 spr0cket pppd[8155]: pppd 2.3.10 started by root, uid 0
> Mar 15 14:20:43 spr0cket pppd[8155]: Using interface ppp0
> Mar 15 14:20:43 spr0cket pppd[8155]: Connect: ppp0 <--> /dev/pts/1
> Mar 15 14:20:43 spr0cket kernel: PPP BSD Compression module registered
> Mar 15 14:20:43 spr0cket kernel: PPP MPPE compression module registered
> Mar 15 14:20:43 spr0cket kernel: PPP Deflate Compression module registered
> Mar 15 14:20:43 spr0cket pppd[8155]: MSCHAP-v2 peer authentication
succeeded
> for
>  abivpn
> Mar 15 14:20:47 spr0cket pppd[8155]: LCP terminated by peer
> Mar 15 14:20:47 spr0cket pptpd[8154]: CTRL: Error with select(), quitting
> Mar 15 14:20:47 spr0cket pptpd[8154]: CTRL: Client 63.198.86.96 control
> connecti
> on finished
> Mar 15 14:20:47 spr0cket pppd[8155]: Modem hangup
> Mar 15 14:20:47 spr0cket pppd[8155]: Connection terminated.
> Mar 15 14:20:47 spr0cket pppd[8155]: Connect time 0.1 minutes.
> Mar 15 14:20:47 spr0cket pppd[8155]: Sent 466 bytes, received 461 bytes.
> Mar 15 14:20:47 spr0cket pppd[8155]: Exit.
> [root at spr0cket log]#
>
> I'm stumped -- and VPN support for MS clients coming in via the net is
> critical to our future sales of Linux as a "turnkey" small business
server.
>
> I'll personally buy pizza and a 12-pack for whoever can resolve this
one...
> :)
>
>  --
> Ron went to venus and all I got was this stupid t-shirt!
> http://www.xenu.net    http://www.fza.org
>
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From tmk at netmagic.net  Wed Mar 15 18:34:26 2000
From: tmk at netmagic.net (tmk)
Date: Wed Mar 15 18:34:26 2000
Subject: [pptp-server] NetBios issue - Help Please
References: <DFC46331B7D1D3118F99009027C3CFAB8214@MAIL2>
Message-ID: <001301bf8edf$a29099e0$071c0fc0@lala.net>

NetBios issue - Help Pleaseuse either the ms-wins <ip addr> or hardcode the address of the wins server into the client's dial up settings.

make sure you can ping the wins server as well

Kevin
  ----- Original Message ----- 
  From: Jandeep Kang 
  To: Pptp Mailing List (E-mail) 
  Sent: Wednesday, March 15, 2000 2:57 PM
  Subject: [pptp-server] NetBios issue - Help Please


  I am able to log in using win98 SE client to 2.3.10 ppp on red hat 6.1 linux with 2.2.12-20 kernel. The problem is I can"t see anything in the network neighbourhood, but I can ping everything in the network by IP or by name. But I can't find a computer in the internal network using network neighbourhood. I have the "use default route on the network" clicked since the WINS server is on a different subnet.

  Anybody had the similar problem? Am I missing something? 
  Thanks in advance, 
  Jandeep. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/cc931ccb/attachment.html>

From jandeep at interspeed.com  Wed Mar 15 18:38:54 2000
From: jandeep at interspeed.com (Jandeep Kang)
Date: Wed Mar 15 18:38:54 2000
Subject: [pptp-server] problems installing mppe patch to PPP
Message-ID: <DFC46331B7D1D3118F99009027C3CFAB8215@MAIL2>

It worked! but no encryption
thanks for all your help. i have applied the patch, recompiled the pppd and
installed it.
Now from a win98 SE i can connect to the pptp server but if i select 'data
encryption' on the client side it gives me an error soemthing like the
'server doesn't support this type of encryption' i will post the exact error
message and number tomorrow. my guess is the encryption is not working or
the client side is not properly configured.
I have got the zip file but haven't gone through that yet.
any ideas about encryption stuff? how exactly do you verify that the data is
encrypted?
once again thanks a lot for all help, past and future.
Jandeep. 

-----Original Message-----
From: Emir Toktar [mailto:toktar at per.com.br]
Sent: Thursday, March 16, 2000 7:23 AM
To: Jandeep Kang
Subject: Re: [pptp-server] problems installing mppe patch to PPP


Can you have send me the log's and config files?  
By the way, do you receive the word file with sript  (not finished yet...)
and it's clear?  Any sugestion.
 
Bye
 
 
Emir Toktar.
Wednesday, 15 March, 2000 09:23 PM

----- Original Message ----- 
From: Jandeep Kang <mailto:jandeep at interspeed.com>  
To: 'Emir  <mailto:toktar at per.com.br> Toktar' 
Sent: Wednesday, 15 March, 2000 3:23 PM
Subject: RE: [pptp-server] problems installing mppe patch to PPP

Well, i have got into trouble before that!
i have a linux machine which i want to use both as a firewall and a VPN
server(with 2 NIC cards in it). when i try to connect to it from outside
using a win 98 SE machine the error it gives me is "the user name/password
is not valid on teh domain" but when i check the logs the problem is that
"input/output error" the "GRE write failure" and teh control connection gets
closed just after that. 
what i am doing wrong??
thanks in advance.

-----Original Message-----
From: Emir Toktar [mailto:toktar at per.com.br]
Sent: Wednesday, March 15, 2000 8:25 AM
To: Jandeep Kang
Subject: Re: [pptp-server] problems installing mppe patch to PPP


Grab the mppe patch from  http://www.moretonbay.com/vpn/releases/
<http://www.moretonbay.com/vpn/releases/>   and choise
<< save target as... >> on the link and save to directory, then applyed the
patch.
 
"
...
To talk to the new driver, pppd needs to be able to open /dev/ppp,
character device (108,0).  If the special file node /dev/ppp is not
present, pppd will create it.  However, if you are running with /dev
on a read-only filesystem, pppd will not be able to create /dev/ppp.
In that instance you should manually create /dev/ppp using the command
`mknod /dev/ppp c 108 0'.

If you use module autoloading and have PPP as a module, you will need
to add the following to your /etc/modules.conf or /etc/conf.modules:

alias tty-ldisc-3    ppp_async
alias tty-ldisc-14   ppp_synctty
alias char-major-108 ppp_generic
...
"
------------------------------------------------------------------------

I will install this week Red Hat 6.1/updates and ppp-2.3.11 and I will
modify the code ppp_mppe.c to force Data Encryption option on client or
refuse conection it. MPPE_BIT_ENCRYPTED - Bit D set to "1"). A old question
"...to Know is about to refuse any conection different of the ms-chapv2
(with data encryption options set)..."

Other thing, I was out any time and see some old e-mail about <auth 0x80> or
<auth 0x81> and question if was stasteless mode or what....?
The option <auth 0x80> MSCHAP or MSCHAPv1 is enabled by negotiating CHAP
algorithm 0X80 and <auth 0x81> MSCHAPv2 is enabled by negotiating CHAP
algorithm 0X81.

Stateless mode  ('H' bit is set 0x01) indicates that the sender wishes to
negotiate the use of stataless mode, in whith the session key is changed
after the TX fo each packet.

Sorry if this information above is not relevant!
----------------------------------------------------------------------------

If works, reply to me please.

 
Best Regards
 
Emir Toktar

----- Original Message ----- 
From: Jandeep Kang <mailto:jandeep at interspeed.com>  
To: 'Emir  <mailto:toktar at per.com.br> Toktar' 
Sent: Tuesday, 14 March, 2000 9:41 PM
Subject: RE: [pptp-server] problems installing mppe patch to PPP

but it has got an extention "gz". i will try just applying the patch.
know anything about 128 bit encryption. where to get it?
Thanks, Jandeep.

-----Original Message-----
From: Emir Toktar [ mailto:toktar at per.com.br <mailto:toktar at per.com.br> ]
Sent: Wednesday, March 15, 2000 7:40 AM
To: Jandeep Kang
Subject: Re: [pptp-server] problems installing mppe patch to PPP


This file is not gzip. Save the file and applied the path -p0< ....
 
Emir

----- Original Message ----- 
From: Jandeep Kang <mailto:jandeep at interspeed.com>  
To: Pptp Mailing List  <mailto:pptp-server at lists.schulte.org> (E-mail) 
Sent: Tuesday, 14 March, 2000 9:27 PM
Subject: [pptp-server] problems installing mppe patch to PPP


Hello everybody, 
I have been trying to reinstall the pptp so I got ppp 2.3.10 and was trying
to patch it with the mppe patch file from the
<http://www.moretonbay.com/vpn/releases> www.moretonbay.com/vpn/releases

Web site. The problem is whichever way I download the
ppp-2_3_10-openssl-norc4-mppe_patch.gz and when I try to gunzip it, it says
it is not a valid gzip file!?

My guess is downloading via http to a win NT machine is corrupting the
patch. Is it available somewhere else via ftp? How did you solve this
problem?

Secondly, will this give me 40 bit encryption? Where do I get a patch if I
have to do 128 bit encryption? 
Please help. 
Thanks in advance. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/5e9f17ae/attachment.html>

From jandeep at interspeed.com  Wed Mar 15 18:42:22 2000
From: jandeep at interspeed.com (Jandeep Kang)
Date: Wed Mar 15 18:42:22 2000
Subject: [pptp-server] NetBios issue - Help Please
Message-ID: <DFC46331B7D1D3118F99009027C3CFAB8216@MAIL2>

Thanks Kevin, it worked. i have another problem though. if i select 'data
encryption' on the win98 SE client, it doesn't connect gives out some error
about this particular type of encryption not supported. ever had similar
problems? how to fix this? i had applied the
ppp-2_3_10-openssl-norc4-mppe.patch from www.moretonbay.com/vpn
<http://www.moretonbay.com/vpn> 
but looks like it doesn't work!
secondly, assuming it works, how do you verify that your data is actually
encrypted?
Thanks,
Jandeep.

-----Original Message-----
From: tmk [mailto:tmk at netmagic.net]
Sent: Wednesday, March 15, 2000 7:36 PM
To: Jandeep Kang; Pptp Mailing List (E-mail)
Subject: Re: [pptp-server] NetBios issue - Help Please


use either the ms-wins <ip addr> or hardcode the address of the wins server
into the client's dial up settings.
 
make sure you can ping the wins server as well
 
Kevin

----- Original Message ----- 
From: Jandeep Kang <mailto:jandeep at interspeed.com>  
To: Pptp Mailing List (E-mail) <mailto:pptp-server at lists.schulte.org>  
Sent: Wednesday, March 15, 2000 2:57 PM
Subject: [pptp-server] NetBios issue - Help Please


I am able to log in using win98 SE client to 2.3.10 ppp on red hat 6.1 linux
with 2.2.12-20 kernel. The problem is I can"t see anything in the network
neighbourhood, but I can ping everything in the network by IP or by name.
But I can't find a computer in the internal network using network
neighbourhood. I have the "use default route on the network" clicked since
the WINS server is on a different subnet.

Anybody had the similar problem? Am I missing something? 
Thanks in advance, 
Jandeep. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/fdb91172/attachment.html>

From toktar at per.com.br  Wed Mar 15 18:43:01 2000
From: toktar at per.com.br (Emir Toktar)
Date: Wed Mar 15 18:43:01 2000
Subject: [pptp-server] NetBios issue - Help Please
References: <DFC46331B7D1D3118F99009027C3CFAB8214@MAIL2>
Message-ID: <008101bf8f45$23cf8060$010010ac@crypto.net>

NetBios issue - Help PleaseLook which is the subnet mask.
If  I'm not mistakes, likes sound diferent subnet mask in dual-homed server.
If is the case, use netmask parameter in the options file.

Good Lock

Emir Toktar

+55 2141 232-4570
toktar at per.com.br
emir.toktar at bra.xerox.com
toktar at ppgia.pucpr.br

Here is other parameters to use and set up in conections (MRU and others):

require-pap "Require PAP authentication from peer"
+pap  "Require PAP authentication from peer"
refuse-pap "Don't agree to auth to peer with PAP"
-pap "Don't allow PAP authentication with peer"
require-chap "Require CHAP authentication from peer"
+chap "Require CHAP authentication from peer"
refuse-chap "Don't agree to auth to peer with CHAP"
-chap "Don't allow CHAP authentication with peer"
refuse-chap-md5 "Don't allow md5-digest style CHAP"
-chap-md5 "Don't allow md5-digest style CHAP"
name "Set local name for authentication"
user "Set name for auth with peer"
usehostname "Must use hostname for authentication"
remotename "Set remote name for authentication"
auth "Require authentication from peer"
noauth "Don't require peer to authenticate"
login "Use system password database for PAP"
papcrypt "PAP passwords are encrypted"
+ua "Get PAP user and password from file"
privgroup "Allow group members to use privileged options"
require-chapms "Require MSCHAP (v1) authentication"
+chapms "Require MSCHAP (v1) authentication"
refuse-chapms "Refuse MSCHAP (v1) authentication"
-chapms "Refuse MSCHAP (v1) authentication"
require-chapms-v2 "Require MSCHAP-v2 authentication"
+chapms-v2 "Require MSCHAP-v2 authentication"
refuse-chapms-v2 "Refuse MSCHAP-v2 authentication"
-chapms-v2 "Refuse MSCHAP-v2 authentication"
noccp "Disable CCP negotiation"
-ccp "Disable CCP negotiation"
bsdcomp "Request BSD-Compress packet compression"
-bsdcomp "don't allow BSD-Compress"
deflate "request Deflate compression"
nodeflate "don't allow Deflate compression"
-deflate "don't allow Deflate compression"
nodeflatedraft "don't use draft deflate #"
predictor1 "request Predictor-1"
nopredictor1 "don't allow Predictor-1"
-predictor1 "don't allow Predictor-1"
mppe-40 "Allow 40 bit MPPE encryption"
+mppe-40 "Allow 40 bit MPPE encryption"
nomppe-40 "Disallow 40 bit MPPE encryption"
-mppe-40 "Disallow 40 bit MPPE encryption"
mppe-128 "Allow 128 bit MPPE encryption"
+mppe-128 "Allow 128 bit MPPE encryption"
nomppe-128 "Disallow 128 bit MPPE encryption"
-mppe-128 "Disallow 128 bit MPPE encryption"
mppe-stateless "Allow stateless MPPE encryption"
+mppe-stateless "Allow stateless MPPE encryption"
nomppe-stateless "Disallow stateless MPPE encryption"
-mppe-stateless "Disallow stateless MPPE encryption"
noaccomp "Disable address/control compression"
-ac "Disable address/control compression"
default-asyncmap "Disable asyncmap negotiation"
-am "Disable asyncmap negotiation"
asyncmap "Set asyncmap (for received packets)"
-as "Set asyncmap (for received packets)"
nomagicnumber "Disable magic number negotiation (looped-back line
detection)"
-mn "Disable magic number negotiation (looped-back line detection)"
default-mru "Disable MRU negotiation (use default 1500)"
-mru "Disable MRU negotiation (use default 1500)"
mru "Set MRU (maximum received packet size) for negotiation"
nopcomp "Disable protocol field compression"
-pc "Disable protocol field compression"
-p "Set passive mode"
passive "Set passive mode"
silent "Set silent mode"
escape "List of character codes to escape on transmission"
lcp-echo-failure "Set number of consecutive echo failures to indicate link
failure"
lcp-echo-interval "Set time in seconds between LCP echo requests"
lcp-restart "Set time in seconds between LCP retransmissions"
lcp-max-terminate "Set maximum number of LCP terminate-request
transmissions"
lcp-max-configure "Set maximum number of LCP configure-request
transmissions"
lcp-max-failure "Set limit on number of LCP configure-naks"
receive-all "Accept all received control characters"
asyncmap  <map>
auth
call  name
callback  phone
nocallback
+callback
connect  script
crtscts
cdtrcts
defaultroute
disconnect  script
escape  xx,yy,...
file  name
lock
mru  n
mtu  n
passive
<local_IP_address>:<remote_IP_address>
active-filter  filter-expression
bsdcomp  nr,nt
chap-interval  n
chap-max-challenge  n
chap-restart  n
debug
default-asyncmap
default-mru
deflate  nr,nt
demand
domain  d
hide-password
holdoff  n
idle  n
ip
Ipcp-accept-local
ipcp-accept-remote
ipcp-max-configure  n
Ipcp-max-failure  n
ipcp-max-terminate  n
ipcp-restart  n
ipparam  string
ipx
ipx-network  n
ipx-node  n : m
ipx-router-name  <string>
ipx-routing  n
ipxcp-accept-local
ipxcp-accept-network
ipxcp-accept-remote
ipxcp-max-configure  n
ipxcp-max-failure  n
ipxcp-max-terminate  n
kdebug  n
lcp-echo-failure  n
lcp-echo-interval  n
lcp-max-configure  n
lcp-max-failure  n
lcp-max-terminate  n
lcp-restart  n
local
login
maxconnect  n
modem
ms-dns  <addr>
ms-wins  <addr>
name  name
netmask n (255.255.255.0)
Noaccomp
Noauth
Nobsdcomp
Noccp
Nocrtscts
Nodtrcts
Nodefaultroute
nodeflate
nodetach
noip
noipdefault
noipx
nomagic
nopcomp
nopersist
nopredictor1
noproxyarp
notty
novj
novjccomp
papcrypt
pap-max-authreq  n
pap-restart  n
pap-timeout  n
pass-filter filter-expression
persist
predictor1
privgroup  group-name
proxyarp
pty  script
receive-all
record  filename
remotename  name
refuse-chap-md5
silent
sync
usehostname
user  name
vj-max-slots  n
welcome  script
xonxoff

and more. See man to help.

----- Original Message -----
From: Jandeep Kang
To: Pptp Mailing List (E-mail)
Sent: Wednesday, 15 March, 2000 7:57 PM
Subject: [pptp-server] NetBios issue - Help Please


I am able to log in using win98 SE client to 2.3.10 ppp on red hat 6.1 linux
with 2.2.12-20 kernel. The problem is I can"t see anything in the network
neighbourhood, but I can ping everything in the network by IP or by name.
But I can't find a computer in the internal network using network
neighbourhood. I have the "use default route on the network" clicked since
the WINS server is on a different subnet.
Anybody had the similar problem? Am I missing something?
Thanks in advance,
Jandeep.




From toktar at per.com.br  Wed Mar 15 18:55:10 2000
From: toktar at per.com.br (Emir Toktar)
Date: Wed Mar 15 18:55:10 2000
Subject: [pptp-server] problems installing mppe patch to PPP
References: <DFC46331B7D1D3118F99009027C3CFAB8215@MAIL2>
Message-ID: <009001bf8f46$f4ab1a40$010010ac@crypto.net>

problems installing mppe patch to PPPI think that the error is on client side or you recompile with MS-CHAP different version that you is using on clients. Look the log if is <auth 80> or <auth 81>, or be, ms-chap v1 or v2, and there are a bit different between them.  

" Where possible, MS-CHAP-V2 is consistent with both MS-CHAP-V1 and standard CHAP. Briefly, the differences between MS-CHAP-V2 and MS-CHAP- V1 are:
* MS-CHAP-V2 is enabled by negotiating CHAP Algorithm 0x81 in LCP option 3, Authentication Protocol.

* MS-CHAP-V2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator reponse on the Success packet.

* The calculation of the "Windows NT compatible challenge response" sub-field in the Response packet has been changed to include the peer challenge and the user name.

* In MS-CHAP-V1, the "LAN Manager compatible challenge response" sub-field was always sent in the Response packet. This field has been replaced in MS-CHAP-V2 by the Peer-Challenge field.

* The format of the Message field in the Failure packet has been changed.

* The Change Password (version 1) and Change Password (version 2) packets are no longer supported. They have been replaced with a single Change-Password packet.

The LCP configuration for MS-CHAP-V2 is identical to that for standard CHAP, except that the Algorithm field has value 0x81, rather than the MD5 value 0x05. PPP implementations which do not support MS-CHAP-V2, but correctly implement LCP Config-Rej, should have no problem dealing with this non-standard option."

There are updates to MS DUN that cause any problems and disconections without sense (???). I had one problem similar this the last year and after I update the DUN worked fine.

Emir Toktar

+55 2141 232-4570
toktar at per.com.br
emir.toktar at bra.xerox.com
toktar at ppgia.pucpr.br



  ----- Original Message ----- 
  From: Jandeep Kang 
  To: 'Emir Toktar' 
  Cc: Pptp Mailing List (E-mail) 
  Sent: Wednesday, 15 March, 2000 9:34 PM
  Subject: RE: [pptp-server] problems installing mppe patch to PPP


  It worked! but no encryption
  thanks for all your help. i have applied the patch, recompiled the pppd and installed it.
  Now from a win98 SE i can connect to the pptp server but if i select 'data encryption' on the client side it gives me an error soemthing like the 'server doesn't support this type of encryption' i will post the exact error message and number tomorrow. my guess is the encryption is not working or the client side is not properly configured.
  I have got the zip file but haven't gone through that yet.
  any ideas about encryption stuff? how exactly do you verify that the data is encrypted?
  once again thanks a lot for all help, past and future.
  Jandeep. 
    -----Original Message-----
    From: Emir Toktar [mailto:toktar at per.com.br]
    Sent: Thursday, March 16, 2000 7:23 AM
    To: Jandeep Kang
    Subject: Re: [pptp-server] problems installing mppe patch to PPP


    Can you have send me the log's and config files?  
    By the way, do you receive the word file with sript  (not finished yet...) and it's clear?  Any sugestion.

    Bye

     
    Emir Toktar.
    Wednesday, 15 March, 2000 09:23 PM
      ----- Original Message ----- 
      From: Jandeep Kang 
      To: 'Emir Toktar' 
      Sent: Wednesday, 15 March, 2000 3:23 PM
      Subject: RE: [pptp-server] problems installing mppe patch to PPP


      Well, i have got into trouble before that!
      i have a linux machine which i want to use both as a firewall and a VPN server(with 2 NIC cards in it). when i try to connect to it from outside using a win 98 SE machine the error it gives me is "the user name/password is not valid on teh domain" but when i check the logs the problem is that "input/output error" the "GRE write failure" and teh control connection gets closed just after that. 
      what i am doing wrong??
      thanks in advance.
        -----Original Message-----
        From: Emir Toktar [mailto:toktar at per.com.br]
        Sent: Wednesday, March 15, 2000 8:25 AM
        To: Jandeep Kang
        Subject: Re: [pptp-server] problems installing mppe patch to PPP


        Grab the mppe patch from  http://www.moretonbay.com/vpn/releases/  and choise
        << save target as... >> on the link and save to directory, then applyed the patch.

        "
        ...
        To talk to the new driver, pppd needs to be able to open /dev/ppp,
        character device (108,0).  If the special file node /dev/ppp is not
        present, pppd will create it.  However, if you are running with /dev
        on a read-only filesystem, pppd will not be able to create /dev/ppp.
        In that instance you should manually create /dev/ppp using the command
        `mknod /dev/ppp c 108 0'.

        If you use module autoloading and have PPP as a module, you will need
        to add the following to your /etc/modules.conf or /etc/conf.modules:

        alias tty-ldisc-3    ppp_async
        alias tty-ldisc-14   ppp_synctty
        alias char-major-108 ppp_generic
        ...
        "
        ------------------------------------------------------------------------

        I will install this week Red Hat 6.1/updates and ppp-2.3.11 and I will
        modify the code ppp_mppe.c to force Data Encryption option on client or
        refuse conection it. MPPE_BIT_ENCRYPTED - Bit D set to "1"). A old question
        "...to Know is about to refuse any conection different of the ms-chapv2
        (with data encryption options set)..."

        Other thing, I was out any time and see some old e-mail about <auth 0x80> or
        <auth 0x81> and question if was stasteless mode or what....?
        The option <auth 0x80> MSCHAP or MSCHAPv1 is enabled by negotiating CHAP
        algorithm 0X80 and <auth 0x81> MSCHAPv2 is enabled by negotiating CHAP
        algorithm 0X81.

        Stateless mode  ('H' bit is set 0x01) indicates that the sender wishes to
        negotiate the use of stataless mode, in whith the session key is changed
        after the TX fo each packet.

        Sorry if this information above is not relevant!
        ----------------------------------------------------------------------------

        If works, reply to me please.


        Best Regards

        Emir Toktar
          ----- Original Message ----- 
          From: Jandeep Kang 
          To: 'Emir Toktar' 
          Sent: Tuesday, 14 March, 2000 9:41 PM
          Subject: RE: [pptp-server] problems installing mppe patch to PPP


          but it has got an extention "gz". i will try just applying the patch.
          know anything about 128 bit encryption. where to get it?
          Thanks, Jandeep.
            -----Original Message-----
            From: Emir Toktar [mailto:toktar at per.com.br]
            Sent: Wednesday, March 15, 2000 7:40 AM
            To: Jandeep Kang
            Subject: Re: [pptp-server] problems installing mppe patch to PPP


            This file is not gzip. Save the file and applied the path -p0< ....

            Emir
              ----- Original Message ----- 
              From: Jandeep Kang 
              To: Pptp Mailing List (E-mail) 
              Sent: Tuesday, 14 March, 2000 9:27 PM
              Subject: [pptp-server] problems installing mppe patch to PPP


              Hello everybody, 
              I have been trying to reinstall the pptp so I got ppp 2.3.10 and was trying to patch it with the mppe patch file from the www.moretonbay.com/vpn/releases

              Web site. The problem is whichever way I download the ppp-2_3_10-openssl-norc4-mppe_patch.gz and when I try to gunzip it, it says it is not a valid gzip file!?

              My guess is downloading via http to a win NT machine is corrupting the patch. Is it available somewhere else via ftp? How did you solve this problem?

              Secondly, will this give me 40 bit encryption? Where do I get a patch if I have to do 128 bit encryption? 
              Please help. 
              Thanks in advance. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/331fe80a/attachment.html>

From don at lindner2k.com  Wed Mar 15 18:57:49 2000
From: don at lindner2k.com (Don Lindner)
Date: Wed Mar 15 18:57:49 2000
Subject: [pptp-server] Error with select() ?...
References: <002801bf8ece$a3cb9aa0$0800000a@lindner2k.com> <000901bf8edf$7fc2fe80$071c0fc0@lala.net>
Message-ID: <000b01bf8ee2$943ad560$0800000a@lindner2k.com>

Thanks, I'll do the vpn reinstall and get back to you.

With regard to my connection -- my connection provider is PacBell, and I run
my own domain here. My connection is supposed to be unrestricted, and know
for a fact that several of my customers who also use PacBell currently
authenticate into vpn's via NT machines routinely.

The host is on PacBell as well, and my boss has been making vpn connections
to an NT box on the same subnet.

Also, I've been using a DUN connection to PacBell for testing to remove masq
as a point of troubleshooting. AFAIK, all of my binaries and libs are
current. This server is a very new install.

- Don

----- Original Message -----
From: "tmk" <tmk at netmagic.net>
To: <pptp-server at lists.schulte.org>
Sent: Wednesday, March 15, 2000 4:35 PM
Subject: Re: [pptp-server] Error with select() ?...


> uninstall vpn then reinstall.. (use the control-panel, add remove, windows
> setup, communications, vpn)
>
> it may also be a dsl issue.. some dsl providers do NAT on their subnets..
> make sure GRE can get to the linux server ok.. also call your dsl provider
> to make sure you have a 'real' internet connection





From don at lindner2k.com  Wed Mar 15 19:31:14 2000
From: don at lindner2k.com (Don Lindner)
Date: Wed Mar 15 19:31:14 2000
Subject: [pptp-server] Error with select() ?...
References: <002801bf8ece$a3cb9aa0$0800000a@lindner2k.com> <000901bf8edf$7fc2fe80$071c0fc0@lala.net>
Message-ID: <000701bf8ee7$48b256e0$0800000a@lindner2k.com>

The vpn reinstall did not work.

Also:

[root at spr0cket /root]# ipchains -L
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     all  ------  10.0.0.0/8           63.201.xxx.xxx/29      n/a
DENY       tcp  ------  anywhere             63.201.xxx.xxx/29      any ->
teln
et
DENY       udp  ------  anywhere             63.201.xxx.xxx/29      any ->
23
DENY       tcp  ------  anywhere             63.201.xxx.xxx/29      any ->
pop3
DENY       udp  ------  anywhere             63.201.xxx.xxx/29      any ->
pop3
DENY       tcp  ------  anywhere             63.201.xxx.xxx/29      any ->
netb
ios-ns
DENY       udp  ------  anywhere             63.201.xxx.xxx/29      any ->
netb
ios-ns
DENY       tcp  ------  anywhere             63.201.xxx.xxx/29      any ->
netb
ios-dgm
DENY       udp  ------  anywhere             63.201.xxx.xxx/29      any ->
netb
ios-dgm
DENY       tcp  ------  anywhere             63.201.xxx.xxx/29      any ->
netb
ios-ssn
DENY       udp  ------  anywhere             63.201.xxx.xxx/29      any ->
netb
ios-ssn
Chain forward (policy ACCEPT):
target     prot opt     source                destination           ports
MASQ       all  ------  10.0.0.0/8           anywhere              n/a
Chain output (policy ACCEPT):

----- Original Message -----
From: "tmk" <tmk at netmagic.net>
To: <pptp-server at lists.schulte.org>
Sent: Wednesday, March 15, 2000 4:35 PM
Subject: Re: [pptp-server] Error with select() ?...


> uninstall vpn then reinstall.. (use the control-panel, add remove, windows
> setup, communications, vpn)





From tmk at netmagic.net  Wed Mar 15 19:37:15 2000
From: tmk at netmagic.net (tmk)
Date: Wed Mar 15 19:37:15 2000
Subject: [pptp-server] NetBios issue - Help Please
References: <DFC46331B7D1D3118F99009027C3CFAB8216@MAIL2>
Message-ID: <002101bf8ee8$6befd5a0$071c0fc0@lala.net>

NetBios issue - Help Pleasethis may sound silly, but make sure you put the appropriate encryption lines in the ppp options file and that the mppe module is loaded

Kevin
  ----- Original Message ----- 
  From: Jandeep Kang 
  To: 'tmk' 
  Cc: Pptp Mailing List (E-mail) 
  Sent: Wednesday, March 15, 2000 4:39 PM
  Subject: RE: [pptp-server] NetBios issue - Help Please


  Thanks Kevin, it worked. i have another problem though. if i select 'data encryption' on the win98 SE client, it doesn't connect gives out some error about this particular type of encryption not supported. ever had similar problems? how to fix this? i had applied the ppp-2_3_10-openssl-norc4-mppe.patch from www.moretonbay.com/vpn
  but looks like it doesn't work!
  secondly, assuming it works, how do you verify that your data is actually encrypted?
  Thanks,
  Jandeep.
    -----Original Message-----
    From: tmk [mailto:tmk at netmagic.net]
    Sent: Wednesday, March 15, 2000 7:36 PM
    To: Jandeep Kang; Pptp Mailing List (E-mail)
    Subject: Re: [pptp-server] NetBios issue - Help Please


    use either the ms-wins <ip addr> or hardcode the address of the wins server into the client's dial up settings.

    make sure you can ping the wins server as well

    Kevin
      ----- Original Message ----- 
      From: Jandeep Kang 
      To: Pptp Mailing List (E-mail) 
      Sent: Wednesday, March 15, 2000 2:57 PM
      Subject: [pptp-server] NetBios issue - Help Please


      I am able to log in using win98 SE client to 2.3.10 ppp on red hat 6.1 linux with 2.2.12-20 kernel. The problem is I can"t see anything in the network neighbourhood, but I can ping everything in the network by IP or by name. But I can't find a computer in the internal network using network neighbourhood. I have the "use default route on the network" clicked since the WINS server is on a different subnet.

      Anybody had the similar problem? Am I missing something? 
      Thanks in advance, 
      Jandeep. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000315/a9dc3da1/attachment.html>

From tmk at netmagic.net  Wed Mar 15 19:42:38 2000
From: tmk at netmagic.net (tmk)
Date: Wed Mar 15 19:42:38 2000
Subject: [pptp-server] Error with select() ?...
References: <002801bf8ece$a3cb9aa0$0800000a@lindner2k.com> <000901bf8edf$7fc2fe80$071c0fc0@lala.net> <000701bf8ee7$48b256e0$0800000a@lindner2k.com>
Message-ID: <002d01bf8ee9$305404c0$071c0fc0@lala.net>

ok
try flushing all your firewall rules and trying again.. just to be sure.

hmm
had a better look at your symptoms.. it appears that everything is getting
through ok (ppp was able to authenticate)

it looks to be dying on the ppp options side - maybe it cant have some
option it needs? try fiddling with the settings on the client side.. also a
dump of your server ppp config file would be nice.. and debug output from
pppd =)

Kevin
----- Original Message -----
From: Don Lindner <don at lindner2k.com>
To: <pptp-server at lists.schulte.org>
Sent: Wednesday, March 15, 2000 5:30 PM
Subject: Re: [pptp-server] Error with select() ?...


> The vpn reinstall did not work.
>
> Also:
>
> [root at spr0cket /root]# ipchains -L
> Chain input (policy ACCEPT):
> target     prot opt     source                destination           ports
> ACCEPT     all  ------  10.0.0.0/8           63.201.xxx.xxx/29      n/a
> DENY       tcp  ------  anywhere             63.201.xxx.xxx/29      any ->
> teln
> et
> DENY       udp  ------  anywhere             63.201.xxx.xxx/29      any ->
> 23
> DENY       tcp  ------  anywhere             63.201.xxx.xxx/29      any ->
> pop3
> DENY       udp  ------  anywhere             63.201.xxx.xxx/29      any ->
> pop3
> DENY       tcp  ------  anywhere             63.201.xxx.xxx/29      any ->
> netb
> ios-ns
> DENY       udp  ------  anywhere             63.201.xxx.xxx/29      any ->
> netb
> ios-ns
> DENY       tcp  ------  anywhere             63.201.xxx.xxx/29      any ->
> netb
> ios-dgm
> DENY       udp  ------  anywhere             63.201.xxx.xxx/29      any ->
> netb
> ios-dgm
> DENY       tcp  ------  anywhere             63.201.xxx.xxx/29      any ->
> netb
> ios-ssn
> DENY       udp  ------  anywhere             63.201.xxx.xxx/29      any ->
> netb
> ios-ssn
> Chain forward (policy ACCEPT):
> target     prot opt     source                destination           ports
> MASQ       all  ------  10.0.0.0/8           anywhere              n/a
> Chain output (policy ACCEPT):
>
> ----- Original Message -----
> From: "tmk" <tmk at netmagic.net>
> To: <pptp-server at lists.schulte.org>
> Sent: Wednesday, March 15, 2000 4:35 PM
> Subject: Re: [pptp-server] Error with select() ?...
>
>
> > uninstall vpn then reinstall.. (use the control-panel, add remove,
windows
> > setup, communications, vpn)
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From tmk at netmagic.net  Wed Mar 15 19:45:13 2000
From: tmk at netmagic.net (tmk)
Date: Wed Mar 15 19:45:13 2000
Subject: [pptp-server] NetBios issue - Help Please
References: <DFC46331B7D1D3118F99009027C3CFAB8214@MAIL2> <008101bf8f45$23cf8060$010010ac@crypto.net>
Message-ID: <003301bf8ee9$8c3263e0$071c0fc0@lala.net>

last i looked into it, pppd did NOT set netmasks properly even if specified
in the config file.. it may tell the client the right one though.. anyone
have more recent experience here? i am rusty.

it may be possible to use the ip-up script that pppd runs when a connection
happens and set the netmask there, but that is server side only..

Kevin
----- Original Message -----
From: Emir Toktar <toktar at per.com.br>
To: Jandeep Kang <jandeep at interspeed.com>
Cc: Pptp Mailing List (E-mail) <pptp-server at lists.schulte.org>
Sent: Thursday, March 16, 2000 4:42 AM
Subject: Re: [pptp-server] NetBios issue - Help Please


> NetBios issue - Help PleaseLook which is the subnet mask.
> If  I'm not mistakes, likes sound diferent subnet mask in dual-homed
server.
> If is the case, use netmask parameter in the options file.
>
> Good Lock
>
> Emir Toktar
>
> +55 2141 232-4570
> toktar at per.com.br
> emir.toktar at bra.xerox.com
> toktar at ppgia.pucpr.br
>
> Here is other parameters to use and set up in conections (MRU and others):
>
> require-pap "Require PAP authentication from peer"
> +pap  "Require PAP authentication from peer"
> refuse-pap "Don't agree to auth to peer with PAP"
> -pap "Don't allow PAP authentication with peer"
> require-chap "Require CHAP authentication from peer"
> +chap "Require CHAP authentication from peer"
> refuse-chap "Don't agree to auth to peer with CHAP"
> -chap "Don't allow CHAP authentication with peer"
> refuse-chap-md5 "Don't allow md5-digest style CHAP"
> -chap-md5 "Don't allow md5-digest style CHAP"
> name "Set local name for authentication"
> user "Set name for auth with peer"
> usehostname "Must use hostname for authentication"
> remotename "Set remote name for authentication"
> auth "Require authentication from peer"
> noauth "Don't require peer to authenticate"
> login "Use system password database for PAP"
> papcrypt "PAP passwords are encrypted"
> +ua "Get PAP user and password from file"
> privgroup "Allow group members to use privileged options"
> require-chapms "Require MSCHAP (v1) authentication"
> +chapms "Require MSCHAP (v1) authentication"
> refuse-chapms "Refuse MSCHAP (v1) authentication"
> -chapms "Refuse MSCHAP (v1) authentication"
> require-chapms-v2 "Require MSCHAP-v2 authentication"
> +chapms-v2 "Require MSCHAP-v2 authentication"
> refuse-chapms-v2 "Refuse MSCHAP-v2 authentication"
> -chapms-v2 "Refuse MSCHAP-v2 authentication"
> noccp "Disable CCP negotiation"
> -ccp "Disable CCP negotiation"
> bsdcomp "Request BSD-Compress packet compression"
> -bsdcomp "don't allow BSD-Compress"
> deflate "request Deflate compression"
> nodeflate "don't allow Deflate compression"
> -deflate "don't allow Deflate compression"
> nodeflatedraft "don't use draft deflate #"
> predictor1 "request Predictor-1"
> nopredictor1 "don't allow Predictor-1"
> -predictor1 "don't allow Predictor-1"
> mppe-40 "Allow 40 bit MPPE encryption"
> +mppe-40 "Allow 40 bit MPPE encryption"
> nomppe-40 "Disallow 40 bit MPPE encryption"
> -mppe-40 "Disallow 40 bit MPPE encryption"
> mppe-128 "Allow 128 bit MPPE encryption"
> +mppe-128 "Allow 128 bit MPPE encryption"
> nomppe-128 "Disallow 128 bit MPPE encryption"
> -mppe-128 "Disallow 128 bit MPPE encryption"
> mppe-stateless "Allow stateless MPPE encryption"
> +mppe-stateless "Allow stateless MPPE encryption"
> nomppe-stateless "Disallow stateless MPPE encryption"
> -mppe-stateless "Disallow stateless MPPE encryption"
> noaccomp "Disable address/control compression"
> -ac "Disable address/control compression"
> default-asyncmap "Disable asyncmap negotiation"
> -am "Disable asyncmap negotiation"
> asyncmap "Set asyncmap (for received packets)"
> -as "Set asyncmap (for received packets)"
> nomagicnumber "Disable magic number negotiation (looped-back line
> detection)"
> -mn "Disable magic number negotiation (looped-back line detection)"
> default-mru "Disable MRU negotiation (use default 1500)"
> -mru "Disable MRU negotiation (use default 1500)"
> mru "Set MRU (maximum received packet size) for negotiation"
> nopcomp "Disable protocol field compression"
> -pc "Disable protocol field compression"
> -p "Set passive mode"
> passive "Set passive mode"
> silent "Set silent mode"
> escape "List of character codes to escape on transmission"
> lcp-echo-failure "Set number of consecutive echo failures to indicate link
> failure"
> lcp-echo-interval "Set time in seconds between LCP echo requests"
> lcp-restart "Set time in seconds between LCP retransmissions"
> lcp-max-terminate "Set maximum number of LCP terminate-request
> transmissions"
> lcp-max-configure "Set maximum number of LCP configure-request
> transmissions"
> lcp-max-failure "Set limit on number of LCP configure-naks"
> receive-all "Accept all received control characters"
> asyncmap  <map>
> auth
> call  name
> callback  phone
> nocallback
> +callback
> connect  script
> crtscts
> cdtrcts
> defaultroute
> disconnect  script
> escape  xx,yy,...
> file  name
> lock
> mru  n
> mtu  n
> passive
> <local_IP_address>:<remote_IP_address>
> active-filter  filter-expression
> bsdcomp  nr,nt
> chap-interval  n
> chap-max-challenge  n
> chap-restart  n
> debug
> default-asyncmap
> default-mru
> deflate  nr,nt
> demand
> domain  d
> hide-password
> holdoff  n
> idle  n
> ip
> Ipcp-accept-local
> ipcp-accept-remote
> ipcp-max-configure  n
> Ipcp-max-failure  n
> ipcp-max-terminate  n
> ipcp-restart  n
> ipparam  string
> ipx
> ipx-network  n
> ipx-node  n : m
> ipx-router-name  <string>
> ipx-routing  n
> ipxcp-accept-local
> ipxcp-accept-network
> ipxcp-accept-remote
> ipxcp-max-configure  n
> ipxcp-max-failure  n
> ipxcp-max-terminate  n
> kdebug  n
> lcp-echo-failure  n
> lcp-echo-interval  n
> lcp-max-configure  n
> lcp-max-failure  n
> lcp-max-terminate  n
> lcp-restart  n
> local
> login
> maxconnect  n
> modem
> ms-dns  <addr>
> ms-wins  <addr>
> name  name
> netmask n (255.255.255.0)
> Noaccomp
> Noauth
> Nobsdcomp
> Noccp
> Nocrtscts
> Nodtrcts
> Nodefaultroute
> nodeflate
> nodetach
> noip
> noipdefault
> noipx
> nomagic
> nopcomp
> nopersist
> nopredictor1
> noproxyarp
> notty
> novj
> novjccomp
> papcrypt
> pap-max-authreq  n
> pap-restart  n
> pap-timeout  n
> pass-filter filter-expression
> persist
> predictor1
> privgroup  group-name
> proxyarp
> pty  script
> receive-all
> record  filename
> remotename  name
> refuse-chap-md5
> silent
> sync
> usehostname
> user  name
> vj-max-slots  n
> welcome  script
> xonxoff
>
> and more. See man to help.
>
> ----- Original Message -----
> From: Jandeep Kang
> To: Pptp Mailing List (E-mail)
> Sent: Wednesday, 15 March, 2000 7:57 PM
> Subject: [pptp-server] NetBios issue - Help Please
>
>
> I am able to log in using win98 SE client to 2.3.10 ppp on red hat 6.1
linux
> with 2.2.12-20 kernel. The problem is I can"t see anything in the network
> neighbourhood, but I can ping everything in the network by IP or by name.
> But I can't find a computer in the internal network using network
> neighbourhood. I have the "use default route on the network" clicked since
> the WINS server is on a different subnet.
> Anybody had the similar problem? Am I missing something?
> Thanks in advance,
> Jandeep.
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From mikea at maketi.com  Wed Mar 15 21:24:25 2000
From: mikea at maketi.com (Michael Armstrong)
Date: Wed Mar 15 21:24:25 2000
Subject: [pptp-server] NT compression revisited
Message-ID: <38D053FF.FFB55C5E@maketi.com>

I've seen this issue several times over the last few months with no
apparent resolution, so I'll pose the problem again.
My configuration is as follows.

client--> Internet --> Firewall -->PPTP Server(RedHat 6.1 w/ PoPToP) -->
Destination Lan

When the client is Win98 running patches, I connect/authenticate and run
perfectly with MS-CHAP-V2 and strong encryption

When the client is Windoze NT.
    Running the client with No encryption gives perfect
connection/authentication and data transmission
    Running the client with Encryption allows the
connection/authentication, but any attempt to access the internal
network gives a slew of "unsupported protocol" messages.

The Windoze NT  configuration which doesn't work is:
NT 4.0 workstation, SP6a, 128 bit edition
Software compression disabled
PPP LCP extensions enabled
TCP settings: server assigned address, server assigned DNS, no IP header
compression, Use default gateway on remote NW
M/S encrypted authentication required, Data encryption required.

The Windoze NT configuration which does work is the same as above but
with No Data encryption required.

The Firewall configuration is:
Red Hat 6.0 with masquerade patches
ipmasqadm and ipfwd running for control ports and GRE.

The internal pptp server configuration is:
Kernel 2.2.12 (Red Hat H6.1)
pptpd 1.0.0
ppp-2.3.10 with ppp-2.3.10-mppe patches
SSLeay 0.6.6b

ppp options file is configured as follows:
lock
debug
name altbier
auth
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
proxyarp

pptpd.conf file is:
speed 115200
debug
localip xx.xx.xx.xx
remoteip yy.yy.yy.zz (zz=200-203)

The log file is attached.  Any help would be IMMENSELY appreciated.

Thanks,
MikeA


Mar 15 18:10:32 altbier pppd[918]: pppd 2.3.10 started by root, uid 0
Mar 15 18:10:32 altbier pppd[918]: Using interface ppp0
Mar 15 18:10:32 altbier pppd[918]: Connect: ppp0 <--> /dev/pts/3
Mar 15 18:10:32 altbier pppd[918]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap 81> <magic 0xa1d1f1de> <pcomp> <accomp>]
Mar 15 18:10:32 altbier pppd[918]: Timeout 0x8050164:0x8077660 in 3
seconds.
Mar 15 18:10:32 altbier pppd[918]: rcvd [LCP ConfReq id=0x0 <magic
0x790a> <pcomp> <accomp> < 0d 03 06>]
Mar 15 18:10:32 altbier pppd[918]: lcp_reqci: rcvd unknown option 13
Mar 15 18:10:32 altbier pppd[918]: lcp_reqci: returning CONFREJ.
Mar 15 18:10:32 altbier pppd[918]: sent [LCP ConfRej id=0x0 < 0d 03 06>]

Mar 15 18:10:32 altbier pppd[918]: rcvd [LCP ConfNak id=0x1 <asyncmap
0xffffffff>]
Mar 15 18:10:32 altbier pppd[918]: Untimeout 0x8050164:0x8077660.
Mar 15 18:10:32 altbier pppd[918]: sent [LCP ConfReq id=0x2 <auth chap
81> <magic 0xa1d1f1de> <pcomp> <accomp>]
Mar 15 18:10:32 altbier pppd[918]: Timeout 0x8050164:0x8077660 in 3
seconds.
Mar 15 18:10:32 altbier pppd[918]: rcvd [LCP ConfReq id=0x1 <magic
0x790a> <pcomp> <accomp>]
Mar 15 18:10:32 altbier pppd[918]: lcp_reqci: returning CONFACK.
Mar 15 18:10:32 altbier pppd[918]: sent [LCP ConfAck id=0x1 <magic
0x790a> <pcomp> <accomp>]
Mar 15 18:10:32 altbier pppd[918]: rcvd [LCP ConfAck id=0x2 <auth chap
81> <magic 0xa1d1f1de> <pcomp> <accomp>]
Mar 15 18:10:33 altbier pppd[918]: Untimeout 0x8050164:0x8077660.
Mar 15 18:10:33 altbier pppd[918]: sent [CHAP Challenge id=0x1
<583633f4cdf03b53c55e8ed5ec4dc3e7>, name = "altbier"]
Mar 15 18:10:33 altbier pppd[918]: Timeout 0x80558c0:0x8077940 in 3
seconds.
Mar 15 18:10:33 altbier pppd[918]: rcvd [LCP code=0xc id=0x2 00 00 79 0a
4d 53 52 41 53 56 34 2e 30 30]
Mar 15 18:10:33 altbier pppd[918]: sent [LCP CodeRej id=0x3 0c 02 00 12
00 00 79 0a 4d 53 52 41 53 56 34 2e 30 30]
Mar 15 18:10:33 altbier pppd[918]: rcvd [LCP code=0xc id=0x3 00 00 79 0a
4d 53 52 41 53 2d 31 2d 50 4f 49 4e 44 45 58 54 45 52]
Mar 15 18:10:33 altbier pppd[918]: sent [LCP CodeRej id=0x4 0c 03 00 1a
00 00 79 0a 4d 53 52 41 53 2d 31 2d 50 4f 49 4e 44 45 58 54 45 52]
Mar 15 18:10:33 altbier pppd[918]: rcvd [CHAP Response id=0x1
<6add6f360dd7194d1a64d353519d7c980000000000000000105e4588c6cd6205215c50af6a21dc030f4c69950e41fdf600>,
name = "joeuser"]
Mar 15 18:10:33 altbier pppd[918]: Untimeout 0x80558c0:0x8077940.
Mar 15 18:10:33 altbier pppd[918]: ChapReceiveResponse: rcvd type
MS-CHAP-V2
Mar 15 18:10:33 altbier pppd[918]: sent [CHAP Success id=0x1
"S=40BB601C27759F0B01B770B88E22C6D2FA77BB02"]
Mar 15 18:10:33 altbier pppd[918]: sent [IPCP ConfReq id=0x1 <addr
xx.xx.xx.xx> <compress VJ 0f 01>]
Mar 15 18:10:33 altbier pppd[918]: Timeout 0x8050164:0x80778c0 in 3
seconds.
Mar 15 18:10:33 altbier pppd[918]: sent [CCP ConfReq id=0x1 <deflate 15>
<deflate(old#) 15> <mppe 0 0 0 60> <bsd v1 15>]
Mar 15 18:10:33 altbier pppd[918]: Timeout 0x8050164:0x8077a00 in 3
seconds.
Mar 15 18:10:33 altbier pppd[918]: MSCHAP-v2 peer authentication
succeeded for joeuser
Mar 15 18:10:33 altbier pppd[918]: rcvd [CCP ConfReq id=0x4 <mppe 1 0 0
60>]
Mar 15 18:10:33 altbier pppd[918]: sent [CCP ConfNak id=0x4 <mppe 1 0 0
40>]
Mar 15 18:10:33 altbier pppd[918]: rcvd [IPCP ConfReq id=0x5 <addr
0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins
0.0.0.0>]
Mar 15 18:10:33 altbier pppd[918]: ipcp: returning Configure-REJ
Mar 15 18:10:33 altbier pppd[918]: sent [IPCP ConfRej id=0x5 <ms-dns1
0.0.0.0> <ms-wins 0.0.0.0> <ms-dns3 0.0.0.0> <ms-wins 0.0.0.0>]
Mar 15 18:10:33 altbier pppd[918]: rcvd [IPCP ConfRej id=0x1 <compress
VJ 0f 01>]
Mar 15 18:10:33 altbier pppd[918]: Untimeout 0x8050164:0x80778c0.
Mar 15 18:10:33 altbier pppd[918]: sent [IPCP ConfReq id=0x2 <addr
xx.xx.xx.xx>]
Mar 15 18:10:33 altbier pppd[918]: Timeout 0x8050164:0x80778c0 in 3
seconds.
Mar 15 18:10:33 altbier pppd[918]: rcvd [CCP ConfRej id=0x1 <deflate 15>
<deflate(old#) 15> <bsd v1 15>]
Mar 15 18:10:33 altbier pppd[918]: Untimeout 0x8050164:0x8077a00.
Mar 15 18:10:33 altbier pppd[918]: sent [CCP ConfReq id=0x2 <mppe 0 0 0
60>]
Mar 15 18:10:33 altbier pppd[918]: Timeout 0x8050164:0x8077a00 in 3
seconds.
Mar 15 18:10:33 altbier pppd[918]: rcvd [CCP ConfReq id=0x6 <mppe 1 0 0
40>]
Mar 15 18:10:33 altbier pppd[918]: sent [CCP ConfAck id=0x6 <mppe 1 0 0
40>]
Mar 15 18:10:33 altbier pppd[918]: rcvd [IPCP ConfReq id=0x7 <addr
0.0.0.0>]
Mar 15 18:10:33 altbier pppd[918]: ipcp: returning Configure-NAK
Mar 15 18:10:33 altbier pppd[918]: sent [IPCP ConfNak id=0x7 <addr
yy.yy.yy.yy>]
Mar 15 18:10:33 altbier pppd[918]: rcvd [IPCP ConfAck id=0x2 <addr
xx.xx.xx.xx>]
Mar 15 18:10:33 altbier pppd[918]: rcvd [CCP ConfNak id=0x2 <mppe 0 0 0
40>]
Mar 15 18:10:33 altbier pppd[918]: Untimeout 0x8050164:0x8077a00.
Mar 15 18:10:33 altbier pppd[918]: sent [CCP ConfReq id=0x3 <mppe 0 0 0
40>]
Mar 15 18:10:33 altbier pppd[918]: Timeout 0x8050164:0x8077a00 in 3
seconds.
Mar 15 18:10:33 altbier pppd[918]: rcvd [IPCP ConfReq id=0x8 <addr
yy.yy.yy.yy>]
Mar 15 18:10:33 altbier pppd[918]: ipcp: returning Configure-ACK
Mar 15 18:10:33 altbier pppd[918]: sent [IPCP ConfAck id=0x8 <addr
yy.yy.yy.yy>]
Mar 15 18:10:33 altbier pppd[918]: Untimeout 0x8050164:0x80778c0.
Mar 15 18:10:33 altbier pppd[918]: ipcp: up
Mar 15 18:10:33 altbier pppd[918]: found interface eth0 for proxy arp
Mar 15 18:10:33 altbier pppd[918]: local  IP address xx.xx.xx.xx
Mar 15 18:10:33 altbier pppd[918]: remote IP address yy.yy.yy.yy
Mar 15 18:10:33 altbier pppd[918]: Script /etc/ppp/ip-up started (pid
926)
Mar 15 18:10:33 altbier pppd[918]: rcvd [CCP ConfAck id=0x3 <mppe 0 0 0
40>]
Mar 15 18:10:33 altbier pppd[918]: Untimeout 0x8050164:0x8077a00.
Mar 15 18:10:33 altbier pppd[918]: MPPE 128 bit, non-stateless
compression enabled
Mar 15 18:10:33 altbier pppd[918]: Script /etc/ppp/ip-up finished (pid
926), status = 0x0

Okay, now the fun begins...


Mar 15 18:10:36 altbier pppd[918]: rcvd [proto=0x5ce5] ce 19 74 d6 05 3b
44 6c 02 bc 79 52 f0 91 0f 2f 5c 90 3a 18 9e a9 fe 82 94 09 91 6a d1 d8
34 56 ...
Mar 15 18:10:36 altbier pppd[918]: Unsupported protocol (0x5ce5)
received
Mar 15 18:10:36 altbier pppd[918]: sent [LCP ProtRej id=0x5 5c e5 ce 19
74 d6 05 3b 44 6c 02 bc 79 52 f0 91 0f 2f 5c 90 3a 18 9e a9 fe 82 94 09
91 6a d1 d8 34 56 0a 81 34 f6 ed f3 1a 42 5f b6 25 65 2e 8b 88 66 10 a8
9c 5e b4 52 50 19 96 1f bc d9]
Mar 15 18:10:37 altbier pppd[918]: rcvd [proto=0x5731] 7f 36 cf bb 72 97
9d c6 06 d0 d4 2e ba 09 ad 7f d0 ba 58 20 5b a3 b9 ba 1a b9 2e a9 1f 23
2d 20 ...
Mar 15 18:10:37 altbier pppd[918]: Unsupported protocol (0x5731)
received
Mar 15 18:10:37 altbier pppd[918]: sent [LCP ProtRej id=0x6 57 31 7f 36
cf bb 72 97 9d c6 06 d0 d4 2e ba 09 ad 7f d0 ba 58 20 5b a3 b9 ba 1a b9
2e a9 1f 23 2d 20 36 0a e4 ca 6b f6 a1 b9 dc 36 9d d6 b3 53 ed 8e 13 67
72 8a 27 9f aa d9 aa ed 67 d6]
Mar 15 18:10:38 altbier pppd[918]: rcvd [proto=0x2e85] 3c 18 b0 02 b2 da
9f 79 71 e4 57 4a a4 f8 dd 13 56 a3 9b 5c a3 9b 4b 38 17 06 4e 78 2c 63
a8 a9 ...
Mar 15 18:10:38 altbier pppd[918]: Unsupported protocol (0x2e85)
received
Mar 15 18:10:38 altbier pppd[918]: sent [LCP ProtRej id=0x7 2e 85 3c 18
b0 02 b2 da 9f 79 71 e4 57 4a a4 f8 dd 13 56 a3 9b 5c a3 9b 4b 38 17 06
4e 78 2c 63 a8 a9 08 db af 6f de 8f d1 79 20 98 6b bd d4 8c 83 73 71 49
da 61 56 69 1b 5f 1d 7a 81 c4]
Mar 15 18:10:39 altbier pppd[918]: rcvd [proto=0x4d16] e0 00 3e ff a2 34
43 d8 72 44 fc 37 bf 74 3f e5 48 de 21 94 c1 a4 64 27 eb 56 10 0d 47 17
11 cf ...
Mar 15 18:10:39 altbier pppd[918]: Unsupported protocol (0x4d16)
received
Mar 15 18:10:39 altbier pppd[918]: sent [LCP ProtRej id=0x8 4d 16 e0 00
3e ff a2 34 43 d8 72 44 fc 37 bf 74 3f e5 48 de 21 94 c1 a4 64 27 eb 56
10 0d 47 17 11 cf d9 36 4d b8 ea 9e 1f d4 7e 43 0b f9 a5 37 7e 76 88 d7
ff a0 01 f7 63 cb 22 1e 1a a9]
Mar 15 18:10:40 altbier pppd[918]: rcvd [proto=0x9948] 09 e0 35 56 5b 52
61 f9 08 20 63 b3 d4 cb 5a ed bb 31 93 bb f3 6c 6c ff 4e 51 2a af 7e 63
db c1 ...
Mar 15 18:10:40 altbier pppd[918]: Unsupported protocol (0x9948)
received
Mar 15 18:10:40 altbier pppd[918]: sent [LCP ProtRej id=0x9 99 48 09 e0
35 56 5b 52 61 f9 08 20 63 b3 d4 cb 5a ed bb 31 93 bb f3 6c 6c ff 4e 51
2a af 7e 63 db c1 17 81 11 28 05 71 29 3a 88 a4 ec 12 9d 5f 73 e5 dd a7
56 18 c0 54 b0 9a 4b 2d f2 89]
Mar 15 18:10:41 altbier pppd[918]: rcvd [proto=0xc43b] 1c 02 d8 99 13 4d
95 77 86 67 99 5f 55 b6 22 bd d4 39 2f 35 07 57 a0 25 41 34 53 4c 19 14
eb 0b ...
Mar 15 18:10:41 altbier pppd[918]: Unsupported protocol (0xc43b)
received
Mar 15 18:10:41 altbier pppd[918]: sent [LCP ProtRej id=0xa c4 3b 1c 02
d8 99 13 4d 95 77 86 67 99 5f 55 b6 22 bd d4 39 2f 35 07 57 a0 25 41 34
53 4c 19 14 eb 0b 65 84 d4 70 8d e9 ac 7e 64 6a c1 2e 76 a2 2e 09 c5 2f
8b c4 3d de 37 bf 23 62 ac 58]
Mar 15 18:10:44 altbier pppd[918]: rcvd [proto=0x800e] f2 c6 9a ab 0c 7c
f9 a0 d5 e6 b2 3b c0 e3 d6 59 33 0f 78 97 4d c5 5c 03 29 22 dc ed 10 61
39 b8 ...
Mar 15 18:10:44 altbier pppd[918]: Unsupported protocol (0x800e)
received
Mar 15 18:10:44 altbier pppd[918]: sent [LCP ProtRej id=0xb 80 0e f2 c6
9a ab 0c 7c f9 a0 d5 e6 b2 3b c0 e3 d6 59 33 0f 78 97 4d c5 5c 03 29 22
dc ed 10 61 39 b8 ad 9a 52 a6 0d 3c a6 84 8c 5a d7 1a 91 02 a5 7e fe c9
4a 46 1b 5f fe 4d 8d a6 02 4b 2c 4a 5a 98 2e 19 58 0c d8 fe 78 c8 e1 27
15
Mar 15 18:10:45 altbier pppd[918]: rcvd [proto=0x7be2] a2 39 9a 31 4f c7
be 82 87 c5 a7 8a e8 8c d5 48 07 47 df ac 5b 65 8a 3f 88 cb 25 fc 01 47
bf c7 ...
Mar 15 18:10:45 altbier pppd[918]: Unsupported protocol (0x7be2)
received
Mar 15 18:10:45 altbier pppd[918]: sent [LCP ProtRej id=0xc 7b e2 a2 39
9a 31 4f c7 be 82 87 c5 a7 8a e8 8c d5 48 07 47 df ac 5b 65 8a 3f 88 cb
25 fc 01 47 bf c7 32 07 fa 2f e7 75 ad 8c 48 bf 5b 5b fb 39 bf ca 04 d7
a9 be b5 6b 5e 4c db ac 7a ae 20 c8 12 28 d5 5f a9 62 2b e1 ff ed 0a 89
3a
Mar 15 18:10:46 altbier pppd[918]: rcvd [proto=0x3c9b] 9a 1f c9 d1 db f7
c6 4e a0 9b 15 98 a2 ad 70 41 19 75 e2 bd 3f 64 b7 f4 35 f3 f6 55 25 3a
54 93 ...
Mar 15 18:10:46 altbier pppd[918]: Unsupported protocol (0x3c9b)
received
Mar 15 18:10:46 altbier pppd[918]: sent [LCP ProtRej id=0xd 3c 9b 9a 1f
c9 d1 db f7 c6 4e a0 9b 15 98 a2 ad 70 41 19 75 e2 bd 3f 64 b7 f4 35 f3
f6 55 25 3a 54 93 cf 48 68 4a 82 c8 37 31 5a bb 22 54 82 b8 bb 6f 34 ea
15 6a fc 86 11 23 18 69 97 22 ec ab 08 db 56 13 e0 42 80 bc 90 10 ac 60
53
Mar 15 18:10:48 altbier pppd[918]: rcvd [proto=0xe0e6] 94 f8 c4 12 b4 ef
3a 51 fd 7d fe 66 0b f7 ef e2 39 a2 c8 08 88 65 3c 10 68 67 69 b0 70 06
f9 8c ...
Mar 15 18:10:48 altbier pppd[918]: Unsupported protocol (0xe0e6)
received
Mar 15 18:10:48 altbier pppd[918]: sent [LCP ProtRej id=0xe e0 e6 94 f8
c4 12 b4 ef 3a 51 fd 7d fe 66 0b f7 ef e2 39 a2 c8 08 88 65 3c 10 68 67
69 b0 70 06 f9 8c 94 e7 2f 7f 7d 5d d5 e3 c4 68 c1 8c 9c ee f8 78 7b 55
70 38 f4 9a 00 4f 49 1d 7a 18 b6 2a 2e ef d8 b0 96 06 0c c5 6d 65 af 27
29
Mar 15 18:10:48 altbier pppd[918]: rcvd [proto=0x3744] e0 26 26 d5 68 38
ff 6b f9 0a 06 f1 bc 0e ec ed 41 77 4b 7a 79 af cd 91 ab 54 ef d5 f1 6f
15 02 ...
Mar 15 18:10:48 altbier pppd[918]: Unsupported protocol (0x3744)
received
Mar 15 18:10:48 altbier pppd[918]: sent [LCP ProtRej id=0xf 37 44 e0 26
26 d5 68 38 ff 6b f9 0a 06 f1 bc 0e ec ed 41 77 4b 7a 79 af cd 91 ab 54
ef d5 f1 6f 15 02 4d a4 09 06 a6 27 e5 f6 71 13 d3 9b ad 2c 33 f6 9e 23
57 5b 5f 34 17 fa b4 47 c6 71 a7 94 3c af 5f ac 87 c6 68 92 67 1a 14 6c
ad
Mar 15 18:10:52 altbier pppd[918]: rcvd [proto=0x86bc] da 49 7e af ff d6
36 0c 8c 56 8a 92 44 49 55 c8 35 7e 72 05 d9 97 48 a4 77 ba ee a4 b0 f7
c7 fd ...
Mar 15 18:10:52 altbier pppd[918]: Unsupported protocol (0x86bc)
received
Mar 15 18:10:52 altbier pppd[918]: sent [LCP ProtRej id=0x10 86 bc da 49
7e af ff d6 36 0c 8c 56 8a 92 44 49 55 c8 35 7e 72 05 d9 97 48 a4 77 ba
ee a4 b0 f7 c7 fd 4a af bc 4d 48 c2 e1 fb eb 2d 56 27 db 83 24 ab 59 a4
1b da de 33 54 3a 2d 14 67 6a e5 36 d6 62 c2 2e 05 fe a3 62 f5 27 40 f5
6
Mar 15 18:10:52 altbier pppd[918]: rcvd [proto=0x5a7f] 88 e6 28 01 1b ee
70 7e 18 33 79 a4 60 be 7f 61 67 59 23 db d8 51 05 4d b0 85 87 31 e4 1e
9c 09 ...
Mar 15 18:10:52 altbier pppd[918]: Unsupported protocol (0x5a7f)
received
Mar 15 18:10:52 altbier pppd[918]: sent [LCP ProtRej id=0x11 5a 7f 88 e6
28 01 1b ee 70 7e 18 33 79 a4 60 be 7f 61 67 59 23 db d8 51 05 4d b0 85
87 31 e4 1e 9c 09 87 db 9a 02 ef c6 ba 94 b9 e4 a3 b6 7e 4d bb bd 52 49
eb 62 67 93 46 95 57 cd 56 24 c6 81 cf e3 f3 3b ae 60 62 3a b3 c1 d6 98
c
Mar 15 18:11:19 altbier pppd[918]: Modem hangup
Mar 15 18:11:19 altbier pppd[918]: ipcp: down
Mar 15 18:11:19 altbier pppd[918]: Untimeout 0x805957c:0x0.
Mar 15 18:11:19 altbier pppd[918]: Script /etc/ppp/ip-down started (pid
958)
Mar 15 18:11:19 altbier pppd[918]: Connection terminated.
Mar 15 18:11:19 altbier pppd[918]: Connect time 0.8 minutes.
Mar 15 18:11:19 altbier pppd[918]: Sent 1851 bytes, received 1737 bytes.

Mar 15 18:11:19 altbier pppd[918]: Waiting for 1 child processes...
Mar 15 18:11:19 altbier pppd[918]:   script /etc/ppp/ip-down, pid 958
Mar 15 18:11:19 altbier pppd[918]: Script /etc/ppp/ip-down finished (pid
958), status = 0x0
Mar 15 18:11:19 altbier pppd[918]: Exit.








From don at lindner2k.com  Wed Mar 15 21:25:51 2000
From: don at lindner2k.com (Don Lindner)
Date: Wed Mar 15 21:25:51 2000
Subject: [pptp-server] Error with select() ?...
References: <002801bf8ece$a3cb9aa0$0800000a@lindner2k.com> <000901bf8edf$7fc2fe80$071c0fc0@lala.net> <000701bf8ee7$48b256e0$0800000a@lindner2k.com> <002d01bf8ee9$305404c0$071c0fc0@lala.net>
Message-ID: <003101bf8ef7$29cb0320$0800000a@lindner2k.com>

Debug output:

Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: pppd speed = 115200
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: Client 63.198.87.195 control
connec
tion started
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: Received PPTP Control Message
(type
: 1)
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: Made a START CTRL CONN RPLY
packet
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: I wrote 156 bytes to the
client.
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: Sent packet to client
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: Received PPTP Control Message
(type
: 7)
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: Set parameters to 0 maxbps, 16
wind
ow size
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: Made a OUT CALL RPLY packet
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: Starting call (launching pppd,
open
ing GRE)
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: pty_fd = 4
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: tty_fd = 5
Mar 15 19:10:42 spr0cket pptpd[10088]: CTRL (PPPD Launcher): Connection
speed =
115200
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: I wrote 32 bytes to the client.
Mar 15 19:10:42 spr0cket pptpd[10087]: CTRL: Sent packet to client
Mar 15 19:10:47 spr0cket pptpd[10087]: CTRL: Received PPTP Control Message
(type
: 12)
Mar 15 19:10:47 spr0cket pptpd[10087]: CTRL: Made a CALL DISCONNECT RPLY
packet
Mar 15 19:10:47 spr0cket pptpd[10087]: CTRL: Received CALL CLR request
(closing
call)
Mar 15 19:10:47 spr0cket pptpd[10087]: CTRL: I wrote 148 bytes to the
client.
Mar 15 19:10:47 spr0cket pptpd[10087]: CTRL: Sent packet to client
Mar 15 19:10:47 spr0cket pptpd[10087]: CTRL: Error with select(), quitting
Mar 15 19:10:47 spr0cket pptpd[10087]: CTRL: Client 63.198.87.195 control
connec
tion finished
Mar 15 19:10:47 spr0cket pptpd[10087]: CTRL: Exiting now

--
pptpd.conf

speed 115200
debug
localip 192.168.0.64-127
remoteip 192.168.1.64-127

--
/etc/ppp/options

lock
debug
auth
+chap
proxyarp
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless

--
I also have an /etc/ppp/ioptions file containing one parameter: lock

Adding the options parameters into it does not resolve the issue.

Thanks again  :)

-Don

----- Original Message -----
From: "tmk" <tmk at netmagic.net>
To: <pptp-server at lists.schulte.org>
Sent: Wednesday, March 15, 2000 5:44 PM
Subject: Re: [pptp-server] Error with select() ?...


> ok
> try flushing all your firewall rules and trying again.. just to be sure.
>
> hmm
> had a better look at your symptoms.. it appears that everything is getting
> through ok (ppp was able to authenticate)
>
> it looks to be dying on the ppp options side - maybe it cant have some
> option it needs? try fiddling with the settings on the client side.. also
a
> dump of your server ppp config file would be nice.. and debug output from
> pppd =)
>
> Kevin





From P.J.Reid at earthling.net  Thu Mar 16 05:22:47 2000
From: P.J.Reid at earthling.net (Patrick Reid)
Date: Thu Mar 16 05:22:47 2000
Subject: [pptp-server] Optimizing pppd for PPTP
In-Reply-To: <008101bf8f45$23cf8060$010010ac@crypto.net>
Message-ID: <NBBBIEENKKBNLBCJKFNHMEJIECAA.P.J.Reid@earthling.net>

Here are two "I wishes" which don't seem to be possible. Please, if they
are, could someone fill me in on the "how?"

1) Require 128-bit, stateless encryption on the server side
	I can refuse 40-bit encryption, but I can't keep someone from connecting
with no encryption or in stateful mode (i.e. only one key). I know it is
possible to force my clients to only use strong encryption, but this doesn't
keep people from trying to exploit the PPTP security issues for Microsoft's
implementation.

2) Somehow integrate DHCP leases with the IP address assignment in pppd.
	It would be wonderful if those IP addresses which are currently assigned to
a PPTP connection could be in the dhcpd.leases file, so the script I run
which keeps my DNS tables up on DHCP leases could also be integrated with
the pppd IP assignments.

Patrick Reid - mailto:PReid at candesco.com
Candesco Research Corp.
Communication Centre: <http://www.mirabilis.com/1052176>




From mm at lunetix.de  Thu Mar 16 05:56:34 2000
From: mm at lunetix.de (Martin Mueller)
Date: Thu Mar 16 05:56:34 2000
Subject: [pptp-server] Optimizing pppd for PPTP
In-Reply-To: <NBBBIEENKKBNLBCJKFNHMEJIECAA.P.J.Reid@earthling.net>; from P.J.Reid@earthling.net on Thu, Mar 16, 2000 at 07:21:58AM -0400
References: <008101bf8f45$23cf8060$010010ac@crypto.net> <NBBBIEENKKBNLBCJKFNHMEJIECAA.P.J.Reid@earthling.net>
Message-ID: <20000316125636.C27532@cicero.werkleitz.de>

On Thu, Mar 16, 2000 at 07:21:58AM -0400, Patrick Reid wrote:
> Here are two "I wishes" which don't seem to be possible. Please, if they
> are, could someone fill me in on the "how?"
> 
> 1) Require 128-bit, stateless encryption on the server side
> 	I can refuse 40-bit encryption, but I can't keep someone from connecting
> with no encryption or in stateful mode (i.e. only one key). I know it is
> possible to force my clients to only use strong encryption, but this doesn't
> keep people from trying to exploit the PPTP security issues for Microsoft's
> implementation.

I hacked my pppd to do this. I?ll post a patch later or tomorrow to
this list.

bye
   MM
   
PGP-RSA key available from:
http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de



From eraskin at paslists.com  Thu Mar 16 07:45:06 2000
From: eraskin at paslists.com (Eric H. Raskin)
Date: Thu Mar 16 07:45:06 2000
Subject: [pptp-server] HELP - PPTP Connection Drops!
Message-ID: <002601bf8f4a$cc0fc280$650aa8c0@paslists.com>

Hello all...

I've got what appears to be a semi-working PoPToP configuration (Linux
2.2.14/PoPToP 1.0.0/pppd-2.3.10 with mppe patches) in that I can connect and use
the network.  Encryption doesn't work yet, but I'll deal with that in the
future. :-)

The big problem is that after some period of inactivity (I don't know exactly
how long, but on the order of 2-3 minutes), the VPN connection drops.  The
Internet connection is still up, so that's not the problem.

Does anyone know if there is an inactivity timer in PoPToP causing the
connections to drop?  I'd like it to stay open indefinitely (until a user
actually closes it).

TIA

---------------------------------------------------------------------
Eric H. Raskin                                 eraskin at paslists.com
Professional Advertising Systems Inc.          Voice: 914-741-1100
70 Memorial Plaza                              Fax:   914-741-2788
Pleasantville, NY 10570






From vigov at com2com.ru  Thu Mar 16 08:41:23 2000
From: vigov at com2com.ru (vigov)
Date: Thu Mar 16 08:41:23 2000
Subject: [pptp-server] ipx and PPTP
Message-ID: <15741.000316@com2com.ru>

I'd like to connect to my office net through Inet, Office Lan has IPX,
What must i turn on in config files to enable IPX?

Thanx

Eugene





From sstone at taos.com  Thu Mar 16 11:06:28 2000
From: sstone at taos.com (Scott M. Stone)
Date: Thu Mar 16 11:06:28 2000
Subject: [pptp-server] Optimizing pppd for PPTP
In-Reply-To: <NBBBIEENKKBNLBCJKFNHMEJIECAA.P.J.Reid@earthling.net>
Message-ID: <Pine.LNX.4.10.10003160904100.9254-100000@armadillo.wink.com>

On Thu, 16 Mar 2000, Patrick Reid wrote:

> 2) Somehow integrate DHCP leases with the IP address assignment in pppd.
> 	It would be wonderful if those IP addresses which are currently assigned to
> a PPTP connection could be in the dhcpd.leases file, so the script I run
> which keeps my DNS tables up on DHCP leases could also be integrated with
> the pppd IP assignments.

so basically you want it to act like a Cisco, I see :) ... seems like it
could be done, if you maybe integrated some of the dhcpclient code into
pppd to query a dhcp server when someone connects, then feed the IP to
*them* instead of taking it for yourself.  it'd be transparent to the dhcp
server...

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From mm at lunetix.de  Thu Mar 16 11:11:22 2000
From: mm at lunetix.de (Martin Mueller)
Date: Thu Mar 16 11:11:22 2000
Subject: [pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)
In-Reply-To: <NBBBIEENKKBNLBCJKFNHMEJIECAA.P.J.Reid@earthling.net>; from P.J.Reid@earthling.net on Thu, Mar 16, 2000 at 07:21:58AM -0400
References: <008101bf8f45$23cf8060$010010ac@crypto.net> <NBBBIEENKKBNLBCJKFNHMEJIECAA.P.J.Reid@earthling.net>
Message-ID: <20000316181129.D27532@cicero.werkleitz.de>

Hi all and thanks for your work,

On Thu, Mar 16, 2000 at 07:21:58AM -0400, Patrick Reid wrote:
> 
> 1) Require 128-bit, stateless encryption on the server side
> 	I can refuse 40-bit encryption, but I can't keep someone from connecting
> with no encryption or in stateful mode (i.e. only one key). I know it is
> possible to force my clients to only use strong encryption, but this doesn't
> keep people from trying to exploit the PPTP security issues for Microsoft's
> implementation.

Ok, here are the patches to pppd-2.3.11 to require encryption. The new
options are "require-mppe" and "require-mppe-stateless". You must first
aply the MPPE patches for pppd and then this one.

bye
   MM
   
PGP-RSA key available from:
http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de
------------------------ cut here -----------------------------------
diff -ur ppp-2.3.11/pppd/ccp.c ppp-2.3.11.mppe/pppd/ccp.c
--- ppp-2.3.11/pppd/ccp.c	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/ccp.c	Thu Mar 16 17:56:16 2000
@@ -37,6 +37,7 @@
 #include "mppe.h"
 #endif
 #include <net/ppp-comp.h>
+#include "lcp.h"
 
 static const char rcsid[] = RCSID;
 
@@ -103,6 +104,10 @@
       "Disallow stateless MPPE encryption" }, 
     { "-mppe-stateless", o_special_noarg, setnomppe_stateless,
       "Disallow stateless MPPE encryption" }, 
+    { "require-mppe", o_special_noarg, require_mppe,
+      "Require MPPE encryption" }, 
+    { "require-mppe-stateless", o_special_noarg, require_mppe,
+      "Require stateless MPPE encryption" }, 
 #endif
 
     { NULL }
@@ -450,6 +455,8 @@
 {
     ccp_flags_set(unit, 0, 0);
     fsm_lowerdown(&ccp_fsm[unit]);
+    if ( ccp_wantoptions[unit].require_mppe || ccp_wantoptions[unit].require_mppe_stateless )
+	lcp_close(unit,"Encryption negotiation rejected");
 }
 
 /*
@@ -1269,6 +1276,19 @@
 	    notice("%s receive compression enabled", method_name(go, NULL));
     } else if (ANY_COMPRESS(*ho))
 	notice("%s transmit compression enabled", method_name(ho, NULL));
+
+    if ( ccp_wantoptions[f->unit].require_mppe_stateless || ccp_wantoptions[f->unit].require_mppe ) {
+    	if ( (go->mppe_128 && ho->mppe_128) || (go->mppe_40 && ho->mppe_40 ) )
+    	    if ( ccp_wantoptions[f->unit].require_mppe_stateless )
+		if ( go->mppe_stateless && ho->mppe_stateless )
+	            notice("stateless MPPE enforced");
+	        else
+	            lcp_close(f->unit,"stateless encryption negotiation failed");
+	    else
+	        notice("stateless MPPE enforced");
+	else
+	    lcp_close(f->unit,"encryption negotiation failed");
+    }
 }
 
 /*
diff -ur ppp-2.3.11/pppd/ccp.h ppp-2.3.11.mppe/pppd/ccp.h
--- ppp-2.3.11/pppd/ccp.h	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/ccp.h	Thu Mar 16 16:25:50 2000
@@ -38,6 +38,8 @@
     bool mppe_40;		/* allow 40 bit encryption */
     bool mppe_128;		/* allow 128 bit encryption */
     bool mppe_stateless;	/* allow stateless encryption */
+    bool require_mppe;		/* force mppe encryption */
+    bool require_mppe_stateless;	/* force stateless encryption */
     u_short bsd_bits;		/* # bits/code for BSD Compress */
     u_short deflate_size;	/* lg(window size) for Deflate */
     short method;		/* code for chosen compression method */
diff -ur ppp-2.3.11/pppd/mppe.c ppp-2.3.11.mppe/pppd/mppe.c
--- ppp-2.3.11/pppd/mppe.c	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/mppe.c	Thu Mar 16 17:06:34 2000
@@ -226,4 +226,20 @@
     ccp_allowoptions[0].mppe_stateless = ccp_wantoptions[0].mppe_stateless = 0;
     return 1;
 }
+
+int
+require_mppe(char **argv)
+{
+    ccp_allowoptions[0].require_mppe = ccp_wantoptions[0].require_mppe = 1;
+    return 1;
+}
+
+int
+require_mppe_stateless(char **argv)
+{
+    ccp_allowoptions[0].require_mppe = ccp_wantoptions[0].require_mppe = 1;
+    ccp_allowoptions[0].require_mppe_stateless = ccp_wantoptions[0].require_mppe_stateless = 1;
+    return 1;
+}
+
 #endif /* MPPE */
diff -ur ppp-2.3.11/pppd/mppe.h ppp-2.3.11.mppe/pppd/mppe.h
--- ppp-2.3.11/pppd/mppe.h	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/mppe.h	Thu Mar 16 16:25:00 2000
@@ -51,6 +51,8 @@
 int setnomppe_128(char **);
 int setmppe_stateless(char **);
 int setnomppe_stateless(char **);
+int require_mppe(char **);
+int require_mppe_stateless(char **);
 
 #define __MPPE_INCLUDE__
 #endif /* __MPPE_INCLUDE__ */
------------------------ cut here -----------------------------------



From natecars at real-time.com  Thu Mar 16 12:01:26 2000
From: natecars at real-time.com (Nate Carlson)
Date: Thu Mar 16 12:01:26 2000
Subject: [pptp-server] Optimizing pppd for PPTP
In-Reply-To: <Pine.LNX.4.10.10003160904100.9254-100000@armadillo.wink.com>
Message-ID: <Pine.LNX.4.10.10003161200180.26550-100000@enchanter.real-time.com>

On Thu, 16 Mar 2000, Scott M. Stone wrote:

> On Thu, 16 Mar 2000, Patrick Reid wrote:
> 
> > 2) Somehow integrate DHCP leases with the IP address assignment in pppd.
> > 	It would be wonderful if those IP addresses which are currently assigned to
> > a PPTP connection could be in the dhcpd.leases file, so the script I run
> > which keeps my DNS tables up on DHCP leases could also be integrated with
> > the pppd IP assignments.
> 
> so basically you want it to act like a Cisco, I see :) ... seems like it
> could be done, if you maybe integrated some of the dhcpclient code into
> pppd to query a dhcp server when someone connects, then feed the IP to
> *them* instead of taking it for yourself.  it'd be transparent to the dhcp
> server...

Only problem is lease expiration and the likes.. you'd have to integrate
_all_ of that code into pppd/pptpd. Of course, you could just steal the IP
and hope the DHCP server is a nice kind that pings the IP before assigning
it.  :)

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500





From natecars at real-time.com  Thu Mar 16 12:04:50 2000
From: natecars at real-time.com (Nate Carlson)
Date: Thu Mar 16 12:04:50 2000
Subject: [pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)
In-Reply-To: <20000316181129.D27532@cicero.werkleitz.de>
Message-ID: <Pine.LNX.4.10.10003161204070.26550-100000@enchanter.real-time.com>

On Thu, 16 Mar 2000, Martin Mueller wrote:

> Hi all and thanks for your work,
> 
> On Thu, Mar 16, 2000 at 07:21:58AM -0400, Patrick Reid wrote:
> > 
> > 1) Require 128-bit, stateless encryption on the server side
> > 	I can refuse 40-bit encryption, but I can't keep someone from connecting
> > with no encryption or in stateful mode (i.e. only one key). I know it is
> > possible to force my clients to only use strong encryption, but this doesn't
> > keep people from trying to exploit the PPTP security issues for Microsoft's
> > implementation.
> 
> Ok, here are the patches to pppd-2.3.11 to require encryption. The new
> options are "require-mppe" and "require-mppe-stateless". You must first
> aply the MPPE patches for pppd and then this one.
> 
> bye
>    MM
> 

THANK YOU! We've been waiting for this forever.  Rebuilding pppd rpm's and
testing as we speak...   :)

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From don at lindner2k.com  Thu Mar 16 12:50:39 2000
From: don at lindner2k.com (Don Lindner)
Date: Thu Mar 16 12:50:39 2000
Subject: [pptp-server] Error with select() ?...
References: <002801bf8ece$a3cb9aa0$0800000a@lindner2k.com> <000901bf8edf$7fc2fe80$071c0fc0@lala.net> <000701bf8ee7$48b256e0$0800000a@lindner2k.com> <002d01bf8ee9$305404c0$071c0fc0@lala.net> <003101bf8ef7$29cb0320$0800000a@lindner2k.com> <000b01bf8f61$6f17
Message-ID: <003501bf8f78$74d7a400$0800000a@lindner2k.com>

OK, got it -- I had specified "daemon.debug" in syslog.conf -- the wildcard
did generate much more data...  :)

[root at spr0cket log]# cat pptpd.log
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: pppd speed = 115200
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Client 63.198.86.73 control
connect
ion started
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Received PPTP Control Message
(type
: 1)
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Made a START CTRL CONN RPLY
packet
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: I wrote 156 bytes to the
client.
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Sent packet to client
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Received PPTP Control Message
(type
: 7)
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Set parameters to 0 maxbps, 16
wind
ow size
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Made a OUT CALL RPLY packet
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Starting call (launching pppd,
open
ing GRE)
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: pty_fd = 4
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: tty_fd = 5
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: I wrote 32 bytes to the client.
Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Sent packet to client
Mar 16 10:43:09 spr0cket pptpd[15927]: CTRL (PPPD Launcher): Connection
speed =
115200
Mar 16 10:43:09 spr0cket pppd[15927]: pppd 2.3.10 started by root, uid 0
Mar 16 10:43:09 spr0cket pppd[15927]: Using interface ppp0
Mar 16 10:43:09 spr0cket pppd[15927]: Connect: ppp0 <--> /dev/pts/0
Mar 16 10:43:09 spr0cket pppd[15927]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <a
uth chap 81> <magic 0x9a738a19> <pcomp> <accomp>]
Mar 16 10:43:09 spr0cket pppd[15927]: Timeout 0x8050780:0x8078920 in 3
seconds.
Mar 16 10:43:09 spr0cket pppd[15927]: rcvd [LCP ConfReq id=0x1 <magic
0x3bcbbc0>
 <pcomp> <accomp>]
Mar 16 10:43:09 spr0cket pppd[15927]: lcp_reqci: returning CONFACK.
Mar 16 10:43:09 spr0cket pppd[15927]: sent [LCP ConfAck id=0x1 <magic
0x3bcbbc0>
 <pcomp> <accomp>]
Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [LCP ConfAck id=0x1 <asyncmap
0x0> <a
uth chap 81> <magic 0x9a738a19> <pcomp> <accomp>]
Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078920.
Mar 16 10:43:10 spr0cket pppd[15927]: sent [CHAP Challenge id=0x1
<cc592fe2379b3
743a80f5ebda0725b69>, name = "spr0cket.abinnovations.com"]
Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8056290:0x8078c00 in 3
seconds.
Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [CHAP Response id=0x1
<105b4dd004c38c
72709c4d9376155f3d00000000000000005312a29e4576ab0cf8159444aaa050f0f13ea649d6
e13d
7d04>, name = "abivpn"]
Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8056290:0x8078c00.
Mar 16 10:43:10 spr0cket pppd[15927]: ChapReceiveResponse: rcvd type
MS-CHAP-V2
Mar 16 10:43:10 spr0cket pppd[15927]: sent [CHAP Success id=0x1
"S=EC4CB0BABA047
0253B10CF283FF8886F880FEF6F"]
Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x1 <addr
10.0.0.1>
<compress VJ 0f 01>]
Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
seconds.
Mar 16 10:43:10 spr0cket kernel: PPP BSD Compression module registered
Mar 16 10:43:10 spr0cket kernel: PPP MPPE compression module registered
Mar 16 10:43:10 spr0cket kernel: PPP Deflate Compression module registered
Mar 16 10:43:10 spr0cket pppd[15927]: sent [CCP ConfReq id=0x1 <deflate 15>
<def
late(old#) 15> <mppe 1 0 0 60> <bsd v1 15>]
Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078cc0 in 3
seconds.
Mar 16 10:43:10 spr0cket pppd[15927]: MSCHAP-v2 peer authentication
succeeded fo
r abivpn
Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x1 <addr
0.0.0.0> <
ms-dns1 63.198.144.210> <ms-wins 63.201.100.34> <ms-dns3 63.201.100.34>
<ms-wins
 0.0.0.0>]
Mar 16 10:43:10 spr0cket pppd[15927]: ipcp: returning Configure-REJ
Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x1 <addr
0.0.0.0> <
ms-dns1 63.198.144.210> <ms-wins 63.201.100.34> <ms-dns3 63.201.100.34>
<ms-wins
 0.0.0.0>]
Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfRej id=0x1 <compress VJ
0f
01>]
Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078b80.
Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x2 <addr
10.0.0.1>]
Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
seconds.
Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [LCP ProtRej id=0x2 80 fd 01 01
00 15
 1a 04 78 00 18 04 78 00 12 06 01 00 00 60 15 03 2f]
Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078cc0.
Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x2 <addrs
0.0.0.0 0
.0.0.0>]
Mar 16 10:43:10 spr0cket pppd[15927]: ipcp: returning Configure-REJ
Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x2 <addrs
0.0.0.0 0
.0.0.0>]
Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfAck id=0x2 <addr
10.0.0.1>]
Mar 16 10:43:13 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x2 <addr
10.0.0.1>]
Mar 16 10:43:13 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
seconds.
Mar 16 10:43:13 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x3 <addrs
0.0.0.0 1
0.0.0.1>]
Mar 16 10:43:13 spr0cket pppd[15927]: ipcp: returning Configure-REJ
Mar 16 10:43:13 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x3 <addrs
0.0.0.0 1
0.0.0.1>]
Mar 16 10:43:14 spr0cket pppd[15927]: rcvd [IPCP TermReq id=0x4]
Mar 16 10:43:14 spr0cket pppd[15927]: sent [IPCP TermAck id=0x4]
Mar 16 10:43:14 spr0cket pppd[15927]: rcvd [LCP TermReq id=0x3]
Mar 16 10:43:14 spr0cket pppd[15927]: LCP terminated by peer
Mar 16 10:43:14 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078b80.
Mar 16 10:43:14 spr0cket pppd[15927]: CCP: Down event in state 1!
Mar 16 10:43:14 spr0cket pppd[15927]: Timeout 0x8050780:0x8078920 in 3
seconds.
Mar 16 10:43:14 spr0cket pppd[15927]: sent [LCP TermAck id=0x3]
Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Received PPTP Control Message
(type
: 12)
Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Made a CALL DISCONNECT RPLY
packet
Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Received CALL CLR request
(closing
call)
Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: I wrote 148 bytes to the
client.
Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Sent packet to client
Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Error with select(), quitting
Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Client 63.198.86.73 control
connect
ion finished
Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Exiting now
Mar 16 10:43:14 spr0cket pppd[15927]: Modem hangup
Mar 16 10:43:14 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078920.
Mar 16 10:43:14 spr0cket pppd[15927]: Connection terminated.
Mar 16 10:43:14 spr0cket pppd[15927]: Connect time 0.1 minutes.
Mar 16 10:43:14 spr0cket pppd[15927]: Sent 466 bytes, received 436 bytes.
Mar 16 10:43:14 spr0cket pppd[15927]: Exit.

----- Original Message -----
From: "tmk" <tmk at netmagic.net>
To: "Don Lindner" <don at lindner2k.com>
Sent: Thursday, March 16, 2000 8:05 AM
Subject: Re: [pptp-server] Error with select() ?...


> that wasnt debug output... use the debug option in your ppp options file
> and add a line like *.debug /var/log/debug to your /etc/syslog.conf file
> (and kill -HUP <pid of syslogd>
>
> Kevin





From harvey at info-objects.com  Thu Mar 16 15:19:45 2000
From: harvey at info-objects.com (Bath Harvey)
Date: Thu Mar 16 15:19:45 2000
Subject: [pptp-server] [pptpserver]mppe patch getting failed..
Message-ID: <38D151A9.D69CF39A@info-objects.com>

Folks,

I am new to this field & trying to install VPN setup..
I am using Debian with 2.2.14 kernel &  IP masquerding is also running
on this server.
I have downloaded all the required files & copied to accordingly PoPToP
HOWTO..
Now at the last stage when I try to patch
"ppp-2.3.8-mppe-others-norc4_TH7.diff", I am getting Hunk failed
message...
I will appreciate if somebody suggest me where I am wrong & which are
the things I need to check before I start patching this file..

Thanks in advance..

Harvey




From scott at rainyday.mb.ca  Thu Mar 16 15:35:24 2000
From: scott at rainyday.mb.ca (scott at rainyday.mb.ca)
Date: Thu Mar 16 15:35:24 2000
Subject: [pptp-server] first time - CTRL: openpty() error
Message-ID: <200003162132.PAA17847@penguin.rainyday.mb.ca>

Hi, all - I have experimented a bit with the PoPToP VPN software 
and so far I like the concept but I am having trouble making it work.

I searched the archives but could not find an answer to my 
question.  Hopefully I have not overlooked any other 
documentation, which does appear to be sparse.

This is a sample from the system logs after starting the daemon 
and trying to connect from a Windows client.  I tried Win 98 and NT 
4 clients with the same results.

    Feb 28 16:52:30 peacock pptpd[2613]: MGR: Manager process 
    started
    Feb 28 16:55:58 peacock pptpd[2621]: CTRL: Client 
    205.200.39.113 control connect
    ion started
    Feb 28 16:56:01 peacock pptpd[2621]: CTRL: Starting call 
    (launching pppd, openin
    g GRE)
    Feb 28 16:56:01 peacock pptpd[2621]: CTRL: openpty() error
    Feb 28 16:56:16 peacock pptpd[2622]: CTRL: Client 
    205.200.39.113 control connect
    ion started
    Feb 28 16:56:16 peacock pptpd[2622]: CTRL: Starting call 
    (launching pppd, openin
    g GRE)
    Feb 28 16:56:16 peacock pptpd[2622]: CTRL: openpty() error
    
Is there an obvious solution here?  More information required?

Caldera OpenLinux 2.3, no major changes to it, using 1.0 release 
of PoPTop, compiled on my machine.  No problems when 
compiling or installing.  The daemon runs, but the client generates 
this error when trying to connect.

TIA.

st


You don't need a weatherman to know which way the wind blows.



From jandeep at interspeed.com  Thu Mar 16 15:36:50 2000
From: jandeep at interspeed.com (Jandeep Kang)
Date: Thu Mar 16 15:36:50 2000
Subject: [pptp-server] Network Neighbourhood and Encryption
Message-ID: <DFC46331B7D1D3118F99009027C3CFAB821A@MAIL2>

Hi everybody,
I am baffled by the following problem.
Here is what I have: 
SERVER SIDE

Red hat 6.1
Pptpd 1.0.0
Pppd 2.3.10
Mppe patch for 40 bit encryption applied

The modules load and register properly ( can see the corresponding lines in
the logs)

CLIENT SIDE

Windows 98 SE
Usual stuff + use defaullt gateway on network and IP header compression
CHECKED

PROBLEM:

If Require Data Encryption is UNCHECKED, everything works fine, I could see
everybody else and they could see me in the NN
If Required Data Encryption is CHECKED (I need data encryption) , I could
logon, ping everything at the other end by IP address and by name BUT
NOTHING in the NN. I can't map any drives because it can't find the
computers. I have ms-dns and ms-wins in the /etc/ppp/option file. The file
is as follows:

name xxxxx
debug
auth
ms-dns DNS SEREVR IP
ms-wins WINS SERVER IP
netmask 255.255.255.0
lock
chap
+chap
+chapms
+chapms-v2
defaultroute
proxyarp
mppe-40
mppe-128
mppe-stateless


If anyone knows what is causing this or had similar issues before please
help in resolving this problem. The only error I see in the logs is
something like 
Modprobe: can't locate module mod-char-5. Is it relevent?
Looking forward to hear from you and thanks a lot for the past help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000316/94efccdc/attachment.html>

From sstone at taos.com  Thu Mar 16 16:05:41 2000
From: sstone at taos.com (Scott M. Stone)
Date: Thu Mar 16 16:05:41 2000
Subject: [pptp-server] [pptpserver]mppe patch getting failed..
In-Reply-To: <38D151A9.D69CF39A@info-objects.com>
Message-ID: <Pine.LNX.4.10.10003161404230.9254-100000@armadillo.wink.com>

On Thu, 16 Mar 2000, Bath Harvey wrote:

> Folks,
> 
> I am new to this field & trying to install VPN setup..
> I am using Debian with 2.2.14 kernel &  IP masquerding is also running
> on this server.
> I have downloaded all the required files & copied to accordingly PoPToP
> HOWTO..
> Now at the last stage when I try to patch
> "ppp-2.3.8-mppe-others-norc4_TH7.diff", I am getting Hunk failed
> message...
> I will appreciate if somebody suggest me where I am wrong & which are
> the things I need to check before I start patching this file..

you've probably got a version of pppd that's newer than 2.3.8, which is
what that patch was designed for.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From jandeep at interspeed.com  Thu Mar 16 16:31:44 2000
From: jandeep at interspeed.com (Jandeep Kang)
Date: Thu Mar 16 16:31:44 2000
Subject: [pptp-server] sorry, forgot to mention
Message-ID: <DFC46331B7D1D3118F99009027C3CFAB821F@MAIL2>

The only error messages I get in the logs are
Can't locate module char-major-5
Can't locate module char-major-108

What are these modules for and where to find them?
Thanks again.

-----Original Message-----
From:	Jandeep Kang 
Sent:	Thursday, March 16, 2000 4:35 PM
To:	Pptp Mailing List (E-mail)
Subject:	Network Neighbourhood and Encryption
Importance:	High

Hi everybody,
I am baffled by the following problem.
Here is what I have: 
SERVER SIDE

Red hat 6.1
Pptpd 1.0.0
Pppd 2.3.10
Mppe patch for 40 bit encryption applied

The modules load and register properly ( can see the corresponding lines in
the logs)

CLIENT SIDE

Windows 98 SE
Usual stuff + use defaullt gateway on network and IP header compression
CHECKED

PROBLEM:

If Require Data Encryption is UNCHECKED, everything works fine, I could see
everybody else and they could see me in the NN
If Required Data Encryption is CHECKED (I need data encryption) , I could
logon, ping everything at the other end by IP address and by name BUT
NOTHING in the NN. I can't map any drives because it can't find the
computers. I have ms-dns and ms-wins in the /etc/ppp/option file. The file
is as follows:

name xxxxx
debug
auth
ms-dns DNS SEREVR IP
ms-wins WINS SERVER IP
netmask 255.255.255.0
lock
chap
+chap
+chapms
+chapms-v2
defaultroute
proxyarp
mppe-40
mppe-128
mppe-stateless


If anyone knows what is causing this or had similar issues before please
help in resolving this problem. The only error I see in the logs is
something like 
Modprobe: can't locate module mod-char-5. Is it relevent?
Looking forward to hear from you and thanks a lot for the past help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000316/86c2f5cd/attachment.html>

From sean at mds-networks.com  Thu Mar 16 17:17:08 2000
From: sean at mds-networks.com (Sean McAvoy)
Date: Thu Mar 16 17:17:08 2000
Subject: [pptp-server] PPTP problems after connect
Message-ID: <001301bf8f9d$acc19b30$0a00a8c0@seansroom>

Hi,
I've got my PPTPD server setup and working... I can get the client to
connect... but I noticed in the logs:
Mar 16 17:40:29 server pppd[1021]: Unsupported protocol (0x4cac) received
Mar 16 17:40:30 server pppd[1021]: Unsupported protocol (0xbf00) received
Mar 16 17:40:36 server pppd[1021]: Unsupported protocol (0x5b92) received
Mar 16 17:40:38 server pppd[1021]: Unsupported protocol (0x8313) received
Mar 16 17:40:39 server pppd[1021]: Unsupported protocol (0x815e) received
Mar 16 17:40:45 server pppd[1021]: Unsupported protocol (0x75ff) received
Mar 16 17:40:47 server pppd[1021]: Unsupported protocol (0x2e1c) received
Mar 16 17:40:48 server pppd[1021]: Unsupported protocol (0x3081) received
Mar 16 17:40:54 server pppd[1021]: Unsupported protocol (0x3b4f) received
Mar 16 17:40:56 server pppd[1021]: Unsupported protocol (0x7c75) received
Mar 16 17:40:57 server pppd[1021]: Unsupported protocol (0xe9da) received
Also I can't seem to ping the client (I can ping the local IP, not the
remote)
I thought this might be the problem:
Mar 16 17:25:16 server pppd[787]: Cannot determine ethernet address for
proxy ARP
Any help would be great!


-Sean




From toktar at per.com.br  Thu Mar 16 17:25:48 2000
From: toktar at per.com.br (Emir Toktar)
Date: Thu Mar 16 17:25:48 2000
Subject: [pptp-server] sorry, forgot to mention
References: <DFC46331B7D1D3118F99009027C3CFAB821F@MAIL2>
Message-ID: <001a01bf9068$2e288830$010010ac@crypto.net>

sorry, forgot to mentionOk, I read this in README.linux (ppp-2.3.11). I hope that help you.



"To talk to the new driver, pppd needs to be able to open /dev/ppp,

character device (108,0). If the special file node /dev/ppp is not

present, pppd will create it. However, if you are running with /dev

on a read-only filesystem, pppd will not be able to create /dev/ppp.

In that instance you should manually create /dev/ppp using the command

`mknod /dev/ppp c 108 0'.

If you use module autoloading and have PPP as a module, you will need

to add the following to your /etc/modules.conf or /etc/conf.modules:

alias tty-ldisc-3 ppp_async

alias tty-ldisc-14 ppp_synctty

alias char-major-108 ppp_generic

..."

Emir Toktar

+55 2141 232-4570
toktar at per.com.br
emir.toktar at bra.xerox.com
toktar at ppgia.pucpr.br



  ----- Original Message ----- 
  From: Jandeep Kang 
  To: Pptp Mailing List (E-mail) 
  Sent: Thursday, 16 March, 2000 7:30 PM
  Subject: [pptp-server] sorry, forgot to mention


  The only error messages I get in the logs are 
  Can't locate module char-major-5 
  Can't locate module char-major-108 

  What are these modules for and where to find them? 
  Thanks again. 

  -----Original Message----- 
  From:   Jandeep Kang 
  Sent:   Thursday, March 16, 2000 4:35 PM 
  To:     Pptp Mailing List (E-mail) 
  Subject:        Network Neighbourhood and Encryption 
  Importance:     High 

  Hi everybody, 
  I am baffled by the following problem. 
  Here is what I have: 
  SERVER SIDE 

  Red hat 6.1 
  Pptpd 1.0.0 
  Pppd 2.3.10 
  Mppe patch for 40 bit encryption applied 

  The modules load and register properly ( can see the corresponding lines in the logs) 

  CLIENT SIDE 

  Windows 98 SE 
  Usual stuff + use defaullt gateway on network and IP header compression CHECKED 

  PROBLEM: 

  If Require Data Encryption is UNCHECKED, everything works fine, I could see everybody else and they could see me in the NN

  If Required Data Encryption is CHECKED (I need data encryption) , I could logon, ping everything at the other end by IP address and by name BUT NOTHING in the NN. I can't map any drives because it can't find the computers. I have ms-dns and ms-wins in the /etc/ppp/option file. The file is as follows:

  name xxxxx 
  debug 
  auth 
  ms-dns DNS SEREVR IP 
  ms-wins WINS SERVER IP 
  netmask 255.255.255.0 
  lock 
  chap 
  +chap 
  +chapms 
  +chapms-v2 
  defaultroute 
  proxyarp 
  mppe-40 
  mppe-128 
  mppe-stateless 



  If anyone knows what is causing this or had similar issues before please help in resolving this problem. The only error I see in the logs is something like 

  Modprobe: can't locate module mod-char-5. Is it relevent? 
  Looking forward to hear from you and thanks a lot for the past help. 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000316/a96c98d4/attachment.html>

From tmk at netmagic.net  Thu Mar 16 18:04:35 2000
From: tmk at netmagic.net (tmk)
Date: Thu Mar 16 18:04:35 2000
Subject: [pptp-server] Error with select() ?...
References: <002801bf8ece$a3cb9aa0$0800000a@lindner2k.com> <000901bf8edf$7fc2fe80$071c0fc0@lala.net> <000701bf8ee7$48b256e0$0800000a@lindner2k.com> <002d01bf8ee9$305404c0$071c0fc0@lala.net> <003101bf8ef7$29cb0320$0800000a@lindner2k.com> <000b01bf8f61$6f17
Message-ID: <001701bf8fa4$9f8d2860$071c0fc0@lala.net>

this looks like a problem neotiating local/remote addrs.. it is dying when
teh client insists its ip addr should be 0.0.0.0

check your configs for typos..

Kevin
----- Original Message -----
From: Don Lindner <don at lindner2k.com>
To: <pptp-server at lists.schulte.org>
Sent: Thursday, March 16, 2000 10:50 AM
Subject: Re: [pptp-server] Error with select() ?...


> OK, got it -- I had specified "daemon.debug" in syslog.conf -- the
wildcard
> did generate much more data...  :)
>
> [root at spr0cket log]# cat pptpd.log
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: pppd speed = 115200
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Client 63.198.86.73 control
> connect
> ion started
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Received PPTP Control Message
> (type
> : 1)
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Made a START CTRL CONN RPLY
> packet
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: I wrote 156 bytes to the
> client.
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Sent packet to client
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Received PPTP Control Message
> (type
> : 7)
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Set parameters to 0 maxbps,
16
> wind
> ow size
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Made a OUT CALL RPLY packet
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Starting call (launching
pppd,
> open
> ing GRE)
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: pty_fd = 4
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: tty_fd = 5
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: I wrote 32 bytes to the
client.
> Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Sent packet to client
> Mar 16 10:43:09 spr0cket pptpd[15927]: CTRL (PPPD Launcher): Connection
> speed =
> 115200
> Mar 16 10:43:09 spr0cket pppd[15927]: pppd 2.3.10 started by root, uid 0
> Mar 16 10:43:09 spr0cket pppd[15927]: Using interface ppp0
> Mar 16 10:43:09 spr0cket pppd[15927]: Connect: ppp0 <--> /dev/pts/0
> Mar 16 10:43:09 spr0cket pppd[15927]: sent [LCP ConfReq id=0x1 <asyncmap
> 0x0> <a
> uth chap 81> <magic 0x9a738a19> <pcomp> <accomp>]
> Mar 16 10:43:09 spr0cket pppd[15927]: Timeout 0x8050780:0x8078920 in 3
> seconds.
> Mar 16 10:43:09 spr0cket pppd[15927]: rcvd [LCP ConfReq id=0x1 <magic
> 0x3bcbbc0>
>  <pcomp> <accomp>]
> Mar 16 10:43:09 spr0cket pppd[15927]: lcp_reqci: returning CONFACK.
> Mar 16 10:43:09 spr0cket pppd[15927]: sent [LCP ConfAck id=0x1 <magic
> 0x3bcbbc0>
>  <pcomp> <accomp>]
> Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [LCP ConfAck id=0x1 <asyncmap
> 0x0> <a
> uth chap 81> <magic 0x9a738a19> <pcomp> <accomp>]
> Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078920.
> Mar 16 10:43:10 spr0cket pppd[15927]: sent [CHAP Challenge id=0x1
> <cc592fe2379b3
> 743a80f5ebda0725b69>, name = "spr0cket.abinnovations.com"]
> Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8056290:0x8078c00 in 3
> seconds.
> Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [CHAP Response id=0x1
> <105b4dd004c38c
>
72709c4d9376155f3d00000000000000005312a29e4576ab0cf8159444aaa050f0f13ea649d6
> e13d
> 7d04>, name = "abivpn"]
> Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8056290:0x8078c00.
> Mar 16 10:43:10 spr0cket pppd[15927]: ChapReceiveResponse: rcvd type
> MS-CHAP-V2
> Mar 16 10:43:10 spr0cket pppd[15927]: sent [CHAP Success id=0x1
> "S=EC4CB0BABA047
> 0253B10CF283FF8886F880FEF6F"]
> Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x1 <addr
> 10.0.0.1>
> <compress VJ 0f 01>]
> Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
> seconds.
> Mar 16 10:43:10 spr0cket kernel: PPP BSD Compression module registered
> Mar 16 10:43:10 spr0cket kernel: PPP MPPE compression module registered
> Mar 16 10:43:10 spr0cket kernel: PPP Deflate Compression module registered
> Mar 16 10:43:10 spr0cket pppd[15927]: sent [CCP ConfReq id=0x1 <deflate
15>
> <def
> late(old#) 15> <mppe 1 0 0 60> <bsd v1 15>]
> Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078cc0 in 3
> seconds.
> Mar 16 10:43:10 spr0cket pppd[15927]: MSCHAP-v2 peer authentication
> succeeded fo
> r abivpn
> Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x1 <addr
> 0.0.0.0> <
> ms-dns1 63.198.144.210> <ms-wins 63.201.100.34> <ms-dns3 63.201.100.34>
> <ms-wins
>  0.0.0.0>]
> Mar 16 10:43:10 spr0cket pppd[15927]: ipcp: returning Configure-REJ
> Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x1 <addr
> 0.0.0.0> <
> ms-dns1 63.198.144.210> <ms-wins 63.201.100.34> <ms-dns3 63.201.100.34>
> <ms-wins
>  0.0.0.0>]
> Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfRej id=0x1 <compress
VJ
> 0f
> 01>]
> Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078b80.
> Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x2 <addr
> 10.0.0.1>]
> Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
> seconds.
> Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [LCP ProtRej id=0x2 80 fd 01 01
> 00 15
>  1a 04 78 00 18 04 78 00 12 06 01 00 00 60 15 03 2f]
> Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078cc0.
> Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x2 <addrs
> 0.0.0.0 0
> .0.0.0>]
> Mar 16 10:43:10 spr0cket pppd[15927]: ipcp: returning Configure-REJ
> Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x2 <addrs
> 0.0.0.0 0
> .0.0.0>]
> Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfAck id=0x2 <addr
> 10.0.0.1>]
> Mar 16 10:43:13 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x2 <addr
> 10.0.0.1>]
> Mar 16 10:43:13 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
> seconds.
> Mar 16 10:43:13 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x3 <addrs
> 0.0.0.0 1
> 0.0.0.1>]
> Mar 16 10:43:13 spr0cket pppd[15927]: ipcp: returning Configure-REJ
> Mar 16 10:43:13 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x3 <addrs
> 0.0.0.0 1
> 0.0.0.1>]
> Mar 16 10:43:14 spr0cket pppd[15927]: rcvd [IPCP TermReq id=0x4]
> Mar 16 10:43:14 spr0cket pppd[15927]: sent [IPCP TermAck id=0x4]
> Mar 16 10:43:14 spr0cket pppd[15927]: rcvd [LCP TermReq id=0x3]
> Mar 16 10:43:14 spr0cket pppd[15927]: LCP terminated by peer
> Mar 16 10:43:14 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078b80.
> Mar 16 10:43:14 spr0cket pppd[15927]: CCP: Down event in state 1!
> Mar 16 10:43:14 spr0cket pppd[15927]: Timeout 0x8050780:0x8078920 in 3
> seconds.
> Mar 16 10:43:14 spr0cket pppd[15927]: sent [LCP TermAck id=0x3]
> Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Received PPTP Control Message
> (type
> : 12)
> Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Made a CALL DISCONNECT RPLY
> packet
> Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Received CALL CLR request
> (closing
> call)
> Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: I wrote 148 bytes to the
> client.
> Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Sent packet to client
> Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Error with select(), quitting
> Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Client 63.198.86.73 control
> connect
> ion finished
> Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Exiting now
> Mar 16 10:43:14 spr0cket pppd[15927]: Modem hangup
> Mar 16 10:43:14 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078920.
> Mar 16 10:43:14 spr0cket pppd[15927]: Connection terminated.
> Mar 16 10:43:14 spr0cket pppd[15927]: Connect time 0.1 minutes.
> Mar 16 10:43:14 spr0cket pppd[15927]: Sent 466 bytes, received 436 bytes.
> Mar 16 10:43:14 spr0cket pppd[15927]: Exit.
>
> ----- Original Message -----
> From: "tmk" <tmk at netmagic.net>
> To: "Don Lindner" <don at lindner2k.com>
> Sent: Thursday, March 16, 2000 8:05 AM
> Subject: Re: [pptp-server] Error with select() ?...
>
>
> > that wasnt debug output... use the debug option in your ppp options file
> > and add a line like *.debug /var/log/debug to your /etc/syslog.conf file
> > (and kill -HUP <pid of syslogd>
> >
> > Kevin
>
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From sstone at taos.com  Thu Mar 16 19:03:14 2000
From: sstone at taos.com (Scott M. Stone)
Date: Thu Mar 16 19:03:14 2000
Subject: [pptp-server] Error with select() ?...
In-Reply-To: <001701bf8fa4$9f8d2860$071c0fc0@lala.net>
Message-ID: <Pine.LNX.4.10.10003161701590.9254-100000@armadillo.wink.com>

On Thu, 16 Mar 2000, tmk wrote:

> this looks like a problem neotiating local/remote addrs.. it is dying when
> teh client insists its ip addr should be 0.0.0.0

doesn't this happen when the client says, "I don't know my IP address,
give me one" ?  

> 
> check your configs for typos..
> 
> Kevin
> ----- Original Message -----
> From: Don Lindner <don at lindner2k.com>
> To: <pptp-server at lists.schulte.org>
> Sent: Thursday, March 16, 2000 10:50 AM
> Subject: Re: [pptp-server] Error with select() ?...
> 
> 
> > OK, got it -- I had specified "daemon.debug" in syslog.conf -- the
> wildcard
> > did generate much more data...  :)
> >
> > [root at spr0cket log]# cat pptpd.log
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: pppd speed = 115200
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Client 63.198.86.73 control
> > connect
> > ion started
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Received PPTP Control Message
> > (type
> > : 1)
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Made a START CTRL CONN RPLY
> > packet
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: I wrote 156 bytes to the
> > client.
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Sent packet to client
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Received PPTP Control Message
> > (type
> > : 7)
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Set parameters to 0 maxbps,
> 16
> > wind
> > ow size
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Made a OUT CALL RPLY packet
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Starting call (launching
> pppd,
> > open
> > ing GRE)
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: pty_fd = 4
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: tty_fd = 5
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: I wrote 32 bytes to the
> client.
> > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Sent packet to client
> > Mar 16 10:43:09 spr0cket pptpd[15927]: CTRL (PPPD Launcher): Connection
> > speed =
> > 115200
> > Mar 16 10:43:09 spr0cket pppd[15927]: pppd 2.3.10 started by root, uid 0
> > Mar 16 10:43:09 spr0cket pppd[15927]: Using interface ppp0
> > Mar 16 10:43:09 spr0cket pppd[15927]: Connect: ppp0 <--> /dev/pts/0
> > Mar 16 10:43:09 spr0cket pppd[15927]: sent [LCP ConfReq id=0x1 <asyncmap
> > 0x0> <a
> > uth chap 81> <magic 0x9a738a19> <pcomp> <accomp>]
> > Mar 16 10:43:09 spr0cket pppd[15927]: Timeout 0x8050780:0x8078920 in 3
> > seconds.
> > Mar 16 10:43:09 spr0cket pppd[15927]: rcvd [LCP ConfReq id=0x1 <magic
> > 0x3bcbbc0>
> >  <pcomp> <accomp>]
> > Mar 16 10:43:09 spr0cket pppd[15927]: lcp_reqci: returning CONFACK.
> > Mar 16 10:43:09 spr0cket pppd[15927]: sent [LCP ConfAck id=0x1 <magic
> > 0x3bcbbc0>
> >  <pcomp> <accomp>]
> > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [LCP ConfAck id=0x1 <asyncmap
> > 0x0> <a
> > uth chap 81> <magic 0x9a738a19> <pcomp> <accomp>]
> > Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078920.
> > Mar 16 10:43:10 spr0cket pppd[15927]: sent [CHAP Challenge id=0x1
> > <cc592fe2379b3
> > 743a80f5ebda0725b69>, name = "spr0cket.abinnovations.com"]
> > Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8056290:0x8078c00 in 3
> > seconds.
> > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [CHAP Response id=0x1
> > <105b4dd004c38c
> >
> 72709c4d9376155f3d00000000000000005312a29e4576ab0cf8159444aaa050f0f13ea649d6
> > e13d
> > 7d04>, name = "abivpn"]
> > Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8056290:0x8078c00.
> > Mar 16 10:43:10 spr0cket pppd[15927]: ChapReceiveResponse: rcvd type
> > MS-CHAP-V2
> > Mar 16 10:43:10 spr0cket pppd[15927]: sent [CHAP Success id=0x1
> > "S=EC4CB0BABA047
> > 0253B10CF283FF8886F880FEF6F"]
> > Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x1 <addr
> > 10.0.0.1>
> > <compress VJ 0f 01>]
> > Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
> > seconds.
> > Mar 16 10:43:10 spr0cket kernel: PPP BSD Compression module registered
> > Mar 16 10:43:10 spr0cket kernel: PPP MPPE compression module registered
> > Mar 16 10:43:10 spr0cket kernel: PPP Deflate Compression module registered
> > Mar 16 10:43:10 spr0cket pppd[15927]: sent [CCP ConfReq id=0x1 <deflate
> 15>
> > <def
> > late(old#) 15> <mppe 1 0 0 60> <bsd v1 15>]
> > Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078cc0 in 3
> > seconds.
> > Mar 16 10:43:10 spr0cket pppd[15927]: MSCHAP-v2 peer authentication
> > succeeded fo
> > r abivpn
> > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x1 <addr
> > 0.0.0.0> <
> > ms-dns1 63.198.144.210> <ms-wins 63.201.100.34> <ms-dns3 63.201.100.34>
> > <ms-wins
> >  0.0.0.0>]
> > Mar 16 10:43:10 spr0cket pppd[15927]: ipcp: returning Configure-REJ
> > Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x1 <addr
> > 0.0.0.0> <
> > ms-dns1 63.198.144.210> <ms-wins 63.201.100.34> <ms-dns3 63.201.100.34>
> > <ms-wins
> >  0.0.0.0>]
> > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfRej id=0x1 <compress
> VJ
> > 0f
> > 01>]
> > Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078b80.
> > Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x2 <addr
> > 10.0.0.1>]
> > Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
> > seconds.
> > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [LCP ProtRej id=0x2 80 fd 01 01
> > 00 15
> >  1a 04 78 00 18 04 78 00 12 06 01 00 00 60 15 03 2f]
> > Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078cc0.
> > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x2 <addrs
> > 0.0.0.0 0
> > .0.0.0>]
> > Mar 16 10:43:10 spr0cket pppd[15927]: ipcp: returning Configure-REJ
> > Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x2 <addrs
> > 0.0.0.0 0
> > .0.0.0>]
> > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfAck id=0x2 <addr
> > 10.0.0.1>]
> > Mar 16 10:43:13 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x2 <addr
> > 10.0.0.1>]
> > Mar 16 10:43:13 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
> > seconds.
> > Mar 16 10:43:13 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x3 <addrs
> > 0.0.0.0 1
> > 0.0.0.1>]
> > Mar 16 10:43:13 spr0cket pppd[15927]: ipcp: returning Configure-REJ
> > Mar 16 10:43:13 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x3 <addrs
> > 0.0.0.0 1
> > 0.0.0.1>]
> > Mar 16 10:43:14 spr0cket pppd[15927]: rcvd [IPCP TermReq id=0x4]
> > Mar 16 10:43:14 spr0cket pppd[15927]: sent [IPCP TermAck id=0x4]
> > Mar 16 10:43:14 spr0cket pppd[15927]: rcvd [LCP TermReq id=0x3]
> > Mar 16 10:43:14 spr0cket pppd[15927]: LCP terminated by peer
> > Mar 16 10:43:14 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078b80.
> > Mar 16 10:43:14 spr0cket pppd[15927]: CCP: Down event in state 1!
> > Mar 16 10:43:14 spr0cket pppd[15927]: Timeout 0x8050780:0x8078920 in 3
> > seconds.
> > Mar 16 10:43:14 spr0cket pppd[15927]: sent [LCP TermAck id=0x3]
> > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Received PPTP Control Message
> > (type
> > : 12)
> > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Made a CALL DISCONNECT RPLY
> > packet
> > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Received CALL CLR request
> > (closing
> > call)
> > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: I wrote 148 bytes to the
> > client.
> > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Sent packet to client
> > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Error with select(), quitting
> > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Client 63.198.86.73 control
> > connect
> > ion finished
> > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Exiting now
> > Mar 16 10:43:14 spr0cket pppd[15927]: Modem hangup
> > Mar 16 10:43:14 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078920.
> > Mar 16 10:43:14 spr0cket pppd[15927]: Connection terminated.
> > Mar 16 10:43:14 spr0cket pppd[15927]: Connect time 0.1 minutes.
> > Mar 16 10:43:14 spr0cket pppd[15927]: Sent 466 bytes, received 436 bytes.
> > Mar 16 10:43:14 spr0cket pppd[15927]: Exit.
> >
> > ----- Original Message -----
> > From: "tmk" <tmk at netmagic.net>
> > To: "Don Lindner" <don at lindner2k.com>
> > Sent: Thursday, March 16, 2000 8:05 AM
> > Subject: Re: [pptp-server] Error with select() ?...
> >
> >
> > > that wasnt debug output... use the debug option in your ppp options file
> > > and add a line like *.debug /var/log/debug to your /etc/syslog.conf file
> > > (and kill -HUP <pid of syslogd>
> > >
> > > Kevin
> >
> >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> >
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From chris at pds2k.com  Thu Mar 16 20:03:18 2000
From: chris at pds2k.com (Christopher Tarricone)
Date: Thu Mar 16 20:03:18 2000
Subject: [pptp-server] PPTP problems after connect
References: <001301bf8f9d$acc19b30$0a00a8c0@seansroom>
Message-ID: <001401bf8fb4$b8716e30$b0d23ccc@tworivers>

Although I can't help you with the unsupported protocal protion (still
working on htat one myself) The the last part about proxy ARP I ran into on
my computer as well.... It happened on my vomputer what I was trying to
foward an NAT'ed or MASQ address to a real one. I have acccess to an entire
class C so I broke it down and took the last 30 IP's for the pptpd server

Example: If 192.168.0.1/24 was a ARIN registered class C

            speed 115200
            localip 192.168.0.226-240
            remoteip 192.168.0.241-254

----- Original Message -----
From: "Sean McAvoy" <sean at mds-networks.com>
To: <pptp-server at lists.schulte.org>
Sent: Thursday, March 16, 2000 6:16 PM
Subject: [pptp-server] PPTP problems after connect


> Hi,
> I've got my PPTPD server setup and working... I can get the client to
> connect... but I noticed in the logs:
> Mar 16 17:40:29 server pppd[1021]: Unsupported protocol (0x4cac) received
> Mar 16 17:40:30 server pppd[1021]: Unsupported protocol (0xbf00) received
> Mar 16 17:40:36 server pppd[1021]: Unsupported protocol (0x5b92) received
> Mar 16 17:40:38 server pppd[1021]: Unsupported protocol (0x8313) received
> Mar 16 17:40:39 server pppd[1021]: Unsupported protocol (0x815e) received
> Mar 16 17:40:45 server pppd[1021]: Unsupported protocol (0x75ff) received
> Mar 16 17:40:47 server pppd[1021]: Unsupported protocol (0x2e1c) received
> Mar 16 17:40:48 server pppd[1021]: Unsupported protocol (0x3081) received
> Mar 16 17:40:54 server pppd[1021]: Unsupported protocol (0x3b4f) received
> Mar 16 17:40:56 server pppd[1021]: Unsupported protocol (0x7c75) received
> Mar 16 17:40:57 server pppd[1021]: Unsupported protocol (0xe9da) received
> Also I can't seem to ping the client (I can ping the local IP, not the
> remote)
> I thought this might be the problem:
> Mar 16 17:25:16 server pppd[787]: Cannot determine ethernet address for
> proxy ARP
> Any help would be great!
>
>
> -Sean
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From sean at mds-networks.com  Thu Mar 16 20:44:27 2000
From: sean at mds-networks.com (Sean McAvoy)
Date: Thu Mar 16 20:44:27 2000
Subject: [pptp-server] PPTP problems after connect
References: <001301bf8f9d$acc19b30$0a00a8c0@seansroom> <001401bf8fb4$b8716e30$b0d23ccc@tworivers>
Message-ID: <001c01bf8fba$b3db3580$0a00a8c0@seansroom>

Hi,
I tried that it works without encryption, but as soon as I enable it it
won't ping... that is also when I get the protocol errors.
Another quick question: I can mount drives through the command line in
windows, but can't see any systems (except the windows box itself) in the
network neighbouthood window. I know this has to do with samba and the
netbios broadcasting... wondering what it is exactly it was..
Again, any help would be great!



----- Original Message -----
From: "Christopher Tarricone" <chris at pds2k.com>
To: "Sean McAvoy" <sean at mds-networks.com>; <pptp-server at lists.schulte.org>
Sent: Thursday, March 16, 2000 9:01 PM
Subject: Re: [pptp-server] PPTP problems after connect


> Although I can't help you with the unsupported protocal protion (still
> working on htat one myself) The the last part about proxy ARP I ran into
on
> my computer as well.... It happened on my vomputer what I was trying to
> foward an NAT'ed or MASQ address to a real one. I have acccess to an
entire
> class C so I broke it down and took the last 30 IP's for the pptpd server
>
> Example: If 192.168.0.1/24 was a ARIN registered class C
>
>             speed 115200
>             localip 192.168.0.226-240
>             remoteip 192.168.0.241-254
>
> ----- Original Message -----
> From: "Sean McAvoy" <sean at mds-networks.com>
> To: <pptp-server at lists.schulte.org>
> Sent: Thursday, March 16, 2000 6:16 PM
> Subject: [pptp-server] PPTP problems after connect
>
>
> > Hi,
> > I've got my PPTPD server setup and working... I can get the client to
> > connect... but I noticed in the logs:
> > Mar 16 17:40:29 server pppd[1021]: Unsupported protocol (0x4cac)
received
> > Mar 16 17:40:30 server pppd[1021]: Unsupported protocol (0xbf00)
received
> > Mar 16 17:40:36 server pppd[1021]: Unsupported protocol (0x5b92)
received
> > Mar 16 17:40:38 server pppd[1021]: Unsupported protocol (0x8313)
received
> > Mar 16 17:40:39 server pppd[1021]: Unsupported protocol (0x815e)
received
> > Mar 16 17:40:45 server pppd[1021]: Unsupported protocol (0x75ff)
received
> > Mar 16 17:40:47 server pppd[1021]: Unsupported protocol (0x2e1c)
received
> > Mar 16 17:40:48 server pppd[1021]: Unsupported protocol (0x3081)
received
> > Mar 16 17:40:54 server pppd[1021]: Unsupported protocol (0x3b4f)
received
> > Mar 16 17:40:56 server pppd[1021]: Unsupported protocol (0x7c75)
received
> > Mar 16 17:40:57 server pppd[1021]: Unsupported protocol (0xe9da)
received
> > Also I can't seem to ping the client (I can ping the local IP, not the
> > remote)
> > I thought this might be the problem:
> > Mar 16 17:25:16 server pppd[787]: Cannot determine ethernet address for
> > proxy ARP
> > Any help would be great!
> >
> >
> > -Sean
> >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> >
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From vigov at com2com.ru  Fri Mar 17 03:04:11 2000
From: vigov at com2com.ru (vigov)
Date: Fri Mar 17 03:04:11 2000
Subject: [pptp-server] unrecognized option ipx-network
Message-ID: <1507.000317@com2com.ru>

When i try to use IPX with PPTP, pppd write follow message
'unrecognized option ipx-network'. I'm using FreeBSD 3.4 with pppd
2.3.5 (comes with FBSD) It seems to me i have pppd don't support ipx

Eugene





From natecars at real-time.com  Fri Mar 17 10:06:01 2000
From: natecars at real-time.com (Nate Carlson)
Date: Fri Mar 17 10:06:01 2000
Subject: [pptp-server] PPTP problems after connect
In-Reply-To: <001c01bf8fba$b3db3580$0a00a8c0@seansroom>
Message-ID: <Pine.LNX.4.10.10003171004030.27620-100000@enchanter.real-time.com>

On Thu, 16 Mar 2000, Sean McAvoy wrote:

> Hi,
> I tried that it works without encryption, but as soon as I enable it it
> won't ping... that is also when I get the protocol errors.

Are you running Win98? This is a really common problem related to the
broken encryption out of the box on Win98.. try applying the DUN40.exe
patch if this is a case.

(Note to admins: It might be a good idea to make this a _lot_ more obvious
in the FAQ.. it's kind of in a side note right now.. I would have to say
this is one of the most common problems on the list.)



> Another quick question: I can mount drives through the command line in
> windows, but can't see any systems (except the windows box itself) in the
> network neighbouthood window. I know this has to do with samba and the
> netbios broadcasting... wondering what it is exactly it was..
> Again, any help would be great!

You need to set up a WINS server on your network, and point your client
machines at it, using either the ms-wins tag in the pppd options file, or
setting it manually in the dial-up profile.

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From tmk at netmagic.net  Fri Mar 17 11:28:27 2000
From: tmk at netmagic.net (tmk)
Date: Fri Mar 17 11:28:27 2000
Subject: [pptp-server] Error with select() ?...
References: <Pine.LNX.4.10.10003161701590.9254-100000@armadillo.wink.com>
Message-ID: <000b01bf9036$76b0df80$071c0fc0@lala.net>

yes it does, but the connection dies on the rejection of ip address packets
and the client never gets its new ip.. so i assume the problem lies in that
section of the configuration

Kevin
----- Original Message -----
From: Scott M. Stone <sstone at taos.com>
To: tmk <tmk at netmagic.net>
Cc: Don Lindner <don at lindner2k.com>; <pptp-server at lists.schulte.org>
Sent: Thursday, March 16, 2000 5:02 PM
Subject: Re: [pptp-server] Error with select() ?...


> On Thu, 16 Mar 2000, tmk wrote:
>
> > this looks like a problem neotiating local/remote addrs.. it is dying
when
> > teh client insists its ip addr should be 0.0.0.0
>
> doesn't this happen when the client says, "I don't know my IP address,
> give me one" ?
>
> >
> > check your configs for typos..
> >
> > Kevin
> > ----- Original Message -----
> > From: Don Lindner <don at lindner2k.com>
> > To: <pptp-server at lists.schulte.org>
> > Sent: Thursday, March 16, 2000 10:50 AM
> > Subject: Re: [pptp-server] Error with select() ?...
> >
> >
> > > OK, got it -- I had specified "daemon.debug" in syslog.conf -- the
> > wildcard
> > > did generate much more data...  :)
> > >
> > > [root at spr0cket log]# cat pptpd.log
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: pppd speed = 115200
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Client 63.198.86.73
control
> > > connect
> > > ion started
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Received PPTP Control
Message
> > > (type
> > > : 1)
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Made a START CTRL CONN
RPLY
> > > packet
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: I wrote 156 bytes to the
> > > client.
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Sent packet to client
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Received PPTP Control
Message
> > > (type
> > > : 7)
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Set parameters to 0
maxbps,
> > 16
> > > wind
> > > ow size
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Made a OUT CALL RPLY
packet
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Starting call (launching
> > pppd,
> > > open
> > > ing GRE)
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: pty_fd = 4
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: tty_fd = 5
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: I wrote 32 bytes to the
> > client.
> > > Mar 16 10:43:09 spr0cket pptpd[15926]: CTRL: Sent packet to client
> > > Mar 16 10:43:09 spr0cket pptpd[15927]: CTRL (PPPD Launcher):
Connection
> > > speed =
> > > 115200
> > > Mar 16 10:43:09 spr0cket pppd[15927]: pppd 2.3.10 started by root, uid
0
> > > Mar 16 10:43:09 spr0cket pppd[15927]: Using interface ppp0
> > > Mar 16 10:43:09 spr0cket pppd[15927]: Connect: ppp0 <--> /dev/pts/0
> > > Mar 16 10:43:09 spr0cket pppd[15927]: sent [LCP ConfReq id=0x1
<asyncmap
> > > 0x0> <a
> > > uth chap 81> <magic 0x9a738a19> <pcomp> <accomp>]
> > > Mar 16 10:43:09 spr0cket pppd[15927]: Timeout 0x8050780:0x8078920 in 3
> > > seconds.
> > > Mar 16 10:43:09 spr0cket pppd[15927]: rcvd [LCP ConfReq id=0x1 <magic
> > > 0x3bcbbc0>
> > >  <pcomp> <accomp>]
> > > Mar 16 10:43:09 spr0cket pppd[15927]: lcp_reqci: returning CONFACK.
> > > Mar 16 10:43:09 spr0cket pppd[15927]: sent [LCP ConfAck id=0x1 <magic
> > > 0x3bcbbc0>
> > >  <pcomp> <accomp>]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [LCP ConfAck id=0x1
<asyncmap
> > > 0x0> <a
> > > uth chap 81> <magic 0x9a738a19> <pcomp> <accomp>]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078920.
> > > Mar 16 10:43:10 spr0cket pppd[15927]: sent [CHAP Challenge id=0x1
> > > <cc592fe2379b3
> > > 743a80f5ebda0725b69>, name = "spr0cket.abinnovations.com"]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8056290:0x8078c00 in 3
> > > seconds.
> > > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [CHAP Response id=0x1
> > > <105b4dd004c38c
> > >
> >
72709c4d9376155f3d00000000000000005312a29e4576ab0cf8159444aaa050f0f13ea649d6
> > > e13d
> > > 7d04>, name = "abivpn"]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8056290:0x8078c00.
> > > Mar 16 10:43:10 spr0cket pppd[15927]: ChapReceiveResponse: rcvd type
> > > MS-CHAP-V2
> > > Mar 16 10:43:10 spr0cket pppd[15927]: sent [CHAP Success id=0x1
> > > "S=EC4CB0BABA047
> > > 0253B10CF283FF8886F880FEF6F"]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x1 <addr
> > > 10.0.0.1>
> > > <compress VJ 0f 01>]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
> > > seconds.
> > > Mar 16 10:43:10 spr0cket kernel: PPP BSD Compression module registered
> > > Mar 16 10:43:10 spr0cket kernel: PPP MPPE compression module
registered
> > > Mar 16 10:43:10 spr0cket kernel: PPP Deflate Compression module
registered
> > > Mar 16 10:43:10 spr0cket pppd[15927]: sent [CCP ConfReq id=0x1
<deflate
> > 15>
> > > <def
> > > late(old#) 15> <mppe 1 0 0 60> <bsd v1 15>]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078cc0 in 3
> > > seconds.
> > > Mar 16 10:43:10 spr0cket pppd[15927]: MSCHAP-v2 peer authentication
> > > succeeded fo
> > > r abivpn
> > > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x1 <addr
> > > 0.0.0.0> <
> > > ms-dns1 63.198.144.210> <ms-wins 63.201.100.34> <ms-dns3
63.201.100.34>
> > > <ms-wins
> > >  0.0.0.0>]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: ipcp: returning Configure-REJ
> > > Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x1 <addr
> > > 0.0.0.0> <
> > > ms-dns1 63.198.144.210> <ms-wins 63.201.100.34> <ms-dns3
63.201.100.34>
> > > <ms-wins
> > >  0.0.0.0>]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfRej id=0x1
<compress
> > VJ
> > > 0f
> > > 01>]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078b80.
> > > Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x2 <addr
> > > 10.0.0.1>]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
> > > seconds.
> > > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [LCP ProtRej id=0x2 80 fd
01 01
> > > 00 15
> > >  1a 04 78 00 18 04 78 00 12 06 01 00 00 60 15 03 2f]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078cc0.
> > > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x2 <addrs
> > > 0.0.0.0 0
> > > .0.0.0>]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: ipcp: returning Configure-REJ
> > > Mar 16 10:43:10 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x2 <addrs
> > > 0.0.0.0 0
> > > .0.0.0>]
> > > Mar 16 10:43:10 spr0cket pppd[15927]: rcvd [IPCP ConfAck id=0x2 <addr
> > > 10.0.0.1>]
> > > Mar 16 10:43:13 spr0cket pppd[15927]: sent [IPCP ConfReq id=0x2 <addr
> > > 10.0.0.1>]
> > > Mar 16 10:43:13 spr0cket pppd[15927]: Timeout 0x8050780:0x8078b80 in 3
> > > seconds.
> > > Mar 16 10:43:13 spr0cket pppd[15927]: rcvd [IPCP ConfReq id=0x3 <addrs
> > > 0.0.0.0 1
> > > 0.0.0.1>]
> > > Mar 16 10:43:13 spr0cket pppd[15927]: ipcp: returning Configure-REJ
> > > Mar 16 10:43:13 spr0cket pppd[15927]: sent [IPCP ConfRej id=0x3 <addrs
> > > 0.0.0.0 1
> > > 0.0.0.1>]
> > > Mar 16 10:43:14 spr0cket pppd[15927]: rcvd [IPCP TermReq id=0x4]
> > > Mar 16 10:43:14 spr0cket pppd[15927]: sent [IPCP TermAck id=0x4]
> > > Mar 16 10:43:14 spr0cket pppd[15927]: rcvd [LCP TermReq id=0x3]
> > > Mar 16 10:43:14 spr0cket pppd[15927]: LCP terminated by peer
> > > Mar 16 10:43:14 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078b80.
> > > Mar 16 10:43:14 spr0cket pppd[15927]: CCP: Down event in state 1!
> > > Mar 16 10:43:14 spr0cket pppd[15927]: Timeout 0x8050780:0x8078920 in 3
> > > seconds.
> > > Mar 16 10:43:14 spr0cket pppd[15927]: sent [LCP TermAck id=0x3]
> > > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Received PPTP Control
Message
> > > (type
> > > : 12)
> > > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Made a CALL DISCONNECT
RPLY
> > > packet
> > > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Received CALL CLR request
> > > (closing
> > > call)
> > > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: I wrote 148 bytes to the
> > > client.
> > > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Sent packet to client
> > > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Error with select(),
quitting
> > > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Client 63.198.86.73
control
> > > connect
> > > ion finished
> > > Mar 16 10:43:14 spr0cket pptpd[15926]: CTRL: Exiting now
> > > Mar 16 10:43:14 spr0cket pppd[15927]: Modem hangup
> > > Mar 16 10:43:14 spr0cket pppd[15927]: Untimeout 0x8050780:0x8078920.
> > > Mar 16 10:43:14 spr0cket pppd[15927]: Connection terminated.
> > > Mar 16 10:43:14 spr0cket pppd[15927]: Connect time 0.1 minutes.
> > > Mar 16 10:43:14 spr0cket pppd[15927]: Sent 466 bytes, received 436
bytes.
> > > Mar 16 10:43:14 spr0cket pppd[15927]: Exit.
> > >
> > > ----- Original Message -----
> > > From: "tmk" <tmk at netmagic.net>
> > > To: "Don Lindner" <don at lindner2k.com>
> > > Sent: Thursday, March 16, 2000 8:05 AM
> > > Subject: Re: [pptp-server] Error with select() ?...
> > >
> > >
> > > > that wasnt debug output... use the debug option in your ppp options
file
> > > > and add a line like *.debug /var/log/debug to your /etc/syslog.conf
file
> > > > (and kill -HUP <pid of syslogd>
> > > >
> > > > Kevin
> > >
> > >
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulte.org!
> > >
> >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> >
>
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From smcavoy at cgocable.net  Fri Mar 17 12:53:42 2000
From: smcavoy at cgocable.net (Sean McAvoy)
Date: Fri Mar 17 12:53:42 2000
Subject: [pptp-server] Can't authenticate using domain\\user
Message-ID: <001401bf9042$1c756480$0a00a8c0@seansroom>

Hello, I've got just about everything working for pptp, but
when I try to use DOMAIN\\username to authenticate it fails. When I manually
add the username and password it works. Any Idea's on what I might be doing
wrong?



-Sean




From patl at cag.lcs.mit.edu  Sat Mar 18 09:25:12 2000
From: patl at cag.lcs.mit.edu (Patrick J. LoPresti)
Date: Sat Mar 18 09:25:12 2000
Subject: [pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)
In-Reply-To: Martin Mueller's message of "Thu, 16 Mar 2000 18:11:30 +0100"
References: <008101bf8f45$23cf8060$010010ac@crypto.net> <NBBBIEENKKBNLBCJKFNHMEJIECAA.P.J.Reid@earthling.net> <20000316181129.D27532@cicero.werkleitz.de>
Message-ID: <s5gog8c8fzf.fsf@snidely.curl.com>

(Sorry if you get this twice, Martin; I messed up the mailing list
address the first time.)

Martin Mueller <mm at lunetix.de> writes:

> Ok, here are the patches to pppd-2.3.11 to require encryption. The
> new options are "require-mppe" and "require-mppe-stateless". You
> must first aply the MPPE patches for pppd and then this one.

Nice work.  Unfortunately, these patches do not quite do the trick
security-wise, at least on Linux.

Here is a comment from /usr/src/linux/drivers/net/ppp-deflate.c, circa
line 450:

 * Because of patent problems, we return DECOMP_ERROR for errors found
 * by inspecting the input data and for system problems, but
 * DECOMP_FATALERROR for any errors which could possibly be said to be
 * being detected "after" decompression.  For DECOMP_ERROR, we can
 * issue a CCP reset-request; for DECOMP_FATALERROR, we may be
 * infringing a patent of Motorola's if we do, so we take CCP down
 * instead.

The associated code is consistent with this comment.  Linux disables
compression when an error happens while decompressing a packet.  Since
MPPE is implemented as a "compression" module, all an attacker needs
to do to disable your encryption is tamper with the PPP stream in any
way.  Guess how hard this is when the PPP stream is running over PPTP?
(Hint: PPTP does not even check packet integrity, except for a
sequence number at the head of every packet which increments
monotonically).

There are two ways you might fix this.  1) Ignore Motorola's alleged
patent and patch ppp_deflate.c to just do a CCP reset on *any*
decompression error; or 2) terminate the connection if require-mppe is
set and compression becomes disabled for any reason whatsoever.  The
latter is probably safer, both from a legal and from a security
standpoint.  (It does allow an attacker to end your PPTP session, but
they can do that anyway by forging bogus GRE packets with wacko
sequence numbers.  PPTP is a really, really, really bad protocol.)

 - Pat



From patl at cag.lcs.mit.edu  Sat Mar 18 12:11:16 2000
From: patl at cag.lcs.mit.edu (Patrick J. LoPresti)
Date: Sat Mar 18 12:11:16 2000
Subject: [pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)
In-Reply-To: Martin Mueller's message of "Sat, 18 Mar 2000 18:13:11 +0100"
References: <008101bf8f45$23cf8060$010010ac@crypto.net> <NBBBIEENKKBNLBCJKFNHMEJIECAA.P.J.Reid@earthling.net> <20000316181129.D27532@cicero.werkleitz.de> <s5gog8c8fzf.fsf@snidely.curl.com> <20000318181311.A27633@cicero.werkleitz.de>
Message-ID: <s5gya7g6use.fsf@snidely.curl.com>

Martin Mueller <mm at lunetix.de> writes:

> I think my patch is doing 2) at the moment, at least I?m hopeing to
> achieve it with the following snippet:
> 
> +++ ppp-2.3.11.mppe/pppd/ccp.c
> @ -450,6 +455,8 @@
>  {
>      ccp_flags_set(unit, 0, 0);
>      fsm_lowerdown(&ccp_fsm[unit]);
> +    if ( ccp_wantoptions[unit].require_mppe || ccp_wantoptions[unit].require_mppe_stateless )
> +       lcp_close(unit,"Encryption negotiation rejected");
>  }
> 
> Which should close the connection on the closing of the CCP.
> 
> Correct me if I?m wrong.

I believe you are wrong, although I am not enough of a pppd expert to
be sure.  My reasoning follows.

Open up ppp-2.3.11/pppd/ccp.c and follow along...

Find the call to ccp_fatal_error().  This returns true when a fatal
error has occurred.  If so, we log a message and call ccp_close().

Now look at ccp_close().  It does something very similar to
ccp_protrej(), which is the function you have changed to terminate the
connection when CCP negotiation fails.  I believe you need to make a
similar change to ccp_close(), and possibly to ccp_down() as well (to
be completely safe).

Now you can correct me if *I* am wrong :-).

 - Pat



From f.v.heusden at ftr.nl  Sun Mar 19 06:09:44 2000
From: f.v.heusden at ftr.nl (Heusden, Folkert van)
Date: Sun Mar 19 06:09:44 2000
Subject: [pptp-server] pptp portforwarding
Message-ID: <27525795B28BD311B28D00500481B76009D93A@server.ftr.nl>

Hi,

On our intranet, we're running an NT-server capable of ding pptp.
I've been trying to get pptp working on the linux-box, but couldn't
get it to work, so I decided to have the router (linux) forward it's
incoming pptp-connections to the nt-box, as it does with smtp and
pop3-sessions. Should do, shouldn't it?
Ok, I got these firewall-rules:
PPTP forwarding:
/sbin/ipchains -I input -p tcp -y -d __INTERNET_IP_ADDRESS__/32 1723 -m 1
/usr/sbin/ipmasqadm mfw -A -m 1 -r __IP_ADDRESS_FOR_THE_NT_BOX__ 1723 -p 10
/sbin/ipchains -I input -p 47 -d __INTERNET_IP_ADDRESS__/32 -m 2
/usr/sbin/ipmasqadm mfw -A -m 2 -r __IP_ADDRESS_FOR_THE_NT_BOX__ -p 10
but that doesn't seem to work.
Anyone got any suggestions?



From f.v.heusden at ftr.nl  Sun Mar 19 07:12:06 2000
From: f.v.heusden at ftr.nl (Heusden, Folkert van)
Date: Sun Mar 19 07:12:06 2000
Subject: [pptp-server] what am I doing wrong here?
Message-ID: <27525795B28BD311B28D00500481B76009D943@server.ftr.nl>

I get this error:

Mar 19 13:46:41 linux pptpd[2688]: MGR: Launching /usr/local/sbin/pptpctrl
to handle client
Mar 19 13:46:41 linux pptpd[2688]: CTRL: local address = 192.168.0.235
Mar 19 13:46:41 linux pptpd[2688]: CTRL: remote address = 192.168.0.230
Mar 19 13:46:41 linux pptpd[2688]: CTRL: pppd speed = 115200
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Client 192.168.0.14 control
connection started
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Received PPTP Control Message
(type: 1)
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Made a START CTRL CONN RPLY packet
Mar 19 13:46:41 linux pptpd[2688]: CTRL: I wrote 156 bytes to the client.
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Sent packet to client
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Received PPTP Control Message
(type: 7)
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Set parameters to 1525 maxbps, 64
window size
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Made a OUT CALL RPLY packet
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Starting call (launching pppd,
opening GRE)
Mar 19 13:46:41 linux pptpd[2688]: CTRL: pty_fd = 4
Mar 19 13:46:41 linux pptpd[2688]: CTRL: tty_fd = 5
Mar 19 13:46:41 linux pptpd[2688]: CTRL: I wrote 32 bytes to the client.
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Sent packet to client
Mar 19 13:46:41 linux pptpd[2654]: MGR: Reaped child 2688
Mar 19 13:46:41 linux pptpd[2691]: CTRL (PPPD Launcher): Connection speed =
115200
Mar 19 13:46:41 linux pptpd[2691]: CTRL (PPPD Launcher): local address =
192.168.0.235
Mar 19 13:46:41 linux pptpd[2691]: CTRL (PPPD Launcher): remote address =
192.168.0.230
Mar 19 13:46:41 linux pptpd[2688]: GRE: read(fd=4,buffer=804d780,len=8196)
from PTY failed: status = -1 error = Input/output
error
Mar 19 13:46:41 linux pptpd[2688]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Client 192.168.0.14 control
connection finished
Mar 19 13:46:41 linux pptpd[2688]: CTRL: Exiting now
Mar 19 13:46:41 linux pppd[2691]: The remote system is required to
authenticate itself but I
Mar 19 13:46:41 linux pppd[2691]: couldn't find any secret (password) which
would let it use an IP 
address.

what can be a possible cause of this?



From koschate at bigfoot.com  Sun Mar 19 11:41:49 2000
From: koschate at bigfoot.com (Thomas Koschate)
Date: Sun Mar 19 11:41:49 2000
Subject: [pptp-server] Can't ping the local LAN
Message-ID: <64EF234468856BBC852568A700609B5D.0000000000000000@omasko>

I finally got this sucker working.  Ultimately, the problem turned out to 
be my restrictive firewalling rules, since I'm DENYing or REJECTing 
everything by default.  For the benefit of others, here's what my 
ip-up.local ended up as:

#!/bin/sh
# /etc/ppp/ip-up.local
case $2
  in
    /dev/pts/*)
      echo "$(date): ip-up   1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" >> 
/var/log/pptpd.log
      /sbin/ipchains --insert forward -j ACCEPT -s $5 -d 192.168.20.0/24
       /sbin/ipchains --insert forward -j ACCEPT -d $5 -s 192.168.20.0/24
      /sbin/ipchains --insert input -b -s $5 -d 192.168.10.0/24 -j ACCEPT
      /sbin/ipchains --insert output -b -s 192.168.10.0/24 -d $5 -j ACCEPT
      echo "$(date): ip-up  Firewall rules set for $1:$5" >> 
/var/log/pptpd.log
      ;;
esac


And the complementary ip-down.local:

#!/bin/sh
# /etc/ppp/ip-down.local
case $2
  in
    /dev/pts/*)
      echo "$(date): ip-down   1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" >> 
/var/log/pptpd.log
      /sbin/ipchains --delete forward -j ACCEPT -s $5 -d 172.16.0.0/24
      /sbin/ipchains --delete forward -j ACCEPT -s 172.16.0.0/24 -d $5
      /sbin/ipchains --delete input -b -s $5 -d 172.16.0.0/24 -j ACCEPT
      /sbin/ipchains --delete output -b -s 172.16.0.0/24 -d $5 -j ACCEPT
      echo "$(date): ip-down  Firewall rules removed for $1:$5" >> 
/var/log/pptpd.log
      ;;
esac





"Scott M. Stone" <sstone at taos.com> on 2000-03-09 17:07:08
To:     Thomas Koschate <koschate at bigfoot.com>
cc:     pptp-server at lists.schulte.org 

Subject:        Re: [pptp-server] Can't ping the local LAN

On Thu, 9 Mar 2000, Thomas Koschate wrote:

> On 2000-03-08 17:00:26, Scott M. Stone wrote:
> 
> >ok, assuming your local net is 192.168.81.0/24 and your remote side of 
the
> >pptp connection is being assigned 192.168.81.101, do:
> >
> >ipchains -P forward DENY
> >ipchains -A forward -s 192.168.81.0/24 -d 192.168.81.101 -j ACCEPT
> >ipchains -A forward -s 192.168.81.101 -d 192.168.81.0/24 -j ACCEPT
> >
> >see if that helps
> 
> Well, I don't know about Gary, but it certainly helped me with a similar 
> problem.  I disabled my firewalling, tried these commands, and everything 

> was wonderful.  Now the trick is to get the darned thing working _with_ 
the 
> firewalling.

well, my above ipchains commands will keep your general policy of denying
forwarding, but allows forwarding between the remote pptp client and the
rest of your local subnet, which is what you want.  Try my lines instead
of the ones below....?

> 
> I put in the following script:
> ---------------------------------
> #!/bin/sh
> # /etc/ppp/ip-up.local
> case $2
>   in
>   /dev/pts/*)
>     echo "$(date): ip-up   1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" >> 
> /var/log/pptpd.log
>     /sbin/ipchains --insert forward -j ACCEPT -s $5 -i eth1
>     /sbin/ipchains --insert forward -j ACCEPT -d $5 -i $1 
>     echo "$(date): ip-up  Firewall rules set for $1:$5" >> 
> /var/log/pptpd.log
>                 ;;
> esac
> ---------------------------------
> 
> And a corresponding ip-down.local, re-enabled my firewalling, and got 
zippo 
> again.  Where to go from here?
> =============================================================
> Thomas Koschate
> koschate at bigfoot.com
> 
> For PGP Key, see
> http://keys.pgp.com:11371/pks/lookup?op=get&search=0xF45280AD
> =============================================================
> "Lawyers, I suppose, were children once."
> 
>      Charles Lamb
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 








From koschate at bigfoot.com  Sun Mar 19 11:44:47 2000
From: koschate at bigfoot.com (Thomas Koschate)
Date: Sun Mar 19 11:44:47 2000
Subject: [pptp-server] Can't ping the local LAN (correction)
Message-ID: <64EF234468856BBC852568A700609B5D.0061702B852568A7@omasko>

Copied the wrong version of the ip-down.local (I do maintenance on another 
server)

The complementary ip-down.local:

#!/bin/sh
# /etc/ppp/ip-down.local
case $2
  in
    /dev/pts/*)
      echo "$(date): ip-down   1:$1 2:$2 3:$3 4:$4 5:$5 6:$6" >> 
/var/log/pptpd.log
      /sbin/ipchains --delete forward -j ACCEPT -s $5 -d 192.168.10.0/24
      /sbin/ipchains --delete forward -j ACCEPT -s 192.168.10.0/24 -d $5
      /sbin/ipchains --delete input -b -s $5 -d 192.168.10.0/24 -j ACCEPT
      /sbin/ipchains --delete output -b -s 192.168.10.0/24 -d $5 -j ACCEPT
      echo "$(date): ip-down  Firewall rules removed for $1:$5" >> 
/var/log/pptpd.log
      ;;
esac





From tmk at netmagic.net  Sun Mar 19 14:58:45 2000
From: tmk at netmagic.net (tmk)
Date: Sun Mar 19 14:58:45 2000
Subject: [pptp-server] what am I doing wrong here?
References: <27525795B28BD311B28D00500481B76009D943@server.ftr.nl>
Message-ID: <001501bf91e6$31964320$071c0fc0@lala.net>

the GRE stuff isnt getting through

make sure that gre packets can travel between the two computers unabated

Kevin
----- Original Message -----
From: Heusden, Folkert van <f.v.heusden at ftr.nl>
To: PPTP mailinglist <pptp-server at lists.schulte.org>
Sent: Sunday, March 19, 2000 5:19 AM
Subject: [pptp-server] what am I doing wrong here?


> I get this error:
>
> Mar 19 13:46:41 linux pptpd[2688]: MGR: Launching /usr/local/sbin/pptpctrl
> to handle client
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: local address = 192.168.0.235
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: remote address = 192.168.0.230
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: pppd speed = 115200
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Client 192.168.0.14 control
> connection started
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Received PPTP Control Message
> (type: 1)
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Made a START CTRL CONN RPLY
packet
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: I wrote 156 bytes to the client.
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Sent packet to client
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Received PPTP Control Message
> (type: 7)
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Set parameters to 1525 maxbps, 64
> window size
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Made a OUT CALL RPLY packet
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Starting call (launching pppd,
> opening GRE)
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: pty_fd = 4
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: tty_fd = 5
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: I wrote 32 bytes to the client.
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Sent packet to client
> Mar 19 13:46:41 linux pptpd[2654]: MGR: Reaped child 2688
> Mar 19 13:46:41 linux pptpd[2691]: CTRL (PPPD Launcher): Connection speed
=
> 115200
> Mar 19 13:46:41 linux pptpd[2691]: CTRL (PPPD Launcher): local address =
> 192.168.0.235
> Mar 19 13:46:41 linux pptpd[2691]: CTRL (PPPD Launcher): remote address =
> 192.168.0.230
> Mar 19 13:46:41 linux pptpd[2688]: GRE: read(fd=4,buffer=804d780,len=8196)
> from PTY failed: status = -1 error = Input/output
> error
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: PTY read or GRE write failed
> (pty,gre)=(4,5)
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Client 192.168.0.14 control
> connection finished
> Mar 19 13:46:41 linux pptpd[2688]: CTRL: Exiting now
> Mar 19 13:46:41 linux pppd[2691]: The remote system is required to
> authenticate itself but I
> Mar 19 13:46:41 linux pppd[2691]: couldn't find any secret (password)
which
> would let it use an IP
> address.
>
> what can be a possible cause of this?
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>




From sstone at taos.com  Sun Mar 19 15:08:57 2000
From: sstone at taos.com (Scott M. Stone)
Date: Sun Mar 19 15:08:57 2000
Subject: [pptp-server] pptp portforwarding
In-Reply-To: <27525795B28BD311B28D00500481B76009D93A@server.ftr.nl>
Message-ID: <Pine.LNX.4.10.10003191308310.15495-100000@armadillo.wink.com>

On Sun, 19 Mar 2000, Heusden, Folkert van wrote:

> Hi,
> 
> On our intranet, we're running an NT-server capable of ding pptp.
> I've been trying to get pptp working on the linux-box, but couldn't
> get it to work, so I decided to have the router (linux) forward it's
> incoming pptp-connections to the nt-box, as it does with smtp and
> pop3-sessions. Should do, shouldn't it?
> Ok, I got these firewall-rules:
> PPTP forwarding:
> /sbin/ipchains -I input -p tcp -y -d __INTERNET_IP_ADDRESS__/32 1723 -m 1
> /usr/sbin/ipmasqadm mfw -A -m 1 -r __IP_ADDRESS_FOR_THE_NT_BOX__ 1723 -p 10
> /sbin/ipchains -I input -p 47 -d __INTERNET_IP_ADDRESS__/32 -m 2
> /usr/sbin/ipmasqadm mfw -A -m 2 -r __IP_ADDRESS_FOR_THE_NT_BOX__ -p 10
> but that doesn't seem to work.
> Anyone got any suggestions?

you have to forward GRE..

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From mm at lunetix.de  Sun Mar 19 17:21:23 2000
From: mm at lunetix.de (Martin Mueller)
Date: Sun Mar 19 17:21:23 2000
Subject: [pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)
In-Reply-To: <s5gog8c8fzf.fsf@snidely.curl.com>; from patl@cag.lcs.mit.edu on Sat, Mar 18, 2000 at 10:17:40AM -0500
References: <008101bf8f45$23cf8060$010010ac@crypto.net> <NBBBIEENKKBNLBCJKFNHMEJIECAA.P.J.Reid@earthling.net> <20000316181129.D27532@cicero.werkleitz.de> <s5gog8c8fzf.fsf@snidely.curl.com>
Message-ID: <20000318181311.A27633@cicero.werkleitz.de>

On Sat, Mar 18, 2000 at 10:17:40AM -0500, Patrick J. LoPresti wrote:
> There are two ways you might fix this.  1) Ignore Motorola's alleged
> patent and patch ppp_deflate.c to just do a CCP reset on *any*
> decompression error; or 2) terminate the connection if require-mppe is
> set and compression becomes disabled for any reason whatsoever.  The
> latter is probably safer, both from a legal and from a security
> standpoint.  (It does allow an attacker to end your PPTP session, but
> they can do that anyway by forging bogus GRE packets with wacko
> sequence numbers.  PPTP is a really, really, really bad protocol.)

I think my patch is doing 2) at the moment, at least I?m hopeing to
achieve it with the following snippet:

+++ ppp-2.3.11.mppe/pppd/ccp.c
@ -450,6 +455,8 @@
 {
     ccp_flags_set(unit, 0, 0);
     fsm_lowerdown(&ccp_fsm[unit]);
+    if ( ccp_wantoptions[unit].require_mppe || ccp_wantoptions[unit].require_mppe_stateless )
+       lcp_close(unit,"Encryption negotiation rejected");
 }

Which should close the connection on the closing of the CCP.

Correct me if I?m wrong.

bye
   MM
   
PGP-RSA key available from:
http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de




From f.v.heusden at ftr.nl  Mon Mar 20 03:23:23 2000
From: f.v.heusden at ftr.nl (Heusden, Folkert van)
Date: Mon Mar 20 03:23:23 2000
Subject: [pptp-server] what am I doing wrong here?
Message-ID: <27525795B28BD311B28D00500481B76009D951@server.ftr.nl>

> the GRE stuff isnt getting through
> make sure that gre packets can travel between the two computers unabated

How? I mean; there was a direction connection trough the
networkdevice.
No masquerading etc.



From f.v.heusden at ftr.nl  Mon Mar 20 03:23:54 2000
From: f.v.heusden at ftr.nl (Heusden, Folkert van)
Date: Mon Mar 20 03:23:54 2000
Subject: [pptp-server] pptp portforwarding
Message-ID: <27525795B28BD311B28D00500481B76009D950@server.ftr.nl>

> On our intranet, we're running an NT-server capable of ding pptp.
> I've been trying to get pptp working on the linux-box, but couldn't
> get it to work, so I decided to have the router (linux) forward it's
> incoming pptp-connections to the nt-box, as it does with smtp and
> pop3-sessions. Should do, shouldn't it?
> Ok, I got these firewall-rules:
> PPTP forwarding:
> /sbin/ipchains -I input -p tcp -y -d __INTERNET_IP_ADDRESS__/32 1723 -m 1
> /usr/sbin/ipmasqadm mfw -A -m 1 -r __IP_ADDRESS_FOR_THE_NT_BOX__ 1723 -p
10
> /sbin/ipchains -I input -p 47 -d __INTERNET_IP_ADDRESS__/32 -m 2
> /usr/sbin/ipmasqadm mfw -A -m 2 -r __IP_ADDRESS_FOR_THE_NT_BOX__ -p 10
> but that doesn't seem to work.
> Anyone got any suggestions?

SMS> you have to forward GRE..

How do I do that? The FAQ was not so helpfull ;-/
(also pretty much 2.0.x oriented)

Also, is this not already forwarding the GRE?
> /sbin/ipchains -I input -p 47 -d __INTERNET_IP_ADDRESS__/32 -m 2
> /usr/sbin/ipmasqadm mfw -A -m 2 -r __IP_ADDRESS_FOR_THE_NT_BOX__ -p 10

I rewrote part of it and got this:
ipmasqadm portfw -a -P tcp -L 212.115.175.146 1723 -R 192.168.0.1 1723
looks better :o)



From shaeff at mediaone.net  Mon Mar 20 04:07:56 2000
From: shaeff at mediaone.net (Noel Schaefer)
Date: Mon Mar 20 04:07:56 2000
Subject: [pptp-server] Something strange
Message-ID: <38D5A33A.69FA7FAA@mediaone.net>

i had a client connect to me and he had some trouble talk to the
others computers on the lan this is the message that i got in the "
syslog " file

CTRL: EOF or bad error reading ctrl packet length.

what is EOF and what could cause this ?

Thank you for your time !




From natecars at real-time.com  Mon Mar 20 14:03:51 2000
From: natecars at real-time.com (Nate Carlson)
Date: Mon Mar 20 14:03:51 2000
Subject: [pptp-server] what am I doing wrong here?
In-Reply-To: <27525795B28BD311B28D00500481B76009D943@server.ftr.nl>
Message-ID: <Pine.LNX.4.10.10003201402590.30234-100000@enchanter.real-time.com>

On Sun, 19 Mar 2000, Heusden, Folkert van wrote:

> I get this error:
*snip*
> Mar 19 13:46:41 linux pppd[2691]: The remote system is required to
> authenticate itself but I
> Mar 19 13:46:41 linux pppd[2691]: couldn't find any secret (password) which
> would let it use an IP 
> address.
> 

This looks like you are trying to use the pptp-linux client.. is this
correct? If so, be sure you have the 'noauth' tag in your ppp options
files.. otherwise, the client machine will ask the server for
authentication.

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From dxf at dewittross.com  Mon Mar 20 17:11:55 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Mon Mar 20 17:11:55 2000
Subject: [pptp-server] compilation errors with th MSCHAP install
Message-ID: <38D6B0CE.A569A133@dewittross.com>


I am trying to compile the modules for MSCHAP authentication and am
getting several errors.  As per the RedHat PPTP HowTO, I was compiling
the madoules using the command: make modules SUBDIRS=drivers/net As
anyone seen this?  Below is the end of the output of the make, I wasn't
sure if it would help anyone.  I am running on a Mandrake 7.0 system,
does the module not work on this kernal version(2.2.14)?

Thanks for any help.


sha1dgst.c: In function `SHA1_Final':
sha1dgst.c:316: parse error before `SHA_CTX'
sha1dgst.c:325: invalid type argument of `->'
sha1dgst.c:326: invalid type argument of `->'
sha1dgst.c:336: invalid type argument of `->'
sha1dgst.c:345: invalid type argument of `->'
sha1dgst.c:346: invalid type argument of `->'
sha1dgst.c:349: invalid type argument of `->'
sha1dgst.c:350: invalid type argument of `->'
sha1dgst.c:351: invalid type argument of `->'
sha1dgst.c:352: invalid type argument of `->'
sha1dgst.c:353: invalid type argument of `->'
sha1dgst.c:357: invalid type argument of `->'
sha1dgst.c:318: warning: `j' might be used uninitialized in this
function
sha1dgst.c:320: warning: `p' might be used uninitialized in this
function
sha1dgst.c: In function `GetNewKeyFromSHA':
sha1dgst.c:410: `SHA_CTX' undeclared (first use in this function)
sha1dgst.c:410: (Each undeclared identifier is reported only once
sha1dgst.c:410: for each function it appears in.)
sha1dgst.c:410: parse error before `Context'
sha1dgst.c:413: `Context' undeclared (first use in this function)
ppp_mppe.c: At top level:
sha1dgst.c:197: warning: `sha1_block' used but never defined
make[2]: *** [ppp_mppe.o] Error 1
make[2]: Leaving directory `/usr/src/linux-2.2.14/drivers/net'
make[1]: *** [_modsubdir_net] Error 2
make[1]: Leaving directory `/usr/src/linux-2.2.14/drivers'   


-- 
Daniell Freed
Computer Services
Dewitt, Ross, & Stevens

He who fights with monsters might take care 
lest he thereby become a monster. 
And if you gaze for long into an abyss, 
the abyss gazes also into you.

Beyond Good and Evil
Friedrich Wilhelm Nietzche



From koschate at bigfoot.com  Tue Mar 21 09:03:42 2000
From: koschate at bigfoot.com (Thomas Koschate)
Date: Tue Mar 21 09:03:42 2000
Subject: [pptp-server] Semi-advanced Routing
Message-ID: <98704E261F1C1B12852568A9005190D9.0000000000000000@omasko>

I've almost gotten everything in our VPN setup working, with just a couple 
of minor things to smooth out that I hope someone can advise me on.  At 
present, I have two private networks (172.16.0.0/24 and 192.168.10.0/24) 
connected via a tunnel.  The routing and permissions on each network are 
set up such at all machines on each network can see each other.  The 
gateway box 192.168.10.254 is set up as a PPTPD server, and users from the 
outside world can use PPTP to connect to the 192.168.10.0/24 network and 
see all the machines on the net.  If they _manually_ add an appropriate 
route ("route add 172.16.0.0 mask 255.255.255.0 192.168.10.254"), they can 
also access the 172.16.0.0/24 network. 

The question is, is there a way of assigning that route as part of the PPTP 
login?  I'd rather not have those Windoze users have to do anything too 
complex, particularly since there will ultimately be a third private 
network involved, and I want them to be able to dial into any of the three 
nets, just in case one of them is down.
=============================================================
Thomas Koschate
koschate at bigfoot.com

For PGP Key, see
http://keys.pgp.com:11371/pks/lookup?op=get&search=0xF45280AD
=============================================================
"Here's a good trick: Get a job as a judge at the Olympics. Then, if some 
guy sets a world record, pretend that you didn't see it and go, "Okay, is 
everybody ready to start now?""

     Jack Handey, Deep Thoughts from Saturday Night Live




From eraskin at paslists.com  Tue Mar 21 09:16:15 2000
From: eraskin at paslists.com (Eric H. Raskin)
Date: Tue Mar 21 09:16:15 2000
Subject: [pptp-server] PPTP Dropping Connection?
Message-ID: <001701bf9348$7b5bb7c0$650aa8c0@paslists.com>

Help!!  I've got users on my PoPToP server that connect OK.  After about two
minutes of inactivity, the PPTP connection drops, although the Internet
connection stays up.  I need it to stay up until either the Internet connection
is dropped or the user closes the PPTP connection themselves.

Any ideas why?  What can I post to give people clues?

TIA

---------------------------------------------------------------------
Eric H. Raskin                                 eraskin at paslists.com
Professional Advertising Systems Inc.          Voice: 914-741-1100
70 Memorial Plaza                              Fax:   914-741-2788
Pleasantville, NY 10570




From dimambro at pacbell.net  Tue Mar 21 09:40:59 2000
From: dimambro at pacbell.net (Brian L. DiMambro)
Date: Tue Mar 21 09:40:59 2000
Subject: [pptp-server] Unstable VPN
Message-ID: <38D5D540.387A3233@pacbell.net>

Hi all.

I have installed pptpd-1.0.0 / ppp-2.3.10 using the procedures in the
redhat 6.0 how-to from the PoPToP website. I have installed it on a
SPARC 5 running RH 6.1 using the stock 2.2.12-20 kernel. I followed the
instructions exactly and installed all packages with no errors. The VPN
is being accessed by both Windoze 2000 and 98 clients (at this time a
max of 4 connects). Following are the contents of my pptpd.conf and
options files:

################################################################################

#
# Sample PoPToP configuration file
#
# for PoPToP version 1.0.0
#
################################################################################

# TAG: speed
#
#       Specifies the speed for the PPP daemon to talk at.
#       Some PPP daemons will ignore this value.
#
speed 1152000

# TAG: option
#
#       Specifies the location of the PPP options file.
#       By default PPP looks in '/etc/ppp/options'
#
#option /this/is/the/options/file

# TAG: debug
#
#       Turns on (more) debugging to syslog.
#
debug

# TAG: localip
# TAG: remoteip
#
#       Specifies the local and remote IP address ranges.
#
#       You can specify single IP addresses seperated by commas or you
can
#       specify ranges, or both. For example:
#
#               192.168.0.234,192.168.0.245-249,192.168.0.254
#
#       IMPORTANT RESTRICTIONS:
#
#       1. No spaces are permitted between commas or within addresses.
#
#       2. If you give more IP addresses than MAX_CONNECTIONS, it will
#          start at the beginning of the list and go until it gets
#          MAX_CONNECTIONS IPs. Others will be ignored.
#
#       3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
#          you must type 234-238 if you mean this.
#
#       4. If you give a single localIP, that's ok - all local IPs will
#          be set to the given one. You MUST still give at least one
remote
#          IP for each simultaneous client.
#
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
remoteip 192.168.20.220-239
localip www.xxx.yyy.zzz (I have a real IP here, just don't want to
broadcast it.)

# TAG: ipxnets
#
#       This gives the range of IPX networks to allocate to clients.  By

#       default IPX network number allocation is not handled internally.

#       By putting a low and high network number here a pool of IPX
networks
#       can be defined.  If this is done then there must be one IPX
network
#       per client.
#
#       The format is a pair of hex numbers without any 0x prefix
separated
#       by a hyphen.
#
#ipxnets 00001000-00001FFF

# TAG: listen
#
#       Defines the IP address of the local interface on which pptpd
#       should listen for connections.  The default is to listen on all
#       local interfaces (even ones brought up by pptp connections, thus

#       permitting pptp tunnels inside the pptp tunnels).
#
#listen 192.168.0.1

# TAG: pidfile
#
#       This defines the file name in which pptpd should store its
process
#       ID (or pid).  The default is /var/run/pptpd.pid.
#
#pidfile /var/run/pptpd.pid


# cat options
lock
auth
+chap
proxyarp
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless

We have set up the clients as per the instructions in the WIN95/98 and
2000 how-tos. The system also runs SSH and I have blocked all access to
the system for telnet ftp etc ... basically I commented everything out
of the inetd.conf file and commented out things like pop3 etc ... from
the services file. I would also like to use this system as a firewall
and have my chains built but not activated at this time. The system has
an external interface to the net and a second interface (both 10BT) to a
switched internal network. The clients are connecting via the internet,
no modems.

So.... here's the problem. My developers connect to the VPN, they can
telnet, www, ftp to the internal systems but the connection keeps
crashing, hanging etc ... and blows away their sessions. Below is the
error message from my messages file. The VPN is so unstable it is
unusable for my developers. Any suggestions would be appreciated.


Mar 20 07:55:59 wcfw pptpd[1159]: CTRL: Unexpected control message 0 in
disconnect sequence
Mar 20 07:55:59 wcfw pptpd[1159]: CTRL: EOF or bad error reading ctrl
packet length.
Mar 20 07:55:59 wcfw pptpd[1159]: CTRL: couldn't read packet header
(exit)

From vigov at com2com.ru  Tue Mar 21 09:54:15 2000
From: vigov at com2com.ru (vigov)
Date: Tue Mar 21 09:54:15 2000
Subject: [pptp-server] freebsd + data encyption
Message-ID: <12792.000321@com2com.ru>

Hello! I've got FreeBSD 3.4 and i really need in data encryption. Have
anybody patched pppd comes with FreeBSD or pppd 2.3.10-11. It seems to
me all patches is for Linux.

Please help me.

Eugene





From john at netdirect.ca  Tue Mar 21 09:55:59 2000
From: john at netdirect.ca (John Van Ostrand)
Date: Tue Mar 21 09:55:59 2000
Subject: [pptp-server] Maximum Possible connections
Message-ID: <915FE25D5E61D3119CD80080C8E2E709BCC6@enterprise.NetDirect.CA>

Hello,

Does anyone know the practical limit of connections for PPTP using openSSL
with mppe_stateless? I assume that the PPP interface is limited to 64, 128
or 256 connections but does anyone know the processor or RAM requirements
for a large number of connections?

Thanks.



From sstone at taos.com  Tue Mar 21 11:37:35 2000
From: sstone at taos.com (Scott M. Stone)
Date: Tue Mar 21 11:37:35 2000
Subject: [pptp-server] Semi-advanced Routing
In-Reply-To: <98704E261F1C1B12852568A9005190D9.0000000000000000@omasko>
Message-ID: <Pine.LNX.4.10.10003210936361.23916-100000@armadillo.wink.com>

On Tue, 21 Mar 2000, Thomas Koschate wrote:

> I've almost gotten everything in our VPN setup working, with just a couple 
> of minor things to smooth out that I hope someone can advise me on.  At 
> present, I have two private networks (172.16.0.0/24 and 192.168.10.0/24) 
> connected via a tunnel.  The routing and permissions on each network are 
> set up such at all machines on each network can see each other.  The 
> gateway box 192.168.10.254 is set up as a PPTPD server, and users from the 
> outside world can use PPTP to connect to the 192.168.10.0/24 network and 
> see all the machines on the net.  If they _manually_ add an appropriate 
> route ("route add 172.16.0.0 mask 255.255.255.0 192.168.10.254"), they can 
> also access the 172.16.0.0/24 network. 
> 
> The question is, is there a way of assigning that route as part of the PPTP 
> login?  I'd rather not have those Windoze users have to do anything too 
> complex, particularly since there will ultimately be a third private 
> network involved, and I want them to be able to dial into any of the three 
> nets, just in case one of them is down.

make sure the win95 clients have 'use default gateway on remote network'
checked in the dialup networking settings and it should work
automatically.  Make sure that you're using proxyARP on the pptpd server,
though, or the 172.16.0.0/24 machines won't have a route back.

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From alex at softproseinc.com  Tue Mar 21 11:39:37 2000
From: alex at softproseinc.com (Alex Stagg)
Date: Tue Mar 21 11:39:37 2000
Subject: [pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)
Message-ID: <00b001bf935b$5bac78c0$0d01a8c0@boaz.dsm.softproseinc.com>

Martin,

How does this patch relate to the mppe patch for ppp 2.3.10? (That patch
only applies to 2.3.10, unless the 2.3.11 directory is renamed - right?)

Alex Stagg
SoftProse, Inc.
1776 22nd Street, Suite 100, West Des Moines, IA 50266
Direct: 515-988-4291, Main: 515-221-2220, Fax: 435-514-0727
email: alex at SoftProseInc.com
URL: http://www.softproseinc.com

Engineering Services for Digital TV


-----Original Message-----
From: Martin Mueller <mm at lunetix.de>
To: Patrick Reid <P.J.Reid at earthling.net>
Cc: Pptp Mailing List (E-mail) <pptp-server at lists.schulte.org>
Date: Thursday, March 16, 2000 11:14 AM
Subject: [pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)


>Hi all and thanks for your work,
>
>On Thu, Mar 16, 2000 at 07:21:58AM -0400, Patrick Reid wrote:
>>
>> 1) Require 128-bit, stateless encryption on the server side
>> I can refuse 40-bit encryption, but I can't keep someone from connecting
>> with no encryption or in stateful mode (i.e. only one key). I know it is
>> possible to force my clients to only use strong encryption, but this
doesn't
>> keep people from trying to exploit the PPTP security issues for
Microsoft's
>> implementation.
>
>Ok, here are the patches to pppd-2.3.11 to require encryption. The new
>options are "require-mppe" and "require-mppe-stateless". You must first
>aply the MPPE patches for pppd and then this one.
>
>bye
>   MM
>
>PGP-RSA key available from:
>http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de
>------------------------ cut here -----------------------------------
>diff -ur ppp-2.3.11/pppd/ccp.c ppp-2.3.11.mppe/pppd/ccp.c
>--- ppp-2.3.11/pppd/ccp.c Thu Mar 16 17:47:42 2000
>+++ ppp-2.3.11.mppe/pppd/ccp.c Thu Mar 16 17:56:16 2000
>@@ -37,6 +37,7 @@
> #include "mppe.h"
> #endif
> #include <net/ppp-comp.h>
>+#include "lcp.h"
>
> static const char rcsid[] = RCSID;
>
>@@ -103,6 +104,10 @@
>       "Disallow stateless MPPE encryption" },
>     { "-mppe-stateless", o_special_noarg, setnomppe_stateless,
>       "Disallow stateless MPPE encryption" },
>+    { "require-mppe", o_special_noarg, require_mppe,
>+      "Require MPPE encryption" },
>+    { "require-mppe-stateless", o_special_noarg, require_mppe,
>+      "Require stateless MPPE encryption" },
> #endif
>
>     { NULL }
>@@ -450,6 +455,8 @@
> {
>     ccp_flags_set(unit, 0, 0);
>     fsm_lowerdown(&ccp_fsm[unit]);
>+    if ( ccp_wantoptions[unit].require_mppe ||
ccp_wantoptions[unit].require_mppe_stateless )
>+ lcp_close(unit,"Encryption negotiation rejected");
> }
>
> /*
>@@ -1269,6 +1276,19 @@
>     notice("%s receive compression enabled", method_name(go, NULL));
>     } else if (ANY_COMPRESS(*ho))
> notice("%s transmit compression enabled", method_name(ho, NULL));
>+
>+    if ( ccp_wantoptions[f->unit].require_mppe_stateless ||
ccp_wantoptions[f->unit].require_mppe ) {
>+    if ( (go->mppe_128 && ho->mppe_128) || (go->mppe_40 && ho->mppe_40 ) )
>+        if ( ccp_wantoptions[f->unit].require_mppe_stateless )
>+ if ( go->mppe_stateless && ho->mppe_stateless )
>+             notice("stateless MPPE enforced");
>+         else
>+             lcp_close(f->unit,"stateless encryption negotiation failed");
>+     else
>+         notice("stateless MPPE enforced");
>+ else
>+     lcp_close(f->unit,"encryption negotiation failed");
>+    }
> }
>
> /*
>diff -ur ppp-2.3.11/pppd/ccp.h ppp-2.3.11.mppe/pppd/ccp.h
>--- ppp-2.3.11/pppd/ccp.h Thu Mar 16 17:47:42 2000
>+++ ppp-2.3.11.mppe/pppd/ccp.h Thu Mar 16 16:25:50 2000
>@@ -38,6 +38,8 @@
>     bool mppe_40; /* allow 40 bit encryption */
>     bool mppe_128; /* allow 128 bit encryption */
>     bool mppe_stateless; /* allow stateless encryption */
>+    bool require_mppe; /* force mppe encryption */
>+    bool require_mppe_stateless; /* force stateless encryption */
>     u_short bsd_bits; /* # bits/code for BSD Compress */
>     u_short deflate_size; /* lg(window size) for Deflate */
>     short method; /* code for chosen compression method */
>diff -ur ppp-2.3.11/pppd/mppe.c ppp-2.3.11.mppe/pppd/mppe.c
>--- ppp-2.3.11/pppd/mppe.c Thu Mar 16 17:47:42 2000
>+++ ppp-2.3.11.mppe/pppd/mppe.c Thu Mar 16 17:06:34 2000
>@@ -226,4 +226,20 @@
>     ccp_allowoptions[0].mppe_stateless = ccp_wantoptions[0].mppe_stateless
= 0;
>     return 1;
> }
>+
>+int
>+require_mppe(char **argv)
>+{
>+    ccp_allowoptions[0].require_mppe = ccp_wantoptions[0].require_mppe =
1;
>+    return 1;
>+}
>+
>+int
>+require_mppe_stateless(char **argv)
>+{
>+    ccp_allowoptions[0].require_mppe = ccp_wantoptions[0].require_mppe =
1;
>+    ccp_allowoptions[0].require_mppe_stateless =
ccp_wantoptions[0].require_mppe_stateless = 1;
>+    return 1;
>+}
>+
> #endif /* MPPE */
>diff -ur ppp-2.3.11/pppd/mppe.h ppp-2.3.11.mppe/pppd/mppe.h
>--- ppp-2.3.11/pppd/mppe.h Thu Mar 16 17:47:42 2000
>+++ ppp-2.3.11.mppe/pppd/mppe.h Thu Mar 16 16:25:00 2000
>@@ -51,6 +51,8 @@
> int setnomppe_128(char **);
> int setmppe_stateless(char **);
> int setnomppe_stateless(char **);
>+int require_mppe(char **);
>+int require_mppe_stateless(char **);
>
> #define __MPPE_INCLUDE__
> #endif /* __MPPE_INCLUDE__ */
>------------------------ cut here -----------------------------------
>
>_______________________________________________
>pptp-server maillist  -  pptp-server at lists.schulte.org
>http://lists.schulte.org/mailman/listinfo/pptp-server
>List services provided by www.schulte.org!
>




From dimambro at pacbell.net  Tue Mar 21 11:41:29 2000
From: dimambro at pacbell.net (Brian L. DiMambro)
Date: Tue Mar 21 11:41:29 2000
Subject: [pptp-server] Compress and Encryption problem
Message-ID: <38D5F08C.44473A72@pacbell.net>

Hi all.

I think I've found my encryption problem. The install seemed to go well.
I detected no errors during the compile and I followed the RH 6.1 how to
to the letter, yet it looks like I'm missing some files. Can anybody
point me in the right direction as to how to fix this? I'm a newbie to
this and could use some help. The system is a SPARC 5 / 85MHZ running RH
6.1 Ultra Linux with the stock 2.2.12-20 kernel, pptpd-1.0.0, ppp 2.3.10
with SSLeay-0.6.6b, ppp-2.3.10-openssl-norc4-mppe.patch. I compiled
everything (no RPM) and it looked like a clean install.

Log entry is:

Mar 21 17:19:00 wcfw modprobe: can't locate module ppp-compress-21
Mar 21 17:19:00 wcfw insmod: /lib/modules/2.2.12-42/net/ppp_mppe.o:
unresolved symbol __floatsidf
Mar 21 17:19:00 wcfw insmod: /lib/modules/2.2.12-42/net/ppp_mppe.o:
unresolved symbol __adddf3
Mar 21 17:19:01 wcfw modprobe: can't locate module ppp-compress-21
Mar 21 17:19:01 wcfw insmod: /lib/modules/2.2.12-42/net/ppp_mppe.o:
unresolved symbol __floatsidf
Mar 21 17:19:01 wcfw insmod: /lib/modules/2.2.12-42/net/ppp_mppe.o:
unresolved symbol __adddf3
Mar 21 17:19:01 wcfw pppd[4236]: MSCHAP-v2 peer authentication succeeded
for bdimambro
Mar 21 17:19:01 wcfw pppd[4236]: found interface eth1 for proxy arp

Any help will be appreciated.

Thanks

Brian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dimambro.vcf
Type: text/x-vcard
Size: 178 bytes
Desc: Card for Brian L. DiMambro
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000321/fdc16ab3/attachment.vcf>

From P.J.Reid at earthling.net  Tue Mar 21 11:43:48 2000
From: P.J.Reid at earthling.net (Patrick Reid)
Date: Tue Mar 21 11:43:48 2000
Subject: [pptp-server] RE: Forcing encryption (was: Optimizing pppd for PPTP)
In-Reply-To: <20000316181129.D27532@cicero.werkleitz.de>
Message-ID: <NBBBIEENKKBNLBCJKFNHAEMJECAA.P.J.Reid@earthling.net>

I applied this patch "by hand", then used diff -ur on the new files and the
backups: I get the same set of diffs as Martin posted here.

So, those patch files should work just fine on 2.3.10 systems, with just a
change in the directory specification.

I suggest adding these patches to the PoPToP web site, along with a
description of the new options: they are invaluable!

Patrick Reid - mailto:PReid at candesco.com
Candesco Research Corp.
Communication Centre: <http://www.mirabilis.com/1052176>


-----Original Message-----
From: mm at cicero.werkleitz.de [mailto:mm at cicero.werkleitz.de]On Behalf Of
Martin Mueller
Sent: March 16, 2000 1:12 PM
To: Patrick Reid
Cc: Pptp Mailing List (E-mail)
Subject: Forcing encryption (was: Optimizing pppd for PPTP)


Hi all and thanks for your work,

On Thu, Mar 16, 2000 at 07:21:58AM -0400, Patrick Reid wrote:
>
> 1) Require 128-bit, stateless encryption on the server side
> 	I can refuse 40-bit encryption, but I can't keep someone from connecting
> with no encryption or in stateful mode (i.e. only one key). I know it is
> possible to force my clients to only use strong encryption, but this
doesn't
> keep people from trying to exploit the PPTP security issues for
Microsoft's
> implementation.

Ok, here are the patches to pppd-2.3.11 to require encryption. The new
options are "require-mppe" and "require-mppe-stateless". You must first
aply the MPPE patches for pppd and then this one.

bye
   MM

PGP-RSA key available from:
http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de
------------------------ cut here -----------------------------------
diff -ur ppp-2.3.11/pppd/ccp.c ppp-2.3.11.mppe/pppd/ccp.c
--- ppp-2.3.11/pppd/ccp.c	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/ccp.c	Thu Mar 16 17:56:16 2000
@@ -37,6 +37,7 @@
 #include "mppe.h"
 #endif
 #include <net/ppp-comp.h>
+#include "lcp.h"

 static const char rcsid[] = RCSID;

@@ -103,6 +104,10 @@
       "Disallow stateless MPPE encryption" },
     { "-mppe-stateless", o_special_noarg, setnomppe_stateless,
       "Disallow stateless MPPE encryption" },
+    { "require-mppe", o_special_noarg, require_mppe,
+      "Require MPPE encryption" },
+    { "require-mppe-stateless", o_special_noarg, require_mppe,
+      "Require stateless MPPE encryption" },
 #endif

     { NULL }
@@ -450,6 +455,8 @@
 {
     ccp_flags_set(unit, 0, 0);
     fsm_lowerdown(&ccp_fsm[unit]);
+    if ( ccp_wantoptions[unit].require_mppe ||
ccp_wantoptions[unit].require_mppe_stateless )
+	lcp_close(unit,"Encryption negotiation rejected");
 }

 /*
@@ -1269,6 +1276,19 @@
 	    notice("%s receive compression enabled", method_name(go, NULL));
     } else if (ANY_COMPRESS(*ho))
 	notice("%s transmit compression enabled", method_name(ho, NULL));
+
+    if ( ccp_wantoptions[f->unit].require_mppe_stateless ||
ccp_wantoptions[f->unit].require_mppe ) {
+    	if ( (go->mppe_128 && ho->mppe_128) || (go->mppe_40 && ho->mppe_40 ) )
+    	    if ( ccp_wantoptions[f->unit].require_mppe_stateless )
+		if ( go->mppe_stateless && ho->mppe_stateless )
+	            notice("stateless MPPE enforced");
+	        else
+	            lcp_close(f->unit,"stateless encryption negotiation failed");
+	    else
+	        notice("stateless MPPE enforced");
+	else
+	    lcp_close(f->unit,"encryption negotiation failed");
+    }
 }

 /*
diff -ur ppp-2.3.11/pppd/ccp.h ppp-2.3.11.mppe/pppd/ccp.h
--- ppp-2.3.11/pppd/ccp.h	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/ccp.h	Thu Mar 16 16:25:50 2000
@@ -38,6 +38,8 @@
     bool mppe_40;		/* allow 40 bit encryption */
     bool mppe_128;		/* allow 128 bit encryption */
     bool mppe_stateless;	/* allow stateless encryption */
+    bool require_mppe;		/* force mppe encryption */
+    bool require_mppe_stateless;	/* force stateless encryption */
     u_short bsd_bits;		/* # bits/code for BSD Compress */
     u_short deflate_size;	/* lg(window size) for Deflate */
     short method;		/* code for chosen compression method */
diff -ur ppp-2.3.11/pppd/mppe.c ppp-2.3.11.mppe/pppd/mppe.c
--- ppp-2.3.11/pppd/mppe.c	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/mppe.c	Thu Mar 16 17:06:34 2000
@@ -226,4 +226,20 @@
     ccp_allowoptions[0].mppe_stateless = ccp_wantoptions[0].mppe_stateless
= 0;
     return 1;
 }
+
+int
+require_mppe(char **argv)
+{
+    ccp_allowoptions[0].require_mppe = ccp_wantoptions[0].require_mppe = 1;
+    return 1;
+}
+
+int
+require_mppe_stateless(char **argv)
+{
+    ccp_allowoptions[0].require_mppe = ccp_wantoptions[0].require_mppe = 1;
+    ccp_allowoptions[0].require_mppe_stateless =
ccp_wantoptions[0].require_mppe_stateless = 1;
+    return 1;
+}
+
 #endif /* MPPE */
diff -ur ppp-2.3.11/pppd/mppe.h ppp-2.3.11.mppe/pppd/mppe.h
--- ppp-2.3.11/pppd/mppe.h	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/mppe.h	Thu Mar 16 16:25:00 2000
@@ -51,6 +51,8 @@
 int setnomppe_128(char **);
 int setmppe_stateless(char **);
 int setnomppe_stateless(char **);
+int require_mppe(char **);
+int require_mppe_stateless(char **);

 #define __MPPE_INCLUDE__
 #endif /* __MPPE_INCLUDE__ */
------------------------ cut here -----------------------------------




From P.J.Reid at earthling.net  Tue Mar 21 12:15:36 2000
From: P.J.Reid at earthling.net (Patrick Reid)
Date: Tue Mar 21 12:15:36 2000
Subject: [pptp-server] Semi-advanced Routing
In-Reply-To: <98704E261F1C1B12852568A9005190D9.0000000000000000@omasko>
Message-ID: <NBBBIEENKKBNLBCJKFNHKEMJECAA.P.J.Reid@earthling.net>

Try using Connection Manager instead of DUN: the CMAK comes with the
Internet Explorer Administration Kit: free from Microsoft.com.

You can add any programs to run at almost any time during the connection
process. It should do the trick.

Patrick Reid - mailto:PReid at candesco.com
Candesco Research Corp.
Communication Centre: <http://www.mirabilis.com/1052176>


-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Thomas Koschate
Sent: March 21, 2000 11:03 AM
To: PoPToP mailing list
Subject: [pptp-server] Semi-advanced Routing


I've almost gotten everything in our VPN setup working, with just a couple
of minor things to smooth out that I hope someone can advise me on.  At
present, I have two private networks (172.16.0.0/24 and 192.168.10.0/24)
connected via a tunnel.  The routing and permissions on each network are
set up such at all machines on each network can see each other.  The
gateway box 192.168.10.254 is set up as a PPTPD server, and users from the
outside world can use PPTP to connect to the 192.168.10.0/24 network and
see all the machines on the net.  If they _manually_ add an appropriate
route ("route add 172.16.0.0 mask 255.255.255.0 192.168.10.254"), they can
also access the 172.16.0.0/24 network.

The question is, is there a way of assigning that route as part of the PPTP
login?  I'd rather not have those Windoze users have to do anything too
complex, particularly since there will ultimately be a third private
network involved, and I want them to be able to dial into any of the three
nets, just in case one of them is down.
=============================================================
Thomas Koschate
koschate at bigfoot.com

For PGP Key, see
http://keys.pgp.com:11371/pks/lookup?op=get&search=0xF45280AD
=============================================================
"Here's a good trick: Get a job as a judge at the Olympics. Then, if some
guy sets a world record, pretend that you didn't see it and go, "Okay, is
everybody ready to start now?""

     Jack Handey, Deep Thoughts from Saturday Night Live


_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulte.org!




From boris at microtrader.com  Tue Mar 21 13:13:36 2000
From: boris at microtrader.com (Boris Reisig)
Date: Tue Mar 21 13:13:36 2000
Subject: [pptp-server] *Help* Cannot see Network Neighborhood **
Message-ID: <001201bf9369$7245f620$0c01a8c0@private.com>

ok, I really need help with this problem. I am running RedHat 6.1 and upgraded my kernel to 2.2.14. I also downloaded the 2.2.14 IP masq patch and applied it into the kernel and recomplied it. Heres what I want to do. I have my PPTP-Server running at home on my cablemodem [24.66.46.243 for example]. I also have SAMBA setup as a WINS server and I can see it on my home lan when browsing my other computers. I setup in my /etc/ppp/options the MS-WINS setting for my cablemdm ip and as the PPP ip [192.168.0.1 just in case]. In PPTPD, I setup the local ip network as 192.168.0.1 and the REMOTE ip's are 192.168.0.2-243. I setup IP forwarding to [ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0] so that it can use access the internet thru the vpn. I just use it for fun]. 
At work, We have a cablemodem[24.66.52.216] behind our RedHat Firewall [2.2.14 + ip masq kernel patch] which is connected to our lan. The RedHat Firewall has a DHCP server which gives out the 10.0.0.x address to everyone and has ip masqing/forwarding to share the internet for everyone. I have a Windows '98 SE client behind the firewall [10.0.0.56] and I connect to my VPN cable ip [24.66.46.243]. Poof, it connects. I do a winipcfg and I look at my wins setting for my VPN..It says both the PPTPD Server cablemdm IP and 192.168.0.1. I can ping both the PPTPD cablemodem IP and the remote 192.168.0.1 address. What I can't see is ANYONE in the network neighborhood. Is their some IP Chains command I also have to add on the RedHat server at work to forward GRE and 1723 to the 10.0.0.56 address? I would assume that if the VPN conencted that both ends work? If its some IPCHains/IPFWD/ipmasqadm command, What would I exactly have to type? The strange thing is that if I use a Pure dialup account on a different machine[not connected to any network] and the VPN it to my PPTPD server, I can see my HOME network computers. What am I doign wrong with the work network firewall? I need some help and examples with this.


Boris Reisig
boris at microtrader.mb.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000321/c907050f/attachment.html>

From boris at microtrader.com  Tue Mar 21 14:26:01 2000
From: boris at microtrader.com (Boris Reisig)
Date: Tue Mar 21 14:26:01 2000
Subject: [pptp-server] *GRE and CTRL error?? *
Message-ID: <000c01bf9373$91668380$0c01a8c0@private.com>

What does this mean? I have PPTPD 1.1.1 installed. Is this a serious error? I still connect to the VPN properly.

Mar 21 14:08:33 users pppd[135]: Cannot determine ethernet address for proxy ARP
Mar 21 14:09:32 users pptpd[134]: GRE: read error: Bad file descriptor
Mar 21 14:09:32 users pptpd[134]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000321/7dfa9312/attachment.html>

From chris at pds2k.com  Tue Mar 21 14:27:31 2000
From: chris at pds2k.com (Christopher Tarricone)
Date: Tue Mar 21 14:27:31 2000
Subject: [pptp-server] Has anyone seen this error?
Message-ID: <38D7932F.1BE6@pds2k.com>

Mar 21 15:18:23 chaos pptpd[3837]: CTRL: Client 63.89.28.221 control
connection started
Mar 21 15:18:23 chaos pptpd[3837]: CTRL: Starting call (launching pppd,
opening GRE)
Mar 21 15:18:24 chaos pppd[3838]: The remote system is required to
authenticate itself but I
Mar 21 15:18:24 chaos pppd[3838]: couldn't find any suitable secret
(password) for it to use to do so.
Mar 21 15:18:24 chaos pptpd[3837]: GRE:
read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error =
Input/output error
Mar 21 15:18:24 chaos pptpd[3837]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
Mar 21 15:18:24 chaos pptpd[3837]: CTRL: Client 63.89.28.221 control
connection finished



From boris at microtrader.com  Tue Mar 21 14:42:11 2000
From: boris at microtrader.com (Boris Reisig)
Date: Tue Mar 21 14:42:11 2000
Subject: [pptp-server] ** Share not Found **
Message-ID: <001801bf9375$cf091980$0c01a8c0@boris>

Im have a STRANGE problem. I have SAMA installed as a WINS server and am connected remotely. I can see my REMOTE computers in my network neighborhood and if I click on them, [Any of the remote ones], I keep getting a " \\homelinuxbox is not accessible. The Computer or sharename could not be found. Make sure you typed it correctly, and try again." I am using Win98 SE.

Boris Reisig
boris at Microtrader.mb.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000321/be4cf776/attachment.html>

From neale at lowendale.com.au  Tue Mar 21 16:36:56 2000
From: neale at lowendale.com.au (Neale Banks)
Date: Tue Mar 21 16:36:56 2000
Subject: [pptp-server] Has anyone seen this error?
In-Reply-To: <38D7932F.1BE6@pds2k.com>
Message-ID: <Pine.LNX.4.05.10003220938210.6448-100000@marina.lowendale.com.au>

On Tue, 21 Mar 2000, Christopher Tarricone wrote:

> Mar 21 15:18:23 chaos pptpd[3837]: CTRL: Client 63.89.28.221 control
> connection started
> Mar 21 15:18:23 chaos pptpd[3837]: CTRL: Starting call (launching pppd,
> opening GRE)
> Mar 21 15:18:24 chaos pppd[3838]: The remote system is required to
> authenticate itself but I
> Mar 21 15:18:24 chaos pppd[3838]: couldn't find any suitable secret
> (password) for it to use to do so.
> Mar 21 15:18:24 chaos pptpd[3837]: GRE:
> read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error =
> Input/output error
> Mar 21 15:18:24 chaos pptpd[3837]: CTRL: PTY read or GRE write failed
> (pty,gre)=(4,5)
> Mar 21 15:18:24 chaos pptpd[3837]: CTRL: Client 63.89.28.221 control
> connection finished

You mean the "The remote system is required to authenticate itself but I
couldn't find any suitable secret (password) for it to use to do so." bit?

Looks like maybe the username the client is presenting can't be found in
the local chap-secrets.  If this is a MS-client calling, then a likely
cause is the client presenting DOMAIN\\name.

Altenatively, this may be pppd's way of saying that he *calling* side has
requested that the pptp server authenticate itself.  A common cause of
this is using the linux pptp client to call but *not* including the
"noauth" option for teh *calling* pppd.

Can you enable debugging in the pppd options and post the (possibly
sanitised) output?  We might get a better handle on what's up then.

Also, any hints available from the calling side?  Even an indication of
what is doing the calling would help.

HTH,
Neale.




From matthewr at moreton.com.au  Tue Mar 21 16:50:04 2000
From: matthewr at moreton.com.au (Matthew Ramsay)
Date: Tue Mar 21 16:50:04 2000
Subject: [pptp-server] Has anyone seen this error?
References: <38D7932F.1BE6@pds2k.com>
Message-ID: <00032208493202.01822@gibberling>

Yeah that error means you stuffed up your options/secrets files.
At the least in both files you should have:

options:
--------
name servername

chap-secrets:
-------------
username servername password *

-matt

On Wed, 22 Mar 2000, Christopher Tarricone wrote:
>Mar 21 15:18:23 chaos pptpd[3837]: CTRL: Client 63.89.28.221 control
>connection started
>Mar 21 15:18:23 chaos pptpd[3837]: CTRL: Starting call (launching pppd,
>opening GRE)
>Mar 21 15:18:24 chaos pppd[3838]: The remote system is required to
>authenticate itself but I
>Mar 21 15:18:24 chaos pppd[3838]: couldn't find any suitable secret
>(password) for it to use to do so.
>Mar 21 15:18:24 chaos pptpd[3837]: GRE:
>read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error =
>Input/output error
>Mar 21 15:18:24 chaos pptpd[3837]: CTRL: PTY read or GRE write failed
>(pty,gre)=(4,5)
>Mar 21 15:18:24 chaos pptpd[3837]: CTRL: Client 63.89.28.221 control
>connection finished
>
>_______________________________________________
>pptp-server maillist  -  pptp-server at lists.schulte.org
>http://lists.schulte.org/mailman/listinfo/pptp-server
>List services provided by www.schulte.org!
--
Matthew Ramsay
Moreton Bay



From don at lindner2k.com  Tue Mar 21 20:56:10 2000
From: don at lindner2k.com (Don Lindner)
Date: Tue Mar 21 20:56:10 2000
Subject: [pptp-server] Error with select() ?...
References: <Pine.LNX.4.10.10003161701590.9254-100000@armadillo.wink.com> <000b01bf9036$76b0df80$071c0fc0@lala.net>
Message-ID: <000f01bf93aa$26d85b60$0800000a@lindner2k.com>

Indeed, although I've specified address ranges in pptpd.conf, PoPToP was not
causing pppd to allocate the addr's. When I specify an addr in the win9x
config, it works just fine.

It needs a little tweaking, but is functional.

So, Kevin, thanks! Where do I send the $20 for pizza and beer?  :)

- Don

----- Original Message -----
From: "tmk" <tmk at netmagic.net>
To: <pptp-server at lists.schulte.org>
Sent: Friday, March 17, 2000 9:30 AM
Subject: Re: [pptp-server] Error with select() ?...


> yes it does, but the connection dies on the rejection of ip address
packets
> and the client never gets its new ip.. so i assume the problem lies in
that
> section of the configuration
>
> Kevin





From AoE at mailandnews.com  Tue Mar 21 22:55:56 2000
From: AoE at mailandnews.com (AoE at mailandnews.com)
Date: Tue Mar 21 22:55:56 2000
Subject: [pptp-server] PPTP VPN Help Connecting to Netware server
Message-ID: <000801bf93c3$9a8e8340$32e28e8b@itacs.to>

I was wondering if anybody out there could help me out... I've got my PPTP VPN connection working great from a Win98 machine
to a Linux box, I can see everybody on the network etc., however I can't seem to connect to my Netware server...  If anyone
has any suggestions it would be greatly appreciated...

My configuration is as follows:

Home PC -----> Firewall w/PPTPD ------ > Local Network
(Win98)               (RH Linux 6.1)             (Win98 Machines & Netware Server)

Any Help would be GREATLY appreciated....

Thanks in advance...




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000321/3c9fe565/attachment.html>

From koschate at bigfoot.com  Wed Mar 22 10:00:49 2000
From: koschate at bigfoot.com (Thomas Koschate)
Date: Wed Mar 22 10:00:49 2000
Subject: [pptp-server] Semi-advanced Routing
Message-ID: <6E0D2B3DA8771334852568AA00573762.0000000000000000@omasko>

On 2000-03-21 12:37:18, Scott M. Stone wrote:

>> The question is, is there a way of assigning that route as part of the 
PPTP 
>> login?  I'd rather not have those Windoze users have to do anything too 
>> complex, particularly since there will ultimately be a third private 
>> network involved, and I want them to be able to dial into any of the 
three 
>> nets, just in case one of them is down.
>
>make sure the win95 clients have 'use default gateway on remote network'
>checked in the dialup networking settings and it should work
>automatically.  Make sure that you're using proxyARP on the pptpd server,
>though, or the 172.16.0.0/24 machines won't have a route back.

Thanks for the hint.  This works fine on my NT4 laptop, but does have one 
unfortunate side effect:  The laptop loses contact with the rest of the 
internet.  The route that is set up pulls everything into the PPTP 
interface.  I have no problem with the concept of internet traffic then 
going through the server firewall again (although it does seem a little 
redundant!), but the routing doesn't seem to be happening.  I thought it 
might be an issue of ipchains rules, so I manually set some appropriate 
rules, but this doesn't seem to have cured the issue.
=============================================================
Thomas Koschate
koschate at bigfoot.com

For PGP Key, see
http://keys.pgp.com:11371/pks/lookup?op=get&search=0xF45280AD
=============================================================
"A committee is a cul-de-sac down which ideas are lured and then quietly 
strangled."

     Sir Barnett Cocks




From charlesb at summerfieldtechnology.co.uk  Wed Mar 22 16:27:14 2000
From: charlesb at summerfieldtechnology.co.uk (Charles Blackburn)
Date: Wed Mar 22 16:27:14 2000
Subject: [pptp-server] Has anyone seen this error?
In-Reply-To: <38D7932F.1BE6@pds2k.com>
Message-ID: <Pine.LNX.4.10.10003222212550.24871-100000@local-gateway.summerfieldtechnology.co.uk>

On Tue, 21 Mar 2000, Christopher Tarricone wrote:
> authenticate itself but I
> Mar 21 15:18:24 chaos pppd[3838]: couldn't find any suitable secret
> (password) for it to use to do so.
> Mar 21 15:18:24 chaos pptpd[3837]: GRE:
> read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error =
> Input/output error
> Mar 21 15:18:24 chaos pptpd[3837]: CTRL: PTY read or GRE write failed
> (pty,gre)=(4,5)
> Mar 21 15:18:24 chaos pptpd[3837]: CTRL: Client 63.89.28.221 control
> connection finished

Yes, I've been getting the same thing, check cap-secrets, check the win98
settings. I've managed to get around it by bypassing the authentication by
addid a noauth to /etc/ppp/options file instead of the auth line that is
reccommended.

I haven't found another way around it.

 -- 
Charles Blackburn -=- Remove NOSPAM to email a reply.
Summerfield Technology Limited - SuSE Linux Reseller & Birmingham L.U.G sponsor
charlesb at NOSPAMsummerfieldtechnology.co.uk 
BLUG at NOSPAMsummerfieldtechnology.co.uk
 10:12pm  up 7 days,  5:35,  1 user,  load average: 0.05, 0.05, 0.03




From dxf at dewittross.com  Wed Mar 22 16:41:34 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Wed Mar 22 16:41:34 2000
Subject: [pptp-server] unrecognized option '+chapms'
Message-ID: <38D94C8F.1A7C5D5A@dewittross.com>

Does anyone know why I would get this error when I try to make a
connection?  

I compiled the ppp2.3.10 with the ppp-2.3.10-openssl-norc4-mppe.patch
successfully and rebuilt my modules successfully.  But when I have the
+chapms in the /etc/ppp/options file I get this error upon trying to
initiate a connection: pppd: In file /etc/ppp/options: unrecognized
option '+chapms' 

I have double-checked that my /usr/sbin/pppd file is the version that I
just compiled.

Any help would be very much appreciated.

Thanks

-- 
Daniell Freed
Computer Services
Dewitt, Ross, & Stevens

He who fights with monsters might take care 
lest he thereby become a monster. 
And if you gaze for long into an abyss, 
the abyss gazes also into you.

Beyond Good and Evil
Friedrich Wilhelm Nietzche



From Steve.Cowles at gte.net  Wed Mar 22 18:05:26 2000
From: Steve.Cowles at gte.net (Cowles, Steve)
Date: Wed Mar 22 18:05:26 2000
Subject: [pptp-server] Has anyone seen this error?
Message-ID: <31361954B2ADD2118B0900A0C90AFC3E2206@defiant.dsl.gtei.net>

> -----Original Message-----
> From: Charles Blackburn [mailto:charlesb at summerfieldtechnology.co.uk]
> Sent: Wednesday, March 22, 2000 4:14 PM
> To: Christopher Tarricone
> Cc: PPTP Mailling List
> Subject: Re: [pptp-server] Has anyone seen this error?
> 
> 
> On Tue, 21 Mar 2000, Christopher Tarricone wrote:
> > authenticate itself but I
> > Mar 21 15:18:24 chaos pppd[3838]: couldn't find any suitable secret
> > (password) for it to use to do so.
> > Mar 21 15:18:24 chaos pptpd[3837]: GRE:
> > read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status 
> = -1 error =
> > Input/output error
> > Mar 21 15:18:24 chaos pptpd[3837]: CTRL: PTY read or GRE 
> write failed
> > (pty,gre)=(4,5)
> > Mar 21 15:18:24 chaos pptpd[3837]: CTRL: Client 63.89.28.221 control
> > connection finished
> 
> Yes, I've been getting the same thing, check cap-secrets, 
> check the win98
> settings. I've managed to get around it by bypassing the 
> authentication by
> addid a noauth to /etc/ppp/options file instead of the auth 
> line that is
> reccommended.
> 
> I haven't found another way around it.
> 

I had the same problem, initially... It ended up being a configuration
problem at the Poptop/pppd server.

First, you should not have to put the Poptop/pppd server in "noauth" mode.
The server at least needs to authenticate who is trying to connect to it. 

FWIW: The pptp clients running (win98/WinNT/2000) OS's all operate in
"noauth" mode. If your using the linux pptp client... it's /etc/ppp/options
file will need to be set to "noauth" mode. The same mode that Win98/NT/2000
clients are operating in.

For Refernece: My PopTop server has the following chap-secrets/options file.
I have tested this for Win98/NT/2000 Workstation and the linux pptp clients.

->>>> /etc/ppp/otions (server side)<<<<-
lock
auth
name voyager
ms-dns 192.168.9.3
ms-dns 192.168.9.2
ms-wins 192.168.9.2
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
proxyarp

->>>> /etc/ppp/chap-secrets (server side)<<<<-
scowles  * password *
COWLES\\scowles  * password *

I include both username and MS_DOMAIN\\username entries for the MS clients
that have the "Use my Windows Login Name and password (and Domain if
supplied)" selected in their dialup profile. Especially for NT/2000 based
clients that normally authenticate to MS Domains when connected to a LAN.
(Like a Laptop) 

Steve Cowles



From mikea at maketi.com  Wed Mar 22 23:16:30 2000
From: mikea at maketi.com (Michael Armstrong)
Date: Wed Mar 22 23:16:30 2000
Subject: [Fwd: [pptp-server] NT compression revisited]
Message-ID: <38D9A8D9.FEB0B2E@maketi.com>

Concerning my original post of  3/15 which said that I couldn't connect
to PoPToP server on RH6.1 from an NT client running encryption.  I was
able to get it to work by adding the following to /etc/ppp/options.

mppe-stateless

This has a good and a bad side.

Good: It works.
Bad: Key negotiation every packet kills performance.

Does anyone have any idea why running stateless would work with
NT/encrypted client and not when running non-stateless?  Is this a
feature or a bug?

Assuming there is no way around this, is there any way to cut down the
number of renegotiations?

Any advice would be greatly appreciated.

TIA,
Mike Armstrong
-------------- next part --------------
An embedded message was scrubbed...
From: Michael Armstrong <mikea at maketi.com>
Subject: [pptp-server] NT compression revisited
Date: Wed, 15 Mar 2000 19:24:47 -0800
Size: 16696
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000322/2634e0f5/attachment.mht>

From yk at icm.dn.ua  Thu Mar 23 03:50:02 2000
From: yk at icm.dn.ua (Yury Yaroshevsky)
Date: Thu Mar 23 03:50:02 2000
Subject: [pptp-server] pptpd under FreeBSD ...
Message-ID: <20000323114952.F540@icm.dn.ua>

Hi!

I'm try use poptop port of pptpd for FreeBSD.

My configuration files:

/etc/ppp/ppp.conf

pptp:
 set speed sync
 set log Phase Chat LCP IPCP CCP tun command
 set dns 194.44.183.8 194.44.183.6
 accept dns

/usr/local/etc/pptpd.conf:

option /etc/ppp/options.pptp
localip 192.168.1.1
remoteip 192.168.1.2-255
listen 192.168.2.1

/etc/ppp/options.pptp:

debug
name server
auth
require-chap
proxyarp


After try of connect to pptp server I'm receive:

Mar 21 15:03:49 server ppp[49682]: tun0: LCP:  MAGICNUM[6] 0x153dcea0
Mar 21 15:03:50 server ppp[49682]: tun0: Phase: Unknown protocol 0x7eff (unrecog
nised protocol)
Mar 21 15:03:50 server ppp[49682]: tun0: LCP: deflink: SendProtocolRej(1) state
= Req-Sent
Mar 21 15:03:51 server ppp[49682]: tun0: Phase: Unknown protocol 0x7eff (unrecog
nised protocol)
Mar 21 15:03:51 server ppp[49682]: tun0: LCP: deflink: SendProtocolRej(1) state
= Req-Sent



Can anyone help me with solution of this problem ?



From mm at lunetix.de  Thu Mar 23 07:15:45 2000
From: mm at lunetix.de (Martin Mueller)
Date: Thu Mar 23 07:15:45 2000
Subject: [pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)
In-Reply-To: <s5gya7g6use.fsf@snidely.curl.com>; from patl@cag.lcs.mit.edu on Sat, Mar 18, 2000 at 12:40:49PM -0500
References: <008101bf8f45$23cf8060$010010ac@crypto.net> <NBBBIEENKKBNLBCJKFNHMEJIECAA.P.J.Reid@earthling.net> <20000316181129.D27532@cicero.werkleitz.de> <s5gog8c8fzf.fsf@snidely.curl.com> <20000318181311.A27633@cicero.werkleitz.de> <s5gya7g6use.fsf@snidely.curl.com>
Message-ID: <20000323141556.M27633@cicero.werkleitz.de>

On Sat, Mar 18, 2000 at 12:40:49PM -0500, Patrick J. LoPresti wrote:
> Martin Mueller <mm at lunetix.de> writes:
> 
> > Which should close the connection on the closing of the CCP.
> > 
> > Correct me if I?m wrong.
> 
> I believe you are wrong, although I am not enough of a pppd expert to
> be sure.  My reasoning follows.
> 
> Open up ppp-2.3.11/pppd/ccp.c and follow along...
> 
> Find the call to ccp_fatal_error().  This returns true when a fatal
> error has occurred.  If so, we log a message and call ccp_close().
> 
> Now look at ccp_close().  It does something very similar to
> ccp_protrej(), which is the function you have changed to terminate the
> connection when CCP negotiation fails.  I believe you need to make a
> similar change to ccp_close(), and possibly to ccp_down() as well (to
> be completely safe).
> 
> Now you can correct me if *I* am wrong :-).

Nope, I think you?re right. I have attached a patch which ads the
check also to ccp_close. Hope this enough. Any futher hints welcome.

bye
   MM
   
PGP-RSA key available from:
http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de
-------------- next part --------------
diff -ur --new-file ppp-2.3.11/pppd/ccp.c ppp-2.3.11.mppe/pppd/ccp.c
--- ppp-2.3.11/pppd/ccp.c	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/ccp.c	Tue Mar 21 11:52:53 2000
@@ -37,6 +37,7 @@
 #include "mppe.h"
 #endif
 #include <net/ppp-comp.h>
+#include "lcp.h"
 
 static const char rcsid[] = RCSID;
 
@@ -103,6 +104,10 @@
       "Disallow stateless MPPE encryption" }, 
     { "-mppe-stateless", o_special_noarg, setnomppe_stateless,
       "Disallow stateless MPPE encryption" }, 
+    { "require-mppe", o_special_noarg, require_mppe,
+      "Require MPPE encryption" }, 
+    { "require-mppe-stateless", o_special_noarg, require_mppe,
+      "Require stateless MPPE encryption" }, 
 #endif
 
     { NULL }
@@ -357,6 +362,8 @@
 {
     ccp_flags_set(unit, 0, 0);
     fsm_close(&ccp_fsm[unit], reason);
+    if ( ccp_wantoptions[unit].require_mppe || ccp_wantoptions[unit].require_mppe_stateless )
+	lcp_close(unit,"Encryption got out of sync");
 }
 
 /*
@@ -450,6 +457,8 @@
 {
     ccp_flags_set(unit, 0, 0);
     fsm_lowerdown(&ccp_fsm[unit]);
+    if ( ccp_wantoptions[unit].require_mppe || ccp_wantoptions[unit].require_mppe_stateless )
+	lcp_close(unit,"Encryption negotiation rejected");
 }
 
 /*
@@ -1269,6 +1278,19 @@
 	    notice("%s receive compression enabled", method_name(go, NULL));
     } else if (ANY_COMPRESS(*ho))
 	notice("%s transmit compression enabled", method_name(ho, NULL));
+
+    if ( ccp_wantoptions[f->unit].require_mppe_stateless || ccp_wantoptions[f->unit].require_mppe ) {
+    	if ( (go->mppe_128 && ho->mppe_128) || (go->mppe_40 && ho->mppe_40 ) )
+    	    if ( ccp_wantoptions[f->unit].require_mppe_stateless )
+		if ( go->mppe_stateless && ho->mppe_stateless )
+	            notice("stateless MPPE enforced");
+	        else
+	            lcp_close(f->unit,"stateless encryption negotiation failed");
+	    else
+	        notice("stateless MPPE enforced");
+	else
+	    lcp_close(f->unit,"encryption negotiation failed");
+    }
 }
 
 /*
diff -ur --new-file ppp-2.3.11/pppd/ccp.h ppp-2.3.11.mppe/pppd/ccp.h
--- ppp-2.3.11/pppd/ccp.h	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/ccp.h	Thu Mar 16 16:25:50 2000
@@ -38,6 +38,8 @@
     bool mppe_40;		/* allow 40 bit encryption */
     bool mppe_128;		/* allow 128 bit encryption */
     bool mppe_stateless;	/* allow stateless encryption */
+    bool require_mppe;		/* force mppe encryption */
+    bool require_mppe_stateless;	/* force stateless encryption */
     u_short bsd_bits;		/* # bits/code for BSD Compress */
     u_short deflate_size;	/* lg(window size) for Deflate */
     short method;		/* code for chosen compression method */
diff -ur --new-file ppp-2.3.11/pppd/mppe.c ppp-2.3.11.mppe/pppd/mppe.c
--- ppp-2.3.11/pppd/mppe.c	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/mppe.c	Thu Mar 16 17:06:34 2000
@@ -226,4 +226,20 @@
     ccp_allowoptions[0].mppe_stateless = ccp_wantoptions[0].mppe_stateless = 0;
     return 1;
 }
+
+int
+require_mppe(char **argv)
+{
+    ccp_allowoptions[0].require_mppe = ccp_wantoptions[0].require_mppe = 1;
+    return 1;
+}
+
+int
+require_mppe_stateless(char **argv)
+{
+    ccp_allowoptions[0].require_mppe = ccp_wantoptions[0].require_mppe = 1;
+    ccp_allowoptions[0].require_mppe_stateless = ccp_wantoptions[0].require_mppe_stateless = 1;
+    return 1;
+}
+
 #endif /* MPPE */
diff -ur --new-file ppp-2.3.11/pppd/mppe.h ppp-2.3.11.mppe/pppd/mppe.h
--- ppp-2.3.11/pppd/mppe.h	Thu Mar 16 17:47:42 2000
+++ ppp-2.3.11.mppe/pppd/mppe.h	Thu Mar 16 16:25:00 2000
@@ -51,6 +51,8 @@
 int setnomppe_128(char **);
 int setmppe_stateless(char **);
 int setnomppe_stateless(char **);
+int require_mppe(char **);
+int require_mppe_stateless(char **);
 
 #define __MPPE_INCLUDE__
 #endif /* __MPPE_INCLUDE__ */

From dxf at dewittross.com  Thu Mar 23 13:42:16 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Thu Mar 23 13:42:16 2000
Subject: [pptp-server] unrecognized option '+chapms']
Message-ID: <38DA740E.678E8FC3@dewittross.com>

Thanks for replying.

My /etc/ppp/options file looks like this:
	lock
	debug
	auth
	+chap
	proxyarp
	+chapms  
	+chapms-v2
	mppe-40
	mppe-128
	mppe-stateless 

I did get this to work (the exact same options file) on another machine
with an older kernel (the machine it will not work on is using 2.2.14
and the machine it will work on is using 2.2.13).  I don't know if that
should matter or not.  If I don't get it working on the newer kernel
that isn't a big deal it was just a test machine.  The machine I plan to
run this on is the one that it works on.

While I don't get this error on that machine, I can't seem to bring up
an encrypted tunnel on it either.  The NT machine that I am using as a
client, when MS encryption is enabled on it, returns an error stating
that the server doesn't support encrytion.  An unencrypted tunnel works
fine though.

Any thoughts? 

Thanks again,

Dan


> Jandeep Kang wrote:
> 
> What is the option just above (a line above) this one? Is it bsdcomp
> or deflate?
> 
>           -----Original Message-----
>           From:   Daniell Freed [mailto:dxf at dewittross.com]
>           Sent:   Wednesday, March 22, 2000 5:43 PM
>           To:     pptp-server at lists.schulte.org
>           Subject:        [pptp-server] unrecognized option '+chapms'
> 
>           Does anyone know why I would get this error when I try to
>           make a
>           connection?
> 
>           I compiled the ppp2.3.10 with the
>           ppp-2.3.10-openssl-norc4-mppe.patch
>           successfully and rebuilt my modules successfully.  But when
>           I have the
>           +chapms in the /etc/ppp/options file I get this error upon
>           trying to
>           initiate a connection: pppd: In file /etc/ppp/options:
>           unrecognized
>           option '+chapms'
> 
>           I have double-checked that my /usr/sbin/pppd file is the
>           version that I
>           just compiled.
> 
>           Any help would be very much appreciated.
> 
>           Thanks
> 
>           --
>           Daniell Freed
>           Computer Services
>           Dewitt, Ross, & Stevens
> 
>           He who fights with monsters might take care
>           lest he thereby become a monster.
>           And if you gaze for long into an abyss,
>           the abyss gazes also into you.
> 
>           Beyond Good and Evil
>           Friedrich Wilhelm Nietzche
> 
>           _______________________________________________
>           pptp-server maillist  -  pptp-server at lists.schulte.org
>           http://lists.schulte.org/mailman/listinfo/pptp-server
>           List services provided by www.schulte.org!



From ivank at rcn.com  Fri Mar 24 01:37:33 2000
From: ivank at rcn.com (IvanK)
Date: Fri Mar 24 01:37:33 2000
Subject: [pptp-server] Domain Users List not available in Sharing
Message-ID: <38DB1B3A.A6620B1E@rcn.com>

Hi everyone.

First I wanna thank the poptop developrs for a great program!  I got it
to work almost the way I want it.  There are 2 little problems I have to
resolve.  I have a workaround for the first, but not the second.  Here
goes:

I have a linux box running samba and pptpd and I've set samba's security
to domain and I authenticate all logins agains an NT PDC.  This works. 
When I connect from a Win95 box, I can see all computers in Network
Neighborhood and I can go into their shares, mount them, etc.  This
works.  However, if I try to share something on my computer and click
the add users button (I've specified user-level access in the Network
Control Panel) I get a message that says the list of users is not
available.  I'm guessing that's a samba issue, but wanted to know if
anyone can give me ideas how to fix this.  This is minor, but I just
want to make sure that my users can share their local hard drives,
before I roll out the VPN access to home users.

Thanks,
Chepati.
-- 
In GNU/Linux We Trust!
http://www.linux.com
http://www.fsf.org



From ivank at rcn.com  Fri Mar 24 01:56:33 2000
From: ivank at rcn.com (IvanK)
Date: Fri Mar 24 01:56:33 2000
Subject: [pptp-server] Here's the URL for 128bit encryption for Win9x
Message-ID: <38DB1FAE.EDEC23F9@rcn.com>

Guys,

I apologize if this has been posted already, but since it took me quite
some time to find the 128bit encryption enabler for win95 I thought I'd
share so that other people have an easier time.

here's the URL:

http://support.microsoft.com/support/ntserver/128Downloads.asp

The last two entries in the drop-down menu are for Win98 and win95
128bit encryption.  I applied the win95 patch and then did tail -f
/var/log/messages before I tried to establish a pptp connection and saw
that 128bits were used.

Take care,
Chepati.

-- 
In GNU/Linux We Trust!
http://www.linux.com
http://www.fsf.org



From mm at lunetix.de  Fri Mar 24 06:05:06 2000
From: mm at lunetix.de (Martin Mueller)
Date: Fri Mar 24 06:05:06 2000
Subject: [pptp-server] Forcing encryption (was: Optimizing pppd for PPTP)]
Message-ID: <20000324130520.Q27633@cicero.werkleitz.de>

Hi,

On Thu, Mar 23, 2000 at 05:02:33PM -0800, Geoff Nordli wrote:
> I asked a friend of mine to take a look at some of the code, and this
> is what he has to offer:
> 
> 
> -----------
> *In the first chunk of the diff (with the options parse structures), he has
> the wrong function pointer set up for require-mppe-stateless.  Obviously it
> should point to require_mppe_stateless rather than require_mppe.
> 
> *In the fourth chunk of the diff, there are two instances of
> notice("stateless MPPE enforced").  In the second instance, this is not the
> true; MPPE has been enforced, but not necessarily stateless MPPE (although
> it still may have been successfully negotiated).  This may explain why he
> didn't notice the first error.
> -------------
> 
> Does this make sense to you.

He is definitly right. Tell him my thanks!

Since I don't want to bother the list with my bugs I have put up a
new patch to http://smop.de.

bye
   MM
   
PGP-RSA key available from:
http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de




From dxf at dewittross.com  Fri Mar 24 09:11:05 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Fri Mar 24 09:11:05 2000
Subject: [pptp-server] compilation errors with th MSCHAP install
References: <38D6B0CE.A569A133@dewittross.com> <005701bf9611$36c00eb0$010010ac@crypto.net> <001201bf954b$bcf32380$0200a8c0@mdsn1.wi.home.com> <00c201bf965b$fc390990$010010ac@crypto.net>
Message-ID: <38DB860C.267400@dewittross.com>

To add to this mystery I tried connecting to the pptp server from a
win98 machine using the most recent patch from MS for DUN4.0 and the
encryption worked just fine from there.  

Does anyone have any ideas why this might be?  I dug around for a patch
for NT of a similar nature to the DUN4.0 for 98, but I didn't see
anything.  I do have service pack 5 installed, maybe I need to reinstall
that (if I remember the order I did things, SP5 was installed on the
machine then I installed DUN, perhaps that is the problem).

Any input is welcome.

Dan

Emir Toktar wrote:
> 
> Hi, you give me any doubts.... I had already  installed poptop a few months
> ago
> and when I went to look  what version of the SSL I had installed it was a
> big surprise:
> "I didn't installed openssl-0.9.4 but the SSL-0.6.6b and after this
> openssl-0.9.1"
> 
> After this, I reinstall the ppp-2.3.10 and openssl-0.9.4 (not yet
> openssl-0.9.5) and
> now I have a bit problem too :-(
> My NT doens't support encryption option too .... AHHH!!!!!  I've applied
> sp6.0
> and sp6.0a 128 bits version.
> 
> Do you find any thing that fixes this. I'm going to travel today and go back
> in few days...
> If you find anything please send me.
> Ohhh, thanks for tips (openssl-0.9.4), now we have a problem  :-) just
> kidding
> 
> Thanks in advance
> 
> Emir Toktar
> 
> +55 2141 232-4570
> toktar at per.com.br
> emir.toktar at bra.xerox.com
> toktar at ppgia.pucpr.br
> 
> ----- Original Message -----
> From: Daniell Freed <dxf at dewittross.net>
> To: Emir Toktar <toktar at per.com.br>; Daniell Freed <dxf at dewittross.com>
> Sent: Friday, 24 March, 2000 1:45 AM
> Subject: Re: [pptp-server] compilation errors with th MSCHAP install
> 
> | Yes thanks for replying.  I did get it to work.  I looked a little closer
> at
> | the errors and relised I had stray * when I when to comment out the line
> in
> | the source.
> |
> | Thanks again.
> |
> | You wouldn't have any thoughts about the other post I made about the
> | encryption not working from an NT 4.0 client would you?  The tunnel works
> | fine, but when I enable encryption on the client side I get an error from
> NT
> | that the server doesn't support encryption.
> |
> | Any thoughts
> |
> | Thanks again
> |
> | Dan
> | ----- Original Message -----
> | From: "Emir Toktar" <toktar at per.com.br>
> | To: "Daniell Freed" <dxf at dewittross.com>
> | Sent: Friday, March 24, 2000 10:18 PM
> | Subject: Re: [pptp-server] compilation errors with th MSCHAP install
> |
> |
> | > Do you get it work?
> | >
> | > This a problem that occours when files couldn't find the  files in
> | > <openssl/xxxx> in compilation time...
> | >
> | > Bye
> | >
> | > Emir Toktar
> | >
> | > +55 2141 232-4570
> | > toktar at per.com.br
> | > emir.toktar at bra.xerox.com
> | > toktar at ppgia.pucpr.br
> | > ----- Original Message -----
> | > From: Daniell Freed <dxf at dewittross.com>
> | > To: <pptp-server at lists.schulte.org>
> | > Sent: Monday, 20 March, 2000 8:14 PM
> | > Subject: [pptp-server] compilation errors with th MSCHAP install
> | >
> | >
> | > |
> | > |
> | > | I am trying to compile the modules for MSCHAP authentication and am
> | > | getting several errors.  As per the RedHat PPTP HowTO, I was compiling
> | > | the madoules using the command: make modules SUBDIRS=drivers/net As
> | > | anyone seen this?  Below is the end of the output of the make, I
> wasn't
> | > | sure if it would help anyone.  I am running on a Mandrake 7.0 system,
> | > | does the module not work on this kernal version(2.2.14)?
> | > |
> | > | Thanks for any help.
> | > |
> | > |
> | > | sha1dgst.c: In function `SHA1_Final':
> | > | sha1dgst.c:316: parse error before `SHA_CTX'
> | > | sha1dgst.c:325: invalid type argument of `->'
> | > | sha1dgst.c:326: invalid type argument of `->'
> | > | sha1dgst.c:336: invalid type argument of `->'
> | > | sha1dgst.c:345: invalid type argument of `->'
> | > | sha1dgst.c:346: invalid type argument of `->'
> | > | sha1dgst.c:349: invalid type argument of `->'
> | > | sha1dgst.c:350: invalid type argument of `->'
> | > | sha1dgst.c:351: invalid type argument of `->'
> | > | sha1dgst.c:352: invalid type argument of `->'
> | > | sha1dgst.c:353: invalid type argument of `->'
> | > | sha1dgst.c:357: invalid type argument of `->'
> | > | sha1dgst.c:318: warning: `j' might be used uninitialized in this
> | > | function
> | > | sha1dgst.c:320: warning: `p' might be used uninitialized in this
> | > | function
> | > | sha1dgst.c: In function `GetNewKeyFromSHA':
> | > | sha1dgst.c:410: `SHA_CTX' undeclared (first use in this function)
> | > | sha1dgst.c:410: (Each undeclared identifier is reported only once
> | > | sha1dgst.c:410: for each function it appears in.)
> | > | sha1dgst.c:410: parse error before `Context'
> | > | sha1dgst.c:413: `Context' undeclared (first use in this function)
> | > | ppp_mppe.c: At top level:
> | > | sha1dgst.c:197: warning: `sha1_block' used but never defined
> | > | make[2]: *** [ppp_mppe.o] Error 1
> | > | make[2]: Leaving directory `/usr/src/linux-2.2.14/drivers/net'
> | > | make[1]: *** [_modsubdir_net] Error 2
> | > | make[1]: Leaving directory `/usr/src/linux-2.2.14/drivers'
> | > |
> | > |
> | > | --
> | > | Daniell Freed
> | > | Computer Services
> | > | Dewitt, Ross, & Stevens
> | > |
> | > | He who fights with monsters might take care
> | > | lest he thereby become a monster.
> | > | And if you gaze for long into an abyss,
> | > | the abyss gazes also into you.
> | > |
> | > | Beyond Good and Evil
> | > | Friedrich Wilhelm Nietzche
> | > |
> | > | _______________________________________________
> | > | pptp-server maillist  -  pptp-server at lists.schulte.org
> | > | http://lists.schulte.org/mailman/listinfo/pptp-server
> | > | List services provided by www.schulte.org!
> | > |
> | >
> | >
> |
> |



From sergio at omnitracs.com.mx  Fri Mar 24 11:21:20 2000
From: sergio at omnitracs.com.mx (Sergio Dominguez)
Date: Fri Mar 24 11:21:20 2000
Subject: [pptp-server] 128 Patches outside NorthAmerica.
References: <38DB1FAE.EDEC23F9@rcn.com>
Message-ID: <38DBA2A5.CCA451B7@omnitracs.com.mx>

 Hello:

  Is there **any way** to get those 128 bit patches outside USA or Canada?
  I saw that it could be done with some kind of direct agreement and
contract with MS.
  Is it posible? Have someone done it?
  ( I am asking this to the list rather than asking to the moron at MS
sales who does not
 even know what a bit is).

  By the way,  I am in Mexico.

IvanK wrote:

> Guys,
>
> I apologize if this has been posted already, but since it took me quite
> some time to find the 128bit encryption enabler for win95 I thought I'd
> share so that other people have an easier time.
>
> here's the URL:
>
> http://support.microsoft.com/support/ntserver/128Downloads.asp
>
> The last two entries in the drop-down menu are for Win98 and win95
> 128bit encryption.  I applied the win95 patch and then did tail -f
> /var/log/messages before I tried to establish a pptp connection and saw
> that 128bits were used.
>
> Take care,
> Chepati.
>
> --
> In GNU/Linux We Trust!
> http://www.linux.com
> http://www.fsf.org
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!




From SCody at Gulbrandsen.com  Fri Mar 24 13:10:38 2000
From: SCody at Gulbrandsen.com (Steve Cody)
Date: Fri Mar 24 13:10:38 2000
Subject: [pptp-server] closing linux PPTP client
Message-ID: <A505C3AEEAC0D2119F6800902745A52B45DEAE@obsc_pdc01.gulbrandsen.com>

Is there a graceful way to close the Linux PPTP client?  I have two networks
that are connected by two Linux systems, through the Internet, using PPTP.
When I need to close my Linux client, I don't have any graceful way, that I
can find, to shut the connection down.  I just have to kill the PPTP
session.  I am not doing something right, because I have to reboot the
client computer before I can make another PPTP connection.

Any help?

Thanks!

Steve Cody



From dxf at dewittross.com  Fri Mar 24 13:12:58 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Fri Mar 24 13:12:58 2000
Subject: [pptp-server] bringing pptp client down--safely
Message-ID: <38DBBEA6.D4524BA0@dewittross.com>

OK here is a crazy question.  How do you bring down a pptp client
safely?  I am using the linux pptp client on my machine and am able to
connect just fine to my pptp server.  

But I don't want to be connected all the time to the pptp server, so I
want to be able to bring the connection down.  I used ifconfig ppp0 down
to close the connection, but when I when to reastablish the connection a
few minutes later I couldn't.  I would get this error:

warn[open_unixsock:pptp_callmgr.c:308]: Call manager for 207.1.3.123 is
already running.
fatal[callmgr_main:pptp_callmgr.c:124]: Could not open unix socket for
207.1.3.123
fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256 

The only way I seemed to be able to get the connection working again
would be to reboot my machine and then bring up the connection.

Anyone know if there is an easier way?  I tried restarted networking but
that didn't help either.

Thanks

-- 
Daniell Freed
Computer Services
Dewitt, Ross, & Stevens

He who fights with monsters might take care 
lest he thereby become a monster. 
And if you gaze for long into an abyss, 
the abyss gazes also into you.

Beyond Good and Evil
Friedrich Wilhelm Nietzche



From natecars at real-time.com  Fri Mar 24 13:57:35 2000
From: natecars at real-time.com (Nate Carlson)
Date: Fri Mar 24 13:57:35 2000
Subject: [pptp-server] bringing pptp client down--safely
In-Reply-To: <38DBBEA6.D4524BA0@dewittross.com>
Message-ID: <Pine.LNX.4.10.10003241356420.2288-100000@enchanter.real-time.com>

On Fri, 24 Mar 2000, Daniell Freed wrote:

> OK here is a crazy question.  How do you bring down a pptp client
> safely?  I am using the linux pptp client on my machine and am able to
> connect just fine to my pptp server.  
> 
> But I don't want to be connected all the time to the pptp server, so I
> want to be able to bring the connection down.  I used ifconfig ppp0 down
> to close the connection, but when I when to reastablish the connection a
> few minutes later I couldn't.  I would get this error:
> 
> warn[open_unixsock:pptp_callmgr.c:308]: Call manager for 207.1.3.123 is
> already running.
> fatal[callmgr_main:pptp_callmgr.c:124]: Could not open unix socket for
> 207.1.3.123
> fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256 
> 
> The only way I seemed to be able to get the connection working again
> would be to reboot my machine and then bring up the connection.
> 
> Anyone know if there is an easier way?  I tried restarted networking but
> that didn't help either.
> 
> Thanks
>

I usually just kill the pptp process, which takes it down cleanly. Also,
if it comes down uncleanly, just rm -f /var/run/pptp/207.1.3.123, and
you'll be able to make another connection without rebooting.

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500




From dxf at dewittross.com  Fri Mar 24 14:48:53 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Fri Mar 24 14:48:53 2000
Subject: [pptp-server] bringing pptp client down--safely
References: <Pine.LNX.4.10.10003241356420.2288-100000@enchanter.real-time.com>
Message-ID: <38DBD522.57960D29@dewittross.com>

Thanks a bunch.  That did the trick

Dan

Nate Carlson wrote:
> 
> On Fri, 24 Mar 2000, Daniell Freed wrote:
> 
> > OK here is a crazy question.  How do you bring down a pptp client
> > safely?  I am using the linux pptp client on my machine and am able to
> > connect just fine to my pptp server.
> >
> > But I don't want to be connected all the time to the pptp server, so I
> > want to be able to bring the connection down.  I used ifconfig ppp0 down
> > to close the connection, but when I when to reastablish the connection a
> > few minutes later I couldn't.  I would get this error:
> >
> > warn[open_unixsock:pptp_callmgr.c:308]: Call manager for 207.1.3.123 is
> > already running.
> > fatal[callmgr_main:pptp_callmgr.c:124]: Could not open unix socket for
> > 207.1.3.123
> > fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256
> >
> > The only way I seemed to be able to get the connection working again
> > would be to reboot my machine and then bring up the connection.
> >
> > Anyone know if there is an easier way?  I tried restarted networking but
> > that didn't help either.
> >
> > Thanks
> >
> 
> I usually just kill the pptp process, which takes it down cleanly. Also,
> if it comes down uncleanly, just rm -f /var/run/pptp/207.1.3.123, and
> you'll be able to make another connection without rebooting.
> 
> --
> Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
> http://www.real-time.com                | Fax   : (612)943-8500



From dxf at dewittross.com  Fri Mar 24 14:51:22 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Fri Mar 24 14:51:22 2000
Subject: [pptp-server] bringing pptp client down--safely
References: <Pine.LNX.4.10.10003241356420.2288-100000@enchanter.real-time.com>
Message-ID: <38DBD5B8.D4C6ACB0@dewittross.com>

Thanks a bunch that did the trick

Dan

Nate Carlson wrote:
> 
> On Fri, 24 Mar 2000, Daniell Freed wrote:
> 
> > OK here is a crazy question.  How do you bring down a pptp client
> > safely?  I am using the linux pptp client on my machine and am able to
> > connect just fine to my pptp server.
> >
> > But I don't want to be connected all the time to the pptp server, so I
> > want to be able to bring the connection down.  I used ifconfig ppp0 down
> > to close the connection, but when I when to reastablish the connection a
> > few minutes later I couldn't.  I would get this error:
> >
> > warn[open_unixsock:pptp_callmgr.c:308]: Call manager for 207.1.3.123 is
> > already running.
> > fatal[callmgr_main:pptp_callmgr.c:124]: Could not open unix socket for
> > 207.1.3.123
> > fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256
> >
> > The only way I seemed to be able to get the connection working again
> > would be to reboot my machine and then bring up the connection.
> >
> > Anyone know if there is an easier way?  I tried restarted networking but
> > that didn't help either.
> >
> > Thanks
> >
> 
> I usually just kill the pptp process, which takes it down cleanly. Also,
> if it comes down uncleanly, just rm -f /var/run/pptp/207.1.3.123, and
> you'll be able to make another connection without rebooting.
> 
> --
> Nate Carlson <natecars at real-time.com>   | Phone : (612)943-8700
> http://www.real-time.com                | Fax   : (612)943-8500



From dxf at dewittross.com  Fri Mar 24 16:35:04 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Fri Mar 24 16:35:04 2000
Subject: [pptp-server] compilation errors with th MSCHAP install
References: <38D6B0CE.A569A133@dewittross.com> <005701bf9611$36c00eb0$010010ac@crypto.net> <001201bf954b$bcf32380$0200a8c0@mdsn1.wi.home.com> <00c201bf965b$fc390990$010010ac@crypto.net> <38DB860C.267400@dewittross.com>
Message-ID: <38DBEE06.6A78B9E6@dewittross.com>

I got the NT machine to work, with 128 bit encryption!

What I needed to do was reinstall SP5 after I had installed Dial-up
networking.  Once this was done everything worked just fine.

Thanks everyone for all your help.  I'm sure I will have more questions
as I play with setting up some users for home use.

Dan

Daniell Freed wrote:
> 
> To add to this mystery I tried connecting to the pptp server from a
> win98 machine using the most recent patch from MS for DUN4.0 and the
> encryption worked just fine from there.
> 
> Does anyone have any ideas why this might be?  I dug around for a patch
> for NT of a similar nature to the DUN4.0 for 98, but I didn't see
> anything.  I do have service pack 5 installed, maybe I need to reinstall
> that (if I remember the order I did things, SP5 was installed on the
> machine then I installed DUN, perhaps that is the problem).
> 
> Any input is welcome.
> 
> Dan
> 
> Emir Toktar wrote:
> >
> > Hi, you give me any doubts.... I had already  installed poptop a few months
> > ago
> > and when I went to look  what version of the SSL I had installed it was a
> > big surprise:
> > "I didn't installed openssl-0.9.4 but the SSL-0.6.6b and after this
> > openssl-0.9.1"
> >
> > After this, I reinstall the ppp-2.3.10 and openssl-0.9.4 (not yet
> > openssl-0.9.5) and
> > now I have a bit problem too :-(
> > My NT doens't support encryption option too .... AHHH!!!!!  I've applied
> > sp6.0
> > and sp6.0a 128 bits version.
> >
> > Do you find any thing that fixes this. I'm going to travel today and go back
> > in few days...
> > If you find anything please send me.
> > Ohhh, thanks for tips (openssl-0.9.4), now we have a problem  :-) just
> > kidding
> >
> > Thanks in advance
> >
> > Emir Toktar
> >
> > +55 2141 232-4570
> > toktar at per.com.br
> > emir.toktar at bra.xerox.com
> > toktar at ppgia.pucpr.br
> >
> > ----- Original Message -----
> > From: Daniell Freed <dxf at dewittross.net>
> > To: Emir Toktar <toktar at per.com.br>; Daniell Freed <dxf at dewittross.com>
> > Sent: Friday, 24 March, 2000 1:45 AM
> > Subject: Re: [pptp-server] compilation errors with th MSCHAP install
> >
> > | Yes thanks for replying.  I did get it to work.  I looked a little closer
> > at
> > | the errors and relised I had stray * when I when to comment out the line
> > in
> > | the source.
> > |
> > | Thanks again.
> > |
> > | You wouldn't have any thoughts about the other post I made about the
> > | encryption not working from an NT 4.0 client would you?  The tunnel works
> > | fine, but when I enable encryption on the client side I get an error from
> > NT
> > | that the server doesn't support encryption.
> > |
> > | Any thoughts
> > |
> > | Thanks again
> > |
> > | Dan
> > | ----- Original Message -----
> > | From: "Emir Toktar" <toktar at per.com.br>
> > | To: "Daniell Freed" <dxf at dewittross.com>
> > | Sent: Friday, March 24, 2000 10:18 PM
> > | Subject: Re: [pptp-server] compilation errors with th MSCHAP install
> > |
> > |
> > | > Do you get it work?
> > | >
> > | > This a problem that occours when files couldn't find the  files in
> > | > <openssl/xxxx> in compilation time...
> > | >
> > | > Bye
> > | >
> > | > Emir Toktar
> > | >
> > | > +55 2141 232-4570
> > | > toktar at per.com.br
> > | > emir.toktar at bra.xerox.com
> > | > toktar at ppgia.pucpr.br
> > | > ----- Original Message -----
> > | > From: Daniell Freed <dxf at dewittross.com>
> > | > To: <pptp-server at lists.schulte.org>
> > | > Sent: Monday, 20 March, 2000 8:14 PM
> > | > Subject: [pptp-server] compilation errors with th MSCHAP install
> > | >
> > | >
> > | > |
> > | > |
> > | > | I am trying to compile the modules for MSCHAP authentication and am
> > | > | getting several errors.  As per the RedHat PPTP HowTO, I was compiling
> > | > | the madoules using the command: make modules SUBDIRS=drivers/net As
> > | > | anyone seen this?  Below is the end of the output of the make, I
> > wasn't
> > | > | sure if it would help anyone.  I am running on a Mandrake 7.0 system,
> > | > | does the module not work on this kernal version(2.2.14)?
> > | > |
> > | > | Thanks for any help.
> > | > |
> > | > |
> > | > | sha1dgst.c: In function `SHA1_Final':
> > | > | sha1dgst.c:316: parse error before `SHA_CTX'
> > | > | sha1dgst.c:325: invalid type argument of `->'
> > | > | sha1dgst.c:326: invalid type argument of `->'
> > | > | sha1dgst.c:336: invalid type argument of `->'
> > | > | sha1dgst.c:345: invalid type argument of `->'
> > | > | sha1dgst.c:346: invalid type argument of `->'
> > | > | sha1dgst.c:349: invalid type argument of `->'
> > | > | sha1dgst.c:350: invalid type argument of `->'
> > | > | sha1dgst.c:351: invalid type argument of `->'
> > | > | sha1dgst.c:352: invalid type argument of `->'
> > | > | sha1dgst.c:353: invalid type argument of `->'
> > | > | sha1dgst.c:357: invalid type argument of `->'
> > | > | sha1dgst.c:318: warning: `j' might be used uninitialized in this
> > | > | function
> > | > | sha1dgst.c:320: warning: `p' might be used uninitialized in this
> > | > | function
> > | > | sha1dgst.c: In function `GetNewKeyFromSHA':
> > | > | sha1dgst.c:410: `SHA_CTX' undeclared (first use in this function)
> > | > | sha1dgst.c:410: (Each undeclared identifier is reported only once
> > | > | sha1dgst.c:410: for each function it appears in.)
> > | > | sha1dgst.c:410: parse error before `Context'
> > | > | sha1dgst.c:413: `Context' undeclared (first use in this function)
> > | > | ppp_mppe.c: At top level:
> > | > | sha1dgst.c:197: warning: `sha1_block' used but never defined
> > | > | make[2]: *** [ppp_mppe.o] Error 1
> > | > | make[2]: Leaving directory `/usr/src/linux-2.2.14/drivers/net'
> > | > | make[1]: *** [_modsubdir_net] Error 2
> > | > | make[1]: Leaving directory `/usr/src/linux-2.2.14/drivers'
> > | > |
> > | > |
> > | > | --
> > | > | Daniell Freed
> > | > | Computer Services
> > | > | Dewitt, Ross, & Stevens
> > | > |
> > | > | He who fights with monsters might take care
> > | > | lest he thereby become a monster.
> > | > | And if you gaze for long into an abyss,
> > | > | the abyss gazes also into you.
> > | > |
> > | > | Beyond Good and Evil
> > | > | Friedrich Wilhelm Nietzche
> > | > |
> > | > | _______________________________________________
> > | > | pptp-server maillist  -  pptp-server at lists.schulte.org
> > | > | http://lists.schulte.org/mailman/listinfo/pptp-server
> > | > | List services provided by www.schulte.org!
> > | > |
> > | >
> > | >
> > |
> > |
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!



From toktar at per.com.br  Sun Mar 26 20:12:25 2000
From: toktar at per.com.br (Emir Toktar)
Date: Sun Mar 26 20:12:25 2000
Subject: [pptp-server] 128 Patches outside NorthAmerica.
References: <38DB1FAE.EDEC23F9@rcn.com> <38DBA2A5.CCA451B7@omnitracs.com.mx>
Message-ID: <002901bf985b$21597560$010010ac@crypto.net>

I got from ZDNet the SP6.0 128 bits and Netscape Communicator last year.
Sorry but I can't remember the URL. (without MS)

Emir Toktar

+55 2141 232-4570
toktar at per.com.br
emir.toktar at bra.xerox.com
toktar at ppgia.pucpr.br

----- Original Message -----
From: Sergio Dominguez <sergio at omnitracs.com.mx>
To: Lista PPTP <pptp-server at lists.schulte.org>
Sent: Friday, 24 March, 2000 2:15 PM
Subject: [pptp-server] 128 Patches outside NorthAmerica.


| Hello:
|
|   Is there **any way** to get those 128 bit patches outside USA or Canada?
|   I saw that it could be done with some kind of direct agreement and
| contract with MS.
|   Is it posible? Have someone done it?
|   ( I am asking this to the list rather than asking to the moron at MS
| sales who does not
|  even know what a bit is).
|
|   By the way,  I am in Mexico.
|
| IvanK wrote:
|
| > Guys,
| >
| > I apologize if this has been posted already, but since it took me quite
| > some time to find the 128bit encryption enabler for win95 I thought I'd
| > share so that other people have an easier time.
| >
| > here's the URL:
| >
| > http://support.microsoft.com/support/ntserver/128Downloads.asp
| >
| > The last two entries in the drop-down menu are for Win98 and win95
| > 128bit encryption.  I applied the win95 patch and then did tail -f
| > /var/log/messages before I tried to establish a pptp connection and saw
| > that 128bits were used.
| >
| > Take care,
| > Chepati.
| >
| > --
| > In GNU/Linux We Trust!
| > http://www.linux.com
| > http://www.fsf.org
| >
| > _______________________________________________
| > pptp-server maillist  -  pptp-server at lists.schulte.org
| > http://lists.schulte.org/mailman/listinfo/pptp-server
| > List services provided by www.schulte.org!
|
|
| _______________________________________________
| pptp-server maillist  -  pptp-server at lists.schulte.org
| http://lists.schulte.org/mailman/listinfo/pptp-server
| List services provided by www.schulte.org!
|




From toktar at per.com.br  Sun Mar 26 20:21:26 2000
From: toktar at per.com.br (Emir Toktar)
Date: Sun Mar 26 20:21:26 2000
Subject: [pptp-server] compilation errors with th MSCHAP install
References: <38D6B0CE.A569A133@dewittross.com> <005701bf9611$36c00eb0$010010ac@crypto.net> <001201bf954b$bcf32380$0200a8c0@mdsn1.wi.home.com> <00c201bf965b$fc390990$010010ac@crypto.net> <38DB860C.267400@dewittross.com> <38DBEE06.6A78B9E6@dewittross.com>
Message-ID: <003d01bf985c$1d45cc70$010010ac@crypto.net>

Thanks for the TIPs. I will try more later.
Other thing, I saw an article about 128-Bit RAS Client is Authenticated but
Cannot Use Resources on the Network and applies to NT Server and Workstation
4.0 with SP5.0. See more information in question : Q152734. The solution was
applied SP6.0.

Emir Toktar

+55 2141 232-4570
toktar at per.com.br
emir.toktar at bra.xerox.com
toktar at ppgia.pucpr.br


----- Original Message -----
From: Daniell Freed <dxf at dewittross.com>
To: Emir Toktar <toktar at per.com.br>; <pptp-server at lists.schulte.org>
Sent: Friday, 24 March, 2000 7:36 PM
Subject: Re: [pptp-server] compilation errors with th MSCHAP install


| I got the NT machine to work, with 128 bit encryption!
|
| What I needed to do was reinstall SP5 after I had installed Dial-up
| networking.  Once this was done everything worked just fine.
|
| Thanks everyone for all your help.  I'm sure I will have more questions
| as I play with setting up some users for home use.
|
| Dan
|
| Daniell Freed wrote:
| >
| > To add to this mystery I tried connecting to the pptp server from a
| > win98 machine using the most recent patch from MS for DUN4.0 and the
| > encryption worked just fine from there.
| >
| > Does anyone have any ideas why this might be?  I dug around for a patch
| > for NT of a similar nature to the DUN4.0 for 98, but I didn't see
| > anything.  I do have service pack 5 installed, maybe I need to reinstall
| > that (if I remember the order I did things, SP5 was installed on the
| > machine then I installed DUN, perhaps that is the problem).
| >
| > Any input is welcome.
| >
| > Dan
| >
| > Emir Toktar wrote:
| > >
| > > Hi, you give me any doubts.... I had already  installed poptop a few
months
| > > ago
| > > and when I went to look  what version of the SSL I had installed it
was a
| > > big surprise:
| > > "I didn't installed openssl-0.9.4 but the SSL-0.6.6b and after this
| > > openssl-0.9.1"
| > >
| > > After this, I reinstall the ppp-2.3.10 and openssl-0.9.4 (not yet
| > > openssl-0.9.5) and
| > > now I have a bit problem too :-(
| > > My NT doens't support encryption option too .... AHHH!!!!!  I've
applied
| > > sp6.0
| > > and sp6.0a 128 bits version.
| > >
| > > Do you find any thing that fixes this. I'm going to travel today and
go back
| > > in few days...
| > > If you find anything please send me.
| > > Ohhh, thanks for tips (openssl-0.9.4), now we have a problem  :-) just
| > > kidding
| > >
| > > Thanks in advance
| > >
| > > Emir Toktar
| > >
| > > +55 2141 232-4570
| > > toktar at per.com.br
| > > emir.toktar at bra.xerox.com
| > > toktar at ppgia.pucpr.br
| > >
| > > ----- Original Message -----
| > > From: Daniell Freed <dxf at dewittross.net>
| > > To: Emir Toktar <toktar at per.com.br>; Daniell Freed
<dxf at dewittross.com>
| > > Sent: Friday, 24 March, 2000 1:45 AM
| > > Subject: Re: [pptp-server] compilation errors with th MSCHAP install
| > >
| > > | Yes thanks for replying.  I did get it to work.  I looked a little
closer
| > > at
| > > | the errors and relised I had stray * when I when to comment out the
line
| > > in
| > > | the source.
| > > |
| > > | Thanks again.
| > > |
| > > | You wouldn't have any thoughts about the other post I made about the
| > > | encryption not working from an NT 4.0 client would you?  The tunnel
works
| > > | fine, but when I enable encryption on the client side I get an error
from
| > > NT
| > > | that the server doesn't support encryption.
| > > |
| > > | Any thoughts
| > > |
| > > | Thanks again
| > > |
| > > | Dan
| > > | ----- Original Message -----
| > > | From: "Emir Toktar" <toktar at per.com.br>
| > > | To: "Daniell Freed" <dxf at dewittross.com>
| > > | Sent: Friday, March 24, 2000 10:18 PM
| > > | Subject: Re: [pptp-server] compilation errors with th MSCHAP install
| > > |
| > > |
| > > | > Do you get it work?
| > > | >
| > > | > This a problem that occours when files couldn't find the  files in
| > > | > <openssl/xxxx> in compilation time...
| > > | >
| > > | > Bye
| > > | >
| > > | > Emir Toktar
| > > | >
| > > | > +55 2141 232-4570
| > > | > toktar at per.com.br
| > > | > emir.toktar at bra.xerox.com
| > > | > toktar at ppgia.pucpr.br
| > > | > ----- Original Message -----
| > > | > From: Daniell Freed <dxf at dewittross.com>
| > > | > To: <pptp-server at lists.schulte.org>
| > > | > Sent: Monday, 20 March, 2000 8:14 PM
| > > | > Subject: [pptp-server] compilation errors with th MSCHAP install
| > > | >
| > > | >
| > > | > |
| > > | > |
| > > | > | I am trying to compile the modules for MSCHAP authentication and
am
| > > | > | getting several errors.  As per the RedHat PPTP HowTO, I was
compiling
| > > | > | the madoules using the command: make modules SUBDIRS=drivers/net
As
| > > | > | anyone seen this?  Below is the end of the output of the make, I
| > > wasn't
| > > | > | sure if it would help anyone.  I am running on a Mandrake 7.0
system,
| > > | > | does the module not work on this kernal version(2.2.14)?
| > > | > |
| > > | > | Thanks for any help.
| > > | > |
| > > | > |
| > > | > | sha1dgst.c: In function `SHA1_Final':
| > > | > | sha1dgst.c:316: parse error before `SHA_CTX'
| > > | > | sha1dgst.c:325: invalid type argument of `->'
| > > | > | sha1dgst.c:326: invalid type argument of `->'
| > > | > | sha1dgst.c:336: invalid type argument of `->'
| > > | > | sha1dgst.c:345: invalid type argument of `->'
| > > | > | sha1dgst.c:346: invalid type argument of `->'
| > > | > | sha1dgst.c:349: invalid type argument of `->'
| > > | > | sha1dgst.c:350: invalid type argument of `->'
| > > | > | sha1dgst.c:351: invalid type argument of `->'
| > > | > | sha1dgst.c:352: invalid type argument of `->'
| > > | > | sha1dgst.c:353: invalid type argument of `->'
| > > | > | sha1dgst.c:357: invalid type argument of `->'
| > > | > | sha1dgst.c:318: warning: `j' might be used uninitialized in this
| > > | > | function
| > > | > | sha1dgst.c:320: warning: `p' might be used uninitialized in this
| > > | > | function
| > > | > | sha1dgst.c: In function `GetNewKeyFromSHA':
| > > | > | sha1dgst.c:410: `SHA_CTX' undeclared (first use in this
function)
| > > | > | sha1dgst.c:410: (Each undeclared identifier is reported only
once
| > > | > | sha1dgst.c:410: for each function it appears in.)
| > > | > | sha1dgst.c:410: parse error before `Context'
| > > | > | sha1dgst.c:413: `Context' undeclared (first use in this
function)
| > > | > | ppp_mppe.c: At top level:
| > > | > | sha1dgst.c:197: warning: `sha1_block' used but never defined
| > > | > | make[2]: *** [ppp_mppe.o] Error 1
| > > | > | make[2]: Leaving directory `/usr/src/linux-2.2.14/drivers/net'
| > > | > | make[1]: *** [_modsubdir_net] Error 2
| > > | > | make[1]: Leaving directory `/usr/src/linux-2.2.14/drivers'
| > > | > |
| > > | > |
| > > | > | --
| > > | > | Daniell Freed
| > > | > | Computer Services
| > > | > | Dewitt, Ross, & Stevens
| > > | > |
| > > | > | He who fights with monsters might take care
| > > | > | lest he thereby become a monster.
| > > | > | And if you gaze for long into an abyss,
| > > | > | the abyss gazes also into you.
| > > | > |
| > > | > | Beyond Good and Evil
| > > | > | Friedrich Wilhelm Nietzche
| > > | > |
| > > | > | _______________________________________________
| > > | > | pptp-server maillist  -  pptp-server at lists.schulte.org
| > > | > | http://lists.schulte.org/mailman/listinfo/pptp-server
| > > | > | List services provided by www.schulte.org!
| > > | > |
| > > | >
| > > | >
| > > |
| > > |
| >
| > _______________________________________________
| > pptp-server maillist  -  pptp-server at lists.schulte.org
| > http://lists.schulte.org/mailman/listinfo/pptp-server
| > List services provided by www.schulte.org!
|
| _______________________________________________
| pptp-server maillist  -  pptp-server at lists.schulte.org
| http://lists.schulte.org/mailman/listinfo/pptp-server
| List services provided by www.schulte.org!
|
|




From geoff at gnaa.net  Sun Mar 26 21:46:26 2000
From: geoff at gnaa.net (Geoff Nordli)
Date: Sun Mar 26 21:46:26 2000
Subject: [pptp-server] problems with hangup on ppp-2.3.11
Message-ID: <000101bf979e$ffd688e0$0101a8c0@highwayi.com>

Hello everyone.  Has anyone had any problems with the
ppp-2.3.11 version not hanging up properly.

I am using RH 6.0, pptpd 1.0, I also added the require-mppe
patches, and using the ppp-2.3.11 MPPE patches from Australia
that already contains the mppe encryption.

Everything seems to work alright, until I hang up the
session.  Here is my log:

pptpd[7168]: CTRL: Starting call (launching pppd, opening GRE)
pppd[7169]: pppd 2.3.11 started by root, uid 0
pppd[7169]: Using interface ppp0
pppd[7169]: Connect: ppp0 <--> /dev/pts/2
pptpd[7168]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
pppd[7169]: MSCHAP-v2 peer authentication succeeded for JUPITER\\gnordli
pppd[7169]: MPPE 128 bit, stateless compression enabled
pppd[7169]: stateless MPPE enforced
pppd[7169]: found interface eth0 for proxy arp
pppd[7169]: local  IP address 192.168.1.200
pppd[7169]: remote IP address 192.168.1.201
pppd[7169]: Modem hangup
pptpd[7168]: CTRL: Error with select(), quitting
pptpd[7168]: CTRL: Client 192.168.1.1 control connection finished

This is what normally happens towards the end:

pptpd[7209]: CTRL: Error with select(), quitting
pptpd[7209]: CTRL: Client 24.67.135.78 control connection finished
pppd[7210]: Modem hangup
pppd[7210]: Connection terminated.
pppd[7210]: Connect time 0.2 minutes.
pppd[7210]: Sent 1098 bytes, received 1089 bytes.
pppd[7210]: Exit.

Notice that the Modem Hangup occurs before the "CTRL: Error ", this
is the opposite on the log that runs properly.

Other interesting things to note:

When I do a ps list I get this in my display:

root 7169  1.5  4.1  3204 2608 ? S 19:34 0:07 /usr/sbin/pppd lo
root 7201  0.0  0.0     0    0 ? Z 19:34 0:00 [ip-down <defunct

Which wants to make me believe that there is a problem with the
ip-down script.  Any ideas.

thanks,

Geoff Nordli



From MillsD at datametrics.co.uk  Mon Mar 27 01:27:06 2000
From: MillsD at datametrics.co.uk (Dave Mills)
Date: Mon Mar 27 01:27:06 2000
Subject: [pptp-server] Logfile Errors - openpty()
Message-ID: <A1040B4B81C3D311A23D00C0DFEE43AE07C922@lion.datametrics.co.uk>

Hi, 

I'm running pptpd on a FreeBSD 3.1 box, soon to be 3.4, and am getting
messages like the following :

Mar 24 14:41:49 DSCUSGW0 pptpd[12788]: CTRL: openpty() error
Mar 24 14:42:04 DSCUSGW0 pptpd[12797]: CTRL: openpty() error

In the syslog, any idea's??  it seem that users are having problems
connecting when this message appears.

Regards

Dave Mills 



From scott at rainyday.mb.ca  Mon Mar 27 05:34:25 2000
From: scott at rainyday.mb.ca (scott at rainyday.mb.ca)
Date: Mon Mar 27 05:34:25 2000
Subject: [pptp-server] Logfile Errors - openpty()
In-Reply-To: <A1040B4B81C3D311A23D00C0DFEE43AE07C922@lion.datametrics.co.uk>
Message-ID: <200003271134.FAA06367@penguin.rainyday.mb.ca>

I have the same problem with my Caldera 2.3 box.  I have not yet 
had a successful connection.  I've tried WinNT and 98 as clients.  I 
currently have someone working through the source to figure it out.  
I'll let you know if I get anywhere.

st



> Hi, 
> 
> I'm running pptpd on a FreeBSD 3.1 box, soon to be 3.4, and am getting
> messages like the following :
> 
> Mar 24 14:41:49 DSCUSGW0 pptpd[12788]: CTRL: openpty() error
> Mar 24 14:42:04 DSCUSGW0 pptpd[12797]: CTRL: openpty() error
> 
> In the syslog, any idea's??  it seem that users are having problems
> connecting when this message appears.
> 
> Regards
> 
> Dave Mills 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!


Scott Toderash
Rainy Day Software Corp.
Go Home!  See the new Winnipeg central station at http://home.rainyday.mb.ca



From vigov at com2com.ru  Mon Mar 27 08:27:49 2000
From: vigov at com2com.ru (vigov)
Date: Mon Mar 27 08:27:49 2000
Subject: [pptp-server] max connections in FBSD
Message-ID: <19773.000327@com2com.ru>

Does anybody know something about limits in FBSD
i have found this fot Linux, but i need in same for BSD.

For Linux
per-process filedescriptors
        - up until a few minutes ago, one per client (would limit clients
          to 256 by default, or 1024 with kernel recompile, or more with
          major libc/kernel hackery)
        - now, no relevant limit

ttys    - currently, with a standard kernel, 256 clients
        - with Unix98 ptys and a small amount of coding, 2048

ppp devices
        - no limit in kernel source for ppp
        - limit of 100 in dev_alloc_name() in 2.2.x

      for(i=0;i<100;i++)
      {
              sprintf(dev->name,name,i);
              if(dev_get(dev->name)==NULL)
                      return i;
      }


thanx

Eugene





From eraskin at paslists.com  Mon Mar 27 09:48:41 2000
From: eraskin at paslists.com (Eric H. Raskin)
Date: Mon Mar 27 09:48:41 2000
Subject: [pptp-server] Can't get MPPE to work!
Message-ID: <009f01bf9804$023bae20$650aa8c0@paslists.com>

Help!!

I'm doing something stupid, but I can't find it.  Setup is Linux 2.2.14 with
MPPE patches/pppd 2.3.10 with patches applied.  Win98 client with DUN40 (128
bit) installed.  I can connect fine without data encryption enabled.

I thought I followed all the setup instructions, but I can't get Data Encryption
to work.  I've been through the FAQ's, but I can't find anything to help me out.
I keep getting:

  Error 742:  The computer you're dialing in to does not support the data
encryption requirements specified.

Here's my pptpd.conf file:

speed 115200
option /etc/ppp/pptpd.options
debug
localip 192.168.10.1                (the IP Address on my LAN of my Linux
Firewall)
remoteip 192.168.1.2-254


Here's my /etc/ppp/pptpd.options file:

debug
name xxxx
idle 1800
auth
require-chap
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
ms-wins 192.168.10.2
ms-wins 192.168.10.2
ms-dns 192.168.10.2
ms-dns 192.168.10.1
proxyarp

Here's the result of lsmod:

Module                  Size  Used by
ppp_mppe               12432   0  (unused)
ppp_deflate            40036   0  (unused)
ip_masq_raudio          2800   0  (unused)
ip_masq_ftp             2192   0  (unused)
ppp                    21548   4  (autoclean) [ppp_mppe ppp_deflate]
slip                    8116   2  (autoclean)
slhc                    4320   3  (autoclean) [ppp slip]
3c59x                  18760   1  (autoclean)

(BTW, I had to insmod ppp_deflate and ppp_mppe.  How do I get them to
auto-load?)

Here's my /var/log/messages file:

Mar 27 10:32:11 pluto pptpd[9338]: MGR: Launching /usr/local/sbin/pptpctrl to
handle client
Mar 27 10:32:11 pluto pptpd[9338]: MGR: Launching /usr/local/sbin/pptpctrl to
handle client
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: local address = 192.168.10.1
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: local address = 192.168.10.1
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: remote address = 192.168.1.3
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: remote address = 192.168.1.3
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pppd speed = 115200
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pppd speed = 115200
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pppd options file =
/etc/ppp/options.pptp
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pppd options file =
/etc/ppp/options.pptp
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Client 168.100.202.52 control
connection started
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Client 168.100.202.52 control
connection started
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Received PPTP Control Message (type: 1)
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Received PPTP Control Message (type: 1)
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Made a START CTRL CONN RPLY packet
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Made a START CTRL CONN RPLY packet
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: I wrote 156 bytes to the client.
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: I wrote 156 bytes to the client.
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Sent packet to client
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Sent packet to client
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Received PPTP Control Message (type: 7)
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Received PPTP Control Message (type: 7)
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Set parameters to 0 maxbps, 16 window
size
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Set parameters to 0 maxbps, 16 window
size
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Made a OUT CALL RPLY packet
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Made a OUT CALL RPLY packet
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Starting call (launching pppd, opening
GRE)
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Starting call (launching pppd, opening
GRE)
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pty_fd = 5
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pty_fd = 5
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: tty_fd = 6
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: tty_fd = 6
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): Connection speed =
/etc/ppp/options.pptp
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): Connection speed =
/etc/ppp/options.pptp
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): local address =
192.168.10.1
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): local address =
192.168.10.1
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): remote address =
192.168.1.3
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): remote address =
192.168.1.3
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[0] =
/usr/sbin/pppd
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[0] =
/usr/sbin/pppd
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[1] = local
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[1] = local
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[2] = 115200
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[2] = 115200
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[3] =
192.168.10.1:192.168.1.3
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[3] =
192.168.10.1:192.168.1.3
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[4] = file
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[4] = file
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[5] =
/etc/ppp/options.pptp
Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[5] =
/etc/ppp/options.pptp
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: I wrote 32 bytes to the client.
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: I wrote 32 bytes to the client.
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Sent packet to client
Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Sent packet to client
Mar 27 10:32:11 pluto modprobe: modprobe: Can't locate module char-major-108
Mar 27 10:32:11 pluto modprobe: modprobe: Can't locate module char-major-108
Mar 27 10:32:11 pluto pppd[9339]: pppd 2.3.10 started by root, uid 0
Mar 27 10:32:11 pluto pppd[9339]: Using interface ppp2
Mar 27 10:32:11 pluto pppd[9339]: Connect: ppp2 <--> /dev/pts/5
Mar 27 10:32:11 pluto pppd[9339]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth
chap 81> <magic 0xb4e27c0a> <pcomp>
Mar 27 10:32:11 pluto pppd[9339]: Timeout 0x805074c:0x8078560 in 3 seconds.
Mar 27 10:32:11 pluto pppd[9339]: rcvd [LCP ConfReq id=0x1 <magic 0x37739c>
<pcomp> <accomp>]
Mar 27 10:32:11 pluto pppd[9339]: lcp_reqci: returning CONFACK.
Mar 27 10:32:11 pluto pppd[9339]: sent [LCP ConfAck id=0x1 <magic 0x37739c>
<pcomp> <accomp>]
Mar 27 10:32:11 pluto pppd[9339]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth
chap 81> <magic 0xb4e27c0a> <pcomp>
Mar 27 10:32:11 pluto pppd[9339]: Untimeout 0x805074c:0x8078560.
Mar 27 10:32:11 pluto pppd[9339]: sent [LCP EchoReq id=0x0 magic=0xb4e27c0a]
Mar 27 10:32:11 pluto pppd[9339]: Timeout 0x8053154:0x8078560 in 30 seconds.
Mar 27 10:32:11 pluto pppd[9339]: sent [CHAP Challenge id=0x1
<xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, name = "gatekeepe
Mar 27 10:32:11 pluto pppd[9339]: Timeout 0x8056108:0x8078840 in 3 seconds.
Mar 27 10:32:12 pluto pppd[9339]: rcvd [LCP EchoRep id=0x0 magic=0x37739c]
Mar 27 10:32:12 pluto pppd[9339]: rcvd [CHAP Response id=0x1
<de747eff76213c15447d825eb2c1934d0000000000000000e3bba
Mar 27 10:32:12 pluto pppd[9339]: Untimeout 0x8056108:0x8078840.
Mar 27 10:32:12 pluto pppd[9339]: ChapReceiveResponse: rcvd type MS-CHAP-V2
Mar 27 10:32:12 pluto pppd[9339]: sent [CHAP Success id=0x1
"S=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
Mar 27 10:32:12 pluto pppd[9339]: Script /etc/ppp/auth-up started (pid 9341)
Mar 27 10:32:12 pluto pppd[9339]: sent [IPCP ConfReq id=0x1 <addr 192.168.10.1>
<compress VJ 0f 01>]
Mar 27 10:32:12 pluto pppd[9339]: Timeout 0x805074c:0x80787c0 in 3 seconds.
Mar 27 10:32:12 pluto pppd[9339]: MSCHAP-v2 peer authentication succeeded for
<username>
Mar 27 10:32:12 pluto pppd[9339]: Script /etc/ppp/auth-up finished (pid 9341),
status = 0x0
Mar 27 10:32:12 pluto pppd[9339]: rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01>
<addr 0.0.0.0> <ms-dns1 0.0.0.0> <m
Mar 27 10:32:12 pluto pppd[9339]: ipcp: returning Configure-NAK
Mar 27 10:32:12 pluto pppd[9339]: sent [IPCP ConfNak id=0x1 <addr 192.168.10.1>
<ms-dns1 192.168.10.2> <ms-wins 192.
Mar 27 10:32:12 pluto pppd[9339]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 71> <lzs
0 1 4>]
Mar 27 10:32:12 pluto pppd[9339]: Unsupported protocol (0x80fd) received
Mar 27 10:32:12 pluto pppd[9339]: sent [LCP ProtRej id=0x2 80 fd 01 01 00 0f 12
06 01 00 00 71 11 05 00 01 04]
Mar 27 10:32:12 pluto pppd[9339]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.10.1>
<compress VJ 0f 01>]
Mar 27 10:32:12 pluto pppd[9339]: rcvd [IPCP ConfReq id=0x2 <compress VJ 0f 01>
<addr 192.168.1.3> <ms-dns1 192.168
Mar 27 10:32:12 pluto pppd[9339]: ipcp: returning Configure-ACK
Mar 27 10:32:12 pluto pppd[9339]: sent [IPCP ConfAck id=0x2 <compress VJ 0f 01>
<addr 192.168.1.3> <ms-dns1 192.168
Mar 27 10:32:12 pluto pppd[9339]: Untimeout 0x805074c:0x80787c0.
Mar 27 10:32:12 pluto pppd[9339]: ipcp: up
Mar 27 10:32:12 pluto pppd[9339]: Cannot determine ethernet address for proxy
ARP
Mar 27 10:32:12 pluto pppd[9339]: local  IP address 192.168.10.1
Mar 27 10:32:12 pluto pppd[9339]: remote IP address 192.168.1.3
Mar 27 10:32:12 pluto pppd[9339]: Timeout 0x805a100:0x0 in 1800 seconds.
Mar 27 10:32:12 pluto pppd[9339]: Script /etc/ppp/ip-up started (pid 9344)
Mar 27 10:32:13 pluto pppd[9339]: rcvd [LCP TermReq id=0x2]
Mar 27 10:32:13 pluto pppd[9339]: LCP terminated by peer
Mar 27 10:32:13 pluto pppd[9339]: Untimeout 0x8053154:0x8078560.
Mar 27 10:32:13 pluto pppd[9339]: Script /etc/ppp/auth-down started (pid 9400)
Mar 27 10:32:13 pluto pppd[9339]: ipcp: down
Mar 27 10:32:13 pluto pppd[9339]: Untimeout 0x805a100:0x0.
Mar 27 10:32:13 pluto pppd[9339]: Timeout 0x805074c:0x8078560 in 3 seconds.
Mar 27 10:32:13 pluto pppd[9339]: sent [LCP TermAck id=0x2]
Mar 27 10:32:13 pluto pppd[9339]: Script /etc/ppp/auth-down finished (pid 9400),
status = 0x0
Mar 27 10:32:13 pluto pppd[9339]: Script /etc/ppp/ip-up finished (pid 9344),
status = 0x0
Mar 27 10:32:13 pluto pppd[9339]: Script /etc/ppp/ip-down started (pid 9416)
Mar 27 10:32:13 pluto pppd[9339]: Script /etc/ppp/ip-down finished (pid 9416),
status = 0x7f00
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Received PPTP Control Message (type:
12)
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Received PPTP Control Message (type:
12)
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Made a CALL DISCONNECT RPLY packet
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Made a CALL DISCONNECT RPLY packet
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Received CALL CLR request (closing
call)
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Received CALL CLR request (closing
call)
Mar 27 10:32:13 pluto pptpd[76]: MGR: Reaped child 9338
Mar 27 10:32:13 pluto pptpd[76]: MGR: Reaped child 9338
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: I wrote 148 bytes to the client.
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: I wrote 148 bytes to the client.
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Sent packet to client
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Sent packet to client
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Error with select(), quitting
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Error with select(), quitting
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Client <ISP ipaddr> control connection
finished
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Client <ISP ipaddr> control connection
finished
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Exiting now
Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Exiting now
Mar 27 10:32:13 pluto pppd[9339]: Modem hangup
Mar 27 10:32:13 pluto pppd[9339]: Untimeout 0x805074c:0x8078560.
Mar 27 10:32:13 pluto pppd[9339]: Connection terminated.
Mar 27 10:32:13 pluto pppd[9339]: Connect time 0.1 minutes.
Mar 27 10:32:13 pluto pppd[9339]: Sent 410 bytes, received 432 bytes.
Mar 27 10:32:13 pluto pppd[9339]: Failed to open /dev/pts/5: No such file or
directory
Mar 27 10:32:13 pluto last message repeated 9 times
Mar 27 10:32:13 pluto pppd[9339]: Exit.

If there is any other information I can provide, please let me know.

TIA

---------------------------------------------------------------------
Eric H. Raskin                                 eraskin at paslists.com
Professional Advertising Systems Inc.          Voice: 914-741-1100
70 Memorial Plaza                              Fax:   914-741-2788
Pleasantville, NY 10570




From boris at microtrader.com  Mon Mar 27 13:04:52 2000
From: boris at microtrader.com (Boris Reisig)
Date: Mon Mar 27 13:04:52 2000
Subject: [pptp-server] ** MSChapv2 ** Where can I find the latest patch?
Message-ID: <001401bf981f$3ef1b7e0$4201a8c0@mycompany.xxx>

I saw on moretonbay that the latest patch of MSChapv2 is for ppp2.3.8. Im looking for a newer patch for 2.3.11? Anyone know where to get a newer MChapv2 patch?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000327/0697bd55/attachment.html>

From geoff at gnaa.net  Mon Mar 27 13:11:26 2000
From: geoff at gnaa.net (Geoff Nordli)
Date: Mon Mar 27 13:11:26 2000
Subject: [pptp-server] ** MSChapv2 ** Where can I find the latest patch?
In-Reply-To: <001401bf981f$3ef1b7e0$4201a8c0@mycompany.xxx>
Message-ID: <003301bf9820$35a34090$0101a8c0@highwayi.com>

there is a link on the website that points to the Australian MPPE.

I think it includes the MSChap stuff.  At least I hope it does.

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Boris Reisig
Sent: Monday, March 27, 2000 11:04 AM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] ** MSChapv2 ** Where can I find the latest patch?


I saw on moretonbay that the latest patch of MSChapv2 is for ppp2.3.8. Im
looking for a newer patch for 2.3.11? Anyone know where to get a newer
MChapv2 patch?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Australian MPPE Mirror (including encryption).url
Type: application/octet-stream
Size: 87 bytes
Desc: not available
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000327/2368b8cd/attachment.obj>

From P.J.Reid at earthling.net  Mon Mar 27 13:43:28 2000
From: P.J.Reid at earthling.net (Patrick Reid)
Date: Mon Mar 27 13:43:28 2000
Subject: [pptp-server] pppd 2.3.10 with encryption forced no longer terminates
In-Reply-To: <001401bf981f$3ef1b7e0$4201a8c0@mycompany.xxx>
Message-ID: <NBBBIEENKKBNLBCJKFNHEEAJEDAA.P.J.Reid@earthling.net>

I have implemented to patches to allow encryption to be forced which were
provided by Martin. Ever since then, the pppd sessions started by pptpd do
not terminate when I disconnect my VPN connection from my Win98 machine. I
have to use kill -s 9 [pid] to end them.

Any idea why this is happening and how to recover the original behaviour?

Patrick Reid




From geoff at gnaa.net  Mon Mar 27 13:48:30 2000
From: geoff at gnaa.net (Geoff Nordli)
Date: Mon Mar 27 13:48:30 2000
Subject: [pptp-server] pppd 2.3.10 with encryption forced no longer terminates
In-Reply-To: <NBBBIEENKKBNLBCJKFNHEEAJEDAA.P.J.Reid@earthling.net>
Message-ID: <004301bf9825$38580e10$0101a8c0@highwayi.com>

That is the same problem that I was having with the 2.3.11 patch.

So it must have something to do with the way the patch handles 
disconnnects.

geoff

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Patrick Reid
> Sent: Monday, March 27, 2000 11:43 AM
> To: pptp-server at lists.schulte.org
> Cc: mm at lunetix.de
> Subject: [pptp-server] pppd 2.3.10 with encryption forced no longer
> terminates
> 
> 
> I have implemented to patches to allow encryption to be 
> forced which were
> provided by Martin. Ever since then, the pppd sessions 
> started by pptpd do
> not terminate when I disconnect my VPN connection from my 
> Win98 machine. I
> have to use kill -s 9 [pid] to end them.
> 
> Any idea why this is happening and how to recover the 
> original behaviour?
> 
> Patrick Reid
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
> 



From MillsD at datametrics.co.uk  Tue Mar 28 01:35:26 2000
From: MillsD at datametrics.co.uk (Dave Mills)
Date: Tue Mar 28 01:35:26 2000
Subject: [pptp-server] PPTP Stuck in loop
Message-ID: <A1040B4B81C3D311A23D00C0DFEE43AE07C9C4@lion.datametrics.co.uk>

Hi, 

I'm running pptpd on FREEBSD and every so often, the pptpd process seems to
loop with the following error messages :

Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: Unexpected control message 0 in
disconnect sequence
Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: EOF or bad error reading ctrl
packet length.
Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: couldn't read packet header
(exit)
Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: Unexpected control message 0 in
disconnect sequence
Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: EOF or bad error reading ctrl
packet length.
Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: couldn't read packet header
(exit)
Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: Unexpected control message 0 in
disconnect sequence
Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: EOF or bad error reading ctrl
packet length.

Anyone seen this before, or have any idea's what is causing it?  I have
pptpd running on another box and it seems to be fine.

Regards

Dave Mills



From amacc at iron-bridge.net  Tue Mar 28 07:37:51 2000
From: amacc at iron-bridge.net (Andrew McRory)
Date: Tue Mar 28 07:37:51 2000
Subject: [pptp-server] PPTP Stuck in loop
In-Reply-To: <A1040B4B81C3D311A23D00C0DFEE43AE07C9C4@lion.datametrics.co.uk>
Message-ID: <Pine.LNX.4.02.10003280830370.3785-100000@ns1.mailer.org>

On Tue, 28 Mar 2000, Dave  Mills wrote:

> Hi, 
> 
> I'm running pptpd on FREEBSD and every so often, the pptpd process seems to
> loop with the following error messages :
> 
> Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: Unexpected control message 0 in
> disconnect sequence
> Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: EOF or bad error reading ctrl
> packet length.
> Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: couldn't read packet header
> (exit)
> Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: Unexpected control message 0 in
> disconnect sequence
> Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: EOF or bad error reading ctrl
> packet length.

Hi,

This same thing happened to me last night on a linux box. The errors
were generated at the rate of 200 per second and between the crashed pptpd
and syslog the load average went over 2.00 until I killed pptpd.

TIA,

Andrew McRory / President                            amacc at iron-bridge.net
Iron Bridge Communications                             www.iron-bridge.net
Caldera OpenLinux Contrib RPMS             ftp.iron-bridge.net/pub/Caldera





From MillsD at datametrics.co.uk  Tue Mar 28 07:51:51 2000
From: MillsD at datametrics.co.uk (Dave Mills)
Date: Tue Mar 28 07:51:51 2000
Subject: [pptp-server] PPTP Stuck in loop
Message-ID: <A1040B4B81C3D311A23D00C0DFEE43AE07CA08@lion.datametrics.co.uk>

Andrew, 

Thanks for the response, I just wanted you to know that I've just found the
answer.

It seems our problems are not unique, so common in fact there has been a
patch created and the problem is totally fixed in 1.1.1. It would be nice to
have a search engine for the archives, but admittedly I should have looked
harder.

I have found the info in the mailing list archive for February 2000, check
out :

http://lists.schulte.org/pipermail/pptp-server/2000-February/001583.html

For the patch, not sure whether it works yet, but it seemed to apply and
compile OK.

I'll let you know if this fixes the problem.

Regards

Dave Mills

-----Original Message-----
From: Andrew McRory [mailto:amacc at iron-bridge.net]
Sent: 28 March 2000 14:35
To: Dave Mills
Cc: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] PPTP Stuck in loop


On Tue, 28 Mar 2000, Dave  Mills wrote:

> Hi, 
> 
> I'm running pptpd on FREEBSD and every so often, the pptpd process seems
to
> loop with the following error messages :
> 
> Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: Unexpected control message 0
in
> disconnect sequence
> Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: EOF or bad error reading ctrl
> packet length.
> Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: couldn't read packet header
> (exit)
> Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: Unexpected control message 0
in
> disconnect sequence
> Mar 27 16:00:01 DSCUSGW0 pptpd[50196]: CTRL: EOF or bad error reading ctrl
> packet length.

Hi,

This same thing happened to me last night on a linux box. The errors
were generated at the rate of 200 per second and between the crashed pptpd
and syslog the load average went over 2.00 until I killed pptpd.

TIA,

Andrew McRory / President                            amacc at iron-bridge.net
Iron Bridge Communications                             www.iron-bridge.net
Caldera OpenLinux Contrib RPMS             ftp.iron-bridge.net/pub/Caldera




From mm at lunetix.de  Tue Mar 28 08:58:37 2000
From: mm at lunetix.de (Martin Mueller)
Date: Tue Mar 28 08:58:37 2000
Subject: [pptp-server] Re: pppd 2.3.10 with encryption forced no longer terminates
In-Reply-To: <NBBBIEENKKBNLBCJKFNHEEAJEDAA.P.J.Reid@earthling.net>; from P.J.Reid@earthling.net on Mon, Mar 27, 2000 at 03:43:25PM -0400
References: <001401bf981f$3ef1b7e0$4201a8c0@mycompany.xxx> <NBBBIEENKKBNLBCJKFNHEEAJEDAA.P.J.Reid@earthling.net>
Message-ID: <20000328165841.W27633@cicero.werkleitz.de>

On Mon, Mar 27, 2000 at 03:43:25PM -0400, Patrick Reid wrote:
> I have implemented to patches to allow encryption to be forced which were
> provided by Martin. Ever since then, the pppd sessions started by pptpd do
> not terminate when I disconnect my VPN connection from my Win98 machine. I
> have to use kill -s 9 [pid] to end them.
> 
> Any idea why this is happening and how to recover the original behaviour?

Hmm, maybe ... I'll look into it ..

bye
   MM
   
PGP-RSA key available from:
http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de



From mm at lunetix.de  Tue Mar 28 09:48:56 2000
From: mm at lunetix.de (Martin Mueller)
Date: Tue Mar 28 09:48:56 2000
Subject: [pptp-server] Re: pppd 2.3.10 with encryption forced no longer terminates
In-Reply-To: <NBBBIEENKKBNLBCJKFNHEEAJEDAA.P.J.Reid@earthling.net>; from P.J.Reid@earthling.net on Mon, Mar 27, 2000 at 03:43:25PM -0400
References: <001401bf981f$3ef1b7e0$4201a8c0@mycompany.xxx> <NBBBIEENKKBNLBCJKFNHEEAJEDAA.P.J.Reid@earthling.net>
Message-ID: <20000328174909.X27633@cicero.werkleitz.de>

On Mon, Mar 27, 2000 at 03:43:25PM -0400, Patrick Reid wrote:
> I have implemented to patches to allow encryption to be forced which were
> provided by Martin. Ever since then, the pppd sessions started by pptpd do
> not terminate when I disconnect my VPN connection from my Win98 machine. I
> have to use kill -s 9 [pid] to end them.
> 
> Any idea why this is happening and how to recover the original behaviour?

OK. I have put a new patch on http://www.smop.de

It should solve the problem (at least it does for me).

bye
   MM
   
PGP-RSA key available from:
http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de



From SCody at Gulbrandsen.com  Tue Mar 28 12:53:01 2000
From: SCody at Gulbrandsen.com (Steve Cody)
Date: Tue Mar 28 12:53:01 2000
Subject: [pptp-server] Error:  no masq table...
Message-ID: <A505C3AEEAC0D2119F6800902745A52B45DEDD@obsc_pdc01.gulbrandsen.com>

This is a message I have been getting in my /var/log/messages.  I am running
a RH 6.1 system.  This has been coming up quite a bit.  Is this message a
problem?  This is on the side of the Linux PPTP client.

Mar 28 14:42:54 portero kernel: ip_demasq_gre(): 12.24.136.8 -> 12.24.136.11
CID=0 no masq table, discarding 
Mar 28 14:43:54 portero last message repeated 110 times

Thanks!

Steve Cody



From jrioux at entrata.com  Tue Mar 28 13:08:55 2000
From: jrioux at entrata.com (John Rioux)
Date: Tue Mar 28 13:08:55 2000
Subject: [pptp-server] Module char-major-108
Message-ID: <38E102CA.A5EAA6D9@entrata.com>

I am attempting to get pptpd running on RedHat 6.1 Deluxe workstation
build.  I'm following the procedure PoPToP-RedHat-HOWTO.txt from Mike
Barsalou dated 20000306.  I have pptpd V1.0.0 loaded from the tarball
off the POPTOP web site.
The RedHat distro I am using is Kernel 2.2.2-12 and ppp is 2.3.10-1
which should be OK as per the procedure.  When I attempt to connect
using clear text authentification from at MS Windows NT 4.0 Workstation
client I get the error message # 732 ppp negotiation is not converging.
The /var/log/messages file on the POPTOP server has the following error
in it.
pppd[759]: can't locate module char-major-108
I have attempted to insmod char-major-108, but the OS stated that there
is no module by that name can be found.
How can I resolve this error message ??
My intent is to get pptp working with clear text authentification then
proceed on to MSCHAPv2/MPPE in an attempt to create a VPN for our remote
NT clients
TIA
Regards,
John Rioux




From dxf at dewittross.com  Tue Mar 28 13:41:45 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Tue Mar 28 13:41:45 2000
Subject: [pptp-server] LDAP/PAM for authentication
Message-ID: <38E10B5E.5E55FB95@dewittross.com>

Does anyone know of any means to use either an LDAP server or PAM (with
the LDAP patch) to authenticate PPP (or more specifically PPTP)
clients?  

We are trying to move all, or most, of our user authentication over to
use an LDAP based directory.  The users will be nearly all Windows based
(NT 4.0, 95/98, and 2000).  

Does anyone have any thoughts about this, or is this pretty much not
doable with the way that PPP and Windoww handles authentication?

Thanks for any input.
-- 
Daniell Freed
Computer Services
Dewitt, Ross, & Stevens

He who fights with monsters might take care 
lest he thereby become a monster. 
And if you gaze for long into an abyss, 
the abyss gazes also into you.

Beyond Good and Evil
Friedrich Wilhelm Nietzche



From boris at microtrader.com  Tue Mar 28 14:33:45 2000
From: boris at microtrader.com (Boris Reisig)
Date: Tue Mar 28 14:33:45 2000
Subject: [pptp-server] ** VPN Problem, Can't access other computer shares on remote network. **
Message-ID: <002b01bf98f4$d884fea0$4201a8c0@mycompany.xxx>

Im having a problem with my VPN, I am wondering if anyone could tell me how to fix it and or give me examples on fixing it. I am using PPTPD 1.1.1 and Samba 2.06 as my WINS Server at work. Each of the workstations are running Win98 Second Edition. I have a lan with 10 computers [192.168.0.2-192.168-0.10] plus my gateway server box sharing internet to all the other computers [eth0, is my cableip and eth1 is 192.168.0.1]. My gateway server is a DHCP Server[Giving out the 192.168.0.2-10 ip numbers to the workstations] and all the workstations have point to my samba server as the WINS server. Each computer on the network can see each other and get into each others shares. This is good but thats not the problem im having. I am at home and connect to my gateway server with my VPN connection. I set pptpd to give me an ip of 192.168.0.250 so that I am still within the same subnet. I can ping the remote computers [192.168.0.2-10] and even a remote WINS/gateway server [192.168.0.1]. I can see the computers in network neighborhood on my work lan but heres what im having problems with. If I click on the Gateway server name in network neighborhood, I can get it but if I click on one of the remote computers, It keeps saying "\\Workstation is not accessible. The computer or sharename could not be found. Make sure you typed it correctly, and try again". I click on another computer and it gives me the same error? Why can I access the wins/gateway computer but I can't access any of the computers on the lan? Any *help* on fixing this would be EXTREMELY appreciated.

Boris Reisig
Microtrader Computers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000328/5d6ee4c3/attachment.html>

From SCody at Gulbrandsen.com  Tue Mar 28 14:49:44 2000
From: SCody at Gulbrandsen.com (Steve Cody)
Date: Tue Mar 28 14:49:44 2000
Subject: [pptp-server] ** VPN Problem, Can't access other computer sha
	res on remote network. **
Message-ID: <A505C3AEEAC0D2119F6800902745A52B45DEE5@obsc_pdc01.gulbrandsen.com>

Do you have a WINS server IP address specified at the home computer?  Try
accessing one of the computers resources by doing this:
 
Click:  START, RUN, enter \\192.168.0.x <file://\\192.168.0.x>   (enter the
address of a computer with resources that are shared)
 
If you can access it this way, then you probably need to specify a WINS
server in the configuration of the home computer.
 
Steve Cody

-----Original Message-----
From: Boris Reisig [mailto:boris at microtrader.com]
Sent: Tuesday, March 28, 2000 3:33 PM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] ** VPN Problem, Can't access other computer shares on
remote network. **


Im having a problem with my VPN, I am wondering if anyone could tell me how
to fix it and or give me examples on fixing it. I am using PPTPD 1.1.1 and
Samba 2.06 as my WINS Server at work. Each of the workstations are running
Win98 Second Edition. I have a lan with 10 computers
[192.168.0.2-192.168-0.10] plus my gateway server box sharing internet to
all the other computers [eth0, is my cableip and eth1 is 192.168.0.1]. My
gateway server is a DHCP Server[Giving out the 192.168.0.2-10 ip numbers to
the workstations] and all the workstations have point to my samba server as
the WINS server. Each computer on the network can see each other and get
into each others shares. This is good but thats not the problem im having. I
am at home and connect to my gateway server with my VPN connection. I set
pptpd to give me an ip of 192.168.0.250 so that I am still within the same
subnet. I can ping the remote computers [192.168.0.2-10] and even a remote
WINS/gateway server [192.168.0.1]. I can see the computers in network
neighborhood on my work lan but heres what im having problems with. If I
click on the Gateway server name in network neighborhood, I can get it but
if I click on one of the remote computers, It keeps saying " \\Workstation
<file://\\Workstation>  is not accessible. The computer or sharename could
not be found. Make sure you typed it correctly, and try again". I click on
another computer and it gives me the same error? Why can I access the
wins/gateway computer but I can't access any of the computers on the lan?
Any *help* on fixing this would be EXTREMELY appreciated.
 
Boris Reisig
Microtrader Computers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000328/94532e90/attachment.html>

From john at arnie.jfive.com  Tue Mar 28 15:07:34 2000
From: john at arnie.jfive.com (John Heyer)
Date: Tue Mar 28 15:07:34 2000
Subject: [pptp-server] FreeBSD PPP Settings
Message-ID: <Pine.BSF.4.21.0003281506530.47814-100000@snake.supranet.net>

I've installed PPTP on my FreeBSD Box running 3.2-RELEASE, but clients
can't connect.  In my logs, I get:

Mar 28 14:50:52 dragon pptpd[4470]: CTRL: EOF or bad error reading ctrl
packet length.
Mar 28 14:50:52 dragon pptpd[4470]: CTRL: couldn't read packet header
(exit)
Mar 28 14:50:52 dragon pptpd[4470]: CTRL: CTRL read failed
Mar 28 14:52:08 dragon pptpd[4473]: CTRL: Error with select(), quitting

Is there anything special I need to know?  Also if anybody has a working
ppp.conf file, I'd love to see it.  Thanks in Advanace,

--
Johh Heyer - john at arnie.jfive.com - http://www.jfive.com

"Me fail English?  That's unpossible!"  -- Ralph Wiggam




From toktar at per.com.br  Tue Mar 28 21:56:33 2000
From: toktar at per.com.br (Emir Toktar)
Date: Tue Mar 28 21:56:33 2000
Subject: [pptp-server] Can't get MPPE to work!
References: <009f01bf9804$023bae20$650aa8c0@paslists.com>
Message-ID: <0ac801bf99fc$28da59b0$010010ac@crypto.net>

Ieha, this is not exclusive your problem. Since that I did my update to RH
6.1, ppp-2.3.10-3 and openssl-0.9.4  I have the same problem. I tryied
reinstall DUN NT4.0 (before and after of the SP6.0) and I didn't success.
Thanks for any TIPs.

I saw this message too...
=========cut message================
----- Original Message -----
From: Michael Armstrong <mikea at maketi.com>
To: <pptp-server at lists.schulte.org>
Sent: Thursday, 16 March, 2000 12:24 AM
Subject: [pptp-server] NT compression revisited
|
| When the client is Windoze NT.
|     Running the client with No encryption gives perfect
| connection/authentication and data transmission
|     Running the client with Encryption allows the
| connection/authentication, but any attempt to access the internal
| network gives a slew of "unsupported protocol" messages.
|
| The Windoze NT  configuration which doesn't work is:
| NT 4.0 workstation, SP6a, 128 bit edition
==================================


Emir Toktar

+55 2141 232-4570
toktar at per.com.br
emir.toktar at bra.xerox.com
toktar at ppgia.pucpr.br

----- Original Message -----
From: Eric H. Raskin <eraskin at paslists.com>
To: <pptp-server at lists.schulte.org>
Sent: Monday, 27 March, 2000 12:49 PM
Subject: [pptp-server] Can't get MPPE to work!


| Help!!
|
| I'm doing something stupid, but I can't find it.  Setup is Linux 2.2.14
with
| MPPE patches/pppd 2.3.10 with patches applied.  Win98 client with DUN40
(128
| bit) installed.  I can connect fine without data encryption enabled.
|
| I thought I followed all the setup instructions, but I can't get Data
Encryption
| to work.  I've been through the FAQ's, but I can't find anything to help
me out.
| I keep getting:
|
|   Error 742:  The computer you're dialing in to does not support the data
| encryption requirements specified.
|
| Here's my pptpd.conf file:
|
| speed 115200
| option /etc/ppp/pptpd.options
| debug
| localip 192.168.10.1                (the IP Address on my LAN of my Linux
| Firewall)
| remoteip 192.168.1.2-254
|
|
| Here's my /etc/ppp/pptpd.options file:
|
| debug
| name xxxx
| idle 1800
| auth
| require-chap
| +chap
| +chapms
| +chapms-v2
| mppe-40
| mppe-128
| mppe-stateless
| ms-wins 192.168.10.2
| ms-wins 192.168.10.2
| ms-dns 192.168.10.2
| ms-dns 192.168.10.1
| proxyarp
|
| Here's the result of lsmod:
|
| Module                  Size  Used by
| ppp_mppe               12432   0  (unused)
| ppp_deflate            40036   0  (unused)
| ip_masq_raudio          2800   0  (unused)
| ip_masq_ftp             2192   0  (unused)
| ppp                    21548   4  (autoclean) [ppp_mppe ppp_deflate]
| slip                    8116   2  (autoclean)
| slhc                    4320   3  (autoclean) [ppp slip]
| 3c59x                  18760   1  (autoclean)
|
| (BTW, I had to insmod ppp_deflate and ppp_mppe.  How do I get them to
| auto-load?)
|
| Here's my /var/log/messages file:
|
| Mar 27 10:32:11 pluto pptpd[9338]: MGR: Launching /usr/local/sbin/pptpctrl
to
| handle client
| Mar 27 10:32:11 pluto pptpd[9338]: MGR: Launching /usr/local/sbin/pptpctrl
to
| handle client
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: local address = 192.168.10.1
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: local address = 192.168.10.1
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: remote address = 192.168.1.3
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: remote address = 192.168.1.3
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pppd speed = 115200
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pppd speed = 115200
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pppd options file =
| /etc/ppp/options.pptp
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pppd options file =
| /etc/ppp/options.pptp
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Client 168.100.202.52 control
| connection started
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Client 168.100.202.52 control
| connection started
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Received PPTP Control Message
(type: 1)
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Received PPTP Control Message
(type: 1)
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Made a START CTRL CONN RPLY
packet
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Made a START CTRL CONN RPLY
packet
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: I wrote 156 bytes to the client.
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: I wrote 156 bytes to the client.
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Sent packet to client
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Sent packet to client
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Received PPTP Control Message
(type: 7)
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Received PPTP Control Message
(type: 7)
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Set parameters to 0 maxbps, 16
window
| size
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Set parameters to 0 maxbps, 16
window
| size
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Made a OUT CALL RPLY packet
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Made a OUT CALL RPLY packet
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Starting call (launching pppd,
opening
| GRE)
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Starting call (launching pppd,
opening
| GRE)
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pty_fd = 5
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: pty_fd = 5
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: tty_fd = 6
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: tty_fd = 6
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): Connection speed
=
| /etc/ppp/options.pptp
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): Connection speed
=
| /etc/ppp/options.pptp
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): local address =
| 192.168.10.1
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): local address =
| 192.168.10.1
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): remote address =
| 192.168.1.3
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): remote address =
| 192.168.1.3
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[0] =
| /usr/sbin/pppd
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[0] =
| /usr/sbin/pppd
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[1] =
local
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[1] =
local
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[2] =
115200
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[2] =
115200
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[3] =
| 192.168.10.1:192.168.1.3
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[3] =
| 192.168.10.1:192.168.1.3
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[4] =
file
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[4] =
file
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[5] =
| /etc/ppp/options.pptp
| Mar 27 10:32:11 pluto pptpd[9339]: CTRL (PPPD Launcher): pppd argv[5] =
| /etc/ppp/options.pptp
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: I wrote 32 bytes to the client.
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: I wrote 32 bytes to the client.
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Sent packet to client
| Mar 27 10:32:11 pluto pptpd[9338]: CTRL: Sent packet to client
| Mar 27 10:32:11 pluto modprobe: modprobe: Can't locate module
char-major-108
| Mar 27 10:32:11 pluto modprobe: modprobe: Can't locate module
char-major-108
| Mar 27 10:32:11 pluto pppd[9339]: pppd 2.3.10 started by root, uid 0
| Mar 27 10:32:11 pluto pppd[9339]: Using interface ppp2
| Mar 27 10:32:11 pluto pppd[9339]: Connect: ppp2 <--> /dev/pts/5
| Mar 27 10:32:11 pluto pppd[9339]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth
| chap 81> <magic 0xb4e27c0a> <pcomp>
| Mar 27 10:32:11 pluto pppd[9339]: Timeout 0x805074c:0x8078560 in 3
seconds.
| Mar 27 10:32:11 pluto pppd[9339]: rcvd [LCP ConfReq id=0x1 <magic
0x37739c>
| <pcomp> <accomp>]
| Mar 27 10:32:11 pluto pppd[9339]: lcp_reqci: returning CONFACK.
| Mar 27 10:32:11 pluto pppd[9339]: sent [LCP ConfAck id=0x1 <magic
0x37739c>
| <pcomp> <accomp>]
| Mar 27 10:32:11 pluto pppd[9339]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0>
<auth
| chap 81> <magic 0xb4e27c0a> <pcomp>
| Mar 27 10:32:11 pluto pppd[9339]: Untimeout 0x805074c:0x8078560.
| Mar 27 10:32:11 pluto pppd[9339]: sent [LCP EchoReq id=0x0
magic=0xb4e27c0a]
| Mar 27 10:32:11 pluto pppd[9339]: Timeout 0x8053154:0x8078560 in 30
seconds.
| Mar 27 10:32:11 pluto pppd[9339]: sent [CHAP Challenge id=0x1
| <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, name = "gatekeepe
| Mar 27 10:32:11 pluto pppd[9339]: Timeout 0x8056108:0x8078840 in 3
seconds.
| Mar 27 10:32:12 pluto pppd[9339]: rcvd [LCP EchoRep id=0x0 magic=0x37739c]
| Mar 27 10:32:12 pluto pppd[9339]: rcvd [CHAP Response id=0x1
| <de747eff76213c15447d825eb2c1934d0000000000000000e3bba
| Mar 27 10:32:12 pluto pppd[9339]: Untimeout 0x8056108:0x8078840.
| Mar 27 10:32:12 pluto pppd[9339]: ChapReceiveResponse: rcvd type
MS-CHAP-V2
| Mar 27 10:32:12 pluto pppd[9339]: sent [CHAP Success id=0x1
| "S=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]
| Mar 27 10:32:12 pluto pppd[9339]: Script /etc/ppp/auth-up started (pid
9341)
| Mar 27 10:32:12 pluto pppd[9339]: sent [IPCP ConfReq id=0x1 <addr
192.168.10.1>
| <compress VJ 0f 01>]
| Mar 27 10:32:12 pluto pppd[9339]: Timeout 0x805074c:0x80787c0 in 3
seconds.
| Mar 27 10:32:12 pluto pppd[9339]: MSCHAP-v2 peer authentication succeeded
for
| <username>
| Mar 27 10:32:12 pluto pppd[9339]: Script /etc/ppp/auth-up finished (pid
9341),
| status = 0x0
| Mar 27 10:32:12 pluto pppd[9339]: rcvd [IPCP ConfReq id=0x1 <compress VJ
0f 01>
| <addr 0.0.0.0> <ms-dns1 0.0.0.0> <m
| Mar 27 10:32:12 pluto pppd[9339]: ipcp: returning Configure-NAK
| Mar 27 10:32:12 pluto pppd[9339]: sent [IPCP ConfNak id=0x1 <addr
192.168.10.1>
| <ms-dns1 192.168.10.2> <ms-wins 192.
| Mar 27 10:32:12 pluto pppd[9339]: rcvd [CCP ConfReq id=0x1 <mppe 1 0 0 71>
<lzs
| 0 1 4>]
| Mar 27 10:32:12 pluto pppd[9339]: Unsupported protocol (0x80fd) received
| Mar 27 10:32:12 pluto pppd[9339]: sent [LCP ProtRej id=0x2 80 fd 01 01 00
0f 12
| 06 01 00 00 71 11 05 00 01 04]
| Mar 27 10:32:12 pluto pppd[9339]: rcvd [IPCP ConfAck id=0x1 <addr
192.168.10.1>
| <compress VJ 0f 01>]
| Mar 27 10:32:12 pluto pppd[9339]: rcvd [IPCP ConfReq id=0x2 <compress VJ
0f 01>
| <addr 192.168.1.3> <ms-dns1 192.168
| Mar 27 10:32:12 pluto pppd[9339]: ipcp: returning Configure-ACK
| Mar 27 10:32:12 pluto pppd[9339]: sent [IPCP ConfAck id=0x2 <compress VJ
0f 01>
| <addr 192.168.1.3> <ms-dns1 192.168
| Mar 27 10:32:12 pluto pppd[9339]: Untimeout 0x805074c:0x80787c0.
| Mar 27 10:32:12 pluto pppd[9339]: ipcp: up
| Mar 27 10:32:12 pluto pppd[9339]: Cannot determine ethernet address for
proxy
| ARP
| Mar 27 10:32:12 pluto pppd[9339]: local  IP address 192.168.10.1
| Mar 27 10:32:12 pluto pppd[9339]: remote IP address 192.168.1.3
| Mar 27 10:32:12 pluto pppd[9339]: Timeout 0x805a100:0x0 in 1800 seconds.
| Mar 27 10:32:12 pluto pppd[9339]: Script /etc/ppp/ip-up started (pid 9344)
| Mar 27 10:32:13 pluto pppd[9339]: rcvd [LCP TermReq id=0x2]
| Mar 27 10:32:13 pluto pppd[9339]: LCP terminated by peer
| Mar 27 10:32:13 pluto pppd[9339]: Untimeout 0x8053154:0x8078560.
| Mar 27 10:32:13 pluto pppd[9339]: Script /etc/ppp/auth-down started (pid
9400)
| Mar 27 10:32:13 pluto pppd[9339]: ipcp: down
| Mar 27 10:32:13 pluto pppd[9339]: Untimeout 0x805a100:0x0.
| Mar 27 10:32:13 pluto pppd[9339]: Timeout 0x805074c:0x8078560 in 3
seconds.
| Mar 27 10:32:13 pluto pppd[9339]: sent [LCP TermAck id=0x2]
| Mar 27 10:32:13 pluto pppd[9339]: Script /etc/ppp/auth-down finished (pid
9400),
| status = 0x0
| Mar 27 10:32:13 pluto pppd[9339]: Script /etc/ppp/ip-up finished (pid
9344),
| status = 0x0
| Mar 27 10:32:13 pluto pppd[9339]: Script /etc/ppp/ip-down started (pid
9416)
| Mar 27 10:32:13 pluto pppd[9339]: Script /etc/ppp/ip-down finished (pid
9416),
| status = 0x7f00
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Received PPTP Control Message
(type:
| 12)
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Received PPTP Control Message
(type:
| 12)
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Made a CALL DISCONNECT RPLY
packet
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Made a CALL DISCONNECT RPLY
packet
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Received CALL CLR request
(closing
| call)
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Received CALL CLR request
(closing
| call)
| Mar 27 10:32:13 pluto pptpd[76]: MGR: Reaped child 9338
| Mar 27 10:32:13 pluto pptpd[76]: MGR: Reaped child 9338
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: I wrote 148 bytes to the client.
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: I wrote 148 bytes to the client.
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Sent packet to client
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Sent packet to client
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Error with select(), quitting
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Error with select(), quitting
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Client <ISP ipaddr> control
connection
| finished
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Client <ISP ipaddr> control
connection
| finished
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Exiting now
| Mar 27 10:32:13 pluto pptpd[9338]: CTRL: Exiting now
| Mar 27 10:32:13 pluto pppd[9339]: Modem hangup
| Mar 27 10:32:13 pluto pppd[9339]: Untimeout 0x805074c:0x8078560.
| Mar 27 10:32:13 pluto pppd[9339]: Connection terminated.
| Mar 27 10:32:13 pluto pppd[9339]: Connect time 0.1 minutes.
| Mar 27 10:32:13 pluto pppd[9339]: Sent 410 bytes, received 432 bytes.
| Mar 27 10:32:13 pluto pppd[9339]: Failed to open /dev/pts/5: No such file
or
| directory
| Mar 27 10:32:13 pluto last message repeated 9 times
| Mar 27 10:32:13 pluto pppd[9339]: Exit.
|
| If there is any other information I can provide, please let me know.
|
| TIA
|
| ---------------------------------------------------------------------
| Eric H. Raskin                                 eraskin at paslists.com
| Professional Advertising Systems Inc.          Voice: 914-741-1100
| 70 Memorial Plaza                              Fax:   914-741-2788
| Pleasantville, NY 10570
|
|
| _______________________________________________
| pptp-server maillist  -  pptp-server at lists.schulte.org
| http://lists.schulte.org/mailman/listinfo/pptp-server
| List services provided by www.schulte.org!
|




From mm at lunetix.de  Wed Mar 29 07:48:05 2000
From: mm at lunetix.de (Martin Mueller)
Date: Wed Mar 29 07:48:05 2000
Subject: [pptp-server] A patch to strip the Microsoft Domain from the username
Message-ID: <20000329154805.A27633@cicero.werkleitz.de>

Hi All,

I have put another patch on my website http://www.smop.de which
adds the option "chapms-strip-domain" to pppd. When this option
is given to pppd, it strips MSDOMAIN\\... part from the begining
of the username when using MSCHAP authentication.

Have fun!

bye
   MM
   
PGP-RSA key available from:
http://horowitz.surfnet.nl:11371/pks/lookup?op=index&search=mm at lunetix.de



From marcus.rapp at twest.com  Wed Mar 29 10:18:04 2000
From: marcus.rapp at twest.com (Marcus Rapp)
Date: Wed Mar 29 10:18:04 2000
Subject: [pptp-server] Problems with Kernel 2.3.99pre3 ?
Message-ID: <38E22DC7.955C058@twest.com>

Hi all,

I am trying to get pptp-server running for several days now and i did
this EXACTLY as described in the HowTo.
everthing works fine ... i patched ppp .. copied th rc-files .. compiled
the kernel and the modules .. loaded the modules .. compiled pptp .. an
started it.
When i try to connect from a win-machine now, i always get an
error-message, that the kernel does not support ppp or the module is not
loaded.
As in Kernel 2.3.x the ppp - module names ppp_generic, i just copied the
module to ppp.o, so that i should be found ..
But actually i loaded the module by hand.
I did the procedure several times now ... i even tried ppp 2.3.10 (with
the ricght patch and openssl instead of SSLeay) .. i tried pptp 1.1.
and reinstalled the machine 4 times (due to possible file-conflicts
because of the several installs)

Could it be, that pptp does not work with kernel 2.3.x ??
Or what else can i try ... ?

-- 
Marcus Rapp
___________________________________________________________________
>> go twest - be twested with interactive applications on demand <<
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

eMail : marcus.rapp at twest.com
www   : http://www.twest.com

TWEST.COM 
Viktualienmarkt 5
D - 80331 Muenchen
Phone : +49(89)242250-338
Fax   : +49(89)242250-340



From boris at microtrader.com  Wed Mar 29 13:08:37 2000
From: boris at microtrader.com (Boris Reisig)
Date: Wed Mar 29 13:08:37 2000
Subject: [pptp-server] ** Data Encryption over VPN doesnt work **
Message-ID: <000c01bf99ad$41839e80$4201a8c0@mycompany.xxx>

Well. Read the PPTPD docs and I have pppd v2.3.10 compiled with the MPPE patch installed and modules. I have it all setup correctly. The problem is that if I log on to my VPN[Im using Win98 SE as my vpn client] without Data Encryption, I can see everyones computer and access shares. But, If I log onto my work VPN with Data Encryption, I connect properly and I check pptpd.log and message logs and it says that im connected properly and I dont see any errors. But if I go to my network neighborhood, I cant see anyone. I cant even ping my WINS server anymore. Everything seems to work when I turn off Data Encryption.I can ping then my wins server and everything. So whats going on?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20000329/d46b72b3/attachment.html>

From john_g123 at yahoo.com  Wed Mar 29 14:28:11 2000
From: john_g123 at yahoo.com (john)
Date: Wed Mar 29 14:28:11 2000
Subject: [pptp-server] PPTP and NAT ( network architecure also)
Message-ID: <20000329202753.10546.qmail@web3507.mail.yahoo.com>

hi list,

I need to the following and also how PPTP is deployed
in a network.

first i work with a number of firewall vendors
(products) viz Firewall-1, Raptor , Altavista.

TO make the PPTP protocol through a firewall we need
to enable the following, tcp 1723 and IP protocol 47
(GRE). fine till now.

now, question is that is how to allow the PPTP with
static NAT.
what static NAT means is the following:

   INternal----PPTP ------Firewall---- pptp client
   Network     server

  say the PPTP server is hidden behind the Firewall.
ie say the PPTP server as well as the Internal network
has a private IP address like say 10.10.10.x . The
firewall would need to statically translate this IP
address to a one that is routable in the Internet and
client like shown in the diagram can dial into the
PPTP server.

Problem: I am not able to get the static NAT through
the fireawall. without the static NAT I am able to get
things work fine. 
has anyone encountered this scenario before. Please
let me know your comments on this.

since the intention is to allow the pptp-client be
able to connect to hosts located in the Internal
network, i am alloting the tunnelled IP address that
is alloted to the client in the same subnet as is the
Internal network.


The second scenario is to add a third arm (NIC) to the
firewall and move the PPTP server to this third zone
(DMZ). from here i wnat to know as how should the
architecure be, i how to allow the client talk to
hosts in the INternal LAN ? what should be the IP
address structure and what kind of NAT etc would be
needed.

please email me any other comments you would have

__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com



From teastep at evergo.net  Wed Mar 29 16:17:36 2000
From: teastep at evergo.net (Tom Eastep)
Date: Wed Mar 29 16:17:36 2000
Subject: [pptp-server] PPTP and NAT ( network architecure also)
In-Reply-To: <20000329202753.10546.qmail@web3507.mail.yahoo.com>
Message-ID: <Pine.LNX.4.10.10003291349110.32039-100000@wookie.shoreline.tandem.com>

On Wed, 29 Mar 2000, john wrote:

> 
> hi list,
> 
> I need to the following and also how PPTP is deployed
> in a network.
> 
> first i work with a number of firewall vendors
> (products) viz Firewall-1, Raptor , Altavista.
> 
> TO make the PPTP protocol through a firewall we need
> to enable the following, tcp 1723 and IP protocol 47
> (GRE). fine till now.
> 
> now, question is that is how to allow the PPTP with
> static NAT.
> what static NAT means is the following:
> 
>    INternal----PPTP ------Firewall---- pptp client
>    Network     server
> 
>   say the PPTP server is hidden behind the Firewall.
> ie say the PPTP server as well as the Internal network
> has a private IP address like say 10.10.10.x . The
> firewall would need to statically translate this IP
> address to a one that is routable in the Internet and
> client like shown in the diagram can dial into the
> PPTP server.
> 
> Problem: I am not able to get the static NAT through
> the fireawall. without the static NAT I am able to get
> things work fine. 
> has anyone encountered this scenario before. Please
> let me know your comments on this.
>

You might look at http://seawall.sourceforge.net. Seawall supports this
type of operation via parameters (assuming that you have the proper kernel
patches and other components; these are all described in the
documentation at the above site).
 
-Tom
-- 
Tom Eastep             \  Eastep's First Principle of Computing:
ICQ #60745924           \  "Any sane computer will tell you how it
teastep at evergo.net       \   works if you ask it the proper questions"
Shoreline, Washington USA ___________________________________________




From mike at coredump.ae.usr.com  Wed Mar 29 16:18:22 2000
From: mike at coredump.ae.usr.com (Mike Wronski)
Date: Wed Mar 29 16:18:22 2000
Subject: [pptp-server] CTRL message
Message-ID: <000401bf99cc$4671bb60$7fa918cf@otherland.ae.usr.com>

I have a linux-pptp connection going to a poptop server. My server is
dumping
CTRL: couldnt read packet header [exit]
CTRL: unexpected control message 0 in disconnect sequence

strange thing is that it seems to be working fine. Except my syslog is
flooding.. Any sugestions?



-
Mike Wronski
Network Systems Engineer
3Com Carrier Business Unit




From dxf at dewittross.com  Thu Mar 30 14:42:36 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Thu Mar 30 14:42:36 2000
Subject: [pptp-server] ipx over pptp
Message-ID: <38E3BCB3.D46F3D06@dewittross.com>

Has anyone run IPX over PoPToP?  Is it worth my time to try to get it
working, or is it just broken?

Anyone have any thoughts about this?  I am thinking about trying to get
this to work, but I am not sure what it all would entail.  Do I need to
get IPX running on the PoPToP server first (I am assuming that I do need
to)?

How about the clients, is there anything special that needs to be done
for them?
-- 
Daniell Freed
Computer Services
Dewitt, Ross, & Stevens

He who fights with monsters might take care 
lest he thereby become a monster. 
And if you gaze for long into an abyss, 
the abyss gazes also into you.

Beyond Good and Evil
Friedrich Wilhelm Nietzche



From adam at morrison-ind.com  Thu Mar 30 14:57:30 2000
From: adam at morrison-ind.com (Adam Williams)
Date: Thu Mar 30 14:57:30 2000
Subject: [pptp-server] Re:LDAP/PAM for authentication
Message-ID: <200003302057.PAA233980@morrison.iserv.net.>

 From          : lists>pptp-server-admin
 To            : adam
 Subject       : [pptp-server] LDAP/PAM for authentication
 Date          : 01/01/70 01:01


>Does anyone know of any means to use either an LDAP server or PAM (with
>the LDAP patch) to authenticate PPP (or more specifically PPTP)
>clients?

PPP does the actual auth, not PPTPD. PPP can only work with PAM when using
PAP auth, and not when using CHAP, which means no data encryption.~

>We are trying to move all, or most, of our user authentication over to use an
>LDAP based directory.  The users will be nearly all Windows based (NT 4.0,
>95/98, and 2000).

So are we,  this is a stumbling block, at least until MS-CHAP get's
implemented on the server side of PPPd which currently only really has
the client portion.  See README.MSCHAP80 in the pppd source for more~
details.~

>Does anyone have any thoughts about this, or is this pretty much not doable
>with the way that PPP and Windoww handles authentication?

It is doable in theory, but not with the current PPPd.  If your willing to
give up data encyption PAP works with pam_ldap just fine.



From dxf at dewittross.com  Thu Mar 30 15:02:12 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Thu Mar 30 15:02:12 2000
Subject: [pptp-server] Re:LDAP/PAM for authentication
References: <200003302057.PAA233980@morrison.iserv.net.>
Message-ID: <38E3C14F.EBF30EF4@dewittross.com>

Thanks I appreciate the info.  For the moment I guess they will just
have to use 1 more password.

Dan

Adam Williams wrote:
> 
>  From          : lists>pptp-server-admin
>  To            : adam
>  Subject       : [pptp-server] LDAP/PAM for authentication
>  Date          : 01/01/70 01:01
> 
> >Does anyone know of any means to use either an LDAP server or PAM (with
> >the LDAP patch) to authenticate PPP (or more specifically PPTP)
> >clients?
> 
> PPP does the actual auth, not PPTPD. PPP can only work with PAM when using
> PAP auth, and not when using CHAP, which means no data encryption.~
> 
> >We are trying to move all, or most, of our user authentication over to use an
> >LDAP based directory.  The users will be nearly all Windows based (NT 4.0,
> >95/98, and 2000).
> 
> So are we,  this is a stumbling block, at least until MS-CHAP get's
> implemented on the server side of PPPd which currently only really has
> the client portion.  See README.MSCHAP80 in the pppd source for more~
> details.~
> 
> >Does anyone have any thoughts about this, or is this pretty much not doable
> >with the way that PPP and Windoww handles authentication?
> 
> It is doable in theory, but not with the current PPPd.  If your willing to
> give up data encyption PAP works with pam_ldap just fine.
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!

-- 
Daniell Freed
Computer Services
Dewitt, Ross, & Stevens

He who fights with monsters might take care 
lest he thereby become a monster. 
And if you gaze for long into an abyss, 
the abyss gazes also into you.

Beyond Good and Evil
Friedrich Wilhelm Nietzche



From sstone at taos.com  Thu Mar 30 15:32:53 2000
From: sstone at taos.com (Scott M. Stone)
Date: Thu Mar 30 15:32:53 2000
Subject: [pptp-server] Re:LDAP/PAM for authentication
In-Reply-To: <38E3C14F.EBF30EF4@dewittross.com>
Message-ID: <Pine.LNX.4.10.10003301332310.7366-100000@armadillo.wink.com>

On Thu, 30 Mar 2000, Daniell Freed wrote:

> Thanks I appreciate the info.  For the moment I guess they will just
> have to use 1 more password.

why not use radius?

> 
> Dan
> 
> Adam Williams wrote:
> > 
> >  From          : lists>pptp-server-admin
> >  To            : adam
> >  Subject       : [pptp-server] LDAP/PAM for authentication
> >  Date          : 01/01/70 01:01
> > 
> > >Does anyone know of any means to use either an LDAP server or PAM (with
> > >the LDAP patch) to authenticate PPP (or more specifically PPTP)
> > >clients?
> > 
> > PPP does the actual auth, not PPTPD. PPP can only work with PAM when using
> > PAP auth, and not when using CHAP, which means no data encryption.~
> > 
> > >We are trying to move all, or most, of our user authentication over to use an
> > >LDAP based directory.  The users will be nearly all Windows based (NT 4.0,
> > >95/98, and 2000).
> > 
> > So are we,  this is a stumbling block, at least until MS-CHAP get's
> > implemented on the server side of PPPd which currently only really has
> > the client portion.  See README.MSCHAP80 in the pppd source for more~
> > details.~
> > 
> > >Does anyone have any thoughts about this, or is this pretty much not doable
> > >with the way that PPP and Windoww handles authentication?
> > 
> > It is doable in theory, but not with the current PPPd.  If your willing to
> > give up data encyption PAP works with pam_ldap just fine.
> > 
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulte.org!
> 
> 

--------------------------
Scott M. Stone, CCNA <sstone at taos.com>
UNIX Systems and Network Engineer
Taos - The SysAdmin Company 




From dxf at dewittross.com  Thu Mar 30 16:02:15 2000
From: dxf at dewittross.com (Daniell Freed)
Date: Thu Mar 30 16:02:15 2000
Subject: [pptp-server] Re:LDAP/PAM for authentication
References: <Pine.LNX.4.10.10003301332310.7366-100000@armadillo.wink.com>
Message-ID: <38E3CF62.66021049@dewittross.com>

I don't know much about Radius.  Do you have any links to some info on
it?

Dan

"Scott M. Stone" wrote:
> 
> On Thu, 30 Mar 2000, Daniell Freed wrote:
> 
> > Thanks I appreciate the info.  For the moment I guess they will just
> > have to use 1 more password.
> 
> why not use radius?
> 
> >
> > Dan
> >
> > Adam Williams wrote:
> > >
> > >  From          : lists>pptp-server-admin
> > >  To            : adam
> > >  Subject       : [pptp-server] LDAP/PAM for authentication
> > >  Date          : 01/01/70 01:01
> > >
> > > >Does anyone know of any means to use either an LDAP server or PAM (with
> > > >the LDAP patch) to authenticate PPP (or more specifically PPTP)
> > > >clients?
> > >
> > > PPP does the actual auth, not PPTPD. PPP can only work with PAM when using
> > > PAP auth, and not when using CHAP, which means no data encryption.~
> > >
> > > >We are trying to move all, or most, of our user authentication over to use an
> > > >LDAP based directory.  The users will be nearly all Windows based (NT 4.0,
> > > >95/98, and 2000).
> > >
> > > So are we,  this is a stumbling block, at least until MS-CHAP get's
> > > implemented on the server side of PPPd which currently only really has
> > > the client portion.  See README.MSCHAP80 in the pppd source for more~
> > > details.~
> > >
> > > >Does anyone have any thoughts about this, or is this pretty much not doable
> > > >with the way that PPP and Windoww handles authentication?
> > >
> > > It is doable in theory, but not with the current PPPd.  If your willing to
> > > give up data encyption PAP works with pam_ldap just fine.
> > >
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulte.org!
> >
> >
> 
> --------------------------
> Scott M. Stone, CCNA <sstone at taos.com>
> UNIX Systems and Network Engineer
> Taos - The SysAdmin Company



From neale at lowendale.com.au  Thu Mar 30 16:09:22 2000
From: neale at lowendale.com.au (Neale Banks)
Date: Thu Mar 30 16:09:22 2000
Subject: [pptp-server] Re:LDAP/PAM for authentication
In-Reply-To: <Pine.LNX.4.10.10003301332310.7366-100000@armadillo.wink.com>
Message-ID: <Pine.LNX.4.05.10003310812580.28522-100000@marina.lowendale.com.au>

On Thu, 30 Mar 2000, Scott M. Stone wrote:

> On Thu, 30 Mar 2000, Daniell Freed wrote:
> 
> > Thanks I appreciate the info.  For the moment I guess they will just
> > have to use 1 more password.
> 
> why not use radius?

'coz RADIUS, LDAP etc are all PAM modules and PAM-ified PPP can only
authenticate PAP (i.e. not CHAP or MS-perversions thereof).  AFAIK, the
issue is that the CHAP algorithm requires access to the cleartext of the
password but PAM specifically does not pass this back (think of it as a
security feature ;-).

This issue has been tossed around a few times before and there was (is
still? ;-) an offer of a Pizza for someone who could come up with the
diffs to make this work.

e.g. look at the "PoPToP and Authentication Questions" thread in the March
archives.

HTH,
Neale.




From macleajb at Trademart-1.ednet.ns.ca  Thu Mar 30 19:11:20 2000
From: macleajb at Trademart-1.ednet.ns.ca (James MacLean)
Date: Thu Mar 30 19:11:20 2000
Subject: [pptp-server] Re:LDAP/PAM for authentication
In-Reply-To: <Pine.LNX.4.05.10003310812580.28522-100000@marina.lowendale.com.au>
Message-ID: <Pine.LNX.4.10.10003302109290.1068-100000@Trademart-1.ednet.ns.ca>

On Fri, 31 Mar 2000, Neale Banks wrote:
> This issue has been tossed around a few times before and there was (is
> still? ;-) an offer of a Pizza for someone who could come up with the
> diffs to make this work.

Did I miss some of the info, or are we still leaning towards pam with a
multiple expect/send sequence which we believe pam will allow?

For a pizza maybe I'll start looking into some of this :).

JES
--
James B. MacLean        macleajb at ednet.ns.ca
Department of Education http://www.ednet.ns.ca/~macleajb
Nova Scotia, Canada
B3M 4B2
     




From natecars at real-time.com  Fri Mar 31 09:40:35 2000
From: natecars at real-time.com (Nate Carlson)
Date: Fri Mar 31 09:40:35 2000
Subject: [pptp-server] Re:LDAP/PAM for authentication
In-Reply-To: <Pine.LNX.4.10.10003302109290.1068-100000@Trademart-1.ednet.ns.ca>
Message-ID: <Pine.LNX.4.10.10003310940140.12988-100000@enchanter.real-time.com>

On Thu, 30 Mar 2000, James MacLean wrote:

> On Fri, 31 Mar 2000, Neale Banks wrote:
> > This issue has been tossed around a few times before and there was (is
> > still? ;-) an offer of a Pizza for someone who could come up with the
> > diffs to make this work.
> 
> Did I miss some of the info, or are we still leaning towards pam with a
> multiple expect/send sequence which we believe pam will allow?
> 
> For a pizza maybe I'll start looking into some of this :).
> 
> JES

I'll order a pizza for the first person who figures this out.  :)

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500




From christopher at schulte.org  Fri Mar 31 14:55:51 2000
From: christopher at schulte.org (Christopher Schulte)
Date: Fri Mar 31 14:55:51 2000
Subject: [pptp-server] Fwd: pptp client problem
Message-ID: <4.3.1.0.20000331145714.00c347b0@pop.schulte.org>

>Date: Fri, 31 Mar 2000 09:21:51 -0800 (PST)
>From: Laxman Shankar <eiachomb at yahoo.com>
>Subject: pptp client problem
>To: chris at schulte.org
>
>Hi Chris,
>
>I needed some help in using the pptp client
>package pptp-linux-1.0.2.
>
>I have a DSL connection using PPPoE.  I know
>the IP address of the PPTP server I am trying to
>connect to and my user name and password.
>
>The usage is >pptp <ipaddr> <ppp options>
>
>pptp.c tries to connect to ipaddr which it cannot
>reach if I have not already run the pppd over pppoe.
>
>Can you tell me what the correct method is ? or
>give me a pointer to someone who does.
>
>Thanks
>Laxman


--
Christopher Schulte | christopher at schulte.org
cell:612.986.4859   | home:651.225.4557 | fax: 651.315.3339
page:612.289.5511   | free:877.271.9245 | site:schulte.org




From jrioux at entrata.com  Fri Mar 31 15:12:11 2000
From: jrioux at entrata.com (John Rioux)
Date: Fri Mar 31 15:12:11 2000
Subject: [pptp-server] Problem getting mppe to work
Message-ID: <38E51424.25CA5F79@entrata.com>

I am atempting to get PPP with MSCHAPv2/MPPE running on a Redhat 6.1 box
as a VPN server for our Microsoft NT workstation 4.0 SP 5 clients.  It
works fine when I set security in DUN to use microsoft encrypted
passwords, but when I check the box to require data encryption.  I get
the ERROR: 742 The remote server does not support data encryption.
I have been using the Poptop-Redhat-Howto written by Mike Barsalou dated
20000306 and the installation appeared to be flawless.  I have verified
that the ppp_mppe module is loaded.
How should I go about trouble shooting this problem.
TIA regards,
John Rioux




From tony at watters.com  Fri Mar 31 16:49:39 2000
From: tony at watters.com (Tony Pardini)
Date: Fri Mar 31 16:49:39 2000
Subject: [pptp-server] Problem getting mppe to work
In-Reply-To: <38E51424.25CA5F79@entrata.com>
References: <38E51424.25CA5F79@entrata.com>
Message-ID: <00033116492207.19696@muerte.emphasys.net>

In this situation your typically need to make sure that you have the latests
VPN updates from microsoft...

On Fri, 31 Mar 2000, John Rioux wrote:
> I am atempting to get PPP with MSCHAPv2/MPPE running on a Redhat 6.1 box
> as a VPN server for our Microsoft NT workstation 4.0 SP 5 clients.  It
> works fine when I set security in DUN to use microsoft encrypted
> passwords, but when I check the box to require data encryption.  I get
> the ERROR: 742 The remote server does not support data encryption.
> I have been using the Poptop-Redhat-Howto written by Mike Barsalou dated
> 20000306 and the installation appeared to be flawless.  I have verified
> that the ppp_mppe module is loaded.
> How should I go about trouble shooting this problem.
> TIA regards,
> John Rioux
> 
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!



From gord at amador.ca  Fri Mar 31 17:37:06 2000
From: gord at amador.ca (Gord Belsey)
Date: Fri Mar 31 17:37:06 2000
Subject: [pptp-server] Fwd: pptp client problem
References: <4.3.1.0.20000331145714.00c347b0@pop.schulte.org>
Message-ID: <030401bf9b6a$313c3050$280111ac@amadorinc.com>

I've got the exact smae set up at a customer site.  The key is using
separate option files for PPPoE and PPTP.

Run PPPoE first.  You don't mention who's PPPoE client you use, but there
should be an option to specify the option file (say, options.pppoe).  After
you have that link up, then run pptp with it's own option file.  The flag
is -o.

I found that the options for PPPoE are not compatible with those required
for the PPTP client.

Hope this helps

Gord Belsey
----- Original Message -----
From: Christopher Schulte <christopher at schulte.org>
To: <pptp-server at lists.schulte.org>
Sent: Friday, March 31, 2000 1:57 PM
Subject: [pptp-server] Fwd: pptp client problem


>
> >Date: Fri, 31 Mar 2000 09:21:51 -0800 (PST)
> >From: Laxman Shankar <eiachomb at yahoo.com>
> >Subject: pptp client problem
> >To: chris at schulte.org
> >
> >Hi Chris,
> >
> >I needed some help in using the pptp client
> >package pptp-linux-1.0.2.
> >
> >I have a DSL connection using PPPoE.  I know
> >the IP address of the PPTP server I am trying to
> >connect to and my user name and password.
> >
> >The usage is >pptp <ipaddr> <ppp options>
> >
> >pptp.c tries to connect to ipaddr which it cannot
> >reach if I have not already run the pppd over pppoe.
> >
> >Can you tell me what the correct method is ? or
> >give me a pointer to someone who does.
> >
> >Thanks
> >Laxman
>
>
> --
> Christopher Schulte | christopher at schulte.org
> cell:612.986.4859   | home:651.225.4557 | fax: 651.315.3339
> page:612.289.5511   | free:877.271.9245 | site:schulte.org
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulte.org!
>