From frost at engen.com Mon May 1 11:36:24 2000 From: frost at engen.com (Frost) Date: Mon, 1 May 2000 09:36:24 -0700 Subject: [pptp-server] Strange Daemon Process Message-ID: When the PoPToP server is listening, a "ps -ef |grep pp" shows the following info about the server: root 753 1 0 Apr30 ? 00:00:00 /usr/sbin/pptpd -d This holds true until more than one one connection is made to the server and then the resulting ps command shows this: root 753 1 0 09:14 ? 00:00:00 [pptpd] Does anyone have any ideas what's going on. After running all weekend, my two inbound vpn connections were down and I had about 12 of the [pptpd] processes showing with ps command. Anybody see this before? Thanks, Harv Harv Frost En.gen (a Division of J. River, Inc.) mailto:frost at engen.com 2727 W. Baseline Rd #13 http://www.engen.com Tempe, AZ 85283 ftp://ftp.engen.com Tel: 602-438-1110 From markc at liquidev.com Mon May 1 15:08:55 2000 From: markc at liquidev.com (Mark Whittington) Date: Mon, 1 May 2000 13:08:55 -0700 (PDT) Subject: [pptp-server] pptp client help? Message-ID: Does anyone know where I can get help with the PPTP client for Linux? I'm guessing that this is the wrong place, but I can't seem to find a list that addresses the client. Thanks. Mark Whittington Liquid Development From bhkwan at ThoughtWorks.com Mon May 1 17:42:15 2000 From: bhkwan at ThoughtWorks.com (bhkwan at ThoughtWorks.com) Date: Mon, 1 May 2000 15:42:15 -0700 Subject: [pptp-server] pptp over SSH... Message-ID: is it possible to do that? We only allow SSH traffic go into our internal network ( and Two Servers ONLY ). I want to be able to access the internal network especially those NT server from my home DSL. I have install PoPToP on one of that two servers. I tried to connect to the PPTP server over SSH, of course it failed. Finally, I realized that SSH CANNOT forward IP protocol traffic. What options do I have now? Thanks From geoff at gnaa.net Mon May 1 18:52:42 2000 From: geoff at gnaa.net (Geoff Nordli) Date: Mon, 1 May 2000 16:52:42 -0700 Subject: [pptp-server] pptp over SSH... In-Reply-To: Message-ID: <00be01bfb3c8$591cbd30$0101a8c0@highwayi.com> I am not an expert in this, but people use ppp over top of ssh for a VPN solution. here is a link: http://www.linuxdoc.org/HOWTO/mini/VPN.html Geoff Nordli > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > bhkwan at thoughtworks.com > Sent: Monday, May 01, 2000 3:42 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp over SSH... > > > is it possible to do that? We only allow SSH traffic go into > our internal > network ( and Two Servers ONLY ). I want to be able to > access the internal > network especially those NT server from my home DSL. > > I have install PoPToP on one of that two servers. I tried > to connect to > the PPTP server over SSH, of course it failed. Finally, I > realized that > SSH CANNOT forward IP protocol traffic. > > What options do I have now? > > Thanks > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From john at netdirect.ca Mon May 1 19:11:31 2000 From: john at netdirect.ca (John Van Ostrand) Date: Mon, 1 May 2000 20:11:31 -0400 Subject: [pptp-server] pptp over SSH... Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B098@enterprise.NetDirect.CA> With SSH you would simply use pppd. SSH will encrypt the traffic and ppp provides the protocol. This, of course, only works between two UNIX boxes. John. > -----Original Message----- > From: bhkwan at thoughtworks.com [mailto:bhkwan at thoughtworks.com] > Sent: Monday, May 01, 2000 6:42 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp over SSH... > > > is it possible to do that? We only allow SSH traffic go into > our internal > network ( and Two Servers ONLY ). I want to be able to > access the internal > network especially those NT server from my home DSL. > > I have install PoPToP on one of that two servers. I tried > to connect to > the PPTP server over SSH, of course it failed. Finally, I > realized that > SSH CANNOT forward IP protocol traffic. > > What options do I have now? > > Thanks > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From bhkwan at ThoughtWorks.com Mon May 1 19:07:59 2000 From: bhkwan at ThoughtWorks.com (bhkwan at ThoughtWorks.com) Date: Mon, 1 May 2000 17:07:59 -0700 Subject: [pptp-server] pptp over SSH... Message-ID: I think the HOWTO is for linux client.... I am using Windows NT on my home machine... any other suggestion? "Geoff Nordli" To: , Subject: RE: [pptp-server] pptp over SSH... 05/01/2000 04:52 PM Please respond to geoff I am not an expert in this, but people use ppp over top of ssh for a VPN solution. here is a link: http://www.linuxdoc.org/HOWTO/mini/VPN.html Geoff Nordli > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > bhkwan at thoughtworks.com > Sent: Monday, May 01, 2000 3:42 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp over SSH... > > > is it possible to do that? We only allow SSH traffic go into > our internal > network ( and Two Servers ONLY ). I want to be able to > access the internal > network especially those NT server from my home DSL. > > I have install PoPToP on one of that two servers. I tried > to connect to > the PPTP server over SSH, of course it failed. Finally, I > realized that > SSH CANNOT forward IP protocol traffic. > > What options do I have now? > > Thanks > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From john at netdirect.ca Mon May 1 19:14:34 2000 From: john at netdirect.ca (John Van Ostrand) Date: Mon, 1 May 2000 20:14:34 -0400 Subject: [pptp-server] pptp client help? Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B099@enterprise.NetDirect.CA> Here is a client for Linux. I've never used it but I found it looking for a PPTP server for Linux. http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/ John. > -----Original Message----- > From: Mark Whittington [mailto:markc at liquidev.com] > Sent: Monday, May 01, 2000 4:09 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp client help? > > > Does anyone know where I can get help with the PPTP client > for Linux? I'm > guessing that this is the wrong place, but I can't seem to find a list > that addresses the client. Thanks. > > Mark Whittington > Liquid Development > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From sengland at controlnet.com Mon May 1 19:27:08 2000 From: sengland at controlnet.com (Scott England) Date: Mon, 1 May 2000 17:27:08 -0700 Subject: [pptp-server] pptp over SSH... Message-ID: You can route ip traffic via ssh, you run a ppp session inside of the ssh session and use a detached tty and add some routes, question is why? once you do that you have a VPN established, why run a pptp session inside that? Using ssh to connect with a tunneled ppp session is documented on the vpn-howto on the ldp site. Scott England -----Original Message----- From: bhkwan at thoughtworks.com [mailto:bhkwan at thoughtworks.com] Sent: Monday, May 01, 2000 3:42 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] pptp over SSH... is it possible to do that? We only allow SSH traffic go into our internal network ( and Two Servers ONLY ). I want to be able to access the internal network especially those NT server from my home DSL. I have install PoPToP on one of that two servers. I tried to connect to the PPTP server over SSH, of course it failed. Finally, I realized that SSH CANNOT forward IP protocol traffic. What options do I have now? Thanks _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From geoff at gnaa.net Mon May 1 20:15:54 2000 From: geoff at gnaa.net (Geoff Nordli) Date: Mon, 1 May 2000 18:15:54 -0700 Subject: [pptp-server] pptp over SSH... In-Reply-To: Message-ID: <00d501bfb3d3$f71393f0$0101a8c0@highwayi.com> Use remote control of a box on the internal network. Look at VNC, Radmin, or Pc anywhere. You can port forward anything that you need to particular host that is running the software. Radmin is super cheap ($25), and has good performance. I believe there latest version support file transfers, and NT domain login. I use it through SSH. > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > bhkwan at thoughtworks.com > > I think the HOWTO is for linux client.... I am using Windows > NT on my home > machine... > > I am not an expert in this, but people use ppp > over top of ssh for a VPN solution. > > here is a link: > > http://www.linuxdoc.org/HOWTO/mini/VPN.html > > Geoff Nordli > > > > > > > is it possible to do that? We only allow SSH traffic go into > > our internal > > network ( and Two Servers ONLY ). I want to be able to > > access the internal > > network especially those NT server from my home DSL. > > > > I have install PoPToP on one of that two servers. I tried > > to connect to > > the PPTP server over SSH, of course it failed. Finally, I > > realized that > > SSH CANNOT forward IP protocol traffic. > > > > What options do I have now? > > > > Thanks > > From yan at cardinalengineering.com Tue May 2 06:15:19 2000 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue, 02 May 2000 07:15:19 -0400 Subject: [pptp-server] pptp over SSH... References: Message-ID: <390EB8C7.BDF83A77@cardinalengineering.com> SSH can forwared tcp only. Not UDP, and certainly not GRE (protocol 47). That being said, SSH can forward port 139 which is all you need for accessing win shares. You won't have browsing, etc. but at least you can read your files. --Yan bhkwan at thoughtworks.com wrote: > > is it possible to do that? We only allow SSH traffic go into our internal > network ( and Two Servers ONLY ). I want to be able to access the internal > network especially those NT server from my home DSL. > > I have install PoPToP on one of that two servers. I tried to connect to > the PPTP server over SSH, of course it failed. Finally, I realized that > SSH CANNOT forward IP protocol traffic. > > What options do I have now? > > Thanks > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From erobinson at dot.state.nv.us Tue May 2 10:31:29 2000 From: erobinson at dot.state.nv.us (Robinson, Eric R.) Date: Tue, 2 May 2000 08:31:29 -0700 Subject: [pptp-server] FreeBSD Newbie Q Message-ID: Greetings! I'm a Linux fan, but I used FreeBSD 3.4 for my latest firewall project because of the exceptional capabilities of Darren Reed's IP Filter. Now I'm trying to bring up PoPToP on the same box. Is there a HOWTO or FAQ that describes how to get PoPToP running under FreeBSD? I've looked at the HOWTO at www.moretonbay.com/vpn/releases/HOWTO-PoPToP.txt but it specifically addresses Linux, not BSD. Two quickie Q's: 1. My kernel config file has the options "pseudo-device ppp" and "pseudo-device tun." Does this mean my kernel is configured for ppp? 2. The ppp session does not start. My sniffer says the following is happening: Client -> Server: Start-Control-Connection-Request Client <- Server: Start-Control-Connection-Reply Client -> Server: Outgoing-Call-Request Client <- Server: Outgoing-Call-Reply Client -> Server: Set-Link-Info Client -> Server: LCP Configure Request Client -> Server: LCP Configure Request Client -> Server: LCP Configure Request Client -> Server: LCP Configure Request Client -> Server: LCP Configure Request Client -> Server: LCP Configure Request Client -> Server: LCP Configure Request Client -> Server: Terminate Session Note that the client is trying to start a ppp session, but the server is apparently not replying to its LCP configuration requests, so the client eventually gives up. Any clues on what might be causing this? -- Eric Robinson State of Nevada DOT From kharma at nf.sympatico.ca Tue May 2 19:02:56 2000 From: kharma at nf.sympatico.ca (RWB) Date: Tue, 02 May 2000 21:32:56 -0230 Subject: [pptp-server] Linux VPN Message-ID: <390F6CB0.3D093EF@nf.sympatico.ca> We want to set up a VPN. We have an NT server with several wkstn's in one office. Our Internet gateway is a Linux box via ASDL connection. Our remote office will have a cable connection with an NT server as the gateway. What do we need to set up a secure vpn between these two sites??? Thanks, ROger W. Bowen From teastep at evergo.net Tue May 2 19:32:48 2000 From: teastep at evergo.net (Tom Eastep) Date: Tue, 2 May 2000 17:32:48 -0700 (PDT) Subject: [pptp-server] Linux VPN In-Reply-To: <390F6CB0.3D093EF@nf.sympatico.ca> Message-ID: Roger, On Tue, 2 May 2000, RWB wrote: > We want to set up a VPN. We have an NT server with several wkstn's in > one office. Our Internet gateway is a Linux box via ASDL connection. > Our remote office will have a cable connection with an NT server as the > gateway. What do we need to set up a secure vpn between these two > sites??? > Here are a couple of links: http://www.wolfenet.com/~jhardin/ip_masq_vpn.html http://seawall.sourceforge.net -Tom -- Tom Eastep \ Eastep's First Principle of Computing: ICQ #60745924 \ "Any sane computer will tell you how it teastep at evergo.net \ works if you ask it the proper questions" Shoreline, Washington USA \___________________________________________ From hugh at island.net.au Tue May 2 21:07:49 2000 From: hugh at island.net.au (Hugh Blandford) Date: Wed, 3 May 2000 12:07:49 +1000 Subject: [pptp-server] FreeBSD Newbie Q References: Message-ID: <00ab01bfb4a4$64a90d20$088ea8c0@island.net.au> Hi Eric, I have poptop running on a FreeBSD but without encryption. I am using userland ppp. I would grab the latest version from http://www.awfulhak.org/ppp.html and compile and install it on your system. Once ppp has been updated get the 1.0.0 poptop ( I can't get the latest development to compile) and run: configure --with-bsdppp then make and make install you will then need to setup ppp to accept incoming calls: I did the following to /etc/gettytab: #default:\ # :cb:ce:ck:lc:fd#1000:im=\r\nFreeBSD (%h) (%t)\r\n\r\n:sp#1200: # default:\ :pp=/usr/local/bin/ppplogin:\ I created the /usr/local/bin/ppplogin file with the following contents: #!/bin/sh exec /usr/sbin/ppp -direct pptp My ppp.conf has the following in it apart from the default section: pptp: set timeout 0 enable chap enable proxy set ifaddr 192.168.142.1 192.168.142.110-192.168.142.115 255.255.255.0 set dns 192.168.142.1 set nbns 192.168.142.64 now you will also have to add your users to the /etc/ppp/ppp.secrets file. All the difficult stuff is in ppp....poptop is nice and simple. Let me know if you have any difficulties. Hugh Blandford ----- Original Message ----- From: "Robinson, Eric R." To: Sent: Wednesday, May 03, 2000 1:31 AM Subject: [pptp-server] FreeBSD Newbie Q > Greetings! > > I'm a Linux fan, but I used FreeBSD 3.4 for my latest firewall project > because of the exceptional capabilities of Darren Reed's IP Filter. Now I'm > trying to bring up PoPToP on the same box. Is there a HOWTO or FAQ that > describes how to get PoPToP running under FreeBSD? I've looked at the HOWTO > at www.moretonbay.com/vpn/releases/HOWTO-PoPToP.txt but it specifically > addresses Linux, not BSD. > > Two quickie Q's: > > 1. My kernel config file has the options "pseudo-device ppp" and > "pseudo-device tun." Does this mean my kernel is configured for ppp? > > 2. The ppp session does not start. My sniffer says the following is > happening: > > Client -> Server: Start-Control-Connection-Request > Client <- Server: Start-Control-Connection-Reply > Client -> Server: Outgoing-Call-Request > Client <- Server: Outgoing-Call-Reply > Client -> Server: Set-Link-Info > Client -> Server: LCP Configure Request > Client -> Server: LCP Configure Request > Client -> Server: LCP Configure Request > Client -> Server: LCP Configure Request > Client -> Server: LCP Configure Request > Client -> Server: LCP Configure Request > Client -> Server: LCP Configure Request > Client -> Server: Terminate Session > > Note that the client is trying to start a ppp session, but the server is > apparently not replying to its LCP configuration requests, so the client > eventually gives up. > > Any clues on what might be causing this? > > -- > Eric Robinson > State of Nevada DOT > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From Haberkorn at sympat.de Wed May 3 03:59:34 2000 From: Haberkorn at sympat.de (Haberkorn_Klaus) Date: Wed, 3 May 2000 10:59:34 +0200 Subject: [pptp-server] ipchains for GRE Message-ID: <7194CEC27D24D111BC33006097E3D75F2D5FCA@mail.sympat.de> Hi there, has anybody got an idea how to add a permanent firewall-rule for GRE? I'm working with Halloween Linux, and it?s not possible in Linuxconf, neither manually in the /etc/linux/linuxconf - file, (because an protocol entry of "47" is not beeing accepted) The command: ipchains -A input -p 47 -s 0/0 -d 0/0 -j ACCEPT works fine, but has to be issued each time after starting the server. From vigov at com2com.ru Wed May 3 06:26:50 2000 From: vigov at com2com.ru (vigov) Date: Wed, 3 May 2000 15:26:50 +0400 Subject: [pptp-server] mppe under FBSD Message-ID: <11643.000503@com2com.ru> Hi there! There're a lot of people asks about mppe with ppp, but i haven't seen any results. BTW there's mppc node for netgaph, and mppe have realeased in mpd by Archie Cobbs. Have anybody ppp + mppe working together? Eugene From john at netdirect.ca Wed May 3 07:56:17 2000 From: john at netdirect.ca (John Van Ostrand) Date: Wed, 3 May 2000 08:56:17 -0400 Subject: [pptp-server] mppe under FBSD Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B0A2@enterprise.NetDirect.CA> Eugene, I'm using mppe with ppp on RedHat 6.1. And I know I'm getting encryption because the MS client is set to require it. I followed the RedHat howto http://www.moretonbay.com/vpn/releases/PoPToP-RedHat-HOWTO.txt. John. > -----Original Message----- > From: vigov [mailto:vigov at com2com.ru] > Sent: Wednesday, May 03, 2000 7:27 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] mppe under FBSD > > > Hi there! There're a lot of people asks about mppe with ppp, but i > haven't seen any results. BTW there's mppc node for netgaph, and mppe > have realeased in mpd by Archie Cobbs. > Have anybody ppp + mppe working together? > > Eugene > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From mwronski at coredump.ae.usr.com Wed May 3 09:23:36 2000 From: mwronski at coredump.ae.usr.com (Mike Wronski) Date: Wed, 3 May 2000 09:23:36 -0500 (CDT) Subject: [pptp-server] ipchains for GRE In-Reply-To: <7194CEC27D24D111BC33006097E3D75F2D5FCA@mail.sympat.de> Message-ID: There is a ip_masq module to forward GRE for pptp.. -M On Wed, 3 May 2000, Haberkorn_Klaus spewed: > Hi there, > > has anybody got an idea how to add a permanent firewall-rule > for GRE? > > I'm working with Halloween Linux, and it?s not possible in Linuxconf, > neither manually in the /etc/linux/linuxconf - file, > (because an protocol entry of "47" is not beeing accepted) > > The command: > > ipchains -A input -p 47 -s 0/0 -d 0/0 -j ACCEPT > > works fine, but has to be issued each time after starting the server. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > +--------------------------------------+ Mike Wronski (mike at coredump.ae.usr.com) 3Com Network Systems Engineer From br at ldl.net Wed May 3 10:26:01 2000 From: br at ldl.net (Ed Street) Date: Wed, 3 May 2000 11:26:01 -0400 (EDT) Subject: [pptp-server] ipchains for GRE In-Reply-To: <7194CEC27D24D111BC33006097E3D75F2D5FCA@mail.sympat.de> Message-ID: Hello, you can add it to rc.local or make an rc.firewall and call it from the startup files. Ed On Wed, 3 May 2000, Haberkorn_Klaus wrote: >Hi there, > >has anybody got an idea how to add a permanent firewall-rule >for GRE? > >I'm working with Halloween Linux, and it?s not possible in Linuxconf, >neither manually in the /etc/linux/linuxconf - file, >(because an protocol entry of "47" is not beeing accepted) > >The command: > >ipchains -A input -p 47 -s 0/0 -d 0/0 -j ACCEPT > >works fine, but has to be issued each time after starting the server. >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulte.org! > From david.b at staff.logicworld.com.au Wed May 3 19:53:58 2000 From: david.b at staff.logicworld.com.au (David Barclay) Date: Thu, 4 May 2000 10:53:58 +1000 Subject: [pptp-server] Help! Message-ID: <114C79E9061ED21180AE00A0C92C7434755BD4@logic2.staff.logicworld.com.au> Hi, I am having some problems setting up PoPToP and was hoping someone could point out my error. The PPTP server is a dialup box, ie ppp0 System - RedHat 6.1 Kernel - 2.2.12 Conf files - /etc/pptp.conf ----------------------------------- option /etc/ppp/options.pptp debug localip 10.0.1.1 remoteip 10.0.2.1-100 listen 203.34.157.115 ----------------------------------- /etc/ppp/options.pptp ----------------------------------- debug name pptp auth require-chap proxyarp ----------------------------------- /etc/ppp/chap-secrets ----------------------------------- # client server secret IP addresses davidb pptp password * ----------------------------------- Server Log output ----------------------------------- May 4 10:50:52 server pptpd[876]: MGR: Manager process started May 4 10:50:59 server pptpd[878]: MGR: Launching /usr/local/sbin/pptpctrl to handle client May 4 10:50:59 server pptpd[878]: CTRL: local address = 10.0.1.1 May 4 10:50:59 server pptpd[878]: CTRL: remote address = 10.0.2.1 May 4 10:50:59 server pptpd[878]: CTRL: pppd options file = /etc/ppp/options.pptp May 4 10:50:59 server pptpd[878]: CTRL: Client 203.34.156.206 control connection started May 4 10:50:59 server pptpd[878]: CTRL: Received PPTP Control Message (type: 1) May 4 10:50:59 server pptpd[878]: CTRL: Made a START CTRL CONN RPLY packet May 4 10:50:59 server pptpd[878]: CTRL: I wrote 156 bytes to the client. May 4 10:50:59 server pptpd[878]: CTRL: Sent packet to client May 4 10:50:59 server pptpd[878]: CTRL: Received PPTP Control Message (type: 7) May 4 10:50:59 server pptpd[878]: CTRL: Set parameters to 0 maxbps, 16 window size May 4 10:50:59 server pptpd[878]: CTRL: Made a OUT CALL RPLY packet May 4 10:50:59 server pptpd[878]: CTRL: Starting call (launching pppd, opening GRE) May 4 10:50:59 server pptpd[878]: CTRL: pty_fd = 5 May 4 10:50:59 server pptpd[878]: CTRL: tty_fd = 6 May 4 10:50:59 server pptpd[878]: CTRL: I wrote 32 bytes to the client. May 4 10:50:59 server pptpd[879]: CTRL (PPPD Launcher): Connection speed = 115200 May 4 10:50:59 server pptpd[879]: CTRL (PPPD Launcher): local address = 10.0.1.1 May 4 10:50:59 server pptpd[879]: CTRL (PPPD Launcher): remote address = 10.0.2.1 May 4 10:50:59 server pptpd[878]: CTRL: Sent packet to client May 4 10:50:59 server pptpd[878]: GRE: read(fd=5,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = Input/output error May 4 10:50:59 server pptpd[878]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) May 4 10:50:59 server pptpd[878]: CTRL: Client 203.34.156.206 control connection finished May 4 10:50:59 server pptpd[878]: CTRL: Exiting now May 4 10:50:59 server pptpd[876]: MGR: Reaped child 878 May 4 10:50:59 server pppd[881]: pppd 2.3.10 started by root, uid 0 May 4 10:50:59 server pppd[881]: Using interface ppp1 May 4 10:50:59 server pppd[881]: not replacing existing default route to ppp0 [203.34.157.5] May 4 10:50:59 server pppd[881]: Cannot determine ethernet address for proxy ARP May 4 10:50:59 server pppd[881]: local IP address 10.0.1.1 May 4 10:50:59 server pppd[881]: remote IP address 10.0.2.1 Client Error ------------------------------------- You have been disconnected yada yada yada... The pppd process is still run, ie ps ax shows 881 pts/3 S 0:00 /usr/sbin/pppd local file /etc/ppp/options.pptp 115200 10.0.1.1:10.0.2.1 Any help would be fantastic! I suspected it was this line GRE: read(fd=5,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = Input/output error so attempted to compile IP: tunneling and IP: GRE tunnels over IP in to the kernel - still no luck! Thanks in advance. ----------------------------------- Regards, David Barclay From mike at bayoffice.net Wed May 3 20:28:47 2000 From: mike at bayoffice.net (Mike Ireton) Date: Wed, 3 May 2000 18:28:47 -0700 (PDT) Subject: [pptp-server] Managing multiple authentication domains Message-ID: Howdy, So I would like to know how I would solve the following problem with poptop/pppd: A router serves three different organizations - we'll call them companya, companyb, and companyc. These are all assigned IP addresses such as 10.1.1/24, 10.1.2/24 and 10.1.3/24. An employee of companya vpn's in. I want her to be assigned an ip address within companya's address range (10.1.1/24). Then employee's of companyb and companyc vpn in as well, and I want them to be assigned addresses within their respective ranges as well. It appears to me that I cannot do this. Instead, I need to choose a range of IP addresses ahead of time and cannot base the number chosen upon the chap credentials used to authenticate with. Any ideas? -- Mike Ireton Senior Systems Engineer Bay Office Net - http://www.bayoffice.net Voice (415) 643-8700 "Where do you want to go today?" Fax (415) 643-8777 With Linux, I'm already there.... From natecars at real-time.com Wed May 3 22:36:10 2000 From: natecars at real-time.com (Nate Carlson) Date: Wed, 3 May 2000 22:36:10 -0500 (CDT) Subject: [pptp-server] Managing multiple authentication domains In-Reply-To: Message-ID: On Wed, 3 May 2000, Mike Ireton wrote: > Howdy, > So I would like to know how I would solve the following problem > with poptop/pppd: > > A router serves three different organizations - we'll call them > companya, companyb, and companyc. These are all assigned IP addresses such > as 10.1.1/24, 10.1.2/24 and 10.1.3/24. > > An employee of companya vpn's in. I want her to be assigned an ip > address within companya's address range (10.1.1/24). Then employee's of > companyb and companyc vpn in as well, and I want them to be assigned > addresses within their respective ranges as well. > > It appears to me that I cannot do this. Instead, I need to choose > a range of IP addresses ahead of time and cannot base the number chosen > upon the chap credentials used to authenticate with. > > Any ideas? I haven't personally tried this, but could you specify all the ranges in pptpd.conf and then assign the ip using the fourth field of the chap-secrets file? I know you can specify static ip's within the one range you have using that field.. I've just never tried multiple ranges. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From nhdung at yahoo.com Thu May 4 05:24:20 2000 From: nhdung at yahoo.com (Dung Nguyen) Date: Thu, 4 May 2000 03:24:20 -0700 (PDT) Subject: [pptp-server] ppp remote user Message-ID: <20000504102420.29906.qmail@web2201.mail.yahoo.com> Dear all I am a newer for this mailing list. I am very interested in PoPToP and i've got some things successfully, but now i have a problem : ppp Client pptp Client pptpd server ------- --------- --------- | |-------- | |-------------- | | ------- ppp --------- pptp --------- 192.168.1.2 192.168.1.3 192.168.1.4 My problem is I can't ping from the PPP Client to PPTP Server, although the subnet is the same. If I do manually : route add -net 192.168.1.2 gw 192.168.1.3 on the pptp server. I can ping to the remote ppp Client. If Anyone can help me to do that automatically ? I think that the problem is how to know the address of the remote ppp client. Thanks a lot Dung Nguyen __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ From john at netdirect.ca Thu May 4 08:03:10 2000 From: john at netdirect.ca (John Van Ostrand) Date: Thu, 4 May 2000 09:03:10 -0400 Subject: [pptp-server] Managing multiple authentication domains Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B0AB@enterprise.NetDirect.CA> It sounds like what you need is not authentication domains but rather different PPTP configurations. This can be done by binding pptpd to an IP address. Here's how: 1. Create aliases for your your main network interface and assign them IP addresses like 10.1.1.1 (company a), 10.1.2.1 (company B), and 10.1.3.1 (company c.) 2. Then create a separate pptpd.conf file for each subnet. List different local and remote IPs and tell each pptpd to listen to a different address. Also make sure that each file specifies a different PID file. For example: /etc/company-a.conf localip 10.1.1.1 remoteip 10.1.1.2-16 listen 10.1.1.1 pidfile /var/run/pptp.a /etc/company-b.conf localip 10.1.2.1 remoteip 10.1.2.2-16 listen 10.1.2.1 pidfile /var/run/pptp.b /etc/company-c.conf localip 10.1.3.1 remoteip 10.1.3.2-16 listen 10.1.3.1 pidfile /var/run/pptp.c Then use the -c option of pptp to specify the specific conf file: pptpd -c /etc/company-a.conf pptpd -c /etc/company-b.conf pptpd -c /etc/company-c.conf You'll have three pptpd's running. Tell company a to connect to 10.1.1.1 for VPN, company b shoudl connect to 10.1.2.1, etc. This solution uses the same chap-secrets file but this is not a problem either. You can use the NT domain name to differentiate users. Here's an example chap-secrets file: /etc/ppp/chap-secrets SALES\\jsmith * "mysecret" * SALES\\jdoe * "hersecret" * MKTG\\jsmith * "hissecret" * Alternatively you could hack pppd to accept a parameter that changes specific the chap secrets file and include this in different ppp/options files. > -----Original Message----- > From: Nate Carlson [mailto:natecars at real-time.com] > Sent: Wednesday, May 03, 2000 11:36 PM > To: Mike Ireton > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Managing multiple authentication domains > > > On Wed, 3 May 2000, Mike Ireton wrote: > > > Howdy, > > So I would like to know how I would solve the following problem > > with poptop/pppd: > > > > A router serves three different organizations - we'll call them > > companya, companyb, and companyc. These are all assigned IP > addresses such > > as 10.1.1/24, 10.1.2/24 and 10.1.3/24. > > > > An employee of companya vpn's in. I want her to be > assigned an ip > > address within companya's address range (10.1.1/24). Then > employee's of > > companyb and companyc vpn in as well, and I want them to be assigned > > addresses within their respective ranges as well. > > > > It appears to me that I cannot do this. Instead, I need > to choose > > a range of IP addresses ahead of time and cannot base the > number chosen > > upon the chap credentials used to authenticate with. > > > > Any ideas? > > I haven't personally tried this, but could you specify all > the ranges in > pptpd.conf and then assign the ip using the fourth field of the > chap-secrets file? I know you can specify static ip's within > the one range > you have using that field.. I've just never tried multiple ranges. > > -- > Nate Carlson | Phone : (952)943-8700 > http://www.real-time.com | Fax : (952)943-8500 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From gord at amador.ca Thu May 4 09:43:40 2000 From: gord at amador.ca (Gord Belsey) Date: Thu, 4 May 2000 08:43:40 -0600 Subject: [pptp-server] ppp remote user References: <20000504102420.29906.qmail@web2201.mail.yahoo.com> Message-ID: <006701bfb5d7$234f0300$280111ac@amadorinc.com> For adding the route to the client, you can set up an ip-up.local file in /etc/ppp. ppp runs /etc/ppp/ip-up when it brins up a ppp connection. ip-up will run ip-up.local if it exists (and proper permissions are set....I tripped over that one on my first set up:o). In /etc/ppp/ip-up.local add the following line : route add -net $3 gw $4 ppp passes information via $1 through $5 as well as some other variables suchas $PEERNAME. There is also $6 which you can give a value in the /etc/ppp/options file. In the above route statement, $3 is the remote clients address and $4 is the local address for the ppp connection,aka gateway. This is a pretty basic route statement which works fine for a single client connection. If the client was a linux box with a LAN behind it (acting as a router) the route statement would be more complex (this is how I'm set up). On the second point, I'm guessing it's a windows client connecting to the PoPToP server. Assuming this is true, on the windows network setup, select the option for using the remote (server) default route. That lets the windows client use the PoPToP server as it's gateway to "anywhere". If this is a linux client, you can set up routing using the ip-up.local example above. Hope this is helpful. Gord Belsey ----- Original Message ----- From: Dung Nguyen To: Sent: Thursday, May 04, 2000 4:24 AM Subject: [pptp-server] ppp remote user > Dear all > I am a newer for this mailing list. I am very > interested in PoPToP and i've got some things > successfully, but now i have a problem : > > ppp Client pptp Client pptpd server > ------- --------- --------- > | |-------- | |-------------- | | > ------- ppp --------- pptp --------- > 192.168.1.2 192.168.1.3 192.168.1.4 > > My problem is I can't ping from the PPP Client to PPTP > Server, although the subnet is the same. If I do > manually : > route add -net 192.168.1.2 gw 192.168.1.3 > on the pptp server. I can ping to the remote ppp > Client. > If Anyone can help me to do that automatically ? I > think that the problem is how to know the address of > the remote ppp client. > Thanks a lot > Dung Nguyen > > > __________________________________________________ > Do You Yahoo!? > Send instant messages & get email alerts with Yahoo! Messenger. > http://im.yahoo.com/ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From gord at amador.ca Thu May 4 09:43:58 2000 From: gord at amador.ca (Gord Belsey) Date: Thu, 4 May 2000 08:43:58 -0600 Subject: Fw: [pptp-server] Managing multiple authentication domains Message-ID: <007001bfb5d7$2e5239c0$280111ac@amadorinc.com> ----- Original Message ----- From: Gord Belsey To: Mike Ireton Sent: Thursday, May 04, 2000 8:27 AM Subject: Re: [pptp-server] Managing multiple authentication domains > Have a look at the options ipcp-accept-local and ipcp-accept-remote. With > these commands in your /etc/ppp/options file, PoPToP will accept a clients > request for specific IP addresses rather than assigning them from a pool. > The clioent then can request a local and remote address for the ppp > connection. The advantage is you can control what address (therefore > subnet) the client is using. > > This works well with linbux clients. You configure local and remote > addresses in the command string for opening a pptp connection to the PoPToP > server. > > However, I haven't looked at windows clients to see how to implement this, > so if you're using windows clients, maybe someone else has tried this, or > has another solution (I'd be interested in hearing about this as well). Let > me (us) know what client you're using and maybe I can give more info. > > Hope this is helpful > > Gord Belsey > ----- Original Message ----- > From: Mike Ireton > To: > Sent: Wednesday, May 03, 2000 7:28 PM > Subject: [pptp-server] Managing multiple authentication domains > > > > Howdy, > > So I would like to know how I would solve the following problem > > with poptop/pppd: > > > > A router serves three different organizations - we'll call them > > companya, companyb, and companyc. These are all assigned IP addresses such > > as 10.1.1/24, 10.1.2/24 and 10.1.3/24. > > > > An employee of companya vpn's in. I want her to be assigned an ip > > address within companya's address range (10.1.1/24). Then employee's of > > companyb and companyc vpn in as well, and I want them to be assigned > > addresses within their respective ranges as well. > > > > It appears to me that I cannot do this. Instead, I need to choose > > a range of IP addresses ahead of time and cannot base the number chosen > > upon the chap credentials used to authenticate with. > > > > Any ideas? > > > > -- > > Mike Ireton > > Senior Systems Engineer > > Bay Office Net - http://www.bayoffice.net > > Voice (415) 643-8700 "Where do you want to go today?" > > Fax (415) 643-8777 With Linux, I'm already there.... > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > From ren at spans.gscc.nrcan.gc.ca Thu May 4 11:40:39 2000 From: ren at spans.gscc.nrcan.gc.ca (Richard E Nairn) Date: Thu, 4 May 2000 10:40:39 -0600 Subject: [pptp-server] Win Shares over VPN Message-ID: <20000504104038.G26155@spans.gscc.nrcan.gc.ca> Hi there, I have a VPN setup using pptp. Is there a way for me to set up so that netbios broadcasts go over the VPN or do I have to set it up some other way? -- Richard Nairn Nairn Consulting ** Email ren at spans.gscc.nrcan.gc.ca ** ** nairnr at cadvision.com ** ** nconsulting at cadvision.com ** From mike at bayoffice.net Thu May 4 12:38:46 2000 From: mike at bayoffice.net (mike at bayoffice.net) Date: Thu, 4 May 2000 10:38:46 -0700 (PDT) Subject: Fw: [pptp-server] Managing multiple authentication domains In-Reply-To: <007001bfb5d7$2e5239c0$280111ac@amadorinc.com> Message-ID: On Thu, 4 May 2000, Gord Belsey wrote: > > > Have a look at the options ipcp-accept-local and ipcp-accept-remote. With > > these commands in your /etc/ppp/options file, PoPToP will accept a clients > > request for specific IP addresses rather than assigning them from a pool. > > The clioent then can request a local and remote address for the ppp > > connection. The advantage is you can control what address (therefore > > subnet) the client is using. > > The problem, however, is that clients misconfigure themselves all the time, and this soluton affords no way to force them to either get it right or not get on the system at all. I don't see where this 'control' you mention comes from - if you turn on the ipcp-accept-local and remote options, there is no ppp way of saying that, based on these chap credentials, they will be boxed into this certain range of addresses. I want a user to be associated with a particular network so when they 'vpn in', they cannot access resources on any network other than their assigned one. The client I'm interested in serving is primarilly windows clients with the vpn adaptor, by the way... -- Mike Ireton Senior Systems Engineer Bay Office Net - http://www.bayoffice.net Voice (415) 643-8700 "Where do you want to go today?" Fax (415) 643-8777 With Linux, I'm already there.... From adam at morrison-ind.com Thu May 4 12:20:56 2000 From: adam at morrison-ind.com (Adam Tauno Williams) Date: Thu, 4 May 2000 13:20:56 -0400 Subject: [pptp-server] Win Shares over VPN In-Reply-To: <20000504104038.G26155@spans.gscc.nrcan.gc.ca> References: <20000504104038.G26155@spans.gscc.nrcan.gc.ca> Message-ID: <200005041720.e44HKuJ01784@localhost.localdomain> > I have a VPN setup using pptp. Is there a way for me to set up so that > netbios broadcasts go over the VPN or do I have to set it up some other > way? > Setup WINS. From hshaw at healthcentralrx.com Thu May 4 14:07:43 2000 From: hshaw at healthcentralrx.com (Terrelle Shaw) Date: Thu, 4 May 2000 12:07:43 -0700 Subject: Fw: [pptp-server] Managing multiple authentication domains In-Reply-To: Message-ID: Then why don't you create the vpn "ip's" on a network that you use access lists or routes to keep them from going where you dont want them too? Terrelle Shaw -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of mike at bayoffice.net Sent: Thursday, May 04, 2000 10:39 AM To: pptp-server at lists.schulte.org Subject: Re: Fw: [pptp-server] Managing multiple authentication domains On Thu, 4 May 2000, Gord Belsey wrote: > > > Have a look at the options ipcp-accept-local and ipcp-accept-remote. With > > these commands in your /etc/ppp/options file, PoPToP will accept a clients > > request for specific IP addresses rather than assigning them from a pool. > > The clioent then can request a local and remote address for the ppp > > connection. The advantage is you can control what address (therefore > > subnet) the client is using. > > The problem, however, is that clients misconfigure themselves all the time, and this soluton affords no way to force them to either get it right or not get on the system at all. I don't see where this 'control' you mention comes from - if you turn on the ipcp-accept-local and remote options, there is no ppp way of saying that, based on these chap credentials, they will be boxed into this certain range of addresses. I want a user to be associated with a particular network so when they 'vpn in', they cannot access resources on any network other than their assigned one. The client I'm interested in serving is primarilly windows clients with the vpn adaptor, by the way... -- Mike Ireton Senior Systems Engineer Bay Office Net - http://www.bayoffice.net Voice (415) 643-8700 "Where do you want to go today?" Fax (415) 643-8777 With Linux, I'm already there.... _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From Gunther at Stammwitz.de Thu May 4 14:57:23 2000 From: Gunther at Stammwitz.de (Gunther Stammwitz) Date: Thu, 4 May 2000 21:57:23 +0200 Subject: [pptp-server] mirror of poptop Message-ID: <026601bfb602$f6f05a80$0200a8c0@windows> Hello everyone, from now on you can find the german mirror of poptop by using it's new domain..... HTTP://www.POPTOP.de btw: this mirror is updated at least once a week. Have fun ;-) Gunther -------------- next part -------------- An HTML attachment was scrubbed... URL: From nhdung at yahoo.com Fri May 5 02:29:32 2000 From: nhdung at yahoo.com (Dung Nguyen) Date: Fri, 5 May 2000 00:29:32 -0700 (PDT) Subject: [pptp-server] ppp remote user Message-ID: <20000505072932.5422.qmail@web2205.mail.yahoo.com> Dear Thank you for your helping me.I understand you, but I want to mean that : ----- ------- ------ | A |----------| B |------------------| C | ----- PPP ------- pptp ------ And these are things I've done : _ I establish a ppp connection from A to B _ After that I make a pptp connection manually from B (pptp linux-Client) to C (PoPToP linux Server) _ After that I can't ping from C to A _ If i do manually : route add -net
gw
at C(PoPToP Server) : I can ping to Remote host A _ My question is how to ping from C to A automatically because We don't know the dynamic address of the remote host A (Is assgined by B), so I can't add to ip-up.local scripts. If you have time , Please help me. Thank you very much. --- Gord Belsey wrote: > For adding the route to the client, you can set up > an ip-up.local file in > /etc/ppp. ppp runs /etc/ppp/ip-up when it brins up > a ppp connection. ip-up > will run ip-up.local if it exists (and proper > permissions are set....I > tripped over that one on my first set up:o). > > In /etc/ppp/ip-up.local add the following line : > > route add -net $3 gw $4 > > ppp passes information via $1 through $5 as well as > some other variables > suchas $PEERNAME. There is also $6 which you can > give a value in the > /etc/ppp/options file. In the above route > statement, $3 is the remote > clients address and $4 is the local address for the > ppp connection,aka > gateway. > > This is a pretty basic route statement which works > fine for a single client > connection. If the client was a linux box with a > LAN behind it (acting as a > router) the route statement would be more complex > (this is how I'm set up). > > On the second point, I'm guessing it's a windows > client connecting to the > PoPToP server. Assuming this is true, on the > windows network setup, select > the option for using the remote (server) default > route. That lets the > windows client use the PoPToP server as it's gateway > to "anywhere". If this > is a linux client, you can set up routing using the > ip-up.local example > above. > > Hope this is helpful. > > Gord Belsey > ----- Original Message ----- > From: Dung Nguyen > To: > Sent: Thursday, May 04, 2000 4:24 AM > Subject: [pptp-server] ppp remote user > > > > Dear all > > I am a newer for this mailing list. I am very > > interested in PoPToP and i've got some things > > successfully, but now i have a problem : > > > > ppp Client pptp Client pptpd server > > ------- --------- --------- > > | |-------- | |-------------- | | > > ------- ppp --------- pptp --------- > > 192.168.1.2 192.168.1.3 192.168.1.4 > > > > My problem is I can't ping from the PPP Client to > PPTP > > Server, although the subnet is the same. If I do > > manually : > > route add -net 192.168.1.2 gw 192.168.1.3 > > on the pptp server. I can ping to the remote ppp > > Client. > > If Anyone can help me to do that automatically ? I > > think that the problem is how to know the address > of > > the remote ppp client. > > Thanks a lot > > Dung Nguyen > > > > > > __________________________________________________ > > Do You Yahoo!? > > Send instant messages & get email alerts with > Yahoo! Messenger. > > http://im.yahoo.com/ > > _______________________________________________ > > pptp-server maillist - > pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > _______________________________________________ > pptp-server maillist - > pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ From jsg at newlix.com Fri May 5 06:59:50 2000 From: jsg at newlix.com (Jean-Serge Gagnon) Date: Fri, 5 May 2000 07:59:50 -0400 Subject: [pptp-server] ppp remote user In-Reply-To: <20000505072932.5422.qmail@web2205.mail.yahoo.com> Message-ID: The only thing I can think of is permanently adding routes from C to all possible addresses that A may get. This should usually never change and could be as easy as a network address range. If you control the setup of B, then it should not be difficult and even when A is not connected, there is no harm (correct me if I'm wrong) in having the route there on C... Jean-Serge Gagnon - Applications Director Newlix Corporation - jsg at newlix.com http://www.newlix.com (613) 225-0516 fax: (613) 225-5625 > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Dung Nguyen > Sent: Friday, May 05, 2000 3:30 AM > To: Gord Belsey > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] ppp remote user > > > Dear > Thank you for your helping me.I understand you, but I > want to mean that : > ----- ------- ------ > | A |----------| B |------------------| C | > ----- PPP ------- pptp ------ > > > And these are things I've done : > _ I establish a ppp connection from A to B > _ After that I make a pptp connection manually from B > (pptp linux-Client) to C (PoPToP linux Server) > > _ After that I can't ping from C to A > _ If i do manually : route add -net
gw >
at C(PoPToP Server) : I can ping to Remote > host A > _ My question is how to ping from C to A automatically > because We don't know the dynamic address of the > remote host A (Is assgined by B), so I can't add to > ip-up.local scripts. > If you have time , Please help me. > Thank you very much. > > > --- Gord Belsey wrote: > > For adding the route to the client, you can set up > > an ip-up.local file in > > /etc/ppp. ppp runs /etc/ppp/ip-up when it brins up > > a ppp connection. ip-up > > will run ip-up.local if it exists (and proper > > permissions are set....I > > tripped over that one on my first set up:o). > > > > In /etc/ppp/ip-up.local add the following line : > > > > route add -net $3 gw $4 > > > > ppp passes information via $1 through $5 as well as > > some other variables > > suchas $PEERNAME. There is also $6 which you can > > give a value in the > > /etc/ppp/options file. In the above route > > statement, $3 is the remote > > clients address and $4 is the local address for the > > ppp connection,aka > > gateway. > > > > This is a pretty basic route statement which works > > fine for a single client > > connection. If the client was a linux box with a > > LAN behind it (acting as a > > router) the route statement would be more complex > > (this is how I'm set up). > > > > On the second point, I'm guessing it's a windows > > client connecting to the > > PoPToP server. Assuming this is true, on the > > windows network setup, select > > the option for using the remote (server) default > > route. That lets the > > windows client use the PoPToP server as it's gateway > > to "anywhere". If this > > is a linux client, you can set up routing using the > > ip-up.local example > > above. > > > > Hope this is helpful. > > > > Gord Belsey > > ----- Original Message ----- > > From: Dung Nguyen > > To: > > Sent: Thursday, May 04, 2000 4:24 AM > > Subject: [pptp-server] ppp remote user > > > > > > > Dear all > > > I am a newer for this mailing list. I am very > > > interested in PoPToP and i've got some things > > > successfully, but now i have a problem : > > > > > > ppp Client pptp Client pptpd server > > > ------- --------- --------- > > > | |-------- | |-------------- | | > > > ------- ppp --------- pptp --------- > > > 192.168.1.2 192.168.1.3 192.168.1.4 > > > > > > My problem is I can't ping from the PPP Client to > > PPTP > > > Server, although the subnet is the same. If I do > > > manually : > > > route add -net 192.168.1.2 gw 192.168.1.3 > > > on the pptp server. I can ping to the remote ppp > > > Client. > > > If Anyone can help me to do that automatically ? I > > > think that the problem is how to know the address > > of > > > the remote ppp client. > > > Thanks a lot > > > Dung Nguyen > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Send instant messages & get email alerts with > > Yahoo! Messenger. > > > http://im.yahoo.com/ > > > _______________________________________________ > > > pptp-server maillist - > > pptp-server at lists.schulte.org > > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulte.org! > > > > > > > _______________________________________________ > > pptp-server maillist - > > pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > __________________________________________________ > Do You Yahoo!? > Send instant messages & get email alerts with Yahoo! Messenger. > http://im.yahoo.com/ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From jhummel at fulltiltsolutions.com Fri May 5 07:15:01 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Fri, 5 May 2000 08:15:01 -0400 Subject: [pptp-server] Connecting to a WinNT PPTP server Message-ID: Hello, I am new to this mailing list and have successfully used PPTP between linux boxes. My hat goes off to those who helped me in the past. I am now trying to hook up some of our outside users to a WinNT PPTP server that hands out IP addresses. The NT box uses strong (128bit) encryption and I have windoze clients that have no problem connecting. I need to have some of our road warriors connected to this using linux and/or freebsd ( linux first ). We use any type of Red Hat distro, from 6.1, 6.2, Mandrake 7.0-2 and up. Are there any docs on this and compiling ppp-2.3.11 with 128-bit support? I am getting frustrated trying to get this done. Any help is appreciated. Thanks, Jeff Jeffrey Hummel FullTilt Solutions, Inc. (Formerly Aston Brooke Corporation) 610.277.1400 www.fulltiltsolutions.com From gord at amador.ca Fri May 5 10:28:56 2000 From: gord at amador.ca (Gord Belsey) Date: Fri, 5 May 2000 09:28:56 -0600 Subject: [pptp-server] ppp remote user References: Message-ID: <01db01bfb6a6$a0a50960$280111ac@amadorinc.com> What Jean-serge is suggesting makes sense to me. If you add routes on C for all the networks A could potentially be on, you'll always be able to ping A when it's connected to B. A appears to be an Internet box. Let's say that A can be assigned any address in the 162.162.1.1 through 162.162.1.254. If you add a route to C like this: route add -net 162.162.1.0 netmask 255.255.255.0 gw C will reach A through B. Therefore, you can ping to A, once you know it's address. As an added bonus if now or at some future time you'll have multiple A's, that is, more than one device connecting to B and requireing access to C, this route statement takes care of them as well. I'm assuming that B gives A it's address, and assigns addresses from a single subnet. If it's possible for A to have an address from more than one subnet, you'll need a route statement for each subnet, or a single broader statement. Using my first example, let's say that A can be assigned any address in the 162.162.1.1 through 162.162.2.254 You can add 2 route statements covering 162.162.1.0 and 162.162.2.0: route add -net 162.162.1.0 netmask 255.255.255.0 gw and route add -net 162.162.2.0 netmask 255.255.255.0 gw Just keep in mind that the route statment should match the intended subnet. So if the subnet were, say, 162.162.1.0/255.255.255.128, use that same mask in the route statment. That should keep you from getting tripped up later, say, if C needs to talk to the subnet 162.162.1.128/255.255.255.128 and that subnet ISN'T connected to B. Hopefully, this helps you with your situation. Good luck Gord Belsey ----- Original Message ----- From: Jean-Serge Gagnon To: Dung Nguyen ; Gord Belsey Cc: Sent: Friday, May 05, 2000 5:59 AM Subject: RE: [pptp-server] ppp remote user > The only thing I can think of is permanently adding routes from C to all > possible addresses that A may get. This should usually never change and > could be as easy as a network address range. If you control the setup of B, > then it should not be difficult and even when A is not connected, there is > no harm (correct me if I'm wrong) in having the route there on C... > > Jean-Serge Gagnon - Applications Director > Newlix Corporation - jsg at newlix.com > http://www.newlix.com > (613) 225-0516 fax: (613) 225-5625 > > > -----Original Message----- > > From: pptp-server-admin at lists.schulte.org > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Dung Nguyen > > Sent: Friday, May 05, 2000 3:30 AM > > To: Gord Belsey > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] ppp remote user > > > > > > Dear > > Thank you for your helping me.I understand you, but I > > want to mean that : > > ----- ------- ------ > > | A |----------| B |------------------| C | > > ----- PPP ------- pptp ------ > > > > > > And these are things I've done : > > _ I establish a ppp connection from A to B > > _ After that I make a pptp connection manually from B > > (pptp linux-Client) to C (PoPToP linux Server) > > > > _ After that I can't ping from C to A > > _ If i do manually : route add -net
gw > >
at C(PoPToP Server) : I can ping to Remote > > host A > > _ My question is how to ping from C to A automatically > > because We don't know the dynamic address of the > > remote host A (Is assgined by B), so I can't add to > > ip-up.local scripts. > > If you have time , Please help me. > > Thank you very much. > > > > > > --- Gord Belsey wrote: > > > For adding the route to the client, you can set up > > > an ip-up.local file in > > > /etc/ppp. ppp runs /etc/ppp/ip-up when it brins up > > > a ppp connection. ip-up > > > will run ip-up.local if it exists (and proper > > > permissions are set....I > > > tripped over that one on my first set up:o). > > > > > > In /etc/ppp/ip-up.local add the following line : > > > > > > route add -net $3 gw $4 > > > > > > ppp passes information via $1 through $5 as well as > > > some other variables > > > suchas $PEERNAME. There is also $6 which you can > > > give a value in the > > > /etc/ppp/options file. In the above route > > > statement, $3 is the remote > > > clients address and $4 is the local address for the > > > ppp connection,aka > > > gateway. > > > > > > This is a pretty basic route statement which works > > > fine for a single client > > > connection. If the client was a linux box with a > > > LAN behind it (acting as a > > > router) the route statement would be more complex > > > (this is how I'm set up). > > > > > > On the second point, I'm guessing it's a windows > > > client connecting to the > > > PoPToP server. Assuming this is true, on the > > > windows network setup, select > > > the option for using the remote (server) default > > > route. That lets the > > > windows client use the PoPToP server as it's gateway > > > to "anywhere". If this > > > is a linux client, you can set up routing using the > > > ip-up.local example > > > above. > > > > > > Hope this is helpful. > > > > > > Gord Belsey > > > ----- Original Message ----- > > > From: Dung Nguyen > > > To: > > > Sent: Thursday, May 04, 2000 4:24 AM > > > Subject: [pptp-server] ppp remote user > > > > > > > > > > Dear all > > > > I am a newer for this mailing list. I am very > > > > interested in PoPToP and i've got some things > > > > successfully, but now i have a problem : > > > > > > > > ppp Client pptp Client pptpd server > > > > ------- --------- --------- > > > > | |-------- | |-------------- | | > > > > ------- ppp --------- pptp --------- > > > > 192.168.1.2 192.168.1.3 192.168.1.4 > > > > > > > > My problem is I can't ping from the PPP Client to > > > PPTP > > > > Server, although the subnet is the same. If I do > > > > manually : > > > > route add -net 192.168.1.2 gw 192.168.1.3 > > > > on the pptp server. I can ping to the remote ppp > > > > Client. > > > > If Anyone can help me to do that automatically ? I > > > > think that the problem is how to know the address > > > of > > > > the remote ppp client. > > > > Thanks a lot > > > > Dung Nguyen > > > > > > > > > > > > __________________________________________________ > > > > Do You Yahoo!? > > > > Send instant messages & get email alerts with > > > Yahoo! Messenger. > > > > http://im.yahoo.com/ > > > > _______________________________________________ > > > > pptp-server maillist - > > > pptp-server at lists.schulte.org > > > > > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulte.org! > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - > > > pptp-server at lists.schulte.org > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulte.org! > > > > __________________________________________________ > > Do You Yahoo!? > > Send instant messages & get email alerts with Yahoo! Messenger. > > http://im.yahoo.com/ > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From mike at bayoffice.net Fri May 5 12:16:02 2000 From: mike at bayoffice.net (mike at bayoffice.net) Date: Fri, 5 May 2000 10:16:02 -0700 (PDT) Subject: Fw: [pptp-server] Managing multiple authentication domains In-Reply-To: Message-ID: On Thu, 4 May 2000, Terrelle Shaw wrote: > > Then why don't you create the vpn "ip's" on a network that you use access > lists or routes to keep them from going where you dont want them too? > I don't think I've made the problem clear - Single | |---10.1.1.0/24 public | poptop| --------| server|---10.1.2.0/24 ip addr | | | |---10.1.3.0/34 The poptop server is a router connected to many networks as shown here. The challenge is that users who connect to the poptop server should only be assigned 'local' and 'remote' addresses which fall within the range of their assigned network. Packet filtering and vlan technology enforces this seperation once packets are leaving the router, but it's mission critical that clients are given the right addresses in the first place. So you can see, access lists or routing table entries isn't going to fix the underlaying problem - the client must be given the right addresses and cannot be trusted to just get it right on their own. That trust would amount to having zero access security as all it would take for someone to access another network thru our router would be simply to reconfigure their end, and this is unacceptable. John Van Ostrand had the suggestion to simply run multiple copies of the pptpd. That's _almost_ a solution (although I hate blowing off multiple public IP's for this application). The problem however is the chap-secrets file, which is shared by all invocations of pppd. This means that any user listed in chap-secrets could connect to any of the running pptpd's, thus bypassing access controls again. The binding between credentials and ip assignement needs to be stong and not dependent on anything the user does or does not do. My take is that the thinking has been that a poptop server would be serving only one authentication domain (meaning that certain assumtions are true, such as uniqueness of DOMAIN\\username and trustworthyness of the users with respect to their access to ip ranges from the server). Since I'm more directly affected by this issue, I may want to think about patching poptop/pppd to accomplish this end. Some thoughts in the direction would include allowing poptop to specify the base directory for the options/chap-secrets files to use for 'this' connection. This would enhance the listen-on-multiple-ip-address idea so that I could give certain clients a different ip address to vpn in to. -- Mike Ireton Senior Systems Engineer Bay Office Net - http://www.bayoffice.net Voice (415) 643-8700 "Where do you want to go today?" Fax (415) 643-8777 With Linux, I'm already there.... From barjunk at attglobal.net Fri May 5 12:17:28 2000 From: barjunk at attglobal.net (Michael Barsalou) Date: Fri, 5 May 2000 09:17:28 -0800 Subject: [pptp-server] ppp remote user Message-ID: <200005051730.e45HUgq30329@snaildust.schulte.org> This probably won't work, but what about reversing how you connect B to C? Have C be the client and B be the server. That way all routing takes place on B and B will know both A and C's addresses? Mike Dear Thank you for your helping me.I understand you, but I want to mean that : ----- ------- ------ | A |----------| B |------------------| C | ----- PPP ------- pptp ------ And these are things I've done : _ I establish a ppp connection from A to B _ After that I make a pptp connection manually from B (pptp linux-Client) to C (PoPToP linux Server) _ After that I can't ping from C to A _ If i do manually : route add -net
gw
at C(PoPToP Server) : I can ping to Remote host A _ My question is how to ping from C to A automatically because We don't know the dynamic address of the remote host A (Is assgined by B), so I can't add to ip-up.local scripts. If you have time , Please help me. Thank you very much. Michael Barsalou barjunk at attglobal.net From sstone at taos.com Fri May 5 12:36:06 2000 From: sstone at taos.com (Scott M. Stone) Date: Fri, 5 May 2000 10:36:06 -0700 (PDT) Subject: [pptp-server] ppp remote user In-Reply-To: <200005051730.e45HUgq30329@snaildust.schulte.org> Message-ID: On Fri, 5 May 2000, Michael Barsalou wrote: > > This probably won't work, but what about reversing how you > connect B to C? Have C be the client and B be the server. > > That way all routing takes place on B and B will know both A and > C's addresses? > > Mike > > Dear > Thank you for your helping me.I understand you, but I > want to mean that : > ----- ------- ------ > | A |----------| B |------------------| C | > ----- PPP ------- pptp ------ > > > And these are things I've done : > _ I establish a ppp connection from A to B > _ After that I make a pptp connection manually from B > (pptp linux-Client) to C (PoPToP linux Server) > > _ After that I can't ping from C to A > _ If i do manually : route add -net
gw >
at C(PoPToP Server) : I can ping to Remote > host A > _ My question is how to ping from C to A automatically > because We don't know the dynamic address of the > remote host A (Is assgined by B), so I can't add to > ip-up.local scripts. > If you have time , Please help me. > Thank you very much. point a static route on C for the entire subnet containing the dynamic address pool over to B. Make sure B is running proxyarp on the ppp interface. -------------------------- Scott M. Stone, CCNA UNIX Systems and Network Engineer Taos - The SysAdmin Company From aaa at netman.dk Tue May 9 11:12:06 2000 From: aaa at netman.dk (Alaa Al-Amood) Date: Tue, 09 May 2000 18:12:06 +0200 Subject: [pptp-server] Re: is ok Message-ID: <391838D6.D2426118@netman.dk> confirm 227076 From macleajb at EDnet.NS.CA Tue May 9 11:45:47 2000 From: macleajb at EDnet.NS.CA (James MacLean) Date: Tue, 9 May 2000 13:45:47 -0300 (ADT) Subject: [pptp-server] PPTP Control Message type 9 not supported Message-ID: Hi Folks, Trying to use pptpd in place of an NT server for a remote-pass-thru authentication provided by our telco provided us with the message: PPTP Control message 9 unsupported Wondering what the best place is to find out what type 9 is and also if anyone already knows about it and can suggest a fix/workaround or perhaps their may already be coding in progress to support it? This is using version 1.0 Thanks, JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From david_luyer at pacific.net.au Tue May 9 16:44:09 2000 From: david_luyer at pacific.net.au (David Luyer) Date: Wed, 10 May 2000 07:44:09 +1000 Subject: [pptp-server] PPTP Control Message type 9 not supported In-Reply-To: Message from James MacLean of "Tue, 09 May 2000 13:45:47 -0300." References: Message-ID: <200005092144.HAA30238@typhaon.pacific.net.au> Please read the archives. This is _well_ documented and has been discussed a number of times. A basic summary is that an IP tunneling server is one side of PPTP, and a remote access concentrator uses the complete other side of the protocol but also needs some much different features like call multiplexing which are currently not implemented. David. -- ---------------------------------------------- David Luyer Senior Network Engineer Pacific Internet (Aust) Pty Ltd Phone: +61 3 9674 7525 Fax: +61 3 9699 8693 Mobile: +61 4 1064 2258, +61 4 1114 2258 http://www.pacific.net.au NASDAQ: PCNTF << fast 'n easy >> ---------------------------------------------- From dene at slush.ca Tue May 9 17:17:08 2000 From: dene at slush.ca (Dane Foster) Date: Tue, 09 May 2000 15:17:08 -0700 Subject: [pptp-server] FreeBSD 4.0 + pptpd Message-ID: <39188E64.C6C84BE5@slush.ca> so i have poptop 1.0 running, and clients can connect, the only problem is that the client is not required to authenticate. i have auth in my /etc/ppp/options.. not sure what elsei need. anyone have any ideas? -- Dane Foster Freei Networks From linux at orgx.co.nz Wed May 10 04:04:08 2000 From: linux at orgx.co.nz (linux at orgx.co.nz) Date: Wed, 10 May 2000 22:04:08 +1300 Subject: [pptp-server] PTY, GRE prob Message-ID: Hi, I am fairly new to PPTP but still don't think I should have this problem. I have pptp 1.0, ppp-2.3.10 with the ppp-2.3.10-openssl-0.9.4-mppe.patch patch applied. I run /usr/local/sbin/pptpd --debug. The kernel is rebuilt and has the modules ppp, ppp-mppe, and others loaded. Whenever I attempt a connection from my Win98 box I get immediately disconnected and in the Linux syslogs I see: May 10 21:46:53 bts pptpd[3552]: CTRL: Starting call (launching pppd, opening GRE) May 10 21:46:53 bts pptpd[3552]: CTRL: pty_fd = 4 May 10 21:46:53 bts pptpd[3552]: CTRL: tty_fd = 5 May 10 21:46:53 bts pptpd[3552]: CTRL: I wrote 32 bytes to the client. May 10 21:46:53 bts pptpd[3552]: CTRL: Sent packet to client May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): Connection speed = 115200 May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): local address = 192.168.10.134 May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): remote address = 192.168.10.248 May 10 21:46:53 bts pptpd[3552]: GRE: read(fd=4,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = Input/output error May 10 21:46:53 bts pptpd[3552]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) May 10 21:46:53 bts pptpd[3552]: CTRL: Client 192.168.10.193 control connection finished May 10 21:46:53 bts pptpd[3552]: CTRL: Exiting now May 10 21:46:53 bts pptpd[3551]: MGR: Reaped child 3552 The message from the Win98 dialogue is that my password is incorrect but I don't believe that's the problem. I've searched the list archives and not seen an answer to this which has fixed it for me! *PLEASE* can anyone help me? My config files are: /etc/ppp/options: lock debug name bts auth ##require-chap proxyarp ms-dns 192.168.99.30 ms-wins 192.168.10.11 +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/pptpd.conf: speed 115200 localip 192.168.10.134 remoteip 192.168.10.248-249 /etc/ppp/chap-secrets: # Secrets for authentication using CHAP # client server secret IP addresses me bts mysecret * Cheers, Richard Shepherd -------------- next part -------------- An HTML attachment was scrubbed... URL: From nhdung at yahoo.com Wed May 10 05:10:48 2000 From: nhdung at yahoo.com (Dung Nguyen) Date: Wed, 10 May 2000 03:10:48 -0700 (PDT) Subject: [pptp-server] PPTP Speed Message-ID: <20000510101049.12490.qmail@web2201.mail.yahoo.com> Dear all I've established successfully VPN by using PPTP Linux server and PPTP Linux Client, But today i have a question : _ How about the maximum Speed we can set in /etc/pptpd.conf. is it based on pppd or we can set it for every value ? Dung Nguyen. __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ From cforbes at shore.net Wed May 10 11:34:29 2000 From: cforbes at shore.net (Carolyn S. Forbes) Date: Wed, 10 May 2000 12:34:29 -0400 Subject: [pptp-server] PoPToP for Solaris 2.8 Message-ID: <39198F95.3C6D9FEC@shore.net> Hi there - Would anyone be able to help me with finding a version of PoPToP that has been tested on Solaris 8 (=2.8) and you would recommend? Thanks for your help - we have PoPToP installed on Linux at our parent company's end and would like to install a Solaris version on our end. Any assistance would be appreciated! Regards, Carolyn S. Forbes cforbes at shore.net From linux at orgx.co.nz Wed May 10 13:28:25 2000 From: linux at orgx.co.nz (linux at orgx.co.nz) Date: Thu, 11 May 2000 07:28:25 +1300 Subject: [pptp-server] Re: GRE prob Message-ID: Hi Mike, Thanks for the suggestion, but this is the strange thing: There is no firewall on this machine, it is simply a test machine sitting on a LAN. The Win98 box is on the same LAN. So for example I get: root at bts:~# ipchains -L Chain input (policy ACCEPT): Chain forward (policy ACCEPT): Chain output (policy ACCEPT): which means nothing is blocked right? Also I do have packet forwarding turned on: root at bts:~# cat /proc/sys/net/ipv4/ip_forward 1 I am trying to demonstrate how this works to my boss as a "proof-of-concept", so that it may eventually get used on a real firewall. Any more are welcome! Cheers, Richard Shepherd "Michael Barsalou" 05/11/00 05:20 AM Please respond to mjbarsalou To: linux at orgx.co.nz cc: Subject: GRE prob I am surprised that you weren't able to find a fix in the archives. That problem you are experiencing is usually a routing or firewall problem. Turn off your firewall temporarily and see if that clears things up. good luck. Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From dbivens at intracom.com Wed May 10 15:29:23 2000 From: dbivens at intracom.com (Don Bivens) Date: Wed, 10 May 2000 16:29:23 -0400 Subject: [pptp-server] poptop and win2k References: <39198F95.3C6D9FEC@shore.net> Message-ID: <000d01bfbabe$6dbc6900$6900a8c0@one.intracom.com> Has anyone got Win2k to do a domain logon through the tunnel? I can get my chap authentication but can't get on the domain. If I watch my port traffic I see kerberos and ldap and pinging going on but that's about it. Any ideas? Don You have moved your mouse. Please reboot for this change to take effect. From adi at certsite.com Wed May 10 16:33:20 2000 From: adi at certsite.com (Adi) Date: Wed, 10 May 2000 17:33:20 -0400 Subject: [pptp-server] RPMs for ppp-2.3.10 with MSCHAP/MPPE patch Message-ID: <3919D5A0.51C8EE67@certsite.com> I've built some RPMs incorporating the MSCHAP/MPPE patch to ppp-2.3.10 for RH6.1 and RH6.2. I have not done any work verifying that it actually works, I simply followed the instructions from the redhat readme on moretonbay.com, and made a RedHat spec file from them. I would greatly appreciate it if people would try these out and give me suggestions. Thanks. http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh61.i386.rpm http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh61.src.rpm http://certsite.org/~adi/sw/ppp-modules-2.3.10-1mschap_mppe_rh61.i386.rpm http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh62.i386.rpm http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh62.src.rpm http://certsite.org/~adi/sw/ppp-modules-2.3.10-1mschap_mppe_rh62.i386.rpm -Adi From adi at certsite.com Wed May 10 17:40:10 2000 From: adi at certsite.com (Adi) Date: Wed, 10 May 2000 18:40:10 -0400 Subject: [pptp-server] RPMs for ppp-2.3.10 with MSCHAP/MPPE patch References: <3919D5A0.51C8EE67@certsite.com> Message-ID: <3919E54A.67C3298C@certsite.com> It turns out I built the ppp_mppe.o kernel module wrong.. unresolved symbols. So unless you're interested in the spec files, don't bother downloading these yet. I'll work out the bug tomorrow. -Adi Adi wrote: > > I've built some RPMs incorporating the MSCHAP/MPPE patch to ppp-2.3.10 for > RH6.1 and RH6.2. I have not done any work verifying that it actually works, > I simply followed the instructions from the redhat readme on moretonbay.com, > and made a RedHat spec file from them. > > I would greatly appreciate it if people would try these out and give me > suggestions. Thanks. > > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh61.i386.rpm > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh61.src.rpm > http://certsite.org/~adi/sw/ppp-modules-2.3.10-1mschap_mppe_rh61.i386.rpm > > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh62.i386.rpm > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh62.src.rpm > http://certsite.org/~adi/sw/ppp-modules-2.3.10-1mschap_mppe_rh62.i386.rpm > > -Adi > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From dave.mills at fortel.com Thu May 11 02:54:10 2000 From: dave.mills at fortel.com (Dave Mills) Date: Thu, 11 May 2000 08:54:10 +0100 Subject: [pptp-server] RE: pptp-server digest, Vol 1 #388 - 5 msgs Message-ID: Dane, If you want to send over the config's, I'll take a look at it for you. Dave Mills Fortel Inc. > Message: 2 > Date: Tue, 09 May 2000 15:17:08 -0700 > From: Dane Foster > To: pptp-server at lists.schulte.org > Subject: [pptp-server] FreeBSD 4.0 + pptpd > > so i have poptop 1.0 running, and clients can connect, the > only problem > is that the client is not required to authenticate. i have auth in my > /etc/ppp/options.. not sure what elsei need. > > anyone have any ideas? > > -- > Dane Foster > Freei Networks > > > > From linux at orgx.co.nz Thu May 11 05:07:08 2000 From: linux at orgx.co.nz (linux at orgx.co.nz) Date: Thu, 11 May 2000 23:07:08 +1300 Subject: [pptp-server] Re: GRE prob Message-ID: Yes, I am "simulating" PPTP by having the Linux box be the default gateway for the Win98 box, even though topologically speaking it's not a real gateway. Essentially it will forward packets back out the ethernet interface they came in, but to the real gateway. No special routing is required for this, just plain old packet forwarding turned on. The routing table is: root at bts:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.10.254 0.0.0.0 UG 0 0 0 eth0 The IP of the Linux box is 192.168.10.134 (ethernet). The IP of the Win98 box is 192.168.10.193. Distrib is Debian 2.2. I don't think the hub is very smart, anyhow, I did have PPTP working (but flakey) for brief periods before attempting to include MPPE etc. Thanks for trying, I'm still puzzled... Cheers, Richard Shepherd "Michael Barsalou" 05/11/00 07:46 AM Please respond to mjbarsalou To: linux at orgx.co.nz cc: Subject: Re: GRE prob That's confusing to me. What I think you are saying is that the gateway for the win98 box is in fact the linux box which then forwards packets to the real gateway computer. Is that right? If so, what does the routing table look like on the Linux box? Can we be more specific? What are the IP's of your Linux box, win98 machine? Is it possible the hub is a smart hub? What distrib of linux are you using, I forgot. Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From adi at certsite.com Thu May 11 11:22:16 2000 From: adi at certsite.com (Adi Fairbank) Date: Thu, 11 May 2000 12:22:16 -0400 Subject: [pptp-server] RPMs for ppp-2.3.10 with MSCHAP/MPPE patch References: <3919D5A0.51C8EE67@certsite.com> Message-ID: <391ADE38.109E4C8B@certsite.com> Ok, I fixed the bug. It turns out that rc4_skey.c *IS* needed, contrary to the PoPToP RedHat README file on moretonbay.com. Otherwise you get unresolved symbols on insmod ppp_mppe. New RPMs: http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh61.i386.rpm http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh61.src.rpm http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh61.i386.rpm http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.i386.rpm http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.src.rpm http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh62.i386.rpm -Adi Adi wrote: > > I've built some RPMs incorporating the MSCHAP/MPPE patch to ppp-2.3.10 for > RH6.1 and RH6.2. I have not done any work verifying that it actually works, > I simply followed the instructions from the redhat readme on moretonbay.com, > and made a RedHat spec file from them. > > I would greatly appreciate it if people would try these out and give me > suggestions. Thanks. > > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh61.i386.rpm > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh61.src.rpm > http://certsite.org/~adi/sw/ppp-modules-2.3.10-1mschap_mppe_rh61.i386.rpm > > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh62.i386.rpm > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh62.src.rpm > http://certsite.org/~adi/sw/ppp-modules-2.3.10-1mschap_mppe_rh62.i386.rpm > > -Adi > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From hshaw at healthcentralrx.com Thu May 11 12:37:33 2000 From: hshaw at healthcentralrx.com (T.Shaw) Date: Thu, 11 May 2000 10:37:33 -0700 Subject: [pptp-server] RPMs for ppp-2.3.10 with MSCHAP/MPPE patch References: <3919D5A0.51C8EE67@certsite.com> <391ADE38.109E4C8B@certsite.com> Message-ID: <002001bfbb6f$96e8daf0$0200a8c0@farslayer> Hmm I thought that was the reason you go to the source /usr/src/linux/drivers/net/ppp_mppe and comment out the include for rc4_skey.c ?? ----- Original Message ----- From: "Adi Fairbank" To: Sent: Thursday, May 11, 2000 9:22 AM Subject: Re: [pptp-server] RPMs for ppp-2.3.10 with MSCHAP/MPPE patch > Ok, I fixed the bug. It turns out that rc4_skey.c *IS* needed, contrary to > the PoPToP RedHat README file on moretonbay.com. Otherwise you get > unresolved symbols on insmod ppp_mppe. > > New RPMs: > > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh61.i386.rpm > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh61.src.rpm > http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh61.i386.rpm > > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.i386.rpm > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.src.rpm > http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh62.i386.rpm > > -Adi > > Adi wrote: > > > > I've built some RPMs incorporating the MSCHAP/MPPE patch to ppp-2.3.10 for > > RH6.1 and RH6.2. I have not done any work verifying that it actually works, > > I simply followed the instructions from the redhat readme on moretonbay.com, > > and made a RedHat spec file from them. > > > > I would greatly appreciate it if people would try these out and give me > > suggestions. Thanks. > > > > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh61.i386.rpm > > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh61.src.rpm > > http://certsite.org/~adi/sw/ppp-modules-2.3.10-1mschap_mppe_rh61.i386.rpm > > > > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh62.i386.rpm > > http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh62.src.rpm > > http://certsite.org/~adi/sw/ppp-modules-2.3.10-1mschap_mppe_rh62.i386.rpm > > > > -Adi > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From adi at certsite.com Thu May 11 13:17:29 2000 From: adi at certsite.com (Adi) Date: Thu, 11 May 2000 14:17:29 -0400 Subject: [pptp-server] RPMs for ppp-2.3.10 with MSCHAP/MPPE patch References: <3919D5A0.51C8EE67@certsite.com> <391ADE38.109E4C8B@certsite.com> <002001bfbb6f$96e8daf0$0200a8c0@farslayer> Message-ID: <391AF939.F4DF1C70@certsite.com> Yes, I did comment out the include... if you don't do that ppp_mppe.o won't even compile. But even if you comment it out, you get an unresolved symbol when you try to load the module. This may be because I built using RC4 code from OpenSSL 0.9.4 instead of SSLeay 0.6.x. The problem was that the function RC4_set_key was declared in a header file (rc4.h), but defined in rc4_skey.c. So if you don't #include "rc4_skey.c" you don't get that function's definition, and then you get "unresolved symbol RC4_set_key" when trying to load the resulting module. Anyway, the RPMs below fix this problem. Let me know any suggestions... -Adi "T.Shaw" wrote: > > Hmm I thought that was the reason you go to the source > /usr/src/linux/drivers/net/ppp_mppe and comment out the include for > rc4_skey.c ?? > > ----- Original Message ----- > From: "Adi Fairbank" > To: > Sent: Thursday, May 11, 2000 9:22 AM > Subject: Re: [pptp-server] RPMs for ppp-2.3.10 with MSCHAP/MPPE patch > > > Ok, I fixed the bug. It turns out that rc4_skey.c *IS* needed, contrary > to > > the PoPToP RedHat README file on moretonbay.com. Otherwise you get > > unresolved symbols on insmod ppp_mppe. > > > > New RPMs: > > > > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh61.i386.rpm > > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh61.src.rpm > > http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh61.i386.rpm > > > > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.i386.rpm > > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.src.rpm > > http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh62.i386.rpm > > > > -Adi > > From adi at certsite.com Thu May 11 14:22:04 2000 From: adi at certsite.com (Adi) Date: Thu, 11 May 2000 15:22:04 -0400 Subject: [pptp-server] Re: Help! References: Message-ID: <391B085C.757FC191@certsite.com> Michael Barsalou wrote: > > Was there much to change when you used your version of > OpenSSL? No, the only real change was that you need the #include "rc4_skey.c" Oh, also you need to edit some of the rc4 files that came with openssl, because they tried to #include All these changes are detailed in the patches contained in my src.rpm. > > If not we can change the HOWTO to use the OpenSSL instead. > > Of course we can now just get rid of the HOWTO because you > made an rpm! Right, that's what I figured. But I think your HOWTO is still very useful as a guideline on how the RPM was built... ALSO for people who don't use RedHat. We don't want to be fascist and require people to use only one distro. I would build .deb's I just don't have the time. :( -Adi From dbivens at intracom.com Thu May 11 15:33:22 2000 From: dbivens at intracom.com (Don Bivens) Date: Thu, 11 May 2000 16:33:22 -0400 Subject: [pptp-server] deb's References: <391B085C.757FC191@certsite.com> Message-ID: <001101bfbb88$26bc3c40$08080808@one.intracom.com> Actually the .deb's are being worked on right now :) ----- Original Message ----- From: "Adi" To: Cc: Sent: Thursday, May 11, 2000 3:22 PM Subject: [pptp-server] Re: Help! > Michael Barsalou wrote: > > > > Was there much to change when you used your version of > > OpenSSL? > > No, the only real change was that you need the #include "rc4_skey.c" > > Oh, also you need to edit some of the rc4 files that came with openssl, > because they tried to #include All these changes are detailed > in the patches contained in my src.rpm. > > > > > If not we can change the HOWTO to use the OpenSSL instead. > > > > Of course we can now just get rid of the HOWTO because you > > made an rpm! > > Right, that's what I figured. But I think your HOWTO is still very useful > as a guideline on how the RPM was built... ALSO for people who don't use > RedHat. We don't want to be fascist and require people to use only one > distro. I would build .deb's I just don't have the time. :( > > -Adi > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From natecars at real-time.com Thu May 11 17:26:59 2000 From: natecars at real-time.com (Nate Carlson) Date: Thu, 11 May 2000 17:26:59 -0500 (CDT) Subject: [pptp-server] PTY, GRE prob In-Reply-To: Message-ID: On Wed, 10 May 2000 linux at orgx.co.nz wrote: > I am fairly new to PPTP but still don't think I should have this problem. > I have pptp 1.0, ppp-2.3.10 with the ppp-2.3.10-openssl-0.9.4-mppe.patch > patch applied. I run /usr/local/sbin/pptpd --debug. The kernel is > rebuilt and has the modules ppp, ppp-mppe, and others loaded. Whenever I > attempt a connection from my Win98 box I get immediately disconnected and > in the Linux syslogs I see: *snip* Have you verified that the firewall (and any routers/switches/etc in between) is allowing the GRE traffic through? If that's not the problem, have you verified that the Win98 box is at the newest version of all the patches? Also, is that a direct syslog dump, or is that grep'd for pptp? (Could be some info that got missed by a grep.. *shrug*) -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From natecars at real-time.com Thu May 11 17:28:03 2000 From: natecars at real-time.com (Nate Carlson) Date: Thu, 11 May 2000 17:28:03 -0500 (CDT) Subject: [pptp-server] poptop and win2k In-Reply-To: <000d01bfbabe$6dbc6900$6900a8c0@one.intracom.com> Message-ID: On Wed, 10 May 2000, Don Bivens wrote: > Has anyone got Win2k to do a domain logon through the tunnel? I can get my > chap authentication but can't get on the domain. If I watch my port traffic > I see kerberos and ldap and pinging going on but that's about it. Any > ideas? I have authenticated Win2k over a PPTP tunnel just fine. Exact same set up I used for Win95/98.. just configure the default workgroup/domain on the machine to be the remote, make sure WINS is specified, and bring the tunnel up. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From Roman_Prinz at some.at Fri May 12 02:25:29 2000 From: Roman_Prinz at some.at (Roman_Prinz at some.at) Date: Fri, 12 May 2000 09:25:29 +0200 Subject: [pptp-server] rcvd [Compressed data] 90 55 58 59 13 e4 a1 10 ... Message-ID: hi all together, Please help me! I am using SuSE 6.4 ( pppd v2.3.11, PoPToP v1.0.0 ). I just set up pptp from a Win98SE client to my linux server. The server is running on the firewall itself and works just fine. I can connect to the server without any problem. BUT: After a variable time in the syslog-file a message like rcvd [Compressed data] 90 55 58 59 13 e4 a1 10 ... disappears. From this point on no communication is possible any more until the VPN is restarted. Has anyone seen this problem before, or any hint for me how to solve it? /etc/pptp.conf: --------------------------------------------------------------- speed 115200 option /etc/ppp/options.ppp0 debug localip 192.168.100.10 remoteip 192.168.100.100-120 pidfile /var/run/pptpd.pid /etc/ppp/options.ppp0 --------------------------------------------------------------- lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name some proxyarp /var/log/messages: --------------------------------------------------------------------------------------------- May 11 18:02:13 someurai pptpd[356]: MGR: Launching /usr/sbin/pptpctrl to handle client May 11 18:02:13 someurai pptpd[356]: CTRL: local address = 192.168.100.10 May 11 18:02:13 someurai pptpd[356]: CTRL: remote address = 192.168.100.100 May 11 18:02:13 someurai pptpd[356]: CTRL: pppd speed = 115200 May 11 18:02:13 someurai pptpd[356]: CTRL: pppd options file = /etc/ppp/options.ppp0 May 11 18:02:13 someurai pptpd[356]: CTRL: Client xxx.xxx.xxx.xxx control connection started May 11 18:02:13 someurai pptpd[356]: CTRL: Received PPTP Control Message (type: 1) May 11 18:02:13 someurai pptpd[356]: CTRL: Made a START CTRL CONN RPLY packet May 11 18:02:13 someurai pptpd[356]: CTRL: I wrote 156 bytes to the client. May 11 18:02:13 someurai pptpd[356]: CTRL: Sent packet to client May 11 18:02:14 someurai pptpd[356]: CTRL: Received PPTP Control Message (type: 7) May 11 18:02:14 someurai pptpd[356]: CTRL: Set parameters to 0 maxbps, 16 window size May 11 18:02:14 someurai pptpd[356]: CTRL: Made a OUT CALL RPLY packet May 11 18:02:14 someurai pptpd[356]: CTRL: Starting call (launching pppd, opening GRE) May 11 18:02:14 someurai pptpd[356]: CTRL: pty_fd = 5 May 11 18:02:14 someurai pptpd[356]: CTRL: tty_fd = 6 May 11 18:02:14 someurai pptpd[356]: CTRL: I wrote 32 bytes to the client. May 11 18:02:14 someurai pptpd[357]: CTRL (PPPD Launcher): Connection speed = 115200 May 11 18:02:14 someurai pptpd[357]: CTRL (PPPD Launcher): local address = 192.168.100.10 May 11 18:02:14 someurai pptpd[357]: CTRL (PPPD Launcher): remote address = 192.168.100.100 May 11 18:02:14 someurai pppd[357]: pppd 2.3.11 started by root, uid 0 May 11 18:02:14 someurai pppd[357]: Using interface ppp0 May 11 18:02:14 someurai pppd[357]: Connect: ppp0 <--> /dev/pts/0 May 11 18:02:14 someurai pppd[357]: sent [LCP ConfReq id=0x1 ] May 11 18:02:14 someurai pppd[357]: Timeout 0x8050ba0:0x807a2c0 in 3 seconds. May 11 18:02:14 someurai pptpd[356]: CTRL: Sent packet to client May 11 18:02:14 someurai pppd[357]: rcvd [LCP ConfReq id=0x1 ] May 11 18:02:14 someurai pppd[357]: lcp_reqci: returning CONFACK. May 11 18:02:14 someurai pppd[357]: sent [LCP ConfAck id=0x1 ] May 11 18:02:14 someurai pppd[357]: rcvd [LCP ConfRej id=0x1 ] May 11 18:02:14 someurai pppd[357]: Untimeout 0x8050ba0:0x807a2c0. May 11 18:02:14 someurai pppd[357]: sent [LCP ConfReq id=0x2 ] May 11 18:02:14 someurai pppd[357]: Timeout 0x8050ba0:0x807a2c0 in 3 seconds. May 11 18:02:14 someurai pppd[357]: rcvd [LCP ConfAck id=0x2 ] May 11 18:02:14 someurai pppd[357]: Untimeout 0x8050ba0:0x807a2c0. May 11 18:02:14 someurai pppd[357]: sent [LCP EchoReq id=0x0 magic=0x521c279d] May 11 18:02:14 someurai pppd[357]: Timeout 0x80537f0:0x807a2c0 in 30 seconds. May 11 18:02:14 someurai pppd[357]: cbcp_lowerup May 11 18:02:14 someurai pppd[357]: want: 2 May 11 18:02:14 someurai pppd[357]: sent [CHAP Challenge id=0x1 , name = "some"] May 11 18:02:14 someurai pppd[357]: Timeout 0x80569f0:0x807a5a0 in 3 seconds. May 11 18:02:14 someurai pppd[357]: rcvd [LCP EchoRep id=0x0 magic=0x1a862] May 11 18:02:14 someurai pppd[357]: rcvd [CHAP Response id=0x1 <3e38788d9ef78720ba7a7473478a1d680000000000000000f8e4e7371c0d611f48fbe75972a8f7770c8cfaf4023df76f04>, name = "some\\test"] May 11 18:02:14 someurai pppd[357]: Untimeout 0x80569f0:0x807a5a0. May 11 18:02:14 someurai pppd[357]: ChapReceiveResponse: rcvd type MS-CHAP-V2 May 11 18:02:14 someurai pppd[357]: sent [CHAP Success id=0x1 "S=61C2832FDA6324E0C12B007F7AB576658A25247C"] May 11 18:02:14 someurai pppd[357]: sent [IPCP ConfReq id=0x1 ] May 11 18:02:14 someurai pppd[357]: Timeout 0x8050ba0:0x807a520 in 3 seconds. May 11 18:02:14 someurai pppd[357]: sent [CCP ConfReq id=0x1 ] May 11 18:02:14 someurai pppd[357]: Timeout 0x8050ba0:0x807a640 in 3 seconds. May 11 18:02:14 someurai pppd[357]: MSCHAP-v2 peer authentication succeeded for some\\test May 11 18:02:14 someurai pppd[357]: rcvd [IPCP ConfReq id=0x1 ] May 11 18:02:14 someurai pppd[357]: ipcp: returning Configure-REJ May 11 18:02:14 someurai pppd[357]: sent [IPCP ConfRej id=0x1 ] May 11 18:02:14 someurai pppd[357]: rcvd [CCP ConfReq id=0x1 ] May 11 18:02:14 someurai pppd[357]: sent [CCP ConfRej id=0x1 ] May 11 18:02:14 someurai pppd[357]: rcvd [IPCP ConfRej id=0x1 ] May 11 18:02:14 someurai pppd[357]: Untimeout 0x8050ba0:0x807a520. May 11 18:02:14 someurai pppd[357]: sent [IPCP ConfReq id=0x2 ] May 11 18:02:14 someurai pppd[357]: Timeout 0x8050ba0:0x807a520 in 3 seconds. May 11 18:02:14 someurai pppd[357]: rcvd [CCP ConfRej id=0x1 ] May 11 18:02:14 someurai pppd[357]: Untimeout 0x8050ba0:0x807a640. May 11 18:02:14 someurai pppd[357]: sent [CCP ConfReq id=0x2 ] May 11 18:02:14 someurai pppd[357]: Timeout 0x8050ba0:0x807a640 in 3 seconds. May 11 18:02:14 someurai pppd[357]: rcvd [IPCP ConfReq id=0x2 ] May 11 18:02:14 someurai pppd[357]: ipcp: returning Configure-NAK May 11 18:02:14 someurai pppd[357]: sent [IPCP ConfNak id=0x2 ] May 11 18:02:14 someurai pppd[357]: rcvd [CCP ConfReq id=0x2 ] May 11 18:02:14 someurai pppd[357]: sent [CCP ConfNak id=0x2 ] May 11 18:02:14 someurai pppd[357]: rcvd [IPCP ConfAck id=0x2 ] May 11 18:02:14 someurai pppd[357]: rcvd [CCP ConfNak id=0x2 ] May 11 18:02:14 someurai pppd[357]: Untimeout 0x8050ba0:0x807a640. May 11 18:02:14 someurai pppd[357]: sent [CCP ConfReq id=0x3 ] May 11 18:02:14 someurai pppd[357]: Timeout 0x8050ba0:0x807a640 in 3 seconds. May 11 18:02:14 someurai pppd[357]: rcvd [IPCP ConfReq id=0x3 ] May 11 18:02:14 someurai pppd[357]: ipcp: returning Configure-ACK May 11 18:02:14 someurai pppd[357]: sent [IPCP ConfAck id=0x3 ] May 11 18:02:14 someurai pppd[357]: Untimeout 0x8050ba0:0x807a520. May 11 18:02:14 someurai pppd[357]: ipcp: up May 11 18:02:14 someurai pppd[357]: found interface eth0 for proxy arp May 11 18:02:14 someurai pppd[357]: local IP address 192.168.100.10 May 11 18:02:14 someurai pppd[357]: remote IP address 192.168.100.100 May 11 18:02:14 someurai pppd[357]: Timeout 0x805ac70:0x0 in 600 seconds. May 11 18:02:14 someurai pppd[357]: Script /etc/ppp/ip-up started (pid 358) May 11 18:02:14 someurai pppd[357]: rcvd [CCP ConfReq id=0x3 ] May 11 18:02:14 someurai pppd[357]: sent [CCP ConfAck id=0x3 ] May 11 18:02:14 someurai pppd[357]: Script /etc/ppp/ip-up finished (pid 358), status = 0x0 May 11 18:02:14 someurai pppd[357]: rcvd [CCP ConfAck id=0x3 ] May 11 18:02:14 someurai pppd[357]: Untimeout 0x8050ba0:0x807a640. May 11 18:02:14 someurai pppd[357]: MPPE 40 bit, stateless compression enabled May 11 18:02:44 someurai pppd[357]: sent [LCP EchoReq id=0x1 magic=0x521c279d] May 11 18:02:44 someurai pppd[357]: Timeout 0x80537f0:0x807a2c0 in 30 seconds. May 11 18:02:44 someurai pppd[357]: rcvd [LCP EchoRep id=0x1 magic=0x1a862] May 11 18:03:14 someurai pptpd[356]: CTRL: Received PPTP Control Message (type: 5) May 11 18:03:14 someurai pptpd[356]: CTRL: Made a ECHO RPLY packet May 11 18:03:14 someurai pptpd[356]: CTRL: I wrote 20 bytes to the client. May 11 18:03:14 someurai pptpd[356]: CTRL: Sent packet to client May 11 18:03:14 someurai pppd[357]: sent [LCP EchoReq id=0x2 magic=0x521c279d] May 11 18:03:14 someurai pppd[357]: Timeout 0x80537f0:0x807a2c0 in 30 seconds. May 11 18:03:14 someurai pppd[357]: rcvd [LCP EchoRep id=0x2 magic=0x1a862] May 11 18:03:33 someurai pppd[357]: rcvd [Compressed data] 90 7f d2 d2 bf 0c 90 50 ... May 11 18:03:33 someurai pptpd[356]: GRE: Discarding out of order packet May 11 18:03:33 someurai pppd[357]: rcvd [Compressed data] 90 80 fc a8 74 a1 bd a0 ... May 11 18:03:33 someurai pppd[357]: rcvd [Compressed data] 90 81 97 cb 37 3b 3e d0 ... .. .. May 11 18:03:41 someurai pppd[357]: rcvd [Compressed data] 90 b4 b7 87 7b 2d b5 9e ... May 11 18:03:41 someurai pppd[357]: rcvd [Compressed data] 90 b6 5c d6 9e 6b 22 e4 ... May 11 18:03:41 someurai pptpd[356]: GRE: Discarding out of order packet May 11 18:03:41 someurai pppd[357]: rcvd [Compressed data] 90 b7 b1 ea 02 66 16 70 ... May 11 18:03:41 someurai pppd[357]: rcvd [Compressed data] 90 b8 16 81 d8 3a 07 f7 ... .. .. May 11 18:03:44 someurai pppd[357]: rcvd [Compressed data] 91 03 75 86 a3 bb 9a 24 ... May 11 18:03:44 someurai pppd[357]: rcvd [Compressed data] 91 04 03 83 97 e8 de 6c ... May 11 18:03:44 someurai pppd[357]: sent [LCP EchoReq id=0x3 magic=0x521c279d] May 11 18:03:44 someurai pppd[357]: Timeout 0x80537f0:0x807a2c0 in 30 seconds. May 11 18:03:44 someurai pppd[357]: rcvd [LCP EchoRep id=0x3 magic=0x1a862] May 11 18:03:46 someurai pppd[357]: rcvd [Compressed data] 91 05 d4 67 04 51 8d 71 ... May 11 18:03:46 someurai pppd[357]: rcvd [Compressed data] 91 06 b3 28 7b 2e 91 29 ... ... May 11 18:04:00 someurai pppd[357]: rcvd [Compressed data] 91 1c 7f b7 12 45 37 b1 ... May 11 18:04:04 someurai pppd[357]: rcvd [Compressed data] 91 1d 23 21 c4 c9 41 6a ... May 11 18:04:06 someurai pppd[357]: rcvd [LCP TermReq id=0x2] May 11 18:04:06 someurai pppd[357]: LCP terminated by peer May 11 18:04:06 someurai pppd[357]: Untimeout 0x80537f0:0x807a2c0. May 11 18:04:06 someurai pppd[357]: cbcp_lowerdown May 11 18:04:06 someurai pppd[357]: ipcp: down May 11 18:04:06 someurai pppd[357]: Untimeout 0x805ac70:0x0. May 11 18:04:06 someurai pppd[357]: Script /etc/ppp/ip-down started (pid 362) May 11 18:04:06 someurai pppd[357]: Timeout 0x8050ba0:0x807a2c0 in 3 seconds. May 11 18:04:06 someurai pppd[357]: sent [LCP TermAck id=0x2] May 11 18:04:06 someurai pppd[357]: Script /etc/ppp/ip-down finished (pid 362), status = 0x0 May 11 18:04:06 someurai pptpd[356]: CTRL: Received PPTP Control Message (type: 12) May 11 18:04:06 someurai pptpd[356]: CTRL: Made a CALL DISCONNECT RPLY packet May 11 18:04:06 someurai pptpd[356]: CTRL: Received CALL CLR request (closing call) May 11 18:04:06 someurai pptpd[356]: CTRL: I wrote 148 bytes to the client. May 11 18:04:06 someurai pptpd[356]: CTRL: Sent packet to client May 11 18:04:06 someurai pptpd[356]: CTRL: Error with select(), quitting May 11 18:04:06 someurai pptpd[356]: CTRL: Client xxx.xxx.xxx.xxx control connection finished May 11 18:04:06 someurai pptpd[356]: CTRL: Exiting now May 11 18:04:06 someurai pptpd[264]: MGR: Reaped child 356 May 11 18:04:06 someurai pppd[357]: Modem hangup May 11 18:04:06 someurai pppd[357]: Untimeout 0x8050ba0:0x807a2c0. May 11 18:04:06 someurai pppd[357]: Connection terminated. May 11 18:04:06 someurai pppd[357]: Connect time 1.9 minutes. May 11 18:04:06 someurai pppd[357]: Sent 55517 bytes, received 22131 bytes. May 11 18:04:06 someurai pppd[357]: Exit. ----------------------------------------------------------------------------------------------------- thanks for help! roman.prinz at some.at From a.north at interactive-voice.com.au Fri May 12 02:22:38 2000 From: a.north at interactive-voice.com.au (Angus North) Date: Fri, 12 May 2000 17:22:38 +1000 Subject: [pptp-server] PPTP without dialup Message-ID: <005001bfbbe2$da5ca190$3ba8a8c0@interactivevoice.com.au> Hi I've not been able to find an answer to my problem in the list archives, so here's my problem! Hopefully the answer's obvious: I can establish a VPN if I dial in to my ISP, then use my PPTP connection (from win 98 or NT) to connect to my PoPToP server. Everything works fine in this case. However, if i try to use the PPTP connection when I'm already on a LAN which has Internet access, I can't get the Network Neighbourhood to work. Everything else works ok. The proxy arp is working fine: I can ping and telnet to the network behind the PoPToP server, but the only thing I see in the network neighbourhood is my own computer. I've set up the wins server using the wins-server option, and a TCP dump on the ppp link shows wins stuff going to the server (an NT 4 server), but nothing coming back. The poptop server's firewall is turned off, so i don't believe that's the problem. What's the difference that causes it to fail without the dial-up link? Cheers Angus -------------- next part -------------- An HTML attachment was scrubbed... URL: From pascal.fremaux at sxb.bsf.alcatel.fr Fri May 12 03:42:58 2000 From: pascal.fremaux at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Fri, 12 May 2000 10:42:58 +0200 Subject: [pptp-server] Security: rollback to MS-chapv1 Message-ID: <391BC412.8CE295A6@sxb.bsf.alcatel.fr> Is PoPToP/PPP protected from the 'bug' of Windows implementation: when you ask the PoPToP/PPP server to accept only MS-chapv2, tho PPP protocol authorize to downgrade to MS-chapv1 if the client doesn't know V2 ? I put 'require Ms-chapv2' in my PPP option file. Is it sufficient ? Should I put also 'refuse Ms-chapv1' ? -- Pascal Fremaux, SSII Alten Study Engineer at Alcatel Telecom R&D, Illkirch, France From michael.kappler at primedisc.com Fri May 12 03:57:03 2000 From: michael.kappler at primedisc.com (michael.kappler at primedisc.com) Date: Fri, 12 May 2000 10:57:03 +0200 Subject: [pptp-server] pptp.conf, options: where to put what? Message-ID: Hello out there, after many nights of depair I'm running pptp 1.0.0 with all the MSCHAPv2 and MPPE patches on a SuSE 6.3 linux box (kernel 2.2.13, pppd 2.3.10) throug a firewall and it works fine. Now I'm thinking of replacing our existing WinNT RAS/VPN server by that linux box. Up to now our field workers get access to our LAN via Internet. There is a special pool of ip addresses on the NT-server and if someone connects, the clients gets one of the addresses out of that pool. But I'm a bit confused where and how to put the ip-address assignment to at my linux: there is the pptpd.conf, where I can set local and remote addresses, there is the options file (of pppd) where I can assign addresses and there can be some special option files (like options.ttyXX) where I can put different options. Can anyone tell me where to put which options or where to get the answers? Many thanks so far. Mike From john at netdirect.ca Fri May 12 07:21:14 2000 From: john at netdirect.ca (John Van Ostrand) Date: Fri, 12 May 2000 08:21:14 -0400 Subject: [pptp-server] PPTP without dialup Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B0D1@enterprise.NetDirect.CA> Angus, I have also seen this and I think it is a limitation of the Windows client. The network neighborhood is a result of the browse list which is your LAN's. However if you tried directly accessing a system (through Start/Run and typing \\servername ) you should be able to get to your server. I think you can get around this by changing the workgroup setting in the identification tab of network properties. Also change the NT domain in the clieint for microsft network properties. Reboot, cancel the network login. Then connect PPTP and you'll get a login to the remote network. For NT you have to have to join the remote network then logout and login to the remote network at the login prompt using dial-up networking. This is a little bit trickier and I haven't done this myself. John. -----Original Message----- From: Angus North [mailto:a.north at interactive-voice.com.au] Sent: Friday, May 12, 2000 3:23 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] PPTP without dialup Hi I've not been able to find an answer to my problem in the list archives, so here's my problem! Hopefully the answer's obvious: I can establish a VPN if I dial in to my ISP, then use my PPTP connection (from win 98 or NT) to connect to my PoPToP server. Everything works fine in this case. However, if i try to use the PPTP connection when I'm already on a LAN which has Internet access, I can't get the Network Neighbourhood to work. Everything else works ok. The proxy arp is working fine: I can ping and telnet to the network behind the PoPToP server, but the only thing I see in the network neighbourhood is my own computer. I've set up the wins server using the wins-server option, and a TCP dump on the ppp link shows wins stuff going to the server (an NT 4 server), but nothing coming back. The poptop server's firewall is turned off, so i don't believe that's the problem. What's the difference that causes it to fail without the dial-up link? Cheers Angus -------------- next part -------------- An HTML attachment was scrubbed... URL: From john at netdirect.ca Fri May 12 07:44:29 2000 From: john at netdirect.ca (John Van Ostrand) Date: Fri, 12 May 2000 08:44:29 -0400 Subject: [pptp-server] pptp.conf, options: where to put what? Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B0D2@enterprise.NetDirect.CA> We also replaced our WinNT RAS with linux and have found it more stable. We've even begun selling VPN services. Assuming your server IP address is 1.2.3.4 and you want the VPN clients to get addresses from 1.2.3.16 through 1.2.3.32 you would use these lines in the pptpd.conf file: localip 1.2.3.4 remoteip 1.2.3.16-32 The VPN clients will be assigned (sequentially) the addresses. The options.tty* concept technically works with PPTP but practically one does not use it. The tty that pptp uses is pulled from a large pool that uses these ttys for other uses as well. If you require different options for different purposes you should run two separate pptpd daemons and configure each to use a different pptpd.conf file using the -c option of pptpd. First you need to setup an IP alias on your network card. Each pptp daemon must be tied to a different IP address. Then create different pptpd.conf files and change the following settings to be unique for each file: localip (set to one of the IP addresses running on the card) remoteip (set to use a different range of addresses) listen (set to one of the Ip addresses running on the card) pidfile (set to a unique file) Then you can change the "option" setting to reflect different pppd settings. I use this technique when selling VPN services. This way I can give different ip addresses for each VPM cleint as well as different, ms-wins and ms-dns. With a RADIUS patch I should eb able to give a different authentication database as well. John. > -----Original Message----- > From: michael.kappler at primedisc.com > [mailto:michael.kappler at primedisc.com] > Sent: Friday, May 12, 2000 4:57 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp.conf, options: where to put what? > > > > > Hello out there, > > after many nights of depair I'm running pptp 1.0.0 with all > the MSCHAPv2 > and MPPE patches on a SuSE 6.3 linux box (kernel 2.2.13, pppd 2.3.10) > throug a firewall and it works fine. Now I'm thinking of > replacing our > existing WinNT RAS/VPN server by that linux box. Up to now our field > workers get access to our LAN via Internet. There is a > special pool of ip > addresses on the NT-server and if someone connects, the > clients gets one of > the addresses out of that pool. > > But I'm a bit confused where and how to put the ip-address > assignment to at > my linux: there is the pptpd.conf, where I can set local and remote > addresses, there is the options file (of pppd) where I can > assign addresses > and there can be some special option files (like > options.ttyXX) where I can > put different options. > > Can anyone tell me where to put which options or where to get > the answers? > > Many thanks so far. > > Mike > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From dbivens at intracom.com Fri May 12 07:56:57 2000 From: dbivens at intracom.com (Don Bivens) Date: Fri, 12 May 2000 08:56:57 -0400 Subject: [pptp-server] poptop and win2k References: Message-ID: <002501bfbc11$8e67b390$08080808@one.intracom.com> Maybe a little more detail is in order. It appears that I get authenticated but the Win2k client just stays there "loading personal settings" or whatever the dialogue is and never finishes the logon sequence as the ldap and kerb traffic just flow back and forth over the tunnel. I have turned off my roaming profile so it's not as if it's passing large amounts of data and I'm just being impatient. Also, Win2k doesn't rely on WINS so I don't know what that has to do with it altho I am passing it ms-dns, and ms-wins in the ppp options file. ----- Original Message ----- From: "Nate Carlson" To: "Don Bivens" Cc: Sent: Thursday, May 11, 2000 6:28 PM Subject: Re: [pptp-server] poptop and win2k > On Wed, 10 May 2000, Don Bivens wrote: > > Has anyone got Win2k to do a domain logon through the tunnel? I can get my > > chap authentication but can't get on the domain. If I watch my port traffic > > I see kerberos and ldap and pinging going on but that's about it. Any > > ideas? > > I have authenticated Win2k over a PPTP tunnel just fine. Exact same set up > I used for Win95/98.. just configure the default workgroup/domain on the > machine to be the remote, make sure WINS is specified, and bring the > tunnel up. > > -- > Nate Carlson | Phone : (952)943-8700 > http://www.real-time.com | Fax : (952)943-8500 > > From sboulter at ariasolutions.com Fri May 12 10:44:12 2000 From: sboulter at ariasolutions.com (Shane Boulter) Date: Fri, 12 May 2000 09:44:12 -0600 Subject: [pptp-server] unresolved symbol(s) Message-ID: Hello All I've been trying to setup PoPToP now for a while. I started reading the redhat-howto on the PoPToP homepage and got it working without any problems without using encryption. The next step was to implement the encryption. So I continued on reading the document and following the steps carefully. When I did a 'make modules SUBDIRS=drivers/net' I got an error about a missing header file. So I tracked down the header file and put it in the proper directory. After doing that the make was successful. The problem I have now ran into is right at the end of the howto in the command 'depmod -a'. When I run this command I get the following error: /lib/modules/2.2.12-20/net/ppp_mppe.o: unresolved symbol(s) Not to descriptive and I'm not sure where to start to be able to fix this problem. Any help would be appreciated. Shane BTW: I am using RedHat v6.1. From adi at certsite.com Fri May 12 12:02:38 2000 From: adi at certsite.com (Adi) Date: Fri, 12 May 2000 13:02:38 -0400 Subject: [pptp-server] unresolved symbol(s) References: Message-ID: <391C392E.B819DCF0@certsite.com> I just resolved this problem a couple days ago, and I packaged the solution into an RPM. The missing symbol is RC4_set_key (found in rc4_skey.c that you probably commented out). You need that file.. I am going to make some changes to the README and contribute them to the maintainer (Michael) soon. For now, I think you'll find using these RPMs the easiest. http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh61.src.rpm http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh61.i386.rpm http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh61.i386.rpm If you just download the src.rpm and type: rpm --rebuild ppp-2.3.10-2mschap_mppe_rh61.src.rpm you can watch it go, but you need a linux kernel source tree installed first (2.2.12-20 for RH6.1). -Adi Shane Boulter wrote: > > Hello All > > I've been trying to setup PoPToP now for a while. I started reading the > redhat-howto on the PoPToP homepage and got it working without any problems > without using encryption. The next step was to implement the encryption. > So I continued on reading the document and following the steps carefully. > When I did a 'make modules SUBDIRS=drivers/net' I got an error about a > missing header file. So I tracked down the header file and put it in the > proper directory. After doing that the make was successful. The problem I > have now ran into is right at the end of the howto in the command 'depmod > -a'. When I run this command I get the following error: > > /lib/modules/2.2.12-20/net/ppp_mppe.o: unresolved symbol(s) > > Not to descriptive and I'm not sure where to start to be able to fix this > problem. Any help would be appreciated. > > Shane > > BTW: I am using RedHat v6.1. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From greg at found.com Fri May 12 11:58:45 2000 From: greg at found.com (Greg Tibbitts) Date: Fri, 12 May 2000 10:58:45 -0600 Subject: [pptp-server] disconnected Message-ID: I get the following error when trying to connect. I am using win98 client, pptpd-1.0.0 and pppd-2.3.5 on Solaris 7 Intel. I have re-installed the vpn adapter several times. May 12 10:43:51 ds9 pppd[14533]: pppd 2.3.5 started by root, uid 0 May 12 10:43:51 ds9 pppd[14533]: Connect: ppp0 <--> /dev/ttyp0 May 12 10:43:52 ds9 unix: IP Filter: attach to [ppp0,0] May 12 10:44:21 ds9 pppd[14533]: LCP: timeout sending Config-Requests May 12 10:44:21 ds9 pppd[14533]: Connection terminated. May 12 10:44:21 ds9 pptpd[14532]: GRE: read(fd=5,buffer=804f10c,len=8196) from PTY failed: status = -1 error = I/O error May 12 10:44:21 ds9 pptpd[14532]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) May 12 10:44:22 ds9 unix: IP Filter: detaching [ppp0] May 12 10:45:46 ds9 pppd[14541]: pppd 2.3.5 started by root, uid 0 May 12 10:45:46 ds9 pppd[14541]: Connect: ppp0 <--> /dev/ttyp0 May 12 10:45:47 ds9 unix: IP Filter: attach to [ppp0,0] May 12 10:46:16 ds9 pptpd[14540]: CTRL: Error with select(), quitting May 12 10:46:16 ds9 pppd[14541]: Modem hangup May 12 10:46:16 ds9 pppd[14541]: Connection terminated. May 12 10:46:17 ds9 unix: IP Filter: detaching [ppp0] May 12 10:46:51 ds9 pppd[14546]: pppd 2.3.5 started by root, uid 0 May 12 10:46:51 ds9 pppd[14546]: Connect: ppp0 <--> /dev/ttyp0 May 12 10:46:52 ds9 unix: IP Filter: attach to [ppp0,0] May 12 10:47:21 ds9 pptpd[14545]: CTRL: Error with select(), quitting May 12 10:47:21 ds9 pppd[14546]: Modem hangup May 12 10:47:21 ds9 pppd[14546]: Connection terminated. May 12 10:47:22 ds9 unix: IP Filter: detaching [ppp0] /etc/ppp/options debug name 192.168.1.234 auth require-chap proxyarp /etc/pptpd.conf speed 115200 option /etc/ppp/options debug localip 192.168.0.234-238 remoteip 192.168.1.234-238 From barjunk at attglobal.net Fri May 12 12:29:55 2000 From: barjunk at attglobal.net (Michael Barsalou) Date: Fri, 12 May 2000 09:29:55 -0800 Subject: [pptp-server] Re: disconnected Message-ID: <200005121728.e4CHSZH22378@snaildust.schulte.org> In the past the GRE error has been from some sort of firewall problem. Is there a way to turn yours off temporarily so you can test it? The firewall isn't passing protocol 47 and/or letting stuff go through port 1723. Is there a way you can verify that the firewall is letting these things through? Mike Michael Barsalou barjunk at attglobal.net From greg at found.com Fri May 12 12:58:35 2000 From: greg at found.com (Greg Tibbitts) Date: Fri, 12 May 2000 11:58:35 -0600 Subject: [pptp-server] RE: disconnected In-Reply-To: <200005121728.LAA23666@luxor.found.com> Message-ID: I disabled the firewall and tried again. I get the following error after which the pptpd process dies. May 12 11:38:12 ds9 pppd[14656]: pppd 2.3.5 started by root, uid 0 May 12 11:38:12 ds9 pppd[14656]: Connect: ppp0 <--> /dev/ttyp0 May 12 11:38:13 ds9 unix: IP Filter: attach to [ppp0,0] May 12 11:38:42 ds9 pptpd[14655]: CTRL: Error with select(), quitting May 12 11:38:42 ds9 pppd[14656]: Modem hangup May 12 11:38:42 ds9 pppd[14656]: Connection terminated. May 12 11:38:43 ds9 unix: IP Filter: detaching [ppp0] -----Original Message----- From: Michael Barsalou [mailto:barjunk at attglobal.net] Sent: Friday, May 12, 2000 11:30 AM To: greg at found.com Cc: pptp-server at lists.schulte.org Subject: Re: disconnected In the past the GRE error has been from some sort of firewall problem. Is there a way to turn yours off temporarily so you can test it? The firewall isn't passing protocol 47 and/or letting stuff go through port 1723. Is there a way you can verify that the firewall is letting these things through? Mike Michael Barsalou barjunk at attglobal.net From gdunn at inscriber.com Fri May 12 13:44:45 2000 From: gdunn at inscriber.com (Graham Dunn) Date: Fri, 12 May 2000 14:44:45 -0400 Subject: [pptp-server] Patch and a question for FreeBSD In-Reply-To: <200005121822.e4CIMYH22897@snaildust.schulte.org>; from pptp-server-request@lists.schulte.org on Fri, May 12, 2000 at 01:22:34PM -0500 References: <200005121822.e4CIMYH22897@snaildust.schulte.org> Message-ID: <20000512144445.C8404@itc-kakkoii.inorth.com> Hi ... A small patch to get poptop v-1.1.1 to compile on freebsd 3.4-release: --- pptpdefs.h.orig Fri May 12 16:43:28 2000 +++ pptpdefs.h Fri May 12 16:58:52 2000 @@ -19,6 +19,9 @@ #include +/* FreeBSD doesn't have this socket level defined in socket.h */ +#define SOL_IP 0 + /* PPTP ctrl message port */ #define PPTP_PORT 1723 And now, Question: poptop v-1.1.1, freebsd 3.4-release The authentication portion of the connection works, but it seems like pptpd then can't read from ppp (the userland version). This is with a win2k client. The client complains about not being able to negotiate a PPP control protocol with the server. Any thoughts? May 12 17:02:00 natted pptpd[10970]: Discarding out-of-order packet 0, already have 0 May 12 17:02:00 natted ppp[10971]: Phase: Using interface: tun0 May 12 17:02:00 natted ppp[10971]: Phase: deflink: Created in closed state May 12 17:02:00 natted ppp[10971]: Phase: PPP Started (direct mode). May 12 17:02:00 natted ppp[10971]: Phase: bundle: Establish May 12 17:02:00 natted ppp[10971]: Phase: deflink: closed -> opening May 12 17:02:00 natted ppp[10971]: Phase: deflink: Connected! May 12 17:02:00 natted ppp[10971]: Phase: deflink: opening -> carrier May 12 17:02:00 natted ppp[10971]: Phase: deflink: carrier -> lcp May 12 17:02:02 natted pptpd[10970]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! May 12 17:02:02 natted pptpd[10970]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! May 12 17:02:02 natted ppp[10971]: Phase: bundle: Authenticate May 12 17:02:02 natted pptpd[10970]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! May 12 17:02:02 natted ppp[10971]: Phase: deflink: his = none, mine = CHAP 0x05 May 12 17:02:02 natted ppp[10971]: Phase: Chap Output: CHALLENGE May 12 17:02:02 natted ppp[10971]: Phase: Chap Input: RESPONSE (16 bytes from tester) May 12 17:02:02 natted ppp[10971]: Phase: Chap Output: SUCCESS May 12 17:02:02 natted pptpd[10970]: GRE: read error: Bad file descriptor May 12 17:02:02 natted ppp[10971]: Phase: deflink: lcp -> open May 12 17:02:02 natted ppp[10971]: Phase: bundle: Network May 12 17:02:02 natted ppp[10971]: Phase: deflink: read (0): Got zero bytes May 12 17:02:02 natted ppp[10971]: Phase: deflink: open -> lcp May 12 17:02:02 natted pptpd[10970]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! May 12 17:02:02 natted pptpd[10970]: GRE: read error: Bad file descriptor May 12 17:02:02 natted pptpd[10970]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) May 12 17:02:02 natted pptpd[10970]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) )May 12 17:02:02 natted ppp[10971]: Phase: bundle: Terminate )May 12 17:02:02 natted ppp[10971]: Phase: deflink: Disconnected! )May 12 17:02:02 natted ppp[10971]: Phase: deflink: Connect time: 2 )secs: 463 octets in, 496 octets out )May 12 17:02:02 natted ppp[10971]: Phase: total 479 bytes/sec, peak )319 bytes/sec on Fri May 12 17:02:02 2000 )May 12 17:02:02 natted ppp[10971]: Phase: deflink: lcp -> closed )May 12 17:02:02 natted ppp[10971]: Phase: bundle: Dead )May 12 17:02:02 natted ppp[10971]: Phase: PPP Terminated (normal). ) -- gdunn at inscriber.com Graham Dunn || ||| | ||| |||| | |||| | PGP Key fingerprint = 3F 56 12 9B 8A E1 77 CB F0 62 94 B0 93 06 1E 88 From psr at lcsweb.com Fri May 12 13:56:38 2000 From: psr at lcsweb.com (Paul Rodgers) Date: Fri, 12 May 2000 14:56:38 -0400 Subject: [pptp-server] PPTP without dialup In-Reply-To: <005001bfbbe2$da5ca190$3ba8a8c0@interactivevoice.com.au> Message-ID: Angus, It sounds like you're not logging in to the network behind the ppptp server. When you dial up, you are not logged in to Microsoft Networking, hence your machine attempts to 'login to the remote network'. When you're on a LAN, your already 'logged in', so it ignores the request. If you have a domain controller behind the ppp server, try to use domain\username for the username. Bottom line: this is a Microsoft Networking issue, not a PoPTop issue (IMHO). Paul -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Angus North Sent: Friday, May 12, 2000 3:23 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] PPTP without dialup Hi I've not been able to find an answer to my problem in the list archives, so here's my problem! Hopefully the answer's obvious: I can establish a VPN if I dial in to my ISP, then use my PPTP connection (from win 98 or NT) to connect to my PoPToP server. Everything works fine in this case. However, if i try to use the PPTP connection when I'm already on a LAN which has Internet access, I can't get the Network Neighbourhood to work. Everything else works ok. The proxy arp is working fine: I can ping and telnet to the network behind the PoPToP server, but the only thing I see in the network neighbourhood is my own computer. I've set up the wins server using the wins-server option, and a TCP dump on the ppp link shows wins stuff going to the server (an NT 4 server), but nothing coming back. The poptop server's firewall is turned off, so i don't believe that's the problem. What's the difference that causes it to fail without the dial-up link? Cheers Angus -------------- next part -------------- An HTML attachment was scrubbed... URL: From barjunk at attglobal.net Fri May 12 18:05:58 2000 From: barjunk at attglobal.net (Michael Barsalou) Date: Fri, 12 May 2000 15:05:58 -0800 Subject: [pptp-server] Why ports 2 and 3 Message-ID: <200005122305.e4CN5hH25577@snaildust.schulte.org> I was doing some VPN testing on a machine and started logging all the packets going to and from a workstation that was trying to connect to my pptp server. I started seeing protocol 6 (tcp) packets coming from port 3 and going to port 2. Why would a windows machine use port 3? The services file doesn't have any recorded info about what you might use port 2 or 3 for. Anyone have any ideas? Mike Michael Barsalou barjunk at attglobal.net From linux at orgx.co.nz Fri May 12 23:52:50 2000 From: linux at orgx.co.nz (linux at orgx.co.nz) Date: Sat, 13 May 2000 17:52:50 +1300 Subject: [pptp-server] PTY, GRE prob Message-ID: Yes. There is no firewall in between these 2 machines - they're on the same hub and the Linux machine has the default policies of ipchains - accept everything. I'm just trying to demonstrate that it works before putting on a real firewall. It really has me stumped, although I feel slightly better to see that others seem to have similar ones. I hope we can all get it solved soon! The Win98 box is my laptop and it's up-to-date in that the "Windows-Update" thingy on the start menu says there are no updates I need at present, and also the Thinkpad "IBM Update" says it's up-to-date. Yes this stuff is straight from syslog. Cheers, Richard Shepherd Aetna DBA Nate Carlson 05/12/00 10:26 AM To: linux at orgx.co.nz cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] PTY, GRE prob On Wed, 10 May 2000 linux at orgx.co.nz wrote: > I am fairly new to PPTP but still don't think I should have this problem. > I have pptp 1.0, ppp-2.3.10 with the ppp-2.3.10-openssl-0.9.4-mppe.patch > patch applied. I run /usr/local/sbin/pptpd --debug. The kernel is > rebuilt and has the modules ppp, ppp-mppe, and others loaded. Whenever I > attempt a connection from my Win98 box I get immediately disconnected and > in the Linux syslogs I see: *snip* Have you verified that the firewall (and any routers/switches/etc in between) is allowing the GRE traffic through? If that's not the problem, have you verified that the Win98 box is at the newest version of all the patches? Also, is that a direct syslog dump, or is that grep'd for pptp? (Could be some info that got missed by a grep.. *shrug*) -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 -------------- next part -------------- An HTML attachment was scrubbed... URL: From linux at orgx.co.nz Sat May 13 00:03:36 2000 From: linux at orgx.co.nz (linux at orgx.co.nz) Date: Sat, 13 May 2000 18:03:36 +1300 Subject: [pptp-server] PTY, GRE prob Message-ID: Hi, the client is using a "Microsoft VPN Adapter" etc. I did actually have it working earlier but it would "choke" after a short period of time, and it didn't have MPPE support which we want. So I started again and have the MPPE support in the kernel and PPP. But now PPTPD fails to complete negotiation of the setup. Boohoo. I'm still trying... Cheers, Richard Shepherd Paul Rodgers 05/11/00 09:07 AM To: "'linux at orgx.co.nz'" cc: Subject: RE: [pptp-server] PTY, GRE prob Newbie here, but I've seen similar probs before. Is the client trying to negotiate w/ multiple protocols?? Sorry, but I must ask --- ru using a plain DUN adapter instead of a tunneling 'adapter'? Paul On Wednesday, May 10, 2000 5:04 AM, linux at orgx.co.nz [SMTP:linux at orgx.co.nz] wrote: > Hi, > > I am fairly new to PPTP but still don't think I should have this problem. > I have pptp 1.0, ppp-2.3.10 with the ppp-2.3.10-openssl-0.9.4-mppe.patch > patch applied. I run /usr/local/sbin/pptpd --debug. The kernel is > rebuilt and has the modules ppp, ppp-mppe, and others loaded. Whenever I > attempt a connection from my Win98 box I get immediately disconnected and > in the Linux syslogs I see: > > May 10 21:46:53 bts pptpd[3552]: CTRL: Starting call (launching pppd, > opening GRE) > May 10 21:46:53 bts pptpd[3552]: CTRL: pty_fd = 4 > May 10 21:46:53 bts pptpd[3552]: CTRL: tty_fd = 5 > May 10 21:46:53 bts pptpd[3552]: CTRL: I wrote 32 bytes to the client. > May 10 21:46:53 bts pptpd[3552]: CTRL: Sent packet to client > May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): Connection speed = > 115200 > May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): local address = > 192.168.10.134 > May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): remote address = > 192.168.10.248 > May 10 21:46:53 bts pptpd[3552]: GRE: read(fd=4,buffer=804d9c0,len=8196) > from PTY failed: status = -1 error = Input/output error > May 10 21:46:53 bts pptpd[3552]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > May 10 21:46:53 bts pptpd[3552]: CTRL: Client 192.168.10.193 control > connection finished > May 10 21:46:53 bts pptpd[3552]: CTRL: Exiting now > May 10 21:46:53 bts pptpd[3551]: MGR: Reaped child 3552 > > The message from the Win98 dialogue is that my password is incorrect but I > don't believe that's the problem. I've searched the list archives and not > seen an answer to this which has fixed it for me! *PLEASE* can anyone > help me? > > My config files are: > > /etc/ppp/options: > > lock > debug > name bts > auth > ##require-chap > proxyarp > ms-dns 192.168.99.30 > ms-wins 192.168.10.11 > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > /etc/pptpd.conf: > > speed 115200 > localip 192.168.10.134 > remoteip 192.168.10.248-249 > > /etc/ppp/chap-secrets: > > # Secrets for authentication using CHAP > # client server secret IP addresses > me bts mysecret * > > Cheers, > > Richard Shepherd << File: ATT00008.htm >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From linux at orgx.co.nz Sat May 13 04:13:28 2000 From: linux at orgx.co.nz (linux at orgx.co.nz) Date: Sat, 13 May 2000 22:13:28 +1300 Subject: [pptp-server] PTY, GRE prob Message-ID: Hi all, well it I have solved this problem and it is real egg-on-face time! It was simply the NTDOMAIN\\username thing catching me out. I eventually found this when looking in a *different* syslog log. So I just put a second line in /etc/ppp/chap-secrets with my NT domain prepended to the username and all works! Crazy MS Windows! The dialog box where I entered my username did *not* include the domain name, it must get added by Windows before being sent to the PPTP server. I have another problem which I think is very different so I will put it in another message to close this thread ;-) Cheers, Richard Shepherd linux at orgx.co.nz Sent by: pptp-server-admin at lists.schulte.org 05/11/00 10:04 AM To: pptp-server at lists.schulte.org cc: Subject: [pptp-server] PTY, GRE prob Hi, I am fairly new to PPTP but still don't think I should have this problem. I have pptp 1.0, ppp-2.3.10 with the ppp-2.3.10-openssl-0.9.4-mppe.patch patch applied. I run /usr/local/sbin/pptpd --debug. The kernel is rebuilt and has the modules ppp, ppp-mppe, and others loaded. Whenever I attempt a connection from my Win98 box I get immediately disconnected and in the Linux syslogs I see: May 10 21:46:53 bts pptpd[3552]: CTRL: Starting call (launching pppd, opening GRE) May 10 21:46:53 bts pptpd[3552]: CTRL: pty_fd = 4 May 10 21:46:53 bts pptpd[3552]: CTRL: tty_fd = 5 May 10 21:46:53 bts pptpd[3552]: CTRL: I wrote 32 bytes to the client. May 10 21:46:53 bts pptpd[3552]: CTRL: Sent packet to client May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): Connection speed = 115200 May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): local address = 192.168.10.134 May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): remote address = 192.168.10.248 May 10 21:46:53 bts pptpd[3552]: GRE: read(fd=4,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = Input/output error May 10 21:46:53 bts pptpd[3552]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) May 10 21:46:53 bts pptpd[3552]: CTRL: Client 192.168.10.193 control connection finished May 10 21:46:53 bts pptpd[3552]: CTRL: Exiting now May 10 21:46:53 bts pptpd[3551]: MGR: Reaped child 3552 The message from the Win98 dialogue is that my password is incorrect but I don't believe that's the problem. I've searched the list archives and not seen an answer to this which has fixed it for me! *PLEASE* can anyone help me? My config files are: /etc/ppp/options: lock debug name bts auth ##require-chap proxyarp ms-dns 192.168.99.30 ms-wins 192.168.10.11 +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/pptpd.conf: speed 115200 localip 192.168.10.134 remoteip 192.168.10.248-249 /etc/ppp/chap-secrets: # Secrets for authentication using CHAP # client server secret IP addresses me bts mysecret * Cheers, Richard Shepherd -------------- next part -------------- An HTML attachment was scrubbed... URL: From linux at orgx.co.nz Sat May 13 04:47:04 2000 From: linux at orgx.co.nz (linux at orgx.co.nz) Date: Sat, 13 May 2000 22:47:04 +1300 Subject: [pptp-server] PPTP Choke - GRE: Bad checksum from pppd Message-ID: After getting over the NTDOMAIN\\username problem with authentication, I now have a nastier problem. I can happily establish a PPTP session from my Win98 box to my Linux box. I begin transferring some data with FTP (for example). I get about 800KB (this figure varies I think) done and then it chokes. The bytes received stops incrementing and in my syslog I see: May 13 21:35:33 bts pptpd[8590]: GRE: Bad checksum from pppd. May 13 21:35:46 bts last message repeated 23 times I cannot ping from client to server anymore. It's as if someone's cut the line. And a few seconds later another block of these. So I guess this is a problem with pppd or the kernel right? I have kernel 2.2.14, pppd 2.3.10 with the ppp-2.3.10-openssl-norc4-mppe.patch applied to pppd and kernel. This seems like something nasty that I don't know what to do about. Normally if I hit something like this I'd try to upgrade the kernel. But 2.2.14 is sufficiently up-to-date and I presume many others are happily using it. If it's any use, here is the output of lsmod while the PPTP session is running (before it chokes): root at bts:~# lsmod Module Size Used by ppp_deflate 39372 0 (autoclean) bsd_comp 3892 0 (autoclean) ppp_mppe 12404 2 (autoclean) ppp 20908 2 (autoclean) [ppp_deflate bsd_comp ppp_mppe] slhc 4396 1 (autoclean) [ppp] autofs 9056 2 (autoclean) lockd 31176 1 (autoclean) sunrpc 53604 1 (autoclean) [lockd] af_packet 6104 1 (autoclean) sb 33396 0 uart401 6160 0 [sb] sound 58124 0 [sb uart401] soundcore 3012 6 [sb sound] tulip 30168 1 and here is my /usr/src/linux/.config # # Automatically generated make config: don't edit # # # Code maturity level options # CONFIG_EXPERIMENTAL=y # # Processor type and features # # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set CONFIG_M586TSC=y # CONFIG_M686 is not set CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_INVLPG=y CONFIG_X86_BSWAP=y CONFIG_X86_POPAD_OK=y CONFIG_X86_TSC=y CONFIG_1GB=y # CONFIG_2GB is not set # CONFIG_MATH_EMULATION is not set CONFIG_MTRR=y CONFIG_SMP=y # # Loadable module support # CONFIG_MODULES=y CONFIG_MODVERSIONS=y CONFIG_KMOD=y # # General setup # CONFIG_NET=y CONFIG_PCI=y # CONFIG_PCI_GOBIOS is not set # CONFIG_PCI_GODIRECT is not set CONFIG_PCI_GOANY=y CONFIG_PCI_BIOS=y CONFIG_PCI_DIRECT=y CONFIG_PCI_QUIRKS=y CONFIG_PCI_OPTIMIZE=y CONFIG_PCI_OLD_PROC=y # CONFIG_MCA is not set # CONFIG_VISWS is not set CONFIG_X86_IO_APIC=y CONFIG_X86_LOCAL_APIC=y CONFIG_SYSVIPC=y # CONFIG_BSD_PROCESS_ACCT is not set CONFIG_SYSCTL=y CONFIG_BINFMT_AOUT=m CONFIG_BINFMT_ELF=y CONFIG_BINFMT_MISC=m CONFIG_BINFMT_JAVA=m CONFIG_PARPORT=m CONFIG_PARPORT_PC=m CONFIG_PARPORT_OTHER=y # CONFIG_APM is not set # # Plug and Play support # CONFIG_PNP=y CONFIG_PNP_PARPORT=m # # Block devices # CONFIG_BLK_DEV_FD=y CONFIG_BLK_DEV_IDE=y # # Please see Documentation/ide.txt for help/info on IDE drives # # CONFIG_BLK_DEV_HD_IDE is not set CONFIG_BLK_DEV_IDEDISK=y CONFIG_BLK_DEV_IDECD=m CONFIG_BLK_DEV_IDETAPE=m CONFIG_BLK_DEV_IDEFLOPPY=m # CONFIG_BLK_DEV_IDESCSI is not set CONFIG_BLK_DEV_CMD640=y CONFIG_BLK_DEV_CMD640_ENHANCED=y CONFIG_BLK_DEV_RZ1000=y CONFIG_BLK_DEV_IDEPCI=y CONFIG_BLK_DEV_IDEDMA=y # CONFIG_BLK_DEV_OFFBOARD is not set CONFIG_IDEDMA_AUTO=y # CONFIG_BLK_DEV_OPTI621 is not set # CONFIG_BLK_DEV_TRM290 is not set # CONFIG_BLK_DEV_NS87415 is not set # CONFIG_BLK_DEV_VIA82C586 is not set # CONFIG_BLK_DEV_CMD646 is not set # CONFIG_IDE_CHIPSETS is not set # # Additional Block Devices # CONFIG_BLK_DEV_LOOP=m CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_MD=y CONFIG_MD_LINEAR=m CONFIG_MD_STRIPED=m CONFIG_MD_MIRRORING=m CONFIG_MD_RAID5=m CONFIG_BLK_DEV_RAM=m # CONFIG_BLK_DEV_XD is not set CONFIG_BLK_DEV_DAC960=m CONFIG_PARIDE_PARPORT=m # CONFIG_PARIDE is not set # CONFIG_BLK_CPQ_DA is not set # CONFIG_BLK_DEV_HD is not set # # Networking options # CONFIG_PACKET=m CONFIG_NETLINK=y CONFIG_RTNETLINK=y CONFIG_NETLINK_DEV=y CONFIG_FIREWALL=y CONFIG_FILTER=y CONFIG_UNIX=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_RTNETLINK=y CONFIG_NETLINK=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y # CONFIG_IP_ROUTE_TOS is not set CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_ROUTE_LARGE_TABLES=y # CONFIG_IP_ROUTE_NAT is not set # CONFIG_IP_PNP is not set CONFIG_IP_FIREWALL=y # CONFIG_IP_FIREWALL_NETLINK is not set # CONFIG_IP_ROUTE_FWMARK is not set CONFIG_IP_TRANSPARENT_PROXY=y CONFIG_IP_MASQUERADE=y # # Protocol-specific masquerading support will be built as modules. # CONFIG_IP_MASQUERADE_ICMP=y # # Protocol-specific masquerading support will be built as modules. # CONFIG_IP_MASQUERADE_MOD=y CONFIG_IP_MASQUERADE_IPAUTOFW=m CONFIG_IP_MASQUERADE_IPPORTFW=m CONFIG_IP_MASQUERADE_MFW=m # CONFIG_IP_ROUTER is not set CONFIG_NET_IPIP=m CONFIG_NET_IPGRE=m CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_IP_ALIAS=y # CONFIG_ARPD is not set CONFIG_SYN_COOKIES=y # # (it is safe to leave these untouched) # # CONFIG_INET_RARP is not set CONFIG_SKB_LARGE=y CONFIG_IPV6=m CONFIG_IPV6_EUI64=y CONFIG_IPV6_NO_PB=y # # # CONFIG_IPX=m CONFIG_IPX_INTERN=y CONFIG_SPX=m CONFIG_ATALK=m # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_BRIDGE is not set # CONFIG_LLC is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_NET_FASTROUTE is not set # CONFIG_NET_HW_FLOWCONTROL is not set # CONFIG_CPU_IS_SLOW is not set # # QoS and/or fair queueing # # CONFIG_NET_SCHED is not set # # Telephony Support # # CONFIG_PHONE is not set # CONFIG_PHONE_IXJ is not set # # SCSI support # CONFIG_SCSI=y # # SCSI support type (disk, tape, CD-ROM) # CONFIG_BLK_DEV_SD=y CONFIG_CHR_DEV_ST=m CONFIG_BLK_DEV_SR=m CONFIG_BLK_DEV_SR_VENDOR=y CONFIG_CHR_DEV_SG=m # # Some SCSI devices (e.g. CD jukebox) support multiple LUNs # CONFIG_SCSI_MULTI_LUN=y CONFIG_SCSI_CONSTANTS=y CONFIG_SCSI_LOGGING=y # # SCSI low-level drivers # # CONFIG_SCSI_7000FASST is not set # CONFIG_SCSI_ACARD is not set # CONFIG_SCSI_AHA152X is not set # CONFIG_SCSI_AHA1542 is not set # CONFIG_SCSI_AHA1740 is not set CONFIG_SCSI_AIC7XXX=y CONFIG_AIC7XXX_TCQ_ON_BY_DEFAULT=y CONFIG_AIC7XXX_CMDS_PER_DEVICE=8 CONFIG_AIC7XXX_PROC_STATS=y CONFIG_AIC7XXX_RESET_DELAY=5 # CONFIG_SCSI_IPS is not set # CONFIG_SCSI_ADVANSYS is not set # CONFIG_SCSI_IN2000 is not set # CONFIG_SCSI_AM53C974 is not set # CONFIG_SCSI_MEGARAID is not set # CONFIG_SCSI_BUSLOGIC is not set # CONFIG_SCSI_DTC3280 is not set # CONFIG_SCSI_EATA is not set # CONFIG_SCSI_EATA_DMA is not set # CONFIG_SCSI_EATA_PIO is not set # CONFIG_SCSI_FUTURE_DOMAIN is not set # CONFIG_SCSI_GDTH is not set # CONFIG_SCSI_GENERIC_NCR5380 is not set # CONFIG_SCSI_INITIO is not set # CONFIG_SCSI_INIA100 is not set # CONFIG_SCSI_PPA is not set # CONFIG_SCSI_IMM is not set # CONFIG_SCSI_NCR53C406A is not set # CONFIG_SCSI_SYM53C416 is not set # CONFIG_SCSI_SIM710 is not set # CONFIG_SCSI_NCR53C7xx is not set CONFIG_SCSI_NCR53C8XX=y # CONFIG_SCSI_SYM53C8XX is not set CONFIG_SCSI_NCR53C8XX_DEFAULT_TAGS=8 CONFIG_SCSI_NCR53C8XX_MAX_TAGS=32 CONFIG_SCSI_NCR53C8XX_SYNC=20 # CONFIG_SCSI_NCR53C8XX_PROFILE is not set # CONFIG_SCSI_NCR53C8XX_IOMAPPED is not set # CONFIG_SCSI_NCR53C8XX_SYMBIOS_COMPAT is not set # CONFIG_SCSI_PAS16 is not set # CONFIG_SCSI_PCI2000 is not set # CONFIG_SCSI_PCI2220I is not set # CONFIG_SCSI_PSI240I is not set # CONFIG_SCSI_QLOGIC_FAS is not set # CONFIG_SCSI_QLOGIC_ISP is not set # CONFIG_SCSI_QLOGIC_FC is not set # CONFIG_SCSI_SEAGATE is not set # CONFIG_SCSI_DC390T is not set # CONFIG_SCSI_T128 is not set # CONFIG_SCSI_U14_34F is not set # CONFIG_SCSI_ULTRASTOR is not set # CONFIG_SCSI_DEBUG is not set # # Network device support # CONFIG_NETDEVICES=y # # ARCnet devices # # CONFIG_ARCNET is not set CONFIG_DUMMY=m CONFIG_EQUALIZER=m CONFIG_ETHERTAP=m # CONFIG_NET_SB1000 is not set # # Ethernet (10 or 100Mbit) # CONFIG_NET_ETHERNET=y CONFIG_NET_VENDOR_3COM=y # CONFIG_EL1 is not set # CONFIG_EL2 is not set # CONFIG_ELPLUS is not set # CONFIG_EL16 is not set # CONFIG_EL3 is not set # CONFIG_3C515 is not set CONFIG_VORTEX=m # CONFIG_LANCE is not set CONFIG_NET_VENDOR_SMC=y CONFIG_WD80x3=m CONFIG_ULTRA=m # CONFIG_ULTRA32 is not set # CONFIG_SMC9194 is not set # CONFIG_NET_VENDOR_RACAL is not set # CONFIG_RTL8139 is not set # CONFIG_NET_ISA is not set CONFIG_NET_EISA=y # CONFIG_PCNET32 is not set # CONFIG_AC3200 is not set # CONFIG_APRICOT is not set # CONFIG_CS89x0 is not set # CONFIG_DM9102 is not set CONFIG_DE4X5=m CONFIG_DEC_ELCP=m # CONFIG_DEC_ELCP_OLD is not set # CONFIG_DGRS is not set CONFIG_EEXPRESS_PRO100=m # CONFIG_LNE390 is not set # CONFIG_NE3210 is not set # CONFIG_NE2K_PCI is not set CONFIG_TLAN=m # CONFIG_VIA_RHINE is not set # CONFIG_SIS900 is not set # CONFIG_ES3210 is not set # CONFIG_EPIC100 is not set # CONFIG_ZNET is not set # CONFIG_NET_POCKET is not set # # Ethernet (1000 Mbit) # # CONFIG_ACENIC is not set # CONFIG_YELLOWFIN is not set # CONFIG_SK98LIN is not set # CONFIG_FDDI is not set # CONFIG_HIPPI is not set # # Appletalk devices # # CONFIG_LTPC is not set # CONFIG_COPS is not set CONFIG_IPDDP=m CONFIG_IPDDP_ENCAP=y CONFIG_IPDDP_DECAP=y # CONFIG_PLIP is not set CONFIG_PPP=m # # CCP compressors for PPP are only built as modules. # CONFIG_SLIP=m CONFIG_SLIP_COMPRESSED=y CONFIG_SLIP_SMART=y # CONFIG_SLIP_MODE_SLIP6 is not set CONFIG_NET_RADIO=y CONFIG_STRIP=m CONFIG_WAVELAN=m # CONFIG_ARLAN is not set # # Token ring devices # # CONFIG_TR is not set # CONFIG_NET_FC is not set # CONFIG_RCPCI is not set CONFIG_SHAPER=m # # Wan interfaces # # CONFIG_HOSTESS_SV11 is not set # CONFIG_COSA is not set # CONFIG_SEALEVEL_4021 is not set # CONFIG_COMX is not set # CONFIG_DLCI is not set # CONFIG_SBNI is not set # # Amateur Radio support # # CONFIG_HAMRADIO is not set # # IrDA subsystem support # # CONFIG_IRDA is not set # # ISDN subsystem # # CONFIG_ISDN is not set # # Old CD-ROM drivers (not SCSI, not IDE) # # CONFIG_CD_NO_IDESCSI is not set # # Character devices # CONFIG_VT=y CONFIG_VT_CONSOLE=y CONFIG_SERIAL=y CONFIG_SERIAL_CONSOLE=y CONFIG_SERIAL_EXTENDED=y CONFIG_SERIAL_MANY_PORTS=y CONFIG_SERIAL_SHARE_IRQ=y CONFIG_SERIAL_DETECT_IRQ=y # CONFIG_SERIAL_MULTIPORT is not set # CONFIG_HUB6 is not set # CONFIG_SERIAL_NONSTANDARD is not set CONFIG_UNIX98_PTYS=y CONFIG_UNIX98_PTY_COUNT=256 CONFIG_PRINTER=m CONFIG_PRINTER_READBACK=y CONFIG_MOUSE=y # # Mice # # CONFIG_ATIXL_BUSMOUSE is not set # CONFIG_BUSMOUSE is not set # CONFIG_MS_BUSMOUSE is not set CONFIG_PSMOUSE=y # CONFIG_82C710_MOUSE is not set # CONFIG_PC110_PAD is not set # # Joysticks # # CONFIG_JOYSTICK is not set # CONFIG_QIC02_TAPE is not set # CONFIG_WATCHDOG is not set # CONFIG_NVRAM is not set CONFIG_RTC=y # # Video For Linux # # CONFIG_VIDEO_DEV is not set # CONFIG_DTLK is not set # # Ftape, the floppy tape device driver # # CONFIG_FTAPE is not set # # Filesystems # # CONFIG_QUOTA is not set CONFIG_AUTOFS_FS=m # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set CONFIG_FAT_FS=m CONFIG_MSDOS_FS=m # CONFIG_UMSDOS_FS is not set CONFIG_VFAT_FS=m CONFIG_ISO9660_FS=m CONFIG_JOLIET=y CONFIG_MINIX_FS=m CONFIG_NTFS_FS=m CONFIG_NTFS_RW=y # CONFIG_HPFS_FS is not set CONFIG_PROC_FS=y CONFIG_DEVPTS_FS=y # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set CONFIG_EXT2_FS=y # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set # CONFIG_EFS_FS is not set # # Network File Systems # CONFIG_CODA_FS=m CONFIG_NFS_FS=m CONFIG_NFSD=m CONFIG_NFSD_SUN=y CONFIG_SUNRPC=m CONFIG_LOCKD=m CONFIG_SMB_FS=m CONFIG_NCP_FS=m # CONFIG_NCPFS_PACKET_SIGNING is not set # CONFIG_NCPFS_IOCTL_LOCKING is not set # CONFIG_NCPFS_STRONG is not set # CONFIG_NCPFS_NFS_NS is not set # CONFIG_NCPFS_OS2_NS is not set # CONFIG_NCPFS_MOUNT_SUBDIR is not set # CONFIG_NCPFS_NLS is not set # CONFIG_NCPFS_EXTRAS is not set # # Partition Types # # CONFIG_BSD_DISKLABEL is not set # CONFIG_MAC_PARTITION is not set # CONFIG_SMD_DISKLABEL is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set CONFIG_NLS=y # # Native Language Support # CONFIG_NLS_CODEPAGE_437=m CONFIG_NLS_CODEPAGE_737=m CONFIG_NLS_CODEPAGE_775=m CONFIG_NLS_CODEPAGE_850=m CONFIG_NLS_CODEPAGE_852=m CONFIG_NLS_CODEPAGE_855=m CONFIG_NLS_CODEPAGE_857=m CONFIG_NLS_CODEPAGE_860=m CONFIG_NLS_CODEPAGE_861=m CONFIG_NLS_CODEPAGE_862=m CONFIG_NLS_CODEPAGE_863=m CONFIG_NLS_CODEPAGE_864=m CONFIG_NLS_CODEPAGE_865=m CONFIG_NLS_CODEPAGE_866=m CONFIG_NLS_CODEPAGE_869=m CONFIG_NLS_CODEPAGE_874=m CONFIG_NLS_ISO8859_1=m CONFIG_NLS_ISO8859_2=m CONFIG_NLS_ISO8859_3=m CONFIG_NLS_ISO8859_4=m CONFIG_NLS_ISO8859_5=m CONFIG_NLS_ISO8859_6=m CONFIG_NLS_ISO8859_7=m CONFIG_NLS_ISO8859_8=m CONFIG_NLS_ISO8859_9=m CONFIG_NLS_ISO8859_14=m CONFIG_NLS_ISO8859_15=m CONFIG_NLS_KOI8_R=m # # Console drivers # CONFIG_VGA_CONSOLE=y # CONFIG_VIDEO_SELECT is not set # CONFIG_MDA_CONSOLE is not set # CONFIG_FB is not set # # Sound # CONFIG_SOUND=m # CONFIG_SOUND_CMPCI is not set # CONFIG_SOUND_ES1370 is not set # CONFIG_SOUND_ES1371 is not set # CONFIG_SOUND_MAESTRO is not set # CONFIG_SOUND_ESSSOLO1 is not set # CONFIG_SOUND_SONICVIBES is not set # CONFIG_SOUND_MSNDCLAS is not set # CONFIG_SOUND_MSNDPIN is not set CONFIG_SOUND_OSS=m # CONFIG_SOUND_PAS is not set CONFIG_SOUND_SB=m # CONFIG_SOUND_GUS is not set # CONFIG_SOUND_MPU401 is not set # CONFIG_SOUND_PSS is not set # CONFIG_SOUND_MSS is not set # CONFIG_SOUND_SSCAPE is not set # CONFIG_SOUND_TRIX is not set # CONFIG_SOUND_VIA82CXXX is not set # CONFIG_SOUND_MAD16 is not set # CONFIG_SOUND_WAVEFRONT is not set # CONFIG_SOUND_CS4232 is not set # CONFIG_SOUND_OPL3SA2 is not set # CONFIG_SOUND_MAUI is not set # CONFIG_SOUND_SGALAXY is not set # CONFIG_SOUND_AD1816 is not set # CONFIG_SOUND_OPL3SA1 is not set # CONFIG_SOUND_SOFTOSS is not set # CONFIG_SOUND_YM3812 is not set # CONFIG_SOUND_VMIDI is not set # CONFIG_SOUND_UART6850 is not set # CONFIG_SOUND_NM256 is not set # # Additional low level sound drivers # # CONFIG_LOWLEVEL_SOUND is not set # # Kernel hacking # # CONFIG_MAGIC_SYSRQ is not set Cheers, Richard Shepherd -------------- next part -------------- An HTML attachment was scrubbed... URL: From amacc at iron-bridge.net Sat May 13 07:10:42 2000 From: amacc at iron-bridge.net (Andrew McRory) Date: Sat, 13 May 2000 08:10:42 -0400 (EDT) Subject: [pptp-server] PTY, GRE prob In-Reply-To: Message-ID: On Sat, 13 May 2000 linux at orgx.co.nz wrote: > Yes. There is no firewall in between these 2 machines - they're on the > same hub and the Linux machine has the default policies of ipchains - > accept everything. I'm just trying to demonstrate that it works before > putting on a real firewall. It really has me stumped, although I feel > slightly better to see that others seem to have similar ones. I hope we > can all get it solved soon! I had a problem recently where my connections were immediately broken. After checking out all the routers between here and there, getting a cisco engineer involved, tearing down firewalls, etc etc I discovered I compiled pptpd with tcpwrappers but DID NOT update /etc/hosts.allow. damn, I felt stoopid. maybe this is your problem? The worst part of this was that NOTHING logged the refused connections.... > > The Win98 box is my laptop and it's up-to-date in that the > "Windows-Update" thingy on the start menu says there are no updates I need > at present, and also the Thinkpad "IBM Update" says it's up-to-date. Yes > this stuff is straight from syslog. > > Cheers, > > Richard Shepherd > Aetna DBA > > > > > Nate Carlson > 05/12/00 10:26 AM > > > To: linux at orgx.co.nz > cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] PTY, GRE prob > > On Wed, 10 May 2000 linux at orgx.co.nz wrote: > > I am fairly new to PPTP but still don't think I should have this > problem. > > I have pptp 1.0, ppp-2.3.10 with the ppp-2.3.10-openssl-0.9.4-mppe.patch > > > patch applied. I run /usr/local/sbin/pptpd --debug. The kernel is > > rebuilt and has the modules ppp, ppp-mppe, and others loaded. Whenever > I > > attempt a connection from my Win98 box I get immediately disconnected > and > > in the Linux syslogs I see: > > *snip* > > Have you verified that the firewall (and any routers/switches/etc in > between) is allowing the GRE traffic through? If that's not the problem, > have you verified that the Win98 box is at the newest version of all the > patches? Also, is that a direct syslog dump, or is that grep'd for pptp? > (Could be some info that got missed by a grep.. *shrug*) > > -- > Nate Carlson | Phone : (952)943-8700 > http://www.real-time.com | Fax : (952)943-8500 > > > > > Andrew McRory / President amacc at iron-bridge.net Iron Bridge Communications www.iron-bridge.net Caldera OpenLinux Contrib RPMS ftp.iron-bridge.net/pub/Caldera From linux at orgx.co.nz Sat May 13 06:44:18 2000 From: linux at orgx.co.nz (linux at orgx.co.nz) Date: Sun, 14 May 2000 00:44:18 +1300 Subject: [pptp-server] PPTP Choke - GRE: Bad checksum from pppd Message-ID: Well, in keeping with my wrong initial guesses at my previous problem, it seems I have done it again. After pointing the finger at pppd and/or the kernel for this problem I just thought I'd try PPTP 1.1.1 (was using 1.0.0). And initial tests how that all is well! So I guess the problem was in the comms between pptpd and pppd, since pptpd was still talking to my Win98 box, but no tcp connection was alive. Now v1.1.1 seems to be roaring along - several MB without stopping...And no syslog errors from pppd or pptpd. Hope this may be useful to some others too... Cheers, Richard Shepherd linux at orgx.co.nz Sent by: pptp-server-admin at lists.schulte.org 05/14/00 10:47 AM To: pptp-server at lists.schulte.org cc: Subject: [pptp-server] PPTP Choke - GRE: Bad checksum from pppd After getting over the NTDOMAIN\\username problem with authentication, I now have a nastier problem. I can happily establish a PPTP session from my Win98 box to my Linux box. I begin transferring some data with FTP (for example). I get about 800KB (this figure varies I think) done and then it chokes. The bytes received stops incrementing and in my syslog I see: May 13 21:35:33 bts pptpd[8590]: GRE: Bad checksum from pppd. May 13 21:35:46 bts last message repeated 23 times I cannot ping from client to server anymore. It's as if someone's cut the line. And a few seconds later another block of these. So I guess this is a problem with pppd or the kernel right? I have kernel 2.2.14, pppd 2.3.10 with the ppp-2.3.10-openssl-norc4-mppe.patch applied to pppd and kernel. This seems like something nasty that I don't know what to do about. Normally if I hit something like this I'd try to upgrade the kernel. But 2.2.14 is sufficiently up-to-date and I presume many others are happily using it. . . . Cheers, Richard Shepherd -------------- next part -------------- An HTML attachment was scrubbed... URL: From greg at found.com Sat May 13 09:17:49 2000 From: greg at found.com (Greg Tibbitts) Date: Sat, 13 May 2000 08:17:49 -0600 Subject: [pptp-server] invalid username/password for domain Message-ID: I am using pptpd-1.0.0 and slirp-1.1.2 on Solaris 7 for intel. When I connect I get the following error: The computer you have dialed in to has denied access because the username and/or password is invalid on the domain. The log says: May 13 08:16:43 ds9 pptpd[6903]: GRE: Bad checksum from pppd. May 13 08:16:43 ds9 pptpd[6903]: CTRL: Error with select(), quitting Any ideas? From eric at we-24-30-125-179.we.mediaone.net Mon May 15 01:03:35 2000 From: eric at we-24-30-125-179.we.mediaone.net (Eric H) Date: Sun, 14 May 2000 23:03:35 -0700 (PDT) Subject: [pptp-server] Re: Previous GRE: discarding out of order packet problem In-Reply-To: <200005142343.e4ENhOu09699@snaildust.schulte.org> Message-ID: (please note the reply-to:eharashe at mediaone.net) I seem to have the same problem. I'm connecting a Win98 computer over a cable modem network to v1.1.1 pptpd. It works great for short packet operations (ping, telnet). But if I try sending a file through ftp or samba, it hangs after a variable amount of time. (Always within the first 1-2MB) Almost each time (I'm not 100% certain it's each time), I get a message such as: May 14 17:06:05 Obsidian pptpd[22398]: Unexpected sequence number; got 265 after 263 May 14 17:11:43 Obsidian pptpd[22412]: Unexpected sequence number; got 5769 after 5767 May 14 17:28:01 Obsidian pptpd[22448]: Unexpected sequence number; got 95 after 93 May 14 17:28:01 Obsidian pptpd[22448]: Unexpected sequence number; got 98 after 96 May 14 17:31:06 Obsidian pptpd[22454]: Unexpected sequence number; got 804 after 802 May 14 17:35:32 Obsidian pptpd[22464]: Unexpected sequence number; got 70 after 67 May 14 17:42:30 Obsidian pptpd[22486]: Unexpected sequence number; got 802 after 796 May 14 17:42:32 Obsidian pptpd[22486]: Unexpected sequence number; got 822 after 820 May 14 17:43:05 Obsidian pptpd[22486]: Unexpected sequence number; got 2253 after 2240 May 14 17:43:32 Obsidian pptpd[22486]: Unexpected sequence number; got 3527 after 3525 May 14 17:43:43 Obsidian pptpd[22486]: Unexpected sequence number; got 3969 after 3967 May 14 17:43:52 Obsidian pptpd[22486]: Unexpected sequence number; got 4337 after 4335 May 14 17:44:27 Obsidian pptpd[22486]: Unexpected sequence number; got 5763 after 5761 ... many more follow I'm guessing it's some kind of packet re-ordering problem. I read some of the code in pptpgre.c and pptpctrl.c and it seems that out of order packets are dropped... It seems to be causing everything after that to not work. After this happens, the link dies. That is, I can't connect through the vpn connection to anything. On the server, I still see occasional pppd: recvd [Compressed data] etc. Eric Harashevsky (eharashe at mediaone.net) ---------------------------------------------------------------- Honey, PLEASE don't pick up the PH$@#*&$^(#@&$^%(*NO CARRIER From P.J.Reid at earthling.net Mon May 15 07:10:22 2000 From: P.J.Reid at earthling.net (Patrick Reid) Date: Mon, 15 May 2000 09:10:22 -0300 Subject: [pptp-server] PTY, GRE prob In-Reply-To: Message-ID: I recommend that you check out the patches for pppd at http://www.smop.de These add some helpful functionality, including allowing you to strip out the domain// in the authentication. Patrick Reid - mailto:PReid at candesco.com Candesco Research Corp. Communication Centre: -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of linux at orgx.co.nz Sent: May 13, 2000 6:13 AM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] PTY, GRE prob Hi all, well it I have solved this problem and it is real egg-on-face time! It was simply the NTDOMAIN\\username thing catching me out. I eventually found this when looking in a *different* syslog log. So I just put a second line in /etc/ppp/chap-secrets with my NT domain prepended to the username and all works! Crazy MS Windows! The dialog box where I entered my username did *not* include the domain name, it must get added by Windows before being sent to the PPTP server. I have another problem which I think is very different so I will put it in another message to close this thread ;-) Cheers, Richard Shepherd linux at orgx.co.nz Sent by: pptp-server-admin at lists.schulte.org 05/11/00 10:04 AM To: pptp-server at lists.schulte.org cc: Subject: [pptp-server] PTY, GRE prob Hi, I am fairly new to PPTP but still don't think I should have this problem. I have pptp 1.0, ppp-2.3.10 with the ppp-2.3.10-openssl-0.9.4-mppe.patch patch applied. I run /usr/local/sbin/pptpd --debug. The kernel is rebuilt and has the modules ppp, ppp-mppe, and others loaded. Whenever I attempt a connection from my Win98 box I get immediately disconnected and in the Linux syslogs I see: May 10 21:46:53 bts pptpd[3552]: CTRL: Starting call (launching pppd, opening GRE) May 10 21:46:53 bts pptpd[3552]: CTRL: pty_fd = 4 May 10 21:46:53 bts pptpd[3552]: CTRL: tty_fd = 5 May 10 21:46:53 bts pptpd[3552]: CTRL: I wrote 32 bytes to the client. May 10 21:46:53 bts pptpd[3552]: CTRL: Sent packet to client May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): Connection speed = 115200 May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): local address = 192.168.10.134 May 10 21:46:53 bts pptpd[3553]: CTRL (PPPD Launcher): remote address = 192.168.10.248 May 10 21:46:53 bts pptpd[3552]: GRE: read(fd=4,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = Input/output error May 10 21:46:53 bts pptpd[3552]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) May 10 21:46:53 bts pptpd[3552]: CTRL: Client 192.168.10.193 control connection finished May 10 21:46:53 bts pptpd[3552]: CTRL: Exiting now May 10 21:46:53 bts pptpd[3551]: MGR: Reaped child 3552 The message from the Win98 dialogue is that my password is incorrect but I don't believe that's the problem. I've searched the list archives and not seen an answer to this which has fixed it for me! *PLEASE* can anyone help me? My config files are: /etc/ppp/options: lock debug name bts auth ##require-chap proxyarp ms-dns 192.168.99.30 ms-wins 192.168.10.11 +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/pptpd.conf: speed 115200 localip 192.168.10.134 remoteip 192.168.10.248-249 /etc/ppp/chap-secrets: # Secrets for authentication using CHAP # client server secret IP addresses me bts mysecret * Cheers, Richard Shepherd -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.kappler at primedisc.com Mon May 15 11:31:40 2000 From: michael.kappler at primedisc.com (michael.kappler at primedisc.com) Date: Mon, 15 May 2000 18:31:40 +0200 Subject: [pptp-server] pptp.conf, options: where to put what? Message-ID: Hi John, many thanks for your answer. I got nearly the hole thing running now. As far as I understood, you started to selling VPN solutions on a Linux base. One question: How have you solved the problem of client authentification against an NT-domain? I have a lot of Win98SE clients that connect to our old WINNT VPN server. They always got a popup-box asking for their Username/Password and the domain. Is there a way to force this on my linux? Up to now they can access my linux VPN server and browse the network neighborhood if they supply the right password and username for my VPN-server and if the Win98SE clients have the right workgroup name set in their network settings. If not (e.g. my VPN-client at home is connected to my home domain), I can access the linux VPN server at work but can't browse the network neighborhood ('cause my client sends the domainname of my home-domain) and can't connect to any shares. I get asked for the password for that share, but when I fill in the right password (I am sure that it is the right one :-)) I get an user authorization failure. I think this the same domain name problem. Is there a way to force the Win98/NT-domain login popup, where I can put in the right info for the remote domain at dialin? Or to force a popup if I supplied the wrong username/password/domain info? Thanks so far Mike From natecars at real-time.com Mon May 15 15:29:27 2000 From: natecars at real-time.com (Nate Carlson) Date: Mon, 15 May 2000 15:29:27 -0500 (CDT) Subject: [pptp-server] PTY, GRE prob In-Reply-To: Message-ID: On Sat, 13 May 2000 linux at orgx.co.nz wrote: > Yes. There is no firewall in between these 2 machines - they're on the > same hub and the Linux machine has the default policies of ipchains - > accept everything. I'm just trying to demonstrate that it works before > putting on a real firewall. It really has me stumped, although I feel > slightly better to see that others seem to have similar ones. I hope we > can all get it solved soon! > > The Win98 box is my laptop and it's up-to-date in that the > "Windows-Update" thingy on the start menu says there are no updates I need > at present, and also the Thinkpad "IBM Update" says it's up-to-date. Yes > this stuff is straight from syslog. > > Cheers, > > Richard Shepherd > Aetna DBA If this is Win98 release 1, you may need to install the 'dun40.exe' update. This is in the PoPToP howto.. and isn't included on the Windows Update web site. :( -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From eric at we-24-30-125-179.we.mediaone.net Mon May 15 15:54:07 2000 From: eric at we-24-30-125-179.we.mediaone.net (Eric H) Date: Mon, 15 May 2000 13:54:07 -0700 (PDT) Subject: [pptp-server] Problem with MPPE compression -- causes pppd to loose mppe In-Reply-To: Message-ID: I found a reason that pptpd connections will get dropped. This is only true when sending information *to* the pptpd server. (I've been using the v1.1.1 source) I haven't found a solution yet (other then not using mppe) I seem to be using a high latency network (MediaOne cable modems...) Frequently the pptp daemon gets a packet a few in advance (see previous message quoted at the bottom). The MPPE compression module (ppp_mppe) just drops the packet and returns an error. This causes mppe compression (encryption) to be halted. You'll see a bunch of "pppd: [rcvd Compressed data]" messages since the mppe compression has been disabled. Here's the two files that are the culprits... (under linux source)/driver/net/ppp_mppe.c around line 500 if (seq != state->ccount) { if (state->debug) { printk(KERN_DEBUG "mppe_decompress%d: bad seq # %d, expected %dn", state->unit, seq, state->ccount); } while(state->ccount != seq) { mppe_update_count(state); } mppe_update_count(state); /bin /boot /bvmlinuz.2.2.15 /bvmlinuz.2.2.9 /cdrom /dev /etc /home /lib /lost+found /mnt /proc /root /sbin /tmp /usr /var This causes the next function (below) to be called. ANTH263 CS480 EE326 Eric.cert Eric.csr Eric.key Eric.p12 FilmJournal.txt FilmJournal.txt.1 HIST101 HUBERT Linux LinuxTaRT-2.50 LinuxTaRT_tar.gz Mail MakeFileList News SCFbackup.tgz SSLeay-0.8.1b SSLeay-0.8.1b.tar.gz adamn.mediaone.txt adamn.passwd.mediaone.txt alex.p12 bz2 cgi-eh.tar.gz clsnxs04.zip dead.letter dos download_pptp.tgz download_pptp.txt ftpd game-exe.zip game-src.zip getfile ip_fw.c ipchains ipchains-1.3.8 ipchains-1.3.8.tar.gz ipchains-HOWTOs-1.0.7.tar.bz2 ipx.html lcrack mail mediaone.txt mp3 mppe_stateless.diff myprog myprog.log myprog~ nox perl.cgi pm ppp-2.3.11 ppp-2.3.11-EHMOD.tgz ppp-2.3.11.tar.gz ppp-2.3.8-mppe-others-norc4_TH7.diff ppp-2.3.8.tar.gz ppp.log pptp.problem.txt pptp.problem.txt~ pptpd-1.0.0 pptpd-1.0.0.tgz pptpd-1.1.1 pptpd-1.1.1.tgz project public_html readme.htm samba-2.0.7 samba-2_0_7_tar.gz seq.txt setup1.exe setup2.exe sha tb2pro32d.exe temp tmp tmp2 w2k win98vpn128.exe That then causes mppe to be dropped and bad things happen... ANTH263/ CS480/ EE326/ HIST101/ HUBERT/ Linux/ LinuxTaRT-2.50/ Mail/ News/ SSLeay-0.8.1b/ bz2/ dos/ ftpd/ ipchains-1.3.8/ ipchains/ lcrack/ mail/ mp3/ nox/ pm/ ppp-2.3.11/ pptpd-1.0.0/ pptpd-1.1.1/ project/ public_html/ samba-2.0.7/ sha/ temp/ tmp/ tmp2/ w2k/ return DECOMP_ERROR; } ------------------ pppd/ccp.c around line 1450 /bin /boot /bvmlinuz.2.2.15 /bvmlinuz.2.2.9 /cdrom /dev /etc /home /lib /lost+found /mnt /proc /root /sbin /tmp /usr /var MPPE/MPPC does not requires CCP_RESETREQ ANTH263/ CS480/ EE326/ HIST101/ HUBERT/ Linux/ LinuxTaRT-2.50/ Mail/ News/ SSLeay-0.8.1b/ bz2/ dos/ ftpd/ ipchains-1.3.8/ ipchains/ lcrack/ mail/ mp3/ nox/ pm/ ppp-2.3.11/ pptpd-1.0.0/ pptpd-1.1.1/ project/ public_html/ samba-2.0.7/ sha/ temp/ tmp/ tmp2/ w2k/ /bin /boot /bvmlinuz.2.2.15 /bvmlinuz.2.2.9 /cdrom /dev /etc /home /lib /lost+found /mnt /proc /root /sbin /tmp /usr /var After this happens compression (MPPE encryption) is dropped... ANTH263 CS480 EE326 Eric.cert Eric.csr Eric.key Eric.p12 FilmJournal.txt FilmJournal.txt.1 HIST101 HUBERT Linux LinuxTaRT-2.50 LinuxTaRT_tar.gz Mail MakeFileList News SCFbackup.tgz SSLeay-0.8.1b SSLeay-0.8.1b.tar.gz adamn.mediaone.txt adamn.passwd.mediaone.txt alex.p12 bz2 cgi-eh.tar.gz clsnxs04.zip dead.letter dos download_pptp.tgz download_pptp.txt ftpd game-exe.zip game-src.zip getfile ip_fw.c ipchains ipchains-1.3.8 ipchains-1.3.8.tar.gz ipchains-HOWTOs-1.0.7.tar.bz2 ipx.html lcrack mail mediaone.txt mp3 mppe_stateless.diff myprog myprog.log myprog~ nox perl.cgi pm ppp-2.3.11 ppp-2.3.11-EHMOD.tgz ppp-2.3.11.tar.gz ppp-2.3.8-mppe-others-norc4_TH7.diff ppp-2.3.8.tar.gz ppp.log pptp.problem.txt pptp.problem.txt~ pptpd-1.0.0 pptpd-1.0.0.tgz pptpd-1.1.1 pptpd-1.1.1.tgz project public_html readme.htm samba-2.0.7 samba-2_0_7_tar.gz seq.txt setup1.exe setup2.exe sha tb2pro32d.exe temp tmp tmp2 w2k win98vpn128.exe That also makes the pptp connection not work anymore ANTH263 CS480 EE326 Eric.cert Eric.csr Eric.key Eric.p12 FilmJournal.txt FilmJournal.txt.1 HIST101 HUBERT Linux LinuxTaRT-2.50 LinuxTaRT_tar.gz Mail MakeFileList News SCFbackup.tgz SSLeay-0.8.1b SSLeay-0.8.1b.tar.gz adamn.mediaone.txt adamn.passwd.mediaone.txt alex.p12 bz2 cgi-eh.tar.gz clsnxs04.zip dead.letter dos download_pptp.tgz download_pptp.txt ftpd game-exe.zip game-src.zip getfile ip_fw.c ipchains ipchains-1.3.8 ipchains-1.3.8.tar.gz ipchains-HOWTOs-1.0.7.tar.bz2 ipx.html lcrack mail mediaone.txt mp3 mppe_stateless.diff myprog myprog.log myprog~ nox perl.cgi pm ppp-2.3.11 ppp-2.3.11-EHMOD.tgz ppp-2.3.11.tar.gz ppp-2.3.8-mppe-others-norc4_TH7.diff ppp-2.3.8.tar.gz ppp.log pptp.problem.txt pptp.problem.txt~ pptpd-1.0.0 pptpd-1.0.0.tgz pptpd-1.1.1 pptpd-1.1.1.tgz project public_html readme.htm samba-2.0.7 samba-2_0_7_tar.gz seq.txt setup1.exe setup2.exe sha tb2pro32d.exe temp tmp tmp2 w2k win98vpn128.exe Making it send the CCP_RESETREQ doesn't seem to work either... ANTH263/ CS480/ EE326/ HIST101/ HUBERT/ Linux/ LinuxTaRT-2.50/ Mail/ News/ SSLeay-0.8.1b/ bz2/ dos/ ftpd/ ipchains-1.3.8/ ipchains/ lcrack/ mail/ mp3/ nox/ pm/ ppp-2.3.11/ pptpd-1.0.0/ pptpd-1.1.1/ project/ public_html/ samba-2.0.7/ sha/ temp/ tmp/ tmp2/ w2k/ if (ccp_gotoptions[f->unit].method == CI_MPPE) return; /bin /boot /bvmlinuz.2.2.15 /bvmlinuz.2.2.9 /cdrom /dev /etc /home /lib /lost+found /mnt /proc /root /sbin /tmp /usr /var ANTH263 CS480 EE326 Eric.cert Eric.csr Eric.key Eric.p12 FilmJournal.txt FilmJournal.txt.1 HIST101 HUBERT Linux LinuxTaRT-2.50 LinuxTaRT_tar.gz Mail MakeFileList News SCFbackup.tgz SSLeay-0.8.1b SSLeay-0.8.1b.tar.gz adamn.mediaone.txt adamn.passwd.mediaone.txt alex.p12 bz2 cgi-eh.tar.gz clsnxs04.zip dead.letter dos download_pptp.tgz download_pptp.txt ftpd game-exe.zip game-src.zip getfile ip_fw.c ipchains ipchains-1.3.8 ipchains-1.3.8.tar.gz ipchains-HOWTOs-1.0.7.tar.bz2 ipx.html lcrack mail mediaone.txt mp3 mppe_stateless.diff myprog myprog.log myprog~ nox perl.cgi pm ppp-2.3.11 ppp-2.3.11-EHMOD.tgz ppp-2.3.11.tar.gz ppp-2.3.8-mppe-others-norc4_TH7.diff ppp-2.3.8.tar.gz ppp.log pptp.problem.txt pptp.problem.txt~ pptpd-1.0.0 pptpd-1.0.0.tgz pptpd-1.1.1 pptpd-1.1.1.tgz project public_html readme.htm samba-2.0.7 samba-2_0_7_tar.gz seq.txt setup1.exe setup2.exe sha tb2pro32d.exe temp tmp tmp2 w2k win98vpn128.exe Send a reset-request to reset the peer's compressor. ANTH263 CS480 EE326 Eric.cert Eric.csr Eric.key Eric.p12 FilmJournal.txt FilmJournal.txt.1 HIST101 HUBERT Linux LinuxTaRT-2.50 LinuxTaRT_tar.gz Mail MakeFileList News SCFbackup.tgz SSLeay-0.8.1b SSLeay-0.8.1b.tar.gz adamn.mediaone.txt adamn.passwd.mediaone.txt alex.p12 bz2 cgi-eh.tar.gz clsnxs04.zip dead.letter dos download_pptp.tgz download_pptp.txt ftpd game-exe.zip game-src.zip getfile ip_fw.c ipchains ipchains-1.3.8 ipchains-1.3.8.tar.gz ipchains-HOWTOs-1.0.7.tar.bz2 ipx.html lcrack mail mediaone.txt mp3 mppe_stateless.diff myprog myprog.log myprog~ nox perl.cgi pm ppp-2.3.11 ppp-2.3.11-EHMOD.tgz ppp-2.3.11.tar.gz ppp-2.3.8-mppe-others-norc4_TH7.diff ppp-2.3.8.tar.gz ppp.log pptp.problem.txt pptp.problem.txt~ pptpd-1.0.0 pptpd-1.0.0.tgz pptpd-1.1.1 pptpd-1.1.1.tgz project public_html readme.htm samba-2.0.7 samba-2_0_7_tar.gz seq.txt setup1.exe setup2.exe sha tb2pro32d.exe temp tmp tmp2 w2k win98vpn128.exe We don't do that if we are still waiting for an ANTH263 CS480 EE326 Eric.cert Eric.csr Eric.key Eric.p12 FilmJournal.txt FilmJournal.txt.1 HIST101 HUBERT Linux LinuxTaRT-2.50 LinuxTaRT_tar.gz Mail MakeFileList News SCFbackup.tgz SSLeay-0.8.1b SSLeay-0.8.1b.tar.gz adamn.mediaone.txt adamn.passwd.mediaone.txt alex.p12 bz2 cgi-eh.tar.gz clsnxs04.zip dead.letter dos download_pptp.tgz download_pptp.txt ftpd game-exe.zip game-src.zip getfile ip_fw.c ipchains ipchains-1.3.8 ipchains-1.3.8.tar.gz ipchains-HOWTOs-1.0.7.tar.bz2 ipx.html lcrack mail mediaone.txt mp3 mppe_stateless.diff myprog myprog.log myprog~ nox perl.cgi pm ppp-2.3.11 ppp-2.3.11-EHMOD.tgz ppp-2.3.11.tar.gz ppp-2.3.8-mppe-others-norc4_TH7.diff ppp-2.3.8.tar.gz ppp.log pptp.problem.txt pptp.problem.txt~ pptpd-1.0.0 pptpd-1.0.0.tgz pptpd-1.1.1 pptpd-1.1.1.tgz project public_html readme.htm samba-2.0.7 samba-2_0_7_tar.gz seq.txt setup1.exe setup2.exe sha tb2pro32d.exe temp tmp tmp2 w2k win98vpn128.exe acknowledgement to a previous reset-request. ANTH263/ CS480/ EE326/ HIST101/ HUBERT/ Linux/ LinuxTaRT-2.50/ Mail/ News/ SSLeay-0.8.1b/ bz2/ dos/ ftpd/ ipchains-1.3.8/ ipchains/ lcrack/ mail/ mp3/ nox/ pm/ ppp-2.3.11/ pptpd-1.0.0/ pptpd-1.1.1/ project/ public_html/ samba-2.0.7/ sha/ temp/ tmp/ tmp2/ w2k/ if (!(ccp_localstate[f->unit] & RACK_PENDING)) { fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0); TIMEOUT(ccp_rack_timeout, f, RACKTIMEOUT); ccp_localstate[f->unit] |= RACK_PENDING; } else ccp_localstate[f->unit] |= RREQ_REPEAT; ------------- THIS IS NOT TRUE ABOUT THE REVERSE. That is, the Win98 client I was testing seems to re-order the packets properly or send some request. Thus, you can download anything you please to your client from the pptpd but sending large files especially will cause problems. (assuming you're network drops packets or lets newer packets through first) Re: [pptp-server] Re: Previous GRE: discarding out of order packet problem On Sun, 14 May 2000, Eric H wrote: (please note the reply-to:eharashe at mediaone.net) I seem to have the same problem. I'm connecting a Win98 computer over a cable modem network to v1.1.1 pptpd. It works great for short packet operations (ping, telnet). But if I try sending a file through ftp or samba, it hangs after a variable amount of time. (Always within the first 1-2MB) Almost each time (I'm not 100% certain it's each time), I get a message such as: May 14 17:06:05 Obsidian pptpd[22398]: Unexpected sequence number; got 265 after 263 May 14 17:11:43 Obsidian pptpd[22412]: Unexpected sequence number; got 5769 after 5767 May 14 17:28:01 Obsidian pptpd[22448]: Unexpected sequence number; got 95 after 93 May 14 17:28:01 Obsidian pptpd[22448]: Unexpected sequence number; got 98 after 96 May 14 17:31:06 Obsidian pptpd[22454]: Unexpected sequence number; got 804 after 802 May 14 17:35:32 Obsidian pptpd[22464]: Unexpected sequence number; got 70 after 67 May 14 17:42:30 Obsidian pptpd[22486]: Unexpected sequence number; got 802 after 796 May 14 17:42:32 Obsidian pptpd[22486]: Unexpected sequence number; got 822 after 820 May 14 17:43:05 Obsidian pptpd[22486]: Unexpected sequence number; got 2253 after 2240 May 14 17:43:32 Obsidian pptpd[22486]: Unexpected sequence number; got 3527 after 3525 May 14 17:43:43 Obsidian pptpd[22486]: Unexpected sequence number; got 3969 after 3967 May 14 17:43:52 Obsidian pptpd[22486]: Unexpected sequence number; got 4337 after 4335 May 14 17:44:27 Obsidian pptpd[22486]: Unexpected sequence number; got 5763 after 5761 ... many more follow I'm guessing it's some kind of packet re-ordering problem. I read some of the code in pptpgre.c and pptpctrl.c and it seems that out of order packets are dropped... It seems to be causing everything after that to not work. After this happens, the link dies. That is, I can't connect through the vpn connection to anything. On the server, I still see occasional pppd: recvd [Compressed data] etc. Eric Harashevsky (eharashe at mediaone.net) ---------------------------------------------------------------- Honey, PLEASE don't pick up the PH$@#*&$^(#@&$^%(*NO CARRIER _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! Eric Harashevsky (eharashe at mediaone.net) ---------------------------------------------------------------- I can see clearly now, the brain is gone... From barjunk at attglobal.net Mon May 15 18:03:57 2000 From: barjunk at attglobal.net (Michael Barsalou) Date: Mon, 15 May 2000 15:03:57 -0800 Subject: [pptp-server] RedHat 6.2 Message-ID: <200005152303.e4FN3Mu18859@snaildust.schulte.org> Anyone have this working with a stock RedHat 6.2? Mike Michael Barsalou barjunk at attglobal.net From erobinson at dot.state.nv.us Tue May 16 03:45:53 2000 From: erobinson at dot.state.nv.us (Robinson, Eric) Date: Tue, 16 May 2000 01:45:53 -0700 Subject: [pptp-server] PPP and PoPToP--HOWTO? Message-ID: I have a FreeBSD 3.4 computer connected to my ISP through an Ethernet-DSL bridge. The computer is working quite well as a firewall using Darren Reed's IP Filter. Now I would like to add PoPToP to the machine and establish a VPN for my remote Windows users. Does anyone know of a good (suitable for newbies) step-by-step guide for setting up PPP and PoPToP together? I've read the FreeBSD handbook sections on the subject, but they approach the PPP server configuration from a dial-up perspective. In my case, people will be connecting over the network. I can't figure out what to do differently. When I connect to the server, I get responses from PoPToP, but the server ignores the client's LCP-configure request. This seems to indicate that PPP is not starting on the server. Or maybe it is starting but it just doesn't know where to direct the PPP stream. I dunno. Help would be greatly appreciated. A couple of quickie Q's: Can I use either kernel or user-mode PPP to run PoPToP?. Is there any advantage of user-mode ppp over kernel ppp, or vise versa? -- Eric Robinson Network Analyst State of Nevada DOT From adi at certsite.com Tue May 16 08:57:46 2000 From: adi at certsite.com (Adi) Date: Tue, 16 May 2000 09:57:46 -0400 Subject: [pptp-server] RPMs for ppp-2.3.10 with MSCHAP/MPPE patch References: <4.3.1.2.20000515234825.00b333f8@earth.netlynx.com> Message-ID: <392153DA.DC64938C@certsite.com> Rich Hall wrote: > > At 05:33 PM 5/10/2000 -0400, you wrote: > >I've built some RPMs incorporating the MSCHAP/MPPE patch to ppp-2.3.10 for > >RH6.1 and RH6.2. I have not done any work verifying that it actually works, > >I simply followed the instructions from the redhat readme on moretonbay.com, > >and made a RedHat spec file from them. > > > >I would greatly appreciate it if people would try these out and give me > >suggestions. Thanks. > > > >http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh61.i386.rpm > >http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh61.src.rpm > >http://certsite.org/~adi/sw/ppp-modules-2.3.10-1mschap_mppe_rh61.i386.rpm > > > >http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh62.i386.rpm > >http://certsite.org/~adi/sw/ppp-2.3.10-1mschap_mppe_rh62.src.rpm > >http://certsite.org/~adi/sw/ppp-modules-2.3.10-1mschap_mppe_rh62.i386.rpm > > Well I downloaded these only to find that I already am one version beyond > these when I tried to install them. I have version ppp-2.3.11-1 already > installed with my RH 6.1 w/kernel 2.1.14 so rpm is complaining. Is there > something being incorporated into the newer ppp-2.3.11 code? Why the older > code anyway? > Rich, These packages need specific kernel versions to work.. (2.2.12-20 for rh61, 2.2.14-5.0 for rh62) the reason is that the ppp code is half a kernel module, half a daemon. (I don't know why the ppp designers chose to do it this way) So, the ppp code must be built against a specific kernel version... you can't use my packages with kernel 2.1.14... if you need ppp with MSCHAP/MPPE under that kernel, you'll have to compile it yourself. The spec file in my src.rpm will probably be a big help doing this. The reason I am using ppp ver. 2.3.10 is because the MSCHAP/MPPE patch is only available for that version. Also, please (everyone) use the packages with release "2mschap_mppe_rh6[12]", as there are bugs in the "1mschap_*" rpms. -Adi From adi at certsite.com Tue May 16 09:02:40 2000 From: adi at certsite.com (Adi) Date: Tue, 16 May 2000 10:02:40 -0400 Subject: [pptp-server] RedHat 6.2 References: <200005152303.e4FN3Mu18859@snaildust.schulte.org> Message-ID: <39215500.7132E8F6@certsite.com> Mike, Yes, my RPMs work on a stock RH6.2 box: (with the pptpd-1.0.0-1.i386.rpm from moretonbay) http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh62.i386.rpm http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.i386.rpm http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.src.rpm -Adi Michael Barsalou wrote: > > Anyone have this working with a stock RedHat 6.2? > > Mike > > Michael Barsalou > barjunk at attglobal.net > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From iws at tadpole.co.uk Tue May 16 10:28:00 2000 From: iws at tadpole.co.uk (Ian Spray) Date: Tue, 16 May 2000 16:28:00 +0100 (BST) Subject: [pptp-server] SPARC/Linux ppp_mppe.o failure Message-ID: <200005161528.QAA12566@jupiter.dev.tadpole.co.uk.tadpole.co.uk> Hi, I've been through the list Archives, and have read about MPPE dependancy failures, but after trying two different kernels I just can't fix the following problem: $ depmod -a depmod: *** Unresolved symbols in /lib/modules/2.2.-14.05/net/ppp_mppe.o $ modprobe ppp_mppe.o /lib/modules/2.2.-14.05/net/ppp_mppe.o: unresolved symbol __floatsidf /lib/modules/2.2.-14.05/net/ppp_mppe.o: unresolved symbol __adddf3 My system was configured fresh from a RedHat 6.2 SPARC iso CDROM, and I followed the RedHat instructions on the moretonbay site, so I am running with: ppp-2.3.11 ppp-2.3.11-openssl-0.9.5-mppe.patch and the diff posted last month by Tom Eastep for ppp.c (adds POLL_IN to a kill_fasync call). I am going to try this on a i386 machine now, but given that I can't find the above symbols in any of the security or ppp code (plus the destination machine will have a SPARC cpu), I wanted to know if anyone else has managed to get ppp_mppe running under SPARC/Linux. TTFN, -- Ian Spray : Software Engineer : Tadpole-RDI iws at tadpole.co.uk : +44 (0) 1223 428 224 : http://www.tadpole.com/ From jhummel at fulltiltsolutions.com Tue May 16 11:11:23 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Tue, 16 May 2000 12:11:23 -0400 Subject: [pptp-server] RedHat 6.2 Message-ID: I did the rebuild rpm command to install these on a fresh RH6.2 box. I am connecting to a MSNT4.0 PPTP server. PPTP is installed per your other messages. Nothing is working. -J Any ideas? Is there a step by step to connect to an NT box via 128bit encryption? -----Original Message----- From: Adi [mailto:adi at certsite.com] Sent: Tuesday, May 16, 2000 10:03 AM To: mjbarsalou at ibm.net Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] RedHat 6.2 Mike, Yes, my RPMs work on a stock RH6.2 box: (with the pptpd-1.0.0-1.i386.rpm from moretonbay) http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh62.i386.rpm http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.i386.rpm http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.src.rpm -Adi Michael Barsalou wrote: > > Anyone have this working with a stock RedHat 6.2? > > Mike > > Michael Barsalou > barjunk at attglobal.net > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From adi at certsite.com Tue May 16 11:34:30 2000 From: adi at certsite.com (Adi) Date: Tue, 16 May 2000 12:34:30 -0400 Subject: [pptp-server] RedHat 6.2 References: Message-ID: <39217896.A1A624CF@certsite.com> Wait, you are using an NT4 PPTP server, and trying to connect from a linux PPTP client?? I think you need different PPTP RPMs for that. The RPM I suggested (from moretonbay.com) is the pptpd-1.0.0-1.i386.rpm package which is the PPTP *server* for linux. So I don't know where an NT4 pptp server would come in to play. Did you mean you're trying to connect to the linux PPTP server from an NT4 workstation?? As for my ppp RPMs, they may work using a linux PPTP client, I don't know. I haven't tested them yet. If they don't work, send me the relevant log messages, debug info, etc... -Adi Jeffrey Hummel wrote: > > I did the rebuild rpm command to install these on a fresh RH6.2 box. > > I am connecting to a MSNT4.0 PPTP server. PPTP is installed per your other > messages. > > Nothing is working. > > -J > > Any ideas? > > Is there a step by step to connect to an NT box via 128bit encryption? > > -----Original Message----- > From: Adi [mailto:adi at certsite.com] > Sent: Tuesday, May 16, 2000 10:03 AM > To: mjbarsalou at ibm.net > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] RedHat 6.2 > > Mike, > > Yes, my RPMs work on a stock RH6.2 box: > (with the pptpd-1.0.0-1.i386.rpm from moretonbay) > > http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh62.i386.rpm > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.i386.rpm > > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.src.rpm > > -Adi > > Michael Barsalou wrote: > > > > Anyone have this working with a stock RedHat 6.2? > > > > Mike > > > > Michael Barsalou > > barjunk at attglobal.net > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From adi at certsite.com Tue May 16 11:38:22 2000 From: adi at certsite.com (Adi) Date: Tue, 16 May 2000 12:38:22 -0400 Subject: [pptp-server] RedHat 6.2 References: Message-ID: <3921797E.EDEEF8BA@certsite.com> Mike, Right, you should get these warnings from rpm, because my ppp-modules package *overwrites* the existing ppp kernel modules with the MSCHAP/MPPE patched versions. To install, you need to: rpm -i ppp-modules-2.3.10-2mschap_mppe_rh62.i386 --force It is exactly 3 modules that get overwritten: bsd_comp.o ppp.o ppp_deflate.o -Adi Michael Barsalou wrote: > > I get errors when I apply them. Something about them breaking > modules that are already in the kernel > > ppp.o > bsd_deflate.o > > and one or two others. > > Maybe I'm not applying them right. > > Mike > > Date sent: Tue, 16 May 2000 10:02:40 -0400 > From: Adi > To: mjbarsalou at ibm.net > Copies to: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] RedHat 6.2 > > > Mike, > > > > Yes, my RPMs work on a stock RH6.2 box: > > (with the pptpd-1.0.0-1.i386.rpm from moretonbay) > > > > http://certsite.org/~adi/sw/ppp-modules-2.3.10-2mschap_mppe_rh62.i386. > > rpm http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.i386.rpm > > > > http://certsite.org/~adi/sw/ppp-2.3.10-2mschap_mppe_rh62.src.rpm > > > > -Adi > > > > Michael Barsalou wrote: > > > > > > Anyone have this working with a stock RedHat 6.2? > > > > > > Mike > > > > > > Michael Barsalou > > > barjunk at attglobal.net > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulte.org! > > > > Michael Barsalou > barjunk at attglobal.net From macleajb at EDnet.NS.CA Tue May 16 13:04:52 2000 From: macleajb at EDnet.NS.CA (James MacLean) Date: Tue, 16 May 2000 15:04:52 -0300 (ADT) Subject: [pptp-server] PATCHES to allow MS-Chap v2 auth using Xtradius Message-ID: Hi Folks, Second in the series of hacks to get MSChap v2 authentication out of chap-secrets and into somewhere easier to maintain :). Uses MySQL via 2 simplistic perl scripts to add/modify users and access rules. No, this is not for the pizza :(. Please find for your development pleasure a combination of patches and scripts at : http://www.ednet.ns.ca/~macleajb/chap_crap-0.2.tgz The README is brief. The chances of cleanly installing it at this time are probably not above 60%. But don't let that stop you. When working, it will allow you to run a modified pppd which will use an xtradius server to get the NtHash password and use it for authentication. It will also send accounting start/stop to the server which can be used to setup filter rules, etc... It also includes the smbpasswd patches from the first effort. It still uses the rule that if a password is 32 bytes, it will use it as an NtHash password. The communication with the radius server is not the right way to do it. The authenticate request call always succeeds if the user exists and then returns with the NtHash in a CALLBACK response pair. I believe the more correct method would have been to send to the radius server a challenge/response and if valid return the same, but I took the short cut to see if I could get something working. One benefit of these patches/scripts is that it allows you to authorize access to only specific resources by making the accounting start/stop procedures of Xtradius build filters from the rules stored in a database. This system expects to give each user their own IP at this time. Later, JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From chris at drjcomputing.com Tue May 16 15:56:40 2000 From: chris at drjcomputing.com (chris) Date: Tue, 16 May 2000 16:56:40 -0400 Subject: [pptp-server] Local Network In-Reply-To: <01F6FEC1E103D311B944004033A281B20318C8@mama123> Message-ID: <01F6FEC1E103D311B944004033A281B2015D40@mama123> So I've been working on VPN all day and although I made some significant progress... I am stuck. I can get my Win98 client to get to my RedHat 6.0 PoPTop Server. Doing an ifconfig on the linux server shows... eth0 Link encap:Ethernet HWaddr 00:A0:CC:3F:92:35 inet addr:24.161.58.200 Bcast:24.161.63.255 Mask:255.255.248.0 UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:1407 errors:0 dropped:0 overruns:0 frame:0 TX packets:527 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xe400 eth1 Link encap:Ethernet HWaddr 00:A0:CC:3F:37:4E inet addr:192.168.0.151 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:106 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:5 Base address:0xe800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:40 errors:0 dropped:0 overruns:0 frame:0 TX packets:40 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.0.234 P-t-P:192.168.0.154 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:30 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 From john at netdirect.ca Tue May 16 16:47:08 2000 From: john at netdirect.ca (John Van Ostrand) Date: Tue, 16 May 2000 17:47:08 -0400 Subject: [pptp-server] Local Network Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B0DD@enterprise.NetDirect.CA> Chris, Have you specified "proxyarp" in the /etc/ppp/options file? Then when you connect you can check "arp -a" to see if your IP address is there. John. > -----Original Message----- > From: chris [mailto:chris at drjcomputing.com] > Sent: Tuesday, May 16, 2000 4:57 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Local Network > > > So I've been working on VPN all day and although I made some > significant > progress... I am stuck. > > I can get my Win98 client to get to my RedHat 6.0 PoPTop Server. > Doing an ifconfig on the linux server shows... > > eth0 Link encap:Ethernet HWaddr 00:A0:CC:3F:92:35 > inet addr:24.161.58.200 Bcast:24.161.63.255 > Mask:255.255.248.0 > UP BROADCAST RUNNING MTU:1500 Metric:1 > RX packets:1407 errors:0 dropped:0 overruns:0 frame:0 > TX packets:527 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:11 Base address:0xe400 > > eth1 Link encap:Ethernet HWaddr 00:A0:CC:3F:37:4E > inet addr:192.168.0.151 Bcast:192.168.0.255 > Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:106 errors:0 dropped:0 overruns:0 frame:0 > TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:5 Base address:0xe800 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:3924 Metric:1 > RX packets:40 errors:0 dropped:0 overruns:0 frame:0 > TX packets:40 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > > ppp0 Link encap:Point-to-Point Protocol > inet addr:192.168.0.234 P-t-P:192.168.0.154 > Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:30 errors:0 dropped:0 overruns:0 frame:0 > TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:10 > > > > From the client I can ping the PoPTop Server, which has the > ip address, > 192.168.0.151 > > From the client I can ping the leased address, which is 192.168.0.154 > > From the client I can ping the inet address, which is 192.168.0.234 > > From the client I can telnet into the PoPTop Server (192.168.0.151) > > I can't ping or access the local network in anyway. I've attached the > files I believe are important. Hopefully someone can help me > debug this. > > I believe I have IPForwarding on... I followed the How-To and > just rpm'd a > new kernal... so if the HOW-To told me to just type 'rpm -Uvvh > kernal-2.2.12-20' then shouldn't that kernal include IPForwarding? > > Thanks for the help. > -Chris Carella- > From adi at certsite.com Tue May 16 17:15:59 2000 From: adi at certsite.com (Adi) Date: Tue, 16 May 2000 18:15:59 -0400 Subject: [pptp-server] Local Network References: <01F6FEC1E103D311B944004033A281B2015D40@mama123> Message-ID: <3921C89F.9D94C63D@certsite.com> > I can't ping or access the local network in anyway. I've attached the > files I believe are important. Hopefully someone can help me debug this. What would also be helpful is the relevant part of your /var/log/messages log. Scroll through it and cut out just the messages generated by pppd and pptpd. -Adi From teastep at evergo.net Tue May 16 17:38:09 2000 From: teastep at evergo.net (Tom Eastep) Date: Tue, 16 May 2000 15:38:09 -0700 (PDT) Subject: [pptp-server] Local Network In-Reply-To: <01F6FEC1E103D311B944004033A281B2015D40@mama123> Message-ID: On Tue, 16 May 2000, chris wrote: > So I've been working on VPN all day and although I made some significant > progress... I am stuck. > Is this box also doing IP Masquerading? If so, you want this in the forward chain before your MASQ rule: ifconfig -A forward -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT -Tom -- Tom Eastep \ Eastep's First Principle of Computing: ICQ #60745924 \ "Any sane computer will tell you how it teastep at evergo.net \ works if you ask it the proper questions" Shoreline, Washington USA \___________________________________________ From mhorn at intracom.com Tue May 16 20:44:56 2000 From: mhorn at intracom.com (Mark Horn) Date: Tue, 16 May 2000 21:44:56 -0400 Subject: [pptp-server] Local Network In-Reply-To: <01F6FEC1E103D311B944004033A281B2015D40@mama123>; from chris@drjcomputing.com on Tue, May 16, 2000 at 04:56:40PM -0400 References: <01F6FEC1E103D311B944004033A281B20318C8@mama123> <01F6FEC1E103D311B944004033A281B2015D40@mama123> Message-ID: <20000516214456.B15552@mhorn.dyn.cheapnet.net> On Tue, May 16, 2000 at 04:56:40PM -0400, chris wrote: >So I've been working on VPN all day and although I made some significant >progress... I am stuck. I think the problem is IP forwarding. One way to prove it to yourself is to open up two windows on the server. In one window start tcpdump -i ppp0 and in the other window start tcpdump -i eth1 host Then, start a ping to some machine on the local network other than the PoPToP server. I'm betting that you'll see an ICMP echo on ppp0, but not on eth1. What this proves is that you're not doing IP forwarding, because the packet is going in one interface, but not going out the other. >I believe I have IPForwarding on... I followed the How-To and just rpm'd a >new kernal... so if the HOW-To told me to just type 'rpm -Uvvh >kernal-2.2.12-20' then shouldn't that kernal include IPForwarding? IP forwarding is turned on after the kernel is running. This is done by changing a file in /proc To verify that you don't have IP forwarding turned on, do: cat /proc/sys/net/ipv4/ip_forward If outputs '0' then you have IP forwarding turned off. To turn it on, do: echo 1 > /proc/sys/net/ipv4/ip_forward Remember, you have to do this as root, and also remember that this will have to be re-establised after every reboot. Right now I'm sitting in front of a Debian box. Off the top of my head I don't remember how to do that in Red Hat. You might also want to make sure that pppd is setting up proxy arp for you properly. Do: /usr/sbin/arp -n Make sure that you see something like: Address HWtype HWaddress Flags Mask Iface 192.168.0.154 * * MP eth0 This will verify that you are in fact, doing proxy arp. Your config says that you should be doing this, but it's always good to double check. Good luck. - Mark From iws at tadpole.co.uk Wed May 17 06:10:45 2000 From: iws at tadpole.co.uk (Ian Spray) Date: Wed, 17 May 2000 12:10:45 +0100 (BST) Subject: [pptp-server] SPARC/Linux ppp_mppe.o failure In-Reply-To: <200005161528.QAA12566@jupiter.dev.tadpole.co.uk.tadpole.co.uk> Message-ID: <200005171110.MAA21383@jupiter.dev.tadpole.co.uk.tadpole.co.uk> On 16-May-00 Ian Spray wrote: > [snip] > I am going to try this on a i386 machine now, > [snip] > The results are in, and it works fine for both: depmod -a and: modprobe ppp_mppe under an i386 distro (Corel). Has *anyone* used a SPARC cpu for PPTP (any version of OS/PPTP) ? I can get an IPSec VPN (FreeS/WAN) running between an i386 and a SPARC machine, but it's this last 'Windows Compatible' step that's foxing me at the moment. TTFN, -- Ian Spray : Software Engineer : Tadpole-RDI iws at tadpole.co.uk : +44 (0) 1223 428 224 : http://www.tadpole.com/ From gdunn at inscriber.com Wed May 17 08:39:04 2000 From: gdunn at inscriber.com (Graham Dunn) Date: Wed, 17 May 2000 09:39:04 -0400 Subject: [pptp-server] Local Network In-Reply-To: <20000516214456.B15552@mhorn.dyn.cheapnet.net>; from mhorn@intracom.com on Tue, May 16, 2000 at 09:44:56PM -0400 References: <01F6FEC1E103D311B944004033A281B20318C8@mama123> <01F6FEC1E103D311B944004033A281B2015D40@mama123> <20000516214456.B15552@mhorn.dyn.cheapnet.net> Message-ID: <20000517093904.A583@inscriber.com> On Tue, May 16, 2000 at 09:44:56PM -0400, Mark Horn wrote: > On Tue, May 16, 2000 at 04:56:40PM -0400, chris wrote: > >So I've been working on VPN all day and although I made some significant > >progress... I am stuck. > [snip] > > If outputs '0' then you have IP forwarding turned off. To turn it on, do: > > echo 1 > /proc/sys/net/ipv4/ip_forward > > Remember, you have to do this as root, and also remember that this will > have to be re-establised after every reboot. Right now I'm sitting in > front of a Debian box. Off the top of my head I don't remember how to > do that in Red Hat. in /etc/sysconfig/network put FORWARD_IPV4="yes" Has anyone tried mpd-netgraph under FreeBSD-4.0 (from /usr/ports) as a ppp replacement? -Graham -- gdunn at inscriber.com Graham Dunn || ||| | ||| |||| | |||| | PGP Key fingerprint = 3F 56 12 9B 8A E1 77 CB F0 62 94 B0 93 06 1E 88 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 293 bytes Desc: not available URL: From michael.kappler at primedisc.com Wed May 17 08:53:08 2000 From: michael.kappler at primedisc.com (michael.kappler at primedisc.com) Date: Wed, 17 May 2000 15:53:08 +0200 Subject: [pptp-server] smbpasswd for pppd Message-ID: Hi James, I've tried to patch my ppp-2.3.11 with the pppsmb.pat and added the appropriate line pointing to my smbpsswd-file to /etc/ppp/chap-secrets and installed libsmbpw. My linux VPN is running on a 2.2.13 kernel, pptpd 1.0.0 and samba 2.0.5a. Nothing happened. Error messages like: The remote system is requiered to authenticate itself but I couldn't find any suitable secret (password) for it to use to do so. (None of the available passwords would let it use an IP address). I'm also using the strip-MSdomain-patch which stripps off the domain name and \\ from Win clients before checking the chap-secrets file. Do you have any idea what went wrong? Thanks Mike From macleajb at EDnet.NS.CA Wed May 17 10:13:22 2000 From: macleajb at EDnet.NS.CA (James MacLean) Date: Wed, 17 May 2000 12:13:22 -0300 (ADT) Subject: [pptp-server] Re: smbpasswd for pppd In-Reply-To: Message-ID: Hi Mike, Some obvious things first: . does /etc/smbpasswd have the exact name u used on the connect request? . have you tried /etc/ppp/chap-secrets with just a single line as such: * * &/etc/smbpasswd * . if you put back in /etc/ppp/chap-secrets the normal lines to connect, does the new pppd still function as it use to? and last :) are you testing your connects only from Windows client? Or have you tested pptp too? thanks, JES On Wed, 17 May 2000 michael.kappler at primedisc.com wrote: > Hi James, > I've tried to patch my ppp-2.3.11 with the pppsmb.pat and added the > appropriate line pointing to my smbpsswd-file > to /etc/ppp/chap-secrets and installed libsmbpw. My linux VPN is running on > a 2.2.13 kernel, pptpd 1.0.0 and samba 2.0.5a. > Nothing happened. > Error messages like: > > The remote system is requiered to authenticate itself > but I couldn't find any suitable secret (password) for it to use to do so. > (None of the available passwords would let it use an IP address). > > I'm also using the strip-MSdomain-patch which stripps off the domain name > and \\ from Win clients > before checking the chap-secrets file. > Do you have any idea what went wrong? > Thanks > Mike James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From chris at drjcomputing.com Wed May 17 12:24:46 2000 From: chris at drjcomputing.com (chris) Date: Wed, 17 May 2000 13:24:46 -0400 Subject: [pptp-server] Local Network In-Reply-To: <01F6FEC1E103D311B944004033A281B20318F3@mama123> Message-ID: <01F6FEC1E103D311B944004033A281B2015D44@mama123> I just wanted to thank everyone for helping me get PoPTop up and running. I especially wanted to thank, Mark Horn, Graham Dunn, and Tom Eastep.. thanks guys you all helped. I am very proud of how the GNU support model turned out. The mailing list truely is a quick and effective way to get support results. -gnuchris- From eric at we-24-30-125-179.we.mediaone.net Wed May 17 13:30:10 2000 From: eric at we-24-30-125-179.we.mediaone.net (Eric H) Date: Wed, 17 May 2000 11:30:10 -0700 (PDT) Subject: [pptp-server] Possible patch/bugfix for dropped packets killing mppe Message-ID: Whenever I had a packet drop, mppe would die. I wrote a quick fix for it... If someone else can verify it works for them (and they were having the same problem with mppe dropping when a packet drops), I'd greatly appreciate it. This patch is from ppp-2.3.11, but I think it'll work on older versions. It assumes you have already used the mppe_stateless and the original ppp-2.3.10 patch. Run it from the ppp-2.3.x directory. It modifies linux/ppp_mppe.c and pppd/ccp.c PLEASE: Don't blame me if this screws something up! :) Like I said, I haven't fully tested it, BUT it did work nicely from the machine I was getting dropped packets (It still drops packets, but it doesn't kill off mppe.) I tried to make it conform to: http://www.ietf.org/internet-drafts/draft-ietf-pppext-mppe-04.txt under sections 8.1 Stateless Synchronization and 8.2 Statefull Synchronization (please note the reply to field if you try to email me: eharashe at mediaone.net) Eric Harashevsky (eharashe at mediaone.net) ---------------------------------------------------------------- Health food makes me sick. -------------- next part -------------- --- linux/ppp_mppe.c.orig Tue May 16 18:21:23 2000 +++ linux/ppp_mppe.c Wed May 17 11:17:06 2000 @@ -83,6 +83,7 @@ int keylen; int stateless; int decomp_error; + int mppe_flush; /* To discard packets before a FLUSH */ unsigned int bits; int unit; int debug; @@ -498,18 +500,33 @@ } if (seq != state->ccount) { - if (state->debug) { - printk(KERN_DEBUG "mppe_decompress%d: bad seq # %d, expected %d\n", - state->unit, seq, state->ccount); - } - - while(state->ccount != seq) { - mppe_update_count(state); + if (state->debug) { + printk(KERN_DEBUG "mppe_decompress%d: bad seq # %d, expected %d\n", + state->unit, seq, state->ccount); + } + + if (state->stateless) { + while(state->ccount != seq) { + mppe_update_count(state); + } + } else { + /* DO NOT resend resets! */ + if (state->mppe_flush!=1) { + if (state->debug) + printk(KERN_DEBUG "mppe_decompress: Sending CCP_RESETREQ\n"); + state->mppe_flush=1; /* ignore packets till a flush bit */ + mppe_synchronize_key(state); /* needed ? */ + return DECOMP_ERROR; /* will cause a reset */ + /* This seems to turn off mppe briefly, but probably not too bad + * (I noticed some pppd: rcvd Compressed data). It definitely + * gets turned on again if it does go off... + */ + } else { + if (state->debug) + printk(KERN_DEBUG "mppe_decompress: Sent reset -- ignoring\n"); } - - mppe_update_count(state); - - return DECOMP_ERROR; + } + /* DO NOT return an error for stateless */ } /* @@ -525,12 +542,23 @@ mppe_synchronize_key(state); return DECOMP_ERROR; } else { - if(!state->stateless && (MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED)) + if(!state->stateless) { + if (MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED) { + state->mppe_flush=0; mppe_synchronize_key(state); + } + } mppe_update_count(state); - /* decrypt - adjust for PPP_HDRLEN + MPPE_OVHD - mru should be OK */ - RC4(&(state->RC4_recv_key),isize-6,ibuf+6,obuf); + if (state->mppe_flush!=1) { + /* decrypt - adjust for PPP_HDRLEN + MPPE_OVHD - mru should be OK */ + RC4(&(state->RC4_recv_key),isize-6,ibuf+6,obuf); + } else { + /* Need to ignore this packet BUT not return DECOMP_ERROR + * since that will resend the resend... + */ + + } (state->stats).unc_bytes += (isize-MPPE_OVHD); (state->stats).unc_packets ++; --- pppd/ccp.c.orig Thu Aug 12 23:46:11 1999 +++ pppd/ccp.c Wed May 17 08:49:39 2000 @@ -1193,6 +1436,21 @@ error("Lost compression sync: disabling compression"); ccp_close(unit, "Lost compression sync"); } else { + /* MPPE/MPPC ONLY requires CCP_RESETREQ + * when using statefull decryption. We do not + * recieve a reset ACK, just a packet with FLUSHED set + */ + if (ccp_gotoptions[f->unit].method == CI_MPPE) { + if (ccp_gotoptions[f->unit].mppe_stateless) + return; + ccp_localstate[f->unit] &= ~RREQ_REPEAT; + ccp_localstate[f->unit] &= ~RACK_PENDING; + fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0); + /* DO NOT expect an ack... */ + ccp_localstate[f->unit] &= ~RREQ_REPEAT; + ccp_localstate[f->unit] &= ~RACK_PENDING; + return; + } /* * Send a reset-request to reset the peer's compressor. * We don't do that if we are still waiting for an From chris at drjcomputing.com Wed May 17 14:07:22 2000 From: chris at drjcomputing.com (chris) Date: Wed, 17 May 2000 15:07:22 -0400 Subject: [pptp-server] IPCHAINS In-Reply-To: <01F6FEC1E103D311B944004033A281B20318FA@mama123> Message-ID: <01F6FEC1E103D311B944004033A281B2015D48@mama123> What are the exact IPCHAINS rules to allow a client to connect to a PoPToP Server On the firewall... The setup is that the firewall with internal IP 192.168.0.151 and external 24.x.x.x And the PoPTop server is the firewall... Thanks, Chris From yan at cardinalengineering.com Wed May 17 14:26:00 2000 From: yan at cardinalengineering.com (Yan Seiner) Date: Wed, 17 May 2000 15:26:00 -0400 Subject: [pptp-server] IPCHAINS References: <01F6FEC1E103D311B944004033A281B2015D48@mama123> Message-ID: <3922F248.D4721434@cardinalengineering.com> This should work. pub-in is your public interface (ppp0 probably, but could be ethn...) put the proper entries in /etc/services pptpctrl 1723/tcp # pptp and /etc/protocols pptp 47 GRE # PPTP protocol and in your firewall script: UNPRIV_PORTS="1024:65535" # adjust others to match # PPTP is kind of a bastardized service in that it requires # both a tcp connection and a protocol 47 connection. # for that reason, let's put it off by itself. echo -n "pptp..." ipchains -A pub-in -p tcp \ --sport $UNPRIV_PORTS \ -d $PUBLIC_IP pptpctrl \ -j ACCEPT ipchains -A pub-in -p pptp \ -d $PUBLIC_IP \ -j ACCEPT ipchains -A pub-out -p tcp \ --source $PUBLIC_IP pptpctrl \ --dport $UNPRIV_PORTS \ -j ACCEPT ipchains -A pub-out -p pptp \ --source $PUBLIC_IP \ -j ACCEPT echo "" chris wrote: > > What are the exact IPCHAINS rules to allow a client to connect to a PoPToP > Server On the firewall... > > The setup is that the firewall with internal IP 192.168.0.151 and external > 24.x.x.x > And the PoPTop server is the firewall... > > Thanks, > Chris > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- Think different ride a recumbent use Linux. From teastep at evergo.net Wed May 17 14:49:15 2000 From: teastep at evergo.net (Tom Eastep) Date: Wed, 17 May 2000 12:49:15 -0700 (PDT) Subject: [pptp-server] IPCHAINS In-Reply-To: <01F6FEC1E103D311B944004033A281B2015D48@mama123> Message-ID: Chris, On Wed, 17 May 2000, chris wrote: > What are the exact IPCHAINS rules to allow a client to connect to a PoPToP > Server On the firewall... > > The setup is that the firewall with internal IP 192.168.0.151 and external > 24.x.x.x > And the PoPTop server is the firewall... > If you want to do this the "easy way", consider the firewall at http://seawall.sourceforge.net; it allows you to easily configure your firewall for running PoPToP on your firewall/gateway (I do so here). Otherwise, I'll assume that your external interface is eth0 and that you are assigning a subset of your internal network (192.168.0.0/24) as remote addresses for pptp clients in /etc/pptp.conf: ipchains -A input -i eth0 -p 47 -d 24.x.x.x -j ACCEPT ipchains -A input -i eth0 -p tcp -d 24.x.x.x 1723 -j ACCEPT ipchains -A input -i ppp+ -j ACCEPT # You need the following if your output policy is DENY or REJECT and you # don't have a blanket rule that allows all out traffic to eth0 ipchains -A output -i eth0 -p 47 -j ACCEPT ipchains -A output -i eth0 -p tcp --sport 1723 -j ACCEPT # You need the following if your output policy is DENY or REJECT ipchains -A output -i ppp+ -j ACCEPT # The following must appear before your MASQ rules ipchains -A forward -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT -Tom -- Tom Eastep \ Eastep's First Principle of Computing: ICQ #60745924 \ "Any sane computer will tell you how it teastep at evergo.net \ works if you ask it the proper questions" Shoreline, Washington USA \___________________________________________ From greg at found.com Wed May 17 15:14:51 2000 From: greg at found.com (Greg Tibbitts) Date: Wed, 17 May 2000 14:14:51 -0600 Subject: [pptp-server] Errors Message-ID: I am running with Redhat 6.2, ppp 2.3.8 pptpd 1.0.0. My firewall is allowing everything to go through unchecked. Does anyone know what might cause the GRE error. May 17 14:15:32 ds9 pptpd[1049]: CTRL: Client 206.71.66.251 control connection started May 17 14:15:32 ds9 pptpd[1049]: CTRL: Starting call (launching pppd, opening GRE) May 17 14:15:32 ds9 pppd[1050]: pppd 2.3.8 started by root, uid 0 May 17 14:15:32 ds9 pppd[1050]: Using interface ppp0 May 17 14:15:32 ds9 pppd[1050]: Connect: ppp0 <--> /dev/pts/1 May 17 14:16:02 ds9 pppd[1050]: LCP: timeout sending Config-Requests May 17 14:16:02 ds9 pptpd[1049]: GRE: read(fd=4,buffer=804db60,len=8196) from PTY failed: status = -1 error = Input/output error May 17 14:16:02 ds9 pptpd[1049]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) May 17 14:16:02 ds9 pptpd[1049]: CTRL: Client 206.71.66.251 control connection finished May 17 14:16:02 ds9 pppd[1050]: Connection terminated. May 17 14:16:02 ds9 pppd[1050]: Exit. From jhummel at fulltiltsolutions.com Wed May 17 15:33:06 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Wed, 17 May 2000 16:33:06 -0400 Subject: [pptp-server] Authenication from a WinNT Domain Message-ID: Hello All, I have been successfull in setting up the PopTop server on a stock Mandrake 7.0-2 box ( actually its a laptop), and I am having fun with my linux guys and some windoze guys connecting. My questions is (and I apologize if I couldn't readily scan the archives): Can I have the clients authenticate on the server through a WindowsNT domain? That would be cool. -Jeff From walker at bdti.com Wed May 17 15:41:58 2000 From: walker at bdti.com (Holly Walker) Date: Wed, 17 May 2000 13:41:58 -0700 Subject: [pptp-server] Basic question Message-ID: I'm working on setting up PopTop on a RedHat Linux 6.1 machine, with a Win98 client. My question is this: I'm close to having this working, except that the remote address is being set to 192.168.1.1, which isn't correct. This is some output from /var/log/pptp.log: -----------snip------------- bertha pptpd[678]: MGR: Launching /usr/local/sbin/pptpctrl to handle client bertha pptpd[678]: CTRL: local address = 216.15.43.84 bertha pptpd[678]: CTRL: remote address = 192.168.1.1 bertha pptpd[678]: CTRL: pppd speed = 115200 bertha pptpd[678]: CTRL: pppd options file = /etc/ppp/options bertha pptpd[678]: CTRL: Client 192.160.9.20 control connection started bertha pptpd[678]: CTRL: Received PPTP Control Message (type: 1) bertha pptpd[678]: CTRL: Made a START CTRL CONN RPLY packet bertha pptpd[678]: CTRL: I wrote 156 bytes to the client. bertha pptpd[678]: CTRL: Sent packet to client bertha pptpd[678]: CTRL: Received PPTP Control Message (type: 7) bertha pptpd[678]: CTRL: Set parameters to 0 maxbps, 16 window size bertha pptpd[678]: CTRL: Made a OUT CALL RPLY packet bertha pptpd[678]: CTRL: Starting call (launching pppd, opening GRE) bertha pptpd[678]: CTRL: pty_fd = 6 bertha pptpd[678]: CTRL: tty_fd = 7 bertha pptpd[678]: CTRL: I wrote 32 bytes to the client. bertha pptpd[678]: CTRL: Sent packet to client bertha pptpd[679]: CTRL (PPPD Launcher): Connection speed = 115200 bertha pptpd[679]: CTRL (PPPD Launcher): local address = 216.15.43.84 bertha pptpd[679]: CTRL (PPPD Launcher): remote address = 192.168.1.1 bertha modprobe: can't locate module ppp-compress-18 ----------snip---------------- This is my /etc/ppp/options file: lock debug name 192.160.9.21 auth +chap proxyarp +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ms-wins 192.160.9.21 And my /etc/pptp.conf: speed 115200 option /etc/ppp/options debug localip 216.15.43.84,192.160.9.21 remote-ip 192.160.9.99 Any and all help will be greatly appreciated. Thanks, Holly Walker walker at bdti.com From jhummel at fulltiltsolutions.com Wed May 17 17:15:59 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Wed, 17 May 2000 18:15:59 -0400 Subject: [pptp-server] Local Network Message-ID: I am having a similar problem, I can't ping inside the local network. IP_Fwd is on, but I get a funky message from pppd in the messages file. It is ... pppd[1527]: Cannot determine ethernet address for proxy ARP Any ideas? Thanks again, Jeff -----Original Message----- From: Graham Dunn [mailto:gdunn at inscriber.com] Sent: Wednesday, May 17, 2000 9:39 AM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Local Network On Tue, May 16, 2000 at 09:44:56PM -0400, Mark Horn wrote: > On Tue, May 16, 2000 at 04:56:40PM -0400, chris wrote: > >So I've been working on VPN all day and although I made some significant > >progress... I am stuck. > [snip] > > If outputs '0' then you have IP forwarding turned off. To turn it on, do: > > echo 1 > /proc/sys/net/ipv4/ip_forward > > Remember, you have to do this as root, and also remember that this will > have to be re-establised after every reboot. Right now I'm sitting in > front of a Debian box. Off the top of my head I don't remember how to > do that in Red Hat. in /etc/sysconfig/network put FORWARD_IPV4="yes" Has anyone tried mpd-netgraph under FreeBSD-4.0 (from /usr/ports) as a ppp replacement? -Graham -- gdunn at inscriber.com Graham Dunn || ||| | ||| |||| | |||| | PGP Key fingerprint = 3F 56 12 9B 8A E1 77 CB F0 62 94 B0 93 06 1E 88 From dimambro at pacbell.net Wed May 17 23:27:31 2000 From: dimambro at pacbell.net (Brian L. DiMambro) Date: Wed, 17 May 2000 21:27:31 -0700 Subject: [pptp-server] pptpd control errors ... loops Message-ID: <39237132.FD729A5C@pacbell.net> Hi all. Found my VPN system with a load of 1.73 and syslogd @ 88%. Looked @ the logs and found that pptpd was having a problem on it's control channel. This has happened twice in the past 2 weeks. There were 2 other connections up when this error occured. We just installed a Cisco PIX firewall and I set up a conduit for protocol 47 for all ports plus we are doing NAT translation through the PIX. I also setup a conduit for port 1723 to handle the rest of pptpd. I don't know if the PIX has anything to do with this .... but it was very stable prior to installing it. IF not, then any ideas why I'm getting this error. Totaly looped pptpd. I'm running RH6.1 with the 2.2.14 kernel from kernel.org. I installed pptpd-1.0.0-1 and ppp-2.3.8-1 with the ppp-2.3.8-patch1 and ppp-2.3.8-mppe-others-norc4_TH7.diff and mppe_stateless.diff. following is my options file: lock # debug auth +chap proxyarp ms-dns 192.168.20.245 # Maybe now auto dns +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless Here is the syslog output (a very small part) just prior to the loop. May 17 17:08:43 wclvs2 xntpd[1988]: synchronized to 63.192.96.2, stratum=2 May 17 17:15:30 wclvs2 xntpd[1988]: synchronized to 192.220.202.75, stratum=2 May 17 17:20:25 wclvs2 pptpd[4706]: CTRL: Session timed out, ending call May 17 17:20:25 wclvs2 pptpd[4706]: CTRL: Client 24.19.214.220 control connection finished May 17 17:20:25 wclvs2 pppd[4707]: Modem hangup May 17 17:20:25 wclvs2 pppd[4707]: Connection terminated. May 17 17:20:26 wclvs2 pppd[4707]: Connect time 1109.3 minutes. May 17 17:20:26 wclvs2 pppd[4707]: Sent 1130117 bytes, received 561351 bytes. May 17 17:20:26 wclvs2 pppd[4707]: Exit. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) Thanks in advance for your help. Brian -------------- next part -------------- A non-text attachment was scrubbed... Name: dimambro.vcf Type: text/x-vcard Size: 178 bytes Desc: Card for Brian L. DiMambro URL: From dragan.sekerovic at datasystems.at Thu May 18 00:39:17 2000 From: dragan.sekerovic at datasystems.at (Sekerovic Dragan) Date: Thu, 18 May 2000 07:39:17 +0200 Subject: AW: [pptp-server] IPCHAINS Message-ID: <6821E794E1FBD1118D430000F87AE2D6015A490B@sntw06.local.datasystems.at> hey chris! that's what you need: ipchains -A input -i $R_D -p 47 -s 0/0 -d $RED/32 -j ACCEPT ipchains -A input -i $R_D -p tcp -s 0/0 -d $RED/32 1723 -j ACCEPT $R_D ==> World-Device $RED ==> World-IP regards, dragan -----Urspr?ngliche Nachricht----- Von: chris [mailto:chris at drjcomputing.com] Gesendet: Mittwoch, 17. Mai 2000 21:07 An: pptp-server at lists.schulte.org Betreff: [pptp-server] IPCHAINS What are the exact IPCHAINS rules to allow a client to connect to a PoPToP Server On the firewall... The setup is that the firewall with internal IP 192.168.0.151 and external 24.x.x.x And the PoPTop server is the firewall... Thanks, Chris _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From michael.kappler at primedisc.com Thu May 18 01:09:38 2000 From: michael.kappler at primedisc.com (michael.kappler at primedisc.com) Date: Thu, 18 May 2000 08:09:38 +0200 Subject: [pptp-server] Re: smbpasswd for pppd Message-ID: Hi Jes, I've tried it with different 'secrets' in my chap file. * * &/etc/smbpasswd * (which is the acutal location of the smbpasswd) as the only entry, as the last entry and without this entry. I've checked the writing and everything around. No success. If I put the real usernames and passwords into the chap-secrets file it works perfect but it doesn't really satisfy my needs. At the moment we have some field workers that connect their notebooks to our LAN. I try to replace our existing VPN/RAS NT 4.0 SP5 server by a linux box, but if I can't get around the 'authentification against a NT domain' problem and the connection speed problems at my linux box I have to switch back to Windows (this would be the first time, that a Windoze server can do, what a linux box can't :-<, what a shame!!! ). I'm only connecting Windows NT and 98SE clients to the pptpd. I haven't tried to connect an other linux to it, because there is no need for it. Thanks, Mike From a.north at interactive-voice.com.au Thu May 18 05:35:42 2000 From: a.north at interactive-voice.com.au (Angus North) Date: Thu, 18 May 2000 20:35:42 +1000 Subject: [pptp-server] Protocol 47 Message-ID: <008501bfc0b4$d2c11a20$c009e90a@interactivevoice.com.au> Hi everyone Just wondering - wasn't it a little silly to invent a new protocol for PPTP (# 47) given that it will be blocked by default by most firewall configurations? Remote users and PPTP administrators will often have no control over these firewalls e.g if an employee of company A visits company B, and whilst there, would like to connect via PPTP to company A's LAN from company B's LAN. In most cases,company B will not cater for PPTP, and the employee will have no control over company B's firewall. Since PPTP is all about making secure remote access easy, why not use unreserved TCP ports, that most firewalls let through? Cheers Angus From macleajb at EDnet.NS.CA Thu May 18 06:30:02 2000 From: macleajb at EDnet.NS.CA (James MacLean) Date: Thu, 18 May 2000 08:30:02 -0300 (ADT) Subject: [pptp-server] Re: smbpasswd for pppd In-Reply-To: Message-ID: On Thu, 18 May 2000 michael.kappler at primedisc.com wrote: > Hi Jes, > > I've tried it with different 'secrets' in my chap file. * * &/etc/smbpasswd > * (which is the acutal location of the smbpasswd) as the only entry, as the > last entry and without this entry. I've checked the writing and everything > around. No success. Ok. May I ask the following? In your pppd dir, in the file auth.c, locate the line where it looks for '&' (added by the patch) and on the line a few past that, that is just before the while loop, add something like : warn("I am going to try smbpasswd called %s", atfile); Then inside the while loop, where the if statement is executed (because it found a match), add a line like : warn("Found pass %s", smbname); compile and install. Then when you run, your syslog should show it trying to get at your /etc/smbpasswd file and whether it finds your user in it or not. My first thought is that it is not reaching this code, almost like it is not running the new pppd from pptpd, but then I was thinking that it may be messing up on the matching in /etc/smbpasswd. > Windows (this would be the first time, that a Windoze server can do, what a > linux box can't :-<, what a shame!!! ). Wow now, let's not give up just yet :). I wonder if there is an API call to NT that returns the NtHASH... > I'm only connecting Windows NT and 98SE clients to the pptpd. I haven't > tried to connect an other linux to it, because there is no need for it. Understood. > Thanks, > Mike thanks here too, JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From marcus.rapp at twest.com Thu May 18 07:03:24 2000 From: marcus.rapp at twest.com (Marcus Rapp) Date: Thu, 18 May 2000 14:03:24 +0200 Subject: [pptp-server] Protocol 47 References: <008501bfc0b4$d2c11a20$c009e90a@interactivevoice.com.au> Message-ID: <3923DC0C.20D550A@twest.com> IP-Protocol type 47 wasn't invented for PPTP, but is GRE, which is a routing protocoll i think But i've never seen it used as this. Marcus Angus North schrieb: > > Hi everyone > > Just wondering - wasn't it a little silly to invent a new protocol for PPTP > (# 47) > given that it will be blocked by default by most firewall configurations? > Remote users and PPTP administrators will often have no control over these > firewalls > e.g if an employee of company A visits company B, and whilst there, would > like to > connect via PPTP to company A's LAN from company B's LAN. In most > cases,company B will not cater for PPTP, and the employee will have no > control over company B's firewall. > Since PPTP is all about making secure remote access easy, why not use > unreserved TCP ports, that > most firewalls let through? > > Cheers > Angus > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- Marcus Rapp ___________________________________________________________________ >> go twest - be twested with interactive applications on demand << ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ eMail : marcus.rapp at twest.com www : http://www.twest.com TWEST.COM Viktualienmarkt 5 D - 80331 Muenchen Phone : +49(89)242250-338 Fax : +49(89)242250-340 From neale at lowendale.com.au Thu May 18 07:31:06 2000 From: neale at lowendale.com.au (Neale Banks) Date: Thu, 18 May 2000 22:31:06 +1000 (EST) Subject: [pptp-server] Protocol 47 In-Reply-To: <008501bfc0b4$d2c11a20$c009e90a@interactivevoice.com.au> Message-ID: Hi Angus, > Just wondering - wasn't it a little silly to invent a new protocol for PPTP > (# 47) No, protocol 47 was not invented for PPTP. Protocol 47 is GRE (Generic Routing encapsulation, IIRC) which can be used for encapsulating various other things. In the case of PPTP, GRE is used to encapsulate PPP frames. > given that it will be blocked by default by most firewall configurations? > Remote users and PPTP administrators will often have no control over these > firewalls > e.g if an employee of company A visits company B, and whilst there, would > like to > connect via PPTP to company A's LAN from company B's LAN. In most > cases,company B will not cater for PPTP, and the employee will have no > control over company B's firewall. > Since PPTP is all about making secure remote access easy, why not use > unreserved TCP ports, that > most firewalls let through? This is a debateable point (and right here is probably not the place to debate it ;-). For example, it is arguable that from the point of view of company B it might not be desirable to have random users creating arbitrary tunnels out of (and by implication back into) their LAN. Of course there are ways of circumventing this (e.g. IIRC there is an IP-over-HTTP tunneling tool around which even works through HTTP proxies; IP-over-HTTPS would be even easier). Finally, there is the argument that running the likes of PPP over a TCP connection is somewhat inefficient, but I do agree that it is convenient (e.g. PPP over SSH). Regards, Neale. From john at netdirect.ca Thu May 18 07:49:52 2000 From: john at netdirect.ca (John Van Ostrand) Date: Thu, 18 May 2000 08:49:52 -0400 Subject: [pptp-server] Authenication from a WinNT Domain Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B0E6@enterprise.NetDirect.CA> Jeff, I have been trying to get there for a while. There is a solution but it is not complete. Put a RADIUS server on WinNT, add a RADIUS patch to pppd and point pppd to authenticate with the WinNT RADIUS server. The pppd RADIUS patch I found only allows PAP authentication. John. > -----Original Message----- > From: Jeffrey Hummel [mailto:jhummel at fulltiltsolutions.com] > Sent: Wednesday, May 17, 2000 4:33 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Authenication from a WinNT Domain > > > Hello All, > > I have been successfull in setting up the PopTop server on a > stock Mandrake > 7.0-2 box ( actually its a laptop), and I am having fun with > my linux guys > and some windoze guys connecting. My questions is (and I > apologize if I > couldn't readily scan the archives): Can I have the clients > authenticate on > the server through a WindowsNT domain? That would be cool. > > -Jeff > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From neale at lowendale.com.au Thu May 18 08:32:45 2000 From: neale at lowendale.com.au (Neale Banks) Date: Thu, 18 May 2000 23:32:45 +1000 (EST) Subject: [pptp-server] Protocol 47 In-Reply-To: Message-ID: On Thu, 18 May 2000, Neale Banks wrote: [...] > Finally, there is the argument that running the likes of PPP over a TCP > connection is somewhat inefficient, but I do agree that it is convenient > (e.g. PPP over SSH). As fate would have it, a colleague forwarded me a relevant reference just *after* I wrote the above: http://sites.inka.de/~bigred/devel/tcp-tcp.html - Why TCP Over TCP Is A Bad Idea HTH, Neale. From gdunn at inscriber.com Thu May 18 08:52:20 2000 From: gdunn at inscriber.com (Graham Dunn) Date: Thu, 18 May 2000 09:52:20 -0400 Subject: [pptp-server] Protocol 47 In-Reply-To: <3923DC0C.20D550A@twest.com>; from marcus.rapp@twest.com on Thu, May 18, 2000 at 02:03:24PM +0200 References: <008501bfc0b4$d2c11a20$c009e90a@interactivevoice.com.au> <3923DC0C.20D550A@twest.com> Message-ID: <20000518095220.B2486@inscriber.com> GRE: "A protocol which allows an arbitrary network protocol A to be transmitted over any other arbitrary network protocol B, by encapsulating the packets of A within GRE packets, which in turn are contained within packets of B. Defined in RFC 1701 and RFC 1702 (GRE over IP). " - nightflight.com's online dictionary. Angus North schrieb: > > Hi everyone > > Just wondering - wasn't it a little silly to invent a new protocol for PPTP > (# 47) > given that it will be blocked by default by most firewall configurations? > Remote users and PPTP administrators will often have no control over these > firewalls > e.g if an employee of company A visits company B, and whilst there, would > like to > connect via PPTP to company A's LAN from company B's LAN. In most > cases,company B will not cater for PPTP, and the employee will have no > control over company B's firewall. > Since PPTP is all about making secure remote access easy, why not use > unreserved TCP ports, that > most firewalls let through? If someone opened up a tunnel from my network to someone else's, without my permission, I'd be pretty upset. -- gdunn at inscriber.com Graham Dunn || ||| | ||| |||| | |||| | PGP Key fingerprint = 3F 56 12 9B 8A E1 77 CB F0 62 94 B0 93 06 1E 88 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 293 bytes Desc: not available URL: From david_luyer at pacific.net.au Thu May 18 09:30:45 2000 From: david_luyer at pacific.net.au (David Luyer) Date: Fri, 19 May 2000 00:30:45 +1000 Subject: [pptp-server] Protocol 47 In-Reply-To: Message from Marcus Rapp of "Thu, 18 May 2000 14:03:24 +0200." <3923DC0C.20D550A@twest.com> References: <008501bfc0b4$d2c11a20$c009e90a@interactivevoice.com.au> <3923DC0C.20D550A@twest.com> Message-ID: <200005181430.AAA08330@typhaon.pacific.net.au> > IP-Protocol type 47 wasn't invented for PPTP, but is GRE, which is a > routing protocoll i think > But i've never seen it used as this. From chris at drjcomputing.com Thu May 18 09:55:11 2000 From: chris at drjcomputing.com (chris) Date: Thu, 18 May 2000 10:55:11 -0400 Subject: [pptp-server] Basic question In-Reply-To: <01F6FEC1E103D311B944004033A281B2031917@mama123> Message-ID: <01F6FEC1E103D311B944004033A281B2015D4C@mama123> I think your problem is in the /etc/pptpd.conf file ... go down to where it say remote ip and change it from 192.168.1.70-79 .... to 192.168.0.70-79 .... if that doesn't work send me your pptpd.conf file. -chris- -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Holly Walker Sent: Wednesday, May 17, 2000 4:42 PM To: Pptp-Server Subject: [pptp-server] Basic question I'm working on setting up PopTop on a RedHat Linux 6.1 machine, with a Win98 client. My question is this: I'm close to having this working, except that the remote address is being set to 192.168.1.1, which isn't correct. This is some output from /var/log/pptp.log: -----------snip------------- bertha pptpd[678]: MGR: Launching /usr/local/sbin/pptpctrl to handle client bertha pptpd[678]: CTRL: local address = 216.15.43.84 bertha pptpd[678]: CTRL: remote address = 192.168.1.1 bertha pptpd[678]: CTRL: pppd speed = 115200 bertha pptpd[678]: CTRL: pppd options file = /etc/ppp/options bertha pptpd[678]: CTRL: Client 192.160.9.20 control connection started bertha pptpd[678]: CTRL: Received PPTP Control Message (type: 1) bertha pptpd[678]: CTRL: Made a START CTRL CONN RPLY packet bertha pptpd[678]: CTRL: I wrote 156 bytes to the client. bertha pptpd[678]: CTRL: Sent packet to client bertha pptpd[678]: CTRL: Received PPTP Control Message (type: 7) bertha pptpd[678]: CTRL: Set parameters to 0 maxbps, 16 window size bertha pptpd[678]: CTRL: Made a OUT CALL RPLY packet bertha pptpd[678]: CTRL: Starting call (launching pppd, opening GRE) bertha pptpd[678]: CTRL: pty_fd = 6 bertha pptpd[678]: CTRL: tty_fd = 7 bertha pptpd[678]: CTRL: I wrote 32 bytes to the client. bertha pptpd[678]: CTRL: Sent packet to client bertha pptpd[679]: CTRL (PPPD Launcher): Connection speed = 115200 bertha pptpd[679]: CTRL (PPPD Launcher): local address = 216.15.43.84 bertha pptpd[679]: CTRL (PPPD Launcher): remote address = 192.168.1.1 bertha modprobe: can't locate module ppp-compress-18 ----------snip---------------- This is my /etc/ppp/options file: lock debug name 192.160.9.21 auth +chap proxyarp +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ms-wins 192.160.9.21 And my /etc/pptp.conf: speed 115200 option /etc/ppp/options debug localip 216.15.43.84,192.160.9.21 remote-ip 192.160.9.99 Any and all help will be greatly appreciated. Thanks, Holly Walker walker at bdti.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From jhummel at fulltiltsolutions.com Thu May 18 10:26:05 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Thu, 18 May 2000 11:26:05 -0400 Subject: [pptp-server] PPTP client Message-ID: Anyone know if there is a PPTP client mailing list? The help here has been great, and I just need the last piece of the puzzle. -Jeff From dasher at daydreamsandcurry.com Thu May 18 11:54:40 2000 From: dasher at daydreamsandcurry.com (Dasher) Date: Thu, 18 May 2000 11:54:40 -0500 Subject: [pptp-server] Installing PPTP - I don't see pptpd.conf Message-ID: <00a301bfc0e9$c2b02560$eac6c6c0@cancansystems.com> After doing the tar, and the configure, and the make, and the make install.... I still don't see the /etc/pptpd.conf file. Could someone tell me what I'm doing wrong, please? thanks. Dasher dasher at cancansystems.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From barjunk at attglobal.net Thu May 18 12:17:21 2000 From: barjunk at attglobal.net (Michael Barsalou) Date: Thu, 18 May 2000 09:17:21 -0800 Subject: [pptp-server] patches for 2.3.11 Message-ID: <200005181716.e4IHG6u11751@snaildust.schulte.org> Does anyone have patches so that 2.3.11 can do the MSCHAP stuff? The RedHat 6.2 stock install comes with ppp-2.3.11 and kernel 2.2.14 Thanks. Mike Michael Barsalou barjunk at attglobal.net From amacc at iron-bridge.net Thu May 18 12:46:48 2000 From: amacc at iron-bridge.net (Andrew McRory) Date: Thu, 18 May 2000 13:46:48 -0400 (EDT) Subject: [pptp-server] Installing PPTP - I don't see pptpd.conf In-Reply-To: <00a301bfc0e9$c2b02560$eac6c6c0@cancansystems.com> Message-ID: On Thu, 18 May 2000, Dasher wrote: > After doing the tar, and the configure, and the make, and the make > install.... > > I still don't see the /etc/pptpd.conf file. Could someone tell me what > I'm doing wrong, please? thanks. I think you need to create it. (I built and use rpms so I can't remember if make install puts a generic pptp.conf file in etc :-) From amacc at iron-bridge.net Thu May 18 12:47:18 2000 From: amacc at iron-bridge.net (Andrew McRory) Date: Thu, 18 May 2000 13:47:18 -0400 (EDT) Subject: [pptp-server] patches for 2.3.11 In-Reply-To: <200005181716.e4IHG6u11751@snaildust.schulte.org> Message-ID: On Thu, 18 May 2000, Michael Barsalou wrote: > Does anyone have patches so that 2.3.11 can do the MSCHAP > stuff? I think you need to see http://www.smop.de Andrew McRory / President amacc at iron-bridge.net Iron Bridge Communications www.iron-bridge.net Caldera OpenLinux Contrib RPMS ftp.iron-bridge.net/pub/Caldera From jhummel at fulltiltsolutions.com Thu May 18 13:14:35 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Thu, 18 May 2000 14:14:35 -0400 Subject: [pptp-server] patches for 2.3.11 Message-ID: You can use the ppp-2.3.10 rpms mentioned in this mailing list from a few days ago from a person named Adi - they work great! -----Original Message----- From: Michael Barsalou [mailto:barjunk at attglobal.net] Sent: Thursday, May 18, 2000 1:17 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] patches for 2.3.11 Does anyone have patches so that 2.3.11 can do the MSCHAP stuff? The RedHat 6.2 stock install comes with ppp-2.3.11 and kernel 2.2.14 Thanks. Mike Michael Barsalou barjunk at attglobal.net _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From michael.kappler at primedisc.com Thu May 18 13:40:41 2000 From: michael.kappler at primedisc.com (michael.kappler at primedisc.com) Date: Thu, 18 May 2000 20:40:41 +0200 Subject: [pptp-server] patches for 2.3.11 Message-ID: Hi Mike, take a look at "ftp://ftp.binarix.com/pub/ppp-mppe/". I took the 'ppp-2.3.11-openssl-0.9.5-mppe.patch.gz' and it works perfect. There is also a README.ASC saying what is included in the different patches. By Mike From ethan.james at nscorp.com Thu May 18 14:02:48 2000 From: ethan.james at nscorp.com (Ethan James) Date: Thu, 18 May 2000 15:02:48 -0400 Subject: [pptp-server] IPX Connections Message-ID: Right now I have a pptp server setup and working fine. I've even setup IPX to work, the problem is only 1 person can connect w/ IPX at a time. I know there was an IPX mini-howto type posting a while back, but it didn't mention anything about the number of simultaneously users. Does anyone know if this is a limitation or if I'm just missing a setting somewhere. -Ethan From eric.tyberghien at francetelecom.fr Fri May 19 03:47:55 2000 From: eric.tyberghien at francetelecom.fr (TYBERGHIEN Eric OCISI) Date: Fri, 19 May 2000 10:47:55 +0200 Subject: [pptp-server] Eap protocol Message-ID: <00a601bfc16e$edbaaa20$54f5f8c1@ocisi.francetelecom.fr> I'm looking for PPTP server on Unix with EAP capability (like in Win2K servers), giving me the possibility of authentication via a smart card and X509 certificates. Any idea ? Best Regards ------------------------------------ Eric Tyberghien France Telecom OCISI/DCP/Securite +33 1 5588 34 40 ------------------------------------ From biow at ezmort.com Fri May 19 14:25:59 2000 From: biow at ezmort.com (Christopher Biow) Date: Fri, 19 May 2000 15:25:59 -0400 Subject: [pptp-server] Non-local connection attempts fail Message-ID: <1u4bisk4uuh5qrt5b4msfd9q44frnt6hoc@4ax.com> I have PoPToP 1.0.0 server set up and working on our RedHat 6.0 server, at mail.ezmort.com. VPN connections to it work fine from both local subnets; either our Internet block 209.183.239.0/28, or the masqueraded local 10.0.0.0/24. However, external connections from outside our router (a Flowpoint 144 IDSL at 209.183.239.1) fail after about 30 seconds, with Error 650 (occasionally 629). I *can* use a telnet client to connect from outside to mail.ezmort.com:1723, though of course it drops the connection after two bytes are actually sent. From solovian at workout.com.ar Fri May 19 14:16:09 2000 From: solovian at workout.com.ar (Matias J. Solovian) Date: Fri, 19 May 2000 16:16:09 -0300 Subject: [pptp-server] Problem??? Message-ID: <000001bfc1ca$69581cc0$f901a8c0@polaris.workout.com.ar> I'm working with PopTop on a RedHat Linux 6.1 machine, with a Win98 and Win95 client. I am having some problems. Like that. May 19 14:04:37 gohan pptpd[4892]: MGR: Manager process started May 19 14:04:37 gohan pptpd[4892]: MGR: Couldn't create host socket May 19 14:04:37 gohan pptpd[4893]: MGR: Manager process started May 19 14:04:37 gohan pptpd[4893]: MGR: Couldn't create host socket May 19 14:04:37 gohan pptpd[4894]: MGR: Manager process started May 19 14:04:37 gohan pptpd[4894]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4895]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4895]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4896]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4896]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4897]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4897]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4898]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4898]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4899]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4899]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4900]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4900]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4901]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4901]: MGR: Couldn't create host socket May 19 14:04:38 gohan init: Id "pptp" respawning too fast: disabled for 5 minutes Any and all help will be greatly appreciated.Thanks, I'm sorry , my english its very bad Matias J. Solovian Buenos Aires - Argentina -------------- next part -------------- An HTML attachment was scrubbed... URL: From solovian at workout.com.ar Fri May 19 14:16:09 2000 From: solovian at workout.com.ar (Matias J. Solovian) Date: Fri, 19 May 2000 16:16:09 -0300 Subject: [pptp-server] Problem??? Message-ID: <000201bfc1ca$9cb49c60$f901a8c0@polaris.workout.com.ar> I'm working with PopTop on a RedHat Linux 6.1 machine, with a Win98 and Win95 client. I am having some problems. Like that. May 19 14:04:37 gohan pptpd[4892]: MGR: Manager process started May 19 14:04:37 gohan pptpd[4892]: MGR: Couldn't create host socket May 19 14:04:37 gohan pptpd[4893]: MGR: Manager process started May 19 14:04:37 gohan pptpd[4893]: MGR: Couldn't create host socket May 19 14:04:37 gohan pptpd[4894]: MGR: Manager process started May 19 14:04:37 gohan pptpd[4894]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4895]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4895]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4896]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4896]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4897]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4897]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4898]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4898]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4899]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4899]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4900]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4900]: MGR: Couldn't create host socket May 19 14:04:38 gohan pptpd[4901]: MGR: Manager process started May 19 14:04:38 gohan pptpd[4901]: MGR: Couldn't create host socket May 19 14:04:38 gohan init: Id "pptp" respawning too fast: disabled for 5 minutes Any and all help will be greatly appreciated.Thanks, I'm sorry , my english its very bad Matias J. Solovian Buenos Aires - Argentina -------------- next part -------------- An HTML attachment was scrubbed... URL: From mpeel at istar.ca Fri May 19 17:02:28 2000 From: mpeel at istar.ca (Mike Peel) Date: Fri, 19 May 2000 15:02:28 -0700 Subject: [pptp-server] ppp-2.3.10-openssl-norc4-mppe.patch References: <000201bfc1ca$9cb49c60$f901a8c0@polaris.workout.com.ar> Message-ID: <3925B9F4.55BC0D@istar.ca> Does anyone have a revised version of this patch ? I get alot of HUNK FAILED messages. I am using ppp-2.3.10.tar.gz from : ftp://cs.anu.edu.au/pub/software/ppp/ thanks in advance, Mike Peel From dimambro at pacbell.net Fri May 19 18:56:33 2000 From: dimambro at pacbell.net (Brian L. DiMambro) Date: Fri, 19 May 2000 16:56:33 -0700 Subject: [pptp-server] Help Please .... pptpd looping ... Message-ID: <3925D4B1.BB57703A@pacbell.net> Hey all ... how about some help here ...... -------- Original Message -------- Subject: pptpd control errors ... loops Date: Wed, 17 May 2000 21:27:31 -0700 From: "Brian L. DiMambro" To: PPTP mailinglist Hi all. Found my VPN system with a load of 1.73 and syslogd @ 88%. Looked @ the logs and found that pptpd was having a problem on it's control channel. This has happened twice in the past 2 weeks. There were 2 other connections up when this error occured. We just installed a Cisco PIX firewall and I set up a conduit for protocol 47 for all ports plus we are doing NAT translation through the PIX. I also setup a conduit for port 1723 to handle the rest of pptpd. I don't know if the PIX has anything to do with this .... but it was very stable prior to installing it. IF not, then any ideas why I'm getting this error. Totaly looped pptpd. I'm running RH6.1 with the 2.2.14 kernel from kernel.org. I installed pptpd-1.0.0-1 and ppp-2.3.8-1 with the ppp-2.3.8-patch1 and ppp-2.3.8-mppe-others-norc4_TH7.diff and mppe_stateless.diff. following is my options file: lock # debug auth +chap proxyarp ms-dns 192.168.20.245 # Maybe now auto dns +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless Here is the syslog output (a very small part) just prior to the loop. May 17 17:08:43 wclvs2 xntpd[1988]: synchronized to 63.192.96.2, stratum=2 May 17 17:15:30 wclvs2 xntpd[1988]: synchronized to 192.220.202.75, stratum=2 May 17 17:20:25 wclvs2 pptpd[4706]: CTRL: Session timed out, ending call May 17 17:20:25 wclvs2 pptpd[4706]: CTRL: Client 24.19.214.220 control connection finished May 17 17:20:25 wclvs2 pppd[4707]: Modem hangup May 17 17:20:25 wclvs2 pppd[4707]: Connection terminated. May 17 17:20:26 wclvs2 pppd[4707]: Connect time 1109.3 minutes. May 17 17:20:26 wclvs2 pppd[4707]: Sent 1130117 bytes, received 561351 bytes. May 17 17:20:26 wclvs2 pppd[4707]: Exit. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: Unexpected control message 0 in disconnect sequence May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: EOF or bad error reading ctrl packet length. May 17 17:20:26 wclvs2 pptpd[4706]: CTRL: couldn't read packet header (exit) Thanks in advance for your help. Brian From ~\\dinopolis at not.home.com//~ Fri May 19 18:55:59 2000 From: ~\\dinopolis at not.home.com//~ (Dino) Date: Fri, 19 May 2000 18:55:59 -0500 Subject: [pptp-server] pptp for Cable Modem??? Message-ID: <20000519235619.NUEL20868.lh2.rdc1.tx.home.com@[24.19.73.235]> I am new to this just subscribed however I was wondering if anyone had links err anything that I can use to connect to a MS vpn network via my cable modem?..i am still looking owever I figured that if someone out there could help then by all means please do...Thank You -- Dino ~\\dinopolis at not.home.com//~ < ~\\not.//~ IseekU 2579.7959222^2 658D73(hex) From MJBarsalou at attglobal.net Sat May 20 12:43:16 2000 From: MJBarsalou at attglobal.net (Barsalou) Date: Sat, 20 May 2000 12:43:16 -9:00 Subject: [pptp-server] respawning too fast In-Reply-To: <200005201700.e4KH0Gu28387@snaildust.schulte.org> Message-ID: <200005202040.e4KKe9u29672@snaildust.schulte.org> This is from having an invalid options file. It is recommended that you remove pptpd from launching from the /etc/inittab file and launch it as a daemon, at least until you get things worked out. Don't for get to issue: init Q After you remove it from the inttab. Mike From tb at tbits.net Sun May 21 15:40:26 2000 From: tb at tbits.net (Thomas =?iso-8859-1?Q?B=F6rnert?=) Date: Sun, 21 May 2000 22:40:26 +0200 Subject: [pptp-server] PopTop pptp and dhcpd Message-ID: <392849BA.9A4ACB01@tbits.net> Hello, normal the pptpd asigns an ipaddress to the pptp-client ... but i would use an internal dhcp-server for asigning a ipaddress to the pptp-client. Have everybody an idea???? Thanks ... Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: tb.vcf Type: text/x-vcard Size: 235 bytes Desc: Visitenkarte f?r Thomas B?rnert URL: From nielsboegholm at netscape.net Sun May 21 20:42:13 2000 From: nielsboegholm at netscape.net (Niels Boegholm) Date: 21 May 00 21:42:13 EDT Subject: [pptp-server] PPTP basic setup Message-ID: <20000522014213.9690.qmail@ww184.netaddress.usa.net> Hi, I have read various FAQ's on VPN, masq, etc but I am still totally confusued on how to setup my Linux-box as a PPTP server for Win clients. I would appreciate if someone could list out the necessary 3 (or is it 9 ?) steps to setup PPTP server on a Linux box - hopefully without having to compile any kernel-stuff I have the following environment: RH6.1, ipchains-1.3.9-3, PPTP1.0.0 (from rpm), ipmasqadm-0.4.2.3 (rpm) Two network cards all configured peoperly (LAN, WWW,etc). Your help appreciated - thanks, Niels ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. From pascal.fremaux at sxb.bsf.alcatel.fr Mon May 22 04:24:30 2000 From: pascal.fremaux at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Mon, 22 May 2000 11:24:30 +0200 Subject: [pptp-server] pptp for Cable Modem??? References: <20000519235619.NUEL20868.lh2.rdc1.tx.home.com@[24.19.73.235]> Message-ID: <3928FCCE.E6596814@sxb.bsf.alcatel.fr> Don't care about the link. Install PPTP normally. The PPP used in PPTP is not used for the transport level, it is encapsulated in ordinary IP packets. So don't worry, just do it (be happy) ;-) Dino wrote: > I am new to this just subscribed however I was wondering if anyone had > links err anything that I can use to connect to a MS vpn network via my > cable modem?..i am still looking owever I figured that if someone out > there could help then by all means please do...Thank You > -- > > Dino > > ~\\dinopolis at not.home.com//~ < ~\\not.//~ > IseekU 2579.7959222^2 658D73(hex) > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- Pascal Fremaux, SSII Alten Study Engineer at Alcatel Telecom R&D, Illkirch, France From yan at cardinalengineering.com Mon May 22 05:17:03 2000 From: yan at cardinalengineering.com (Yan Seiner) Date: Mon, 22 May 2000 06:17:03 -0400 Subject: [pptp-server] PPTP basic setup References: <20000522014213.9690.qmail@ww184.netaddress.usa.net> Message-ID: <3929091F.F20E356F@cardinalengineering.com> No way to get around the kernel compile stuff. ppp works as a bunch of modules that provide the various functionalities of the kernel. Also, the standard pppd does not support the MS "extensions" (read: bugs and broken standards) that have to be supported in order for Win boxes to connect. I know the learning curve is steep, and at many times it feels like you have to learn ten things to do the one simple thing you need. 1. Learn to compile the kernel. It's not that difficult. 2. Follow the steps in the pptp how-to. 3. reverse engineer your ISP's connection to figure out what combination of stuff works. (My ISP uses freeBSD with their own MS extentions - so I had to get my linux box to act like a windows box so his freebsd box would look like an MS box to me. Go figure.) --Yan Niels Boegholm wrote: > > Hi, > > I have read various FAQ's on VPN, masq, etc but I am still totally confusued > on how to setup my Linux-box as a PPTP server for Win clients. > > I would appreciate if someone could list out the necessary 3 (or is it 9 ?) > steps to setup PPTP server on a Linux box - hopefully without having to > compile any kernel-stuff > > I have the following environment: > RH6.1, ipchains-1.3.9-3, PPTP1.0.0 (from rpm), ipmasqadm-0.4.2.3 (rpm) > Two network cards all configured peoperly (LAN, WWW,etc). > > Your help appreciated - thanks, > > Niels > > ____________________________________________________________________ > Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From biow at ezmort.com Mon May 22 09:07:01 2000 From: biow at ezmort.com (Christopher Biow) Date: Mon, 22 May 2000 10:07:01 -0400 Subject: [pptp-server] Non-local connection attempts fail In-Reply-To: <1u4bisk4uuh5qrt5b4msfd9q44frnt6hoc@4ax.com> References: <1u4bisk4uuh5qrt5b4msfd9q44frnt6hoc@4ax.com> Message-ID: <7nfiis0ugf1psl72jknl3e03lnbmvga0pd@4ax.com> On Fri, 19 May 2000 15:25:59 -0400, I wrote: >From what I can tell it seems that the GRE packets are not getting through. That must have been it. Although their tech support denied this, it seems that the Flowpoint 144 IDSL router does not, by default, route GRE (Protocol 47) packets. It required an explicit command to make it do so: | remote ipfilter insert forward accept -p 47 internet With that done, PPTP works great. I don't know if this is worth adding to any FAQ-type documentation, as I don't know if many routers default to TCP/ICMP/UDP only. From MarkT at GoVirtual.com.au Mon May 22 20:43:15 2000 From: MarkT at GoVirtual.com.au (Mark Turner) Date: Tue, 23 May 2000 11:43:15 +1000 Subject: [pptp-server] Almost there...! Message-ID: <3929E233.B463CD2E@GoVirtual.com.au> I've installed, configured & tested my first PPTP tunnel. Pinged other machines on the LAN fine! Real happy about this. I'm expecting to be able to 'see' other machines via the (Win98) Network Browser on the remote client. Not yet. The fact that the Ping's are OK indicates the tunnel is fine. (Yup?). What else do I have to do to have Win packets visible? I'm not running any servers on the LAN. Just peer to peer Win networking. Any comments greatly appreciated. Packet of Tim Tams if you're in Sydney. Regards, Mark Turner From mrauscher at excite.com Mon May 22 22:09:46 2000 From: mrauscher at excite.com (Michael Rauscher) Date: Mon, 22 May 2000 20:09:46 -0700 (PDT) Subject: [pptp-server] routing problem with pppd Message-ID: <18447712.959051386507.JavaMail.imail@ringo.excite.com> Okay, I believe I've got a simple routing problem but I don't know how to fix it. Please help!!! I'm trying to setup a pptp vpn between a Win98 SE client (I-net connected through dialout to an ISP) and a Linux PoPToP server which is on a LAN (also I-net connected through dialout to an ISP). To test everything I've got the PoPToP server (RH6.2), and the Win98 SE client, both on a 192.168.00 LAN. I can VPN to the linux server and it works slick (thanx to lots of help from searching this list, the howtos and much head-banging). But, when I try to connect via the ISP link, the server isn't responding. I've got the server doing demand dialing, and when I get the IP address from its ppp0 interface, I use that to try to connect with the Win client. Seems simple, but this routing thing is driving me crazy. Yep, I'll admit it -- I'm a neophyte and am trying to learn all this stuff on my own, but I'd really appreciate it if someone could take a look at this output and give me a clue before I lose any more hair. BTW, ipchains is wide open for purposes of the testing; I' pretty sure that's not the problem. Check out the messages from the log below related to the routes and proxyarp. Here's my options file: #/etc/ppp/options +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp demand debug idle 120 ipcp-accept-remote ipcp-accept-local mru 1500 lock noauth defaultroute user powerplt remotename * modem 57600 crtscts connect '/usr/sbin/chat -v -f /etc/ppp/dialout-chat' I start pppd like this: May 22 18:58:28 fairbanks kernel: CSLIP: code copyright 1989 Regents of the University of California May 22 18:58:28 fairbanks kernel: PPP: version 2.3.10 (demand dialling) May 22 18:58:28 fairbanks kernel: PPP line discipline registered. May 22 18:58:28 fairbanks kernel: registered device ppp0 May 22 18:58:57 fairbanks pppd[745]: pppd 2.3.10 started by root, uid 0 May 22 18:58:57 fairbanks pppd[745]: Using interface ppp0 May 22 18:58:57 fairbanks pppd[745]: not replacing existing default route to eth0 [192.168.0.1] May 22 18:58:57 fairbanks pppd[745]: Cannot determine ethernet address for proxy ARP May 22 18:58:57 fairbanks pppd[745]: local IP address 10.64.64.64 May 22 18:58:57 fairbanks pppd[745]: remote IP address xxx.xxx.121.2 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface dns * 255.255.255.255 UH 0 0 0 ppp0 fairbanks * 255.255.255.255 UH 0 0 0 eth0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default gateway 0.0.0.0 UG 0 0 0 eth0 mike rauscher _______________________________________________________ Get 100% FREE Internet Access powered by Excite Visit http://freelane.excite.com/freeisp From john at netdirect.ca Tue May 23 07:05:43 2000 From: john at netdirect.ca (John Van Ostrand) Date: Tue, 23 May 2000 08:05:43 -0400 Subject: [pptp-server] Almost there...! Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B0FD@enterprise.NetDirect.CA> Mark, You need a WINS server. The WINS server provides the "browse list" (see in Network Neighborhood) and provides the translation from name to IP address (needed when opening a system from Network Neighborhood.) Without these you will not be able to browse the remote Win98 systems, you can, however, access these systems without WINS using an LMHOSTS file. To setup a WINS server use Samba and configure /etc/smb.conf The lines you care about are: workgroup = WORKGROUP wins support = yes Then setup TCP/IP on your LAN based workstations to use your Linux system as the WINS server. You can set the remote systems automatically if you have the ms-wins option in your /etc/ppp/options file. If you don't need browsing and just want to access the systems you can use the LMHOSTS feature of Windows. Edit the \Windows\LMHOSTS file and create an entry for each system you want to access. If memory serves the line would look like this for an IP address of 1.2.3.4 and a system name of ACCT 1.2.3.4 ACCT One final note: You should consider using Samba as a file/print server for your LAN. Samba can act like a Windows NT domain controller authenticating your users when they boot their systems. Just add the line: security = user encrypt passwords = yes domain logons = yes Then create a netlogon share. Create users using the smbpasswd program. To setup the client, add Client for Microsoft Networks in the Network Control panel, set it to be the default login, and set its properties to logon to the domain you specified in smb.conf (workgroup = ). I also set the workgroup in the network control panels identification tab. John. > -----Original Message----- > From: Mark Turner [mailto:MarkT at govirtual.com.au] > Sent: Monday, May 22, 2000 9:43 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Almost there...! > > > I've installed, configured & tested my first PPTP tunnel. > Pinged other machines on the LAN fine! > Real happy about this. > > I'm expecting to be able to 'see' other machines via the > (Win98) Network > Browser on the remote client. Not yet. > > The fact that the Ping's are OK indicates the tunnel is fine. (Yup?). > > What else do I have to do to have Win packets visible? I'm not running > any servers on the LAN. Just peer to peer Win networking. > > Any comments greatly appreciated. > > Packet of Tim Tams if you're in Sydney. > > Regards, Mark Turner > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From john at netdirect.ca Tue May 23 07:13:01 2000 From: john at netdirect.ca (John Van Ostrand) Date: Tue, 23 May 2000 08:13:01 -0400 Subject: [pptp-server] routing problem with pppd Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B0FE@enterprise.NetDirect.CA> Michael, First off your default route is pointed to your ethernet. This means that it would be impossible to connect to any server outside (except "dns".) Remove the default route to your ethernet and try adding a "defaultroute" to you pppd command line. John > -----Original Message----- > From: Michael Rauscher [mailto:mrauscher at excite.com] > Sent: Monday, May 22, 2000 11:10 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] routing problem with pppd > > > Okay, I believe I've got a simple routing problem but I don't > know how to > fix it. Please help!!! > > I'm trying to setup a pptp vpn between a Win98 SE client > (I-net connected > through dialout to an ISP) and a Linux PoPToP server which is > on a LAN > (also I-net connected through dialout to an ISP). > > To test everything I've got the PoPToP server (RH6.2), and > the Win98 SE > client, both on a 192.168.00 LAN. I can VPN to the linux > server and it works > slick (thanx to lots of help from searching this list, the > howtos and much > head-banging). But, when I try to connect via the ISP link, > the server isn't > responding. > > I've got the server doing demand dialing, and when I get the > IP address from > its ppp0 interface, I use that to try to connect with the Win > client. Seems > simple, but this routing thing is driving me crazy. Yep, I'll > admit it -- > I'm a neophyte and am trying to learn all this stuff on my > own, but I'd > really appreciate it if someone could take a look at this > output and give me > a clue before I lose any more hair. BTW, ipchains is wide > open for purposes > of the testing; I' pretty sure that's not the problem. Check out the > messages from the log below related to the routes and proxyarp. > > Here's my options file: > > #/etc/ppp/options > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > proxyarp > demand > debug > idle 120 > ipcp-accept-remote > ipcp-accept-local > mru 1500 > lock > noauth > defaultroute > user powerplt > remotename * > modem 57600 crtscts > connect '/usr/sbin/chat -v -f /etc/ppp/dialout-chat' > > I start pppd like this: > > > > > > May 22 18:58:28 fairbanks kernel: CSLIP: code copyright 1989 > Regents of the > University of California > May 22 18:58:28 fairbanks kernel: PPP: version 2.3.10 (demand > dialling) > May 22 18:58:28 fairbanks kernel: PPP line discipline registered. > May 22 18:58:28 fairbanks kernel: registered device ppp0 > May 22 18:58:57 fairbanks pppd[745]: pppd 2.3.10 started by > root, uid 0 > May 22 18:58:57 fairbanks pppd[745]: Using interface ppp0 > May 22 18:58:57 fairbanks pppd[745]: not replacing existing > default route to > eth0 [192.168.0.1] > May 22 18:58:57 fairbanks pppd[745]: Cannot determine > ethernet address for > proxy ARP > May 22 18:58:57 fairbanks pppd[745]: local IP address 10.64.64.64 > May 22 18:58:57 fairbanks pppd[745]: remote IP address xxx.xxx.121.2 > > > > Kernel IP routing table > Destination Gateway Genmask Flags Metric > Ref Use > Iface > dns * 255.255.255.255 UH 0 > 0 0 ppp0 > fairbanks * 255.255.255.255 UH 0 > 0 0 eth0 > 192.168.0.0 * 255.255.255.0 U 0 > 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 > 0 0 lo > default gateway 0.0.0.0 UG 0 > 0 0 eth0 > > mike rauscher > > > > > > _______________________________________________________ > Get 100% FREE Internet Access powered by Excite > Visit http://freelane.excite.com/freeisp > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From hshaw at healthcentralrx.com Tue May 23 09:36:44 2000 From: hshaw at healthcentralrx.com (T.Shaw) Date: Tue, 23 May 2000 07:36:44 -0700 Subject: [pptp-server] routing problem with pppd References: <915FE25D5E61D3119CD80080C8E2E70904B0FE@enterprise.NetDirect.CA> Message-ID: <001f01bfc4c4$514a2130$0200a8c0@farslayer> He doesn't have to do that.. If he running any type of Unix box, just add a default route for all traffic for the pptp tunnel to go out the ppp0 interface..You can have more than 1 gateway on a unix box.. That way.. traffic destined for your local LAN stays on your local LAN and traffic for your pptp tunnel goes out the ppp0 interface. ----- Original Message ----- From: "John Van Ostrand" To: ; Sent: Tuesday, May 23, 2000 5:13 AM Subject: RE: [pptp-server] routing problem with pppd > Michael, > > First off your default route is pointed to your ethernet. This means that it > would be impossible to connect to any server outside (except "dns".) > > Remove the default route to your ethernet and try adding a "defaultroute" to > you pppd command line. > > John > > > -----Original Message----- > > From: Michael Rauscher [mailto:mrauscher at excite.com] > > Sent: Monday, May 22, 2000 11:10 PM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] routing problem with pppd > > > > > > Okay, I believe I've got a simple routing problem but I don't > > know how to > > fix it. Please help!!! > > > > I'm trying to setup a pptp vpn between a Win98 SE client > > (I-net connected > > through dialout to an ISP) and a Linux PoPToP server which is > > on a LAN > > (also I-net connected through dialout to an ISP). > > > > To test everything I've got the PoPToP server (RH6.2), and > > the Win98 SE > > client, both on a 192.168.00 LAN. I can VPN to the linux > > server and it works > > slick (thanx to lots of help from searching this list, the > > howtos and much > > head-banging). But, when I try to connect via the ISP link, > > the server isn't > > responding. > > > > I've got the server doing demand dialing, and when I get the > > IP address from > > its ppp0 interface, I use that to try to connect with the Win > > client. Seems > > simple, but this routing thing is driving me crazy. Yep, I'll > > admit it -- > > I'm a neophyte and am trying to learn all this stuff on my > > own, but I'd > > really appreciate it if someone could take a look at this > > output and give me > > a clue before I lose any more hair. BTW, ipchains is wide > > open for purposes > > of the testing; I' pretty sure that's not the problem. Check out the > > messages from the log below related to the routes and proxyarp. > > > > Here's my options file: > > > > #/etc/ppp/options > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > proxyarp > > demand > > debug > > idle 120 > > ipcp-accept-remote > > ipcp-accept-local > > mru 1500 > > lock > > noauth > > defaultroute > > user powerplt > > remotename * > > modem 57600 crtscts > > connect '/usr/sbin/chat -v -f /etc/ppp/dialout-chat' > > > > I start pppd like this: > > > > > > > > > > > > May 22 18:58:28 fairbanks kernel: CSLIP: code copyright 1989 > > Regents of the > > University of California > > May 22 18:58:28 fairbanks kernel: PPP: version 2.3.10 (demand > > dialling) > > May 22 18:58:28 fairbanks kernel: PPP line discipline registered. > > May 22 18:58:28 fairbanks kernel: registered device ppp0 > > May 22 18:58:57 fairbanks pppd[745]: pppd 2.3.10 started by > > root, uid 0 > > May 22 18:58:57 fairbanks pppd[745]: Using interface ppp0 > > May 22 18:58:57 fairbanks pppd[745]: not replacing existing > > default route to > > eth0 [192.168.0.1] > > May 22 18:58:57 fairbanks pppd[745]: Cannot determine > > ethernet address for > > proxy ARP > > May 22 18:58:57 fairbanks pppd[745]: local IP address 10.64.64.64 > > May 22 18:58:57 fairbanks pppd[745]: remote IP address xxx.xxx.121.2 > > > > > > > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric > > Ref Use > > Iface > > dns * 255.255.255.255 UH 0 > > 0 0 ppp0 > > fairbanks * 255.255.255.255 UH 0 > > 0 0 eth0 > > 192.168.0.0 * 255.255.255.0 U 0 > > 0 0 eth0 > > 127.0.0.0 * 255.0.0.0 U 0 > > 0 0 lo > > default gateway 0.0.0.0 UG 0 > > 0 0 eth0 > > > > mike rauscher > > > > > > > > > > > > _______________________________________________________ > > Get 100% FREE Internet Access powered by Excite > > Visit http://freelane.excite.com/freeisp > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From john at netdirect.ca Tue May 23 10:41:41 2000 From: john at netdirect.ca (John Van Ostrand) Date: Tue, 23 May 2000 11:41:41 -0400 Subject: [pptp-server] routing problem with pppd Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B102@enterprise.NetDirect.CA> Yes it is true that you can have more than one default gateway on a unix system. But in this case there doesn't appear to be a need. His current default gateway going is going to a system called "gateway" on his LAN. This would be approporiate if there was a router connecting him to the Internet. But, he stated that he is using pppd and gave the logs of pppd dialout indicating that the system "fairbanks" dials the Internet. I presume that this is the same system that does the pptp. If this is the case, once the pppd connection is up the default route should be pointing out their pppd. Since that is the route to the Internet. If they require access to separate subnets through the "gateway" router then those should be specified explicitly. John. > -----Original Message----- > From: T.Shaw [mailto:hshaw at healthcentralrx.com] > Sent: Tuesday, May 23, 2000 10:37 AM > To: John Van Ostrand; mrauscher at bigfoot.com; > pptp-server at lists.schulte.org > Subject: Re: [pptp-server] routing problem with pppd > > > He doesn't have to do that.. If he running any type of Unix > box, just add a > default route for all traffic for the pptp tunnel to go out the ppp0 > interface..You can have more than 1 gateway on a unix box.. That way.. > traffic destined for your local LAN stays on your local LAN > and traffic for > your pptp tunnel goes out the ppp0 interface. > > ----- Original Message ----- > From: "John Van Ostrand" > To: ; > Sent: Tuesday, May 23, 2000 5:13 AM > Subject: RE: [pptp-server] routing problem with pppd > > > > Michael, > > > > First off your default route is pointed to your ethernet. > This means that > it > > would be impossible to connect to any server outside (except "dns".) > > > > Remove the default route to your ethernet and try adding a > "defaultroute" > to > > you pppd command line. > > > > John > > > > > -----Original Message----- > > > From: Michael Rauscher [mailto:mrauscher at excite.com] > > > Sent: Monday, May 22, 2000 11:10 PM > > > To: pptp-server at lists.schulte.org > > > Subject: [pptp-server] routing problem with pppd > > > > > > > > > Okay, I believe I've got a simple routing problem but I don't > > > know how to > > > fix it. Please help!!! > > > > > > I'm trying to setup a pptp vpn between a Win98 SE client > > > (I-net connected > > > through dialout to an ISP) and a Linux PoPToP server which is > > > on a LAN > > > (also I-net connected through dialout to an ISP). > > > > > > To test everything I've got the PoPToP server (RH6.2), and > > > the Win98 SE > > > client, both on a 192.168.00 LAN. I can VPN to the linux > > > server and it works > > > slick (thanx to lots of help from searching this list, the > > > howtos and much > > > head-banging). But, when I try to connect via the ISP link, > > > the server isn't > > > responding. > > > > > > I've got the server doing demand dialing, and when I get the > > > IP address from > > > its ppp0 interface, I use that to try to connect with the Win > > > client. Seems > > > simple, but this routing thing is driving me crazy. Yep, I'll > > > admit it -- > > > I'm a neophyte and am trying to learn all this stuff on my > > > own, but I'd > > > really appreciate it if someone could take a look at this > > > output and give me > > > a clue before I lose any more hair. BTW, ipchains is wide > > > open for purposes > > > of the testing; I' pretty sure that's not the problem. > Check out the > > > messages from the log below related to the routes and proxyarp. > > > > > > Here's my options file: > > > > > > #/etc/ppp/options > > > +chapms > > > +chapms-v2 > > > mppe-40 > > > mppe-128 > > > mppe-stateless > > > proxyarp > > > demand > > > debug > > > idle 120 > > > ipcp-accept-remote > > > ipcp-accept-local > > > mru 1500 > > > lock > > > noauth > > > defaultroute > > > user powerplt > > > remotename * > > > modem 57600 crtscts > > > connect '/usr/sbin/chat -v -f /etc/ppp/dialout-chat' > > > > > > I start pppd like this: > > > > > > > > > > > > > > > > > > May 22 18:58:28 fairbanks kernel: CSLIP: code copyright 1989 > > > Regents of the > > > University of California > > > May 22 18:58:28 fairbanks kernel: PPP: version 2.3.10 (demand > > > dialling) > > > May 22 18:58:28 fairbanks kernel: PPP line discipline registered. > > > May 22 18:58:28 fairbanks kernel: registered device ppp0 > > > May 22 18:58:57 fairbanks pppd[745]: pppd 2.3.10 started by > > > root, uid 0 > > > May 22 18:58:57 fairbanks pppd[745]: Using interface ppp0 > > > May 22 18:58:57 fairbanks pppd[745]: not replacing existing > > > default route to > > > eth0 [192.168.0.1] > > > May 22 18:58:57 fairbanks pppd[745]: Cannot determine > > > ethernet address for > > > proxy ARP > > > May 22 18:58:57 fairbanks pppd[745]: local IP address 10.64.64.64 > > > May 22 18:58:57 fairbanks pppd[745]: remote IP address > xxx.xxx.121.2 > > > > > > > > > > > > Kernel IP routing table > > > Destination Gateway Genmask Flags Metric > > > Ref Use > > > Iface > > > dns * 255.255.255.255 UH 0 > > > 0 0 ppp0 > > > fairbanks * 255.255.255.255 UH 0 > > > 0 0 eth0 > > > 192.168.0.0 * 255.255.255.0 U 0 > > > 0 0 eth0 > > > 127.0.0.0 * 255.0.0.0 U 0 > > > 0 0 lo > > > default gateway 0.0.0.0 UG 0 > > > 0 0 eth0 > > > > > > mike rauscher > > > > > > > > > > > > > > > > > > _______________________________________________________ > > > Get 100% FREE Internet Access powered by Excite > > > Visit http://freelane.excite.com/freeisp > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulte.org! > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > From sk_pptp at hotmail.com Tue May 23 18:04:38 2000 From: sk_pptp at hotmail.com (Stephan Klauberg) Date: Tue, 23 May 2000 18:04:38 CEST Subject: [pptp-server] pptp on SuSE 6.4 - NT RAS Error 629 - Linux PPP Error Signal 11 Message-ID: <20000523160438.97933.qmail@hotmail.com> Hi there, i'm trying to conntect my NT 4 Client, but always tells me Error 629: The data link was terminated by the remote machine And in my servers Syslog look like this May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: local address = 192.168.151.13 May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: remote address = 192.168.151.101 May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: pppd speed = 115200 May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: pppd options file = /etc/ppp/options.pptp0 May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Client 192.168.150.18 control connection started May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Received PPTP Control Message (type: 1) May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Made a START CTRL CONN RPLY packet May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: I wrote 156 bytes to the client. May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Sent packet to client May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Received PPTP Control Message (type: 7) May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Set parameters to 152 maxbps, 32 window size May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Made a OUT CALL RPLY packet May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Starting call (launching pppd, opening GRE) May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: pty_fd = 5 May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: tty_fd = 6 May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: I wrote 32 bytes to the client. May 23 17:54:08 sevenof9 pptpd[1464]: CTRL (PPPD Launcher): Connection speed = 115200 May 23 17:54:08 sevenof9 pptpd[1464]: CTRL (PPPD Launcher): local address = 192.168.151.13 May 23 17:54:08 sevenof9 pptpd[1464]: CTRL (PPPD Launcher): remote address = 192.168.151.101 May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Sent packet to client May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Received PPTP Control Message (type: 15) May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Got a SET LINK INFO packet with standard ACCMs May 23 17:54:08 sevenof9 pppd[1464]: pppd 2.3.11 started by root, uid 0 May 23 17:54:08 sevenof9 pppd[1464]: Using interface ppp0 May 23 17:54:08 sevenof9 pppd[1464]: Connect: ppp0 <--> /dev/pts/2 May 23 17:54:08 sevenof9 pppd[1464]: sent [LCP ConfReq id=0x1 ] May 23 17:54:08 sevenof9 pppd[1464]: Timeout 0x8050ba0:0x807a2c0 in 3 seconds. May 23 17:54:08 sevenof9 pppd[1464]: rcvd [LCP ConfReq id=0x0 ] May 23 17:54:08 sevenof9 pppd[1464]: Fatal signal 11 May 23 17:54:08 sevenof9 pppd[1464]: Exit. May 23 17:54:08 sevenof9 pptpd[1463]: GRE: read(fd=5,buffer=804dac0,len=8196) from PTY failed: status = -1 error = Eingabe-/Ausgabefehler May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Client 192.168.150.18 control connection finished May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Exiting now ---- Any idea ?? thanks Stephan /etc/pptp.conf speed 115200 option /etc/ppp/options.pptp0 localip 192.168.151.13 remoteip 192.168.151.100-199 debug pidfile /var/run/pptpd.pid ---- /etc/ppp/options.pptp0 lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name sevenof9 proxyarp --- /etc/ppp/chap-secrets #client hostname 192.168.1.1 "pptptest" sevenof9 "pptptest" * ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com From john at netdirect.ca Tue May 23 12:34:05 2000 From: john at netdirect.ca (John Van Ostrand) Date: Tue, 23 May 2000 13:34:05 -0400 Subject: [pptp-server] pptp on SuSE 6.4 - NT RAS Error 629 - Linux PPP Error Signal 11 Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B103@enterprise.NetDirect.CA> Is it possible that callback is established. The "callback CBCP" makes me wonder. > May 23 17:54:08 sevenof9 pppd[1464]: sent [LCP ConfReq id=0x1 ] Also this line makes me think that a communication problem exists. > May 23 17:54:08 sevenof9 pppd[1464]: Timeout 0x8050ba0:0x807a2c0 in 3 seconds. > -----Original Message----- > From: Stephan Klauberg [mailto:sk_pptp at hotmail.com] > Sent: Tuesday, May 23, 2000 2:05 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp on SuSE 6.4 - NT RAS Error 629 - Linux PPP > Error Signal 11 > > > Hi there, > > i'm trying to conntect my NT 4 Client, but always tells me > Error 629: The data link was terminated by the remote machine > > And in my servers Syslog look like this > > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: local address = > 192.168.151.13 > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: remote address = > 192.168.151.101 > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: pppd speed = 115200 > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: pppd options file = > /etc/ppp/options.pptp0 > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Client > 192.168.150.18 control > connection started > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Received PPTP > Control Message > (type: 1) > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Made a START CTRL > CONN RPLY > packet > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: I wrote 156 bytes > to the client. > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Sent packet to client > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Received PPTP > Control Message > (type: 7) > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Set parameters to > 152 maxbps, 32 > window size > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Made a OUT CALL > RPLY packet > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Starting call > (launching pppd, > opening GRE) > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: pty_fd = 5 > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: tty_fd = 6 > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: I wrote 32 bytes > to the client. > May 23 17:54:08 sevenof9 pptpd[1464]: CTRL (PPPD Launcher): > Connection speed > = 115200 > May 23 17:54:08 sevenof9 pptpd[1464]: CTRL (PPPD Launcher): > local address = > 192.168.151.13 > May 23 17:54:08 sevenof9 pptpd[1464]: CTRL (PPPD Launcher): > remote address = > 192.168.151.101 > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Sent packet to client > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Received PPTP > Control Message > (type: 15) > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Got a SET LINK > INFO packet with > standard ACCMs > May 23 17:54:08 sevenof9 pppd[1464]: pppd 2.3.11 started by > root, uid 0 > May 23 17:54:08 sevenof9 pppd[1464]: Using interface ppp0 > May 23 17:54:08 sevenof9 pppd[1464]: Connect: ppp0 <--> /dev/pts/2 > May 23 17:54:08 sevenof9 pppd[1464]: sent [LCP ConfReq id=0x1 > > omp>] > May 23 17:54:08 sevenof9 pppd[1464]: Timeout 0x8050ba0:0x807a2c0 in 3 > seconds. > May 23 17:54:08 sevenof9 pppd[1464]: rcvd [LCP ConfReq id=0x0 > > ] > May 23 17:54:08 sevenof9 pppd[1464]: Fatal signal 11 > May 23 17:54:08 sevenof9 pppd[1464]: Exit. > May 23 17:54:08 sevenof9 pptpd[1463]: GRE: > read(fd=5,buffer=804dac0,len=8196) from PTY failed: status = > -1 error = > Eingabe-/Ausgabefehler > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: PTY read or GRE > write failed > (pty,gre)=(5,6) > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Client > 192.168.150.18 control > connection finished > May 23 17:54:08 sevenof9 pptpd[1463]: CTRL: Exiting now > > ---- > > Any idea ?? thanks Stephan > > /etc/pptp.conf > > speed 115200 > option /etc/ppp/options.pptp0 > localip 192.168.151.13 > remoteip 192.168.151.100-199 > debug > pidfile /var/run/pptpd.pid > ---- > > /etc/ppp/options.pptp0 > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > name sevenof9 > proxyarp > > --- > > /etc/ppp/chap-secrets > > #client hostname 192.168.1.1 > "pptptest" sevenof9 "pptptest" * > ______________________________________________________________ > __________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From erobinson at dot.state.nv.us Tue May 23 12:28:40 2000 From: erobinson at dot.state.nv.us (Robinson, Eric) Date: Tue, 23 May 2000 10:28:40 -0700 Subject: [pptp-server] Almost there...! Message-ID: WINS does not provide the browse list. It provides NetBIOS name resolution only, which the client can use to locate a master browser on its subnet. The browse list is provided by the elected master browser or an appointed backup browser, which are machines (not necessarily servers) that have the computer browser service turned on. Often the WINS server is also a master browser, but not necessarily since the two functions are completely separate. You may not need Network Neighborhood style browsing, but you will certainly save yourself a lot of time by enabling WINS. Otherwise, you do have to create an LMHOSTS file on every machine to perform local name resolution. --Eric -----Original Message----- From: John Van Ostrand [mailto:john at netdirect.ca] Sent: Tuesday, May 23, 2000 5:06 AM To: 'MarkT at govirtual.com.au'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Almost there...! Mark, You need a WINS server. The WINS server provides the "browse list" (see in Network Neighborhood) and provides the translation from name to IP address (needed when opening a system from Network Neighborhood.) Without these you will not be able to browse the remote Win98 systems, you can, however, access these systems without WINS using an LMHOSTS file. To setup a WINS server use Samba and configure /etc/smb.conf The lines you care about are: workgroup = WORKGROUP wins support = yes Then setup TCP/IP on your LAN based workstations to use your Linux system as the WINS server. You can set the remote systems automatically if you have the ms-wins option in your /etc/ppp/options file. If you don't need browsing and just want to access the systems you can use the LMHOSTS feature of Windows. Edit the \Windows\LMHOSTS file and create an entry for each system you want to access. If memory serves the line would look like this for an IP address of 1.2.3.4 and a system name of ACCT 1.2.3.4 ACCT One final note: You should consider using Samba as a file/print server for your LAN. Samba can act like a Windows NT domain controller authenticating your users when they boot their systems. Just add the line: security = user encrypt passwords = yes domain logons = yes Then create a netlogon share. Create users using the smbpasswd program. To setup the client, add Client for Microsoft Networks in the Network Control panel, set it to be the default login, and set its properties to logon to the domain you specified in smb.conf (workgroup = ). I also set the workgroup in the network control panels identification tab. John. > -----Original Message----- > From: Mark Turner [mailto:MarkT at govirtual.com.au] > Sent: Monday, May 22, 2000 9:43 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Almost there...! > > > I've installed, configured & tested my first PPTP tunnel. > Pinged other machines on the LAN fine! > Real happy about this. > > I'm expecting to be able to 'see' other machines via the > (Win98) Network > Browser on the remote client. Not yet. > > The fact that the Ping's are OK indicates the tunnel is fine. (Yup?). > > What else do I have to do to have Win packets visible? I'm not running > any servers on the LAN. Just peer to peer Win networking. > > Any comments greatly appreciated. > > Packet of Tim Tams if you're in Sydney. > > Regards, Mark Turner > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulte.org! From adi at certsite.com Tue May 23 13:01:40 2000 From: adi at certsite.com (Adi) Date: Tue, 23 May 2000 14:01:40 -0400 Subject: [pptp-server] Re: problems building your rpm's for ppp References: Message-ID: <392AC784.C6168601@certsite.com> Yes, I had to add a small patch for RH6.2 (an extra argument in the kill_fasync() call). You'll see it in one of the patches contained in the src.rpm. My guess is that you are using the RH6.2 kernel (kernel-2.2.14-5.0) but you recently upgraded from an RH6.1 system, and didn't upgrade all the system RPMs. In a stock RH6.2 system, the kill_fasync() call takes 3 args, not 2. So there are a couple ways to fix this: 1) upgrade all your RPMs to the RH6.2 versions 2) edit the ppp-2.3.10-2mschap_mppe_rh62.spec file contained in my src.rpm and comment out the %patch7 statement ( this skips the kill_fasync patch ) -Adi Jeremy Hansen wrote: > > Any idea what this is? > > gcc -D__KERNEL__ -I/usr/src/linux-2.2.14/include -Wall -Wstrict-prototypes > -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce > -m386 -DCPU=386 -DMODULE -DMODVERSIONS -include > /usr/src/linux-2.2.14/include/linux/modversions.h -DEXPORT_SYMTAB -c > ppp.c > ppp.c:188: warning: static declaration for > `ppp_register_compressor_R9682e733' follows non-static > ppp.c:189: warning: static declaration for > `ppp_unregister_compressor_Ra1b928df' follows non-static > ppp.c: In function `rcv_proto_unknown': > ppp.c:2563: too many arguments to function `kill_fasync_Reee32c9c' > make[1]: *** [ppp.o] Error 1 > make[1]: Leaving directory `/usr/src/linux-2.2.14/drivers/net' > make: *** [_mod_drivers/net] Error 2 > Bad exit status from /var/tmp/rpm-tmp.79041 (%build) > > I'm using 6.2's default kernel. > > Thanks > -jeremy > > -- > > http://www.xxedgexx.com | jeremy at xxedgexx.com > --------------------------------------------- From jeremy at xxedgexx.com Tue May 23 12:58:25 2000 From: jeremy at xxedgexx.com (Jeremy Hansen) Date: Tue, 23 May 2000 13:58:25 -0400 (EDT) Subject: [pptp-server] Re: problems building your rpm's for ppp In-Reply-To: <392AC784.C6168601@certsite.com> Message-ID: Weird, any idea which rpm is it that affect this change? Is it possible that it's a Red Hat hack to 2.2.14 that changes the argument number? I'll admit at this point that my Red Hat kernel rpm is a bit different from the default and I did turn off a lot of patches, so I suspect this is my problem. -jeremy > Yes, I had to add a small patch for RH6.2 (an extra argument in the > kill_fasync() call). You'll see it in one of the patches contained in the > src.rpm. > > My guess is that you are using the RH6.2 kernel (kernel-2.2.14-5.0) but you > recently upgraded from an RH6.1 system, and didn't upgrade all the system > RPMs. In a stock RH6.2 system, the kill_fasync() call takes 3 args, not 2. > > So there are a couple ways to fix this: > > 1) upgrade all your RPMs to the RH6.2 versions > 2) edit the ppp-2.3.10-2mschap_mppe_rh62.spec file contained in my src.rpm > and comment out the %patch7 statement ( this skips the kill_fasync patch ) > > -Adi > > Jeremy Hansen wrote: > > > > Any idea what this is? > > > > gcc -D__KERNEL__ -I/usr/src/linux-2.2.14/include -Wall -Wstrict-prototypes > > -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce > > -m386 -DCPU=386 -DMODULE -DMODVERSIONS -include > > /usr/src/linux-2.2.14/include/linux/modversions.h -DEXPORT_SYMTAB -c > > ppp.c > > ppp.c:188: warning: static declaration for > > `ppp_register_compressor_R9682e733' follows non-static > > ppp.c:189: warning: static declaration for > > `ppp_unregister_compressor_Ra1b928df' follows non-static > > ppp.c: In function `rcv_proto_unknown': > > ppp.c:2563: too many arguments to function `kill_fasync_Reee32c9c' > > make[1]: *** [ppp.o] Error 1 > > make[1]: Leaving directory `/usr/src/linux-2.2.14/drivers/net' > > make: *** [_mod_drivers/net] Error 2 > > Bad exit status from /var/tmp/rpm-tmp.79041 (%build) > > > > I'm using 6.2's default kernel. > > > > Thanks > > -jeremy > > > > -- > > > > http://www.xxedgexx.com | jeremy at xxedgexx.com > > --------------------------------------------- > > -- http://www.xxedgexx.com | jeremy at xxedgexx.com --------------------------------------------- From jeremy at xxedgexx.com Tue May 23 13:21:09 2000 From: jeremy at xxedgexx.com (Jeremy Hansen) Date: Tue, 23 May 2000 14:21:09 -0400 (EDT) Subject: [pptp-server] Getting wierd error and it looks like it's trying to use an NT domain? In-Reply-To: <392AC784.C6168601@certsite.com> Message-ID: Here's the errors I'm getting: May 23 11:19:42 dhcp-10-2-3-131 pptpd[22386]: CTRL: Client 10.2.3.162 control connection started May 23 11:19:42 dhcp-10-2-3-131 pptpd[22386]: CTRL: Starting call (launching pppd, opening GRE) May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: pppd 2.3.10 started by root, uid 0 May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Using interface ppp0 May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Connect: ppp0 <--> /dev/pts/5 May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: No CHAP secret found for authenticating SV.IDEALAB\\jeremy May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: MSCHAP-v2 peer authentication failed for remote host SV.IDEALAB\\jeremy May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Connection terminated. May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Exit. May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: GRE: read error: Bad file descriptor May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: CTRL: Client 10.2.3.162 control connection finished Any ideas here? -jeremy From hett at hss-bremen.de Tue May 23 14:01:57 2000 From: hett at hss-bremen.de (Volker Hett) Date: Tue, 23 May 2000 21:01:57 +0200 Subject: [pptp-server] pptp on SuSE 6.4 - NT RAS Error 629 - Linux PPP Error Signal 11 References: <20000523160438.97933.qmail@hotmail.com> Message-ID: <392AD5A5.5364C0F9@hss-bremen.de> Stephan Klauberg wrote: > > Hi there, > Hi Stephan, SuSE?s pppd seems to have some problems. I compiled my own and everything went smooth :-). Ok, there are some firewall issues which I?m just sorting out. I?ll put my pppd-2.3.11 sources on ftp://www.hss-bremen.de/pub/ppp I?ve patched pppd-2.3.11 with ppp-2.3.11-openssl-0.9.5-mppe.patch and added the RC4* files. So beware of export/patent restrictions! On a standard SuSE 6.4 installation a make install should work. Regards Volker -- "[...] those who can?t get along with the rest of the party have to sit at the fold-up card table. Where do YOU want to sit today?" Jeff Churchwell in a ZDNet Talback Forum From john at netdirect.ca Tue May 23 14:09:36 2000 From: john at netdirect.ca (John Van Ostrand) Date: Tue, 23 May 2000 15:09:36 -0400 Subject: [pptp-server] Getting wierd error and it looks like it's tryi ng to use an NT domain? Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B104@enterprise.NetDirect.CA> Jeremy, Windows clients will send the domain name as part of the login name. What you are seeing is a failure of pppd to authenticate it. You can choose to setup the users with domain names in your chap-secrets database. Be careful though pppd is case sensitive and Windows 98 does not shift the case, it sends the domain name in the case that it was entered in network properties. You should create a user called SV.IDEALAB\\jeremy in the chap-secrets file and it should work for you. John. > -----Original Message----- > From: Jeremy Hansen [mailto:jeremy at xxedgexx.com] > Sent: Tuesday, May 23, 2000 2:21 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Getting wierd error and it looks like > it's trying > to use an NT domain? > > > > Here's the errors I'm getting: > > May 23 11:19:42 dhcp-10-2-3-131 pptpd[22386]: CTRL: Client 10.2.3.162 > control connection started > May 23 11:19:42 dhcp-10-2-3-131 pptpd[22386]: CTRL: Starting call > (launching pppd, opening GRE) > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: pppd 2.3.10 > started by root, > uid 0 > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Using interface ppp0 > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Connect: ppp0 > <--> /dev/pts/5 > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: No CHAP secret found for > authenticating SV.IDEALAB\\jeremy > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: MSCHAP-v2 peer > authentication > failed for remote host SV.IDEALAB\\jeremy > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Connection terminated. > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Exit. > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: GRE: read > error: Bad file > descriptor > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: CTRL: PTY read > or GRE write > failed (pty,gre)=(-1,-1) > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: CTRL: Client 10.2.3.162 > control connection finished > > Any ideas here? > > -jeremy > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From amacc at iron-bridge.net Tue May 23 14:16:22 2000 From: amacc at iron-bridge.net (Andrew McRory) Date: Tue, 23 May 2000 15:16:22 -0400 (EDT) Subject: [pptp-server] Getting wierd error and it looks like it's trying to use an NT domain? In-Reply-To: Message-ID: On Tue, 23 May 2000, Jeremy Hansen wrote: > > Here's the errors I'm getting: > > May 23 11:19:42 dhcp-10-2-3-131 pptpd[22386]: CTRL: Client 10.2.3.162 > control connection started > May 23 11:19:42 dhcp-10-2-3-131 pptpd[22386]: CTRL: Starting call > (launching pppd, opening GRE) > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: pppd 2.3.10 started by root, > uid 0 > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Using interface ppp0 > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Connect: ppp0 <--> /dev/pts/5 > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: No CHAP secret found for > authenticating SV.IDEALAB\\jeremy > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: MSCHAP-v2 peer authentication > failed for remote host SV.IDEALAB\\jeremy no suitable user in chap-secrets file... either make an entry for "SV.IDEALAB\\jeremy" or get the patch to strip out the domain name from http://www.smop.de > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Connection terminated. > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Exit. > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: GRE: read error: Bad file > descriptor > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: CTRL: PTY read or GRE write > failed (pty,gre)=(-1,-1) > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: CTRL: Client 10.2.3.162 > control connection finished > > Any ideas here? > > -jeremy > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > Andrew McRory / President amacc at iron-bridge.net Iron Bridge Communications www.iron-bridge.net Caldera OpenLinux Contrib RPMS ftp.iron-bridge.net/pub/Caldera From jeremy at xxedgexx.com Tue May 23 14:45:06 2000 From: jeremy at xxedgexx.com (Jeremy Hansen) Date: Tue, 23 May 2000 15:45:06 -0400 (EDT) Subject: [pptp-server] Getting wierd error and it looks like it's trying to use an NT domain? In-Reply-To: Message-ID: Perfect. Thank you very much. -jeremy > On Tue, 23 May 2000, Jeremy Hansen wrote: > > > > > Here's the errors I'm getting: > > > > May 23 11:19:42 dhcp-10-2-3-131 pptpd[22386]: CTRL: Client 10.2.3.162 > > control connection started > > May 23 11:19:42 dhcp-10-2-3-131 pptpd[22386]: CTRL: Starting call > > (launching pppd, opening GRE) > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: pppd 2.3.10 started by root, > > uid 0 > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Using interface ppp0 > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Connect: ppp0 <--> /dev/pts/5 > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: No CHAP secret found for > > authenticating SV.IDEALAB\\jeremy > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: MSCHAP-v2 peer authentication > > failed for remote host SV.IDEALAB\\jeremy > > no suitable user in chap-secrets file... either make an entry for > "SV.IDEALAB\\jeremy" or get the patch to strip out the domain name from > http://www.smop.de > > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Connection terminated. > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Exit. > > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: GRE: read error: Bad file > > descriptor > > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: CTRL: PTY read or GRE write > > failed (pty,gre)=(-1,-1) > > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: CTRL: Client 10.2.3.162 > > control connection finished > > > > Any ideas here? > > > > -jeremy > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > > Andrew McRory / President amacc at iron-bridge.net > Iron Bridge Communications www.iron-bridge.net > Caldera OpenLinux Contrib RPMS ftp.iron-bridge.net/pub/Caldera > > > -- http://www.xxedgexx.com | jeremy at xxedgexx.com --------------------------------------------- From jeremy at xxedgexx.com Tue May 23 15:20:06 2000 From: jeremy at xxedgexx.com (Jeremy Hansen) Date: Tue, 23 May 2000 16:20:06 -0400 (EDT) Subject: [pptp-server] Getting wierd error and it looks like it's trying to use an NT domain? In-Reply-To: Message-ID: I tried the patch below applied to Adi 's ppp-2.3.10 rpm's and ot doesn't seem to work. I'm still required to put the DOMAIN\\ in the username. -jeremy > On Tue, 23 May 2000, Jeremy Hansen wrote: > > > > > Here's the errors I'm getting: > > > > May 23 11:19:42 dhcp-10-2-3-131 pptpd[22386]: CTRL: Client 10.2.3.162 > > control connection started > > May 23 11:19:42 dhcp-10-2-3-131 pptpd[22386]: CTRL: Starting call > > (launching pppd, opening GRE) > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: pppd 2.3.10 started by root, > > uid 0 > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Using interface ppp0 > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Connect: ppp0 <--> /dev/pts/5 > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: No CHAP secret found for > > authenticating SV.IDEALAB\\jeremy > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: MSCHAP-v2 peer authentication > > failed for remote host SV.IDEALAB\\jeremy > > no suitable user in chap-secrets file... either make an entry for > "SV.IDEALAB\\jeremy" or get the patch to strip out the domain name from > http://www.smop.de > > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Connection terminated. > > May 23 11:19:42 dhcp-10-2-3-131 pppd[22387]: Exit. > > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: GRE: read error: Bad file > > descriptor > > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: CTRL: PTY read or GRE write > > failed (pty,gre)=(-1,-1) > > May 23 11:19:47 dhcp-10-2-3-131 pptpd[22386]: CTRL: Client 10.2.3.162 > > control connection finished > > > > Any ideas here? > > > > -jeremy > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulte.org! > > > > > Andrew McRory / President amacc at iron-bridge.net > Iron Bridge Communications www.iron-bridge.net > Caldera OpenLinux Contrib RPMS ftp.iron-bridge.net/pub/Caldera > > > -- http://www.xxedgexx.com | jeremy at xxedgexx.com --------------------------------------------- From adi at certsite.com Tue May 23 15:46:17 2000 From: adi at certsite.com (Adi) Date: Tue, 23 May 2000 16:46:17 -0400 Subject: [pptp-server] Re: problems building your rpm's for ppp References: Message-ID: <392AEE19.BC13CC83@certsite.com> Jeremy, I don't know which RPM it is... I suggest just doing commenting out %patch7 (skipping the kill_fasync patch). That's the most direct and easiest solution since you've made custom changes to your kernel, because it won't affect anything else. BTW, my rpm spec file modifies some files in your kernel source tree (specifically: your .config). So be aware of this when you do an rpm -ba .spec (you might want to backup your .config) -Adi Jeremy Hansen wrote: > > Weird, any idea which rpm is it that affect this change? Is it possible > that it's a Red Hat hack to 2.2.14 that changes the argument number? I'll > admit at this point that my Red Hat kernel rpm is a bit different from the > default and I did turn off a lot of patches, so I suspect this is my > problem. > > -jeremy > > > Yes, I had to add a small patch for RH6.2 (an extra argument in the > > kill_fasync() call). You'll see it in one of the patches contained in the > > src.rpm. > > > > My guess is that you are using the RH6.2 kernel (kernel-2.2.14-5.0) but you > > recently upgraded from an RH6.1 system, and didn't upgrade all the system > > RPMs. In a stock RH6.2 system, the kill_fasync() call takes 3 args, not 2. > > > > So there are a couple ways to fix this: > > > > 1) upgrade all your RPMs to the RH6.2 versions > > 2) edit the ppp-2.3.10-2mschap_mppe_rh62.spec file contained in my src.rpm > > and comment out the %patch7 statement ( this skips the kill_fasync patch ) > > > > -Adi > > From andrew at skyrunner.net Tue May 23 15:56:15 2000 From: andrew at skyrunner.net (Andrew Useckas) Date: Tue, 23 May 2000 23:56:15 +0300 Subject: [pptp-server] Encrytpion problem on Windows 98 SE Message-ID: <00052323590700.16114@ronin> -----BEGIN PGP SIGNED MESSAGE----- I've been trying to get encryption from a Windows 98 SE box (client) to the pptpd machine running SuSE Linux 6.4. I've tried everything in the howto's, readme's, etc. with no luck. I wonder if somebody here could help me out with this problem... Attached you will find the log of one session... -- Andrew Useckas Network Administrator NewEraCom, LLC 5 Ravenscroft Drive, Asheville, NC 28801 Tel.: (828) 258-8562x106 (800) 908-9857 Fax: (828) 253-3334 WWW: www.skyrunner.net Email:andrew at skyrunner.net -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: test URL: From mm at lunetix.de Tue May 23 21:03:31 2000 From: mm at lunetix.de (mm at lunetix.de) Date: Wed, 24 May 2000 04:03:31 +0200 (CEST) Subject: [pptp-server] Getting wierd error and it looks like it's trying to use an NT domain? In-Reply-To: Message-ID: <20000524020328.069782F7F@tarantino.werkleitz.de> On 23 May, Jeremy Hansen wrote: > > I tried the patch below applied to Adi 's ppp-2.3.10 > rpm's and ot doesn't seem to work. I'm still required to put the DOMAIN\\ > in the username. You have to add "chapms-strip-domain" to /etc/ppp/options, or wherever you have your options in to activate this behavior. > > -jeremy > >> On Tue, 23 May 2000, Jeremy Hansen wrote: >> bye MM For PGP-RSA / GnuPG-DSA keys as well other stuff see http://smop.de From jeremy at xxedgexx.com Tue May 23 22:55:11 2000 From: jeremy at xxedgexx.com (Jeremy Hansen) Date: Tue, 23 May 2000 23:55:11 -0400 (EDT) Subject: [pptp-server] Getting wierd error and it looks like it's trying to use an NT domain? In-Reply-To: <20000524020328.069782F7F@tarantino.werkleitz.de> Message-ID: oh, heh, this must be it. thanks -jeremy > On 23 May, Jeremy Hansen wrote: > > > > I tried the patch below applied to Adi 's ppp-2.3.10 > > rpm's and ot doesn't seem to work. I'm still required to put the DOMAIN\\ > > in the username. > > You have to add "chapms-strip-domain" to /etc/ppp/options, or wherever > you have your options in to activate this behavior. > > > > > -jeremy > > > >> On Tue, 23 May 2000, Jeremy Hansen wrote: > >> > > bye > MM > > For PGP-RSA / GnuPG-DSA keys as well other stuff see http://smop.de > > > -- http://www.xxedgexx.com | jeremy at xxedgexx.com --------------------------------------------- From vgill at technologist.com Tue May 23 17:49:10 2000 From: vgill at technologist.com (Vern H. Gill) Date: Tue, 23 May 2000 15:49:10 -0700 Subject: [pptp-server] DHCP for PPTP Clients Message-ID: Is there any way to use my existing/updated(?) DHCP server to dynamically provide PPTP clients with IP's? By updated(?) I mean any updates necessary. Thanks. Vern H. Gill From dasher at daydreamsandcurry.com Wed May 24 09:31:14 2000 From: dasher at daydreamsandcurry.com (Dasher) Date: Wed, 24 May 2000 09:31:14 -0500 Subject: [pptp-server] Trouble recompiling my Kernel Message-ID: <006401bfc58c$b78fa140$eac6a8c0@cancansystems.com> I'm trying to configure PoPToP but when I try to MAKE CONFIG my RedHat Linux 6.0 comes back with: scripts/Configure: No Such File or Directory...... could anyone tell me where to get these files? Thanks, Dasher -------------- next part -------------- An HTML attachment was scrubbed... URL: From mike at coredump.csocsg.net Wed May 24 13:16:11 2000 From: mike at coredump.csocsg.net (mike wronski) Date: Wed, 24 May 2000 13:16:11 -0500 Subject: [pptp-server] Static IP's Message-ID: <001401bfc5ac$24127760$dca918cf@mw.3com.com> How do I set up PPTPd to assign a specific address to a specific user? I have a ip pool in use now.. -M From stan at rogge.net Wed May 24 13:11:09 2000 From: stan at rogge.net (Stan A. Rogge) Date: Wed, 24 May 2000 13:11:09 -0500 Subject: [pptp-server] Static IP's References: <001401bfc5ac$24127760$dca918cf@mw.3com.com> Message-ID: <00f001bfc5ab$706044e0$fd01fb0a@harmonic.com> Howdy Mike, hows 3com TCH? Use chap-secrets file under usually /etc/ppp for assignments. pptpd does not need to assign and address from its pool. ----- Original Message ----- From: "mike wronski" To: "pptp" Sent: Wednesday, May 24, 2000 1:16 PM Subject: [pptp-server] Static IP's | How do I set up PPTPd to assign a specific address to a specific user? I | have a ip pool in use now.. | | -M | | _______________________________________________ | pptp-server maillist - pptp-server at lists.schulte.org | http://lists.schulte.org/mailman/listinfo/pptp-server | List services provided by www.schulte.org! | From gord at amador.ca Wed May 24 15:04:24 2000 From: gord at amador.ca (Gord Belsey) Date: Wed, 24 May 2000 14:04:24 -0600 Subject: [pptp-server] Static IP's References: <001401bfc5ac$24127760$dca918cf@mw.3com.com> Message-ID: <012a01bfc5bb$434980b0$280111ac@amadorinc.com> Mike: In /etc/ppp/options, add ipcp-accept-local ipcp-accept-remote This allows the client to request a static address, over-riding the pool. Gord Belsey ----- Original Message ----- From: mike wronski To: pptp Sent: Wednesday, May 24, 2000 12:16 PM Subject: [pptp-server] Static IP's > How do I set up PPTPd to assign a specific address to a specific user? I > have a ip pool in use now.. > > -M > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From Patrick at reidworld.dynip.com Wed May 24 19:20:30 2000 From: Patrick at reidworld.dynip.com (Patrick Reid) Date: Wed, 24 May 2000 21:20:30 -0300 Subject: [pptp-server] pppd message in log file Message-ID: Below is a message which shows up in my system log files every once in a while - anyone know what it means? Patrick Reid - mailto:PReid at candesco.com Candesco Research Corp. Communication Centre: -----Original Message----- From: root [mailto:root at reidworld.dynip.com] Sent: May 24, 2000 1:10 AM To: root at reidworld.dynip.com Subject: reidworld.dynip.com 05/24/00--01:10 system check Unusual System Events =-=-=-=-=-=-=-=-=-=-= May 24 01:02:24 reidworld pppd[8775]: ioctl(SIOCDARP): No such file or directory(2) From mpeel at istar.ca Wed May 24 19:51:51 2000 From: mpeel at istar.ca (Mike Peel) Date: Wed, 24 May 2000 17:51:51 -0700 Subject: [pptp-server] Fixed problem Re: ppp-2.3.10.patch - hunk failures References: <000201bfc1ca$9cb49c60$f901a8c0@polaris.workout.com.ar> <3925B9F4.55BC0D@istar.ca> Message-ID: <392C7927.44770C55@istar.ca> I downloaded the patch: ppp-2.3.10-openssl-norc4-mppe.patch.gz using IE5 ( on Win 98 ) and it patches ok without any Hunk Failures. It may be a bug with NetScape 4.72 ( on Win 98) because the file size of ppp-2.3.10-openssl-norc4-mppe.patch.gz is 193 k vs. 187k for IE5 ??? .... (always seems to be 6 k larger ? ) thanks for your help Mike Peel Mike Peel wrote: > Does anyone have a revised version of this patch ? I get alot of HUNK > FAILED messages. > > I am using ppp-2.3.10.tar.gz from : > > ftp://cs.anu.edu.au/pub/software/ppp/ > > thanks in advance, > > Mike Peel From eric at pmcipa.com Thu May 25 04:55:40 2000 From: eric at pmcipa.com (Eric Robinson) Date: Thu, 25 May 2000 02:55:40 -0700 Subject: [pptp-server] PoPToP Virgin Message-ID: <21B377B36413D311861C0004ACB8854A92E7@IPASERV> Greetings! I'm a PoPToP virgin, which is to say that I've never gotten it to work yet. I've followed the directions closely, but when I connect to the box remotely, I get a normal PPP session, not a PPTP one. When I look at the log, I see that kernel pppd ran and bound to interface ppp0 instead of user ppp binding to tun0. What am I doing wrong? --Eric > -----Original Message----- > From: Patrick Reid [SMTP:Patrick at reidworld.dynip.com] > Sent: Wednesday, May 24, 2000 5:21 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pppd message in log file > > Below is a message which shows up in my system log files every once in > a > while - anyone know what it means? > > Patrick Reid - mailto:PReid at candesco.com > Candesco Research Corp. > Communication Centre: > > > -----Original Message----- > From: root [mailto:root at reidworld.dynip.com] > Sent: May 24, 2000 1:10 AM > To: root at reidworld.dynip.com > Subject: reidworld.dynip.com 05/24/00--01:10 system check > > > > Unusual System Events > =-=-=-=-=-=-=-=-=-=-= > May 24 01:02:24 reidworld pppd[8775]: ioctl(SIOCDARP): No such file or > directory(2) > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! From yan at cardinalengineering.com Thu May 25 08:50:30 2000 From: yan at cardinalengineering.com (Yan Seiner) Date: Thu, 25 May 2000 09:50:30 -0400 Subject: [pptp-server] Fixed problem Re: ppp-2.3.10.patch - hunk failures References: <000201bfc1ca$9cb49c60$f901a8c0@polaris.workout.com.ar> <3925B9F4.55BC0D@istar.ca> <392C7927.44770C55@istar.ca> Message-ID: <392D2FA6.E0A4EE5D@cardinalengineering.com> Not a bug, a "feature". Netscape under Win converts the unix new-lines to msdos cr-lf to text files, adding to the file and also making patches fail. --Yan Mike Peel wrote: > > I downloaded the patch: > > ppp-2.3.10-openssl-norc4-mppe.patch.gz > > using IE5 ( on Win 98 ) and it patches ok without any Hunk Failures. > > It may be a bug with NetScape 4.72 ( on Win 98) because the file size of > ppp-2.3.10-openssl-norc4-mppe.patch.gz is 193 k vs. 187k for IE5 ??? > .... (always seems to be 6 k larger ? ) > > thanks for your help > > Mike Peel > > Mike Peel wrote: > > > Does anyone have a revised version of this patch ? I get alot of HUNK > > FAILED messages. > > > > I am using ppp-2.3.10.tar.gz from : > > > > ftp://cs.anu.edu.au/pub/software/ppp/ > > > > thanks in advance, > > > > Mike Peel > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! -- Think different ride a recumbent use Linux. From klussier at mclinux.com Thu May 25 10:33:02 2000 From: klussier at mclinux.com (Kenneth E. Lussier) Date: Thu, 25 May 2000 11:33:02 -0400 Subject: [pptp-server] Should I be using PPTP? Message-ID: <392D47AE.FF4F7A17@mclinux.com> All, I am about to start setting up VPN systems for two purposes: 1) Site-to-site and 2) Road-Warriors. The servers are going to be running on VA Linux systems (Dual-proc 700MHz w/ 512MB RAM Quad ethernet), and the RW clients will be both Linux and Windows (laptops, home pc's, etc.). I plan on having the VPN servers on both the external network (internet) and the inside LAN. Before I get started, I have several questions: 1) I plan on using IPSec (FreeS/WAN) for site-to-site. Can PPTP co-exist on the same server? 2) How many simultaneous connections can PPTPd handle? 3) Is there any way to make pptpd use either shadow passwords or NIS for authentication? 4) Will the Road-warriors be able to access the entire internal network once connected? 5) What is the maximum level of encryption possible, and how do I force it to use it? Any and all comments and suggestions will be greatly appreciated. TIA, Kenny Kenny Lussier Systems Administrator Mission Critical Linux ****************************** If at first you don't succeed, destroy all evidence that you tried ****************************** From adam at morrison-ind.com Thu May 25 12:58:09 2000 From: adam at morrison-ind.com (Adam Tauno Williams) Date: Thu, 25 May 2000 13:58:09 -0400 Subject: [pptp-server] Should I be using PPTP? In-Reply-To: <392D47AE.FF4F7A17@mclinux.com> References: <392D47AE.FF4F7A17@mclinux.com> Message-ID: <200005251758.e4PHw9B11074@localhost.localdomain> >I am about to start setting up VPN systems for two purposes: >1) Site-to-site >and >2) Road-Warriors. >1) I plan on using IPSec (FreeS/WAN) for site-to-site. Can PPTP co-exist on >the same server? Don't see why not, they listen on diffrent ports. >2) How many simultaneous connections can PPTPd handle? This is in FAQ as I recall. >3) Is there any way to make pptpd use either shadow passwords or NIS for >authentication? There is a patch to support smbpasswd (Samba) and I have mine working against NT hashes stored in an LDAP directory. I hope to have a site up about my ugly patch soon. >4) Will the Road-warriors be able to access the entire internal network >once connected? With proxy-arp and a WINS server it will be just like they are on the network. >5) What is the maximum level of encryption possible, and how do I force it >to use it? There is a patch to force MPPE encryption. PPTP goes as high as 128bit. Systems and Network Administrator Morrison Industries 1825 Monroe Ave NW. Grand Rapids, MI. 49505 From Stefan.Strehle at JAW.AT Thu May 25 19:45:09 2000 From: Stefan.Strehle at JAW.AT (Strehle Stefan) Date: Fri, 26 May 2000 02:45:09 +0200 Subject: [pptp-server] Multiple clients from one IP Message-ID: Has anyone had following situation: We are replacing our Win NT PPTP server, where our branches can get into our VPN. Some of the branches are using ISDN dialup routers with NAT, where a couple of PCs are establishing connections via the router. Did work well with NT. The PoPToP server is working well with everything else, but has problems getting multiple connection from the same IP (nice errors, unsupported protocol and packet disorder,..) Well i ran one more instance of pptp on an alias interface -> worked well. But my question is, why is NT capable of doing it and PoPToP isn't. As far as i remember NT didn't do it before service pack 6 or so. (Since some branches have more PCs via NAT, than we have IPs for alias interfaces, i would really like to know). Beside these minor problems i have, PoPToP is working very reliable... very good piece of software, if you have to be compatible to MS. I hope i haven't missed anything of the archives.... Stefan Stefan Strehle Zentralstelle Jugend am Werk Grunsteingasse 65 A-1160 Wien Tel. 4050286DW67 Fax 4051836 http://www.jaw.at From mwronski at coredump.ae.usr.com Thu May 25 22:28:19 2000 From: mwronski at coredump.ae.usr.com (Mike Wronski) Date: Thu, 25 May 2000 22:28:19 -0500 (CDT) Subject: [pptp-server] Multiple clients from one IP In-Reply-To: Message-ID: I think I remeber reading in the TODO section that PoPToP does not support multiple tunnels from the same IP yet.. -M On Fri, 26 May 2000, Strehle Stefan spewed: > Has anyone had following situation: > > We are replacing our Win NT PPTP server, where our branches can get into our > VPN. Some of the branches are using ISDN dialup routers with NAT, where a > couple of PCs are establishing connections via the router. Did work well > with NT. The PoPToP server is working well with everything else, but has > problems getting multiple connection from the same IP (nice errors, > unsupported protocol and packet disorder,..) Well i ran one more instance of > pptp on an alias interface -> worked well. But my question is, why is NT > capable of doing it and PoPToP isn't. As far as i remember NT didn't do it > before service pack 6 or so. (Since some branches have more PCs via NAT, > than we have IPs for alias interfaces, i would really like to know). > Beside these minor problems i have, PoPToP is working very reliable... very > good piece of software, if you have to be compatible to MS. > I hope i haven't missed anything of the archives.... > > Stefan > > > Stefan Strehle > Zentralstelle Jugend am Werk > Grunsteingasse 65 A-1160 Wien > Tel. 4050286DW67 Fax 4051836 > http://www.jaw.at > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > +--------------------------------------+ Mike Wronski (mike at coredump.ae.usr.com) 3Com Network Systems Engineer From P.J.Reid at earthling.net Fri May 26 07:01:30 2000 From: P.J.Reid at earthling.net (Patrick Reid) Date: Fri, 26 May 2000 09:01:30 -0300 Subject: [pptp-server] smbpasswd patch In-Reply-To: <200005251758.e4PHw9B11074@localhost.localdomain> Message-ID: Adam Tauno said: >There is a patch to support smbpasswd (Samba) and I have >mine working against NT hashes stored in an LDAP directory. >I hope to have a site up about my ugly patch soon. Does this patch allow mppe encryption? Patrick Reid - mailto:PReid at candesco.com Candesco Research Corp. Communication Centre: From adam at morrison-ind.com Fri May 26 06:39:05 2000 From: adam at morrison-ind.com (Adam Tauno Williams) Date: Fri, 26 May 2000 07:39:05 -0400 Subject: [pptp-server] smbpasswd patch In-Reply-To: References: Message-ID: <200005261139.e4QBd5S13032@localhost.localdomain> >>There is a patch to support smbpasswd (Samba) and I have >>mine working against NT hashes stored in an LDAP directory. >>I hope to have a site up about my ugly patch soon. >Does this patch allow mppe encryption? Yes, it uses the hash in MS-CHAPv2 negotiation. I have it in alongside the "require mppe" patch, and it works. Systems and Network Administrator Morrison Industries 1825 Monroe Ave NW. Grand Rapids, MI. 49505 From john at netdirect.ca Fri May 26 07:54:26 2000 From: john at netdirect.ca (John Van Ostrand) Date: Fri, 26 May 2000 08:54:26 -0400 Subject: [pptp-server] smbpasswd patch Message-ID: <915FE25D5E61D3119CD80080C8E2E70904B117@enterprise.NetDirect.CA> Adam, This may be something I've been looking for. Is your LDAP server running on NT and pulling the hashes directly from the SAM? If so what LDAP server are you using? Thanks. John. > -----Original Message----- > From: Adam Tauno Williams [mailto:adam at morrison-ind.com] > Sent: Friday, May 26, 2000 7:39 AM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] smbpasswd patch > > > >>There is a patch to support smbpasswd (Samba) and I have > >>mine working against NT hashes stored in an LDAP directory. > >>I hope to have a site up about my ugly patch soon. > >Does this patch allow mppe encryption? > > Yes, it uses the hash in MS-CHAPv2 negotiation. I have it in > alongside the > "require mppe" patch, and it works. > > Systems and Network Administrator > Morrison Industries > 1825 Monroe Ave NW. > Grand Rapids, MI. 49505 > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From ddobre at deuroconsult.ro Fri May 26 08:02:14 2000 From: ddobre at deuroconsult.ro (Dragos DOBRE) Date: Fri, 26 May 2000 16:02:14 +0300 Subject: [pptp-server] pptpd+chapms+radius Message-ID: <392E75D6.7EB9F7FA@deuroconsult.ro> I am trying to implement a VPN based on Linux PPTP server. The clients connecting to this server are mostly W9x/NT/2k The server should authenticate the tunnels (users) via a Radius server. I have patched my ppp-2.3.11 with the following patches: chapms-domain-strip rh62-kill_fasync.patch openssl-0.9.5-mppe.patch and ppp-2.3.11.radius.pat from http://www.ednet.ns.ca/~macleajb (in crap-chap.tgz) (system is kernel 2.2.14-15 stock RH6.2 distrib except for pppd and pptpd 1.1.1 compiled by myself) I also added the appropriate line in /etc/ppp/chap-secrets # client server secret IP addresses * * !nothing * the problem is that the chap-crap-patched pppd does not send the right password to the radius server. I can see that the radiusclient tries to authenticate users to the radius server, but instead it passes '!nothing' as the password string. from /var/log/radius.log Fri May 26 15:24:45 2000: Auth: Login incorrect: [jambo/!nothing] (from nas eris/S0) has anyone succesfully installed all the above and does this work? I appreciate if anyone can help me. some settings: /etc/ppp/options lock debug proxyarp chapms-strip-domain +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/pptpd.conf speed 115200 debug localip 10.10.10.1 remoteip 10.10.10.20-24 respect -- Dragos Adrian DOBRE Network Systems Specialist Deuroconsult Brasov, Romania From Gareth_Marlow at scientia.com Fri May 26 08:13:11 2000 From: Gareth_Marlow at scientia.com (Gareth Marlow) Date: Fri, 26 May 2000 14:13:11 +0100 Subject: [pptp-server] Extracting 128-bit encryption files from SP6a Message-ID: <20000526141311.A16140@canna.scientia.com> I seem to remember someone talking about extracting the files from a Service Pack and manually installing those replacements necessary to upgrade PPTP to 128 bit rather than running the whole service pack install. Can anyone help with this please? Gareth From macleajb at EDnet.NS.CA Fri May 26 08:32:23 2000 From: macleajb at EDnet.NS.CA (James MacLean) Date: Fri, 26 May 2000 10:32:23 -0300 (ADT) Subject: [pptp-server] pptpd+chapms+radius In-Reply-To: <392E75D6.7EB9F7FA@deuroconsult.ro> Message-ID: On Fri, 26 May 2000, Dragos DOBRE wrote: > I am trying to implement a VPN based on Linux PPTP server. > The clients connecting to this server are mostly W9x/NT/2k > The server should authenticate the tunnels (users) via a Radius server. The key to this hack is the radius server. Currently it _must_ be xtradius, and it _must_ use the checkmysql or whatever I called it :(. The reason being that it does send the wrong passwd, but the radius server sends back the magic NtHash which is used to do the rest. > has anyone succesfully installed all the above and does this work? Only me I guess :). JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From jhummel at fulltiltsolutions.com Fri May 26 10:15:22 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Fri, 26 May 2000 11:15:22 -0400 Subject: [pptp-server] PPTP Client problem Message-ID: Hello, From mike at coredump.csocsg.net Fri May 26 10:42:47 2000 From: mike at coredump.csocsg.net (mike wronski) Date: Fri, 26 May 2000 10:42:47 -0500 Subject: [pptp-server] Routes Message-ID: <000101bfc729$0abcdfc0$dca918cf@mw.3com.com> I cant seem to find a method off adding routes at both sides of my pptp connection when the link comes up.. I need to add a static route at the pptpd side for the remote network and add a few routes on the local side that point specific traffic up the link and let the rest use the default route.. pppd has some commands that run scripts but the descriptions all indicate that they are executed before the ppp link is up.. Mike Wronski mike at coredump.csocsg.net From gord at amador.ca Fri May 26 11:06:12 2000 From: gord at amador.ca (Gord Belsey) Date: Fri, 26 May 2000 10:06:12 -0600 Subject: [pptp-server] Routes References: <000101bfc729$0abcdfc0$dca918cf@mw.3com.com> Message-ID: <0a1501bfc72c$51483b80$280111ac@amadorinc.com> I have a LAN at the other side of the remote (linux pptp client) end. In /etc/ppp, I created ip-up.local, which gets called by ip-up (assuming you set the permissions:o). ip-up runs as ppp is brining up the link and gives you variables $1 through $5 (you can also set $6 in the options file). in ip-up.local, I put: route add -net netmask gw $4 $1 $1 is the interface and $4 is the gateway address. I can't recall off the top of my head what the 5 variables are, but they're documented in the pppd man pages. I haven't had any problems with this approach. Hope this is helpful Gord Belsey ----- Original Message ----- From: mike wronski To: pptp Sent: Friday, May 26, 2000 9:42 AM Subject: [pptp-server] Routes > I cant seem to find a method off adding routes at both sides of my pptp > connection when the link comes up.. I need to add > a static route at the pptpd side for the remote network and add a few routes > on the local side that point specific traffic up the link and let the rest > use the default route.. pppd has some commands that run scripts but the > descriptions all indicate that they are executed before the ppp link is up.. > > > > Mike Wronski > mike at coredump.csocsg.net > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulte.org! > From jhummel at fulltiltsolutions.com Fri May 26 11:10:27 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Fri, 26 May 2000 12:10:27 -0400 Subject: [pptp-server] PPTP Client problem Message-ID: Ok, I got past that one, noauth has to be in the command line twice ( for some odd reason...) but the link is up now and authenticated. The next problem is this -- I can ping any old machines (win98, 2000) but not any of my NT servers. Also, is there an easy was to pass wins through the link? Thanks again, Jeff -----Original Message----- From: Jeffrey Hummel [mailto:jhummel at fulltiltsolutions.com] Sent: Friday, May 26, 2000 11:15 AM To: pptp-server at lists.schulte.org Cc: pptp-server at lists.schulte.org Subject: [pptp-server] PPTP Client problem Hello, From mpeel at istar.ca Fri May 26 20:03:17 2000 From: mpeel at istar.ca (Mike Peel) Date: Fri, 26 May 2000 18:03:17 -0700 Subject: [pptp-server] Error with select Message-ID: <392F1ED4.431619D2@istar.ca> I have two Internet connections : dial-up and Adsl. With the ADSL I can make a successful VPN connection to the Linux pptp server but the dial-up connection gives MS error 645 and /var/log/debug file has "Error with select()". Here is my complete log file : Thanks in advance for any help. Mike Peel May 26 16:16:57 localhost syslogd 1.3-3: restart. May 26 16:17:06 localhost pptpd[1454]: CTRL: local address = 192.168.0.2 May 26 16:17:06 localhost pptpd[1454]: CTRL: remote address = 192.168.1.2 May 26 16:17:06 localhost pptpd[1454]: CTRL: Client 154.5.152.197 control connection started May 26 16:17:06 localhost pptpd[1454]: CTRL: Received PPTP Control Message (type: 1) May 26 16:17:06 localhost pptpd[1454]: CTRL: Made a START CTRL CONN RPLY packet May 26 16:17:06 localhost pptpd[1454]: CTRL: I wrote 156 bytes to the client. May 26 16:17:06 localhost pptpd[1454]: CTRL: Sent packet to client May 26 16:17:06 localhost pptpd[1454]: CTRL: Received PPTP Control Message (type: 7) May 26 16:17:06 localhost pptpd[1454]: CTRL: Set parameters to 0 maxbps, 16 window size May 26 16:17:06 localhost pptpd[1454]: CTRL: Made a OUT CALL RPLY packet May 26 16:17:06 localhost pptpd[1454]: CTRL: Starting call (launching pppd, opening GRE) May 26 16:17:06 localhost pptpd[1454]: CTRL: pty_fd = 4 May 26 16:17:06 localhost pptpd[1454]: CTRL: tty_fd = 5 May 26 16:17:06 localhost pptpd[1454]: CTRL: I wrote 32 bytes to the client. May 26 16:17:06 localhost pptpd[1454]: CTRL: Sent packet to client May 26 16:17:06 localhost pptpd[1455]: CTRL (PPPD Launcher): Connection speed = 115200 May 26 16:17:06 localhost pptpd[1455]: CTRL (PPPD Launcher): local address = 192.168.0.2 May 26 16:17:06 localhost pptpd[1455]: CTRL (PPPD Launcher): remote address = 192.168.1.2 May 26 16:17:06 localhost pppd[1455]: pppd 2.3.10 started by root, uid 0 May 26 16:17:06 localhost pppd[1455]: Using interface ppp0 May 26 16:17:06 localhost pppd[1455]: Connect: ppp0 <--> /dev/pts/2 May 26 16:17:06 localhost pppd[1455]: sent [LCP ConfReq id=0x1 ] May 26 16:17:06 localhost pppd[1455]: Timeout 0x8050164:0x8077660 in 3 seconds. May 26 16:17:07 localhost pptpd[1454]: CTRL: Received PPTP Control Message (type: 12) May 26 16:17:07 localhost pptpd[1454]: CTRL: Made a CALL DISCONNECT RPLY packet May 26 16:17:07 localhost pptpd[1454]: CTRL: Received CALL CLR request (closing call) May 26 16:17:07 localhost pptpd[1454]: CTRL: I wrote 148 bytes to the client. May 26 16:17:07 localhost pptpd[1454]: CTRL: Sent packet to client May 26 16:17:07 localhost pptpd[1454]: CTRL: Error with select(), quitting May 26 16:17:07 localhost pptpd[1454]: CTRL: Client 154.5.152.197 control connection finished May 26 16:17:07 localhost pptpd[1454]: CTRL: Exiting now May 26 16:17:07 localhost pppd[1455]: Modem hangup May 26 16:17:07 localhost pppd[1455]: Untimeout 0x8050164:0x8077660. May 26 16:17:07 localhost pppd[1455]: Connection terminated. May 26 16:17:07 localhost pppd[1455]: Exit. From jhummel at fulltiltsolutions.com Fri May 26 22:15:11 2000 From: jhummel at fulltiltsolutions.com (Jeffrey Hummel) Date: Fri, 26 May 2000 23:15:11 -0400 Subject: [pptp-server] PPTP Client problem Message-ID: Ok, now I got a bit further. One last question and I think I should be done. I have a NT PPTP server and a linux PPTP server. Honestly, the NT box is easier to administer since it pulls the usernames and passwords from the domain list and it pulls ip from a pool of DHCP addresses. I connect to the NT PPTP server from a linux PPTP client. Connection works well(MPPE-128, etc.). Hooray! If I connect from another machine, say Win98 or 2K, no problem. But if I connect from another linux client, no dice, it hangs after starting ppp->ppp[0-?] then dies after awhile. If I drop all of my connections, the first one starts out fine, but second, etc instances don't connect. Is there something like a call handler happening here? I tried to do a search for the answer, but I didn't get anywhere. Again, this list is one of the best I have been on. ( Attempt at butt-kissing!) -Jeff -----Original Message----- From: Jeffrey Hummel To: pptp-server at lists.schulte.org Cc: pptp-server at lists.schulte.org Sent: 5/26/00 12:10 PM Subject: RE: [pptp-server] PPTP Client problem Ok, I got past that one, noauth has to be in the command line twice ( for some odd reason...) but the link is up now and authenticated. The next problem is this -- I can ping any old machines (win98, 2000) but not any of my NT servers. Also, is there an easy was to pass wins through the link? Thanks again, Jeff -----Original Message----- From: Jeffrey Hummel [mailto:jhummel at fulltiltsolutions.com] Sent: Friday, May 26, 2000 11:15 AM To: pptp-server at lists.schulte.org Cc: pptp-server at lists.schulte.org Subject: [pptp-server] PPTP Client problem Hello, From eric at pmcipa.com Sat May 27 13:05:57 2000 From: eric at pmcipa.com (Eric Robinson) Date: Sat, 27 May 2000 11:05:57 -0700 Subject: [pptp-server] PoPToP on FreeBSD 3.4 -- Food for Thought Message-ID: <21B377B36413D311861C0004ACB8854A92EF@IPASERV> Does anyone have PoPToP running (with encryption) on FreeBSD 3.4? Please tell me how you did it. I'll gladly send you a box of your favorite cookies. (Get it? Food for thought? Okay, so it was really bad.) -- Eric Robinson From eric at pmcipa.com Sun May 28 16:09:48 2000 From: eric at pmcipa.com (Eric Robinson) Date: Sun, 28 May 2000 14:09:48 -0700 Subject: [pptp-server] Throwing in the Towel Message-ID: <21B377B36413D311861C0004ACB8854A92F0@IPASERV> Well, this has been an enlightening experience. Despite enormous enthusiasm on my part, despite days of hard work, despite partial success, I have been unable to get PoPToP running properly on FreeBSD. Naturally, I could switch to Linux, but then I would give up the better firewall option. Linux ipchains is not statefull and NetFilter is still in its infancy, whereas Darren Reed's ipfilter for xBSD is stable, reliable, powerful. I don't like having to choose between OSes because the good VPN solution is on one while the good firewall solution is on the other. So, I'm throwing in the towel and going with yet a third OS: Windows NT. Products like the following make such a choice very reasonable: http://tinysoftware.com/products.html. If you are also struggling to find the best of both worlds without spending a lot of money, I encourage you to check it out. -- Eric Robinson From kenlussier at mediaone.net Sun May 28 19:49:25 2000 From: kenlussier at mediaone.net (Kenneth E. Lussier) Date: Sun, 28 May 2000 20:49:25 -0400 Subject: [pptp-server] Patching a patch? References: <21B377B36413D311861C0004ACB8854A92F0@IPASERV> Message-ID: <3931BE95.4382E80@mediaone.net> Does anyone know 1)how to apply the mppe_stateless.diff patch to the ppp-2.3.10-openssl-norc4-mppe.patch? 2) from where in the directory structure to apply it? The packages are plentiful, but the docs on them are not... TIA, Kenny From mhorn at intracom.com Sun May 28 20:09:01 2000 From: mhorn at intracom.com (Mark Horn) Date: Sun, 28 May 2000 21:09:01 -0400 Subject: [pptp-server] Throwing in the Towel In-Reply-To: <21B377B36413D311861C0004ACB8854A92F0@IPASERV>; from eric@pmcipa.com on Sun, May 28, 2000 at 02:09:48PM -0700 References: <21B377B36413D311861C0004ACB8854A92F0@IPASERV> Message-ID: <20000528210901.A15455@mhorn.dyn.cheapnet.net> On Sun, May 28, 2000 at 02:09:48PM -0700, Eric Robinson wrote: >I don't like having to choose between OSes because the good VPN solution >is on one while the good firewall solution is on the other. So, I'm >throwing in the towel and going with yet a third OS: Windows NT. There is, of course, another option. Which is to run PPTP on Linux, and run the firewall on xBSD, with the Linux box on the inside of the firewall. - Mark From kenlussier at mediaone.net Sun May 28 20:41:35 2000 From: kenlussier at mediaone.net (Kenneth E. Lussier) Date: Sun, 28 May 2000 21:41:35 -0400 Subject: [pptp-server] Throwing in the Towel References: <21B377B36413D311861C0004ACB8854A92F0@IPASERV> <20000528210901.A15455@mhorn.dyn.cheapnet.net> Message-ID: <3931CACF.72159585@mediaone.net> I would have to agree with Mark. The PPTP server should be running some sort of packet filtering for additional security, but in my opinion, a firewall should be a firewall and nothing else. It shouln't be providing any kind of services. Not to mention, by going with NT, you're going to have to deal with their "embraced and extended" version of pptp. Kenny Mark Horn wrote: > > On Sun, May 28, 2000 at 02:09:48PM -0700, Eric Robinson wrote: > >I don't like having to choose between OSes because the good VPN solution > >is on one while the good firewall solution is on the other. So, I'm > >throwing in the towel and going with yet a third OS: Windows NT. > > There is, of course, another option. Which is to run PPTP on Linux, > and run the firewall on xBSD, with the Linux box on the inside of the > firewall. From nhdung at yahoo.com Mon May 29 03:36:30 2000 From: nhdung at yahoo.com (Dung Nguyen) Date: Mon, 29 May 2000 01:36:30 -0700 (PDT) Subject: [pptp-server] PPTP radius Message-ID: <20000529083630.16051.qmail@web2204.mail.yahoo.com> Hi James I am very interesting in PPTP radius, I've found your mail about Radius on PPTP-server mailing list, Could you show me where to get xradius..etc..and how to use it for PPTP. Thank you very much __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From macleajb at EDnet.NS.CA Mon May 29 04:39:31 2000 From: macleajb at EDnet.NS.CA (James MacLean) Date: Mon, 29 May 2000 06:39:31 -0300 (ADT) Subject: [pptp-server] Re: PPTP radius In-Reply-To: <20000529083630.16051.qmail@web2204.mail.yahoo.com> Message-ID: Hi Dung, Get the patch and start with the README. It hopefully has pointers to many of the apps you will need :). Hope this helps, JES On Mon, 29 May 2000, Dung Nguyen wrote: > Hi James > I am very interesting in PPTP radius, I've found your > mail about Radius on PPTP-server mailing list, Could > you show me where to get xradius..etc..and how to use > it for PPTP. > Thank you very much James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From nhdung at yahoo.com Mon May 29 06:33:20 2000 From: nhdung at yahoo.com (Dung Nguyen) Date: Mon, 29 May 2000 04:33:20 -0700 (PDT) Subject: [pptp-server] (no subject) Message-ID: <20000529113320.29283.qmail@web2203.mail.yahoo.com> Hi all I established a pptp connection from a linux host to my pptp server on my LAN (eth0 192.168.10.0), but i only reach (ping) to PPTP server not reach to the subnet of LAN. I have proxyarp on /etc/ppp/options and the local and remote ip address on /etc/pptpd.conf is the same with the subnet of LAN But i received an error on pptp client lof file: peer doesn't have privilege to use 192.168.10.2 addrerss Could some one have advices thank you __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From nhdung at yahoo.com Mon May 29 06:33:34 2000 From: nhdung at yahoo.com (Dung Nguyen) Date: Mon, 29 May 2000 04:33:34 -0700 (PDT) Subject: [pptp-server] proxyarp Message-ID: <20000529113334.20012.qmail@web2204.mail.yahoo.com> Hi all I established a pptp connection from a linux host to my pptp server on my LAN (eth0 192.168.10.0), but i only reach (ping) to PPTP server not reach to the subnet of LAN. I have proxyarp on /etc/ppp/options and the local and remote ip address on /etc/pptpd.conf is the same with the subnet of LAN But i received an error on pptp client lof file: peer doesn't have privilege to use 192.168.10.2 addrerss Could some one have advices thank you __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ From gigo at ibb.waw.pl Mon May 29 13:16:06 2000 From: gigo at ibb.waw.pl (Grzegorz A. Wieczorek) Date: Mon, 29 May 2000 20:16:06 +0200 (MDT) Subject: [pptp-server] No masq table again. Message-ID: Hello, I'm a newbie in the subject of VPNs, so please be patient... Last few days I was trying to install and use pptp based VPN. I used VPN-Masquerade-HOWTO and HOWTO-PoPTop as guides. I tested kernels 2.2.13 and 2.2.14 with appropriatre patches, pptpd version 1.0.0, pppd version 2.3.8 and 2.3.10, mppe built in. I encountered strange problem not described in mentioned faqs. I searched archives of this mailing list for answer, but my searches failed (only found the same question as mine, without answer...), so I ask: My Windoze VPN clients can connect to server easily: May 21 11:26:18 Lirout pptpd[322]: CTRL: Client 10.11.12.11 control connection started May 21 11:26:18 Lirout pptpd[322]: CTRL: Starting call (launching pppd, opening GRE) May 21 11:26:18 Lirout kernel: registered device ppp0 May 21 11:26:18 Lirout pppd[323]: pppd 2.3.10 started by root, uid 0 May 21 11:26:18 Lirout pppd[323]: Using interface ppp0 May 21 11:26:18 Lirout pppd[323]: Connect: ppp0 <--> /dev/pts/1 The problem is I cannot route traffic any further than to my vpn server. Following messages flood my logs: May 21 11:26:24 lirout kernel: ip_demasq_gre(): 10.11.12.11 -> 10.11.12.1 CID=0 VER=1 PROTO=880B May 21 11:26:24 lirout kernel: ip_masq_in_get_gre(): lookup 10.11.12.11->10.11.12.1 CID=0 FAIL May 21 11:26:24 lirout kernel: ip_demasq_gre(): 10.11.12.11 -> 10.11.12.1 CID=0 no masq table, discarding Of course I do echo "1" > /proc/sys/net/ipv4/ip_forward, all masquerading modules loaded, ipchains rule regarding masquerading forwarded traffic set, etc etc... When I connect from external side of the net I get appropriate errors: May 21 13:58:33 Lirout kernel: ip_demasq_gre(): 212.244.128.50 -> 195.116.168.246 CID=0 no masq table, discarding Please help me out!! If you need extra info about my configuration, let me know (don't want to flood and don't know if you need more info). Thanks in advance, Grzegorz Wieczorek From jburke at asitatech.ie Mon May 29 12:02:14 2000 From: jburke at asitatech.ie (Jarlath Burke) Date: Mon, 29 May 2000 18:02:14 +0100 Subject: [pptp-server] Forcing NT client to use MPPE encryption Message-ID: <01bfc98f$a35c8880$a07fa8c0@mofo.asitatech.ie> I patched ppp-2.3.11 with the require-mppe patch from www.smop.de to force clients to use MPPE encryption. This works fine with Windows 95 clients as I cannot connect to the PoPToP server unless I have the "Require data encryption" tab set on the Win95 client options ( I also added require-mppe-stateless to my /etc/ppp/options file). I can verify that the data is encrypted over the VPN by using a packet sniffer ( tcpdump) and ping. Also, the /var/log/messages file ont the PoPToP server reports messages like: pppd[1156]: local IP address 10.0.1.1 pppd[1156]: remote IP address 10.01.4 pppd[1156]: MPPE 40 bit, stateless compression enabled pppd[1156]: stateless MPPE enforced However, I cannot force a Windows NT client to use MPPE encryption. The Security options under the 'edit entry and modem properties' of the NT client give 3 choices: o Accept any authentication including cleartext o Accept only encrypted authentication o Accept only Microsoft encrypted authentication [] Require data encryption [] Use current username and password Only when the "Accept only Microsoft encrypted authentication" and the "Require data encryption" tabs are chosen does any encryption occur. The PoPToP server reports in /var/log/messages that stateless MPPE has been enforced. I verified that this is the case using tcpdump and ping again. My /etc/ppp/options file on the PoPToP server contains the following: lock name zooropa debug auth nodeflate require-chap -pap +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp mtu 1500 mru 1500 require-mppe-stateless chapms-strip-domain Did anyone else experience the same problems? I haven't checked if the problem occurs with Win 98 clients but I'm going to look into it. In the meantime, any suggestions / solutions to this problem would be greatly appreciated. Regards, Jarlath. Jarlath Burke Asita Technologies Intl. Ltd. Unit 2, Ballybrit Business Park Galway. Ireland. Ph: +353 91 758353 Mob: 086 8577392 Email: jburke at asitatech.ie Web: http://www.asitatech.com ?--------------------------------------------------------------------------- ? R2Go the world's first commercial high speed router switch based on proven, standard PC components and cards ... the dawn of true O p e n I P N e t w o r k i n g .... ?--------------------------------------------------------------------------- ? From Steve.Cowles at gte.net Mon May 29 14:00:49 2000 From: Steve.Cowles at gte.net (Cowles, Steve) Date: Mon, 29 May 2000 14:00:49 -0500 Subject: [pptp-server] No masq table again. Message-ID: <31361954B2ADD2118B0900A0C90AFC3E05DB57@defiant.dsl.gtei.net> > -----Original Message----- > From: Grzegorz A. Wieczorek [mailto:gigo at ibb.waw.pl] > Sent: Monday, May 29, 2000 1:16 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] No masq table again. > > May 21 11:26:24 lirout kernel: ip_demasq_gre(): 10.11.12.11 -> > 10.11.12.1 CID=0 VER=1 PROTO=880B > May 21 11:26:24 lirout kernel: ip_masq_in_get_gre(): lookup > 10.11.12.11->10.11.12.1 CID=0 FAIL > May 21 11:26:24 lirout kernel: ip_demasq_gre(): 10.11.12.11 > -> 10.11.12.1 > CID=0 no masq table, discarding > I got the above message back when I moved my PPTP server from a behind my linux based firewall to the firewall itself. e.g. I no longer had a masq's PPTP server on my 192.168.9.0/24 network. When I moved PPTP to the firewall, I made all of the necessary changes to the config files and the ipchain rules, but forgot to "remove" the "ip_masq_gre module when my system booted. Because the module was still loaded, it saw a GRE packet hitting the external interface without the corresponding masq'd entry in its outbound tables. e.g. It's trying to "de-masq" the inbound packet, when it never masq'd an outbound packet in the first place, so the lookup fails. When I removed (rmmod) the ip_masq_gre module, I no longer got the above messages in my log files. > The problem is I cannot route traffic any further than to my > vpn server. Without seeing your PPTP/pppd config files and given the fact you can at least talk to the PPTP server, I would speculate that this is probably an "ipchains" related problem. Although, this could be proxyarp related. Anyway, I would download Tom Eastep's ipchians based firewall called "Seawall" from http://seawall.sourceforge.net. Tom has gone into great detail on dealing with pptp servers running on both the firewall and behind a firewall. By simply editing a few (well documented) config files that define your network topolgy, it will run the appropiate ipchain, ipmasqadm and ipfwd commands necessary to deal with PPTP servers. This was a life saver to me when I setup PPTP. Steve Cowles From aaa at netman.dk Mon May 29 14:15:59 2000 From: aaa at netman.dk (Alaa Alamood) Date: Mon, 29 May 2000 21:15:59 +0200 Subject: [pptp-server] linux client Message-ID: <3932C1EF.C377E08E@netman.dk> Hi I have pptp server installed on linux RedHad 6.2, it's working very well with windows. is any body know how to configure linux as client for a linux server my /etc/ppp/options look like debug lock local +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name snow.netman.dk auth proxyarp ms-dns teapot.netman.dk #the primery domain name server ms-dns tinderbox.netman.dk #the secundary domain name server defaultroute #to specify the default router ms-wins 172.16.0.1 #Samba server for the vpn clients ms-wins 172.16.0.2 #Samba server for the vpn clients netmask 255.255.0.0 #used this netmask to enable subnet B to see the subnet C clients logfile /var/ppp/log #send the log messages to the /var/ppp/log regards From sean at mds-networks.com Mon May 29 19:15:54 2000 From: sean at mds-networks.com (Sean McAvoy) Date: Mon, 29 May 2000 20:15:54 -0400 Subject: [pptp-server] PoPToP and Linux PPPTP client Message-ID: Hello, just having some problems connecting a Linux pptp client to a PoPToP (RH Linux) server, which is behind a Linux NAT Firewall. It seems that both are waiting to authenticate but do not. Any Ideas??? Thanks for ANY help! Sean McAvoy MDS Networks sean at mds-networks.com Server May 29 20:00:56 server pptpd[18323]: CTRL: Client 24.141.14.135 control connection started May 29 20:00:57 server pptpd[18323]: CTRL: Starting call (launching pppd, opening GRE) May 29 20:00:57 server pppd[18324]: pppd 2.3.10 started by root, uid 0 May 29 20:00:57 server pppd[18324]: Using interface ppp0 May 29 20:00:57 server pppd[18324]: Connect: ppp0 <--> /dev/pts/3 May 29 20:00:59 server pptpd[18323]: GRE: Discarding duplicate packet May 29 20:01:01 server pppd[18324]: LCP terminated by peer (peer refused to authenticate) May 29 20:01:03 server pppd[18324]: Connection terminated. May 29 20:01:03 server pppd[18324]: Exit. May 29 20:01:03 server pptpd[18323]: GRE: read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error May 29 20:01:03 server pptpd[18323]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) May 29 20:01:03 server pptpd[18323]: CTRL: Client 24.141.14.135 control connection finished Client May 29 19:07:20 co38235-a (unknown)[27767]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:531]: Client connection established. May 29 19:07:21 co38235-a (unknown)[27760]: log[pptp_read_some:pptp_ctrl.c:368]: read error: Broken pipe May 29 19:07:21 co38235-a (unknown)[27767]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:637]: Outgoing call established. May 29 19:07:21 co38235-a modprobe: Note: /etc/conf.modules is more recent than /lib/modules/2.2.14-5.0/modules.dep May 29 19:07:21 co38235-a pppd[27770]: pppd 2.3.10 started by root, uid 0 May 29 19:07:21 co38235-a pppd[27770]: Using interface ppp0 May 29 19:07:21 co38235-a pppd[27770]: Connect: ppp0 <--> /dev/ttya0 May 29 19:07:25 co38235-a pppd[27770]: peer refused to authenticate: terminating link May 29 19:07:25 co38235-a pppd[27770]: Connection terminated. May 29 19:07:26 co38235-a pppd[27770]: Exit. From teastep at evergo.net Mon May 29 19:51:18 2000 From: teastep at evergo.net (Tom Eastep) Date: Mon, 29 May 2000 17:51:18 -0700 (PDT) Subject: [pptp-server] PoPToP and Linux PPPTP client In-Reply-To: Message-ID: On Mon, 29 May 2000, Sean McAvoy wrote: > Hello, just having some problems connecting a Linux pptp client to a PoPToP > (RH Linux) server, which is behind a Linux NAT Firewall. It seems that both > are waiting to authenticate but do not. Any Ideas??? > Thanks for ANY help! > Have you installed John Hardin's VPN Masquerade patch on your Linux firewall? (http://www.wolfenet.com/~jhardin/ip_masq_vpn.html). -Tom -- Tom Eastep \ Eastep's First Principle of Computing: ICQ #60745924 \ "Any sane computer will tell you how it teastep at evergo.net \ works if you ask it the proper questions" Shoreline, Washington USA \___________________________________________ From neale at lowendale.com.au Mon May 29 20:41:58 2000 From: neale at lowendale.com.au (Neale Banks) Date: Tue, 30 May 2000 11:41:58 +1000 (EST) Subject: [pptp-server] PoPToP and Linux PPPTP client In-Reply-To: Message-ID: On Mon, 29 May 2000, Tom Eastep wrote: > On Mon, 29 May 2000, Sean McAvoy wrote: > > > Hello, just having some problems connecting a Linux pptp client to a PoPToP > > (RH Linux) server, which is behind a Linux NAT Firewall. It seems that both > > are waiting to authenticate but do not. Any Ideas??? > > Thanks for ANY help! > > > > Have you installed John Hardin's VPN Masquerade patch on your Linux > firewall? (http://www.wolfenet.com/~jhardin/ip_masq_vpn.html). In this case, I'm not sure that's the problem - if it were, I don't think we'd be seing the pppds (unsuccessfully) negotiating. First things I'd check here: 1) on the linux-pptp machine, is "noauth" being passed as an option to pppd? Without "noauth", by default the ppd will demand that the other side provide authentication (NOTE: do NOT be tempted to use this option on the PoPToP server!). 2) is there a valid username/password for authenticating the pptp-linux caller the PoPToP server in /etc/chap-secrets on *both* machines? HTH, Neale. From sean at mds-networks.com Tue May 30 02:50:32 2000 From: sean at mds-networks.com (Sean McAvoy) Date: Tue, 30 May 2000 03:50:32 -0400 Subject: [pptp-server] problems Message-ID: Having major speed problems with the pptp client connecting to a PoPTop server. Ping goes from a normal 45ms to 5000ms jumping up and down. Then the system procedes to lock up (really werid). What are the min specs for the pptp client (sorry if this is the wrong list). Thanks in advance From ddobre at deuroconsult.ro Tue May 30 05:15:48 2000 From: ddobre at deuroconsult.ro (Dragos DOBRE) Date: Tue, 30 May 2000 13:15:48 +0300 Subject: [pptp-server] pptpd+chapms+radius References: Message-ID: <393394D4.3E983135@deuroconsult.ro> James MacLean wrote: > > > The server should authenticate the tunnels (users) via a Radius server. > > The key to this hack is the radius server. Currently it _must_ be > xtradius, and it _must_ use the checkmysql or whatever I called it :(. The > reason being that it does send the wrong passwd, but the radius server > sends back the magic NtHash which is used to do the rest. ok, i have the xtradius server configured as said in the readme from chap_crap-0.2/README : that is i have applied the patches to : xtradius , ppp-2.3.11 and AuthAccount my /etc/ppp/chap-secrets file looks like: # client server secret IP addresses * * !nothing * my hostname is eris. (the username/password pairs in mySQL are: eris/parola jambo/parola from /var/log/messages (logging from 192.168.4.149 as jambo/parola) May 30 13:02:21 eris pptpd[10900]: CTRL: Client 192.168.4.149 control connection started May 30 13:02:21 eris pptpd[10900]: CTRL: Starting call (launching pppd, opening GRE) May 30 13:02:21 eris pppd[10901]: client=NULL, server=eris, secret=NULL May 30 13:02:21 eris pppd[10901]: client2=NULL, server=eris, secret=NULL word=!nothing addrs=Ok May 30 13:02:21 eris pppd[10901]: Trying Radius client=NULL, server=eris devnam=/dev/pts/7 May 30 13:02:21 eris pppd[10901]: User eris:eris May 30 13:02:21 eris pppd[10901]: S eris Return=1, passwd=CF5228C5298773D96A40A2E55008531A May 30 13:02:21 eris pppd[10901]: client=NULL, server=eris, secret=NULL May 30 13:02:21 eris pppd[10901]: HUH 192.168.30.11 May 30 13:02:21 eris pppd[10901]: pppd 2.3.11 started by root, uid 0 May 30 13:02:21 eris pppd[10901]: Using interface ppp0 May 30 13:02:21 eris pppd[10901]: Connect: ppp0 <--> /dev/pts/7 May 30 13:02:21 eris pppd[10901]: client=eris, server=NULL, secret=???????? May 30 13:02:21 eris pppd[10901]: client=eris, server=NULL, secret=NULL May 30 13:02:21 eris pppd[10901]: client2=eris, server=NULL, secret=NULL word=!nothing addrs=Ok May 30 13:02:21 eris pppd[10901]: Trying Radius client=eris, server=NULL devnam=/dev/pts/7 May 30 13:02:21 eris pppd[10901]: Client sneaks in addr:192.168.30.11 May 30 13:02:21 eris pppd[10901]: C eris Return=1, passwd=CF5228C5298773D96A40A2E55008531A May 30 13:02:21 eris pppd[10901]: client=eris, server=NULL, secret=NULL May 30 13:02:21 eris pppd[10901]: client=NULL, server=eris, secret=NULL May 30 13:02:21 eris pppd[10901]: client2=NULL, server=eris, secret=NULL word=!nothing addrs=Ok May 30 13:02:21 eris pppd[10901]: Trying Radius client=NULL, server=eris devnam=/dev/pts/7 May 30 13:02:21 eris pppd[10901]: Server sneaks in addr:192.168.30.11 May 30 13:02:21 eris pppd[10901]: S eris Return=1, passwd=CF5228C5298773D96A40A2E55008531A May 30 13:02:21 eris pppd[10901]: client=NULL, server=eris, secret=NULL May 30 13:02:21 eris pppd[10901]: HUH 192.168.30.11 May 30 13:02:22 eris pptpd[10900]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! May 30 13:02:22 eris pppd[10901]: client=jambo, server=eris, secret= May 30 13:02:22 eris pppd[10901]: client2=jambo, server=eris, secret= word=!nothing addrs=Ok May 30 13:02:22 eris pppd[10901]: Trying Radius client=jambo, server=eris devnam=/dev/pts/7 May 30 13:02:22 eris pppd[10901]: Client sneaks in addr:192.168.30.11 May 30 13:02:22 eris pppd[10901]: C jambo Return=1, passwd=CF5228C5298773D96A40A2E55008531A May 30 13:02:22 eris pppd[10901]: client=jambo, server=eris, secret=CF5228C5298773D96A40A2E55008531A May 30 13:02:22 eris kernel: PPP BSD Compression module registered May 30 13:02:22 eris pppd[10901]: MSCHAP peer authentication succeeded for jambo May 30 13:02:22 eris pppd[10901]: Cannot determine ethernet address for proxy ARP May 30 13:02:22 eris pppd[10901]: local IP address 10.10.10.1 May 30 13:02:22 eris pppd[10901]: remote IP address 192.168.30.11 May 30 13:02:55 eris pppd[10901]: CCP: timeout sending Config-Requests you may see that pppd goes to ask radius about eris user, and not about jambo user!!! that is the reason for I've created 2 entries (eris and jambo) with the same pass in the SQL database radius auth. the user eris !!!!! (192.168.30.11 is for user/tunnel eris , for jambo it should be 192.168.30.7) (/var/log/radius.log) Tue May 30 13:02:21 2000: Debug: Exec-Program-Wait: value-pairs: Callback-Number=CF5228C5298773D96A40A2E55008531A,Framed-IP-Address=192.168.30.11 Reply-Message=Authok, Tue May 30 13:02:21 2000: Auth: Login OK: [eris/!nothing] (from nas eris/S0) so,why does auth.c from pppd tries to send the wrong username/password pairs? i mean, if the user eris has different password than jambo, radius.log shows: Tue May 30 10:51:56 2000: Auth: Login incorrect: [eris/!nothing] (from nas eris/S0) Tue May 30 10:51:57 2000: Auth: Login incorrect: [eris/!nothing] (from nas eris/S0) Tue May 30 10:51:59 2000: Auth: Login incorrect: [eris/!nothing] (from nas eris/S0) Tue May 30 10:52:00 2000: Auth: Login incorrect: [jambo/!nothing] (from nas eris/S0) Tue May 30 10:52:01 2000: Auth: Login incorrect: [eris/!nothing] (from nas eris/S0) the 4-th time auth sends the correct username but not the password. can someone help me with this? > > has anyone succesfully installed all the above and does this work? > > Only me I guess :). /me is on the way :) > James B. MacLean macleajb at ednet.ns.ca deep respect, -- Dragos Adrian DOBRE Network Systems Specialist Deuroconsult Brasov, Romania From adam at morrison-ind.com Tue May 30 09:15:18 2000 From: adam at morrison-ind.com (Adam Tauno Williams) Date: Tue, 30 May 2000 10:15:18 -0400 Subject: [pptp-server] Patching a patch? In-Reply-To: <3931BE95.4382E80@mediaone.net> References: <21B377B36413D311861C0004ACB8854A92F0@IPASERV> <3931BE95.4382E80@mediaone.net> Message-ID: <200005301415.e4UEFI915377@localhost.localdomain> > Does anyone know 1)how to apply the mppe_stateless.diff patch to the > ppp-2.3.10-openssl-norc4-mppe.patch? 2) from where in the directory > structure to apply it? The packages are plentiful, but the docs on them > are not... I have the pppd-2.3.10 source with all the relevant packages (plus mods to use an LDAP directory for authentication) that I hope to put up on a website this week. I'm also going to try and create a "meta-" patch that includes all the changes. I don't want to offend any patch creator's however. Does anyone object to this? Systems and Network Administrator Morrison Industries 1825 Monroe Ave NW. Grand Rapids, MI. 49505 From macleajb at EDnet.NS.CA Tue May 30 12:01:14 2000 From: macleajb at EDnet.NS.CA (James MacLean) Date: Tue, 30 May 2000 14:01:14 -0300 (ADT) Subject: [pptp-server] pptpd+chapms+radius In-Reply-To: <393394D4.3E983135@deuroconsult.ro> Message-ID: On Tue, 30 May 2000, Dragos DOBRE wrote: > my hostname is eris. > (the username/password pairs in mySQL are: > > eris/parola > jambo/parola My goal with this project was to use Xtradius to authenticate on the one side, not on both :(. So if you are eris and want to authenticate to jambo (who runs xtradius authentication) , you would only put eris's userid/nthash-passwd on jambo's xtradius database. Then eris should use /etc/ppp/chap-secrets the old way, or maybe using smbpasswd. At least that was my original intention ;). But... If I understand your goal, you want both your client and the server to use Xtradius for authentication? Hmmm. you would need to modify auth.c atleast so that it only tries to match the userid when it is one of client or server, but not both. And it must be the correct one :). How's that for confusing the issue:). I can also say that once pppd gets a valid userid/passwd, it will not actually (or atleast it shouldn't) talk to radius anymore until it is authenticated. > > > has anyone succesfully installed all the above and does this work? > > Only me I guess :). > /me is on the way :) Let me know if I captured what you are trying to do, and I will see about changing the code a bit... JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From USTS034 at UABDPO.DPO.UAB.EDU Tue May 30 14:21:07 2000 From: USTS034 at UABDPO.DPO.UAB.EDU (Landy Manderson) Date: Tue, 30 May 00 14:21:07 CDT Subject: [pptp-server] Encrypted sessions using NTS Tunnel Builder Message-ID: <200005301933.e4UJXNZ22170@snaildust.schulte.org> I've been running PoPToP 1.0 for a few weeks, and successfully connecting in with Windows 9x and all of the appropriate patches. Now, we are trying out NTS Tunnel Builder so that our Mac clients will be able to connect also. The problem I'm having is that the session will connect but not pass traffic if encryption is selected. This is the case for both the PC and Mac versions of Tunnel Builder. It is requesting 40-bit stateless encryption, and the log shows that all packets after this is negotiated are essentially garbled. It is almost as if the two ends do not agree on how to perform or initialize the encryption. So I guess my question is, is anyone using a similar configuration with success? Is there anything obvious which I could've overlooked? I would think I have one of the patches installed incorrectly if the M$ VPN adapter didn't work flawlessly when it requests the very same encryption. From barjunk at attglobal.net Tue May 30 16:17:18 2000 From: barjunk at attglobal.net (Michael Barsalou) Date: Tue, 30 May 2000 13:17:18 -0800 Subject: [pptp-server] special considerations Message-ID: <200005302118.e4ULI1w23140@snaildust.schulte.org> What special considerations are there when using a Windows VPN client behind a masqueraded firewall? I have tried opening the firewall's completely but it still doesn't seem to help. I am getting LCP timeout on the pptp server. One thing to note is that when I connect the server to the internal network, I can connect to it fine. So I know that the server is setup correctly. It seems like it has to be because the windows client is being masqueraded. Is it possible that the LCP requests aren't going back to the right machine? Not being desmasqed correctly/at all? What are some ideas on how to track this down? Mike Michael Barsalou barjunk at attglobal.net From teastep at evergo.net Tue May 30 19:59:37 2000 From: teastep at evergo.net (Tom Eastep) Date: Tue, 30 May 2000 17:59:37 -0700 (PDT) Subject: [pptp-server] special considerations In-Reply-To: <200005302118.e4ULI1w23140@snaildust.schulte.org> Message-ID: Michael, On Tue, 30 May 2000, Michael Barsalou wrote: > What special considerations are there when using a Windows VPN > client behind a masqueraded firewall? > > I have tried opening the firewall's completely but it still doesn't > seem to help. > > I am getting LCP timeout on the pptp server. > > One thing to note is that when I connect the server to the internal > network, I can connect to it fine. So I know that the server is setup > correctly. > > It seems like it has to be because the windows client is being > masqueraded. Is it possible that the LCP requests aren't going > back to the right machine? Not being desmasqed correctly/at all? > > What are some ideas on how to track this down? > Look at http://www.wolfenet.com/~jhardin/ip_masq_vpn.html -Tom -- Tom Eastep \ Eastep's First Principle of Computing: ICQ #60745924 \ "Any sane computer will tell you how it teastep at evergo.net \ works if you ask it the proper questions" Shoreline, Washington USA \___________________________________________ From MJBarsalou at attglobal.net Tue May 30 17:41:04 2000 From: MJBarsalou at attglobal.net (Barsalou) Date: Tue, 30 May 2000 17:41:04 -9:00 Subject: [pptp-server] special considerations In-Reply-To: References: <200005302118.e4ULI1w23140@snaildust.schulte.org> Message-ID: <200005310137.e4V1bl025418@snaildust.schulte.org> Thanks that is what I was looking for. Now it doesn't compile for me. I get failed hunks. Any ideas on what to do next? Mike Date sent: Tue, 30 May 2000 17:59:37 -0700 (PDT) From: Tom Eastep To: mjbarsalou at ibm.net Copies to: pptp-server at lists.schulte.org Subject: Re: [pptp-server] special considerations > Michael, > > On Tue, 30 May 2000, Michael Barsalou wrote: > > > What special considerations are there when using a Windows VPN > > client behind a masqueraded firewall? > > > > I have tried opening the firewall's completely but it still doesn't > > seem to help. > > > > I am getting LCP timeout on the pptp server. > > > > One thing to note is that when I connect the server to the internal > > network, I can connect to it fine. So I know that the server is setup > > correctly. > > > > It seems like it has to be because the windows client is being > > masqueraded. Is it possible that the LCP requests aren't going > > back to the right machine? Not being desmasqed correctly/at all? > > > > What are some ideas on how to track this down? > > > > Look at http://www.wolfenet.com/~jhardin/ip_masq_vpn.html > > -Tom > -- > Tom Eastep \ Eastep's First Principle of Computing: > ICQ #60745924 \ "Any sane computer will tell you how it > teastep at evergo.net \ works if you ask it the proper questions" > Shoreline, Washington USA \___________________________________________ > > From yan at cardinalengineering.com Tue May 30 20:50:12 2000 From: yan at cardinalengineering.com (Yan Seiner) Date: Tue, 30 May 2000 21:50:12 -0400 Subject: [pptp-server] special considerations References: <200005302118.e4ULI1w23140@snaildust.schulte.org> <200005310137.e4V1bl025418@snaildust.schulte.org> Message-ID: <39346FD4.49D735FA@cardinalengineering.com> AH! the failed hunks are easy. I bet you downloaded using a windows version of Netscape. NS converts unix end-of-line to ms end-of-line automatically on download. When you try to patch using this file, it will fail. You need to download using a linux version of NS or lynx or some linux based browser, or run the downloaded file through dos2unix. Can we please put this in the FAQ? Thanks, --Yan Barsalou wrote: > > Thanks that is what I was looking for. > > Now it doesn't compile for me. I get failed hunks. > > Any ideas on what to do next? > > Mike > > Date sent: Tue, 30 May 2000 17:59:37 -0700 (PDT) > From: Tom Eastep > To: mjbarsalou at ibm.net > Copies to: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] special considerations > > > Michael, > > > > On Tue, 30 May 2000, Michael Barsalou wrote: > > > > > What special considerations are there when using a Windows VPN > > > client behind a masqueraded firewall? > > > > > > I have tried opening the firewall's completely but it still doesn't > > > seem to help. > > > > > > I am getting LCP timeout on the pptp server. > > > > > > One thing to note is that when I connect the server to the internal > > > network, I can connect to it fine. So I know that the server is setup > > > correctly. > > > > > > It seems like it has to be because the windows client is being > > > masqueraded. Is it possible that the LCP requests aren't going > > > back to the right machine? Not being desmasqed correctly/at all? > > > > > > What are some ideas on how to track this down? > > > > > > > Look at http://www.wolfenet.com/~jhardin/ip_masq_vpn.html > > > > -Tom > > -- > > Tom Eastep \ Eastep's First Principle of Computing: > > ICQ #60745924 \ "Any sane computer will tell you how it > > teastep at evergo.net \ works if you ask it the proper questions" > > Shoreline, Washington USA \___________________________________________ > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From teastep at evergo.net Tue May 30 20:59:33 2000 From: teastep at evergo.net (Tom Eastep) Date: Tue, 30 May 2000 18:59:33 -0700 (PDT) Subject: [pptp-server] special considerations In-Reply-To: <200005310139.SAA11741@ursa.eastep.dsl.evergo.net> Message-ID: On Tue, 30 May 2000, Barsalou wrote: > Thanks that is what I was looking for. > > Now it doesn't compile for me. I get failed hunks. > > Any ideas on what to do next? > Which version of the kernel are you trying to patch? -Tom -- Tom Eastep \ Eastep's First Principle of Computing: ICQ #60745924 \ "Any sane computer will tell you how it teastep at evergo.net \ works if you ask it the proper questions" Shoreline, Washington USA \___________________________________________ From MJBarsalou at attglobal.net Tue May 30 19:05:17 2000 From: MJBarsalou at attglobal.net (Barsalou) Date: Tue, 30 May 2000 19:05:17 -9:00 Subject: [pptp-server] special considerations In-Reply-To: References: <200005310139.SAA11741@ursa.eastep.dsl.evergo.net> Message-ID: <200005310302.e4V325M26244@snaildust.schulte.org> 2.2.14-5. I tried applying the patches from J Hardin's site, even the one for the RedHat stuff (especially the failed hunks). That extra patch failed on both hunks. Mike Date sent: Tue, 30 May 2000 18:59:33 -0700 (PDT) From: Tom Eastep To: Barsalou Copies to: mjbarsalou at ibm.net, pptp-server at lists.schulte.org Subject: Re: [pptp-server] special considerations > On Tue, 30 May 2000, Barsalou wrote: > > > Thanks that is what I was looking for. > > > > Now it doesn't compile for me. I get failed hunks. > > > > Any ideas on what to do next? > > > > Which version of the kernel are you trying to patch? > > -Tom > -- > Tom Eastep \ Eastep's First Principle of Computing: > ICQ #60745924 \ "Any sane computer will tell you how it > teastep at evergo.net \ works if you ask it the proper questions" > Shoreline, Washington USA \___________________________________________ > > From MJBarsalou at attglobal.net Tue May 30 19:05:17 2000 From: MJBarsalou at attglobal.net (Barsalou) Date: Tue, 30 May 2000 19:05:17 -9:00 Subject: [pptp-server] special considerations In-Reply-To: <39346FD4.49D735FA@cardinalengineering.com> Message-ID: <200005310302.e4V325j26245@snaildust.schulte.org> Actually only got two failed hunks out of about 20? or so. I downloaded them directly to the linux server via ftp. Mike Date sent: Tue, 30 May 2000 21:50:12 -0400 From: Yan Seiner To: Barsalou Copies to: mjbarsalou at ibm.net, Tom Eastep , pptp-server at lists.schulte.org Subject: Re: [pptp-server] special considerations > AH! the failed hunks are easy. I bet you downloaded using a windows > version of Netscape. NS converts unix end-of-line to ms end-of-line > automatically on download. When you try to patch using this file, it > will fail. > > You need to download using a linux version of NS or lynx or some linux > based browser, or run the downloaded file through dos2unix. > > Can we please put this in the FAQ? > > Thanks, > > --Yan > > Barsalou wrote: > > > > Thanks that is what I was looking for. > > > > Now it doesn't compile for me. I get failed hunks. > > > > Any ideas on what to do next? > > > > Mike > > > > Date sent: Tue, 30 May 2000 17:59:37 -0700 (PDT) > > From: Tom Eastep > > To: mjbarsalou at ibm.net > > Copies to: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] special considerations > > > > > Michael, > > > > > > On Tue, 30 May 2000, Michael Barsalou wrote: > > > > > > > What special considerations are there when using a Windows VPN > > > > client behind a masqueraded firewall? > > > > > > > > I have tried opening the firewall's completely but it still doesn't > > > > seem to help. > > > > > > > > I am getting LCP timeout on the pptp server. > > > > > > > > One thing to note is that when I connect the server to the internal > > > > network, I can connect to it fine. So I know that the server is setup > > > > correctly. > > > > > > > > It seems like it has to be because the windows client is being > > > > masqueraded. Is it possible that the LCP requests aren't going > > > > back to the right machine? Not being desmasqed correctly/at all? > > > > > > > > What are some ideas on how to track this down? > > > > > > > > > > Look at http://www.wolfenet.com/~jhardin/ip_masq_vpn.html > > > > > > -Tom > > > -- > > > Tom Eastep \ Eastep's First Principle of Computing: > > > ICQ #60745924 \ "Any sane computer will tell you how it > > > teastep at evergo.net \ works if you ask it the proper questions" > > > Shoreline, Washington USA \___________________________________________ > > > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > From teastep at evergo.net Tue May 30 22:33:11 2000 From: teastep at evergo.net (Tom Eastep) Date: Tue, 30 May 2000 20:33:11 -0700 (PDT) Subject: [pptp-server] special considerations In-Reply-To: <200005310303.UAA14296@ursa.eastep.dsl.evergo.net> Message-ID: Michael, On Tue, 30 May 2000, Barsalou wrote: > 2.2.14-5. I tried applying the patches from J Hardin's site, even the one for > the RedHat stuff (especially the failed hunks). That extra patch failed on > both hunks. > Can't help you there -- when I apply patches from sources other than RedHat, I never use the RedHat kernel source tree; instead, I use Linus's tree which is what people producing the patches invariably use... If you want to continue trying to patch the RedHat sources, I would contact John directly for assistance... -Tom -- Tom Eastep \ Eastep's First Principle of Computing: ICQ #60745924 \ "Any sane computer will tell you how it teastep at evergo.net \ works if you ask it the proper questions" Shoreline, Washington USA \___________________________________________ From MJBarsalou at attglobal.net Tue May 30 21:27:22 2000 From: MJBarsalou at attglobal.net (Barsalou) Date: Tue, 30 May 2000 21:27:22 -9:00 Subject: [pptp-server] special considerations In-Reply-To: References: <200005310303.UAA14296@ursa.eastep.dsl.evergo.net> Message-ID: <200005310524.e4V5O3N27403@snaildust.schulte.org> Maybe I can use Linus' sources and then do a diff against the redhat tree to get a good patch. What do you think about that? Mike BTW, thanks for your help so far. Mike Date sent: Tue, 30 May 2000 20:33:11 -0700 (PDT) From: Tom Eastep To: Barsalou Copies to: mjbarsalou at ibm.net, pptp-server at lists.schulte.org Subject: Re: [pptp-server] special considerations > Michael, > > On Tue, 30 May 2000, Barsalou wrote: > > > 2.2.14-5. I tried applying the patches from J Hardin's site, even the one for > > the RedHat stuff (especially the failed hunks). That extra patch failed on > > both hunks. > > > > Can't help you there -- when I apply patches from sources other than > RedHat, I never use the RedHat kernel source tree; instead, I use Linus's > tree which is what people producing the patches invariably use... > > If you want to continue trying to patch the RedHat sources, I would > contact John directly for assistance... > > -Tom > -- > Tom Eastep \ Eastep's First Principle of Computing: > ICQ #60745924 \ "Any sane computer will tell you how it > teastep at evergo.net \ works if you ask it the proper questions" > Shoreline, Washington USA \___________________________________________ > > From ddobre at deuroconsult.ro Wed May 31 04:32:16 2000 From: ddobre at deuroconsult.ro (Dragos DOBRE) Date: Wed, 31 May 2000 12:32:16 +0300 Subject: [pptp-server] pptpd+chapms+radius References: Message-ID: <3934DC20.31C66598@deuroconsult.ro> James MacLean wrote: > > My goal with this project was to use Xtradius to authenticate on the one > side, not on both :(. sorry if I misled you all to this confusion! Let me rephrase: I have a tunnel server, hostname eris.It runs stock RH6.2 (today i'll update it's kernel to 2.2.15, linus tree), with pptpd version 1.1.1 and PPP deamon v2.3.11. the ppp daemon is patched with the following patches: ppp-2.3.11-make.patch ppp-2.3.11-openssl-0.9.5-mppe.patch ppp-2.3.11-options.patch ppp-2.3.11-require-mppe.patch ppp-2.3.11-rh62-kill_fasync.patch ppp-2.3.11-strip-MSdomain.patch (they are 2.3.10 modified patches, i'll post them on a ftp site soon) I have installed radius-client libs (radiusclient-0.3.1) and xtradius-1.0beta , toghether with libsmbpw-1.1 ,AuthAccount-1.0, and i patched them against the files from chap_crap-0.2 (from James) i have also installed mysql and made the tables as specified in chap_crap-0.2 (modified from auth-account) The username/nthash-passwd for the clients resides in the mysql database > But... If I understand your goal, you want both your client and the server > to use Xtradius for authentication? Hmmm. you would need to modify auth.c > atleast so that it only tries to match the userid when it is one of client > or server, but not both. And it must be the correct one :). I only want to auth the clients to eris.not eris to clients. > How's that for confusing the issue:). :) > I can also say that once pppd gets a valid userid/passwd, it will not > actually (or atleast it shouldn't) talk to radius anymore until it is > authenticated. so let's draw a quick picture here: the client (let's call it jambo (user=jambo ;password=parola) , it's a win98 pptp client dials to 192.168.4.246 (thats eris). jambo's IP is 192.168.4.149. the pptpd sees an incoming request, fires-up pppd on eris. May 30 17:35:54 eris pptpd[14515]: CTRL: Client 192.168.4.149 control connection started May 30 17:35:54 eris pptpd[14515]: CTRL: Starting call (launching pppd, opening GRE) pppd than tries to get the username/passwd from jambo. (is that correct?) jambo sends the user/passwd, pppd then looks in /etc/ppp/chap-secrets where it finds the line * * !nothing *. Given the fact that the passwd in chap-secrets begins with '!' , pppd (via auth.c) uses radiusclient to forward the auth issue to xtradius. May 30 17:35:55 eris pppd[14516]: Trying Radius client=NULL, server=eris devnam=/dev/pts/3 as you can see , it seems that auth.c doesnt correctly guess the user/passwd , it assumes that the client is NULL (should be jambo) .so the radiusclient doesn't even try to reach radius server, given the fact that the username field is EMPTY. client=NULL, server=eris, secret=NULL client2=NULL, server=eris, secret=NULL word=!nothing addrs=Ok Trying Radius client=NULL, server=eris devnam=/dev/pts/5 S eris Return=-1, passwd=!nothing client=NULL, server=eris, secret=NULL HUH * Using interface ppp0 Connect: ppp0 <--> /dev/pts/5 client=eris, server=NULL, secret= ?????? client=eris, server=NULL, secret=NULL client2=eris, server=NULL, secret=NULL word=!nothing addrs=Ok Trying Radius client=eris, server=NULL devnam=/dev/pts/5 C eris Return=-1, passwd=!nothing client=eris, server=NULL, secret=NULL client=NULL, server=eris, secret=NULL client2=NULL, server=eris, secret=NULL word=!nothing addrs=Ok Trying Radius client=NULL, server=eris devnam=/dev/pts/5 S eris Return=-1, passwd=!nothing client=NULL, server=eris, secret=NULL HUH * sent [LCP ConfReq id=0x1 ] write: warning: Input/output error (5) Timeout 0x8050a44:0x8079c40 in 3 seconds. Modem hangup Untimeout 0x8050a44:0x8079c40. Connection terminated on /dev/pts/5. > Let me know if I captured what you are trying to do, and I will see about > changing the code a bit... I hope that i have made myself a lil' bit clear now :) > JES > -- > James B. MacLean macleajb at ednet.ns.ca PS: James and all the kind people on this list: I appologize for my-not-so-deep-knowledge-of-english, and I'm sorry if i offended anyone. please do not get upset about my language. respect, -- Dragos Adrian DOBRE Network Systems Specialist Deuroconsult Brasov, Romania From peter.plak at thelodge.nl Wed May 31 06:52:10 2000 From: peter.plak at thelodge.nl (Plak, Peter) Date: Wed, 31 May 2000 13:52:10 +0200 Subject: [pptp-server] Help Unsubscribe Message-ID: Help me please to unsubscribe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 1737 bytes Desc: not available URL: From mpeel at istar.ca Wed May 31 10:25:17 2000 From: mpeel at istar.ca (Mike Peel) Date: Wed, 31 May 2000 08:25:17 -0700 Subject: [pptp-server] special considerations References: <200005310139.SAA11741@ursa.eastep.dsl.evergo.net> <200005310302.e4V325M26244@snaildust.schulte.org> Message-ID: <39352EDD.B8CD34DA@istar.ca> If i recall, the second patch has to be applied from a different directory. I patched RH61 (2.2.12-20) and it seems to work ok so far. Good Luck , Mike Peel Barsalou wrote: > 2.2.14-5. I tried applying the patches from J Hardin's site, even the one for > the RedHat stuff (especially the failed hunks). That extra patch failed on > both hunks. > > Mike > > Date sent: Tue, 30 May 2000 18:59:33 -0700 (PDT) > From: Tom Eastep > To: Barsalou > Copies to: mjbarsalou at ibm.net, pptp-server at lists.schulte.org > Subject: Re: [pptp-server] special considerations > > > On Tue, 30 May 2000, Barsalou wrote: > > > > > Thanks that is what I was looking for. > > > > > > Now it doesn't compile for me. I get failed hunks. > > > > > > Any ideas on what to do next? > > > > > > > Which version of the kernel are you trying to patch? > > > > -Tom > > -- > > Tom Eastep \ Eastep's First Principle of Computing: > > ICQ #60745924 \ "Any sane computer will tell you how it > > teastep at evergo.net \ works if you ask it the proper questions" > > Shoreline, Washington USA \___________________________________________ > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From ddobre at deuroconsult.ro Wed May 31 10:33:25 2000 From: ddobre at deuroconsult.ro (Dragos DOBRE) Date: Wed, 31 May 2000 18:33:25 +0300 Subject: [pptp-server] pptpd+chapms+radius References: <3934DC20.31C66598@deuroconsult.ro> Message-ID: <393530C5.B50A90BC@deuroconsult.ro> I think I have pinned the bug :) the normal sequence would be (correct me if I am wrong) user dials to pptp server pptp daemon sees incoming call, fires up the ppp daemon pppd sends [LCP ConfReq id=0x1 Message-ID: On Wed, 31 May 2000, Dragos DOBRE wrote: > I think I have pinned the bug :) Excellent :). > instead, it goes like this: > user dials to pptp server > pptp daemon sees incoming call, > fires up the ppp daemon > and pppd using radiusclient tries to contact radius server > with NULL passwd and NULL username, In auth.c I check to see if client!=NULL and server !=NULL. So I am trying to figure out where the mistake is :(. It should only actually try to contact the radius server when it has either a server or a client passwd. I have tried switching the pppd's client/server order of radius checking and some other switchies, but it does not show any delay contacting the radius server... :(. > because the LCP ConfReq auth chap hasn't been sent yet. > radiusclient time-out (after the value in radiusclient.conf) > ppp times out on the client > the server finally sends auth chap LCP > but the connection is closed. > so, it seems that the problem is that when pppd starts on server, > it first tries to contact radius instead on trying to negociate chap or > anything else. Hmm. It does contact the radius server to see if the machine has a valid entry to connect with the remote system (it's name field has a valid line to connect with the remotename) At this time it has only it's own machine and radius returns no passwd, but since the function in auth.c does not end with and error, negotiation can proceed. Is this were you are seeing a stall? > i made it work reducing the retries-number and time-out in > radiusclient.conf I'd like to see if I can understand this better. You are getting a timeout in that initial radius connect? I do not think I am seeing it happen here. What I do see is that pptp connects (Linux PPTP) take forever to complete with the chap requests ping-ponging back and forth over the GRE, but the Windows connects are fast. > so, i would help anyone who wants to patch the existing code > in order to make this function correctly. I'd like to see it smoothen out :). > tnx for all the advises received Thanks for all the feedback. > respect, > -- > Dragos Adrian DOBRE > Network Systems Specialist > Deuroconsult Brasov, Romania > JES -- James B. MacLean macleajb at ednet.ns.ca Department of Education http://www.ednet.ns.ca/~macleajb Nova Scotia, Canada B3M 4B2 From neale at lowendale.com.au Wed May 31 18:34:52 2000 From: neale at lowendale.com.au (Neale Banks) Date: Thu, 1 Jun 2000 09:34:52 +1000 (EST) Subject: [pptp-server] pptpd+chapms+radius In-Reply-To: <393530C5.B50A90BC@deuroconsult.ro> Message-ID: On Wed, 31 May 2000, Dragos DOBRE wrote: > I think I have pinned the bug :) > > the normal sequence would be (correct me if I am wrong) > > user dials to pptp server > pptp daemon sees incoming call, > fires up the ppp daemon > pppd sends [LCP ConfReq id=0x1 client agrees, passes the username/passwd to server > pppd using radiusclient contacts radius server, > radiusserver verifies the client in mysql, auths the client [snip] AFAIK, that's not _quite_ how CHAP works (and I'm entirely unsure if this is going to be in any way significant for you....) OK up to the bit where the "server" sends LCP requesting CHAP and the two ppp peers agree on this. Then CHAP is a bit more involved... In "pure" CHAP, the "client" would then pass only its name. The "server" looks up this name (presumably this is where the RADIUS hook-in gets implicated) and obtains a clear-text (or in the MS-perversion a hashed) password. The "server" generates a random challenge and passes this back to the "client". Both the client and server separately encrypt the server-provided challenge using the "password" (or "shared secret") as a seed tot eh encryption (or somewhere thereabouts - the important point is that the output is a function of both the challenge-value and the password). The client then passes its output of the encryption back to the server. The server then compares the output of its CHAP-encryption calculation with the response provided by the client - it they agree then we have successful authentication. The main feature of this is that the server can determine that the client knows the "shared secret" without that secret ever crossing the wire. HTH, Neale. From johnoel at hawaii.com Wed May 31 18:31:53 2000 From: johnoel at hawaii.com (john oel@H@) Date: Wed, 31 May 2000 16:31:53 -0700 Subject: [pptp-server] poptop on firewall In-Reply-To: <3934DC20.31C66598@deuroconsult.ro> References: <3934DC20.31C66598@deuroconsult.ro> Message-ID: <200005312331.QAA13190@mail.hawaii.com> hi all, i install poptop on the firewall using ipchains. the file server is behind the firewall. how would i set up ipchains to allow the connection to the file server. when i opened up the firewall it seemed to make the connection fine. but the current rules do not work. i checked the log file and i says the proto 1 and 17 in the input and output chains are rejecting it. -------------------------------- Get your free email @hawaii.com http://www.hawaii.com/ From hijinx at datafx.com.au Wed May 31 19:59:33 2000 From: hijinx at datafx.com.au (HiJinX) Date: Thu, 01 Jun 2000 10:59:33 +1000 Subject: [pptp-server] Client's can't connect? Message-ID: <3935B575.DCB55E5C@datafx.com.au> Hi - I have pptpd running on a 192.168.1.11 address behind a router with tcp 1723 traffic being forwarded to it. I've tried opening port 47 but connections still cannot be made - Here's part of the syslog - Jun 1 20:09:40 ras pptpd[302]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Jun 1 20:09:40 ras pptpd[302]: CTRL: local address = 192.168.1.50 Jun 1 20:09:40 ras pptpd[302]: CTRL: remote address = 192.168.1.100 Jun 1 20:09:40 ras pptpd[302]: CTRL: pppd speed = 115200 Jun 1 20:09:40 ras pptpd[302]: CTRL: Client 203.63.239.17 control connection started Jun 1 20:09:40 ras pptpd[302]: CTRL: Received PPTP Control Message (type: 1) Jun 1 20:09:40 ras pptpd[302]: CTRL: Made a START CTRL CONN RPLY packet Jun 1 20:09:40 ras pptpd[302]: CTRL: I wrote 156 bytes to the client. Jun 1 20:09:40 ras pptpd[302]: CTRL: Sent packet to client Jun 1 20:09:40 ras pptpd[302]: CTRL: Received PPTP Control Message (type: 7) Jun 1 20:09:40 ras pptpd[302]: CTRL: Set parameters to 1525 maxbps, 64 window size Jun 1 20:09:40 ras pptpd[302]: CTRL: Made a OUT CALL RPLY packet Jun 1 20:09:40 ras pptpd[302]: CTRL: Starting call (launching pppd, opening GRE) Jun 1 20:09:40 ras pptpd[302]: CTRL: pty_fd = 4 Jun 1 20:09:40 ras pptpd[302]: CTRL: tty_fd = 5 Jun 1 20:09:40 ras pptpd[303]: CTRL (PPPD Launcher): Connection speed = 115200 Jun 1 20:09:40 ras pptpd[303]: CTRL (PPPD Launcher): local address = 192.168.1.50 Jun 1 20:09:40 ras pptpd[303]: CTRL (PPPD Launcher): remote address = 192.168.1.100 Jun 1 20:09:40 ras pptpd[302]: CTRL: I wrote 32 bytes to the client. Jun 1 20:09:40 ras pptpd[302]: CTRL: Sent packet to client Jun 1 20:09:40 ras pppd[303]: pppd 2.3.5 started by root, uid 0 Jun 1 20:09:40 ras pppd[303]: Using interface ppp0 Jun 1 20:09:41 ras pppd[303]: Connect: ppp0 <--> /dev/ttyp0 Jun 1 20:09:41 ras pppd[303]: sent [LCP ConfReq id=0x1 ] Jun 1 20:09:41 ras pptpd[302]: CTRL: Received PPTP Control Message (type: 15) Jun 1 20:09:41 ras pptpd[302]: CTRL: Got a SET LINK INFO packet with standard ACCMs Jun 1 20:09:44 ras pppd[303]: sent [LCP ConfReq id=0x1 ] Jun 1 20:10:08 ras last message repeated 8 times Jun 1 20:10:11 ras pppd[303]: LCP: timeout sending Config-Requests Jun 1 20:10:11 ras pppd[303]: Connection terminated. Jun 1 20:10:11 ras pppd[303]: Exit. Jun 1 20:10:11 ras pptpd[302]: GRE: read(fd=4,buffer=804d7ec,len=8196) from PTY failed: status = -1 error = Input/output error Jun 1 20:10:11 ras pptpd[277]: MGR: Reaped child 302 Jun 1 20:10:11 ras pptpd[302]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Jun 1 20:10:11 ras pptpd[302]: CTRL: Client 203.63.239.17 control connection finished Jun 1 20:10:11 ras pptpd[302]: CTRL: Exiting now Jun 1 20:35:06 ras squid[207]: NETDB state saved; 0 entries, 10 msec Is there anyway around this - or will I have to give the pptpd box a live IP address? Thanks for any help, Michael From teastep at evergo.net Wed May 31 20:13:16 2000 From: teastep at evergo.net (Tom Eastep) Date: Wed, 31 May 2000 18:13:16 -0700 (PDT) Subject: [pptp-server] special considerations In-Reply-To: <200005310524.WAA15674@ursa.eastep.dsl.evergo.net> Message-ID: Mike, On Tue, 30 May 2000, Barsalou wrote: > Maybe I can use Linus' sources and then do a diff against the redhat tree to > get a good patch. What do you think about that? > I don't have RedHat sources loaded currently since I'm currently running TL6.0 on my main Linux box. Have you looked at the .rej, .orig and the patch file to see if you can figure out what's going wrong? The RH2.12 patch was pretty simple so at least in that version, the confict with John's patch wasn't that great. -Tom -- Tom Eastep \ Eastep's First Principle of Computing: ICQ #60745924 \ "Any sane computer will tell you how it teastep at evergo.net \ works if you ask it the proper questions" Shoreline, Washington USA \___________________________________________ From neale at lowendale.com.au Wed May 31 20:34:41 2000 From: neale at lowendale.com.au (Neale Banks) Date: Thu, 1 Jun 2000 11:34:41 +1000 (EST) Subject: [pptp-server] Client's can't connect? In-Reply-To: <3935B575.DCB55E5C@datafx.com.au> Message-ID: On Thu, 1 Jun 2000, HiJinX wrote: > Hi - I have pptpd running on a 192.168.1.11 address behind a router with > tcp 1723 traffic being forwarded to it. > I've tried opening port 47 but connections still cannot be made - > > Here's part of the syslog - [...] > Jun 1 20:10:11 ras pptpd[302]: GRE: read(fd=4,buffer=804d7ec,len=8196) > from PTY failed: status = -1 error = Input/output error > Jun 1 20:10:11 ras pptpd[277]: MGR: Reaped child 302 > Jun 1 20:10:11 ras pptpd[302]: CTRL: PTY read or GRE write failed > (pty,gre)=(4,5) > Jun 1 20:10:11 ras pptpd[302]: CTRL: Client 203.63.239.17 control > connection finished > Jun 1 20:10:11 ras pptpd[302]: CTRL: Exiting now > Jun 1 20:35:06 ras squid[207]: NETDB state saved; 0 entries, 10 msec > > Is there anyway around this - or will I have to give the pptpd box a > live IP address? GRE is not port 47, but rather IP protocol 47. So instead of specifying tcp or udp you need to specify gre or 47 (obviously this is in addition to the TCP port 1723 stuff). HTH, Neale. From grib at inko.ru Wed May 31 20:31:24 2000 From: grib at inko.ru (Yuri Griboff) Date: Thu, 01 Jun 2000 14:31:24 +1300 Subject: [pptp-server] Help me please to unsubscribe Message-ID: <3935BCEC.DEC1F625@inko.ru> Help me please to unsubscribe -- Yuriy Gribov mailto:grib at inko.ru UIN: 66169864 From vgill at technologist.com Wed May 31 21:32:01 2000 From: vgill at technologist.com (Vern H. Gill) Date: Wed, 31 May 2000 19:32:01 -0700 Subject: [pptp-server] Help me figure this out In-Reply-To: Message-ID: After having spent WAY too many nights trying to figure out why my 98 box wouldn't even hit the linux box, then realising that it was my own stupidity with my ipchains commands, I finally am getting somewhere. Now that I can hit the box, this is the result. Can anyone help me, PLEASE!!! This is from my 98 box at 192.168.5.52 to my linux box at .1 May 31 19:27:12 linus pptpd[2497]: CTRL: Client 192.168.5.52 control connection started May 31 19:27:12 linus pptpd[2497]: CTRL: Starting call (launching pppd, opening GRE) May 31 19:27:12 linus kernel: ip_demasq_gre(): 192.168.5.52 -> 192.168.5.1 CID=0 no masq table, discarding May 31 19:27:12 linus pptpd[2497]: GRE: read(fd=6,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = Input/output error May 31 19:27:13 linus pptpd[2497]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) May 31 19:27:13 linus pptpd[2497]: CTRL: Client 192.168.5.52 control connection finished May 31 19:27:13 linus pptpd[2499]: CTRL: Client 192.168.5.52 control connection started May 31 19:27:13 linus pptpd[2499]: CTRL: Starting call (launching pppd, opening GRE) May 31 19:27:14 linus pptpd[2499]: CTRL: Error with select(), quitting May 31 19:27:14 linus pptpd[2499]: CTRL: Client 192.168.5.52 control connection finished And this is from the 98 box going out to the net, then coming back in through masq'ing. May 31 19:30:06 linus pptpd[2505]: CTRL: Client 192.168.5.52 control connection started May 31 19:30:07 linus pptpd[2505]: CTRL: Starting call (launching pppd, opening GRE) May 31 19:30:07 linus kernel: ip_demasq_gre(): 192.168.5.52 -> 63.205.45.224 CID=0 no masq table, discarding May 31 19:30:07 linus pptpd[2505]: GRE: read(fd=6,buffer=804d7c0,len=8196) from PTY failed: status = -1 error = Input/output error May 31 19:30:07 linus pptpd[2505]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) May 31 19:30:07 linus pptpd[2505]: CTRL: Client 192.168.5.52 control connection finished May 31 19:30:08 linus pptpd[2507]: CTRL: Client 192.168.5.52 control connection started May 31 19:30:08 linus pptpd[2507]: CTRL: Starting call (launching pppd, opening GRE) May 31 19:30:08 linus pptpd[2507]: CTRL: Error with select(), quitting May 31 19:30:08 linus pptpd[2507]: CTRL: Client 192.168.5.52 control connection finished Any ideas? Suggestions? Really need to get this going to get the approval for switching to linux from NT. Thanks in advance. Vern H. Gill From thomas at ikena.com Wed May 31 09:38:46 2000 From: thomas at ikena.com (thomas park) Date: Wed, 31 May 2000 10:38:46 -0400 Subject: [pptp-server] can't see Samba/Windows shares! Message-ID: <393523F6.80DC679C@ikena.com> Hi all, Quick question: I've been trying to configure PopTop on a Linux box to enable access to our company's internal network. My test client (a Win2k machine) negotiates the PPP/PPTP connection successfully, but once logged in, it can't get to any of the Samba or Windows shares! This is where things get interesting. The client can ping/telnet/traceroute/ftp to any of the internal hosts via IP address, FQDN, or host name. However, you cannot access any of the Windoze shares via IP address or WINS name. For example, assuming we have a host called "transient" at 10.0.0.4 with a public share called "shared", you cannot perform any of the following commands: net send transient hi net use m: \\transient\shared \\10.0.0.4 (in windows explorer address bar) \\transient (in windows explorer address bar) These commands all give some error along the lines of "the computer name cannot be found" or "the path or resource cannot be located". This behaviour is consistent with both shares on Windows workstations and those from our Samba servers. The internal domain is on the range 10.0.0.x. (x < 200). The VPN clients are given IP's in the range 10.0.0.y (200 <= y < 250). The pppd hands VPN clients a netmask of 255.255.255.255 regardless of what I specify in the PPP options file - although I don't think that this is the issue, since regular TCP/ICMP traffic to the internal network works fine. If anybody has encountered a similar problem, or can provide insight, I'd be most grateful. Please CC: me on a reply. thanks! thomas park From rholm at esoft.com Sun May 7 04:39:53 2000 From: rholm at esoft.com (Rodney D. Holm) Date: Sun, 07 May 2000 03:39:53 -0600 Subject: [pptp-server] pptpd in daemon mode when max connections reached or IP pool exhausted Message-ID: <391539E9.C8E816D1@esoft.com> pptpd was dying in in daemon mode when the IP pool was exhausted, this was being caused by a fprintf in pptpmanager.c: *** pptpmanager.c.orig Mon Oct 9 15:23:04 2000 --- pptpmanager.c Mon Oct 9 15:23:17 2000 *************** *** 152,158 **** if (firstOpen == -1) { syslog(LOG_ERR, "MGR: No free connection slots or IPs - no more clients can connect!"); - fprintf(stderr, "No free connection slots or IPs available - no more clients can connect!\n"); FD_CLR(hostSocket, &connSet); } else { FD_SET(hostSocket, &connSet); --- 152,157 ----