From msuencks at marcant.de  Wed Nov  1 11:07:16 2000
From: msuencks at marcant.de (Matthias Suencksen)
Date: Wed, 1 Nov 2000 18:07:16 +0100
Subject: [pptp-server] Re: Two quickees...
Message-ID: <20001101180716.A29446@vivaldi.marcant.de>

> I have two quick questions...
>
> 1) I have poptop installed and working on a server using chap
> authentication.  Rather than having to add a user to
> /etc/ppp/chap-secrets every time they will use pptp to access our
> network, is there any way to change the authentication to use pap
> instead of chap.  
hi.

I don't know if it's possible but it would not be secure because
with PAP the password will be sent in clear over the network.

> My understanding is that I can authenticate via pap to
> /etc/passwd, in addition to having an entry in /etc/ppp/pap-secrets.
> 2) Is there a searchable archive of the list?

poptop.lineo.com - there is a search box in the mailing list section.

Matthias


> Thanks,
> Ken McCord



From phil at vibrationresearch.com  Wed Nov  1 11:21:13 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Wed, 1 Nov 2000 12:21:13 -0500
Subject: [pptp-server] Two quickees...
In-Reply-To: <39FF91B8.5E20A17@themccords.com>
Message-ID: <000e01c04428$22ace270$4500a8c0@vibrationresearch.com>

1) Chap is required to use the mppe encryption.  Without mppe any ppp
authentication scheme should work, as long as both the client and server are
configured to use the same things.

Another option is to apply the patch to use /etc/smbpasswd for chap
authentication, if you are already maintaining encrypted smb passwords.
(see the patches at poptop.lineo.com)

2) http://poptop.lineo.com/#mailinglist

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Ken McCord
> Sent: Tuesday, October 31, 2000 10:45 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Two quickees...
>
>
> I have two quick questions...
>
> 1) I have poptop installed and working on a server using chap
> authentication.  Rather than having to add a user to
> /etc/ppp/chap-secrets every time they will use pptp to access our
> network, is there any way to change the authentication to use pap
> instead of chap.  My understanding is that I can authenticate via pap to
> /etc/passwd, in addition to having an entry in /etc/ppp/pap-secrets.
>
> 2) Is there a searchable archive of the list?
>
> Thanks,
>
> Ken McCord
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>



From steve at sarette.com  Wed Nov  1 12:28:16 2000
From: steve at sarette.com (Steve Sarette)
Date: Wed, 01 Nov 2000 10:28:16 -0800
Subject: [pptp-server] Assigned IP addresses, and dropping the connection
References: <39FFABB3.4289D9C2@mel.compumod.com.au>
Message-ID: <3A0060C0.9080602@sarette.com>


Ron Cresswell wrote:

<snippage (because I don't know the answer)>
> 
> Also, is there a way to cleanly drop this connection? 

become root
ifconfig ppp0 down
kill -HUP `cat /var/run/ppp0.pid`  (not sure of the exact file name, but 
it's something like that)
rm /var/run/pptp/<the ip that you connected to>

I think you also have to kill an additional pptp process.  The FAQ says 
that killing the ppp process should kill off the pptp processes too but 
I always see one hanging around.  Just do:

ps -ef | grep pptp

and kill the process that you see.

Sorry that I can't be more explicit but I'm on a machine that doesn't 
have all this stuff configured so I'm writing this from memory.  Also, 
probably there's a cleaner way to go about dropping the connection but I 
haven't found it yet.

Good luck.

- Steve

The only way I can
> clean the thing out to start a new connection is to reboot! 
>   It seems that the server times out, and drops the PPP interface, but
> that interface is still hanging around on the client, even though the
> log file says:
> 
> 1 14:15:50 jabba pppd[709]: Connect: ppp0 <--> /dev/ttya0
> Nov  1 14:15:54 jabba pppd[709]: Remote message: Welcome to ghost.
> Nov  1 14:15:54 jabba kernel: PPP BSD Compression module registered 
> Nov  1 14:15:54 jabba kernel: PPP Deflate Compression module registered 
> Nov  1 14:15:55 jabba pppd[709]: Deflate (15) compression enabled
> Nov  1 14:15:57 jabba pppd[709]: Cannot determine ethernet address for
> proxy ARP
> Nov  1 14:15:57 jabba pppd[709]: local  IP address 203.7.194.34
> Nov  1 14:15:57 jabba pppd[709]: remote IP address 203.7.194.159
> Nov  1 14:21:20 jabba (unknown)[706]:
> log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:671]: Call closed (NTFY) (call
> id 0)
> Nov  1 14:27:57 jabba inetd[503]: pid 753: exit status 1
> 
> The log file at the server end says this:
> 
> Nov  1 14:15:10 ghost pppd[709]: Connect: ppp0 <--> /dev/pts/0
> Nov  1 14:15:12 ghost pptpd[708]: GRE: Discarding duplicate packet
> Nov  1 14:15:14 ghost kernel: PPP BSD Compression module registered
> Nov  1 14:15:14 ghost kernel: PPP Deflate Compression module registered
> Nov  1 14:15:14 ghost pppd[709]: CHAP peer authentication succeeded for
> ron
> Nov  1 14:15:14 ghost pppd[709]: Deflate (15) compression enabled
> Nov  1 14:15:16 ghost pppd[709]: Cannot determine ethernet address for
> proxy ARP
> Nov  1 14:15:16 ghost pppd[709]: local  IP address 203.7.194.128
> Nov  1 14:15:16 ghost pppd[709]: remote IP address 203.7.194.1
> Nov  1 14:15:24 ghost PAM_pwdb[748]: (login) session opened for user ron
> by (uid=0)
> Nov  1 14:15:34 ghost PAM_pwdb[769]: (su) session opened for user root
> by ron(uid=500)
> Nov  1 14:20:30 ghost pptpd[708]: CTRL: Session timed out, ending call
> Nov  1 14:20:30 ghost pptpd[708]: CTRL: Client 203.7.194.33 control
> connection finished
> Nov  1 14:20:30 ghost pppd[709]: Modem hangup
> Nov  1 14:20:30 ghost pppd[709]: Connection terminated.
> Nov  1 14:20:30 ghost pppd[709]: Connect time 5.4 minutes.
> Nov  1 14:20:30 ghost pppd[709]: Sent 562 bytes, received 669 bytes.
> Nov  1 14:20:30 ghost pppd[709]: Exit.
> Nov  1 14:30:00 ghost kernel: PPP: ppp line discipline successfully
> unregistered



From bhkwan at ThoughtWorks.com  Wed Nov  1 12:52:57 2000
From: bhkwan at ThoughtWorks.com (bhkwan at ThoughtWorks.com)
Date: Wed, 1 Nov 2000 10:52:57 -0800
Subject: [pptp-server] pptp with Unix password...
Message-ID: <OF9A170147.D7054768-ON8825698A.0067A5FE@thoughtworks.com>

can pptp use /etc/passwd to authenticate user?  if so, where can I get the
information.

thanks



From georgev at citadelcomputer.com.au  Wed Nov  1 23:58:40 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Thu, 2 Nov 2000 16:58:40 +1100 
Subject: [pptp-server] PPTP IP assignments not right..??
Message-ID: <03F12E3EFB51D311837F0000E860EB493FE725@cittech>

Hi all,

I finally got it working.. don't know where I stuffed up but it was
something in the /etc/pptpd.conf as I deleted it and created a new one and
worked... weird..??

I am trying to assign IPs to the remote hosts who connect but they get an IP
of 192.168.0.1 which is not in the /etc/pptp.conf file.??

any ideas what I've done wrong..?

thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
PGP KeyID:		0x38A9A10C


From ron at mel.compumod.com.au  Thu Nov  2 00:52:19 2000
From: ron at mel.compumod.com.au (Ron Cresswell)
Date: Thu, 02 Nov 2000 17:52:19 +1100
Subject: [pptp-server] Assigned IP addresses, and dropping the connection
References: <39FFABB3.4289D9C2@mel.compumod.com.au> <3A0060C0.9080602@sarette.com>
Message-ID: <3A010F23.27DFDF83@mel.compumod.com.au>

Thanks for that Steve - your memory is good! I am writing a script to
restart the connection if it drops, which is why "reboot" isn't a good
option!

A couple of other questions arising. I did what you suggested and
everything was fine - but I still couldn't reconnect. The pptp client
responds with the following message:

[root at jabba scripts]# pptp-up
warn[open_inetsock:pptp_callmgr.c:287]: connect: Connection refused
fatal[callmgr_main:pptp_callmgr.c:122]: Could not open control
connection to 203.7.194.163
fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256

there are no files left in /var/run/pptp, "ps -ef | grep -i pp" returns
no relevant processes (so there are no pptp or ppp processes left). And
ifconfig shows only eth0 and lo. So what else could there be? There are
no entries in /var/log/messages, so the pptp client isn't even getting
as far as trying to contact the server at the far end. Any ideas?

One other thing - any idea how to set (or unset) the timeout on the
pptpd server? I don't really want it dropping the connection ever,
certainly not by choice! Is it an option that can be added in
/etc/pptpd.conf?

Thanks again

Cheers

Ron

Steve Sarette wrote:
> 
> Ron Cresswell wrote:
> 
> <snippage (because I don't know the answer)>
> >
> > Also, is there a way to cleanly drop this connection?
> 
> become root
> ifconfig ppp0 down
> kill -HUP `cat /var/run/ppp0.pid`  (not sure of the exact file name, but
> it's something like that)
> rm /var/run/pptp/<the ip that you connected to>
> 
> I think you also have to kill an additional pptp process.  The FAQ says
> that killing the ppp process should kill off the pptp processes too but
> I always see one hanging around.  Just do:
> 
> ps -ef | grep pptp
> 
> and kill the process that you see.
> 
> Sorry that I can't be more explicit but I'm on a machine that doesn't
> have all this stuff configured so I'm writing this from memory.  Also,
> probably there's a cleaner way to go about dropping the connection but I
> haven't found it yet.
> 
> Good luck.
> 
> - Steve
> 
> The only way I can
> > clean the thing out to start a new connection is to reboot!
> >   It seems that the server times out, and drops the PPP interface, but
> > that interface is still hanging around on the client, even though the
> > log file says:
> >
> > 1 14:15:50 jabba pppd[709]: Connect: ppp0 <--> /dev/ttya0
> > Nov  1 14:15:54 jabba pppd[709]: Remote message: Welcome to ghost.
> > Nov  1 14:15:54 jabba kernel: PPP BSD Compression module registered
> > Nov  1 14:15:54 jabba kernel: PPP Deflate Compression module registered
> > Nov  1 14:15:55 jabba pppd[709]: Deflate (15) compression enabled
> > Nov  1 14:15:57 jabba pppd[709]: Cannot determine ethernet address for
> > proxy ARP
> > Nov  1 14:15:57 jabba pppd[709]: local  IP address 203.7.194.34
> > Nov  1 14:15:57 jabba pppd[709]: remote IP address 203.7.194.159
> > Nov  1 14:21:20 jabba (unknown)[706]:
> > log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:671]: Call closed (NTFY) (call
> > id 0)
> > Nov  1 14:27:57 jabba inetd[503]: pid 753: exit status 1
> >
> > The log file at the server end says this:
> >
> > Nov  1 14:15:10 ghost pppd[709]: Connect: ppp0 <--> /dev/pts/0
> > Nov  1 14:15:12 ghost pptpd[708]: GRE: Discarding duplicate packet
> > Nov  1 14:15:14 ghost kernel: PPP BSD Compression module registered
> > Nov  1 14:15:14 ghost kernel: PPP Deflate Compression module registered
> > Nov  1 14:15:14 ghost pppd[709]: CHAP peer authentication succeeded for
> > ron
> > Nov  1 14:15:14 ghost pppd[709]: Deflate (15) compression enabled
> > Nov  1 14:15:16 ghost pppd[709]: Cannot determine ethernet address for
> > proxy ARP
> > Nov  1 14:15:16 ghost pppd[709]: local  IP address 203.7.194.128
> > Nov  1 14:15:16 ghost pppd[709]: remote IP address 203.7.194.1
> > Nov  1 14:15:24 ghost PAM_pwdb[748]: (login) session opened for user ron
> > by (uid=0)
> > Nov  1 14:15:34 ghost PAM_pwdb[769]: (su) session opened for user root
> > by ron(uid=500)
> > Nov  1 14:20:30 ghost pptpd[708]: CTRL: Session timed out, ending call
> > Nov  1 14:20:30 ghost pptpd[708]: CTRL: Client 203.7.194.33 control
> > connection finished
> > Nov  1 14:20:30 ghost pppd[709]: Modem hangup
> > Nov  1 14:20:30 ghost pppd[709]: Connection terminated.
> > Nov  1 14:20:30 ghost pppd[709]: Connect time 5.4 minutes.
> > Nov  1 14:20:30 ghost pppd[709]: Sent 562 bytes, received 669 bytes.
> > Nov  1 14:20:30 ghost pppd[709]: Exit.
> > Nov  1 14:30:00 ghost kernel: PPP: ppp line discipline successfully
> > unregistered
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

-- 
Ron Cresswell---CFD&EM Manager---Compumod Pty Ltd
Level 7---271 William St---Melbourne---Australia
---Ph.+61 3 9642 0333---Fax +61 3 9642 0330---


From georgev at citadelcomputer.com.au  Thu Nov  2 05:33:53 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Thu, 2 Nov 2000 22:33:53 +1100 
Subject: [pptp-server] PPTP IP assignments not right..??
Message-ID: <03F12E3EFB51D311837F0000E860EB493FE72B@cittech>

This is what I have in my /etc/pptpd.conf
Not sure if I can do this though...

#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
localip 192.168.100.1
remoteip 192.168.100.65-80

But I get this on my internet Linux box...

ppp2      Link encap:Point-to-Point Protocol  
          inet addr:192.168.1.254  P-t-P:192.168.100.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10 

ppp1 is another VPN which has the local IP of 192.168.1.254 and it sounds
like the PPTPD server doesn't assign me an IP so the local machien gives the
192.168.1.254 address..

Any ideas? Please....???? ;)


-----Original Message-----
From: George Vieira [mailto:georgev at citadelcomputer.com.au]
Sent: Thursday, November 02, 2000 4:59 PM
To: PPTP List (E-mail)
Subject: [pptp-server] PPTP IP assignments not right..??


Hi all,

I finally got it working.. don't know where I stuffed up but it was
something in the /etc/pptpd.conf as I deleted it and created a new one and
worked... weird..??

I am trying to assign IPs to the remote hosts who connect but they get an IP
of 192.168.0.1 which is not in the /etc/pptp.conf file.??

any ideas what I've done wrong..?

thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
PGP KeyID:		0x38A9A10C
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From phil at vibrationresearch.com  Thu Nov  2 11:07:40 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Thu, 2 Nov 2000 12:07:40 -0500
Subject: [pptp-server] PPTP IP assignments not right..??
In-Reply-To: <03F12E3EFB51D311837F0000E860EB493FE72B@cittech>
Message-ID: <001001c044ef$68945d00$4500a8c0@vibrationresearch.com>

When you compiled pptpd, did you configure with the following command?
 ./configure --with-pppd-ip-alloc

If so, this disables the remoteip option in the pptpd.conf file, and enables
static IPs assigned by the /etc/ppp/chap-secrets file like so:

	billy * "billys-pw" 192.168.100.1

which forces billy's dial-in computer to always get the IP address
192.168.100.1

If you want to dynamically allocate IPs from a pool using the remoteip
option in /etc/pptpd.conf, make sure you didn't use the --with-pppd-ip-alloc
flag when configuring and building pptpd.

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira
> Sent: Thursday, November 02, 2000 6:34 AM
> To: PPTP List (E-mail)
> Subject: RE: [pptp-server] PPTP IP assignments not right..??
>
>
> This is what I have in my /etc/pptpd.conf
> Not sure if I can do this though...
>
> #localip 192.168.0.234-238,192.168.0.245
> #remoteip 192.168.1.234-238,192.168.1.245
> localip 192.168.100.1
> remoteip 192.168.100.65-80
>
> But I get this on my internet Linux box...
>
> ppp2      Link encap:Point-to-Point Protocol
>           inet addr:192.168.1.254  P-t-P:192.168.100.1
> Mask:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>           RX packets:6 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:10
>
> ppp1 is another VPN which has the local IP of 192.168.1.254 and it sounds
> like the PPTPD server doesn't assign me an IP so the local
> machien gives the
> 192.168.1.254 address..
>
> Any ideas? Please....???? ;)
>
>
> -----Original Message-----
> From: George Vieira [mailto:georgev at citadelcomputer.com.au]
> Sent: Thursday, November 02, 2000 4:59 PM
> To: PPTP List (E-mail)
> Subject: [pptp-server] PPTP IP assignments not right..??
>
>
> Hi all,
>
> I finally got it working.. don't know where I stuffed up but it was
> something in the /etc/pptpd.conf as I deleted it and created a new one and
> worked... weird..??
>
> I am trying to assign IPs to the remote hosts who connect but
> they get an IP
> of 192.168.0.1 which is not in the /etc/pptp.conf file.??
>
> any ideas what I've done wrong..?
>
> thanks,
> George Vieira
> Network Administrator
> http://www.citadelcomputer.com.au
> PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
> PGP KeyID:		0x38A9A10C
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>



From ken at themccords.com  Thu Nov  2 14:16:09 2000
From: ken at themccords.com (Ken McCord)
Date: Thu, 02 Nov 2000 12:16:09 -0800
Subject: [pptp-server] Two quickees...
References: <000e01c04428$22ace270$4500a8c0@vibrationresearch.com>
Message-ID: <3A01CB89.DE944CC2@themccords.com>

1) Hmmm...couldn't get pap to work, but I'm not using the mppe
encryption yet.  The pap-secrets file was set up correctly (added the
line *	<servername>	""	*), the /etc/ppp/options file had 'require-pap',
and pptpd-options had 'require-pap' and '+pap' as well.  Services were
restarted.  Did I miss something?  Perhaps authentication via pam is a
possibility?

2)  Ok, I subscribed through http://www.moretonbay.com/vpn/pptp.html,
which looks to be a bit out of date.  I'll update my bookmark.

Thanks again,

Ken McCord


Philip Van Baren wrote:
> 
> 1) Chap is required to use the mppe encryption.  Without mppe any ppp
> authentication scheme should work, as long as both the client and server are
> configured to use the same things.
> 
> Another option is to apply the patch to use /etc/smbpasswd for chap
> authentication, if you are already maintaining encrypted smb passwords.
> (see the patches at poptop.lineo.com)
> 
> 2) http://poptop.lineo.com/#mailinglist
> 
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Ken McCord
> > Sent: Tuesday, October 31, 2000 10:45 PM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] Two quickees...
> >
> >
> > I have two quick questions...
> >
> > 1) I have poptop installed and working on a server using chap
> > authentication.  Rather than having to add a user to
> > /etc/ppp/chap-secrets every time they will use pptp to access our
> > network, is there any way to change the authentication to use pap
> > instead of chap.  My understanding is that I can authenticate via pap to
> > /etc/passwd, in addition to having an entry in /etc/ppp/pap-secrets.
> >
> > 2) Is there a searchable archive of the list?
> >
> > Thanks,
> >
> > Ken McCord
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!


From steve at sarette.com  Thu Nov  2 11:24:41 2000
From: steve at sarette.com (Steve Sarette)
Date: Thu, 02 Nov 2000 09:24:41 -0800
Subject: [pptp-server] Assigned IP addresses, and dropping the connection
References: <39FFABB3.4289D9C2@mel.compumod.com.au> <3A0060C0.9080602@sarette.com> <3A010F23.27DFDF83@mel.compumod.com.au>
Message-ID: <3A01A359.4030300@sarette.com>


Ron Cresswell wrote:

> Thanks for that Steve - your memory is good! I am writing a script to
> restart the connection if it drops, which is why "reboot" isn't a good
> option!
> 
> A couple of other questions arising. I did what you suggested and
> everything was fine - but I still couldn't reconnect. The pptp client
> responds with the following message:
> 
> [root at jabba scripts]# pptp-up
> warn[open_inetsock:pptp_callmgr.c:287]: connect: Connection refused
> fatal[callmgr_main:pptp_callmgr.c:122]: Could not open control
> connection to 203.7.194.163
> fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256

Um, what do your routes look like?  I've never tried setting my default 
route across the pptp connection and then dropping the connection (and I 
don't know if that's what you're doing or not).  Is is possible that you 
can't find a route to 203.7.194.163?  Can you ping it?

Also, look over your firewall rules before and after the connection and 
make sure you can still move the pptp packets through.  Maybe something 
is getting reset there on the ppp shutdown?

Other than that, I'll have to go through this again tonight and see if I 
missed anything in my restart sequence. It sure feels like you still 
have the call manager thread running.

> 
> there are no files left in /var/run/pptp, "ps -ef | grep -i pp" returns
> no relevant processes (so there are no pptp or ppp processes left). And
> ifconfig shows only eth0 and lo. So what else could there be? There are
> no entries in /var/log/messages, so the pptp client isn't even getting
> as far as trying to contact the server at the far end. Any ideas?
> 
> One other thing - any idea how to set (or unset) the timeout on the
> pptpd server? I don't really want it dropping the connection ever,
> certainly not by choice! Is it an option that can be added in
> /etc/pptpd.conf?

No idea, I've never tried to use pptpd.  I was just playing with the 
client end of things.  Which I never really got to work, I should add. 
I could authenticate in and ping the network but all my other tcp/ip 
activity hangs.  I've pretty much given up on this for now.  I'm just 
hanging out on this list hoping that someone will say something one of 
these days that makes me go "D'oh!  Didn't try that..."

- Steve

> 
> Thanks again
> 
> Cheers
> 
> Ron
> 
> Steve Sarette wrote:
> 
>> Ron Cresswell wrote:
>> 
>> <snippage (because I don't know the answer)>
>> 
>>> Also, is there a way to cleanly drop this connection?
>> 
>> become root
>> ifconfig ppp0 down
>> kill -HUP `cat /var/run/ppp0.pid`  (not sure of the exact file name, but
>> it's something like that)
>> rm /var/run/pptp/<the ip that you connected to>
>> 
>> I think you also have to kill an additional pptp process.  The FAQ says
>> that killing the ppp process should kill off the pptp processes too but
>> I always see one hanging around.  Just do:
>> 
>> ps -ef | grep pptp
>> 
>> and kill the process that you see.
>> 
>> Sorry that I can't be more explicit but I'm on a machine that doesn't
>> have all this stuff configured so I'm writing this from memory.  Also,
>> probably there's a cleaner way to go about dropping the connection but I
>> haven't found it yet.
>> 
>> Good luck.
>> 
>> - Steve
>> 
>> The only way I can
>> 
>>> clean the thing out to start a new connection is to reboot!
>>>   It seems that the server times out, and drops the PPP interface, but
>>> that interface is still hanging around on the client, even though the
>>> log file says:
>>> 
>>> 1 14:15:50 jabba pppd[709]: Connect: ppp0 <--> /dev/ttya0
>>> Nov  1 14:15:54 jabba pppd[709]: Remote message: Welcome to ghost.
>>> Nov  1 14:15:54 jabba kernel: PPP BSD Compression module registered
>>> Nov  1 14:15:54 jabba kernel: PPP Deflate Compression module registered
>>> Nov  1 14:15:55 jabba pppd[709]: Deflate (15) compression enabled
>>> Nov  1 14:15:57 jabba pppd[709]: Cannot determine ethernet address for
>>> proxy ARP
>>> Nov  1 14:15:57 jabba pppd[709]: local  IP address 203.7.194.34
>>> Nov  1 14:15:57 jabba pppd[709]: remote IP address 203.7.194.159
>>> Nov  1 14:21:20 jabba (unknown)[706]:
>>> log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:671]: Call closed (NTFY) (call
>>> id 0)
>>> Nov  1 14:27:57 jabba inetd[503]: pid 753: exit status 1
>>> 
>>> The log file at the server end says this:
>>> 
>>> Nov  1 14:15:10 ghost pppd[709]: Connect: ppp0 <--> /dev/pts/0
>>> Nov  1 14:15:12 ghost pptpd[708]: GRE: Discarding duplicate packet
>>> Nov  1 14:15:14 ghost kernel: PPP BSD Compression module registered
>>> Nov  1 14:15:14 ghost kernel: PPP Deflate Compression module registered
>>> Nov  1 14:15:14 ghost pppd[709]: CHAP peer authentication succeeded for
>>> ron
>>> Nov  1 14:15:14 ghost pppd[709]: Deflate (15) compression enabled
>>> Nov  1 14:15:16 ghost pppd[709]: Cannot determine ethernet address for
>>> proxy ARP
>>> Nov  1 14:15:16 ghost pppd[709]: local  IP address 203.7.194.128
>>> Nov  1 14:15:16 ghost pppd[709]: remote IP address 203.7.194.1
>>> Nov  1 14:15:24 ghost PAM_pwdb[748]: (login) session opened for user ron
>>> by (uid=0)
>>> Nov  1 14:15:34 ghost PAM_pwdb[769]: (su) session opened for user root
>>> by ron(uid=500)
>>> Nov  1 14:20:30 ghost pptpd[708]: CTRL: Session timed out, ending call
>>> Nov  1 14:20:30 ghost pptpd[708]: CTRL: Client 203.7.194.33 control
>>> connection finished
>>> Nov  1 14:20:30 ghost pppd[709]: Modem hangup
>>> Nov  1 14:20:30 ghost pppd[709]: Connection terminated.
>>> Nov  1 14:20:30 ghost pppd[709]: Connect time 5.4 minutes.
>>> Nov  1 14:20:30 ghost pppd[709]: Sent 562 bytes, received 669 bytes.
>>> Nov  1 14:20:30 ghost pppd[709]: Exit.
>>> Nov  1 14:30:00 ghost kernel: PPP: ppp line discipline successfully
>>> unregistered
>> 
>> _______________________________________________
>> pptp-server maillist  -  pptp-server at lists.schulte.org
>> http://lists.schulte.org/mailman/listinfo/pptp-server
>> List services provided by www.schulteconsulting.com!



From pptp at plushkin.com  Thu Nov  2 13:02:59 2000
From: pptp at plushkin.com (Alexander Zeyliger)
Date: Thu, 2 Nov 2000 11:02:59 -0800
Subject: [pptp-server] pptp client problem: pppd CCP ConfRej
Message-ID: <20001102110259.A8411@shell3.ba.best.com>

Hello,

I was trying to get my linux box to connect to a NT firewall
over VPN for a few days now.

I got to the point where the call is authenticated and ppp i/f is up.

Afterwards the log is filled with tons of those CCP ConfReq/ConfRej messages,

...
Nov  1 22:15:25 my_host pppd[1452]: rcvd [CCP ConfReq id=0x60 <mppe 1 0 0 21>]
Nov  1 22:15:25 my_host pppd[1452]: sent [CCP ConfRej id=0x60 <mppe 1 0 0 60>]
Nov  1 22:15:25 my_host pppd[1452]: rcvd [CCP ConfReq id=0x61 <mppe 1 0 0 21>]
Nov  1 22:15:25 my_host pppd[1452]: sent [CCP ConfRej id=0x61 <mppe 1 0 0 60>]
...

and the pptp windows occasionally gets lots of 'warn gre discarding out of
order' messages.  Pings and telnets don't go through ppp.

I've seen this problem mentioned on a few posts, but not a solution...
Anyone got this working??

Thanks for any pointers in advance,


A.Z.

p.s.
I have pptp-linux-1.0.2 and -1.0.3; pppd 2.3.11 patched for mppe,
2.2.17 kernel with mppe modules.



From phil at vibrationresearch.com  Thu Nov  2 13:17:42 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Thu, 2 Nov 2000 14:17:42 -0500
Subject: [pptp-server] Two quickees...
In-Reply-To: <3A01CB89.DE944CC2@themccords.com>
Message-ID: <001601c04501$92fcaa90$4500a8c0@vibrationresearch.com>

I just confirmed that you can use PAP with pptpd.  My client machine was
Windows 2000, and I configured it to custom security settings with no
encryption and only PAP authentication enabled.

Note that I compiled pptpd using --with-pppd-ip-alloc so I specify the IP
address to assign (192.168.1.99) in pap-secrets, instead of using the pool
of addresses in /etc/pptpd.conf


------ /etc/pptpd.conf --------
debug
option /etc/ppp/options.pap
-------------------------------
------ /etc/ppp/options.pap ---
debug
kdebug 1
name gateway
mru 1450
mtu 1450
auth
require-pap
proxyarp
192.168.1.20:
-------------------------------
------ /etc/ppp/pap-secrets ---
phil gateway secret 192.168.1.99
-------------------------------

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Ken McCord
> Sent: Thursday, November 02, 2000 3:16 PM
> Cc: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] Two quickees...
>
>
> 1) Hmmm...couldn't get pap to work, but I'm not using the mppe
> encryption yet.  The pap-secrets file was set up correctly (added the
> line *	<servername>	""	*), the /etc/ppp/options
> file had 'require-pap',
> and pptpd-options had 'require-pap' and '+pap' as well.  Services were
> restarted.  Did I miss something?  Perhaps authentication via pam is a
> possibility?
>
> 2)  Ok, I subscribed through http://www.moretonbay.com/vpn/pptp.html,
> which looks to be a bit out of date.  I'll update my bookmark.
>
> Thanks again,
>
> Ken McCord
>
>
> Philip Van Baren wrote:
> >
> > 1) Chap is required to use the mppe encryption.  Without mppe any ppp
> > authentication scheme should work, as long as both the client
> and server are
> > configured to use the same things.
> >
> > Another option is to apply the patch to use /etc/smbpasswd for chap
> > authentication, if you are already maintaining encrypted smb passwords.
> > (see the patches at poptop.lineo.com)
> >
> > 2) http://poptop.lineo.com/#mailinglist
> >
> > > -----Original Message-----
> > > From: pptp-server-admin at lists.schulte.org
> > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Ken McCord
> > > Sent: Tuesday, October 31, 2000 10:45 PM
> > > To: pptp-server at lists.schulte.org
> > > Subject: [pptp-server] Two quickees...
> > >
> > >
> > > I have two quick questions...
> > >
> > > 1) I have poptop installed and working on a server using chap
> > > authentication.  Rather than having to add a user to
> > > /etc/ppp/chap-secrets every time they will use pptp to access our
> > > network, is there any way to change the authentication to use pap
> > > instead of chap.  My understanding is that I can authenticate
> via pap to
> > > /etc/passwd, in addition to having an entry in /etc/ppp/pap-secrets.
> > >
> > > 2) Is there a searchable archive of the list?
> > >
> > > Thanks,
> > >
> > > Ken McCord
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulteconsulting.com!
> > >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>



From frankh at mwes.com  Thu Nov  2 18:02:38 2000
From: frankh at mwes.com (Frank)
Date: Thu, 2 Nov 2000 18:02:38 -0600 
Subject: [pptp-server] MS encryption (mppe) question
Message-ID: <D65313F86BE0D111A9CA00E029213AC6239DAB@SERVER>

Hi all,

I would like to use the ppp_mppe module for data encryption. According to
the download page:

MSCHAPv2 and MPPE patches

If you want Microsft encryption (MPPE) and authentication (MSCHAPv2) support
download the relevant patch for your pppd source tree. 

                                         The original 2.3.8 patch (50k) 
                                         Daniel Sully submitted a 2.3.10
patch (50k). 
                                         Steve Cowles submitted a 2.3.11
patch (50k) 
                                         There is also a patch for
ppp_mppe.c to fix the compressed data bug. 

I have pppd 2.4. Can I use the 2.3.11 patch? If not what should I do?

Thanks,
Frank

Frank Holt                                            Phone: (414) 327-0000
Project Engineer                                       Fax: (414) 327-8821
Midwest Engineering Systems, Inc            e-mail: frankh at mwes.com



From twm139 at its.to  Thu Nov  2 20:46:21 2000
From: twm139 at its.to (twm139 at its.to)
Date: Thu, 2 Nov 2000 19:46:21 -0700 (MST)
Subject: [pptp-server] Problems Compiling Encryption Support 2.2.17
Message-ID: <Pine.LNX.4.10.10011021938430.31000-100000@arnold.its.to>

I have followed the instructions in the Redhat Howto for setting up the
PopTop software, that worked 100%. Unfortunately the encryption part is
not being as agreeable.

I am using RedHat 6.2
Kernel 2.2.17
pptpd-1.0.0-1

I downloaded and am trying to use the following packages to build the
encryption support.

SSLeay-0.6.6b.tar.gz
ppp-2.3.10.tar.gz
ppp-2.3.10-openssl-norc4-mppe.patch

I follow the instructions, albeit with a different kernel, and I get the
following errors during the 

# make modules SUBDIRS=drivers/net 

command in /usr/src/linux

Any ideas?

Cheers,
Terrence

Make output follows...

# make modules SUBDIRS=drivers/net
make -C  drivers/net CFLAGS="-Wall -Wstrict-prototypes -O2
-fomit-frame-pointer -fno-strict-aliasing -pipe -fno-s
trength-reduce -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2
-DCPU=586 -DMODULE -DMODVERSIONS -includ
e /usr/src/linux-2.2.17/include/linux/modversions.h" MAKING_MODULES=1
modules
make[1]: Entering directory `/usr/src/linux-2.2.17/drivers/net'
cc -D__KERNEL__ -I/usr/src/linux-2.2.17/include -Wall -Wstrict-prototypes
-O2 -fomit-frame-pointer -fno-strict-al
iasing -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2
-malign-functions=2 -DCPU=586 -DMODULE -D
MODVERSIONS -include /usr/src/linux-2.2.17/include/linux/modversions.h
-DEXPORT_SYMTAB -c ppp.c
ppp.c:100: warning: static declaration for
`ppp_unregister_compressor_Ra1b928df' follows non-static
ppp.c:174: `PPP_VERSION' undeclared here (not in a function)
ppp.c: In function `ppp_tty_open':
ppp.c:418: `PPP_MAGIC' undeclared (first use in this function)
ppp.c:418: (Each undeclared identifier is reported only once
ppp.c:418: for each function it appears in.)
ppp.c: In function `ppp_tty_close':
ppp.c:463: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_read':
ppp.c:511: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_write':
ppp.c:600: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_ioctl':
ppp.c:659: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_poll':
ppp.c:817: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_wakeup':
ppp.c:845: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_sync_send':
ppp.c:869: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_sync_push':
ppp.c:922: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_async_send':
ppp.c:978: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_push':
ppp.c:1004: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_async_encode':
ppp.c:1073: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_receive':
ppp.c:1207: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_dev_close':
ppp.c:1560: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_dev_ioctl':
ppp.c:1594: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_ioctl':
ppp.c:1642: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_receive_error':
ppp.c:2235: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_ip':
ppp.c:2266: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_ipv6':
ppp.c:2279: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_ipx':
ppp.c:2292: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_at':
ppp.c:2305: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_vjc_comp':
ppp.c:2320: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_vjc_uncomp':
ppp.c:2345: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_ccp':
ppp.c:2360: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_unknown':
ppp.c:2371: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_send_frame':
ppp.c:2418: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_output_wakeup':
ppp.c:2592: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_send_ctrl':
ppp.c:2608: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_alloc':
ppp.c:2847: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_release':
ppp.c:2933: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `cleanup_module':
ppp.c:3140: `PPP_MAGIC' undeclared (first use in this function)
make[1]: *** [ppp.o] Error 1
make[1]: Leaving directory `/usr/src/linux-2.2.17/drivers/net'
make: *** [_mod_drivers/net] Error 2




From ron at mel.compumod.com.au  Fri Nov  3 00:14:37 2000
From: ron at mel.compumod.com.au (Ron Cresswell)
Date: Fri, 03 Nov 2000 17:14:37 +1100
Subject: [pptp-server] Assigned IP addresses, and dropping the connection
References: <39FFABB3.4289D9C2@mel.compumod.com.au> <3A0060C0.9080602@sarette.com> <3A010F23.27DFDF83@mel.compumod.com.au> <3A01A359.4030300@sarette.com>
Message-ID: <3A0257CD.770790F1@mel.compumod.com.au>

The latest info - 

The problem is in fact at the server end. I can seem to clean up the
client alright, but the server doesn't seem to tidy up after itself
after it drops the connection (pppd drops the line, but pptpd is still
running). I might start this question again as a new thread as I think
the client end is alright (for the moment!). Your summary of closing the
client was correct - thanks for that!

Cheers

Ron

Steve Sarette wrote:
> 
> Ron Cresswell wrote:
> 
> > Thanks for that Steve - your memory is good! I am writing a script to
> > restart the connection if it drops, which is why "reboot" isn't a good
> > option!
> >
> > A couple of other questions arising. I did what you suggested and
> > everything was fine - but I still couldn't reconnect. The pptp client
> > responds with the following message:
> >
> > [root at jabba scripts]# pptp-up
> > warn[open_inetsock:pptp_callmgr.c:287]: connect: Connection refused
> > fatal[callmgr_main:pptp_callmgr.c:122]: Could not open control
> > connection to 203.7.194.163
> > fatal[launch_callmgr:pptp.c:213]: Call manager exited with error 256
> 
> Um, what do your routes look like?  I've never tried setting my default
> route across the pptp connection and then dropping the connection (and I
> don't know if that's what you're doing or not).  Is is possible that you
> can't find a route to 203.7.194.163?  Can you ping it?
> 
> Also, look over your firewall rules before and after the connection and
> make sure you can still move the pptp packets through.  Maybe something
> is getting reset there on the ppp shutdown?
> 
> Other than that, I'll have to go through this again tonight and see if I
> missed anything in my restart sequence. It sure feels like you still
> have the call manager thread running.
> 
> >
> > there are no files left in /var/run/pptp, "ps -ef | grep -i pp" returns
> > no relevant processes (so there are no pptp or ppp processes left). And
> > ifconfig shows only eth0 and lo. So what else could there be? There are
> > no entries in /var/log/messages, so the pptp client isn't even getting
> > as far as trying to contact the server at the far end. Any ideas?
> >
> > One other thing - any idea how to set (or unset) the timeout on the
> > pptpd server? I don't really want it dropping the connection ever,
> > certainly not by choice! Is it an option that can be added in
> > /etc/pptpd.conf?
> 
> No idea, I've never tried to use pptpd.  I was just playing with the
> client end of things.  Which I never really got to work, I should add.
> I could authenticate in and ping the network but all my other tcp/ip
> activity hangs.  I've pretty much given up on this for now.  I'm just
> hanging out on this list hoping that someone will say something one of
> these days that makes me go "D'oh!  Didn't try that..."
> 
> - Steve
> 
> >
> > Thanks again
> >
> > Cheers
> >
> > Ron
> >
> > Steve Sarette wrote:
> >
> >> Ron Cresswell wrote:
> >>
> >> <snippage (because I don't know the answer)>
> >>
> >>> Also, is there a way to cleanly drop this connection?
> >>
> >> become root
> >> ifconfig ppp0 down
> >> kill -HUP `cat /var/run/ppp0.pid`  (not sure of the exact file name, but
> >> it's something like that)
> >> rm /var/run/pptp/<the ip that you connected to>
> >>
> >> I think you also have to kill an additional pptp process.  The FAQ says
> >> that killing the ppp process should kill off the pptp processes too but
> >> I always see one hanging around.  Just do:
> >>
> >> ps -ef | grep pptp
> >>
> >> and kill the process that you see.
> >>
> >> Sorry that I can't be more explicit but I'm on a machine that doesn't
> >> have all this stuff configured so I'm writing this from memory.  Also,
> >> probably there's a cleaner way to go about dropping the connection but I
> >> haven't found it yet.
> >>
> >> Good luck.
> >>
> >> - Steve
> >>
> >> The only way I can
> >>
> >>> clean the thing out to start a new connection is to reboot!
> >>>   It seems that the server times out, and drops the PPP interface, but
> >>> that interface is still hanging around on the client, even though the
> >>> log file says:
> >>>
> >>> 1 14:15:50 jabba pppd[709]: Connect: ppp0 <--> /dev/ttya0
> >>> Nov  1 14:15:54 jabba pppd[709]: Remote message: Welcome to ghost.
> >>> Nov  1 14:15:54 jabba kernel: PPP BSD Compression module registered
> >>> Nov  1 14:15:54 jabba kernel: PPP Deflate Compression module registered
> >>> Nov  1 14:15:55 jabba pppd[709]: Deflate (15) compression enabled
> >>> Nov  1 14:15:57 jabba pppd[709]: Cannot determine ethernet address for
> >>> proxy ARP
> >>> Nov  1 14:15:57 jabba pppd[709]: local  IP address 203.7.194.34
> >>> Nov  1 14:15:57 jabba pppd[709]: remote IP address 203.7.194.159
> >>> Nov  1 14:21:20 jabba (unknown)[706]:
> >>> log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:671]: Call closed (NTFY) (call
> >>> id 0)
> >>> Nov  1 14:27:57 jabba inetd[503]: pid 753: exit status 1
> >>>
> >>> The log file at the server end says this:
> >>>
> >>> Nov  1 14:15:10 ghost pppd[709]: Connect: ppp0 <--> /dev/pts/0
> >>> Nov  1 14:15:12 ghost pptpd[708]: GRE: Discarding duplicate packet
> >>> Nov  1 14:15:14 ghost kernel: PPP BSD Compression module registered
> >>> Nov  1 14:15:14 ghost kernel: PPP Deflate Compression module registered
> >>> Nov  1 14:15:14 ghost pppd[709]: CHAP peer authentication succeeded for
> >>> ron
> >>> Nov  1 14:15:14 ghost pppd[709]: Deflate (15) compression enabled
> >>> Nov  1 14:15:16 ghost pppd[709]: Cannot determine ethernet address for
> >>> proxy ARP
> >>> Nov  1 14:15:16 ghost pppd[709]: local  IP address 203.7.194.128
> >>> Nov  1 14:15:16 ghost pppd[709]: remote IP address 203.7.194.1
> >>> Nov  1 14:15:24 ghost PAM_pwdb[748]: (login) session opened for user ron
> >>> by (uid=0)
> >>> Nov  1 14:15:34 ghost PAM_pwdb[769]: (su) session opened for user root
> >>> by ron(uid=500)
> >>> Nov  1 14:20:30 ghost pptpd[708]: CTRL: Session timed out, ending call
> >>> Nov  1 14:20:30 ghost pptpd[708]: CTRL: Client 203.7.194.33 control
> >>> connection finished
> >>> Nov  1 14:20:30 ghost pppd[709]: Modem hangup
> >>> Nov  1 14:20:30 ghost pppd[709]: Connection terminated.
> >>> Nov  1 14:20:30 ghost pppd[709]: Connect time 5.4 minutes.
> >>> Nov  1 14:20:30 ghost pppd[709]: Sent 562 bytes, received 669 bytes.
> >>> Nov  1 14:20:30 ghost pppd[709]: Exit.
> >>> Nov  1 14:30:00 ghost kernel: PPP: ppp line discipline successfully
> >>> unregistered
> >>
> >> _______________________________________________
> >> pptp-server maillist  -  pptp-server at lists.schulte.org
> >> http://lists.schulte.org/mailman/listinfo/pptp-server
> >> List services provided by www.schulteconsulting.com!

-- 
Ron Cresswell---CFD&EM Manager---Compumod Pty Ltd
Level 7---271 William St---Melbourne---Australia
---Ph.+61 3 9642 0333---Fax +61 3 9642 0330---


From ron at mel.compumod.com.au  Fri Nov  3 01:34:33 2000
From: ron at mel.compumod.com.au (Ron Cresswell)
Date: Fri, 03 Nov 2000 18:34:33 +1100
Subject: [pptp-server] pptp server - not cleaning up after itself when pppd exits
Message-ID: <3A026A89.D260CAF8@mel.compumod.com.au>

Hi Folks,

Does anyone have any suggestions here? I have a linux client connecting
to a linux server (PoPTop). The connection seems to be ok, but after a
while pppd drops the line as a timeout. Now this wouldn't be so bad if
pptpd cleaned up after itself, because I want to re-establish the
connection straight away from the client end, and that means the server
being ready to accept the same connection again... What I get at the
server end is the message

No free connection slots or IPs available - no more clients can connect!

Anyone know what this means? Or how to "clean up" the server without
executing the mother-of-all cleanup commands, "reboot"?

Miscellaneous info-

The only lines (that aren't commented out) in my /etc/pptp.conf file
are:

localip 203.7.194.159
remoteip 203.7.194.34

which are fictional IP addresses on my subnets but are officially
allocated, and the connection does use them. Are there other options
that need to be put here?

My ppp.options file has the following entries:
lock
debug
auth
+chap
proxyarp

And that's it. Any ideas where to look next?

Thanks

Ron







-- 
Ron Cresswell---CFD&EM Manager---Compumod Pty Ltd
Level 7---271 William St---Melbourne---Australia
---Ph.+61 3 9642 0333---Fax +61 3 9642 0330---


From aaa at netman.dk  Fri Nov  3 05:10:10 2000
From: aaa at netman.dk (Alaa AlAmood)
Date: Fri, 03 Nov 2000 12:10:10 +0100
Subject: [pptp-server] pam & poptop
Message-ID: <3A029D12.28A75A08@netman.dk>

Hi

Is it possiple to use PAM (Pluggable Authentication Modules) with poptop
and how

thanks
Alaa




From jvonau at home.com  Fri Nov  3 05:55:46 2000
From: jvonau at home.com (Jerry Vonau)
Date: Fri, 03 Nov 2000 05:55:46 -0600
Subject: [pptp-server] pptp server - not cleaning up after itself when pppd 
 exits
References: <3A026A89.D260CAF8@mel.compumod.com.au>
Message-ID: <3A02A7C2.23AB21B1@home.com>

Hi Ron:

I see the same problem, the pptp client disconnects, then re-connects.
Instead of picking the same ppp interface, it jumps to the next avaible one.

I think you have the same problem, except you have only one pair of ip's
available.
It what I tried on the server, after the disconect, kill the ppp0.pid and
then
do an ifconfig ppp0 down, ifconfig ppp0 up. this seems to correct the
problem for me.
To make it automatic, prehaps a ping program, that whould run the commands
when it
can't ping the other side.

Jerry



Ron Cresswell wrote:

> Hi Folks,
>
> Does anyone have any suggestions here? I have a linux client connecting
> to a linux server (PoPTop). The connection seems to be ok, but after a
> while pppd drops the line as a timeout. Now this wouldn't be so bad if
> pptpd cleaned up after itself, because I want to re-establish the
> connection straight away from the client end, and that means the server
> being ready to accept the same connection again... What I get at the
> server end is the message
>
> No free connection slots or IPs available - no more clients can connect!
>
> Anyone know what this means? Or how to "clean up" the server without
> executing the mother-of-all cleanup commands, "reboot"?
>
> Miscellaneous info-
>
> The only lines (that aren't commented out) in my /etc/pptp.conf file
> are:
>
> localip 203.7.194.159
> remoteip 203.7.194.34
>
> which are fictional IP addresses on my subnets but are officially
> allocated, and the connection does use them. Are there other options
> that need to be put here?
>
> My ppp.options file has the following entries:
> lock
> debug
> auth
> +chap
> proxyarp
>
> And that's it. Any ideas where to look next?
>
> Thanks
>
> Ron
>
> --
> Ron Cresswell---CFD&EM Manager---Compumod Pty Ltd
> Level 7---271 William St---Melbourne---Australia
> ---Ph.+61 3 9642 0333---Fax +61 3 9642 0330---
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!



From ken at themccords.com  Fri Nov  3 09:55:05 2000
From: ken at themccords.com (Ken McCord)
Date: Fri, 03 Nov 2000 07:55:05 -0800
Subject: [pptp-server] Two quickees...
References: <000e01c04428$22ace270$4500a8c0@vibrationresearch.com> <3A01CB89.DE944CC2@themccords.com>
Message-ID: <3A02DFD9.FFF0C13F@themccords.com>

OK, I got it.  Forgot to add 'login' to options for pap to authenticate
to /etc/passwd.  Doh!

Thanks!

Ken McCord


Ken McCord wrote:
> 
> 1) Hmmm...couldn't get pap to work, but I'm not using the mppe
> encryption yet.  The pap-secrets file was set up correctly (added the
> line *  <servername>    ""      *), the /etc/ppp/options file had 'require-pap',
> and pptpd-options had 'require-pap' and '+pap' as well.  Services were
> restarted.  Did I miss something?  Perhaps authentication via pam is a
> possibility?
> 
> 2)  Ok, I subscribed through http://www.moretonbay.com/vpn/pptp.html,
> which looks to be a bit out of date.  I'll update my bookmark.
> 
> Thanks again,
> 
> Ken McCord
> 
> Philip Van Baren wrote:
> >
> > 1) Chap is required to use the mppe encryption.  Without mppe any ppp
> > authentication scheme should work, as long as both the client and server are
> > configured to use the same things.
> >
> > Another option is to apply the patch to use /etc/smbpasswd for chap
> > authentication, if you are already maintaining encrypted smb passwords.
> > (see the patches at poptop.lineo.com)
> >
> > 2) http://poptop.lineo.com/#mailinglist
> >
> > > -----Original Message-----
> > > From: pptp-server-admin at lists.schulte.org
> > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Ken McCord
> > > Sent: Tuesday, October 31, 2000 10:45 PM
> > > To: pptp-server at lists.schulte.org
> > > Subject: [pptp-server] Two quickees...
> > >
> > >
> > > I have two quick questions...
> > >
> > > 1) I have poptop installed and working on a server using chap
> > > authentication.  Rather than having to add a user to
> > > /etc/ppp/chap-secrets every time they will use pptp to access our
> > > network, is there any way to change the authentication to use pap
> > > instead of chap.  My understanding is that I can authenticate via pap to
> > > /etc/passwd, in addition to having an entry in /etc/ppp/pap-secrets.
> > >
> > > 2) Is there a searchable archive of the list?
> > >
> > > Thanks,
> > >
> > > Ken McCord
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulteconsulting.com!
> > >
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!


From jvonau at home.com  Fri Nov  3 08:11:23 2000
From: jvonau at home.com (Jerry Vonau)
Date: Fri, 03 Nov 2000 08:11:23 -0600
Subject: [pptp-server] PPTP IP assignments not right..??
References: <03F12E3EFB51D311837F0000E860EB493FE72B@cittech>
Message-ID: <3A02C78A.185AF022@home.com>

George:
I had the samething happen, with a single localip,
but with a range of ip's is fine.
Don't figure.
I just used a range of ip's of the local
Jerry


George Vieira wrote:

> This is what I have in my /etc/pptpd.conf
> Not sure if I can do this though...
>
> #localip 192.168.0.234-238,192.168.0.245
> #remoteip 192.168.1.234-238,192.168.1.245
> localip 192.168.100.1
> remoteip 192.168.100.65-80
>
> But I get this on my internet Linux box...
>
> ppp2      Link encap:Point-to-Point Protocol
>           inet addr:192.168.1.254  P-t-P:192.168.100.1  Mask:255.255.255.255
>           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>           RX packets:6 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:10
>
> ppp1 is another VPN which has the local IP of 192.168.1.254 and it sounds
> like the PPTPD server doesn't assign me an IP so the local machien gives the
> 192.168.1.254 address..
>
> Any ideas? Please....???? ;)
>
> -----Original Message-----
> From: George Vieira [mailto:georgev at citadelcomputer.com.au]
> Sent: Thursday, November 02, 2000 4:59 PM
> To: PPTP List (E-mail)
> Subject: [pptp-server] PPTP IP assignments not right..??
>
> Hi all,
>
> I finally got it working.. don't know where I stuffed up but it was
> something in the /etc/pptpd.conf as I deleted it and created a new one and
> worked... weird..??
>
> I am trying to assign IPs to the remote hosts who connect but they get an IP
> of 192.168.0.1 which is not in the /etc/pptp.conf file.??
>
> any ideas what I've done wrong..?
>
> thanks,
> George Vieira
> Network Administrator
> http://www.citadelcomputer.com.au
> PGP Fingerprint :       43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
> PGP KeyID:              0x38A9A10C
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!



From cresswell at comcen.com.au  Sat Nov  4 18:32:24 2000
From: cresswell at comcen.com.au (Ron Cresswell)
Date: Sun, 05 Nov 2000 11:32:24 +1100
Subject: [pptp-server] pptpd connection established - ping not working!
Message-ID: <3A04AA98.4000300@comcen.com.au>

Hi Folks, sorry about the length of this email but I figured it was 
preferable to have too much info than too little.

Two things (at least) not working on my connection at the moment. Doubt 
if they are related, but they might be.

Once the connection is established, I can't ping a machine behind the 
server, although I can ping the server quite happily (this is my current 
main concern)

Second, I am (for the moment) adding the routing tables by hand after 
the connection comes up, because the server end doesn't seem to be 
executing /etc/ppp/ip-up.local after the ppp link is established, even 
though that's what RedHat is supposed to do.

my connection is VPN-client (jabba) -> firewall (hades) -> internet -> 
firewall (cerberus) -> VPN-server (ghost). I am trying to ping from the 
VPN client to a machine in the subnet of the VPN server.

IP-forwarding is switched on on both VPN-client and VPN-Server, both of 
which are running a "server" install of RedHat 6.2. I am trying to 
connect two subnets (203.7.194.0/25 and 203.7.194.128/26) via the pptp link.

Now the routing tables look symmetric (see below), but if I try a 
traceroute from client machine to "machine in subnet of server" I get:

traceroute to zaphod.compumod.com.au (203.7.194.169), 30 hops max, 38 
byte packets
1  ghost-VPN.compumod.com.au (203.7.194.159)  451.431 ms  333.927 ms  
369.523 ms
2  * * *
3  * * *

Whereas, if I try a traceroute from the server machine to "machine in 
subnet of client" I get this:

traceroute to swami.compumod.com.au (203.7.194.30), 30 hops max, 38 byte 
packets
1  * * *

Does this make sense to anyone? It sounds as though the routing tables 
aren't right, but see below -

Once the link is up, my routing tables look like this:
On Jabba (the client):

Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
ghost-VPN.compu *               255.255.255.255 UH    0      0        0 ppp0
jabba           *               255.255.255.255 UH    0      0        0 eth0
ghost.compumod. hades.syd.compu 255.255.255.255 UGH   0      0        0 eth0
203.7.194.0     *               255.255.255.128 U     0      0        0 eth0
203.7.194.128   *               255.255.255.128 U     0      0        0 ppp0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         hades.syd.compu 0.0.0.0         UG    0      0        0 eth0

On Ghost (the server), the routing table looks like this:

Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
jabba.compumod. cerberus.compum 255.255.255.255 UGH   0      0        0 eth0
jabba-VPN.compu *               255.255.255.255 UH    0      0        0 ppp0
ghost.compumod. *               255.255.255.255 UH    0      0        0 eth0
203.7.194.0     *               255.255.255.128 U     0      0        0 ppp0
203.7.194.128   *               255.255.255.128 U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         cerberus.compum 0.0.0.0         UG    0      0        0 eth0

So my pptp IP addresses are on the local subnet (as recommended to get 
around the proxyarp problem, which I don't understand anyway so 
allocated ips on the local subnets) - jabba has an IP address of 
203.7.194.33 and its VPN ip address is 203.7.194.34. Simliar with ghost 
and ghost-VPN - 203.7.194.163 and 203.7.193.159.

an "ifconfig" on each box shows the following for the ppp0 connection:

on ghost

ppp0      Link encap:Point-to-Point Protocol 
         inet addr:203.7.194.159  P-t-P:203.7.194.34  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:114 errors:0 dropped:0 overruns:0 frame:0
         TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:10

on jabba:

ppp0      Link encap:Point-to-Point Protocol 
         inet addr:203.7.194.34  P-t-P:203.7.194.159  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:8 errors:0 dropped:0 overruns:0 frame:0
         TX packets:115 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:10

I'm getting very close to abandoning pptp in favour of starting from 
scratch with another approach (although I don't really have time to do 
that either!). Any thoughts?

Ron







From yvl at rapid-e.de  Sun Nov  5 03:41:55 2000
From: yvl at rapid-e.de (Yves Lange)
Date: Sun, 5 Nov 2000 10:41:55 +0100
Subject: [pptp-server] RedHat 7.0 Kernel 2.2.16
Message-ID: <93AD3E8E56418E4B9528711C85117C6E9C93@RAPID-E-DC.rapid-e.de>

Hi,

I am trying to compile the PPP with MSCHAPv2/MPPE Support into the 2.2.16
Kernel, but I get a lot of errors, when I compile the kernel-modules, does
some body do the same before ?
Can somebody help ?

Regards

Yves.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001105/860c2303/attachment.html>

From kenny at digitalrebel.org  Sun Nov  5 17:39:55 2000
From: kenny at digitalrebel.org (Kenneth E. Lussier)
Date: Sun, 05 Nov 2000 18:39:55 -0500
Subject: [pptp-server] RedHat 7.0 Kernel 2.2.16
References: <93AD3E8E56418E4B9528711C85117C6E9C93@RAPID-E-DC.rapid-e.de>
Message-ID: <3A05EFCB.7A765625@digitalrebel.org>

There could be several issues here. First off, RH7 ships with
non-standard compilers and libraries. When you rebuild the kernel, try
doing:
make dep clean bzImage modules modules_install CC="kgcc".

Another thing that I have seen is a missing libraries. If the date
stamps in the kernel source are more recent then the ppp source, then
you need to touch the ppp source files. I use an install script that
touches the source files, removes and recreates symlinks (since touch
doesn't update their timestamp), etc. I have a copy of the script, along
with the patched ppp source, the linux pptp client, start and stop
scripts, options scripts, etc. I wil send it to anyone that wants it (it
hasn't made it to my website yet). It is more geared toward a Linux pptp
client, but it can be tailored to a server.

FYI,
Kenny 

> Yves Lange wrote:
> 
> Hi,
> 
> I am trying to compile the PPP with MSCHAPv2/MPPE Support into the
> 2.2.16 Kernel, but I get a lot of errors, when I compile the
> kernel-modules, does some body do the same before ?
> 
> Can somebody help ?
> 
> Regards
> 
> Yves.


From giulioo at pobox.com  Mon Nov  6 01:30:51 2000
From: giulioo at pobox.com (Giulio Orsero)
Date: Mon, 06 Nov 2000 08:30:51 +0100
Subject: [pptp-server] RedHat 7.0 Kernel 2.2.16
In-Reply-To: <93AD3E8E56418E4B9528711C85117C6E9C93@RAPID-E-DC.rapid-e.de>
References: <93AD3E8E56418E4B9528711C85117C6E9C93@RAPID-E-DC.rapid-e.de>
Message-ID: <20001106073147.6AABF1664F@i3.golden.dom>

On Sun, 5 Nov 2000 10:41:55 +0100, you wrote:

>I am trying to compile the PPP with MSCHAPv2/MPPE Support into the 2.2.16
>Kernel, but I get a lot of errors, when I compile the kernel-modules, does
>some body do the same before ?

I've succesfully patched the rh70 kernel srpms (I'm using it on rh61)
with mppe.
You have to follow the same guidelines that you use for stock 2.2.16
(add MAGIC definitions in include files)

http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff

-- 
giulioo at pobox.com


From mac at empeg.com  Mon Nov  6 04:46:28 2000
From: mac at empeg.com (Mike Crowe)
Date: Mon, 6 Nov 2000 10:46:28 -0000
Subject: [pptp-server] Connection performance degrading over time
Message-ID: <005501c047de$d16c9580$c8010a0a@dodgy>

Clients can connect to our PPTP server and log in fine using MPPE 128 bit
encryption from Windows 2000 and Windows Me clients. Once connected
performance gradually degrades (dropped packets) until after a few hundred
kilobytes no more data is transferred. The indicator in the system tray
continues to light up. Nothing interesting appears to be written to the
logs.

I've looked through some of the mailing list archives and the FAQ but
couldn't see anything related.

We're running pptpd-1.0.0, ppp-2.3.10, ppp-2.3.10-openssl-norc4-mppe.patch,
Linux kernel 2.2.17 on a RedHat 6.0 system. Is it worth upgrading ppp, which
is the currently recommended version that applies cleanly (or with minimal
tweaking)?

TIA

--
Mike Crowe
empeg ltd



From s.klein at onaras.ch  Mon Nov  6 08:04:44 2000
From: s.klein at onaras.ch (S. Klein)
Date: Mon, 6 Nov 2000 15:04:44 +0100
Subject: [pptp-server] NT Domain Authentification
Message-ID: <005801c047fa$8429c560$e58d5693@MCIB97KLEI>

Hi,

Is it possible to let clients of a PoPToP Server authentificate against a NT Domain cotroller ? Where can I find infos on how to do this ?

Thank you
SK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001106/5c088842/attachment.html>

From boris at microtrader.com  Mon Nov  6 15:21:38 2000
From: boris at microtrader.com (Boris Reisig)
Date: Mon, 6 Nov 2000 15:21:38 -0600
Subject: [pptp-server] PPTP Client redialer script?
Message-ID: <001201c04837$8cf2d6e0$2f01a8c0@esmith.microtrader.com>

I finally got the PPTP client working. I had to add my ip on client to the default route and I could now ping both sides of the network. But the question I have is has anyone wrote a pptp bash script to keep the connection up 24/7? Im looking to get my connection up 24/7 and if it disconnects I want it to reconnect immediately. Does anyone have any kind of script to do that?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001106/51e640e2/attachment.html>

From cresswell at comcen.com.au  Mon Nov  6 19:16:32 2000
From: cresswell at comcen.com.au (Ron Cresswell)
Date: Tue, 07 Nov 2000 12:16:32 +1100
Subject: [pptp-server] PPTP Client redialer script?
References: <001201c04837$8cf2d6e0$2f01a8c0@esmith.microtrader.com>
Message-ID: <3A0757F0.3070903@comcen.com.au>

Hi Boris,

I started one, but so far haven't figured out how to get the server end 
to drop it's connection so that the client can reconnect - I'm using a 
single fixed pair of IP addresses and if the server doesn't drop it's 
connection, the address that the client tries to reconnect to is in use.

Anyway, here's what I was going to use at the client end (run the script 
once per minute as a cron job - it checks that the connection is up, and 
if not it reinitiates and starts a new connection):

-----cut here-------
#!/bin/bash
ans1=`ps -ef | grep pptp | grep -v grep | grep -v query | wc -l | 
/bin/awk '{print $1}'`
tim=`date | awk '{print $4}'`
dat=`date | awk '{print $1 " " $2 " " $3 }'`
if [ "$ans1" = "0" ]
then
echo "pptp is down!"
echo "cleaning up pptp"
ifconfig ppp0 down
kill -HUP `cat /var/run/ppp0.pid`
rm /var/run/pptp/*
echo "re-initiating link on $dat at $tim"
/usr/local/bin/pptp-up
fi
-----cut here-------

Cheers

Ron

Boris Reisig wrote:

> I finally got the PPTP client working. I had to add my ip on client to 
> the default route and I could now ping both sides of the network. But 
> the question I have is has anyone wrote a pptp bash script to keep the 
> connection up 24/7? Im looking to get my connection up 24/7 and if it 
> disconnects I want it to reconnect immediately. Does anyone have any 
> kind of script to do that?
> 



From georgev at citadelcomputer.com.au  Tue Nov  7 05:05:26 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Tue, 7 Nov 2000 22:05:26 +1100 
Subject: [pptp-server] Unauthorized remote IP
Message-ID: <03F12E3EFB51D311837F0000E860EB493FE75E@cittech>

I had this working before though it was not giving me my remote IP address
of 192.168.60.65, but now I do receive the IP (forced) but the peer (client)
is refusing to accept that the servers IP is on 192.168.60.1  which it is
and won't connect..??

Why doesn't the client allow the server to have this IP? I placed on both
servers the ipcp-accept-remote and ipcp-accept-local for the IPs and in
/etc/ppp/chap-secrets I have a * for the IP address.

I know this is probably more a PPPD thing but I need help to get my VPN
working again.. which is did and dies numberous times...


Nov  7 21:49:52 citadel2k pppd[26446]: pppd 2.3.10 started by root, uid 0
Nov  7 21:49:52 citadel2k pppd[26446]: Using interface ppp2
Nov  7 21:49:52 citadel2k pppd[26446]: Connect: ppp2 <--> /dev/pts/7
Nov  7 21:49:54 citadel2k pptpd[26424]: GRE: Discarding duplicate packet
Nov  7 21:49:55 citadel2k pppd[26446]: local  IP address 192.168.60.1
Nov  7 21:49:55 citadel2k pppd[26446]: remote IP address 192.168.60.65
Nov  7 21:49:55 citadel2k pppd[26446]: Deflate (15) compression enabled
Nov  7 21:49:55 citadel2k pppd[26446]: IPCP terminated by peer (Unauthorized
remote IP address)
Nov  7 21:49:55 citadel2k pppd[26446]: LCP terminated by peer (No network
protocols running)
Nov  7 21:49:58 citadel2k pppd[26446]: Connection terminated.
Nov  7 21:49:58 citadel2k pppd[26446]: Connect time 0.1 minutes.
Nov  7 21:49:58 citadel2k pppd[26446]: Sent 224 bytes, received 269 bytes.
Nov  7 21:49:58 citadel2k pppd[26446]: Exit. 


From tife.chan at adsociety.com  Tue Nov  7 10:02:25 2000
From: tife.chan at adsociety.com (Tife Chan)
Date: Wed, 8 Nov 2000 00:02:25 +0800
Subject: [pptp-server] NT Domain Authentification
References: <005801c047fa$8429c560$e58d5693@MCIB97KLEI>
Message-ID: <015501c048d4$1f1ffab0$0100000a@tife>

Yes, you can do that with smb pam modules.
I'm not sure about other distribution, but if you are using redhat
distribution,
the default ppp authentication should be using PAM.

Hope this can help.

Tife

----- Original Message -----
From: S. Klein
To: pptp-server at lists.schulte.org
Sent: Monday, November 06, 2000 10:04 PM
Subject: [pptp-server] NT Domain Authentification


Hi,

Is it possible to let clients of a PoPToP Server authentificate against a NT
Domain cotroller ? Where can I find infos on how to do this ?

Thank you
SK



From boris at microtrader.com  Tue Nov  7 17:42:52 2000
From: boris at microtrader.com (Boris Reisig)
Date: Tue, 7 Nov 2000 17:42:52 -0600
Subject: [pptp-server] Peer refused to authenticate.
Message-ID: <003c01c04914$7297d2e0$2f01a8c0@esmith.microtrader.com>

I am getting a weird connecting error when tring to use pptp client to connect to my main server. I have both linux boxes using the same configuration files exactly but only 1 seems to connect.


/etc/chap-secrets
jack    *    jack    *

/etc/options
noauth
debug
proxyarp

On both systems. The first computer connects no problem via the pptp client. The second computer has the following error. 

pppd[300]: pppd 2.3.11 started by root, uid 0
pppd[300]: Using interface ppp0
pppd[300]: Connect: ppp0 <--> /dev/ttya0
kernel: PPP BSD Compression module registered
kernel: PPP Deflate Compression module registered
pppd[300]: LCP terminated by peer (peer refused to authenticated)
pppd[300]: Connection terminated
pppd[300]: Exit.

What the heck is going on. I ever tried "auth" and the "name" in the options file. nothing. Anyone run into this kind of trouble and know how to fix it? I 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001107/8a857e61/attachment.html>

From drjchris at yahoo.com  Tue Nov  7 17:56:57 2000
From: drjchris at yahoo.com (Chris Carella)
Date: Tue, 7 Nov 2000 15:56:57 -0800 (PST)
Subject: [pptp-server] Encryption Proof
Message-ID: <20001107235657.6679.qmail@web9703.mail.yahoo.com>

What log can I check to see if encryption is working?
And what would it look like?
-chris-


--- Philip Van Baren <phil at vibrationresearch.com>
wrote:
> Others have said WINS, but I'll give an alternate
> answer:
> 
> If you list the IP numbers and host names of all of
> your windows PCs in the
> c:\windows\hosts AND c:\windows\lmhosts files on the
> Win9x VPN client PCs
> (in the winnt\system32\drivers\etc directory on
> WinNT machines), they will
> be able to access the windows PC shares without
> using WINS.
> 
> Also, if you configure the samba box to maintain
> browse lists (and it
> actually does this properly: check if the
> /var/lock/samba/browse.dat file
> contains a list of all of your machines) then the
> machines will also appear
> in Network Neighborhood, again without using WINS.
> 
> Phil
> 
> 
> 
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> > [mailto:pptp-server-admin at lists.schulte.org]On
> Behalf Of Peter Alliett
> > Sent: Tuesday, October 17, 2000 8:31 AM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] Poptop and Windows clients
> >
> >
> > I have poptop and samba on the same linux box but
> when windows
> > clients dial
> > in they can only access the windows share pc's by
> putting in the
> > IP address.
> > Also nothing shows up in Network Neighbourhood. 
> What am I missing here.
> >
> > Peter
> >
> > _______________________________________________
> > pptp-server maillist  - 
> pptp-server at lists.schulte.org
> >
>
http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by
> www.schulteconsulting.com!
> >
> 
> _______________________________________________
> pptp-server maillist  - 
> pptp-server at lists.schulte.org
>
http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> 
> 
> 


__________________________________________________
Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one Place.
http://shopping.yahoo.com/


From ed at schernau.com  Tue Nov  7 18:52:58 2000
From: ed at schernau.com (Edward Schernau)
Date: Tue, 07 Nov 2000 19:52:58 -0500
Subject: [pptp-server] Encryption Proof
References: <20001107235657.6679.qmail@web9703.mail.yahoo.com>
Message-ID: <3A08A3EA.109C58C6@schernau.com>

Get the sniffit package - watch the packets fly by on the screen.

It was very gratifying to see ASCII garbage go by as I used SSH.
I chuckled as the plain-text POP3 stuff flew by.

Just a little reality check.

Ed
P.S.	I dont know where it is, do a search - I dont want to
post the tarball to the mailing list.

Chris Carella wrote:
> 
> What log can I check to see if encryption is working?
> And what would it look like?
> -chris-
> 
> --- Philip Van Baren <phil at vibrationresearch.com>
> wrote:
> > Others have said WINS, but I'll give an alternate
> > answer:
> >
> > If you list the IP numbers and host names of all of
> > your windows PCs in the
> > c:\windows\hosts AND c:\windows\lmhosts files on the
> > Win9x VPN client PCs
> > (in the winnt\system32\drivers\etc directory on
> > WinNT machines), they will
> > be able to access the windows PC shares without
> > using WINS.
> >
> > Also, if you configure the samba box to maintain
> > browse lists (and it
> > actually does this properly: check if the
> > /var/lock/samba/browse.dat file
> > contains a list of all of your machines) then the
> > machines will also appear
> > in Network Neighborhood, again without using WINS.
> >
> > Phil
> >
> >
> >
> > > -----Original Message-----
> > > From: pptp-server-admin at lists.schulte.org
> > > [mailto:pptp-server-admin at lists.schulte.org]On
> > Behalf Of Peter Alliett
> > > Sent: Tuesday, October 17, 2000 8:31 AM
> > > To: pptp-server at lists.schulte.org
> > > Subject: [pptp-server] Poptop and Windows clients
> > >
> > >
> > > I have poptop and samba on the same linux box but
> > when windows
> > > clients dial
> > > in they can only access the windows share pc's by
> > putting in the
> > > IP address.
> > > Also nothing shows up in Network Neighbourhood.
> > What am I missing here.
> > >
> > > Peter
> > >
> > > _______________________________________________
> > > pptp-server maillist  -
> > pptp-server at lists.schulte.org
> > >
> >
> http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by
> > www.schulteconsulting.com!
> > >
> >
> > _______________________________________________
> > pptp-server maillist  -
> > pptp-server at lists.schulte.org
> >
> http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
> >
> >
> 
> __________________________________________________
> Do You Yahoo!?
> Thousands of Stores.  Millions of Products.  All in one Place.
> http://shopping.yahoo.com/
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!


From rage at sohonetworks.cc  Tue Nov  7 21:40:52 2000
From: rage at sohonetworks.cc (Jason Osborne)
Date: Tue, 7 Nov 2000 21:40:52 -0600
Subject: [pptp-server] a few quick questions
Message-ID: <NEBBLMAGELJABJGLOKNAAEHACCAA.rage@sohonetworks.cc>

I had a few quick questions to run by everyone. I know they are sort of off
topic as far as support goes, but here they are.

Q. #1) What makes using a software VPN solution better than buying a router
that allows vpn connections to a network? Is a software solution more
secure? Provide faster access? More cost effective? In what ways?

Q. #2) Which implimentation of a VPN is better? PPTP, IPSec, or VATM (i
think that is what it is called)?

Q. #3) What options do netware users have when using PopTop VPN Server and
Linux?

--
Jason Osborne
Data and Telecom Network Solutions
Your total Internetworking solutions provider!
3847 Timberglen Rd., STE 4013
Dallas, TX 75287
Phone: 972-307-0676
Mobile: 214-284-3337
Web: http://www.sohonetworks.cc
E-mail: sales at sohonetworks.cc



From leuzim at pib.com.br  Wed Nov  8 05:45:53 2000
From: leuzim at pib.com.br (Leonardo Pimenta Gonzalez)
Date: Wed, 08 Nov 2000 11:45:53 GMT
Subject: [pptp-server] Vpn PPTP Linux Client
Message-ID: <20001108114553.22765.qmail@prointernet.com.br>

Hello,

I need Help!!!

I trying to configure a vpn PPTP linux Client to conect on a linux pptp
server, but i can't make it. 
Somebody can help me????
I need a HowTO or a basic configuration  for a Client Linux or one web link
for help me on configuration of client side. 

I using a Suse 6.4 kernel 2.2.14.

Thanks a lot !!!
CYA


From drjchris at yahoo.com  Wed Nov  8 09:17:55 2000
From: drjchris at yahoo.com (Chris Carella)
Date: Wed, 8 Nov 2000 07:17:55 -0800 (PST)
Subject: [pptp-server] Encryption Proof
Message-ID: <20001108151755.77917.qmail@web9703.mail.yahoo.com>

Does 'require encrypted data' need to be check on the
MS Client to use encryption?
Chris


--- Edward Schernau <ed at schernau.com> wrote:
> Get the sniffit package - watch the packets fly by
> on the screen.
> 
> It was very gratifying to see ASCII garbage go by as
> I used SSH.
> I chuckled as the plain-text POP3 stuff flew by.
> 
> Just a little reality check.
> 
> Ed
> P.S.	I dont know where it is, do a search - I dont
> want to
> post the tarball to the mailing list.
> 
> Chris Carella wrote:
> > 
> > What log can I check to see if encryption is
> working?
> > And what would it look like?
> > -chris-
> > 
> > --- Philip Van Baren <phil at vibrationresearch.com>
> > wrote:
> > > Others have said WINS, but I'll give an
> alternate
> > > answer:
> > >
> > > If you list the IP numbers and host names of all
> of
> > > your windows PCs in the
> > > c:\windows\hosts AND c:\windows\lmhosts files on
> the
> > > Win9x VPN client PCs
> > > (in the winnt\system32\drivers\etc directory on
> > > WinNT machines), they will
> > > be able to access the windows PC shares without
> > > using WINS.
> > >
> > > Also, if you configure the samba box to maintain
> > > browse lists (and it
> > > actually does this properly: check if the
> > > /var/lock/samba/browse.dat file
> > > contains a list of all of your machines) then
> the
> > > machines will also appear
> > > in Network Neighborhood, again without using
> WINS.
> > >
> > > Phil
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: pptp-server-admin at lists.schulte.org
> > > > [mailto:pptp-server-admin at lists.schulte.org]On
> > > Behalf Of Peter Alliett
> > > > Sent: Tuesday, October 17, 2000 8:31 AM
> > > > To: pptp-server at lists.schulte.org
> > > > Subject: [pptp-server] Poptop and Windows
> clients
> > > >
> > > >
> > > > I have poptop and samba on the same linux box
> but
> > > when windows
> > > > clients dial
> > > > in they can only access the windows share pc's
> by
> > > putting in the
> > > > IP address.
> > > > Also nothing shows up in Network
> Neighbourhood.
> > > What am I missing here.
> > > >
> > > > Peter
> > > >
> > > >
> _______________________________________________
> > > > pptp-server maillist  -
> > > pptp-server at lists.schulte.org
> > > >
> > >
> >
>
http://lists.schulte.org/mailman/listinfo/pptp-server
> > > > List services provided by
> > > www.schulteconsulting.com!
> > > >
> > >
> > > _______________________________________________
> > > pptp-server maillist  -
> > > pptp-server at lists.schulte.org
> > >
> >
>
http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by
> www.schulteconsulting.com!
> > >
> > >
> > >
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Thousands of Stores.  Millions of Products.  All
> in one Place.
> > http://shopping.yahoo.com/
> > _______________________________________________
> > pptp-server maillist  - 
> pptp-server at lists.schulte.org
> >
>
http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by
www.schulteconsulting.com!


__________________________________________________
Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one Place.
http://shopping.yahoo.com/


From yvo at boudenoodt.com  Wed Nov  8 13:31:31 2000
From: yvo at boudenoodt.com (Yvo Boudenoodt)
Date: Wed, 8 Nov 2000 20:31:31 +0100 
Subject: [pptp-server] Encryption Proof
Message-ID: <11B0293266FBD31186E300400541CE2F4C6A@NTSERVER>

U wil see a message like :

Sep 24 18:29:07 kerpar pppd[18820]: rcvd [CCP ConfAck id=0x3 <mppe 1 0 0
40>]
Sep 24 18:29:07 kerpar pppd[18820]: MPPE 128 bit, stateless compression
enabled

in your pptpd.log file

-----Original Message-----
From: Chris Carella [mailto:drjchris at yahoo.com]
Sent: Wednesday, November 08, 2000 12:57 AM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] Encryption Proof


What log can I check to see if encryption is working?
And what would it look like?
-chris-


--- Philip Van Baren <phil at vibrationresearch.com>
wrote:
> Others have said WINS, but I'll give an alternate
> answer:
> 
> If you list the IP numbers and host names of all of
> your windows PCs in the
> c:\windows\hosts AND c:\windows\lmhosts files on the
> Win9x VPN client PCs
> (in the winnt\system32\drivers\etc directory on
> WinNT machines), they will
> be able to access the windows PC shares without
> using WINS.
> 
> Also, if you configure the samba box to maintain
> browse lists (and it
> actually does this properly: check if the
> /var/lock/samba/browse.dat file
> contains a list of all of your machines) then the
> machines will also appear
> in Network Neighborhood, again without using WINS.
> 
> Phil
> 
> 
> 
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> > [mailto:pptp-server-admin at lists.schulte.org]On
> Behalf Of Peter Alliett
> > Sent: Tuesday, October 17, 2000 8:31 AM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] Poptop and Windows clients
> >
> >
> > I have poptop and samba on the same linux box but
> when windows
> > clients dial
> > in they can only access the windows share pc's by
> putting in the
> > IP address.
> > Also nothing shows up in Network Neighbourhood. 
> What am I missing here.
> >
> > Peter
> >
> > _______________________________________________
> > pptp-server maillist  - 
> pptp-server at lists.schulte.org
> >
>
http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by
> www.schulteconsulting.com!
> >
> 
> _______________________________________________
> pptp-server maillist  - 
> pptp-server at lists.schulte.org
>
http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> 
> 
> 


__________________________________________________
Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one Place.
http://shopping.yahoo.com/
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From yvo at boudenoodt.com  Thu Nov  9 14:11:30 2000
From: yvo at boudenoodt.com (Yvo Boudenoodt)
Date: Thu, 9 Nov 2000 21:11:30 +0100 
Subject: [pptp-server] Windows DUN connection hangs after file transfe
	r
Message-ID: <11B0293266FBD31186E300400541CE2F4C6B@NTSERVER>

Hello,

If you see in your logfile something like 'receiving compressed data' u r
dealing with the mppe stateless bug and should look for some source hackings

regards

Yvo

-----Original Message-----
From: remi at sonitec.com [mailto:remi at sonitec.com]
Sent: Friday, January 04, 1980 7:40 AM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] Windows DUN connection hangs after file transfer


Hi all,
I successfully (well to some point) installed poptop 1.0.0 and ppp-2.3.11 on
a redhat 6.2 dist with kernel 2.2.17 (not from RPMS,
but from ftp.kernel.org configured with RedHat's config file). I didn't use
any RPMs since I wanted to patch for MSCHAP password
auth. I also have a firewall configured for masquerading tcp 1723 and GRE.
Timeouts are all set to 2 hours. Firewall
is connected by cable modem to the net.

Now here's my problem:

Whenever Win95 or Win98 clients connect to the PPTP, after some random time
the connection dies. I was able once to
keep exchanging data over 20 min, but after that i must disconnect and
reconnect to the server. Could this be an issue
with the cable modem or could it be MPPE stateless bug? I also tried
ppp-2.3.8 with mschap and mppe patch but with
the same results. I can get a debug log if needed.

Cordially,
Remi Desrosiers
Tech support

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From ceverett at ceverett.com  Thu Nov  9 15:50:07 2000
From: ceverett at ceverett.com (Christopher L. Everett)
Date: Thu, 09 Nov 2000 15:50:07 -0600
Subject: [pptp-server] Can't ping through; proxy arp works
Message-ID: <3A0B1C0F.AC648DFA@ceverett.com>

All:

I'm having a problem with PoPToP where the routing
table doesn't seem to get properly updated to account 
for the incoming connection.

I'm not seeing any error messages for proxy-arp.  But
after a connection, the first entry in the routing 
table looks like this:

10.0.0.202	0.0.0.0		255.255.255	ppp0
^		^		^		^
the remotely	why the		I think this	and so
connected box	default route	is right ...	is this
		here?

In any case, I can't ping thru.  There are arent any 
arp prooxy error messages like a similar problem in
the FAQ's at www.moretonbay.com.

Any ideas?

  --Christopher

Christopher L. Everett


From tife.chan at adsociety.com  Thu Nov  9 21:53:25 2000
From: tife.chan at adsociety.com (Tife Chan)
Date: Fri, 10 Nov 2000 11:53:25 +0800
Subject: [pptp-server] PPTP connection problem: "discarding out-of-ouder"
Message-ID: <OBEKKCGDEJBKCDOMMPBHIEEPCCAA.tife.chan@adsociety.com>

Hi all,
I've successfully setup the pptp server and client, but when i try to
download files from server side network to the client machine, the client
side continueously pop out this message

warn[decaps_gre:pptp_gre.c:239]: discarding out-of-ouder

and the download speed drops accrodingly.... did anyone exprienced this
problem too? any solution about that? my server is RedHat 7 with pptpd-1.1.1
and client machine is also RedHat 7 with the pptp client installed.

Thanks a lot!

Regards,
Tife


From tdn at stack.ru  Thu Nov  9 22:17:18 2000
From: tdn at stack.ru (Tolpanov, Dmitry)
Date: Fri, 10 Nov 2000 11:17:18 +0700
Subject: [pptp-server] unsubsribe
Message-ID: <807044A67EA3D211B11D00A024E91A45F2D250@exch.stack.ru>

unsubsribe


From g.rowe at mindspring.com  Fri Nov 10 07:04:07 2000
From: g.rowe at mindspring.com (Glenn Rowe)
Date: Fri, 10 Nov 2000 08:04:07 -0500
Subject: [pptp-server] unsubsribe
Message-ID: <OJEDIFPBCPEKEHGJLKOKAEJECAAA.g.rowe@mindspring.com>

unsubsribe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001110/81501634/attachment.html>

From len at ghy.com  Fri Nov 10 09:14:41 2000
From: len at ghy.com (Leonard L. Goldenstein)
Date: Fri, 10 Nov 2000 09:14:41 -0600
Subject: [pptp-server] Two PTPP Clients Behind an IP MASQ'ed Machine Connecting to the Same PPTP Server.
Message-ID: <MPBBIEGNHCKJGNKPHFAPAECEECAA.len@ghy.com>

Hi Everyone,
First off I'd like to thank all list subscribers for their on-going help to
the whole PoPToP/PPTP community, great work!

Now I really need some help...

Here is a bad diagram of the current network configuration I have:

Remote
Office:
[A]-\			     /	Main
    [C]--***********--[D]--  Office LAN
[B]-/			     \     (PoPToP 1.1.2 + utmp patch)

A & B are Windows 98 workstations
C is a Linux 2.2.17 router using s single IP ADSL connection to the Internet
D is the Main office Linux 2.2.17 router & LAN

What I'd like to do is have A & B behind the MASQ'd Linux box C and both A &
B can be connection to D at the same time.  A & C both have the Windows VPN
client installed and configured.

Now what's going on is that PC A can connect just fine to D through the
MASQ'd router(C).  However, when trying to connect B, the connections works
but no data goes through - I get messages on D from PoPToP:

Nov  9 15:23:30 access pptpd[28455]: Discarding out-of-order packet 26,
already
have 502
Nov  9 15:23:42 access pptpd[27881]: Discarding out-of-order packet 27,
already
have 502
Nov  9 15:23:42 access pptpd[28455]: Discarding out-of-order packet 27,
already
have 502

It appears to me that PoPToP on the server is mistaking computer B's
datastream as data coming from computer A.  Since several packet sequences
have already been transmitted to and from computer A's VPN connection, it is
saying that computer B's packets have already been sent and recieved too.

Is there any way at all to have two computers masq'ed behind one ip and have
them both create independant connections to the same VPN server?  Network to
Network routing is not really an option, which is why I tried it this way.

Any help at all is greatly appreciated!!
-----------------------------------------------------
Leonard L. Goldenstein
Information Services Consultant

Geo. H. Young & Co. Ltd.
809 - 167 Lombard Ave.
Winnipeg, MB R3B 3H8
Phone: (204) 947-6851
Fax: (204) 947-3306

len at ghy.com
http://www.ghy.com



From phil at vibrationresearch.com  Fri Nov 10 09:57:14 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Fri, 10 Nov 2000 10:57:14 -0500
Subject: [pptp-server] PPTP connection problem: "discarding out-of-ouder"
In-Reply-To: <OBEKKCGDEJBKCDOMMPBHIEEPCCAA.tife.chan@adsociety.com>
Message-ID: <000c01c04b2e$e4dc5e40$4500a8c0@vibrationresearch.com>

pptpd-1.1.2 has code to correct out-of-order packets

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Tife Chan
> Sent: Thursday, November 09, 2000 10:53 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] PPTP connection problem: "discarding
> out-of-ouder"
> 
> 
> Hi all,
> I've successfully setup the pptp server and client, but when i try to
> download files from server side network to the client machine, the client
> side continueously pop out this message
> 
> warn[decaps_gre:pptp_gre.c:239]: discarding out-of-ouder
> 
> and the download speed drops accrodingly.... did anyone exprienced this
> problem too? any solution about that? my server is RedHat 7 with 
> pptpd-1.1.1
> and client machine is also RedHat 7 with the pptp client installed.
> 
> Thanks a lot!
> 
> Regards,
> Tife
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> 


From len at ghy.com  Fri Nov 10 10:56:46 2000
From: len at ghy.com (Leonard L. Goldenstein)
Date: Fri, 10 Nov 2000 10:56:46 -0600
Subject: [pptp-server] SOLVED: Two PTPP Clients Behind an IP MASQ'ed Machine Connecting to the Same PPTP Server.
Message-ID: <MPBBIEGNHCKJGNKPHFAPIECJECAA.len@ghy.com>

Hey Everyone,
I figured out how to fix my problem.

Although there wasn't much I could do at the client end of things, I was
able to bring up two virtual interfaces on the server side using true
Internet IP addresses.

Although both MASQ'd clients are still connecting to the same server, by
connecting to different IP's on the same machine, the problem of the two
connections being treated as one dissapears!

basic HOWTO:
ifconfig eth1:0 10.0.0.101
ifconfig eth1:1 10.0.0.102

Same machine, same network, different server ip, works great!!

Hopefully this information can help someone with a similar configuration as
mine.
-----------------------------------------------------
Leonard L. Goldenstein
Information Services Consultant

Geo. H. Young & Co. Ltd.
809 - 167 Lombard Ave.
Winnipeg, MB R3B 3H8
Phone: (204) 947-6851
Fax: (204) 947-3306

len at ghy.com
http://www.ghy.com



From peter at mnsi.net  Sat Nov 11 07:40:28 2000
From: peter at mnsi.net (The Alliett's)
Date: Sat, 11 Nov 2000 08:40:28 -0500
Subject: [pptp-server] Connection Problem via DSL
Message-ID: <000701c04be5$354237e0$64010101@mnsi.net>

I am trying to connect to my poptop server via DSL and I keep getting what
seems like LCP timeout errors.

Here is the parsed log file -

Nov 11 08:18:46 firewall pptpd[32078]: CTRL: Client 206.48.125.23 control
connection started
Nov 11 08:18:50 firewall pptpd[32078]: CTRL: Starting call (launching pppd,
opens, opening GRE)
Nov 11 08:18:50 firewall modprobe: can't locate module char-major-108
Nov 11 08:18:50 firewall pppd[32079]: pppd 2.3.10 started by root, uid 0
Nov 11 08:18:50 firewall pppd[32079]: Using interface ppp0
Nov 11 08:18:50 firewall pppd[32079]: Connect: ppp0 <--> /dev/pts/2
Nov 11 08:19:20 firewall pppd[32079]: LCP: timeout sending Config-Requests
Nov 11 08:19:20 firewall pppd[32079]: Connection terminated.
Nov 11 08:19:20 firewall pppd[32079]: Exit.
Nov 11 08:19:20 firewall pptpd[32078]: GRE:
read(fd=4,buffer=804da20,len=8196) from PTY failed: status = -1 error =
Input/output error
Nov 11 08:19:20 firewall pptpd[32078]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)


Any idea's on how to get this working.

Thanks,

Peter



From georgev at citadelcomputer.com.au  Sat Nov 11 17:26:05 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Sun, 12 Nov 2000 10:26:05 +1100
Subject: [pptp-server] Connection Problem via DSL
Message-ID: <03F12E3EFB51D311837F0000E860EB493FE7ED@cittech>

Your could try putting "passive" into your PPPD options. It'll force PPPD to
start talking LCP straight away.

Or try it on both ends.


-----Original Message-----
From: The Alliett's [mailto:peter at mnsi.net]
Sent: Sunday, November 12, 2000 12:40 AM
To: vpn
Subject: [pptp-server] Connection Problem via DSL


I am trying to connect to my poptop server via DSL and I keep getting what
seems like LCP timeout errors.

Here is the parsed log file -

Nov 11 08:18:46 firewall pptpd[32078]: CTRL: Client 206.48.125.23 control
connection started
Nov 11 08:18:50 firewall pptpd[32078]: CTRL: Starting call (launching pppd,
opens, opening GRE)
Nov 11 08:18:50 firewall modprobe: can't locate module char-major-108
Nov 11 08:18:50 firewall pppd[32079]: pppd 2.3.10 started by root, uid 0
Nov 11 08:18:50 firewall pppd[32079]: Using interface ppp0
Nov 11 08:18:50 firewall pppd[32079]: Connect: ppp0 <--> /dev/pts/2
Nov 11 08:19:20 firewall pppd[32079]: LCP: timeout sending Config-Requests
Nov 11 08:19:20 firewall pppd[32079]: Connection terminated.
Nov 11 08:19:20 firewall pppd[32079]: Exit.
Nov 11 08:19:20 firewall pptpd[32078]: GRE:
read(fd=4,buffer=804da20,len=8196) from PTY failed: status = -1 error =
Input/output error
Nov 11 08:19:20 firewall pptpd[32078]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)


Any idea's on how to get this working.

Thanks,

Peter

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From ralphw at cnet.com  Sun Nov 12 09:55:29 2000
From: ralphw at cnet.com (Ralph Winslow)
Date: Sun, 12 Nov 2000 10:55:29 -0500 (EST)
Subject: [pptp-server] ppp_mppe
Message-ID: <Pine.GSO.4.10.10011121038090.27614-100000@east.cnet.com>

Successful pptp users,

I've been following the procedure specified in 
http://www.moretonbay.com/vpn/releases/HOWTO-PoPToP.txt, and reached the
point where I should [rmmod ppp].  This fails

root at rjw# rmmod ppp
ppp: Device or resource busy

I tried to proceed like this:

root at rjw# lsmod
Module                  Size  Used by
ppp_deflate            40936   0  (autoclean)
bsd_comp                3908   0  (autoclean)
ppp                    21132   0  (autoclean) [ppp_deflate bsd_comp]
slhc                    4664   0  (autoclean) [ppp]
emu10k1                45264   0  (autoclean)
soundcore               2644   4  (autoclean) [emu10k1]
lockd                  31084   1  (autoclean)
sunrpc                 51804   1  (autoclean) [lockd]
af_packet               6464   0  (autoclean)
serial                 19196   0  (autoclean)
3c59x                  19548   1 
root at rjw# insmod ppp_mppe
insmod: ppp_mppe: no module by that name found

so I rebooted, hoping that that would insmod my new ppp (and, hopefully,
mppe) module(s), but no joy.  The instructions up to that point seemed
to complete nicely and without error, except that I can't run pppoe
using the recommended script; I had to dump its output and create
my own run_pppoe script which looks like:

#!/bin/sh
/usr/bin/setsid /usr/sbin/pppd pty '/usr/sbin/pppoe -p .pppoe -I eth0 -T -m ' noipdefault noauth defaultroute hide-password nodetach  local mtu 1492 mru 1492 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp user fubardude at bellatlantic.net lcp-echo-interval 30 lcp-echo-failure 4 debug

because the "lcp-echo-interval 30 lcp-echo-failure 4" args weren't beeing
filled in by the standard startup script.  I believe that this is why
I have to use poff -a to shutdown pppoe, and that that's why the rmmod
ppp call fails (i.e. poff -a doesn't teardown correctly).  

I know that this is a lot of vague clues, but if anyone could suggest
some line of attack on this problem, I'd be very grateful.

----
Ralph Winslow		Operations/Support/Tools
(908)575-8567 x276



From scott at n-a.net  Sun Nov 12 13:27:30 2000
From: scott at n-a.net (Scott MacDonald)
Date: Sun, 12 Nov 2000 13:27:30 -0600
Subject: [pptp-server] problem with patching ppp - Redhat 6.1
Message-ID: <001301c04cde$99661a30$8a66ed3f@scottx>

Hi I am following the redhat guide to setup poptop and when I try to patch
the ppp with the ppp-2.3.10-openssl-norc4-mppe.patch, it just hangs at a
prompt like:

>

So I don't know if it is really patching the file. I have to ctrl-c to get
back to a normal prompt. Also, I downloaded the ppp-2.3.10 and when it says:

Comment out or delete the reference to rc4_skey.c in


/usr/src/redhat/SOURCES/ppp-2.3.10/linux/ppp_mppe.c

I have no /ppp_mppe.c in that directory. Can anyone shed some light?

Thanks,

Scott



From georgev at citadelcomputer.com.au  Sun Nov 12 18:31:32 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Mon, 13 Nov 2000 11:31:32 +1100
Subject: [pptp-server] PPTPD errors intermittantly
Message-ID: <03F12E3EFB51D311837F0000E860EB493FE7F9@cittech>

Hi all,

I get this message from time to time and it's killing me on what the problem
is.

Nov 13 11:27:01 citadel2k pptpd[20641]: CTRL: couldn't read packet header
(exit)
Nov 13 11:27:01 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
in disconnect sequence
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error reading ctrl
packet length.
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
(exit)
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
in disconnect sequence
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error reading ctrl
packet length.
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
(exit)
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
in disconnect sequence
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error reading ctrl
packet length.
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
(exit)
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
in disconnect sequence
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error reading ctrl
packet length.
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
(exit)
Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
in disconnect sequence

I have to KILL the pptpd server and restart the whole thing again.. it spews
these logs through out the log
files.

any ideas?

thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
PGP KeyID:		0x38A9A10C


From tife.chan at adsociety.com  Sun Nov 12 20:08:46 2000
From: tife.chan at adsociety.com (Tife Chan)
Date: Mon, 13 Nov 2000 10:08:46 +0800
Subject: [pptp-server] PPTP connection problem: "discarding out-of-ouder"
In-Reply-To: <000c01c04b2e$e4dc5e40$4500a8c0@vibrationresearch.com>
Message-ID: <OBEKKCGDEJBKCDOMMPBHMEFNCCAA.tife.chan@adsociety.com>

Where can I get the source for pptpd-1.1.2?

Thanks,
Tife

-----Original Message-----
From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Philip Van Baren
Sent: Friday, November 10, 2000 11:57 PM
To: pptp-server at lists.schulte.org
Subject: RE: [pptp-server] PPTP connection problem: "discarding out-of-ouder"


pptpd-1.1.2 has code to correct out-of-order packets

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Tife Chan
> Sent: Thursday, November 09, 2000 10:53 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] PPTP connection problem: "discarding
> out-of-ouder"
> 
> 
> Hi all,
> I've successfully setup the pptp server and client, but when i try to
> download files from server side network to the client machine, the client
> side continueously pop out this message
> 
> warn[decaps_gre:pptp_gre.c:239]: discarding out-of-ouder
> 
> and the download speed drops accrodingly.... did anyone exprienced this
> problem too? any solution about that? my server is RedHat 7 with 
> pptpd-1.1.1
> and client machine is also RedHat 7 with the pptp client installed.
> 
> Thanks a lot!
> 
> Regards,
> Tife
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> 
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From phil at vibrationresearch.com  Sun Nov 12 21:25:37 2000
From: phil at vibrationresearch.com (Phil Van Baren)
Date: Sun, 12 Nov 2000 22:25:37 -0500
Subject: [pptp-server] PPTPD errors intermittantly
In-Reply-To: <03F12E3EFB51D311837F0000E860EB493FE7F9@cittech>
Message-ID: <000101c04d21$6443d340$56108318@mw.mediaone.net>

This was a problem with pptpd-1.0.0 and pptpd-1.1.1.

pptpd-1.0.1 and pptpd-1.1.2 solve the problem.

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira
> Sent: Sunday, November 12, 2000 7:32 PM
> To: PPTP List (E-mail)
> Subject: [pptp-server] PPTPD errors intermittantly
>
>
> Hi all,
>
> I get this message from time to time and it's killing me on what
> the problem
> is.
>
> Nov 13 11:27:01 citadel2k pptpd[20641]: CTRL: couldn't read packet header
> (exit)
> Nov 13 11:27:01 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
> in disconnect sequence
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> reading ctrl
> packet length.
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
> (exit)
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
> in disconnect sequence
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> reading ctrl
> packet length.
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
> (exit)
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
> in disconnect sequence
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> reading ctrl
> packet length.
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
> (exit)
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
> in disconnect sequence
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> reading ctrl
> packet length.
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
> (exit)
> Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
> in disconnect sequence
>
> I have to KILL the pptpd server and restart the whole thing
> again.. it spews
> these logs through out the log
> files.
>
> any ideas?
>
> thanks,
> George Vieira
> Network Administrator
> http://www.citadelcomputer.com.au
> PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
> PGP KeyID:		0x38A9A10C
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>



From phil at vibrationresearch.com  Sun Nov 12 21:26:49 2000
From: phil at vibrationresearch.com (Phil Van Baren)
Date: Sun, 12 Nov 2000 22:26:49 -0500
Subject: [pptp-server] PPTP connection problem: "discarding out-of-ouder"
In-Reply-To: <OBEKKCGDEJBKCDOMMPBHMEFNCCAA.tife.chan@adsociety.com>
Message-ID: <000201c04d21$8f0e1c20$56108318@mw.mediaone.net>


From nickb at bigpond.net.au  Mon Nov 13 03:10:34 2000
From: nickb at bigpond.net.au (Nick Blievers)
Date: Mon, 13 Nov 2000 20:10:34 +1100
Subject: [pptp-server] ppp_mppe
References: <Pine.GSO.4.10.10011121038090.27614-100000@east.cnet.com>
Message-ID: <3A0FB00A.E06B7C45@bigpond.net.au>

Hi,

>
> root at rjw# rmmod ppp
> ppp: Device or resource busy
This is a simple issue with module references, basically you are trying to remove ppp, but ppp_deflate and bsd_comp need it!

From martin at mardus.just.ee  Mon Nov 13 04:47:38 2000
From: martin at mardus.just.ee (ratMin)
Date: Mon, 13 Nov 2000 12:47:38 +0200 (EET)
Subject: [pptp-server] clientside netmask problem
Message-ID: <Pine.GSO.4.21.0011131243350.27847-100000@mardus.just.ee>

is this clientside 255.0.0.0 netmask problem solved? as I 
understood pppd cause this trouble? Im using 10.x.x.x for 
intranet and also for pptp clients... 

---
Martin aka ratMin



From ralphw at cnet.com  Mon Nov 13 05:45:08 2000
From: ralphw at cnet.com (Ralph Winslow)
Date: Mon, 13 Nov 2000 06:45:08 -0500 (EST)
Subject: [pptp-server] ppp_mppe
In-Reply-To: <3A0FB00A.E06B7C45@bigpond.net.au>
Message-ID: <Pine.GSO.4.10.10011130640530.23707-100000@east.cnet.com>

When on Mon, 13 Nov 2000, Nick Blievers wrote, I replied:

Thanks, Nick!

A previous e-mail suggested that I rmmod ppp_deflate first, and from
that clue I figured out what you suggest below.  But thanks for your
response anyway.

> Date: Mon, 13 Nov 2000 20:10:34 +1100
> From: Nick Blievers <nickb at bigpond.net.au>
> To: Ralph Winslow <ralphw at cnet.com>
> Cc: pptp-server at lists.schulte.org
> Subject: Re: [pptp-server] ppp_mppe
> 
> Hi,
> 
> >
> > root at rjw# rmmod ppp
> > ppp: Device or resource busy
> This is a simple issue with module references, basically you are trying to remove ppp, but ppp_deflate and bsd_comp need it!
> >From the lsmod man page:
> 
> The format is name, size, use count, list of referring modules.  The information displayed is identical to that available from /proc/modules.
> 
> >
> > I tried to proceed like this:
> >
> > root at rjw# lsmod
> > Module                  Size  Used by
> > ppp_deflate            40936   0  (autoclean)
> > bsd_comp                3908   0  (autoclean)
> > ppp                    21132   0  (autoclean) [ppp_deflate bsd_comp]
> > slhc                    4664   0  (autoclean) [ppp]
> > emu10k1                45264   0  (autoclean)
> > soundcore               2644   4  (autoclean) [emu10k1]
> > lockd                  31084   1  (autoclean)
> > sunrpc                 51804   1  (autoclean) [lockd]
> > af_packet               6464   0  (autoclean)
> > serial                 19196   0  (autoclean)
> > 3c59x                  19548   1
> 
> Try using:
> #rmmod ppp_deflate bsd_comp
> #rmmod ppp
> #rmmod slhc
> 
> 
> Sorry, I can't help with your other problem, but this'll save the reboot!
> 
> 
> Nick
> 
> 

----
Ralph Winslow		Operations/Support/Tools
(908)575-8567 x276



From Treahy at mmaz.com  Mon Nov 13 09:03:30 2000
From: Treahy at mmaz.com (Barry Treahy, Jr.)
Date: Mon, 13 Nov 2000 08:03:30 -0700
Subject: [pptp-server] Connection Problem via DSL
References: <000701c04be5$354237e0$64010101@mnsi.net>
Message-ID: <3A1002C2.2B3BE63@mmaz.com>

This is the same problem I was having with the GRE protocol (IP protocol 47)
being blocked.  My firewall needed upgrading be able to handle the new protocol
and my old Linux box which could not use ipchains, could not handle the
filtering if GRE properly with ipfwadm.

Look into those two possibilities.

Barry

The Alliett's wrote:

> I am trying to connect to my poptop server via DSL and I keep getting what
> seems like LCP timeout errors.
>
> Here is the parsed log file -
>
> Nov 11 08:18:46 firewall pptpd[32078]: CTRL: Client 206.48.125.23 control
> connection started
> Nov 11 08:18:50 firewall pptpd[32078]: CTRL: Starting call (launching pppd,
> opens, opening GRE)
> Nov 11 08:18:50 firewall modprobe: can't locate module char-major-108
> Nov 11 08:18:50 firewall pppd[32079]: pppd 2.3.10 started by root, uid 0
> Nov 11 08:18:50 firewall pppd[32079]: Using interface ppp0
> Nov 11 08:18:50 firewall pppd[32079]: Connect: ppp0 <--> /dev/pts/2
> Nov 11 08:19:20 firewall pppd[32079]: LCP: timeout sending Config-Requests
> Nov 11 08:19:20 firewall pppd[32079]: Connection terminated.
> Nov 11 08:19:20 firewall pppd[32079]: Exit.
> Nov 11 08:19:20 firewall pptpd[32078]: GRE:
> read(fd=4,buffer=804da20,len=8196) from PTY failed: status = -1 error =
> Input/output error
> Nov 11 08:19:20 firewall pptpd[32078]: CTRL: PTY read or GRE write failed
> (pty,gre)=(4,5)
>
> Any idea's on how to get this working.
>
> Thanks,
>
> Peter
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

--

Barry Treahy, Jr  *  Midwest Microwave  *  Vice President & CIO

E-mail: Treahy at mmaz.com * Phone: 480/314-1320 * FAX: 480/661-7028




From jimmc at irobot.com  Mon Nov 13 13:05:53 2000
From: jimmc at irobot.com (Jim McCormack)
Date: Mon, 13 Nov 2000 14:05:53 -0500
Subject: [pptp-server] ping only
Message-ID: <3A103B91.CC46FC37@irobot.com>

Hello All:

I am have set up the poptop server on the machine I use as a firewall.
I am able to connect and login using microsoft vpn on a Win2k machine.
Furthermore I can ping all the hosts on the remote lan and the poptop
server itself.

I cannot telnet, web browse or anything else to those machines.

I am confident that routing is OK since I am able to ping all the
machines.  I have set rules in my ipchains firewall script to explicity
allow all incoming and outgoing traffic on the ppp0 interface.  I cannot
see any packets denied in my logs.  I can see many packets accepted.

Things that might be worthy of noting:

1)  I am assigning ip addresses of 192.168.60.128-254 to the vpn
connections while my local interface is 192.168.76.x
2) I belive the relevant part of my ipchains firewall is as follows:

#!/bin/sh
#
#
echo -n "    Shutting down networking & clearing IP chains..."
# Shut down all traffic
/sbin/ipchains -P forward ACCEPT
/sbin/ipchains -P input DENY
/sbin/ipchains -P output REJECT

# Delete any existing chains
/sbin/ipchains -F forward
/sbin/ipchains -F input
/sbin/ipchains -F output
echo -en 'done\r\f'
ANYWHERE="any/0"
EXTERNAL_IF="eth0"
PPTP_IF="ppp0"
LOOP_IF="lo"
CLASS_A="10.0.0.0/8"
CLASS_B="172.16.0.0/12"
CLASS_C="192.168.0.0/16"
MULTICAST="240.0.0.0/3"
BROADCAST_0="0.0.0.0"
BROADCAST_1="255.255.255.255"
echo -n "    Creating IP firewall chains..."
## [Deny Packets]
# Turn on kernel IP spoof protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

echo "Accept ppp0 any/0"
/sbin/ipchains -A input -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
/sbin/ipchains -A output -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
echo "ppp0 done"

I saw a similar problem posted in July, however the poster posted a
reply to his own problem saying that it was now working...

Cheers,

Jim McCormack



From csa998360 at ait.ac.th  Mon Nov 13 13:25:24 2000
From: csa998360 at ait.ac.th (can)
Date: Tue, 14 Nov 2000 02:25:24 +0700
Subject: [pptp-server] PPtP Question
Message-ID: <000a01c04da7$79e1eb20$4daa29c0@cs.ait.ac.th>

Hi,
     I used PoPToP as a VPN server. I wonder how many clients can PoPToP serve simultaneous? I know that it's up to temporary IP addressses that we can assign for PPP device. But I want to know the maximum number of client that PoPToP server cann't serve or the server can serve but it's very very slow.

Thanks

Piti 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001114/24473272/attachment.html>

From itencate at gopico.com  Mon Nov 13 14:43:56 2000
From: itencate at gopico.com (Ian ten Cate)
Date: Mon, 13 Nov 2000 15:43:56 -0500
Subject: [pptp-server] mppe and 2.2.16-3
Message-ID: <004001c04db2$73916600$0512a8c0@Behemoth>

Hi all,

I'm trying to incorporate the patches for MS encryption, but when I do so
the modified ppp.c refuses to compile, and errors out on a set of references
to tty_pusing in the ppp data structure.  Any idea why the compile isn't
finding these?

I'm using the 2.2.16-3 kernel, and follinwg the instructions in the
RedHat-HOWTO at poptop.lineo.com

Any help would be appreciated,

Ian




From ron at mel.compumod.com.au  Mon Nov 13 15:18:03 2000
From: ron at mel.compumod.com.au (Ron Cresswell)
Date: Tue, 14 Nov 2000 08:18:03 +1100
Subject: [pptp-server] PPTPD errors intermittantly
References: <000101c04d21$6443d340$56108318@mw.mediaone.net>
Message-ID: <3A105A8B.5C433B86@mel.compumod.com.au>


I have this problem too. Where do we get pptpd-1.0.1 or pptpd-1.1.2?
They don't seem to be on the moretonbay web site.

Ron

Phil Van Baren wrote:
> 
> This was a problem with pptpd-1.0.0 and pptpd-1.1.1.
> 
> pptpd-1.0.1 and pptpd-1.1.2 solve the problem.
> 
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira
> > Sent: Sunday, November 12, 2000 7:32 PM
> > To: PPTP List (E-mail)
> > Subject: [pptp-server] PPTPD errors intermittantly
> >
> >
> > Hi all,
> >
> > I get this message from time to time and it's killing me on what
> > the problem
> > is.
> >
> > Nov 13 11:27:01 citadel2k pptpd[20641]: CTRL: couldn't read packet header
> > (exit)
> > Nov 13 11:27:01 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
> > in disconnect sequence
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> > reading ctrl
> > packet length.
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
> > (exit)
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
> > in disconnect sequence
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> > reading ctrl
> > packet length.
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
> > (exit)
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
> > in disconnect sequence
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> > reading ctrl
> > packet length.
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
> > (exit)
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
> > in disconnect sequence
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> > reading ctrl
> > packet length.
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet header
> > (exit)
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message 0
> > in disconnect sequence
> >
> > I have to KILL the pptpd server and restart the whole thing
> > again.. it spews
> > these logs through out the log
> > files.
> >
> > any ideas?
> >
> > thanks,
> > George Vieira
> > Network Administrator
> > http://www.citadelcomputer.com.au
> > PGP Fingerprint :     43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
> > PGP KeyID:            0x38A9A10C
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

-- 
Ron Cresswell---CFD&EM Manager---Compumod Pty Ltd
Level 7---271 William St---Melbourne---Australia
---Ph.+61 3 9642 0333---Fax +61 3 9642 0330---


From tife.chan at adsociety.com  Mon Nov 13 20:13:28 2000
From: tife.chan at adsociety.com (Tife Chan)
Date: Tue, 14 Nov 2000 10:13:28 +0800
Subject: [pptp-server] PPTP connection problem: "discarding out-of-ouder"
In-Reply-To: <000201c04d21$8f0e1c20$56108318@mw.mediaone.net>
Message-ID: <OBEKKCGDEJBKCDOMMPBHEEHACCAA.tife.chan@adsociety.com>

I tried the pptp-1.1.2, but problem still exist.
Is this a problem of pptp client?
It's perfectly working with Win98/2000 client but not linux pptp client.
Any other linux pptp client?


Tife

-----Original Message-----
From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Phil Van Baren
Sent: Monday, November 13, 2000 11:27 AM
To: pptp-server at lists.schulte.org
Subject: RE: [pptp-server] PPTP connection problem: "discarding out-of-ouder"


>From the PoPToP web page:

http://poptop.lineo.com

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Tife Chan
> Sent: Sunday, November 12, 2000 9:09 PM
> To: pptp-server at lists.schulte.org
> Subject: RE: [pptp-server] PPTP connection problem: "discarding
> out-of-ouder"
> 
> 
> Where can I get the source for pptpd-1.1.2?
> 
> Thanks,
> Tife
> 
> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org 
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Philip Van Baren
> Sent: Friday, November 10, 2000 11:57 PM
> To: pptp-server at lists.schulte.org
> Subject: RE: [pptp-server] PPTP connection problem: "discarding 
> out-of-ouder"
> 
> 
> pptpd-1.1.2 has code to correct out-of-order packets
> 
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Tife Chan
> > Sent: Thursday, November 09, 2000 10:53 PM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] PPTP connection problem: "discarding
> > out-of-ouder"
> > 
> > 
> > Hi all,
> > I've successfully setup the pptp server and client, but when i try to
> > download files from server side network to the client machine, 
> the client
> > side continueously pop out this message
> > 
> > warn[decaps_gre:pptp_gre.c:239]: discarding out-of-ouder
> > 
> > and the download speed drops accrodingly.... did anyone exprienced this
> > problem too? any solution about that? my server is RedHat 7 with 
> > pptpd-1.1.1
> > and client machine is also RedHat 7 with the pptp client installed.
> > 
> > Thanks a lot!
> > 
> > Regards,
> > Tife
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> > 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> 
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From georgev at citadelcomputer.com.au  Tue Nov 14 01:23:24 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Tue, 14 Nov 2000 18:23:24 +1100
Subject: [pptp-server] PPTPD errors intermittantly
Message-ID: <03F12E3EFB51D311837F0000E860EB493FE80A@cittech>

http://poptop.lineo.com/



-----Original Message-----
From: Ron Cresswell [mailto:ron at mel.compumod.com.au]
Sent: Tuesday, November 14, 2000 8:18 AM
To: Phil Van Baren
Cc: PPTP List (E-mail)
Subject: Re: [pptp-server] PPTPD errors intermittantly




I have this problem too. Where do we get pptpd-1.0.1 or pptpd-1.1.2?
They don't seem to be on the moretonbay web site.

Ron

Phil Van Baren wrote:
> 
> This was a problem with pptpd-1.0.0 and pptpd-1.1.1.
> 
> pptpd-1.0.1 and pptpd-1.1.2 solve the problem.
> 
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira
> > Sent: Sunday, November 12, 2000 7:32 PM
> > To: PPTP List (E-mail)
> > Subject: [pptp-server] PPTPD errors intermittantly
> >
> >
> > Hi all,
> >
> > I get this message from time to time and it's killing me on what
> > the problem
> > is.
> >
> > Nov 13 11:27:01 citadel2k pptpd[20641]: CTRL: couldn't read packet
header
> > (exit)
> > Nov 13 11:27:01 citadel2k pptpd[20641]: CTRL: Unexpected control message
0
> > in disconnect sequence
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> > reading ctrl
> > packet length.
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet
header
> > (exit)
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message
0
> > in disconnect sequence
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> > reading ctrl
> > packet length.
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet
header
> > (exit)
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message
0
> > in disconnect sequence
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> > reading ctrl
> > packet length.
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet
header
> > (exit)
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message
0
> > in disconnect sequence
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: EOF or bad error
> > reading ctrl
> > packet length.
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: couldn't read packet
header
> > (exit)
> > Nov 13 11:27:02 citadel2k pptpd[20641]: CTRL: Unexpected control message
0
> > in disconnect sequence
> >
> > I have to KILL the pptpd server and restart the whole thing
> > again.. it spews
> > these logs through out the log
> > files.
> >
> > any ideas?
> >
> > thanks,
> > George Vieira
> > Network Administrator
> > http://www.citadelcomputer.com.au
> > PGP Fingerprint :     43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
> > PGP KeyID:            0x38A9A10C
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

-- 
Ron Cresswell---CFD&EM Manager---Compumod Pty Ltd
Level 7---271 William St---Melbourne---Australia
---Ph.+61 3 9642 0333---Fax +61 3 9642 0330---
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From jvonau at home.com  Tue Nov 14 04:50:50 2000
From: jvonau at home.com (Jerry Vonau)
Date: Tue, 14 Nov 2000 04:50:50 -0600
Subject: [pptp-server] ping only
References: <3A103B91.CC46FC37@irobot.com>
Message-ID: <3A11190A.2E544894@home.com>

Hello Jim:

do you have a rules that allow traffic from the lan and allow forwarding?
ie:
/sbin/ipchains -A input -i eth1  -s $intlan -d $intlan  -j ACCEPT
/sbin/ipchains -A output -i eth1  -s $intlan  -d $intlan -j ACCEPT
/sbin/ipchains -A forward -i eth1  -s $intlan -d $intlan  -j ACCEPT
/sbin/ipchains -A forward -i ppp0  -s $intlan -d $intlan  -j ACCEPT

The forward statments must be before any MASQ statements.

Jerry Vonau
Ram Messenger/
Winniprg Motor Express




Jim McCormack wrote:

> Hello All:
>
> I am have set up the poptop server on the machine I use as a firewall.
> I am able to connect and login using microsoft vpn on a Win2k machine.
> Furthermore I can ping all the hosts on the remote lan and the poptop
> server itself.
>
> I cannot telnet, web browse or anything else to those machines.
>
> I am confident that routing is OK since I am able to ping all the
> machines.  I have set rules in my ipchains firewall script to explicity
> allow all incoming and outgoing traffic on the ppp0 interface.  I cannot
> see any packets denied in my logs.  I can see many packets accepted.
>
> Things that might be worthy of noting:
>
> 1)  I am assigning ip addresses of 192.168.60.128-254 to the vpn
> connections while my local interface is 192.168.76.x
> 2) I belive the relevant part of my ipchains firewall is as follows:
>
> #!/bin/sh
> #
> #
> echo -n "    Shutting down networking & clearing IP chains..."
> # Shut down all traffic
> /sbin/ipchains -P forward ACCEPT
> /sbin/ipchains -P input DENY
> /sbin/ipchains -P output REJECT
>
> # Delete any existing chains
> /sbin/ipchains -F forward
> /sbin/ipchains -F input
> /sbin/ipchains -F output
> echo -en 'done\r\f'
> ANYWHERE="any/0"
> EXTERNAL_IF="eth0"
> PPTP_IF="ppp0"
> LOOP_IF="lo"
> CLASS_A="10.0.0.0/8"
> CLASS_B="172.16.0.0/12"
> CLASS_C="192.168.0.0/16"
> MULTICAST="240.0.0.0/3"
> BROADCAST_0="0.0.0.0"
> BROADCAST_1="255.255.255.255"
> echo -n "    Creating IP firewall chains..."
> ## [Deny Packets]
> # Turn on kernel IP spoof protection
> echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
>
> echo "Accept ppp0 any/0"
> /sbin/ipchains -A input -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
> /sbin/ipchains -A output -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
> echo "ppp0 done"
>
> I saw a similar problem posted in July, however the poster posted a
> reply to his own problem saying that it was now working...
>
> Cheers,
>
> Jim McCormack
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!



From leuzim at pib.com.br  Tue Nov 14 06:38:04 2000
From: leuzim at pib.com.br (root)
Date: Tue, 14 Nov 2000 10:38:04 -0200
Subject: [pptp-server] Pptp client linux automatic
In-Reply-To: <3A103B91.CC46FC37@irobot.com>
References: <3A103B91.CC46FC37@irobot.com>
Message-ID: <00111410500104.00635@wildcat>

Hey.. I make a little script to start and stop vpn client more easy.

pptp-up in /sbin/init.d

#!/bin/bash
/dir/vpn/pptp (ip server machine) 
/bin/sleep 3 #wait for ip adress to comeup 

pptp-down in /sbin/init.d

#!/bin/bash

killall -9 pppd # Killall pppds actives
killall -9 pptp #Killall pptps actives
rm -f /var/run/pptp/* #Remove any old dead PPTP session
rm -f /var/run/ppp* # Remove any old dead ppp session
ifconfig ppp0 down #Shutdown interface ppp

I using a Suse 6.4 and I make a rc file to bring up pptp client on boot system
and view the status. You can reload the pptp more easy with rcpptp start and
rcpptp stop.

I make a script and put it on /sbin/init.d and link in /usr/sbin to use rcpptp

#! /bin/sh
#file  /sbin/init.d/pptp

.. /etc/rc.config

# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}

# Force execution if not called by a runlevel directory.
test $link = $base && START_PPTP=yes
test "$START_PPTP" = "yes" || exit 0


# The echo return value for success (defined in /etc/rc.config).
return=$rc_done
case "$1" in
    start)
        echo -n "Starting PPTP services:"
        startproc /sbin/init.d/pptp-up || return=$rc_done
        /bin/sleep 2
	echo -e "$return"
        ;;
    stop)
        echo -n "Shutting down PPTP services:"
        startproc /sbin/init.d/pptp-down || return=$rc_done 
        echo -e "$return"
        ;;
   restart|reload)
        $0 stop  &&  $0 start  || return=$rc_failed
        ;;
    status)
        echo -n "Checking for service pptp: "
        checkproc /dirvpnclient/pptp && echo -n "Vpn Up" || echo -n "Vpn Down"
	echo -e "$return"	
	;;
   *)
        echo "Usage: $0 {start|stop|restart|reload|status}"
        exit 1 
esac

# Inform the caller not only verbosely and set an exit status.
test "$return" = "$rc_done" || exit 1
exit 0


[]s 
Wildcat


From jimmc at irobot.com  Tue Nov 14 08:16:32 2000
From: jimmc at irobot.com (Jim McCormack)
Date: Tue, 14 Nov 2000 09:16:32 -0500
Subject: [pptp-server] ping only
References: <3A103B91.CC46FC37@irobot.com> <3A11190A.2E544894@home.com>
Message-ID: <3A114940.1F859DEE@irobot.com>

Jerry:

That did it!  thanks so much for your help.

Cheers,

Jim McCormack

Jerry Vonau wrote:

> Hello Jim:
>
> do you have a rules that allow traffic from the lan and allow forwarding?
> ie:
> /sbin/ipchains -A input -i eth1  -s $intlan -d $intlan  -j ACCEPT
> /sbin/ipchains -A output -i eth1  -s $intlan  -d $intlan -j ACCEPT
> /sbin/ipchains -A forward -i eth1  -s $intlan -d $intlan  -j ACCEPT
> /sbin/ipchains -A forward -i ppp0  -s $intlan -d $intlan  -j ACCEPT
>
> The forward statments must be before any MASQ statements.
>
> Jerry Vonau
> Ram Messenger/
> Winniprg Motor Express
>
> Jim McCormack wrote:
>
> > Hello All:
> >
> > I am have set up the poptop server on the machine I use as a firewall.
> > I am able to connect and login using microsoft vpn on a Win2k machine.
> > Furthermore I can ping all the hosts on the remote lan and the poptop
> > server itself.
> >
> > I cannot telnet, web browse or anything else to those machines.
> >
> > I am confident that routing is OK since I am able to ping all the
> > machines.  I have set rules in my ipchains firewall script to explicity
> > allow all incoming and outgoing traffic on the ppp0 interface.  I cannot
> > see any packets denied in my logs.  I can see many packets accepted.
> >
> > Things that might be worthy of noting:
> >
> > 1)  I am assigning ip addresses of 192.168.60.128-254 to the vpn
> > connections while my local interface is 192.168.76.x
> > 2) I belive the relevant part of my ipchains firewall is as follows:
> >
> > #!/bin/sh
> > #
> > #
> > echo -n "    Shutting down networking & clearing IP chains..."
> > # Shut down all traffic
> > /sbin/ipchains -P forward ACCEPT
> > /sbin/ipchains -P input DENY
> > /sbin/ipchains -P output REJECT
> >
> > # Delete any existing chains
> > /sbin/ipchains -F forward
> > /sbin/ipchains -F input
> > /sbin/ipchains -F output
> > echo -en 'done\r\f'
> > ANYWHERE="any/0"
> > EXTERNAL_IF="eth0"
> > PPTP_IF="ppp0"
> > LOOP_IF="lo"
> > CLASS_A="10.0.0.0/8"
> > CLASS_B="172.16.0.0/12"
> > CLASS_C="192.168.0.0/16"
> > MULTICAST="240.0.0.0/3"
> > BROADCAST_0="0.0.0.0"
> > BROADCAST_1="255.255.255.255"
> > echo -n "    Creating IP firewall chains..."
> > ## [Deny Packets]
> > # Turn on kernel IP spoof protection
> > echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
> >
> > echo "Accept ppp0 any/0"
> > /sbin/ipchains -A input -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
> > /sbin/ipchains -A output -i ppp0 -j ACCEPT -p all -s any/0 -d any/0 -l
> > echo "ppp0 done"
> >
> > I saw a similar problem posted in July, however the poster posted a
> > reply to his own problem saying that it was now working...
> >
> > Cheers,
> >
> > Jim McCormack
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!



From dragan.sekerovic at datasystems.at  Tue Nov 14 08:43:35 2000
From: dragan.sekerovic at datasystems.at (Sekerovic Dragan)
Date: Tue, 14 Nov 2000 15:43:35 +0100
Subject: [pptp-server] SuSE 7.0 2.2.16 PPP 2.3.11 PPTP 1.1.2 w MPPE and compression patc
 h -- ERROR tty_pushing ...
Message-ID: <6821E794E1FBD1118D430000F87AE2D602BCBC1C@sntw06.local.datasystems.at>

hi list!

maybe this informations could be usefull (doc from
http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt)

yesterday i spend a hard time in getting PPTP 1.1.2 / PPP 2.3.11 w MPPE and
mppe compression patch running on my SuSE 7.0 machine.

my big problem was, that after compliling ppp 2.3.11 source, you have to do
a make kernel. at this position take care. 

if you do a make kernel in /usr/src/ppp-2.3.11 the shell calls
linux/kinstall.sh. kinstall.sh looks for the date of the linux-kernelsource
files to be overwritten. in my case this files were newer than the files
from the source of ppp-2.3.11:

drivers/net/bsd_comp.c, drivers/net/ppp_deflate.c, drivers/net/zlib.h,
include/linux/if_pppvar.h

so i had to delete these files from the linux-kernelsource manually and then
i did a make kernel again. only after this your modules will compile without
any errors.

the first time i didn't see the message, that the files from the source are
newer. and so i get a lot of errors while compiling the net-modules. for
example:

tty_pushing and so on

regards,
dragan

p.s.: don't worry about my englisch
p.p.s.: PPTP-project is very well documtend !!! :-)



From phil at vibrationresearch.com  Tue Nov 14 09:41:03 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Tue, 14 Nov 2000 10:41:03 -0500
Subject: [pptp-server] SuSE 7.0 2.2.16 PPP 2.3.11 PPTP 1.1.2 w MPPE and compression patc h -- ERROR tty_pushing ...
In-Reply-To: <6821E794E1FBD1118D430000F87AE2D602BCBC1C@sntw06.local.datasystems.at>
Message-ID: <001401c04e51$4b667fe0$4500a8c0@vibrationresearch.com>

The versions in the kernel are indeed newer than those in ppp 2.3.11, which
is why the kinstall.sh script refuses to overwrite them.  The newer version
should be used.

The tty_pushing error message can be fixed by patching the if_ppp.h and/or
if_pppvar.h header files, as described in the FAQ
(www.vibres.com/pptpd/pptpd-FAQ.txt):


7.4 Errors while building pppd, pptpd, and kernel modules

7.4.1.	Get PPP_VERSION or PPP_MAGIC undefined error message while compiling
ppp kernel modules

	Solution: add the following lines to /usr/src/linux/include/linux/if_ppp.h
		#define PPP_VERSION "2.3.11"
		#define PPP_MAGIC   0x5002  /* Magic value for the ppp structure */

7.4.2.	Get "structure has no member named `tty_pushing'" error messages
while compiling ppp kernel modules

	This is probably because the mppe patches you used were for an older
version
	of the kernel, and the ppp structure in the header file if_pppvar.h changed
	in the version of the kernel you have.

	Solution: apply the patch
http://www.vibrationresearch.com/pptpd/if_ppp_2.2.17.diff
		to the kernel sources.


> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Sekerovic
> Dragan
> Sent: Tuesday, November 14, 2000 9:44 AM
> To: 'pptp-server at lists.schulte.org'
> Subject: [pptp-server] SuSE 7.0 2.2.16 PPP 2.3.11 PPTP 1.1.2 w MPPE and
> compression patc h -- ERROR tty_pushing ...
>
>
> hi list!
>
> maybe this informations could be usefull (doc from
> http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt)
>
> yesterday i spend a hard time in getting PPTP 1.1.2 / PPP 2.3.11
> w MPPE and
> mppe compression patch running on my SuSE 7.0 machine.
>
> my big problem was, that after compliling ppp 2.3.11 source, you
> have to do
> a make kernel. at this position take care.
>
> if you do a make kernel in /usr/src/ppp-2.3.11 the shell calls
> linux/kinstall.sh. kinstall.sh looks for the date of the
> linux-kernelsource
> files to be overwritten. in my case this files were newer than the files
> from the source of ppp-2.3.11:
>
> drivers/net/bsd_comp.c, drivers/net/ppp_deflate.c, drivers/net/zlib.h,
> include/linux/if_pppvar.h
>
> so i had to delete these files from the linux-kernelsource
> manually and then
> i did a make kernel again. only after this your modules will
> compile without
> any errors.
>
> the first time i didn't see the message, that the files from the
> source are
> newer. and so i get a lot of errors while compiling the net-modules. for
> example:
>
> tty_pushing and so on
>
> regards,
> dragan
>
> p.s.: don't worry about my englisch
> p.p.s.: PPTP-project is very well documtend !!! :-)
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>



From gustav.jansen at lincom.no  Tue Nov 14 14:59:29 2000
From: gustav.jansen at lincom.no (gustav.jansen at lincom.no)
Date: Tue, 14 Nov 2000 21:59:29 +0100 (CET)
Subject: [pptp-server] error compiling ppp kernel-module
Message-ID: <Pine.LNX.4.21.0011142059290.1880-100000@umbriel.lincom.no>

Hi!
I saw the same posted on the list-archive, but I couldn't find a reply. 

I'm trying to compile the following on linux-2.2.17.
ppp-2.3.11
ppp-2.3.11-openssl-0.9.5-mppe.patch
SSLeay-0.9.0b
I followed the instuctions on 
http://www.moretonbay.com/vpn/releases/HOWTO-PoPToP.txt
just with the different versions.

I've compiled ppp as a kernel-module, and into the kernel, but I get these
error messages either way.
Please help..

--begin_transcript--

make[3]: Entering directory `/usr/src/linux-2.2.17/drivers/net'
cc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -O2
-fomit-fr
ame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce
-DEXPORT_SYMTAB -c
 ppp.c
ppp.c:188: warning: static declaration for `ppp_register_compressor'
follows non
-static
ppp.c:189: warning: static declaration for `ppp_unregister_compressor'
follows non-static
ppp.c: In function `ppp_async_init':
ppp.c:443: structure has no member named `tty_pushing'
ppp.c: In function `ppp_tty_open':
ppp.c:502: `PPP_MAGIC' undeclared (first use in this function)
ppp.c:502: (Each undeclared identifier is reported only once
ppp.c:502: for each function it appears in.)
ppp.c: In function `ppp_tty_close':
ppp.c:547: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_read':
ppp.c:595: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_write':
ppp.c:684: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_ioctl':
ppp.c:744: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_poll':
ppp.c:947: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_wakeup':
ppp.c:976: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_sync_send':
ppp.c:1000: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_sync_push':
ppp.c:1054: `PPP_MAGIC' undeclared (first use in this function)
ppp.c:1062: structure has no member named `tty_pushing'
ppp.c:1065: structure has no member named `woke_up'
ppp.c:1069: structure has no member named `tty_pushing'
ppp.c:1076: structure has no member named `woke_up'
ppp.c:1092: structure has no member named `woke_up'
ppp.c:1099: structure has no member named `tty_pushing'
ppp.c:1109: structure has no member named `tty_pushing'
ppp.c: In function `ppp_async_send':
ppp.c:1124: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_push':
ppp.c:1149: `PPP_MAGIC' undeclared (first use in this function)
ppp.c:1150: structure has no member named `tty_pushing'
ppp.c:1151: structure has no member named `woke_up'
ppp.c:1157: structure has no member named `tty_pushing'
ppp.c:1159: structure has no member named `woke_up'
ppp.c:1170: structure has no member named `tty_pushing'
ppp.c:1172: structure has no member named `woke_up'
ppp.c:1180: structure has no member named `tty_pushing'
ppp.c:1185: structure has no member named `tty_pushing'
ppp.c:1195: structure has no member named `tty_pushing'
ppp.c: In function `ppp_async_encode':
ppp.c:1214: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_tty_flush_output':
ppp.c:1320: structure has no member named `tty_pushing'
ppp.c:1329: structure has no member named `tty_pushing'
ppp.c: In function `ppp_tty_receive':
ppp.c:1358: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_dev_close':
ppp.c:1733: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_dev_ioctl':
ppp.c:1767: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_ioctl':
ppp.c:1815: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_receive_error':
ppp.c:2413: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_ip':
ppp.c:2444: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_ipv6':
ppp.c:2457: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_ipx':
ppp.c:2470: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_at':
ppp.c:2483: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_vjc_comp':
ppp.c:2498: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_vjc_uncomp':
ppp.c:2523: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_ccp':
ppp.c:2538: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `rcv_proto_unknown':
ppp.c:2549: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_send_frame':
ppp.c:2596: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_output_wakeup':
ppp.c:2772: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_send_ctrl':
ppp.c:2788: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_alloc':
ppp.c:3048: `PPP_MAGIC' undeclared (first use in this function)
ppp.c: In function `ppp_release':
ppp.c:3139: `PPP_MAGIC' undeclared (first use in this function)
make[3]: *** [ppp.o] Error 1
make[3]: Leaving directory `/usr/src/linux-2.2.17/drivers/net'
make[2]: *** [first_rule] Error 2
make[2]: Leaving directory `/usr/src/linux-2.2.17/drivers/net'
make[1]: *** [_subdir_net] Error 2
make[1]: Leaving directory `/usr/src/linux-2.2.17/drivers'
make: *** [_dir_drivers] Error 2
--end_transcript--
--
regards
Gustav Jansen

1AB5 1DD3 4412 9F03 1A4D  9C64 4763 DD26 62DA 54BF




From phil at vibrationresearch.com  Tue Nov 14 14:33:11 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Tue, 14 Nov 2000 15:33:11 -0500
Subject: [pptp-server] error compiling ppp kernel-module
In-Reply-To: <Pine.LNX.4.21.0011142059290.1880-100000@umbriel.lincom.no>
Message-ID: <000001c04e7a$1b61ba20$4500a8c0@vibrationresearch.com>

The http://www.moretonbay.com/vpn site is out of date and no longer
maintained.

The active PoPToP web page is http://poptop.lineo.com.  This new page has an
updated version of the PoPToP HOWTO, as well as a FAQ which addresses the
problems you are having.

Phil

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of
> gustav.jansen at lincom.no
> Sent: Tuesday, November 14, 2000 3:59 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] error compiling ppp kernel-module
>
>
> Hi!
> I saw the same posted on the list-archive, but I couldn't find a reply.
>
> I'm trying to compile the following on linux-2.2.17.
> ppp-2.3.11
> ppp-2.3.11-openssl-0.9.5-mppe.patch
> SSLeay-0.9.0b
> I followed the instuctions on
> http://www.moretonbay.com/vpn/releases/HOWTO-PoPToP.txt
> just with the different versions.
>
> I've compiled ppp as a kernel-module, and into the kernel, but I get these
> error messages either way.
> Please help..
>
> --begin_transcript--
>
> make[3]: Entering directory `/usr/src/linux-2.2.17/drivers/net'
> cc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -O2
> -fomit-fr
> ame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce
> -DEXPORT_SYMTAB -c
>  ppp.c
> ppp.c:188: warning: static declaration for `ppp_register_compressor'
> follows non
> -static
> ppp.c:189: warning: static declaration for `ppp_unregister_compressor'
> follows non-static
> ppp.c: In function `ppp_async_init':
> ppp.c:443: structure has no member named `tty_pushing'
> ppp.c: In function `ppp_tty_open':
> ppp.c:502: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c:502: (Each undeclared identifier is reported only once
> ppp.c:502: for each function it appears in.)
> ppp.c: In function `ppp_tty_close':
> ppp.c:547: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_tty_read':
> ppp.c:595: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_tty_write':
> ppp.c:684: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_tty_ioctl':
> ppp.c:744: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_tty_poll':
> ppp.c:947: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_tty_wakeup':
> ppp.c:976: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_sync_send':
> ppp.c:1000: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_tty_sync_push':
> ppp.c:1054: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c:1062: structure has no member named `tty_pushing'
> ppp.c:1065: structure has no member named `woke_up'
> ppp.c:1069: structure has no member named `tty_pushing'
> ppp.c:1076: structure has no member named `woke_up'
> ppp.c:1092: structure has no member named `woke_up'
> ppp.c:1099: structure has no member named `tty_pushing'
> ppp.c:1109: structure has no member named `tty_pushing'
> ppp.c: In function `ppp_async_send':
> ppp.c:1124: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_tty_push':
> ppp.c:1149: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c:1150: structure has no member named `tty_pushing'
> ppp.c:1151: structure has no member named `woke_up'
> ppp.c:1157: structure has no member named `tty_pushing'
> ppp.c:1159: structure has no member named `woke_up'
> ppp.c:1170: structure has no member named `tty_pushing'
> ppp.c:1172: structure has no member named `woke_up'
> ppp.c:1180: structure has no member named `tty_pushing'
> ppp.c:1185: structure has no member named `tty_pushing'
> ppp.c:1195: structure has no member named `tty_pushing'
> ppp.c: In function `ppp_async_encode':
> ppp.c:1214: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_tty_flush_output':
> ppp.c:1320: structure has no member named `tty_pushing'
> ppp.c:1329: structure has no member named `tty_pushing'
> ppp.c: In function `ppp_tty_receive':
> ppp.c:1358: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_dev_close':
> ppp.c:1733: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_dev_ioctl':
> ppp.c:1767: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_ioctl':
> ppp.c:1815: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_receive_error':
> ppp.c:2413: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `rcv_proto_ip':
> ppp.c:2444: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `rcv_proto_ipv6':
> ppp.c:2457: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `rcv_proto_ipx':
> ppp.c:2470: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `rcv_proto_at':
> ppp.c:2483: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `rcv_proto_vjc_comp':
> ppp.c:2498: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `rcv_proto_vjc_uncomp':
> ppp.c:2523: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `rcv_proto_ccp':
> ppp.c:2538: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `rcv_proto_unknown':
> ppp.c:2549: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_send_frame':
> ppp.c:2596: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_output_wakeup':
> ppp.c:2772: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_send_ctrl':
> ppp.c:2788: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_alloc':
> ppp.c:3048: `PPP_MAGIC' undeclared (first use in this function)
> ppp.c: In function `ppp_release':
> ppp.c:3139: `PPP_MAGIC' undeclared (first use in this function)
> make[3]: *** [ppp.o] Error 1
> make[3]: Leaving directory `/usr/src/linux-2.2.17/drivers/net'
> make[2]: *** [first_rule] Error 2
> make[2]: Leaving directory `/usr/src/linux-2.2.17/drivers/net'
> make[1]: *** [_subdir_net] Error 2
> make[1]: Leaving directory `/usr/src/linux-2.2.17/drivers'
> make: *** [_dir_drivers] Error 2
> --end_transcript--
> --
> regards
> Gustav Jansen
>
> 1AB5 1DD3 4412 9F03 1A4D  9C64 4763 DD26 62DA 54BF
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>



From rage at sohonetworks.cc  Tue Nov 14 14:53:49 2000
From: rage at sohonetworks.cc (Jason Osborne)
Date: Tue, 14 Nov 2000 14:53:49 -0600
Subject: [pptp-server] can poptop use ppp1
Message-ID: <NEBBLMAGELJABJGLOKNACEKCCCAA.rage@sohonetworks.cc>

	Ok, first the setup. I have a client who has an ISDN line which they use
for their internet connection. They noticed our VPN and wanted me to setup
one up for them. I have only installed VPN's on systems which had DSL or T1
etc. I installed Poptop just like I did on my companies server and I was
able to connect up to the system through a vpn client system on their
internal network just fine. However, when their ISDN line is active using
ppp0, the vpn fails ever time I try to connect complaining that GRE had a
read/write error to its pty.

	What type of work-around or information would benefit me in getting their
vpn to work with their ISDN line. I tried specifying in /etc/ppp/options.vpn
to use the device /dev/ppp0, but that didn't seen to work. Other than that I
am not sure how to specify the device (ppp0 or ppp1) that the ISDN and VPN
run on. Any ideas?

Thanks in advance for the help, Jason.
--
Jason Osborne
Data and Telecom Network Solutions
Your total Internetworking solutions provider!
3847 Timberglen Rd., STE 4013
Dallas, TX 75287
Phone: 972-307-0676
Mobile: 214-284-3337
Web: http://www.sohonetworks.cc
E-mail: sales at sohonetworks.cc



From georgev at citadelcomputer.com.au  Tue Nov 14 15:33:19 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Wed, 15 Nov 2000 08:33:19 +1100
Subject: [pptp-server] Pptp client linux automatic
Message-ID: <03F12E3EFB51D311837F0000E860EB493FE810@cittech>

"sleep 3" is a bad way to do it as it may take a little longer to get an IP
and for the ppp to come up.

The way I did it is to use the `options.pptp` file and place 
iparams pptp
in it so when ppp starts, the /etc/ppp/ip-up and /etc/ppp/ip-up.loca script
gets executed and ppp passes
"pptp" as a parameter to the script.
All you have to so is check the parameter and if it's "pptp" then run some
routing tables and if not eg "ppp0" then continue with other things...

Another thing you should do is just check in /var/run/ppp1.pid "this is
usually where my pptp is running" and kill the pid for that... eg. kill `cat
/var/run/ppp1.pid`
This (for me) is a gracefull kill to the program and since I used "ipparam"
in the ppp options file, /etc/ppp/ip-down.local executes and can do whatever
it needs to do eg. restart pptp client or clean up the mess etc...

I have scripts here suited for RedHat should anybody be interested. Email me
without [pptp-server] in the subject line and I'll reply with the scripts.

thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
PGP KeyID:		0x38A9A10C


-----Original Message-----
From: root [mailto:leuzim at pib.com.br]
Sent: Tuesday, November 14, 2000 11:38 PM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] Pptp client linux automatic


Hey.. I make a little script to start and stop vpn client more easy.

pptp-up in /sbin/init.d

#!/bin/bash
/dir/vpn/pptp (ip server machine) 
/bin/sleep 3 #wait for ip adress to comeup 

pptp-down in /sbin/init.d

#!/bin/bash

killall -9 pppd # Killall pppds actives
killall -9 pptp #Killall pptps actives
rm -f /var/run/pptp/* #Remove any old dead PPTP session
rm -f /var/run/ppp* # Remove any old dead ppp session
ifconfig ppp0 down #Shutdown interface ppp

I using a Suse 6.4 and I make a rc file to bring up pptp client on boot
system
and view the status. You can reload the pptp more easy with rcpptp start and
rcpptp stop.

I make a script and put it on /sbin/init.d and link in /usr/sbin to use
rcpptp

#! /bin/sh
#file  /sbin/init.d/pptp

.. /etc/rc.config

# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}

# Force execution if not called by a runlevel directory.
test $link = $base && START_PPTP=yes
test "$START_PPTP" = "yes" || exit 0


# The echo return value for success (defined in /etc/rc.config).
return=$rc_done
case "$1" in
    start)
        echo -n "Starting PPTP services:"
        startproc /sbin/init.d/pptp-up || return=$rc_done
        /bin/sleep 2
	echo -e "$return"
        ;;
    stop)
        echo -n "Shutting down PPTP services:"
        startproc /sbin/init.d/pptp-down || return=$rc_done 
        echo -e "$return"
        ;;
   restart|reload)
        $0 stop  &&  $0 start  || return=$rc_failed
        ;;
    status)
        echo -n "Checking for service pptp: "
        checkproc /dirvpnclient/pptp && echo -n "Vpn Up" || echo -n "Vpn
Down"
	echo -e "$return"	
	;;
   *)
        echo "Usage: $0 {start|stop|restart|reload|status}"
        exit 1 
esac

# Inform the caller not only verbosely and set an exit status.
test "$return" = "$rc_done" || exit 1
exit 0


[]s 
Wildcat
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From vgill at technologist.com  Tue Nov 14 02:02:32 2000
From: vgill at technologist.com (Vern H. Gill)
Date: Tue, 14 Nov 2000 00:02:32 -0800
Subject: [pptp-server] Why won't this work?!?
Message-ID: <000801c04e11$3f702aa0$3705a8c0@gillnet.org>

When my box is NOT connected to the net, I can VPN in from another box on
the LAN just fine. As soon as I connect, the box no longer accepts the
connections. They just time out. The box is BOTH the router/gateway AND the
(hopefully) pptp server. This should work, right? Why doesn't it?
Here's what I've got
Kernel 2.2.16
pppd version 2.3.11
PoPToP v1.1.2
/lib/modules/2.2.16/net/ppp.o
/lib/modules/2.2.16/net/ppp_deflate.o
/lib/modules/2.2.16/net/ppp_mppe.o

Here are my corresponding ipchains/ipmasqadm/ipfwd entries
# All addresses
INTERNAL_IP=192.168.5.1
EXTERNAL_IP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' |
sed -e 's/.*://'`" (It's a dynamic address - shouldn't matter though,
right?)
ALLADDR=0/0
$IPCHAINS -A input -j ACCEPT -p tcp -s $ALLADDR 1723 -d $ALLADDR -v
$IPCHAINS -A output -j ACCEPT -p tcp -s $ALLADDR -d $ALLADDR 1723 -v
$IPCHAINS -A forward -j MASQ -p tcp -s $ALLADDR -d $ALLADDR 1723 -v
--------------------------------------------------------------------
/etc/rc.d/init.d/firewall status | grep 1723
ACCEPT     tcp  ------  0.0.0.0/0            0.0.0.0/0             1723 ->
*
MASQ       tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->
1723
ACCEPT     tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->
1723

$IPCHAINS -A input -p 47 -j ACCEPT -v
$IPCHAINS -A output -p 47 -j ACCEPT -v
$IPCHAINS -A forward -p 47 -j MASQ -v
--------------------------------------------------------------------
/etc/rc.d/init.d/firewall status | grep 47
ACCEPT     47   ------  0.0.0.0/0            0.0.0.0/0             n/a
MASQ       47   ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     47   ------  0.0.0.0/0            0.0.0.0/0             n/a

$IPMASQADM portfw -a -P tcp -L $EXTERNAL_IP 1723 -R $INTERNAL_IP 1723
ipmasqadm portfw -l
prot localaddr          rediraddr          lport    rport  pcnt  pref
TCP  xxx.xxx.xxx.xxx    192.168.5.1        1723     1723    10    10

$IPFWD --masq --syslog $INTERNAL_IP 47 &

My pptpd.conf;
speed 115200
option /etc/ppp/options.pptp
debug
localip 192.168.5.1
remoteip 192.168.5.20-30
pidfile /var/run/pptpd.pid

My options.pptpd;
proxyarp
ms-dns 192.168.5.1
ms-dns 206.13.29.12
lock
auth
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
require-chap
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 20
lcp-echo-interval 5
ms-wins 192.168.5.1
ms-wins 192.168.5.1

My options;
lock
persist
passive (tried without this too)

My chap-secrets;
DomainName\\username          *               secret         *

If you need more info, PLEASE let me know. I NEED this for when I am
traveling. Please also respond to me directly. Thank you.



From phil at vibrationresearch.com  Tue Nov 14 16:17:37 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Tue, 14 Nov 2000 17:17:37 -0500
Subject: [pptp-server] Why won't this work?!?
In-Reply-To: <000801c04e11$3f702aa0$3705a8c0@gillnet.org>
Message-ID: <000201c04e88$b219fbe0$4500a8c0@vibrationresearch.com>

> When my box is NOT connected to the net, I can VPN in from another box on
> the LAN just fine. As soon as I connect, the box no longer accepts the
> connections. They just time out. The box is BOTH the
> router/gateway AND the
> (hopefully) pptp server. This should work, right? Why doesn't it?

Sounds like a routing problem.  Compare your routing tables before and after
connecting to the internet to see why the internal network gets cut off.

> $IPMASQADM portfw -a -P tcp -L $EXTERNAL_IP 1723 -R $INTERNAL_IP 1723
> ipmasqadm portfw -l
> prot localaddr          rediraddr          lport    rport  pcnt  pref
> TCP  xxx.xxx.xxx.xxx    192.168.5.1        1723     1723    10    10
>
> $IPFWD --masq --syslog $INTERNAL_IP 47 &

If your box is both the router/gateway and the pptp server, there is no need
to do any port forwarding of TCP-1723 or GRE packets.  If your pptp server
actually IS on some machine behind your firewall (other than the firewall
machine itself), then you would need to do forwarding, and should also
install the ip_masq_vpn stuff:

	ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html

ftp://ftp.rubyriver.com/pub/jhardin/masquerade/VPN-howto/VPN-Masquerade.html




From vgill at technologist.com  Tue Nov 14 18:55:27 2000
From: vgill at technologist.com (Vern H. Gill)
Date: Tue, 14 Nov 2000 16:55:27 -0800
Subject: [pptp-server] Why won't this work?!?
In-Reply-To: <000801c04e11$3f702aa0$3705a8c0@gillnet.org>
Message-ID: <001a01c04e9e$bf79be40$3705a8c0@gillnet.org>

Actually, I stated this wrongly. It is not a problem when my box is
connected, it is when I am doing the ipchains stuff. Box is connected but
not masquing/forwarding, lan connection no problem. When
masquing/forwarding, lan and from outside connections no longer work. But,
others do, such as pcAnywhere to an internal box, and pptp connections to an
NT on internal lan. It is something specific to ipchains/poptop.

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Vern H. Gill
Sent: Tuesday, November 14, 2000 12:03 AM
To: 'PPTP List (E-mail)'
Cc: vgill at linus.yi.org; vgill at technologist.com
Subject: [pptp-server] Why won't this work?!?


When my box is NOT connected to the net, I can VPN in from another box on
the LAN just fine. As soon as I connect, the box no longer accepts the
connections. They just time out. The box is BOTH the router/gateway AND the
(hopefully) pptp server. This should work, right? Why doesn't it?
Here's what I've got
Kernel 2.2.16
pppd version 2.3.11
PoPToP v1.1.2
/lib/modules/2.2.16/net/ppp.o
/lib/modules/2.2.16/net/ppp_deflate.o
/lib/modules/2.2.16/net/ppp_mppe.o

Here are my corresponding ipchains/ipmasqadm/ipfwd entries
# All addresses
INTERNAL_IP=192.168.5.1
EXTERNAL_IP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' |
sed -e 's/.*://'`" (It's a dynamic address - shouldn't matter though,
right?)
ALLADDR=0/0
$IPCHAINS -A input -j ACCEPT -p tcp -s $ALLADDR 1723 -d $ALLADDR -v
$IPCHAINS -A output -j ACCEPT -p tcp -s $ALLADDR -d $ALLADDR 1723 -v
$IPCHAINS -A forward -j MASQ -p tcp -s $ALLADDR -d $ALLADDR 1723 -v
--------------------------------------------------------------------
/etc/rc.d/init.d/firewall status | grep 1723
ACCEPT     tcp  ------  0.0.0.0/0            0.0.0.0/0             1723 ->
*
MASQ       tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->
1723
ACCEPT     tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->
1723

$IPCHAINS -A input -p 47 -j ACCEPT -v
$IPCHAINS -A output -p 47 -j ACCEPT -v
$IPCHAINS -A forward -p 47 -j MASQ -v
--------------------------------------------------------------------
/etc/rc.d/init.d/firewall status | grep 47
ACCEPT     47   ------  0.0.0.0/0            0.0.0.0/0             n/a
MASQ       47   ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     47   ------  0.0.0.0/0            0.0.0.0/0             n/a

$IPMASQADM portfw -a -P tcp -L $EXTERNAL_IP 1723 -R $INTERNAL_IP 1723
ipmasqadm portfw -l
prot localaddr          rediraddr          lport    rport  pcnt  pref
TCP  xxx.xxx.xxx.xxx    192.168.5.1        1723     1723    10    10

$IPFWD --masq --syslog $INTERNAL_IP 47 &

My pptpd.conf;
speed 115200
option /etc/ppp/options.pptp
debug
localip 192.168.5.1
remoteip 192.168.5.20-30
pidfile /var/run/pptpd.pid

My options.pptpd;
proxyarp
ms-dns 192.168.5.1
ms-dns 206.13.29.12
lock
auth
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
require-chap
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 20
lcp-echo-interval 5
ms-wins 192.168.5.1
ms-wins 192.168.5.1

My options;
lock
persist
passive (tried without this too)

My chap-secrets;
DomainName\\username          *               secret         *

If you need more info, PLEASE let me know. I NEED this for when I am
traveling. Please also respond to me directly. Thank you.

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!



From georgev at citadelcomputer.com.au  Tue Nov 14 19:39:05 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Wed, 15 Nov 2000 12:39:05 +1100
Subject: [pptp-server] Why won't this work?!?
Message-ID: <03F12E3EFB51D311837F0000E860EB493FE81A@cittech>

Could your problem be that your VPN IP subnet is the SAME as your ETH device
subnet.

Your box won't know where to deliver it unless you mask it properly which I
can't see any masking...

Can you try this with the VPN being a different IP to the local network..??

thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
PGP KeyID:		0x38A9A10C


-----Original Message-----
From: Vern H. Gill [mailto:vgill at technologist.com]
Sent: Wednesday, November 15, 2000 11:55 AM
To: 'Vern H. Gill'; 'PPTP List (E-mail)'
Cc: vgill at linus.yi.org
Subject: RE: [pptp-server] Why won't this work?!?


Actually, I stated this wrongly. It is not a problem when my box is
connected, it is when I am doing the ipchains stuff. Box is connected but
not masquing/forwarding, lan connection no problem. When
masquing/forwarding, lan and from outside connections no longer work. But,
others do, such as pcAnywhere to an internal box, and pptp connections to an
NT on internal lan. It is something specific to ipchains/poptop.

-----Original Message-----
From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Vern H. Gill
Sent: Tuesday, November 14, 2000 12:03 AM
To: 'PPTP List (E-mail)'
Cc: vgill at linus.yi.org; vgill at technologist.com
Subject: [pptp-server] Why won't this work?!?


When my box is NOT connected to the net, I can VPN in from another box on
the LAN just fine. As soon as I connect, the box no longer accepts the
connections. They just time out. The box is BOTH the router/gateway AND the
(hopefully) pptp server. This should work, right? Why doesn't it?
Here's what I've got
Kernel 2.2.16
pppd version 2.3.11
PoPToP v1.1.2
/lib/modules/2.2.16/net/ppp.o
/lib/modules/2.2.16/net/ppp_deflate.o
/lib/modules/2.2.16/net/ppp_mppe.o

Here are my corresponding ipchains/ipmasqadm/ipfwd entries
# All addresses
INTERNAL_IP=192.168.5.1
EXTERNAL_IP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' |
sed -e 's/.*://'`" (It's a dynamic address - shouldn't matter though,
right?)
ALLADDR=0/0
$IPCHAINS -A input -j ACCEPT -p tcp -s $ALLADDR 1723 -d $ALLADDR -v
$IPCHAINS -A output -j ACCEPT -p tcp -s $ALLADDR -d $ALLADDR 1723 -v
$IPCHAINS -A forward -j MASQ -p tcp -s $ALLADDR -d $ALLADDR 1723 -v
--------------------------------------------------------------------
/etc/rc.d/init.d/firewall status | grep 1723
ACCEPT     tcp  ------  0.0.0.0/0            0.0.0.0/0             1723 ->
*
MASQ       tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->
1723
ACCEPT     tcp  ------  0.0.0.0/0            0.0.0.0/0             * ->
1723

$IPCHAINS -A input -p 47 -j ACCEPT -v
$IPCHAINS -A output -p 47 -j ACCEPT -v
$IPCHAINS -A forward -p 47 -j MASQ -v
--------------------------------------------------------------------
/etc/rc.d/init.d/firewall status | grep 47
ACCEPT     47   ------  0.0.0.0/0            0.0.0.0/0             n/a
MASQ       47   ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     47   ------  0.0.0.0/0            0.0.0.0/0             n/a

$IPMASQADM portfw -a -P tcp -L $EXTERNAL_IP 1723 -R $INTERNAL_IP 1723
ipmasqadm portfw -l
prot localaddr          rediraddr          lport    rport  pcnt  pref
TCP  xxx.xxx.xxx.xxx    192.168.5.1        1723     1723    10    10

$IPFWD --masq --syslog $INTERNAL_IP 47 &

My pptpd.conf;
speed 115200
option /etc/ppp/options.pptp
debug
localip 192.168.5.1
remoteip 192.168.5.20-30
pidfile /var/run/pptpd.pid

My options.pptpd;
proxyarp
ms-dns 192.168.5.1
ms-dns 206.13.29.12
lock
auth
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
require-chap
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 20
lcp-echo-interval 5
ms-wins 192.168.5.1
ms-wins 192.168.5.1

My options;
lock
persist
passive (tried without this too)

My chap-secrets;
DomainName\\username          *               secret         *

If you need more info, PLEASE let me know. I NEED this for when I am
traveling. Please also respond to me directly. Thank you.

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From vgill at technologist.com  Tue Nov 14 19:50:02 2000
From: vgill at technologist.com (Vern H. Gill)
Date: Tue, 14 Nov 2000 17:50:02 -0800
Subject: [pptp-server] Why won't this work?!?
In-Reply-To: <000201c04e88$b219fbe0$4500a8c0@vibrationresearch.com>
Message-ID: <000001c04ea6$5f7dee00$3705a8c0@gillnet.org>

I fixed it. Was my own STUPIDITY!!! Had these lines also running.

$IPMASQADM autofw -A -v -r tcp 1000 3000 -c tcp 1000 -u
$IPMASQADM autofw -A -v -r udp 1000 3000 -c udp 1000 -u

DUH!!! Forwarding/masqing 1000-3000 includes 1723. DUH!!!!! Sorry guys.
Great product other than that..



From peter at mnsi.net  Wed Nov 15 00:40:58 2000
From: peter at mnsi.net (The Alliett's)
Date: Wed, 15 Nov 2000 01:40:58 -0500
Subject: [pptp-server] DSL Connection Problems
Message-ID: <001b01c04ecf$15e06c40$64010101@mnsi.net>

Has anyone managed to connect to a PopTop server via DSL.  I can't get it to
work.

I have Windows95C with the DUN 1.3 patch installed.

If i use a normal 56K dialup to my ISP and then launch the VPN connection I
connect fine and all is great.

If I then try just launching the VPN connection on it's own through my LAN
connection via DSL on a LINUX server it hangs at verifying username and
password and eventually gives me error 650.

Checking the logs on the PopTop server it reports GRE: read error: Bad file
descriptor
and CTRL: PTY read or GRE write failed.

Help Me Please.

Peter



From rage at sohonetworks.cc  Wed Nov 15 01:03:49 2000
From: rage at sohonetworks.cc (Jason Osborne)
Date: Wed, 15 Nov 2000 01:03:49 -0600
Subject: [pptp-server] connect problem when another connection is using ppp0
Message-ID: <NEBBLMAGELJABJGLOKNAGEKLCCAA.rage@sohonetworks.cc>

HELP.....PLEASE

I don't understand whats wrong. Well I do, but I don't know how to fix it.
First I connect up with the VPN on a system on the LAN. Works great. Then I
kill the VPN connection.

I start the ISDN connection with pppd. Everything works great there. Now I
run ifconfig and get:

	eth0      Link encap:Ethernet  HWaddr 52:54:05:F0:25:90
	          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
	          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      	    RX packets:33846 errors:0 dropped:0 overruns:0 frame:0
	         TX packets:76141 errors:0 dropped:0 overruns:0 carrier:0
	         collisions:4 txqueuelen:100
	         Interrupt:10 Base address:0xfce0

	lo        Link encap:Local Loopback
	          inet addr:127.0.0.1  Mask:255.0.0.0
	          UP LOOPBACK RUNNING  MTU:3924  Metric:1
	          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	          collisions:0 txqueuelen:0

	ppp0      Link encap:Point-to-Point Protocol
	          inet addr:208.188.23.110  P-t-P:151.164.1.249
Mask:255.255.255.255
	          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
	          RX packets:1798 errors:0 dropped:0 overruns:0 frame:0
	          TX packets:1796 errors:0 dropped:0 overruns:0 carrier:0
	          collisions:0 txqueuelen:10

Now I start the VPN connection and get this.

	Nov 14 19:57:02 legacycarpets pptpd[21103]: CTRL: Client 4.40.159.70
control connection started
	Nov 14 19:57:02 legacycarpets pptpd[21103]: CTRL: Starting call (launching
pppd, opening GRE)
	Nov 14 19:57:02 legacycarpets pptpd[21103]: Error reading from pppd:
Input/output error
	Nov 14 19:57:02 legacycarpets pptpd[21103]: CTRL: GRE read or PTY write
failed (gre,pty)=(7,6)
	Nov 14 19:57:02 legacycarpets pptpd[21103]: CTRL: Client 4.40.159.70
control connection finished

It appears as if pptpd or pppd will not open ppp1 for the vpn to use. How do
I fix this? I have researched the PPPD Howto, the PopTop Website, and the
pppd man file with no luck. I've even searched previous posts. It appears
everyone automatically assumes this works. So what happens when it doesn't?
Does anyone have an answer?

--
Jason Osborne
Data and Telecom Network Solutions
Your total Internetworking solutions provider!
3847 Timberglen Rd., STE 4013
Dallas, TX 75287
Phone: 972-307-0676
Mobile: 214-284-3337
Web: http://www.sohonetworks.cc
E-mail: sales at sohonetworks.cc



From rage at sohonetworks.cc  Wed Nov 15 08:39:22 2000
From: rage at sohonetworks.cc (Jason Osborne)
Date: Wed, 15 Nov 2000 08:39:22 -0600
Subject: [pptp-server] connect problem when another connection is using ppp0
In-Reply-To: <03F12E3EFB51D311837F0000E860EB493FE821@cittech>
Message-ID: <NEBBLMAGELJABJGLOKNAGEKOCCAA.rage@sohonetworks.cc>

as far as killing my vpn connection, i have not had to kill it at all. i am
running pptpd-1.1.2. when i finish with a connection, it kills the client
itself.

/var/log/messages (pay close attention as i try to bring both up):
Nov 14 22:35:57 dynipclient[22660]: Using client configuration file
'/etc/dynip.cfg'
Nov 14 22:35:57 dynipclient[22660]: Kill signal sent to DynIP client process
18986
Nov 14 22:35:58 pppd[18977]: Hangup (SIGHUP)
Nov 14 22:35:58 pppd[18977]: Modem hangup
Nov 14 22:35:58 pppd[18977]: Connection terminated.
Nov 14 22:35:58 pppd[18977]: Connect time 360.1 minutes.
Nov 14 22:35:58 pppd[18977]: Sent 343806 bytes, received 171597 bytes.
Nov 14 22:35:58 pppd[18977]: Exit.
Nov 14 22:36:07 pppd[22680]: pppd 2.3.11 started by root, uid 0
Nov 14 22:36:07 pppd[22680]: Using interface ppp0
Nov 14 22:36:07 pppd[22680]: Connect: ppp0 <--> /dev/ttyS0
Nov 14 22:36:10 kernel: PPP BSD Compression module registered
Nov 14 22:36:10 kernel: PPP Deflate Compression module registered
Nov 14 22:36:12 pppd[22680]: local  IP address xxx.xxx.17.127
Nov 14 22:36:12 pppd[22680]: remote IP address xxx.xxx.1.246
Nov 14 22:36:12 dynipclient[22688]: Using client configuration file
'/etc/dynip.cfg'
Nov 14 22:36:12 dynipclient[22689]: active
Nov 14 19:57:02 pptpd[21103]: CTRL: Client xxx.xxx.159.70 control connection
started
Nov 14 19:57:02 pptpd[21103]: CTRL: Starting call (launching pppd, opening
GRE)
Nov 14 19:57:02 pptpd[21103]: Error reading from pppd: Input/output error
Nov 14 19:57:02 pptpd[21103]: CTRL: GRE read or PTY write failed
(gre,pty)=(7,6)
Nov 14 19:57:02 pptpd[21103]: CTRL: Client xxx.xxx.159.70 control connection
finished


/etc/pptpd.conf:
speed 38400
option /etc/ppp/options.vpn
debug
localip 192.168.0.200-220,192.168.0.1
remoteip 192.168.1.200-220,192.168.1.1
#ipxnets 00001000-00001FFF
#listen 192.168.0.1
pidfile /var/run/pptpd.pid

-----Original Message-----
From: George Vieira [mailto:georgev at citadelcomputer.com.au]
Sent: Wednesday, November 15, 2000 2:18 AM
To: 'Jason Osborne'
Subject: RE: [pptp-server] connect problem when another connection is
using ppp0


what does you pptpd.conf listen to as a IP address??
How did you kill your pptp session, via kill `cat /var/run/ppp-pptp.pid`  ?


-----Original Message-----
From: Jason Osborne [mailto:rage at sohonetworks.cc]
Sent: Wednesday, November 15, 2000 6:04 PM
To: Pptp-Server at Lists. Schulte. Org; PPTP Mailing List; PPTP Mailing
List
Subject: [pptp-server] connect problem when another connection is using
ppp0


HELP.....PLEASE

I don't understand whats wrong. Well I do, but I don't know how to fix it.
First I connect up with the VPN on a system on the LAN. Works great. Then I
kill the VPN connection.

I start the ISDN connection with pppd. Everything works great there. Now I
run ifconfig and get:

	eth0      Link encap:Ethernet  HWaddr 52:54:05:F0:25:90
	          inet addr:192.168.0.1  Bcast:192.168.0.255
Mask:255.255.255.0
	          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      	    RX packets:33846 errors:0 dropped:0 overruns:0 frame:0
	         TX packets:76141 errors:0 dropped:0 overruns:0 carrier:0
	         collisions:4 txqueuelen:100
	         Interrupt:10 Base address:0xfce0

	lo        Link encap:Local Loopback
	          inet addr:127.0.0.1  Mask:255.0.0.0
	          UP LOOPBACK RUNNING  MTU:3924  Metric:1
	          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
	          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
	          collisions:0 txqueuelen:0

	ppp0      Link encap:Point-to-Point Protocol
	          inet addr:208.188.23.110  P-t-P:151.164.1.249
Mask:255.255.255.255
	          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
	          RX packets:1798 errors:0 dropped:0 overruns:0 frame:0
	          TX packets:1796 errors:0 dropped:0 overruns:0 carrier:0
	          collisions:0 txqueuelen:10

Now I start the VPN connection and get this.

	Nov 14 19:57:02 legacycarpets pptpd[21103]: CTRL: Client 4.40.159.70
control connection started
	Nov 14 19:57:02 legacycarpets pptpd[21103]: CTRL: Starting call
(launching
pppd, opening GRE)
	Nov 14 19:57:02 legacycarpets pptpd[21103]: Error reading from pppd:
Input/output error
	Nov 14 19:57:02 legacycarpets pptpd[21103]: CTRL: GRE read or PTY
write
failed (gre,pty)=(7,6)
	Nov 14 19:57:02 legacycarpets pptpd[21103]: CTRL: Client 4.40.159.70
control connection finished

It appears as if pptpd or pppd will not open ppp1 for the vpn to use. How do
I fix this? I have researched the PPPD Howto, the PopTop Website, and the
pppd man file with no luck. I've even searched previous posts. It appears
everyone automatically assumes this works. So what happens when it doesn't?
Does anyone have an answer?

--
Jason Osborne
Data and Telecom Network Solutions
Your total Internetworking solutions provider!
3847 Timberglen Rd., STE 4013
Dallas, TX 75287
Phone: 972-307-0676
Mobile: 214-284-3337
Web: http://www.sohonetworks.cc
E-mail: sales at sohonetworks.cc

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!



From greggmc at musc.edu  Wed Nov 15 08:43:19 2000
From: greggmc at musc.edu (Matthew Gregg)
Date: Wed, 15 Nov 2000 09:43:19 -0500
Subject: [pptp-server] Win9x 128-bit encryption
Message-ID: <20001115094319.A2097@musc.edu>

Does anyone have Win9x(any flavor) connecting to PPTP at 128-bit
encryption?  If so, what version of Win9x and how did you do it?

I've been reading the archive of this list and have found several
threads that say you can and some that say you can't.

Thanks.
-- 
brought to you by, Matthew Gregg...
one of the friendly folks in the IT Lab.
-------------------------------------\
The IT Lab (http://www.itlab.musc.edu)\____________________
Probably the world's premier software development center.
Serving: Programming, Tools, Ice Cream, Seminars



From martin at tuatha.org  Wed Nov 15 09:08:11 2000
From: martin at tuatha.org (Martin Feeney)
Date: Wed, 15 Nov 2000 15:08:11 +0000
Subject: [pptp-server] Win9x 128-bit encryption
In-Reply-To: <20001115094319.A2097@musc.edu>; from greggmc@musc.edu on Wed, Nov 15, 2000 at 14:43:19 +0000
References: <20001115094319.A2097@musc.edu>
Message-ID: <20001115150811.B17798@greenspot>

On Wed, 15 Nov 2000 14:43:19 Matthew Gregg wrote:

> Does anyone have Win9x(any flavor) connecting to PPTP at 128-bit
> encryption?  If so, what version of Win9x and how did you do it?

win98se with the high-encryption update pulled off windows update - works
like a charm. Make sure you check every box that requires encryption.

I've found that having the following in /etc/ppp/pptpd-options on your
pptpd server helps:

auth
-deflate
-bsdcomp
-callback
-pap
-chapms
+chapms-v2
mppe-128
mppe-stateless

Martin.


From gustave.ruffenach at swapcom.fr  Wed Nov 15 09:34:43 2000
From: gustave.ruffenach at swapcom.fr (Gustave Ruffenach)
Date: Wed, 15 Nov 2000 16:34:43 +0100
Subject: [pptp-server] pptpd logfile
Message-ID: <9A8FFB41436D734C95ED522664AC09180BE6B5@exchange2000.intranet.swapcom.fr>

Hi, 
 
I've installed a couple of weeks ago a pptp server under a BSD4.1.
 
I works in the debug mode (pptpd -d) so that I can log who connects in.
(when it works in the standard mode : ./pptpd, nothing is written into the
pptpd.log)
 
Since last week, I've got a strange problem : once a day the pptpd goes
crazy and it writes thousand lines in my log file. The only solution is to
kill the process, delete the corrupted logfile and lauch again the daemon.
 
Does anybody have seen this problem yet?
 
Thanks for help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001115/8961f15f/attachment.html>

From pgw99 at doc.ic.ac.uk  Wed Nov 15 09:43:19 2000
From: pgw99 at doc.ic.ac.uk (Philip Willoughby)
Date: Wed, 15 Nov 2000 15:43:19 +0000 (GMT)
Subject: [pptp-server] Win9x 128-bit encryption
In-Reply-To: <20001115094319.A2097@musc.edu>
Message-ID: <Pine.LNX.4.30.0011151542120.12327-100000@visual19.doc.ic.ac.uk>

Today, Matthew Gregg wrote:

>Does anyone have Win9x(any flavor) connecting to PPTP at 128-bit
>encryption?  If so, what version of Win9x and how did you do it?
>
>I've been reading the archive of this list and have found several
>threads that say you can and some that say you can't.

If you use the mppe patch I posted a few weeks ago and _stateless_
encryption, then it works.  Stateful encryption is still not working.

Philip Willoughby

Email:  pgw99 at doc.ic.ac.uk             |           I reserve the right
ICQ#:   53659369                       |           to drink free beer.



From phil at vibrationresearch.com  Wed Nov 15 10:07:41 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Wed, 15 Nov 2000 11:07:41 -0500
Subject: [pptp-server] pptpd logfile
In-Reply-To: <9A8FFB41436D734C95ED522664AC09180BE6B5@exchange2000.intranet.swapcom.fr>
Message-ID: <000d01c04f1e$2e9d2e40$4500a8c0@vibrationresearch.com>

This was a problem with pptpd-1.0.0 and pptpd-1.1.1.

pptpd-1.0.1 and pptpd-1.1.2 solve the problem.  http://poptop.lineo.com

  -----Original Message-----
  From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Gustave Ruffenach
  Sent: Wednesday, November 15, 2000 10:35 AM
  To: pptp-server at lists.schulte.org
  Subject: [pptp-server] pptpd logfile


  Hi,

  I've installed a couple of weeks ago a pptp server under a BSD4.1.

  I works in the debug mode (pptpd -d) so that I can log who connects in.
(when it works in the standard mode : ./pptpd, nothing is written into the
pptpd.log)

  Since last week, I've got a strange problem : once a day the pptpd goes
crazy and it writes thousand lines in my log file. The only solution is to
kill the process, delete the corrupted logfile and lauch again the daemon.

  Does anybody have seen this problem yet?

  Thanks for help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001115/049f4174/attachment.html>

From greggmc at musc.edu  Wed Nov 15 10:58:34 2000
From: greggmc at musc.edu (Matthew Gregg)
Date: Wed, 15 Nov 2000 11:58:34 -0500
Subject: [pptp-server] Win9x 128-bit encryption
In-Reply-To: <Pine.LNX.4.30.0011151542120.12327-100000@visual19.doc.ic.ac.uk>; from pgw99@doc.ic.ac.uk on Wed, Nov 15, 2000 at 03:43:19PM +0000
References: <20001115094319.A2097@musc.edu> <Pine.LNX.4.30.0011151542120.12327-100000@visual19.doc.ic.ac.uk>
Message-ID: <20001115115834.A2260@musc.edu>

Philip,
I followed the Installation FAQ
(http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt) for the 
install, applying the patches listed for 40/128 encryption.
Then further, applied the patches to require encryption.
My "options" file follows:
######
lock
debug
proxyarp
+chap
+chapms     
+chapms-v2     
mppe-40     
mppe-128     
mppe-stateless
require-mppe
require-mppe-stateless
#########


From gustave.ruffenach at swapcom.fr  Thu Nov 16 04:48:56 2000
From: gustave.ruffenach at swapcom.fr (Gustave Ruffenach)
Date: Thu, 16 Nov 2000 11:48:56 +0100
Subject: [pptp-server] pb while loging into the vpn
Message-ID: <9A8FFB41436D734C95ED522664AC09180BE6C9@exchange2000.intranet.swapcom.fr>

Hi..
thanks for your help about the pptpd logfile. I've updated my pptpd version
on my BSD and it seems to work..
 
But..
Now, when a user lauches the pptpd client (under windows), he is
automatically rejected the first time ("port does not exist").. and when he
pushes the "retry" button it works.
  
Does anyone have an idea ?
It's not a real problem (because my users are connected one the second time)
but I was wondering about that.
 
 
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001116/5446b51f/attachment.html>

From ralphw at cnet.com  Thu Nov 16 06:27:37 2000
From: ralphw at cnet.com (Ralph Winslow)
Date: Thu, 16 Nov 2000 07:27:37 -0500 (EST)
Subject: [pptp-server] ppp_mppe
In-Reply-To: <03F12E3EFB51D311837F0000E860EB493FE80F@cittech>
Message-ID: <Pine.GSO.4.10.10011160716580.16690-100000@east.cnet.com>

When on Wed, 15 Nov 2000, George Vieira wrote, I replied:

Here's what I've tried:

root at rjw# locate mppe.o
/lib/modules/2.2.16-storm/net/mppe.o
/usr/src/kernel-source-2.2.16-storm-ide/drivers/net/ppp_mppe.o
/usr/src/kernel-source-2.2.16-storm-ide/drivers/net/.ppp_mppe.o.flags
/usr/src/ppp-2.3.8/pppd/mppe.o
root at rjw#  locate emu10k1.o
/lib/modules/2.2.16-storm.old/misc/emu10k1.o
/lib/modules/2.2.16-storm/misc/emu10k1.o
root at rjw# insmod /usr/src/ppp-2.3.8/pppd/mppe.o
/usr/src/ppp-2.3.8/pppd/mppe.o: couldn't find the kernel version the module was compiled for
root at rjw# insmod /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/ppp_mppe.o
/usr/src/kernel-source-2.2.16-storm-ide/drivers/net/ppp_mppe.o: couldn't find the kernel version the module was compiled for
root at rjw# cp /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/ppp_mppe.o /lib/modules/2.2.16-storm/net
root at rjw# insmod ppp_mppe.o
ppp_mppe.o: ppp_mppe.o: No such file or directory

I'm puzzled and chagrined.

> Date: Wed, 15 Nov 2000 08:26:50 +1100
> From: George Vieira <georgev at citadelcomputer.com.au>
> To: 'Ralph Winslow' <ralphw at cnet.com>
> Subject: RE: [pptp-server] ppp_mppe
> 
> Actually,
> 
> If I'm not wrong, shouldn't your ppp_mppe.o be sitting in some directory
> like /lib/modules/2.2.2-16/net/ppp_mppe.o?
> Is there another driver that's loading that you could `locate driver.o` and
> see where they sits and if I am right, copy the file there?
> 
> thanks,
> George Vieira
> Network Administrator
> http://www.citadelcomputer.com.au
> PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
> PGP KeyID:		0x38A9A10C
> 
> 
> -----Original Message-----
> From: Ralph Winslow [mailto:ralphw at cnet.com]
> Sent: Tuesday, November 14, 2000 11:05 PM
> To: George Vieira
> Subject: RE: [pptp-server] ppp_mppe
> 
> 
> When on Tue, 14 Nov 2000, George Vieira wrote, I replied:
> 
> I'm still trying to figure out how to load mppe.o.  I don't recall
> hearing anythinq about OpenSSL; do I need more than an sshd and
> the slogin/scp/ssh tools? I've had these in place for years.
> 
> > Date: Tue, 14 Nov 2000 18:32:04 +1100
> > From: George Vieira <georgev at citadelcomputer.com.au>
> > To: 'Ralph Winslow' <ralphw at cnet.com>
> > Subject: RE: [pptp-server] ppp_mppe
> > 
> > probably the same kernel with tweaks on other stuff like "bleeding edge"
> > version.
> > I think I'm missing instructions for the OpenSSL compiling. I haven't seen
> > any instructions on OpenSSL except that we needed to download it and
> > uncompress it...
> > 
> > How far are you up to?
> > 
> > -----Original Message-----
> > From: Ralph Winslow [mailto:ralphw at cnet.com]
> > Sent: Tuesday, November 14, 2000 10:20 AM
> > To: George Vieira
> > Subject: RE: [pptp-server] ppp_mppe
> > 
> > 
> > When on Tue, 14 Nov 2000, George Vieira wrote, I replied:
> > 
> > I just instinctively put the ppp source at /usr/src/ppp-2.3.8.  It would
> > never have occurred to me to put it in the kernel tree. 
> > 
> > What's this about 2.2.16-3?  I'm running 2.2.16-storm-ide - would that
> > be the same issue?
> > 
> > > Date: Tue, 14 Nov 2000 09:14:23 +1100
> > > From: George Vieira <georgev at citadelcomputer.com.au>
> > > To: 'Ralph Winslow' <ralphw at cnet.com>
> > > Subject: RE: [pptp-server] ppp_mppe
> > > 
> > > I have gottern further, I had to put the source at /usr/src/ppp-x.x.x
> not
> > as
> > > per instructions found on the site which said
> > > /usr/src/linux/SOURCES/ppp-x.x.x  that stuffed it..
> > > 
> > > I now have the same problem as Ian Ten Cate.. with compiling ppp with
> mppe
> > > on 2.2.16-3
> > > 
> > > thanks.
> > > 
> > > -----Original Message-----
> > > From: Ralph Winslow [mailto:ralphw at cnet.com]
> > > Sent: Monday, November 13, 2000 10:38 PM
> > > To: George Vieira
> > > Subject: RE: [pptp-server] ppp_mppe
> > > 
> > > 
> > > When on Mon, 13 Nov 2000, George Vieira wrote, I replied:
> > > 
> > > You'll note that I used 2.3.8 vs. your 2.3.19.  Mayhap that's
> significant.
> > > 
> > > > Date: Mon, 13 Nov 2000 14:31:08 +1100
> > > > From: George Vieira <georgev at citadelcomputer.com.au>
> > > > To: 'Ralph Winslow' <ralphw at cnet.com>
> > > > Subject: RE: [pptp-server] ppp_mppe
> > > > 
> > > > Lucky you, coz I haven't gotten that far.. I can't get the patch to
> > > work...
> > > > I have pppd.2.3.10 and the patch just drops me to a > prompt... no
> > > > messages...nadda..
> > > > 
> > > > thanks,
> > > > George Vieira
> > > > Network Administrator
> > > > http://www.citadelcomputer.com.au
> > > > PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
> > > > PGP KeyID:		0x38A9A10C
> > > > 
> > > > 
> > > > -----Original Message-----
> > > > From: Ralph Winslow [mailto:ralphw at cnet.com]
> > > > Sent: Monday, November 13, 2000 2:22 PM
> > > > To: George Vieira
> > > > Subject: RE: [pptp-server] ppp_mppe
> > > > 
> > > > 
> > > > When on Mon, 13 Nov 2000, George Vieira wrote, I replied:
> > > > 
> > > > OK, I did:
> > > > 
> > > > root at rjw# updatedb
> > > > root at rjw# locate mppe
> > > > /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/ppp_mppe.o
> > > > /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/.ppp_mppe.o.flags
> > > > /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/ppp_mppe.c
> > > > /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/mppe.h
> > > > /usr/src/ppp-2.3.8-mppe-others-norc4_TH7.diff
> > > > /usr/src/ppp-2.3.8/linux/mppe.h
> > > > /usr/src/ppp-2.3.8/linux/ppp_mppe.c
> > > > /usr/src/ppp-2.3.8/pppd/mppe.c
> > > > /usr/src/ppp-2.3.8/pppd/mppe.h
> > > > 
> > > > Looks like it compiled, but hasn't been installed?
> > > > 
> > > > > Date: Mon, 13 Nov 2000 10:06:03 +1100
> > > > > From: George Vieira <georgev at citadelcomputer.com.au>
> > > > > To: 'Ralph Winslow' <ralphw at cnet.com>
> > > > > Subject: RE: [pptp-server] ppp_mppe
> > > > > 
> > > > > Is the module there in the first place? Update your "locate"
> database
> > > with
> > > > a
> > > > > `updatedb &` and then do a
> > > > > `locate mppe` and send me the list it finds...
> > > > > 
> > > > > thanks,
> > > > > George Vieira
> > > > > Network Administrator
> > > > > http://www.citadelcomputer.com.au
> > > > > PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A
> 38A9 A10C
> > > > > PGP KeyID:		0x38A9A10C
> > > > > 
> > > > > 
> > > > > -----Original Message-----
> > > > > From: Ralph Winslow [mailto:ralphw at cnet.com]
> > > > > Sent: Monday, November 13, 2000 9:52 AM
> > > > > To: George Vieira
> > > > > Subject: RE: [pptp-server] ppp_mppe
> > > > > 
> > > > > 
> > > > > When on Mon, 13 Nov 2000, George Vieira wrote, I replied:
> > > > > 
> > > > > No, I had been trying to unload ppp after shutting down ppp and
> pppoe.
> > > > > The clue about doing rmmod ppp_deflate before the rmmod ppp was a 
> > > > > winner, though.  Now I'm up to insmod ppp_mppe but that's going
> like:
> > > > > 
> > > > > root at rjw# insmod ppp_mppe
> > > > > insmod: ppp_mppe: no module by that name found
> > > > > 
> > > > > I don't recall compiling this (unless it should have been done
> during
> > > > > the make on ppp itself).  Anyone have a clue as to what I'm missing
> > > here?
> > > > > TIA
> > > > > 
> > > > > > Date: Mon, 13 Nov 2000 06:38:18 +1100
> > > > > > From: George Vieira <georgev at citadelcomputer.com.au>
> > > > > > To: 'Ralph Winslow' <ralphw at cnet.com>
> > > > > > Subject: RE: [pptp-server] ppp_mppe
> > > > > > 
> > > > > > Do you have PPP running in memory (eg. ps -ef |grep ppp)?
> > > > > > If not, have you tried to rmmod the deflat module first then pppd?
> > > > > > 
> > > > > > -----Original Message-----
> > > > > > From: Ralph Winslow [mailto:ralphw at cnet.com]
> > > > > > Sent: Monday, November 13, 2000 2:55 AM
> > > > > > To: pptp-server at lists.schulte.org
> > > > > > Subject: [pptp-server] ppp_mppe
> > > > > > 
> > > > > > 
> > > > > > Successful pptp users,
> > > > > > 
> > > > > > I've been following the procedure specified in 
> > > > > > http://www.moretonbay.com/vpn/releases/HOWTO-PoPToP.txt, and
> reached
> > > the
> > > > > > point where I should [rmmod ppp].  This fails
> > > > > > 
> > > > > > root at rjw# rmmod ppp
> > > > > > ppp: Device or resource busy
> > > > > > 
> > > > > > I tried to proceed like this:
> > > > > > 
> > > > > > root at rjw# lsmod
> > > > > > Module                  Size  Used by
> > > > > > ppp_deflate            40936   0  (autoclean)
> > > > > > bsd_comp                3908   0  (autoclean)
> > > > > > ppp                    21132   0  (autoclean) [ppp_deflate
> bsd_comp]
> > > > > > slhc                    4664   0  (autoclean) [ppp]
> > > > > > emu10k1                45264   0  (autoclean)
> > > > > > soundcore               2644   4  (autoclean) [emu10k1]
> > > > > > lockd                  31084   1  (autoclean)
> > > > > > sunrpc                 51804   1  (autoclean) [lockd]
> > > > > > af_packet               6464   0  (autoclean)
> > > > > > serial                 19196   0  (autoclean)
> > > > > > 3c59x                  19548   1 
> > > > > > root at rjw# insmod ppp_mppe
> > > > > > insmod: ppp_mppe: no module by that name found
> > > > > > 
> > > > > > so I rebooted, hoping that that would insmod my new ppp (and,
> > > hopefully,
> > > > > > mppe) module(s), but no joy.  The instructions up to that point
> > seemed
> > > > > > to complete nicely and without error, except that I can't run
> pppoe
> > > > > > using the recommended script; I had to dump its output and create
> > > > > > my own run_pppoe script which looks like:
> > > > > > 
> > > > > > #!/bin/sh
> > > > > > /usr/bin/setsid /usr/sbin/pppd pty '/usr/sbin/pppoe -p .pppoe -I
> > eth0
> > > -T
> > > > > -m
> > > > > > ' noipdefault noauth defaultroute hide-password nodetach  local
> mtu
> > > 1492
> > > > > mru
> > > > > > 1492 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp
> user
> > > > > > fubardude at bellatlantic.net lcp-echo-interval 30 lcp-echo-failure 4
> > > debug
> > > > > > 
> > > > > > because the "lcp-echo-interval 30 lcp-echo-failure 4" args weren't
> > > > beeing
> > > > > > filled in by the standard startup script.  I believe that this is
> > why
> > > > > > I have to use poff -a to shutdown pppoe, and that that's why the
> > rmmod
> > > > > > ppp call fails (i.e. poff -a doesn't teardown correctly).  
> > > > > > 
> > > > > > I know that this is a lot of vague clues, but if anyone could
> > suggest
> > > > > > some line of attack on this problem, I'd be very grateful.
> > > > > > 
> > > > > > ----
> > > > > > Ralph Winslow		Operations/Support/Tools
> > > > > > (908)575-8567 x276
> > > > > > 
> > > > > > _______________________________________________
> > > > > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > > > > List services provided by www.schulteconsulting.com!
> > > > > > 
> > > > > 
> > > > > ----
> > > > > Ralph Winslow		Operations/Support/Tools
> > > > > (908)575-8567 x276
> > > > > 
> > > > 
> > > > ----
> > > > Ralph Winslow		Operations/Support/Tools
> > > > (908)575-8567 x276
> > > > 
> > > 
> > > ----
> > > Ralph Winslow		Operations/Support/Tools
> > > (908)575-8567 x276
> > > 
> > 
> > ----
> > Ralph Winslow		Operations/Support/Tools
> > (908)575-8567 x276
> > 
> 
> ----
> Ralph Winslow		Operations/Support/Tools
> (908)575-8567 x276
> 

----
Ralph Winslow		Operations/Support/Tools
(908)575-8567 x276




From david.jones at mma1.com  Thu Nov 16 08:27:12 2000
From: david.jones at mma1.com (David Jones)
Date: Thu, 16 Nov 2000 09:27:12 -0500
Subject: [pptp-server] Netware 5 connectivity using PPTP
Message-ID: <001201c04fd9$503f5800$a1c809c0@mma1.com>

Hi all,

I am running pptpd on a RedHat Linux box.  I can successfully login to this box from my home using my personal ISP account.  After I connect, I am able to telnet to all other Linux boxes that I have (behind a firewall), so that works great.  I also have some Netware 5 boxes on my network running tcp/ip, but I am unable to see these servers in network neighborhood, or if I start up the Novell client software and attempt to browse for my tree...still nothing.  Has anyone had any experience with this?

Also, I noticed after I make the connection to the pptp server, I can run winipcfg and check out the ip address that the server is assigning me.  When I do, the gateway setting is the same as my ip address for my ppp adapter.  So after I make the connection to the pptp server, I no longer have access to internet resources until I disconnect from the pptp server.  Is there any way to set a different gateway ip address for this connection?

Any help on either of these problems would be greatly appreciated.

David Jones
david.jones at mma1.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001116/70da8513/attachment.html>

From phil at vibrationresearch.com  Thu Nov 16 09:07:01 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Thu, 16 Nov 2000 10:07:01 -0500
Subject: [pptp-server] Netware 5 connectivity using PPTP
In-Reply-To: <001201c04fd9$503f5800$a1c809c0@mma1.com>
Message-ID: <000401c04fde$df4ddd50$4500a8c0@vibrationresearch.com>

> Also, I noticed after I make the connection to the pptp server,
> I can run winipcfg and check out the ip address that the server
> is assigning me.  When I do, the gateway setting is the same as
> my ip address for my ppp adapter.  So after I make the connection
> to the pptp server, I no longer have access to internet resources
> until I disconnect from the pptp server.  Is there any way to set
> a different gateway ip address for this connection?

In the TCP Settings dialog box for your VPN connection, uncheck the "Use
default gateway on remote network" checkbox.  When this box is checked, all
internet traffic will get routed through the VPN connection.  When
unchecked, you defaultroute is not changed.

Phil



From nicolas.lienard at internet-telecom.net  Thu Nov 16 10:42:30 2000
From: nicolas.lienard at internet-telecom.net (Nicolas LIENARD)
Date: Thu, 16 Nov 2000 17:42:30 +0100
Subject: [pptp-server] Netware 5 connectivity using PPTP
Message-ID: <002b01c04fec$374ddde0$669bfea9@nanard>

unsubscribe

-----Message d'origine-----
De : David Jones <david.jones at mma1.com>
? : pptp-server at lists.schulte.org <pptp-server at lists.schulte.org>
Date : jeudi 16 novembre 2000 15:39
Objet : [pptp-server] Netware 5 connectivity using PPTP


Hi all,

I am running pptpd on a RedHat Linux box.  I can successfully login to this
box from my home using my personal ISP account.  After I connect, I am able
to telnet to all other Linux boxes that I have (behind a firewall), so that
works great.  I also have some Netware 5 boxes on my network running tcp/ip,
but I am unable to see these servers in network neighborhood, or if I start
up the Novell client software and attempt to browse for my tree...still
nothing.  Has anyone had any experience with this?

Also, I noticed after I make the connection to the pptp server, I can run
winipcfg and check out the ip address that the server is assigning me.  When
I do, the gateway setting is the same as my ip address for my ppp adapter.
So after I make the connection to the pptp server, I no longer have access
to internet resources until I disconnect from the pptp server.  Is there any
way to set a different gateway ip address for this connection?

Any help on either of these problems would be greatly appreciated.

David Jones
david.jones at mma1.com <mailto:david.jones at mma1.com>





##########################################################
Ce message et toutes ses pi?ces jointes peuvent contenir des informations
confidentielles et/ou prot?g?es. Si vous le recevez par erreur, merci de
prendre contact avec l'exp?diteur par t?l?phone ou mail, et de d?truire le
message et ses pi?ces jointes de votre syst?me imm?diatement sans les
copier ni les transmettre ? une autre personne.

This message and any attachment may contain confidential information. If
you are not the intended recipient, please telephone or email the sender
and delete this message and any attachment from your system immediately
without copying them or disclosing the contents to any other person.
#########################################################






From anesthes at cisdi.com  Thu Nov 16 17:32:29 2000
From: anesthes at cisdi.com (Joey Coco)
Date: Thu, 16 Nov 2000 18:32:29 -0500 (EST)
Subject: [pptp-server] PPTP Client
Message-ID: <Pine.LNX.4.20.0011161831100.5877-100000@cisdi.com>

Hi,

Just curious on some feedback, perhaps a URL.

I have pptp + ssl and all that running on my Linux box's now for incoming
connections. I'd like to establish pptp connections between the box's,
so I can route Ip and IPX traffic securely over the 'net. Does anyone have
a prefered method or client?  Thanks.

-- Joe




From sakuthota at pyxis.net  Fri Nov 17 01:49:45 2000
From: sakuthota at pyxis.net (Sairam A)
Date: Fri, 17 Nov 2000 13:19:45 +0530
Subject: [pptp-server] (no subject)
Message-ID: <NEBBKHCAEMJFEDKFNMICGEINCAAA.sakuthota@pyxis.net>


Thanks & Regards
Sairam .A
Systems Administrator
Pyxis International (India)
Phone : 91+40+6310245 / 6(Work)




From sakuthota at pyxis.net  Fri Nov 17 01:58:22 2000
From: sakuthota at pyxis.net (Sairam A)
Date: Fri, 17 Nov 2000 13:28:22 +0530
Subject: [pptp-server] (no subject)
Message-ID: <NEBBKHCAEMJFEDKFNMICOEINCAAA.sakuthota@pyxis.net>

confirm 636766

Thanks & Regards
Sairam .A
Systems Administrator
Pyxis International (India)
Phone : 91+40+6310245 / 6(Work)




From pellicciotta at coritel.it  Fri Nov 17 03:56:51 2000
From: pellicciotta at coritel.it (Raffaele Pellicciotta)
Date: Fri, 17 Nov 2000 10:56:51 +0100
Subject: [pptp-server] PPTP Client doesn`t expire
Message-ID: <003301c0507c$b5be7aa0$2cf2cdc1@coritel.it>

Hi, I have compiled PPTP linux client 1.0.2 and it works well with a Tunnel server PPTP 1.0.0.
    I have a problem: I am not able to kill PPTP on the client!!!
    How can I disable PPTP client?
    Thanks a lot,
            Raffaele
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001117/21946866/attachment.html>

From ken at themccords.com  Fri Nov 17 12:58:29 2000
From: ken at themccords.com (Ken McCord)
Date: Fri, 17 Nov 2000 10:58:29 -0800
Subject: [pptp-server] DUN 128 Upgrade not Available?
Message-ID: <3A157FD5.44078ACE@themccords.com>

Does anyone have any news on when Microsoft will be re-releasing their
128 bit encryption upgrade for DUN?  I've gone through their site, but
it looks like they've pulled it.  Does anyone know of an alternate
download site for the previous version?

Thanks,

Ken McCord


From pgw99 at doc.ic.ac.uk  Fri Nov 17 10:31:57 2000
From: pgw99 at doc.ic.ac.uk (Philip Willoughby)
Date: Fri, 17 Nov 2000 16:31:57 +0000 (GMT)
Subject: [pptp-server] DUN 128 Upgrade not Available?
In-Reply-To: <3A157FD5.44078ACE@themccords.com>
Message-ID: <Pine.LNX.4.30.0011171631420.1553-100000@pub.doc.ic.ac.uk>

Today, Ken McCord wrote:

>Does anyone have any news on when Microsoft will be re-releasing their
>128 bit encryption upgrade for DUN?  I've gone through their site, but
>it looks like they've pulled it.  Does anyone know of an alternate
>download site for the previous version?

AFAIK it's now included in IE 5.5.

Philip Willoughby

Email:  pgw99 at doc.ic.ac.uk             |           I reserve the right
ICQ#:   53659369                       |           to drink free beer.



From phil at vibrationresearch.com  Fri Nov 17 11:10:18 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Fri, 17 Nov 2000 12:10:18 -0500
Subject: [pptp-server] DUN 128 Upgrade not Available?
In-Reply-To: <3A157FD5.44078ACE@themccords.com>
Message-ID: <001701c050b9$42ecf050$4500a8c0@vibrationresearch.com>

Where can I find the various Microsoft Dial-Up Networking updates?

	Win95:

http://www.microsoft.com/NTServer/nts/downloads/recommended/dun13win95/sysre
q.asp

http://www.microsoft.com/windows95/downloads/contents/WURecommended/S_WUNetw
orking/vpn/Default.asp

	Win98:
	 http://www.microsoft.com/NTServer/nts/downloads/recommended/dun13win98.asp

http://www.microsoft.com/windows98/downloads/contents/WURecommended/S_WUNetw
orking/VPN/Default.asp

	Win98 128-bit update:
	 I have gotten Win98 to work at 128-bits by first applying the above
	 two patches, making a backup of c:\windows\system\pppmac.vxd,
	 extracting the pppmac.vxd from the msdun128.exe update for Win98SE,
	 and putting that version of pppmac.vxd in c:\windows\system.  After
	 doing this, you must reboot the computer to get Windows to use the
	 new version.  The version should be 4.10.2222 with Internal Name
	 "PPPMAC (US/Canada Only, Not for Export)"
	 You can use WinZip to view and extract individual files from the
	 msdun128.exe file.

	Win98SE 128-bit update (not currently available?):

http://www.microsoft.com/Windows98/downloads/contents/WURecommended/S_WUNetw
orking/DUN128/default.asp
	 using FTP search (the file is msdun128.exe, md5sum is
8add40723d652557232a1a09917c924c)

http://ftpsearch.lycos.com/cgi-bin/search?type=Case+insensitive+substring+ma
tch&query=msdun128&form=medium

	128-bit updates (not currently available?):
	 http://support.microsoft.com/Support/NTServer/128Eula.asp


> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Ken McCord
> Sent: Friday, November 17, 2000 1:58 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] DUN 128 Upgrade not Available?
>
>
> Does anyone have any news on when Microsoft will be re-releasing their
> 128 bit encryption upgrade for DUN?  I've gone through their site, but
> it looks like they've pulled it.  Does anyone know of an alternate
> download site for the previous version?
>
> Thanks,
>
> Ken McCord
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>



From kenny at digitalrebel.org  Fri Nov 17 18:26:16 2000
From: kenny at digitalrebel.org (Kenneth E. Lussier)
Date: Fri, 17 Nov 2000 19:26:16 -0500
Subject: [pptp-server] DUN 128 Upgrade not Available?
References: <001701c050b9$42ecf050$4500a8c0@vibrationresearch.com>
Message-ID: <3A15CCA8.CA820A22@digitalrebel.org>

You can also get the 128-bit updates via the Windows Update website @
http://windowsupdate.microsoft.com.

FYI,

Kenny 

Philip Van Baren wrote:
> 
> Where can I find the various Microsoft Dial-Up Networking updates?
> 
>         Win95:
> 
> http://www.microsoft.com/NTServer/nts/downloads/recommended/dun13win95/sysre
> q.asp
> 
> http://www.microsoft.com/windows95/downloads/contents/WURecommended/S_WUNetw
> orking/vpn/Default.asp
> 
>         Win98:
>          http://www.microsoft.com/NTServer/nts/downloads/recommended/dun13win98.asp
> 
> http://www.microsoft.com/windows98/downloads/contents/WURecommended/S_WUNetw
> orking/VPN/Default.asp
> 
>         Win98 128-bit update:
>          I have gotten Win98 to work at 128-bits by first applying the above
>          two patches, making a backup of c:\windows\system\pppmac.vxd,
>          extracting the pppmac.vxd from the msdun128.exe update for Win98SE,
>          and putting that version of pppmac.vxd in c:\windows\system.  After
>          doing this, you must reboot the computer to get Windows to use the
>          new version.  The version should be 4.10.2222 with Internal Name
>          "PPPMAC (US/Canada Only, Not for Export)"
>          You can use WinZip to view and extract individual files from the
>          msdun128.exe file.
> 
>         Win98SE 128-bit update (not currently available?):
> 
> http://www.microsoft.com/Windows98/downloads/contents/WURecommended/S_WUNetw
> orking/DUN128/default.asp
>          using FTP search (the file is msdun128.exe, md5sum is
> 8add40723d652557232a1a09917c924c)
> 
> http://ftpsearch.lycos.com/cgi-bin/search?type=Case+insensitive+substring+ma
> tch&query=msdun128&form=medium
> 
>         128-bit updates (not currently available?):
>          http://support.microsoft.com/Support/NTServer/128Eula.asp
> 
> > -----Original Message-----
> > From: pptp-server-admin at lists.schulte.org
> > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Ken McCord
> > Sent: Friday, November 17, 2000 1:58 PM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] DUN 128 Upgrade not Available?
> >
> >
> > Does anyone have any news on when Microsoft will be re-releasing their
> > 128 bit encryption upgrade for DUN?  I've gone through their site, but
> > it looks like they've pulled it.  Does anyone know of an alternate
> > download site for the previous version?
> >
> > Thanks,
> >
> > Ken McCord
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> >
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!


From frankh at mwes.com  Fri Nov 17 18:25:50 2000
From: frankh at mwes.com (Frank)
Date: Fri, 17 Nov 2000 18:25:50 -0600
Subject: [pptp-server] This used to work
Message-ID: <D65313F86BE0D111A9CA00E029213AC6239DC0@SERVER>

Hi all,

Now that we have our permanent DSL connection it seems that my previously
working VPN is no longer (working). My Win2000 client gets error 619: The
specified port is not connected.

I have ports 1723 and 47 turned on in our DSL modem.

I do have 'Enable LCP extensions' checked on the client.

It looks like it's getting in OK, just not negotiating something correctly.

Any and all ideas welcome.

Thanks,
Frank Holt
frankh at mwes.com

The pptpd.log has this in it:
Nov 17 18:03:10 firewall pptpd[3505]: MGR: Launching
/usr/local/sbin/pptpctrl to handle client
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: local address = 192.168.1.6
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: remote address = 192.168.1.6
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: pppd speed = 115200
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Client 169.207.132.183 control
connection started
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Received PPTP Control Message
(type: 1)
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Made a START CTRL CONN RPLY
packet
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: I wrote 156 bytes to the client.
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Sent packet to client
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Received PPTP Control Message
(type: 7)
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Set parameters to 1525 maxbps,
64 window size
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Made a OUT CALL RPLY packet
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Starting call (launching pppd,
opening GRE)
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: pty_fd = 4
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: tty_fd = 5
Nov 17 18:03:11 firewall pptpd[3506]: CTRL (PPPD Launcher): Connection speed
= 115200
Nov 17 18:03:11 firewall pptpd[3506]: CTRL (PPPD Launcher): local address =
192.168.1.6
Nov 17 18:03:11 firewall pptpd[3506]: CTRL (PPPD Launcher): remote address =
192.168.1.6
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: I wrote 32 bytes to the client.
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Sent packet to client
Nov 17 18:03:11 firewall pppd[3506]: pppd 2.4.0 started by root, uid 0
Nov 17 18:03:11 firewall pppd[3506]: Using interface ppp0
Nov 17 18:03:11 firewall pppd[3506]: Connect: ppp0 <--> /dev/pts/1
Nov 17 18:03:11 firewall pppd[3506]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x407770ff> <pcomp> <accomp>]
Nov 17 18:03:11 firewall modprobe: modprobe: Can't locate module
char-major-108
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Received PPTP Control Message
(type: 15)
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Got a SET LINK INFO packet with
standard ACCMs
Nov 17 18:03:14 firewall pppd[3506]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x407770ff> <pcomp> <accomp>]
Nov 17 18:03:38 firewall last message repeated 8 times
Nov 17 18:03:41 firewall pppd[3506]: LCP: timeout sending Config-Requests 
Nov 17 18:03:41 firewall pptpd[353]: MGR: Reaped child 3505
Nov 17 18:03:41 firewall pptpd[3505]: GRE:
read(fd=4,buffer=804daa0,len=8196) from PTY failed: status = -1 error =
Input/output error
Nov 17 18:03:41 firewall pptpd[3505]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
Nov 17 18:03:41 firewall pptpd[3505]: CTRL: Client 169.207.132.183 control
connection finished
Nov 17 18:03:41 firewall pptpd[3505]: CTRL: Exiting now
Nov 17 18:03:41 firewall pppd[3506]: Connection terminated.
Nov 17 18:03:41 firewall pppd[3506]: Exit.

Frank Holt                                            Phone: (414) 327-0000
Project Engineer                                       Fax: (414) 327-8821
Midwest Engineering Systems, Inc            e-mail: frankh at mwes.com



From SNguyen at pdit.com  Sat Nov 18 03:26:34 2000
From: SNguyen at pdit.com (SNguyen at pdit.com)
Date: Sat, 18 Nov 2000 01:26:34 -0800
Subject: [pptp-server] (no subject)
Message-ID: <BC4709F68AD10E488944BE07FC55712175B6@Monster.i.pdit.com>

Hello all, 

I am using Debian 2.2 and I got the PPTPD installed but however when the
client connect to it, I get this error:

"Disconnected.  Error 619.  The specified port is not connected."

Anyone know what did I do wrong?

Is pptpd suppose to listen on port 47 and 1723?  When I did netstat and look
for either port, I only see it listen on port 1723.  Am I missing anything?
Thanks all.

Steve



From SNguyen at pdit.com  Sat Nov 18 03:41:24 2000
From: SNguyen at pdit.com (SNguyen at pdit.com)
Date: Sat, 18 Nov 2000 01:41:24 -0800
Subject: [pptp-server] Error 619
Message-ID: <BC4709F68AD10E488944BE07FC55712175B8@Monster.i.pdit.com>

Hello all, 

I am using Debian 2.2 and I got the PPTPD installed but however when the
client connect to it, I get this error:

"Disconnected.  Error 619.  The specified port is not connected."

Anyone know what did I do wrong?

Is pptpd suppose to listen on port 47 and 1723?  When I did netstat and look
for either port, I only see it listen on port 1723.  Am I missing anything?
Thanks all.

Steve



From Steve.Cowles at infohiiway.com  Sat Nov 18 10:59:05 2000
From: Steve.Cowles at infohiiway.com (Cowles, Steve)
Date: Sat, 18 Nov 2000 10:59:05 -0600
Subject: [pptp-server] Error 619
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE5A0@defiant.infohiiway.com>

> -----Original Message-----
> From: SNguyen at pdit.com [mailto:SNguyen at pdit.com]
> Sent: Saturday, November 18, 2000 3:41 AM
> To: 'pptp-server at lists.schulte.org'
> Subject: [pptp-server] Error 619
> Importance: High
> 
> 
> Hello all, 
> 
> I am using Debian 2.2 and I got the PPTPD installed but 
> however when the client connect to it, I get this error:
> 
> "Disconnected.  Error 619.  The specified port is not connected."
> 
> Anyone know what did I do wrong?
> 
> Is pptpd suppose to listen on port 47 and 1723?  When I did 
> netstat and look for either port, I only see it listen on port
> 1723.  Am I missing anything?
> Thanks all.
> 
> Steve
> 

That should be *protocol* 47 (gre) and port 1723 not port 47 and 1723.

Steve Cowles


From Steve.Cowles at infohiiway.com  Sat Nov 18 11:15:03 2000
From: Steve.Cowles at infohiiway.com (Cowles, Steve)
Date: Sat, 18 Nov 2000 11:15:03 -0600
Subject: [pptp-server] This used to work
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE5A1@defiant.infohiiway.com>

> -----Original Message-----
> From: Frank [mailto:frankh at mwes.com]
> Sent: Friday, November 17, 2000 6:26 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] This used to work
> 
> 
> Hi all,
> 
> Now that we have our permanent DSL connection it seems that 
> my previously working VPN is no longer (working). My Win2000
> client gets error 619: The specified port is not connected.
> 
> I have ports 1723 and 47 turned on in our DSL modem.

*************
That should be protocol 47 (gre) and port 1723 not port 47 and 1723.
*************

> 
> I do have 'Enable LCP extensions' checked on the client.
> 
> It looks like it's getting in OK, just not negotiating 
> something correctly.
> 
> Any and all ideas welcome.
> 
> Thanks,
> Frank Holt
> frankh at mwes.com
> 
> The pptpd.log has this in it:
> Nov 17 18:03:10 firewall pptpd[3505]: MGR: Launching
> /usr/local/sbin/pptpctrl to handle client
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: local address = 
> 192.168.1.6
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: remote address = 
> 192.168.1.6

****************
Why are the local/remote IP addresses the same??? Check pptpd.conf
****************

> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: pppd speed = 115200
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Client 
> 169.207.132.183 control
> connection started
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Received PPTP 
> Control Message
> (type: 1)
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Made a START CTRL 
> CONN RPLY
> packet
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: I wrote 156 bytes 
> to the client.
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Sent packet to client
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Received PPTP 
> Control Message
> (type: 7)
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Set parameters to 
> 1525 maxbps,
> 64 window size
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Made a OUT CALL 
> RPLY packet
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Starting call 
> (launching pppd,
> opening GRE)
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: pty_fd = 4
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: tty_fd = 5
> Nov 17 18:03:11 firewall pptpd[3506]: CTRL (PPPD Launcher): 
> Connection speed
> = 115200
> Nov 17 18:03:11 firewall pptpd[3506]: CTRL (PPPD Launcher): 
> local address =
> 192.168.1.6
> Nov 17 18:03:11 firewall pptpd[3506]: CTRL (PPPD Launcher): 
> remote address =
> 192.168.1.6
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: I wrote 32 bytes 
> to the client.
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Sent packet to client
> Nov 17 18:03:11 firewall pppd[3506]: pppd 2.4.0 started by root, uid 0
> Nov 17 18:03:11 firewall pppd[3506]: Using interface ppp0
> Nov 17 18:03:11 firewall pppd[3506]: Connect: ppp0 <--> /dev/pts/1
> Nov 17 18:03:11 firewall pppd[3506]: sent [LCP ConfReq id=0x1 
> <asyncmap 0x0>
> <auth chap MD5> <magic 0x407770ff> <pcomp> <accomp>]
> Nov 17 18:03:11 firewall modprobe: modprobe: Can't locate module
> char-major-108

*************
If you haven't done so already, add the following to your /etc/conf.modules
file to eliminate the above message and others.

alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
alias tty-ldisc-3     ppp_async
alias tty-ldisc-14    ppp_synctty
alias char-major-108  ppp_generic
*************

> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Received PPTP 
> Control Message
> (type: 15)
> Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Got a SET LINK 
> INFO packet with
> standard ACCMs
> Nov 17 18:03:14 firewall pppd[3506]: sent [LCP ConfReq id=0x1 
> <asyncmap 0x0>
> <auth chap MD5> <magic 0x407770ff> <pcomp> <accomp>]
> Nov 17 18:03:38 firewall last message repeated 8 times
> Nov 17 18:03:41 firewall pppd[3506]: LCP: timeout sending 
> Config-Requests 
> Nov 17 18:03:41 firewall pptpd[353]: MGR: Reaped child 3505
> Nov 17 18:03:41 firewall pptpd[3505]: GRE:
> read(fd=4,buffer=804daa0,len=8196) from PTY failed: status = 
> -1 error =
> Input/output error
> Nov 17 18:03:41 firewall pptpd[3505]: CTRL: PTY read or GRE 
> write failed
> (pty,gre)=(4,5)
> Nov 17 18:03:41 firewall pptpd[3505]: CTRL: Client 
> 169.207.132.183 control
> connection finished
> Nov 17 18:03:41 firewall pptpd[3505]: CTRL: Exiting now
> Nov 17 18:03:41 firewall pppd[3506]: Connection terminated.
> Nov 17 18:03:41 firewall pppd[3506]: Exit.
> 


From Steve.Cowles at infohiiway.com  Sat Nov 18 12:07:23 2000
From: Steve.Cowles at infohiiway.com (Cowles, Steve)
Date: Sat, 18 Nov 2000 12:07:23 -0600
Subject: [pptp-server] ppp_mppe
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE5A2@defiant.infohiiway.com>

> -----Original Message-----
> From: Ralph Winslow [mailto:ralphw at cnet.com]
> Sent: Thursday, November 16, 2000 6:28 AM
> To: George Vieira
> Cc: pptp-server at lists.schulte.org
> Subject: RE: [pptp-server] ppp_mppe
> 
> When on Wed, 15 Nov 2000, George Vieira wrote, I replied:
> 
> Here's what I've tried:
> 
> root at rjw# locate mppe.o
> /lib/modules/2.2.16-storm/net/mppe.o
> /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/ppp_mppe.o
> /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/.ppp_mppe.o.flags
> /usr/src/ppp-2.3.8/pppd/mppe.o
> root at rjw#  locate emu10k1.o
> /lib/modules/2.2.16-storm.old/misc/emu10k1.o
> /lib/modules/2.2.16-storm/misc/emu10k1.o
> root at rjw# insmod /usr/src/ppp-2.3.8/pppd/mppe.o
> /usr/src/ppp-2.3.8/pppd/mppe.o: couldn't find the kernel 
> version the module was compiled for
> root at rjw# insmod 
> /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/ppp_mppe.o
> /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/ppp_mppe.o
> : couldn't find the kernel version the module was compiled for
> root at rjw# cp 
> /usr/src/kernel-source-2.2.16-storm-ide/drivers/net/ppp_mppe.o
>  /lib/modules/2.2.16-storm/net
> root at rjw# insmod ppp_mppe.o
> ppp_mppe.o: ppp_mppe.o: No such file or directory
> 
> I'm puzzled and chagrined.
> 

This may have already been covered in previuos posts (huge thread), but...

If your kernel is compiled properly, this module (ppp_mppe.o) should load
automatically when you establish a PPTP tunnel. There should be no reason to
load manually. Plus the error that you are getting is a mis-match with your
kernel version vs. the modules version. 

When you applied the mppe patch, did you...

1) Compile a new kernel?
2) Copy the new compiled kernel to the boot area defined in lilo.conf? i.e.
/boot
3) Update the boot sector? i.e. As root: # lilo 
4) Execute "make modules-install" after compiling the modules. The
ppp_mppe.o module should end up in /lib/modules/<kernel-version>/net. At
least thats where mine ended up.
5) Add the appropiate module aliases to /etc/conf.modules?
alias eth0 3c59x
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
alias tty-ldisc-3     ppp_async
alias tty-ldisc-14    ppp_synctty
alias char-major-108  ppp_generic

Module listing before a PPTP connect from my W2k system.

[scowles at voyager linux]$ lsmod
Module                  Size  Used by
ntfs                   35712   0  (autoclean)
3c59x                  19496   1  (autoclean)
[scowles at voyager linux]$

Module listing after a PPTP connect from my W2k system (with data encryption
enabled)

[scowles at voyager linux]$ lsmod
Module                  Size  Used by
ppp_deflate            40536   0  (autoclean)
ppp_mppe               13572   2  (autoclean)
bsd_comp                3620   0  (autoclean)
ntfs                   35712   0  (autoclean)
3c59x                  19496   1  (autoclean)
[scowles at voyager linux]$ 

**** Cut/paste from /var/log/messages *****

Nov 18 11:54:18 voyager pppd[11629]: pppd 2.3.11 started by root, uid 0
Nov 18 11:54:18 voyager pppd[11629]: Using interface ppp0
Nov 18 11:54:18 voyager pppd[11629]: Connect: ppp0 <--> /dev/pts/4
Nov 18 11:54:18 voyager pptpd[11628]: CTRL: Ignored a SET LINK INFO packet
with real ACCMs!
Nov 18 11:54:19 voyager kernel: PPP BSD Compression module registered 
Nov 18 11:54:19 voyager kernel: PPP MPPE compression module registered 
Nov 18 11:54:19 voyager kernel: PPP Deflate Compression module registered 
Nov 18 11:54:19 voyager pppd[11629]: MSCHAP-v2 peer authentication succeeded
for scowles

*** Note that the kernel registered (insmod) the ppp_mppe module. ***
 
Nov 18 11:54:19 voyager pppd[11629]: found interface eth0 for proxy arp
Nov 18 11:54:19 voyager pppd[11629]: local  IP address 192.168.9.4
Nov 18 11:54:19 voyager pppd[11629]: remote IP address 192.168.9.100
Nov 18 11:54:25 voyager pppd[11629]: MPPE 128 bit, stateless compression
enabled


From drjchris at yahoo.com  Sun Nov 19 23:16:31 2000
From: drjchris at yahoo.com (Chris Carella)
Date: Sun, 19 Nov 2000 21:16:31 -0800 (PST)
Subject: [pptp-server] Network Neighborhood Unreliable
Message-ID: <20001120051631.5498.qmail@web9705.mail.yahoo.com>

My PoPToP server is working great. When I specified
the network's (NT) WINS server in the options file, I
can even browse the network using Network
Neighborhood. This is the problem I am running into
though.

When I connect with the client, I can use Network
Neighborhood great. If I disconnect and connect again,
I can't see anything... anyone run into similar
problems, or have a solution?

Christopher Carella

__________________________________________________
Do You Yahoo!?
Yahoo! Calendar - Get organized for the holidays!
http://calendar.yahoo.com/


From frankh at mwes.com  Mon Nov 20 12:07:48 2000
From: frankh at mwes.com (Frank)
Date: Mon, 20 Nov 2000 12:07:48 -0600
Subject: [pptp-server] re: Error 619
Message-ID: <D65313F86BE0D111A9CA00E029213AC6239DC4@SERVER>

I'm having the same problem. There seems to be something wrong with LCP.
Just what is this LCP stuff?

In particular my logs contain:
Nov 17 18:03:10 firewall pptpd[3505]: MGR: Launching
/usr/local/sbin/pptpctrl to handle client
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: local address = 192.168.1.6
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: remote address = 192.168.1.6
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: pppd speed = 115200
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Client 169.207.132.183 control
connection started
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Received PPTP Control Message
(type: 1)
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Made a START CTRL CONN RPLY
packet
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: I wrote 156 bytes to the client.
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Sent packet to client
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Received PPTP Control Message
(type: 7)
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Set parameters to 1525 maxbps,
64 window size
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Made a OUT CALL RPLY packet
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Starting call (launching pppd,
opening GRE)
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: pty_fd = 4
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: tty_fd = 5
Nov 17 18:03:11 firewall pptpd[3506]: CTRL (PPPD Launcher): Connection speed
= 115200
Nov 17 18:03:11 firewall pptpd[3506]: CTRL (PPPD Launcher): local address =
192.168.1.6
Nov 17 18:03:11 firewall pptpd[3506]: CTRL (PPPD Launcher): remote address =
192.168.1.6
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: I wrote 32 bytes to the client.
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Sent packet to client
Nov 17 18:03:11 firewall pppd[3506]: pppd 2.4.0 started by root, uid 0
Nov 17 18:03:11 firewall pppd[3506]: Using interface ppp0
Nov 17 18:03:11 firewall pppd[3506]: Connect: ppp0 <--> /dev/pts/1
Nov 17 18:03:11 firewall pppd[3506]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x407770ff> <pcomp> <accomp>]
Nov 17 18:03:11 firewall modprobe: modprobe: Can't locate module
char-major-108
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Received PPTP Control Message
(type: 15)
Nov 17 18:03:11 firewall pptpd[3505]: CTRL: Got a SET LINK INFO packet with
standard ACCMs
Nov 17 18:03:14 firewall pppd[3506]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth chap MD5> <magic 0x407770ff> <pcomp> <accomp>]
Nov 17 18:03:38 firewall last message repeated 8 times
Nov 17 18:03:41 firewall pppd[3506]: LCP: timeout sending Config-Requests 
Nov 17 18:03:41 firewall pptpd[353]: MGR: Reaped child 3505
Nov 17 18:03:41 firewall pptpd[3505]: GRE:
read(fd=4,buffer=804daa0,len=8196) from PTY failed: status = -1 error =
Input/output error
Nov 17 18:03:41 firewall pptpd[3505]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)
Nov 17 18:03:41 firewall pptpd[3505]: CTRL: Client 169.207.132.183 control
connection finished
Nov 17 18:03:41 firewall pptpd[3505]: CTRL: Exiting now
Nov 17 18:03:41 firewall pppd[3506]: Connection terminated.
Nov 17 18:03:41 firewall pppd[3506]: Exit.


> -----Original Message-----
> From:	Cowles, Steve [SMTP:Steve.Cowles at infohiiway.com]
> Sent:	Saturday, November 18, 2000 10:59 AM
> To:	'pptp-server at lists.schulte.org'
> Subject:	RE: [pptp-server] Error 619
> 
> > -----Original Message-----
> > From: SNguyen at pdit.com [mailto:SNguyen at pdit.com]
> > Sent: Saturday, November 18, 2000 3:41 AM
> > To: 'pptp-server at lists.schulte.org'
> > Subject: [pptp-server] Error 619
> > Importance: High
> > 
> > 
> > Hello all, 
> > 
> > I am using Debian 2.2 and I got the PPTPD installed but 
> > however when the client connect to it, I get this error:
> > 
> > "Disconnected.  Error 619.  The specified port is not connected."
> > 
> > Anyone know what did I do wrong?
> > 
> > Is pptpd suppose to listen on port 47 and 1723?  When I did 
> > netstat and look for either port, I only see it listen on port
> > 1723.  Am I missing anything?
> > Thanks all.
> > 
> > Steve
> > 
> 
> That should be *protocol* 47 (gre) and port 1723 not port 47 and 1723.
> 
> Steve Cowles
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

Frank Holt                                            Phone: (414) 327-0000
Project Engineer                                       Fax: (414) 327-8821
Midwest Engineering Systems, Inc            e-mail: frankh at mwes.com



From phil at vibrationresearch.com  Mon Nov 20 12:49:00 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Mon, 20 Nov 2000 13:49:00 -0500
Subject: [pptp-server] re: Error 619
In-Reply-To: <D65313F86BE0D111A9CA00E029213AC6239DC4@SERVER>
Message-ID: <003f01c05322$8b73f600$4500a8c0@vibrationresearch.com>

LCP is Link Control Protocol, and is what is used to establish and control
the PPP link.  The server machine is sending configuration requests out, but
never gets a response.  This commonly caused by firewalls blocking traffic
using the GRE protocol.


From rbowen at magicstaff.com  Mon Nov 20 15:05:11 2000
From: rbowen at magicstaff.com (Ricky Bowen)
Date: Mon, 20 Nov 2000 13:05:11 -0800
Subject: [pptp-server] redhat 6.2 firewall to win2k forwarding problems
Message-ID: <000001c05335$92d1a9c0$b00110ac@magicstaff.com>

Hello all,

I'm having some trouble getting my RH Linux 6.2 firewall to forward to my
internal Win2k pptp server. I've pinpointed the problem at the firewall,
because clients that are on the internal network can connect fine to the
Win2k machine.

I'm testing this with a Win2k client. What happens, is that it connects, but
authentication fails, to me that means that GRE is failing, right? I get
"Error 721: The remote computer is not responding."

My FW is setup as so:

ipchains:
-A input -s 0.0.0.0/0.0.0.0 -d external-ip/255.255.255.255 1723:1723 -p 6 -j
ACCEPT -l -i eth2
-A input -s 0.0.0.0/0.0.0.0 -d external-ip/255.255.255.255 -p 47 -j
ACCEPT -l -i eth2
-A forward -s 172.16.1.250/255.255.255.255 1723:1723 -d 0.0.0.0/0.0.0.0 -p
6 -j MASQ -l -i eth2
-A forward -s 172.16.1.250/255.255.255.255 -d 0.0.0.0/0.0.0.0 -p 47 -j
MASQ -l -i eth2

and my rc.local:
/usr/local/sbin/ipfwd --masq 172.16.1.250 47 &
/usr/sbin/ipmasqadm portfw -a -P tcp -L external-ip 1723 -R 172.16.1.250
1723

My kernel is setup with the following:

CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_NETLINK=y
CONFIG_NETLINK_DEV=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_MASQUERADE=y
CONFIG_IP_MASQUERADE_ICMP=y
CONFIG_IP_MASQUERADE_MOD=y
CONFIG_IP_MASQUERADE_IPAUTOFW=y
CONFIG_IP_MASQUERADE_IPPORTFW=y
CONFIG_IP_MASQUERADE_MFW=y
CONFIG_IP_MASQUERADE_PPTP=y
DEBUG_IP_MASQUERADE_PPTP=y
DEBUG_IP_MASQUERADE_PPTP_VERBOSE=y
CONFIG_IP_ROUTER=y
CONFIG_NET_IPIP=y
CONFIG_NET_IPGRE=y

I have tested all the chains with ipchains -C. It seems that everything goes
through the external interface, eth2.

Thanks for the help!

Ricky



From georgev at citadelcomputer.com.au  Mon Nov 20 22:41:18 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Tue, 21 Nov 2000 15:41:18 +1100
Subject: [pptp-server] Out of order packet..
Message-ID: <03F12E3EFB51D311837F0000E860EB493FE8A0@cittech>

Hi all,

I finally found something I didn't notice trying to get mppe compiled into
the kernel. I noticed that this release of RedHat 6.2 already have MS-CHAP
and mppe compiled in.

I thought I'd just try a Win98 client can turn on compression and encryption
to see what happens and I got this which I have no idea where to go next..

----------------------
Nov 21 14:49:20 linuxdev pppd[8364]: pppd 2.3.11 started by root, uid 0
Nov 21 14:49:20 linuxdev pppd[8364]: Using interface ppp0
Nov 21 14:49:20 linuxdev pppd[8364]: Connect: ppp0 <--> /dev/pts/1
Nov 21 14:49:20 linuxdev pptpd[8363]: Buffering out-of-order packet; got 1
after 4294967295
Nov 21 14:49:23 linuxdev pptpd[8363]: Packet reorder timeout waiting for 0
Nov 21 14:49:23 linuxdev pptpd[8363]: Buffering out-of-order packet; got 2
after 0
Nov 21 14:49:23 linuxdev pppd[8364]: No CHAP secret found for authenticating
clstech\\georgev
Nov 21 14:49:23 linuxdev pppd[8364]: MSCHAP-v2 peer authentication failed
for remote host clstech\\georgev
Nov 21 14:49:23 linuxdev pppd[8364]: Connection 
----------------------

What's the Buffering out-of -order packet error? Is this something I have
set on the client? Or is there something in the kernel that still needs
patching as I have had hell trying to patch the kernel properly...


thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
PGP KeyID:		0x38A9A10C


From phil at vibrationresearch.com  Tue Nov 21 08:49:51 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Tue, 21 Nov 2000 09:49:51 -0500
Subject: [pptp-server] Out of order packet..
In-Reply-To: <03F12E3EFB51D311837F0000E860EB493FE8A0@cittech>
Message-ID: <000501c053ca$4d89ce70$4500a8c0@vibrationresearch.com>

The buffering out-of-order packet message is a result of the packet
reordering code added to 1.1.2, and doesn't indicate any problems.  Your
problem is your /etc/ppp/chap-secrets file does not contain a username
and/or servername match for the incoming request, probably because you
didn't list the domain name with the username in the chap-secrets file.
Note that it is trying to authenticate with the username "clstech\\georgev",
and NOT "georgev".

Phil

P.S.  The reason you are seeing the buffering out-of-order packet messages
there is a "feature" of how this was implemented.  Some clients start the
sequence with 0, some with 1.  Since pptpd is looking for packet 0 first, if
the client starts the sequence with 1 you will get a buffering packet #1
message while it waits for packet #0, then get a packet reorder timeout
message for packet #0 and then the buffering packet #2 message because it
buffers this packet briefly while it processes packet #1.

The PPTP spec is a little ambiguous on this issue, and can arguably be read
to mean that sequence numbers should start with either 0 or 1, so I can't
say which clients are right.  The way pptpd-1.1.2 is implemented it will
work for both cases, but will give these debug messages when the client
starts with sequence number 1.


> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira
> Sent: Monday, November 20, 2000 11:41 PM
> To: PPTP List (E-mail)
> Subject: [pptp-server] Out of order packet..
>
>
> Hi all,
>
> I finally found something I didn't notice trying to get mppe compiled into
> the kernel. I noticed that this release of RedHat 6.2 already have MS-CHAP
> and mppe compiled in.
>
> I thought I'd just try a Win98 client can turn on compression and
> encryption
> to see what happens and I got this which I have no idea where to go next..
>
> ----------------------
> Nov 21 14:49:20 linuxdev pppd[8364]: pppd 2.3.11 started by root, uid 0
> Nov 21 14:49:20 linuxdev pppd[8364]: Using interface ppp0
> Nov 21 14:49:20 linuxdev pppd[8364]: Connect: ppp0 <--> /dev/pts/1
> Nov 21 14:49:20 linuxdev pptpd[8363]: Buffering out-of-order packet; got 1
> after 4294967295
> Nov 21 14:49:23 linuxdev pptpd[8363]: Packet reorder timeout waiting for 0
> Nov 21 14:49:23 linuxdev pptpd[8363]: Buffering out-of-order packet; got 2
> after 0
> Nov 21 14:49:23 linuxdev pppd[8364]: No CHAP secret found for
> authenticating
> clstech\\georgev
> Nov 21 14:49:23 linuxdev pppd[8364]: MSCHAP-v2 peer authentication failed
> for remote host clstech\\georgev
> Nov 21 14:49:23 linuxdev pppd[8364]: Connection
> ----------------------
>
> What's the Buffering out-of -order packet error? Is this something I have
> set on the client? Or is there something in the kernel that still needs
> patching as I have had hell trying to patch the kernel properly...
>
>
> thanks,
> George Vieira
> Network Administrator
> http://www.citadelcomputer.com.au
> PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
> PGP KeyID:		0x38A9A10C
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>



From mfdii at yahoo.com  Tue Nov 21 18:02:32 2000
From: mfdii at yahoo.com (Michael Ducy)
Date: Tue, 21 Nov 2000 16:02:32 -0800 (PST)
Subject: [pptp-server] IP Masq not working after install
Message-ID: <20001122000232.21451.qmail@web108.yahoomail.com>

I installed 1.0.0 on a Linux Mandrake 7.1 box and now
IP Masq is not working. Worked fine before.  I can
ping between both computers, and ping the internet
from the gateway. I removed any lines i edited in
ppp/options and ppp/chap-secrets, still nothing.



__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/


From Daniel.Curry at tsola.com  Tue Nov 21 18:40:23 2000
From: Daniel.Curry at tsola.com (Daniel.Curry at tsola.com)
Date: Tue, 21 Nov 2000 16:40:23 -0800
Subject: [pptp-server] Windows & pptp
Message-ID: <CB2F404A1086D4119F7900B0D049AE520B44FD@mail.tsola.com>

I wish to get my windows and Linux boxen using pptp across the internet. Can
someone point me to web pages with step-by-step setup information about
Win98, NT, 2000, and/or ME to be configured to chatter with a linux PoPToP
server?

Thanks


Daniel Curry                                              Sr. Systems
Engineer
daniel.curry at tsola.com                                              Tsola,
Inc.
650.486.2624                                               Fax:650.486.2650



From shephard at loudcloud.com  Tue Nov 21 22:53:47 2000
From: shephard at loudcloud.com (Gordon Shephard)
Date: Tue, 21 Nov 2000 20:53:47 -0800
Subject: [pptp-server] Client Unable to connect.
Message-ID: <3A1B515B.55F05F6@loudcloud.com>

I have an absolutely pristine log of a Windows NT 4 attempting to connect to PoPToP and failing.

This is what the Linux (Redhat 2.2.16-3) server sees (From the /var/log/pptpd.log)

Nov 21 22:03:21 furball pptpd[11167]: CTRL: Client 204.69.198.44 control connection started
Nov 21 22:03:21 furball pptpd[11167]: CTRL: Starting call (launching pppd, opening GRE)
Nov 21 22:03:21 furball pppd[11168]: pppd 2.3.11 started by root, uid 0
Nov 21 22:03:21 furball pppd[11168]: Using interface ppp2
Nov 21 22:03:21 furball pppd[11168]: Connect: ppp2 <--> /dev/pts/3
Nov 21 22:03:21 furball pppd[11168]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xc316edcf> <pcomp> <accomp>]
Nov 21 22:03:22 furball pppd[11168]: rcvd [LCP ConfReq id=0x0 <magic 0x4185> <pcomp> <accomp> <callback CBCP>]
Nov 21 22:03:22 furball pppd[11168]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Nov 21 22:03:24 furball pppd[11168]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xc316edcf> <pcomp> <accomp>]
Nov 21 22:03:25 furball pppd[11168]: rcvd [LCP ConfReq id=0x0 <magic 0x4185> <pcomp> <accomp> <callback CBCP>]
Nov 21 22:03:25 furball pppd[11168]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Nov 21 22:03:27 furball pppd[11168]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xc316edcf> <pcomp> <accomp>]
Nov 21 22:03:28 furball pppd[11168]: rcvd [LCP ConfReq id=0x0 <magic 0x4185> <pcomp> <accomp> <callback CBCP>]
Nov 21 22:03:28 furball pppd[11168]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Nov 21 22:03:30 furball pppd[11168]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xc316edcf> <pcomp> <accomp>]
Nov 21 22:03:32 furball pppd[11168]: rcvd [LCP ConfReq id=0x0 <magic 0x4185> <pcomp> <accomp> <callback CBCP>]
Nov 21 22:03:32 furball pppd[11168]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Nov 21 22:03:33 furball pppd[11168]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xc316edcf> <pcomp> <accomp>]
Nov 21 22:03:36 furball pppd[11168]: rcvd [LCP ConfReq id=0x0 <magic 0x4185> <pcomp> <accomp> <callback CBCP>]
Nov 21 22:03:36 furball pppd[11168]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Nov 21 22:03:37 furball pppd[11168]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xc316edcf> <pcomp> <accomp>]
Nov 21 22:03:40 furball pppd[11168]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xc316edcf> <pcomp> <accomp>]
Nov 21 22:03:40 furball pppd[11168]: rcvd [LCP ConfReq id=0x0 <magic 0x4185> <pcomp> <accomp> <callback CBCP>]
Nov 21 22:03:40 furball pppd[11168]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Nov 21 22:03:43 furball pppd[11168]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xc316edcf> <pcomp> <accomp>]
Nov 21 22:03:44 furball pppd[11168]: rcvd [LCP ConfReq id=0x0 <magic 0x4185> <pcomp> <accomp> <callback CBCP>]
Nov 21 22:03:44 furball pppd[11168]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Nov 21 22:03:46 furball pppd[11168]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xc316edcf> <pcomp> <accomp>]
Nov 21 22:03:48 furball pppd[11168]: rcvd [LCP ConfReq id=0x0 <magic 0x4185> <pcomp> <accomp> <callback CBCP>]
Nov 21 22:03:48 furball pppd[11168]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Nov 21 22:03:49 furball pppd[11168]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xc316edcf> <pcomp> <accomp>]
Nov 21 22:03:52 furball pppd[11168]: LCP: timeout sending Config-Requests
Nov 21 22:03:52 furball pppd[11168]: Connection terminated.
Nov 21 22:03:52 furball pppd[11168]: Exit.
Nov 21 22:03:52 furball pptpd[11167]: GRE: read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error
Nov 21 22:03:52 furball pptpd[11167]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5)
Nov 21 22:03:52 furball pptpd[11167]: CTRL: Client 204.69.198.44 control connection finished

Anything obvious to be derived from it?

--
Gordon Shephard, Gordon.Shephard at loudcloud.com
Loudcloud, Systems Support
ph: 408-744-7517 fax: 408-744-7379

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001121/4dc6cd69/attachment.html>

From georgev at citadelcomputer.com.au  Wed Nov 22 00:03:06 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Wed, 22 Nov 2000 17:03:06 +1100
Subject: [pptp-server] PPTP 1.1.2 with --prefix=/usr --with-pppd-ip-alloc option enabled
 .
Message-ID: <03F12E3EFB51D311837F0000E860EB493FE8C6@cittech>

Hi all,

I finally got my RedHat 6.2 working with mppe and ended up using the
http://www.vibres.com/pptpd/example.html instructions which worked even
though I had to upgrade my kernel more than just patch it..

I can't seem to work out the IP selection though. I did have this working
but now it's gone into a spin.

I am now getting LocalIP as 192.168.0.2 and the remote IP as whatever the
user gets which is anything between 10.10.0.129-140.
But the local IP is suppose to be 10.10.0.2

Where is it getting this IP from?

/etc/pptp.conf
option /etc/ppp/options.pptpd
debug
listen 201.x.x.x
pidfile /var/run/pptpd.pid
/etc/ppp/options.pptpd
debug
mru 1450
mtu 1450
auth
name firewall
require-chap
proxyarp
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
ms-dns 201.x.x.x
10.10.0.2:

/etc/ppp/chap-secrets
domain\\georgev                *       password                10.10.0.130
DOMAIN\\georgev                *       password                10.10.0.131


thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
PGP KeyID:		0x38A9A10C


From mlist at molinette.piemonte.it  Wed Nov 22 04:50:09 2000
From: mlist at molinette.piemonte.it (mlist at molinette.piemonte.it)
Date: Wed, 22 Nov 2000 11:50:09 +0100
Subject: [pptp-server] =?iso-8859-1?B?cHB0cC1zZXJ2ZXIgLS0gY29uZmlybWF0aW9uIG9mIHN1YnNjcmlwdGlv?=
 =?iso-8859-1?B?biAtLSByZXF1ZXN0IDM0MjE1NA==?=
Message-ID: <20001122.AAA974890167@molinette.piemonte.it>

confirm 342154



Do you know MailStudio @MESSAGE? Powered by 3R Soft, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001122/d90c4f6b/attachment.html>

From djm at mindrot.org  Thu Nov 23 18:55:27 2000
From: djm at mindrot.org (Damien Miller)
Date: Fri, 24 Nov 2000 11:55:27 +1100 (EST)
Subject: [pptp-server] Authentication against an NT domain
Message-ID: <Pine.LNX.4.21.0011241144580.2933-100000@mothra.mindrot.org>

I have seen several messages in the archive asking how PoPToP can be set
up to authenticate against an NT domain, but have not seen an answer.
We are trying to set up a system of PPTP VPNs (i.e with encryption) 
authenticated against an internal NT domain server.

I understand that one cannot use the 'normal' approach of a pam_smb 
module because the password is hashed for CHAP/MSCHAP.

There was some talk in the thread starting with 
http://lists2.schulte.org/pipermail/pptp-server/2000-July/002790.html
about a modified pppd which could read and use password hashes retrieved
from an LDAP database. Did anything come of this?

Any assistance would be greatly appreciated.

TIA,
Damien Miller

-- 
| ``We've all heard that a million monkeys banging on | Damien Miller -
| a million typewriters will eventually reproduce the | <djm at mindrot.org>
| works of Shakespeare. Now, thanks to the Internet, / 
| we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org





From brett at simplynet.net  Fri Nov 24 02:22:39 2000
From: brett at simplynet.net (Brett)
Date: Fri, 24 Nov 2000 02:22:39 -0600
Subject: [pptp-server] ppp compile errors for slackware
Message-ID: <000501c055ef$b6effde0$0650afcf@simplynet.net>

Ok I have sifted through all the posted e-mails and could not find an answer
to this question.  Has anyone ever ran into this error when compiling ppp
for slackware 7.0:

         extra_crypto.o: In function `DesEncrypt':
            /root/vpn/ppp-2.3.11/pppd/extra_crypto.c:141: undefined
reference to `setkey'
            /root/vpn/ppp-2.3.11/pppd/extra_crypto.c:144: undefined
reference to `encrypt'
            collect2: ld returned 1 exit status
            make[1]: *** [pppd] Error 1
            make[1]: Leaving directory `~/ppp-2.3.11/pppd'
            make: *** [all] Error 2

I have followed the setup instructions step by step and applied all the
patches but I continue to run into this error regardless.  Any ideas would
be greatly appreciated.

Thanks
Brett



From david.landgren at bpinet.com  Fri Nov 24 05:31:35 2000
From: david.landgren at bpinet.com (David LANDGREN)
Date: Fri, 24 Nov 2000 12:31:35 +0100
Subject: [pptp-server] Getting started on OpenBSD
Message-ID: <C12569A1.003F5175.00@Brehat.bpinet.com>

Hello,

I'm wrestling with pptp on an OpenBSD box and not getting very far. An
incoming client does this (IP addresses changed to protect the innocent...)
:

Nov 23 18:44:07 modez pptpd[20954]: MGR: No free connection slots or IPs -
no more clients can connect!
Nov 23 18:44:07 modez pptpd[20323]: CTRL: Client x.y.41.190 control
connection started
Nov 23 18:44:07 modez pptpd[20323]: CTRL: Starting call (launching pppd,
opening GRE)
Nov 23 18:44:07 modez pppd[15152]: pppd 2.3.5 started by dlandgre, uid 0
Nov 23 18:44:07 modez pppd[15152]: Using interface ppp0
Nov 23 18:44:07 modez pppd[15152]: Connect: ppp0 <--> /dev/ttyp0
Nov 23 18:44:37 modez pptpd[20323]: CTRL: Error with select(), quitting
Nov 23 18:44:37 modez pptpd[20323]: CTRL: Client x.y.41.190 control
connection finished
Nov 23 18:44:37 modez pppd[15152]: Modem hangup
Nov 23 18:44:37 modez pppd[15152]: Connection terminated.
Nov 23 18:44:37 modez pppd[15152]: Exit.

I'm a bit puzzled by the "No free connection slots" as my pptpd.conf, in
its entirety is

pidfile /var/run/pptpd.pid
speed 115200
option /etc/ppp/options
debug
localip 192.168.254.1-254
remoteip x.y.41.1-254

/etc/ppp/options looks like this:

debug
name modez
auth
require-chap
proxyarp

/etc/ppp/ppp.conf is a bit of a mess... I just fiddled with the sample conf
file but I need to hit with a cluestick. I really don't know what it should
look like.

Any help would be much appreciated.

Thanks,
David




From phil at vibrationresearch.com  Fri Nov 24 08:38:56 2000
From: phil at vibrationresearch.com (Phil Van Baren)
Date: Fri, 24 Nov 2000 09:38:56 -0500
Subject: [pptp-server] Getting started on OpenBSD
In-Reply-To: <C12569A1.003F5175.00@Brehat.bpinet.com>
Message-ID: <000801c05624$4698bc00$56108318@mw.mediaone.net>

Did you configure PoPToP using the command:
	./configure --with-bsdppp

Also, check out the FreeBSD PPTP HOWTO at:
	http://heyer.supranet.net/pptp/

The remoteip options should not be x.y.41.1-254.  This is NOT a list of IPs
that you will allow connection from.  This is the list of IPs that get
assigned to the ppp interface of the machine making the connection.  More
likely, you want something like:
	localip 192.168.254.1
	remoteip 192.168.254.2-254

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of David LANDGREN
> Sent: Friday, November 24, 2000 6:32 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Getting started on OpenBSD
>
>
> Hello,
>
> I'm wrestling with pptp on an OpenBSD box and not getting very far. An
> incoming client does this (IP addresses changed to protect the
> innocent...)
> :
>
> Nov 23 18:44:07 modez pptpd[20954]: MGR: No free connection slots or IPs -
> no more clients can connect!
> Nov 23 18:44:07 modez pptpd[20323]: CTRL: Client x.y.41.190 control
> connection started
> Nov 23 18:44:07 modez pptpd[20323]: CTRL: Starting call (launching pppd,
> opening GRE)
> Nov 23 18:44:07 modez pppd[15152]: pppd 2.3.5 started by dlandgre, uid 0
> Nov 23 18:44:07 modez pppd[15152]: Using interface ppp0
> Nov 23 18:44:07 modez pppd[15152]: Connect: ppp0 <--> /dev/ttyp0
> Nov 23 18:44:37 modez pptpd[20323]: CTRL: Error with select(), quitting
> Nov 23 18:44:37 modez pptpd[20323]: CTRL: Client x.y.41.190 control
> connection finished
> Nov 23 18:44:37 modez pppd[15152]: Modem hangup
> Nov 23 18:44:37 modez pppd[15152]: Connection terminated.
> Nov 23 18:44:37 modez pppd[15152]: Exit.
>
> I'm a bit puzzled by the "No free connection slots" as my pptpd.conf, in
> its entirety is
>
> pidfile /var/run/pptpd.pid
> speed 115200
> option /etc/ppp/options
> debug
> localip 192.168.254.1-254
> remoteip x.y.41.1-254
>
> /etc/ppp/options looks like this:
>
> debug
> name modez
> auth
> require-chap
> proxyarp
>
> /etc/ppp/ppp.conf is a bit of a mess... I just fiddled with the
> sample conf
> file but I need to hit with a cluestick. I really don't know what
> it should
> look like.
>
> Any help would be much appreciated.
>
> Thanks,
> David
>
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>



From david.landgren at bpinet.com  Fri Nov 24 09:08:26 2000
From: david.landgren at bpinet.com (David LANDGREN)
Date: Fri, 24 Nov 2000 16:08:26 +0100
Subject: [pptp-server] Getting started on OpenBSD
Message-ID: <C12569A1.00532C18.00@Brehat.bpinet.com>

|Did you configure PoPToP using the command:
|    ./configure --with-bsdppp

Ack!

|The remoteip options should not be x.y.41.1-254.  This is NOT a list of
IPs
|that you will allow connection from.  This is the list of IPs that get
|assigned to the ppp interface of the machine making the connection.  More
|likely, you want something like:
|    localip 192.168.254.1
|    remoteip 192.168.254.2-254

OIC. Does that mean that the localip should be the same address as one of
the NICs in the machine, or specifically that it should be a different
address?

Thanks,
DAvid




From kamesh_23_madras at winbox.com  Fri Nov 24 09:48:31 2000
From: kamesh_23_madras at winbox.com (kamesh babu)
Date: Fri, 24 Nov 2000 16:48:31 +0100 (GMT+01:00)
Subject: [pptp-server] regarding pptp for linux
Message-ID: <5940902.975080911512.JavaMail.root@www2.winbox.com>

Hi,
I am new to this mailing list and i just a want some info about pptp .

we have an office lan in 10.X network. everyone uses
nt server to login to the pdc and they get ips using dhcp. they also access our fileserver in Nt based on the permissons they have.

our gateway to internet is via a linux (redhat)  with two interface, one in public to adsl and other in private.(with ipchains)


now our Hr team wants to login to nt domain from internet( dial up and no static ip) and want to access the file server and they want some it to be secure as well.

  i think someof u would have faced such situations.
if any of u had done this, can u please tell me what to do??

the clients use windows 2000 or NT.

is it possible to use PoPToP on linux gateway server and Microsoft PPTP at client end and access the office lan via VPN??
regards,
kamesh
----------
Kamesh Babu
No 22, 1-st floor,
Natesan street,
T. Nagar,
Chennai -600017
ph: 91-44-4353668

" Some of the most important and meaningful lessons learned in life Are those lessons we learn the hard way."



_________________________
Looking for an e-mail address ? Use your recipient's mobile number! +44 (385) 123456 becomes 44385123456 at winbox.com . Try it now! This is a unique service from http://www.winbox.com


From dbrown at amavi.com  Fri Nov 24 14:19:15 2000
From: dbrown at amavi.com (Devin Brown)
Date: Fri, 24 Nov 2000 12:19:15 -0800
Subject: [pptp-server] Wierd error
Message-ID: <3.0.6.32.20001124121915.007c5ca0@amavi.com>

I've just built my second PopTop Server.  The first one I build about 6
months ago and is working fine.  This new one however, is giving me grief.
I built it the same way as the other one with the exception that I am now
using Redhat 6.2 as the OS instead of Debian 2.2 as I did on the other one.
 I first had problems compiling the kernel with the PPP MPPE patch in it.
I got an error complaining of an undefined PPP_MAGIC.  I eventually found a
workaround but it concerned me that I didn't have to do this on the other
server.  (I tried this compile in Debian too and it still bombed so that,
at least, is not a RedHat issue)  I've now got the kernel compiled (2.2.16
same as on the other server) and PopTop installed (v1.1.1.  I tried 1.0.0
and it did the same thing.)  What it's doing is kinda strange.  The server
is attached to our ADSL line for it's outside connection.  If I hook a
client machine (Win98) up inside the ADSL line (so same subnet as the
outside card in the new server) I can connect without problems.  It works
great.  However, if I hook this same client up to our secondary internet
connection (Shaw) and try to connect to the server through the actual
internet I can still connect but if I start a ping to an address on the
inside network (192.168.*.* range) it works for about 2 minutes then I lose
the connection.  The PPTP connection stays up, I just can't transfer any
data through the VPN Server.  I CAN connect reliably through this same Shaw
connection to the old VPN server. 

The error that shows up in the syslog when a connect fails in this manner
is "Unexpected sequence number; got 6 after 3"  The numbers are not always
the same.  Can anybody tell me what I did wrong?


--------------------
Devin Brown
Anthony MacAuley Associates
dbrown at amavi.com


From phil at vibrationresearch.com  Fri Nov 24 14:57:02 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Fri, 24 Nov 2000 15:57:02 -0500
Subject: [pptp-server] Wierd error
In-Reply-To: <3.0.6.32.20001124121915.007c5ca0@amavi.com>
Message-ID: <002d01c05659$183f3ed0$4500a8c0@vibrationresearch.com>

This is probably caused by dropped and/or out-of-order packets and a bug in
ppp_mppe that causes it not to re-sync when a packet is lost.

The FAQ (http://www.vibres.com/pptpd/pptpd-FAQ.txt) has more details:


7.3.10.	The VPN link works for a while, but then stops working,
	and the /var/log/debug file shows the following:
		pppd[10544]: rcvd [Compressed data] 10 32 ae 68 c0 8e e1 92 ...

	Solution: Patch the /usr/src/linux/drivers/net/ppp_mppe.c file with
	the patch:

	http://www.vibrationresearch.com/pptpd/ppp_mppe_compressed_data_fix.diff

	and then recompile and reinstall the ppp_mppe.o module

7.3.11. The VPN link works for a while, but then stops working,
	and the /var/log/debug file shows messages like the following:
		pppd[11170]: sent [LCP ProtRej id=0xb 51 19 ...
		pppd[11170]: rcvd [proto=0xbe1b] df 60 4e 4e ...
		pppd[11170]: Unsupported protocol 0xbe1b received
	(where the hex data and the protocol numbers may vary)

	This is probably caused by dropped packets with mppe running in
	stateful mode (i.e. mppe-stateless disabled).  In stateful mode,
	decryption of a packet requires successful decryption of the previous
	packet.  In stateless mode, a packet can always be decrypted as long
	as the sequence number is known.

	Solution: add the "mppe-stateless" option to the /etc/ppp/options.pptp
	file.

> -----Original Message-----
> From: pptp-server-admin at lists.schulte.org
> [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Devin Brown
> Sent: Friday, November 24, 2000 3:19 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Wierd error
>
>
> I've just built my second PopTop Server.  The first one I build about 6
> months ago and is working fine.  This new one however, is giving me grief.
> I built it the same way as the other one with the exception that I am now
> using Redhat 6.2 as the OS instead of Debian 2.2 as I did on the
> other one.
>  I first had problems compiling the kernel with the PPP MPPE patch in it.
> I got an error complaining of an undefined PPP_MAGIC.  I
> eventually found a
> workaround but it concerned me that I didn't have to do this on the other
> server.  (I tried this compile in Debian too and it still bombed so that,
> at least, is not a RedHat issue)  I've now got the kernel compiled (2.2.16
> same as on the other server) and PopTop installed (v1.1.1.  I tried 1.0.0
> and it did the same thing.)  What it's doing is kinda strange.  The server
> is attached to our ADSL line for it's outside connection.  If I hook a
> client machine (Win98) up inside the ADSL line (so same subnet as the
> outside card in the new server) I can connect without problems.  It works
> great.  However, if I hook this same client up to our secondary internet
> connection (Shaw) and try to connect to the server through the actual
> internet I can still connect but if I start a ping to an address on the
> inside network (192.168.*.* range) it works for about 2 minutes
> then I lose
> the connection.  The PPTP connection stays up, I just can't transfer any
> data through the VPN Server.  I CAN connect reliably through this
> same Shaw
> connection to the old VPN server.
>
> The error that shows up in the syslog when a connect fails in this manner
> is "Unexpected sequence number; got 6 after 3"  The numbers are not always
> the same.  Can anybody tell me what I did wrong?
>
>
> --------------------
> Devin Brown
> Anthony MacAuley Associates
> dbrown at amavi.com
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>



From cogger at technologist.com  Fri Nov 24 18:11:02 2000
From: cogger at technologist.com (Dean Cogger)
Date: Sat, 25 Nov 2000 13:11:02 +1300
Subject: [pptp-server] Cant connect
Message-ID: <001d01c05674$32fe5e20$e000a8c0@asus>

Hey all,

Im having problems with a pptp server Ive setup, and it used to work but now it doesnt after I haven't used it for awhile! I've setup daemon debuging and attached the log below and Im sure its only something little but I cant understand what : ). Thanks for the help in advance.

Dean.
ps Please send reply to dcogger at xtra.co.nz as I shall get it faster : ).

Nov 25 12:09:01 greyhigh pptpd[2145]: MGR: Manager process started
Nov 25 12:09:17 greyhigh pptpd[2146]: MGR: Launching /usr/local/sbin/pptpctrl to handle client
Nov 25 12:09:17 greyhigh pptpd[2146]: CTRL: local address = 192.168.1.234
Nov 25 12:09:17 greyhigh pptpd[2146]: CTRL: remote address = 192.168.1.235
Nov 25 12:09:17 greyhigh pptpd[2146]: CTRL: Client 210.55.85.176 control connection started
Nov 25 12:09:17 greyhigh pptpd[2146]: CTRL: Received PPTP Control Message (type: 1)
Nov 25 12:09:17 greyhigh pptpd[2146]: CTRL: Made a START CTRL CONN RPLY packet
Nov 25 12:09:17 greyhigh pptpd[2146]: CTRL: I wrote 156 bytes to the client.
Nov 25 12:09:17 greyhigh pptpd[2146]: CTRL: Sent packet to client
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Received PPTP Control Message (type: 7)
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Set parameters to 0 maxbps, 16 window size
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Made a OUT CALL RPLY packet
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Starting call (launching pppd, opening GRE)
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: pty_fd = 4
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: tty_fd = 5
Nov 25 12:09:18 greyhigh pptpd[2147]: CTRL (PPPD Launcher): Connection speed = 115200
Nov 25 12:09:18 greyhigh pptpd[2147]: CTRL (PPPD Launcher): local address = 192.168.1.234
Nov 25 12:09:18 greyhigh pptpd[2147]: CTRL (PPPD Launcher): remote address = 192.168.1.235
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: I wrote 32 bytes to the client.
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Sent packet to client
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Received PPTP Control Message (type: 12)
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Made a CALL DISCONNECT RPLY packet
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Received CALL CLR request (closing call)
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: I wrote 148 bytes to the client.
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Sent packet to client
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Error with select(), quitting
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Client 210.55.85.176 control connection finished
Nov 25 12:09:18 greyhigh pptpd[2146]: CTRL: Exiting now
Nov 25 12:09:18 greyhigh pptpd[2145]: MGR: Reaped child 2146
Nov 25 12:09:18 greyhigh modprobe: can't locate module char-major-108
Nov 25 12:09:18 greyhigh pppd[2147]: pppd 2.3.10 started by root, uid 0
Nov 25 12:09:18 greyhigh pppd[2147]: Failed to open /dev/pts/1: No such file or directory
Nov 25 12:09:18 greyhigh pppd[2147]: Exit.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001125/0b75e7eb/attachment.html>

From xfzhu at seu.edu.cn  Sat Nov 25 08:27:19 2000
From: xfzhu at seu.edu.cn (Zhu Xiaofeng)
Date: Sat, 25 Nov 2000 22:27:19 +0800
Subject: [pptp-server] New on setting up pptp,help!
Message-ID: <000d01c056eb$d1549ae0$521877ca@SUNSHINE>

Hi everyone:
 When I install pptp on my FreeBSD 4.0-release and start pptpd,a message is
added into syslog as following:

    Nov 25 20:09:40 freebsd pptpd[19435]: MGR: Max connections reached,
extra IP add
    resses ignored
Then when system already has a user connected , second user can't dial.Log
messages follows:
    Nov 25 20:03:50 freebsd pppd[19409]: pppd 2.3.10 started by xfzhu, uid 0
    Nov 25 20:03:50 freebsd pppd[19409]: ioctl(TIOCSETD): Device not
configured
    Nov 25 20:03:50 freebsd pptpd[19408]: GRE:
read(fd=4,buffer=804da80,len=8196) from PTY failed: status = 0 error = No
error
    Nov 25 20:03:50 freebsd pptpd[19408]: CTRL: PTY read or GRE write failed
(pty,gre)=(4,5)

    Can somebody tell me why to correct it to let more user dial onto system
vi pptp?

xfzhu



From george.csahanin at lintv.com  Sat Nov 25 09:57:33 2000
From: george.csahanin at lintv.com (george.csahanin at lintv.com)
Date: Sat, 25 Nov 2000 09:57:33 -0600
Subject: [pptp-server] pptp client
Message-ID: <001a01c056f8$6cc08b90$0701a8c0@c54141-a.bdfrd1.tx.home.com>

I've setup poptop on my netmax firewall, and I can get into it fine fron windoze bozes...but trying to get in with pptp from a linux box is just not going anywhere fast. I went thru this once before and made no notes...maybe someone out yonder has seen this:

As I said, in from windoze ok, in from pptp in linux yields an error that seems to be failure of peer to authenticate:

One episode from log:

Nov 25 10:45:21 gcfirewall pptpd[11705]: MGR: Launching /usr/sbin/pptpctrl to handle client
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: local address = 192.168.1.30
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: remote address = 192.168.1.20
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: pppd speed = 115200
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: pppd options file = /etc/ppp/options
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: Client 192.168.1.8 control connection started
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: Received PPTP Control Message (type: 1)
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: Made a START CTRL CONN RPLY packet
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: I wrote 156 bytes to the client.
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: Sent packet to client
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: Received PPTP Control Message (type: 7)
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: Set parameters to 152 maxbps, 3 window size
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: Made a OUT CALL RPLY packet
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: Starting call (launching pppd, opening GRE)
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: pty_fd = 5
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: tty_fd = 6
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: I wrote 32 bytes to the client.
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: Sent packet to client
Nov 25 10:45:22 gcfirewall pptpd[11706]: CTRL (PPPD Launcher): Connection speed = 115200
Nov 25 10:45:22 gcfirewall pptpd[11706]: CTRL (PPPD Launcher): local address = 192.168.1.30
Nov 25 10:45:22 gcfirewall pptpd[11706]: CTRL (PPPD Launcher): remote address = 192.168.1.20
Nov 25 10:45:22 gcfirewall modprobe: can't locate module char-major-108
Nov 25 10:45:22 gcfirewall pppd[11706]: pppd 2.3.10 started by root, uid 0
Nov 25 10:45:22 gcfirewall pppd[11706]: Using interface ppp0
Nov 25 10:45:22 gcfirewall pppd[11706]: Connect: ppp0 <--> /dev/pts/3
Nov 25 10:45:23 gcfirewall pppd[11706]: Warning - secret file /etc/ppp/pap-secrets has world and/or group access
Nov 25 10:45:23 gcfirewall pppd[11706]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0x6b15ee4f> <pcomp> <accomp>]
Nov 25 10:45:24 gcfirewall pptpd[11705]: GRE: Discarding duplicate packet
Nov 25 10:45:25 gcfirewall pppd[11706]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0xa5abb9c0> <pcomp> <accomp>]
Nov 25 10:45:25 gcfirewall pppd[11706]: sent [LCP ConfRej id=0x1 <auth chap MD5>]
Nov 25 10:45:25 gcfirewall pppd[11706]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0xa5abb9c0> <pcomp> <accomp>]
Nov 25 10:45:25 gcfirewall pppd[11706]: sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0xa5abb9c0> <pcomp> <accomp>]
Nov 25 10:45:26 gcfirewall pppd[11706]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MD5> <magic 0x6b15ee4f> <pcomp> <accomp>]
Nov 25 10:45:26 gcfirewall pppd[11706]: rcvd [LCP ConfRej id=0x1 <auth chap MD5>]
Nov 25 10:45:26 gcfirewall pppd[11706]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x6b15ee4f> <pcomp> <accomp>]
Nov 25 10:45:26 gcfirewall pppd[11706]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x6b15ee4f> <pcomp> <accomp>]
Nov 25 10:45:26 gcfirewall pppd[11706]: Warning - secret file /etc/ppp/pap-secrets has world and/or group access
Nov 25 10:45:26 gcfirewall pppd[11706]: peer refused to authenticate: terminating link
Nov 25 10:45:26 gcfirewall pppd[11706]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
Nov 25 10:45:26 gcfirewall pppd[11706]: rcvd [LCP TermReq id=0x3 "peer refused to authenticate"]
Nov 25 10:45:26 gcfirewall pppd[11706]: sent [LCP TermAck id=0x3]
Nov 25 10:45:26 gcfirewall pppd[11706]: rcvd [LCP TermAck id=0x3]
Nov 25 10:45:26 gcfirewall pppd[11706]: Connection terminated.
Nov 25 10:45:26 gcfirewall pppd[11706]: Exit.
Nov 25 10:45:26 gcfirewall pptpd[11705]: GRE: read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error
Nov 25 10:45:26 gcfirewall pptpd[11705]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)
Nov 25 10:45:26 gcfirewall pptpd[11705]: CTRL: Client 192.168.1.8 control connection finished
Nov 25 10:45:26 gcfirewall pptpd[11705]: CTRL: Exiting now
Nov 25 10:45:26 gcfirewall pptpd[26741]: MGR: Reaped child 11705
Nov 25 10:49:30 gcfirewall inetd[16258]: smtp/tcp: bind: Address already in use
[root at gcfirewall log]# 


/etc/ppp/options:

[root at gcfirewall log]# more /etc/ppp/options  
debug
name gcfirewall.bdfrd1.tx.home.com
auth
#+chap
require-chap
proxyarp
[root at gcfirewall log]#

/etc/pptpd.conf:
[root at gcfirewall log]# more /etc/pptpd.conf
speed 115200

option /etc/ppp/options

debug


localip 192.168.1.30-34
remoteip 192.168.1.20-24



listen 192.168.1.1

pidfile /var/run/pptpd.pid



ANyone have any ideas?

-George Csahanin
georgec2 at ix.netcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001125/fa6a2cb7/attachment.html>

From georgev at citadelcomputer.com.au  Sat Nov 25 21:29:59 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Sun, 26 Nov 2000 14:29:59 +1100
Subject: [pptp-server] regarding pptp for linux
Message-ID: <90C35E9FADC0D41184770000E860EB4901BBC8@cittech>

Yes I have done this just last week and works great. The only problem I have
is that over night the PPTP seems to drop out and you just have to
restart... probably traffic or some setup on my side.

I found I had more success with RedHat 6.2 with the instructions from
http://poptop.lineo.com/

Though I could only get it working when compiling the kernel to 2.2.17 and
not stay with my 2.2.16-3.

Win-NT Wks connects fine and Win98SE worked for me too..

-----Original Message-----
From: kamesh babu [mailto:kamesh_23_madras at winbox.com]
Sent: Saturday, November 25, 2000 2:49 AM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] regarding pptp for linux


Hi,
I am new to this mailing list and i just a want some info about pptp .

we have an office lan in 10.X network. everyone uses
nt server to login to the pdc and they get ips using dhcp. they also access
our fileserver in Nt based on the permissons they have.

our gateway to internet is via a linux (redhat)  with two interface, one in
public to adsl and other in private.(with ipchains)


now our Hr team wants to login to nt domain from internet( dial up and no
static ip) and want to access the file server and they want some it to be
secure as well.

  i think someof u would have faced such situations.
if any of u had done this, can u please tell me what to do??

the clients use windows 2000 or NT.

is it possible to use PoPToP on linux gateway server and Microsoft PPTP at
client end and access the office lan via VPN??
regards,
kamesh
----------
Kamesh Babu
No 22, 1-st floor,
Natesan street,
T. Nagar,
Chennai -600017
ph: 91-44-4353668

" Some of the most important and meaningful lessons learned in life Are
those lessons we learn the hard way."



_________________________
Looking for an e-mail address ? Use your recipient's mobile number! +44
(385) 123456 becomes 44385123456 at winbox.com . Try it now! This is a unique
service from http://www.winbox.com
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From georgev at citadelcomputer.com.au  Sat Nov 25 21:43:01 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Sun, 26 Nov 2000 14:43:01 +1100
Subject: [pptp-server] pptp client
Message-ID: <90C35E9FADC0D41184770000E860EB4901BBCA@cittech>

Hi George (what a great name ey!?),
 
If these logs are on the clients side you'll notice that your linux box
(client) wants the PPTP server to authenticate too as well as the server
wants the client to....
 
<snip>
   Nov 25 10:45:26 gcfirewall pppd[11706]: peer refused to authenticate:
terminating link
</snip>
 
Try using "noauth" with the pppd options on the client side as this will
stop making the client as authnetication from the server....

-----Original Message-----
From: george.csahanin at lintv.com [mailto:george.csahanin at lintv.com]
Sent: Sunday, November 26, 2000 2:58 AM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] pptp client


I've setup poptop on my netmax firewall, and I can get into it fine fron
windoze bozes...but trying to get in with pptp from a linux box is just not
going anywhere fast. I went thru this once before and made no notes...maybe
someone out yonder has seen this:
 
As I said, in from windoze ok, in from pptp in linux yields an error that
seems to be failure of peer to authenticate:
 
One episode from log:
 
Nov 25 10:45:21 gcfirewall pptpd[11705]: MGR: Launching /usr/sbin/pptpctrl
to handle client
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: local address = 192.168.1.30
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: remote address = 192.168.1.20
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: pppd speed = 115200
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: pppd options file =
/etc/ppp/options
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: Client 192.168.1.8 control
connection started
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: Received PPTP Control Message
(type: 1)
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: Made a START CTRL CONN RPLY
packet
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: I wrote 156 bytes to the
client.
Nov 25 10:45:21 gcfirewall pptpd[11705]: CTRL: Sent packet to client
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: Received PPTP Control Message
(type: 7)
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: Set parameters to 152 maxbps,
3 window size
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: Made a OUT CALL RPLY packet
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: Starting call (launching
pppd, opening GRE)
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: pty_fd = 5
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: tty_fd = 6
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: I wrote 32 bytes to the
client.
Nov 25 10:45:22 gcfirewall pptpd[11705]: CTRL: Sent packet to client
Nov 25 10:45:22 gcfirewall pptpd[11706]: CTRL (PPPD Launcher): Connection
speed = 115200
Nov 25 10:45:22 gcfirewall pptpd[11706]: CTRL (PPPD Launcher): local address
= 192.168.1.30
Nov 25 10:45:22 gcfirewall pptpd[11706]: CTRL (PPPD Launcher): remote
address = 192.168.1.20
Nov 25 10:45:22 gcfirewall modprobe: can't locate module char-major-108
Nov 25 10:45:22 gcfirewall pppd[11706]: pppd 2.3.10 started by root, uid 0
Nov 25 10:45:22 gcfirewall pppd[11706]: Using interface ppp0
Nov 25 10:45:22 gcfirewall pppd[11706]: Connect: ppp0 <--> /dev/pts/3
Nov 25 10:45:23 gcfirewall pppd[11706]: Warning - secret file
/etc/ppp/pap-secrets has world and/or group access
Nov 25 10:45:23 gcfirewall pppd[11706]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap MD5> <magic 0x6b15ee4f> <pcomp> <accomp>]
Nov 25 10:45:24 gcfirewall pptpd[11705]: GRE: Discarding duplicate packet
Nov 25 10:45:25 gcfirewall pppd[11706]: rcvd [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap MD5> <magic 0xa5abb9c0> <pcomp> <accomp>]
Nov 25 10:45:25 gcfirewall pppd[11706]: sent [LCP ConfRej id=0x1 <auth chap
MD5>]
Nov 25 10:45:25 gcfirewall pppd[11706]: rcvd [LCP ConfReq id=0x2 <asyncmap
0x0> <magic 0xa5abb9c0> <pcomp> <accomp>]
Nov 25 10:45:25 gcfirewall pppd[11706]: sent [LCP ConfAck id=0x2 <asyncmap
0x0> <magic 0xa5abb9c0> <pcomp> <accomp>]
Nov 25 10:45:26 gcfirewall pppd[11706]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap MD5> <magic 0x6b15ee4f> <pcomp> <accomp>]
Nov 25 10:45:26 gcfirewall pppd[11706]: rcvd [LCP ConfRej id=0x1 <auth chap
MD5>]
Nov 25 10:45:26 gcfirewall pppd[11706]: sent [LCP ConfReq id=0x2 <asyncmap
0x0> <magic 0x6b15ee4f> <pcomp> <accomp>]
Nov 25 10:45:26 gcfirewall pppd[11706]: rcvd [LCP ConfAck id=0x2 <asyncmap
0x0> <magic 0x6b15ee4f> <pcomp> <accomp>]
Nov 25 10:45:26 gcfirewall pppd[11706]: Warning - secret file
/etc/ppp/pap-secrets has world and/or group access
Nov 25 10:45:26 gcfirewall pppd[11706]: peer refused to authenticate:
terminating link
Nov 25 10:45:26 gcfirewall pppd[11706]: sent [LCP TermReq id=0x3 "peer
refused to authenticate"]
Nov 25 10:45:26 gcfirewall pppd[11706]: rcvd [LCP TermReq id=0x3 "peer
refused to authenticate"]
Nov 25 10:45:26 gcfirewall pppd[11706]: sent [LCP TermAck id=0x3]
Nov 25 10:45:26 gcfirewall pppd[11706]: rcvd [LCP TermAck id=0x3]
Nov 25 10:45:26 gcfirewall pppd[11706]: Connection terminated.
Nov 25 10:45:26 gcfirewall pppd[11706]: Exit.
Nov 25 10:45:26 gcfirewall pptpd[11705]: GRE:
read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error =
Input/output error
Nov 25 10:45:26 gcfirewall pptpd[11705]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)
Nov 25 10:45:26 gcfirewall pptpd[11705]: CTRL: Client 192.168.1.8 control
connection finished
Nov 25 10:45:26 gcfirewall pptpd[11705]: CTRL: Exiting now
Nov 25 10:45:26 gcfirewall pptpd[26741]: MGR: Reaped child 11705
Nov 25 10:49:30 gcfirewall inetd[16258]: smtp/tcp: bind: Address already in
use
[root at gcfirewall log]# 
 
 
/etc/ppp/options:
 
[root at gcfirewall log]# more /etc/ppp/options  
debug
name gcfirewall.bdfrd1.tx.home.com
auth
#+chap
require-chap
proxyarp
[root at gcfirewall log]#
 
/etc/pptpd.conf:
[root at gcfirewall log]# more /etc/pptpd.conf
speed 115200
 
option /etc/ppp/options
 
debug
 

localip 192.168.1.30-34
remoteip 192.168.1.20-24
 
 
 
listen 192.168.1.1
 
pidfile /var/run/pptpd.pid
 
 
 
ANyone have any ideas?
 
-George Csahanin
georgec2 at ix.netcom.com <mailto:georgec2 at ix.netcom.com> 
 



From giant at gmx.de  Sun Nov 26 06:00:08 2000
From: giant at gmx.de (Marc Breuer)
Date: Sun, 26 Nov 2000 13:00:08 +0100
Subject: [pptp-server] poptop and windows gaming ?
Message-ID: <NEBBIBKFCLOEKOLIPPAKAEDJCHAA.giant@gmx.de>

hi,i want to create several external vpn dialins to my local masqueraded
network, so that we are able to play multiplayer LAN games.
right now vpn dialin works good, pinging the internal and vpn ips works too.
but none of the testet games finds a lan-server.
all tested games use the M$ directplay tcp/ip networking interface. there
must be something like a broadcast message of a client to get a message from
all available game server, but i don't know anything of tcp/ip internal
messages...
would be great if there is a solution to this problem
greets
Marc



From georgev at citadelcomputer.com.au  Sun Nov 26 13:38:05 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Mon, 27 Nov 2000 06:38:05 +1100
Subject: [pptp-server] poptop and windows gaming ?
Message-ID: <90C35E9FADC0D41184770000E860EB4901BBD0@cittech>

Are you using an IP range which is the same as the LAN? If you don't then it
won't work, if you do then are you using `proxyarp` in your
/etc/ppp/options.pptpd file coz'. Many network games I've seen can allow
entering an IP to search for a server.

-----Original Message-----
From: Marc Breuer [mailto:giant at gmx.de]
Sent: Sunday, November 26, 2000 11:00 PM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] poptop and windows gaming ?


hi,i want to create several external vpn dialins to my local masqueraded
network, so that we are able to play multiplayer LAN games.
right now vpn dialin works good, pinging the internal and vpn ips works too.
but none of the testet games finds a lan-server.
all tested games use the M$ directplay tcp/ip networking interface. there
must be something like a broadcast message of a client to get a message from
all available game server, but i don't know anything of tcp/ip internal
messages...
would be great if there is a solution to this problem
greets
Marc

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From ffranco at interlog.com  Sun Nov 26 20:32:20 2000
From: ffranco at interlog.com (Francisco Franco)
Date: Sun, 26 Nov 2000 21:32:20 -0500
Subject: [pptp-server] Need help to run pptpd over ipchains firewall
Message-ID: <3A21C7AF.BDBA7AF8@interlog.com>

Hi Folks,

I need some help.  I have installed pptpd-1.0.0-1 on a PC running Linux
RedHat 6.2.  I am able to connect to the pptpd server from the internal
network without any problems.  However, when I try to connect from the
outside I get problems.

In order to allow pptpd over the firewall running ipchains, I have made
the following additions to the firewall.

++ ipchains -A output -i eth1 -j eth1-out
++ ipchains -A eth1-out -s 192.168.1.0/24 -l -j DENY
++ ipchains -A eth1-out -d 192.168.1.0/24 -l -j DENY
++ ipchains -A input -i eth1 -j eth1-in
++ ipchains -A eth1-in -s 192.168.1.0/24 -l -j DENY
++ ipchains -A eth1-in -d 192.168.1.0/24 -l -j DENY
++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 auth -j REJECT
++ ipchains -A eth1-in -p TCP -y -d 0.0.0.0/0 1723 -j ACCEPT -l
++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 1723 -j ACCEPT
++ ipchains -A eth1-in -p 47 -j ACCEPT
++ ipchains -A eth1-in -p TCP -j ACCEPT
++ ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT

The 192.168.1.0/24 network is my internal network and it sits on eth0.
eth1 is my external network.  However, after I have applied the above
rules to the ipchains, I get the following messages in m messages log.

Nov 26 21:09:14 hammer pptpd[983]: CTRL: Client 24.114.19.225 control
connection started
Nov 26 21:09:14 hammer pptpd[983]: CTRL: Starting call (launching pppd,
opening GRE)
Nov 26 21:09:14 hammer pppd[984]: pppd 2.3.11 started by root, uid 0
Nov 26 21:09:14 hammer pppd[984]: Using interface ppp0
Nov 26 21:09:14 hammer pppd[984]: Connect: ppp0 <--> /dev/pts/2
Nov 26 21:09:14 hammer kernel: Packet log: output REJECT eth1 PROTO=47
205.189.197.50:65535 24.114.19.225:65535 L=61 S=0x00 I=1640 F=0x0000
T=64 (#48)
Nov 26 21:09:14 hammer pptpd[983]: GRE: xmit failed from decaps_hdlc:
Operation not permitted
Nov 26 21:09:15 hammer pptpd[983]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)
Nov 26 21:09:15 hammer pptpd[983]: CTRL: Client 24.114.19.225 control
connection finished
Nov 26 21:09:15 hammer pppd[984]: Modem hangup
Nov 26 21:09:15 hammer pppd[984]: Connection terminated.
Nov 26 21:09:15 hammer pppd[984]: Exit.

What have I forgotten to do?

Regards,

Francisco



From Steve at SteveCowles.com  Sun Nov 26 23:01:18 2000
From: Steve at SteveCowles.com (Cowles, Steve)
Date: Sun, 26 Nov 2000 23:01:18 -0600
Subject: [pptp-server] Need help to run pptpd over ipchains firewall
Message-ID: <90769AF04F76D41186C700A0C90AFC3EE5AA@defiant.infohiiway.com>

> -----Original Message-----
> From: Francisco Franco [mailto:ffranco at interlog.com]
> Sent: Sunday, November 26, 2000 8:32 PM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] Need help to run pptpd over ipchains firewall
> 
> In order to allow pptpd over the firewall running ipchains, I 
> have made the following additions to the firewall.
> 
> ++ ipchains -A output -i eth1 -j eth1-out
> ++ ipchains -A eth1-out -s 192.168.1.0/24 -l -j DENY
> ++ ipchains -A eth1-out -d 192.168.1.0/24 -l -j DENY
> ++ ipchains -A input -i eth1 -j eth1-in
> ++ ipchains -A eth1-in -s 192.168.1.0/24 -l -j DENY
> ++ ipchains -A eth1-in -d 192.168.1.0/24 -l -j DENY
> ++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 auth -j REJECT
> ++ ipchains -A eth1-in -p TCP -y -d 0.0.0.0/0 1723 -j ACCEPT -l
> ++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 1723 -j ACCEPT
> ++ ipchains -A eth1-in -p 47 -j ACCEPT
> ++ ipchains -A eth1-in -p TCP -j ACCEPT
> ++ ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
> 
> The 192.168.1.0/24 network is my internal network and it sits on eth0.
> eth1 is my external network.  However, after I have applied the above
> rules to the ipchains, I get the following messages in m messages log.
> 
> Nov 26 21:09:14 hammer pptpd[983]: CTRL: Client 24.114.19.225 control
> connection started
> Nov 26 21:09:14 hammer pptpd[983]: CTRL: Starting call 
> (launching pppd, opening GRE)
> Nov 26 21:09:14 hammer pppd[984]: pppd 2.3.11 started by root, uid 0
> Nov 26 21:09:14 hammer pppd[984]: Using interface ppp0
> Nov 26 21:09:14 hammer pppd[984]: Connect: ppp0 <--> /dev/pts/2
> Nov 26 21:09:14 hammer kernel: Packet log: output REJECT eth1 PROTO=47
> 205.189.197.50:65535 24.114.19.225:65535 L=61 S=0x00 I=1640 F=0x0000
> T=64 (#48)

The following might help in trying to locate why proto 47 (gre) is being
rejected by rule number 48 on the output chain. i.e. (#48)

Try using: ipchains -L -n --line-numbers

Based on where the above rules are located in your firewall script, using
the -A (append) option can cause these rules to show up at the end of a
defined chain and being superceded by a previous DENY/REJECT rule. By using
the --line-numbers, you will be able to tell where rule 48 is in relation to
the rules you have defined for PPTP. Sometimes this type of problem can be
easily resolved by changing the -A (append) to -I (insert).

FWIW: You can also specify an actual rule number when inserting a rule. i.e.
Force a rule to be added in a specific order.
see: man ipchains

Steve Cowles


From beutner at algonet.se  Mon Nov 27 04:14:33 2000
From: beutner at algonet.se (Magnus Beutner)
Date: Mon, 27 Nov 2000 11:14:33 +0100
Subject: [pptp-server] New on setting up pptp,help!
References: <000d01c056eb$d1549ae0$521877ca@SUNSHINE>
Message-ID: <011801c0585d$5ff1aa50$1e7511ac@datorteket.lan>

Hi Zhu

I think this is because You lack the presence of more
than one ppp-device in Your kernel-config (see below).
 pseudo-device   ppp   16
 pseudo-device   tun   16

This should make 16 simultaneous connections available
(I'm not sure about the "tun-device" thoug).

Regards //
  // Magnus Beutner


----- Original Message -----
From: "Zhu Xiaofeng" <xfzhu at seu.edu.cn>
To: <pptp-server at lists.schulte.org>
Sent: Saturday, November 25, 2000 3:27 PM
Subject: [pptp-server] New on setting up pptp,help!


> Hi everyone:
>  When I install pptp on my FreeBSD 4.0-release and start pptpd,a message
is
> added into syslog as following:
>
>     Nov 25 20:09:40 freebsd pptpd[19435]: MGR: Max connections reached,
> extra IP addresses ignored




From beutner at algonet.se  Mon Nov 27 04:34:28 2000
From: beutner at algonet.se (Magnus Beutner)
Date: Mon, 27 Nov 2000 11:34:28 +0100
Subject: [pptp-server] regarding pptp for linux
References: <5940902.975080911512.JavaMail.root@www2.winbox.com>
Message-ID: <013101c05861$96d7f020$1e7511ac@datorteket.lan>

Hi Kamesh

Yes it is possible to get access TO Your LAN (via PPTP-server)  FROM the
internet (via MS-VPN-client).
And I don't see any reason why You shouldn't be able to login
(& maybe even process login-scripts!) from Your Win4/WinNT boxes.

Regards //
  // Magnus Beutner


----- Original Message -----
From: "kamesh babu" <kamesh_23_madras at winbox.com>
To: <pptp-server at lists.schulte.org>
Sent: Friday, November 24, 2000 4:48 PM
Subject: [pptp-server] regarding pptp for linux


> is it possible to use PoPToP on linux gateway server and Microsoft PPTP at
client end and access the office lan via VPN??
> regards,
> kamesh




From huy.nguyen at corp.vizzavi.net  Mon Nov 27 06:41:44 2000
From: huy.nguyen at corp.vizzavi.net (Huy NGUYEN)
Date: Mon, 27 Nov 2000 13:41:44 +0100
Subject: [pptp-server] poptop with mppe on solaris 2.6
Message-ID: <004701c0586f$6729ca20$d178d30a@vizzavi.fr.corp.vizzavi.net>

Hi,

I think this question has already been posted to the listed but I could not
find an answer in the archives.
I'm trying to set up a poptop server on solaris 2.6 but I can't get
encryption to work although unencrypted connections work.

I get these lines in logs:

Nov 27 11:04:29 host pppd[2282]: MSCHAP-v2 peer authentication succeeded for
huy
...
Nov 27 11:04:29 host pppd[2282]: rcvd [CCP ConfNak id=0x3 <mppe 0 0 0 0>]
Nov 27 11:04:29 host pppd[2282]: sent [CCP ConfReq id=0x4]
Nov 27 11:04:35 host last message repeated 2 times
Nov 27 11:04:35 host pppd[2282]: rcvd [CCP ConfNak id=0x4 <mppe 0 0 0 0>]
Nov 27 11:04:35 host pppd[2282]: sent [CCP ConfReq id=0x5]
Nov 27 11:04:35 host pppd[2282]: rcvd [CCP ConfNak id=0x4 <mppe 0 0 0 0>]
Nov 27 11:04:35 host last message repeated 1 time
Nov 27 11:04:35 host pppd[2282]: rcvd [CCP ConfNak id=0x5 <mppe 0 0 0 0>]
Nov 27 11:04:35 host pppd[2282]: sent [CCP ConfReq id=0x6]
Nov 27 11:04:35 host pppd[2282]: rcvd [CCP ConfNak id=0x6 <mppe 0 0 0 0>]
Nov 27 11:04:35 host pppd[2282]: sent [CCP ConfReq id=0x7]
Nov 27 11:04:35 host pppd[2282]: rcvd [CCP ConfNak id=0x7 <mppe 0 0 0 0>]
Nov 27 11:04:35 host pppd[2282]: sent [CCP ConfReq id=0x8]
Nov 27 11:04:35 host pppd[2282]: rcvd [CCP ConfNak id=0x8 <mppe 0 0 0 0>]
Nov 27 11:04:35 host pppd[2282]: sent [CCP ConfReq id=0x9]
Nov 27 11:04:35 host pppd[2282]: rcvd [CCP ConfNak id=0x9 <mppe 0 0 0 0>]
Nov 27 11:04:35 host pppd[2282]: sent [CCP ConfReq id=0xa]
Nov 27 11:04:35 host pptpd[2281]: CTRL: Received PPTP Control Message (type:
15)
Nov 27 11:04:35 host pptpd[2281]: CTRL: Ignored a SET LINK INFO packet with
real ACCMs!
Nov 27 11:04:35 host pptpd[2281]: CTRL: Ignored a SET LINK INFO packet with
real ACCMs!
Nov 27 11:04:35 host pppd[2282]: rcvd [LCP TermReq id=0x9
"k\37777777751\002g\000<\37777777715t\000\000\002\37777777746"]
Nov 27 11:04:35 host pppd[2282]: LCP terminated by peer
(kM-i^Bg^@<M-Mt^@^@^BM-f)

My understanding is that the client and the server can not negotiate the
encryption thing. Am I right ?

Best regards,

Huy NGUYEN



From david.landgren at bpinet.com  Mon Nov 27 08:27:15 2000
From: david.landgren at bpinet.com (David LANDGREN)
Date: Mon, 27 Nov 2000 15:27:15 +0100
Subject: [pptp-server] Getting started on OpenBSD
Message-ID: <C12569A4.004F6678.00@Brehat.bpinet.com>

|Did you configure PoPToP using the command:
|    ./configure --with-bsdppp

Done.

|Also, check out the FreeBSD PPTP HOWTO at:
|    http://heyer.supranet.net/pptp/

Read. This was invaluable in clearing up how ppp was to be configured. It
looks like authentication is proving to be a problem. In the log I receive:

(where x.y is the external address and a.b is my internal net)

Nov 27 11:07:27 modez pptpd[27413]: CTRL: Client x.y.44.93 control
connection started
Nov 27 11:07:30 modez pptpd[27413]: CTRL: Starting call (launching pppd,
opening GRE)
Nov 27 11:07:30 modez ppp[10515]: Phase: Using interface: tun0
Nov 27 11:07:30 modez ppp[10515]: Phase: deflink: Created in closed state
Nov 27 11:07:30 modez ppp[10515]: Command: loop: set device localhost:pptp
Nov 27 11:07:30 modez ppp[10515]: Command: loop: set dial
Nov 27 11:07:30 modez ppp[10515]: Command: loop: set login
Nov 27 11:07:30 modez ppp[10515]: Command: loop: set ifaddr a.b.0.10
a.b.3.0/24 255.255.255.255
Nov 27 11:07:30 modez ppp[10515]: Command: loop: set server /tmp/loop *****
*** 0177
Nov 27 11:07:30 modez ppp[10515]: Phase: Listening at local socket
/tmp/loop.
Nov 27 11:07:30 modez ppp[10515]: Command: pptp: enable pap
Nov 27 11:07:30 modez ppp[10515]: Command: pptp: enable proxy
Nov 27 11:07:30 modez ppp[10515]: Command: pptp: accept dns
Nov 27 11:07:30 modez ppp[10515]: Command: pptp: set dns a.b.0.8 a.b.0.18
Nov 27 11:07:30 modez ppp[10515]: Command: pptp: set nbns a.b.0.1
Nov 27 11:07:30 modez ppp[10515]: Command: pptp: set device
!/etc/ppp/secure
Nov 27 11:07:30 modez ppp[10515]: Phase: PPP Started (direct mode).
Nov 27 11:07:30 modez ppp[10515]: Phase: bundle: Establish
Nov 27 11:07:30 modez ppp[10515]: Phase: deflink: closed -> opening
Nov 27 11:07:30 modez ppp[10515]: Phase: deflink: Connected!
Nov 27 11:07:30 modez ppp[10515]: Phase: deflink: opening -> carrier
Nov 27 11:07:30 modez ppp[10515]: Phase: deflink: carrier -> lcp
Nov 27 11:07:30 modez ppp[10515]: LCP: FSM: Using "deflink" as a transport
Nov 27 11:07:30 modez ppp[10515]: LCP: deflink: State change Initial -->
Closed
Nov 27 11:07:30 modez ppp[10515]: LCP: deflink: State change Closed -->
Stopped
Nov 27 11:07:31 modez ppp[10515]: LCP: deflink: LayerStart
Nov 27 11:07:31 modez ppp[10515]: LCP: deflink: SendConfigReq(1) state =
Stopped
Nov 27 11:07:31 modez ppp[10515]: LCP:  ACFCOMP[2]
Nov 27 11:07:31 modez ppp[10515]: LCP:  PROTOCOMP[2]
Nov 27 11:07:31 modez ppp[10515]: LCP:  ACCMAP[6] 0x00000000
Nov 27 11:07:31 modez ppp[10515]: LCP:  MRU[4] 1500
Nov 27 11:07:31 modez ppp[10515]: LCP:  MAGICNUM[6] 0x2ac80c71
Nov 27 11:07:31 modez ppp[10515]: LCP:  AUTHPROTO[4] 0xc023 (PAP)
Nov 27 11:07:31 modez ppp[10515]: LCP: deflink: State change Stopped -->
Req-Sent
Nov 27 11:07:34 modez ppp[10515]: LCP: deflink: SendConfigReq(1) state =
Req-Sent
Nov 27 11:07:34 modez ppp[10515]: LCP:  ACFCOMP[2]
Nov 27 11:07:34 modez ppp[10515]: LCP:  PROTOCOMP[2]
Nov 27 11:07:34 modez ppp[10515]: LCP:  ACCMAP[6] 0x00000000
Nov 27 11:07:34 modez ppp[10515]: LCP:  MRU[4] 1500
Nov 27 11:07:34 modez ppp[10515]: LCP:  MAGICNUM[6] 0x2ac80c71
Nov 27 11:07:34 modez ppp[10515]: LCP:  AUTHPROTO[4] 0xc023 (PAP)
[NB: above 7 lines repeated 3 more times]
Nov 27 11:07:46 modez ppp[10515]: LCP: deflink: LayerFinish
Nov 27 11:07:46 modez ppp[10515]: LCP: deflink: State change Req-Sent -->
Stopped
Nov 27 11:07:46 modez ppp[10515]: LCP: deflink: State change Stopped -->
Closed
Nov 27 11:07:46 modez ppp[10515]: LCP: deflink: State change Closed -->
Initial
Nov 27 11:07:46 modez ppp[10515]: Phase: deflink: Disconnected!

I have tried using PAP, CHAP and passwdauth (and no auth) but each time I
get the same results.

The client is bombing out with a 629 error. I've checked the FAQ, and pptpd
is running, I have configured pptpdctrl as per README.inetd. I have tried
running pptpd out of inetd or standalone. My firewall is not dropping
anything.

/etc/ppp/secure and /etc/ppp/ppp.conf are pretty much straight copies of
what's discussed in http://heyer.supranet.net/pptp/ . I tried adding
"logging" to the Windows VPN card, but the client just blue screened as
soon as it attempts the connection.

Any help, pointers gratefully received.

David Landgren




From NorbertSchmidt at juelich-bonn.de  Mon Nov 27 10:00:25 2000
From: NorbertSchmidt at juelich-bonn.de (NorbertSchmidt)
Date: Mon, 27 Nov 2000 17:00:25 +0100
Subject: [pptp-server] Connecting problem Caught signal 11
Message-ID: <3A228519.10B2A498@juelich-bonn.de>

Hi there,

I thought to have set up the Linux pptp Server all right on a SuSE 7.0
Server. When I try to connect to it I get an Error 629 on the Windows NT
machine and the following in the pptp.log file...

 
Nov 27 16:52:01 notes pptpd[8646]: CTRL: local address = 192.168.1.2
Nov 27 16:52:01 notes pptpd[8646]: CTRL: remote address = 192.168.1.101
Nov 27 16:52:01 notes pptpd[8646]: CTRL: pppd speed = 115200
Nov 27 16:52:01 notes pptpd[8646]: CTRL: pppd options file =
/etc/ppp/options.ppp0
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Client 192.168.13.119 control
connection started
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Received PPTP Control Message
(type: 1)
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Made a START CTRL CONN RPLY
packet
Nov 27 16:52:01 notes pptpd[8646]: CTRL: I wrote 156 bytes to the
client.
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Sent packet to client
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Received PPTP Control Message
(type: 7)
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Set parameters to 152 maxbps, 3
window size
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Made a OUT CALL RPLY packet
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Starting call (launching pppd,
opening GRE)
Nov 27 16:52:01 notes pptpd[8646]: CTRL: pty_fd = 5
Nov 27 16:52:01 notes pptpd[8646]: CTRL: tty_fd = 6
Nov 27 16:52:01 notes pptpd[8646]: CTRL: I wrote 32 bytes to the client.
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Sent packet to client
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Received PPTP Control Message
(type: 15)
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Got a SET LINK INFO packet with
standard ACCMs
Nov 27 16:52:01 notes pptpd[8647]: CTRL (PPPD Launcher): Connection
speed = 115200
Nov 27 16:52:01 notes pptpd[8647]: CTRL (PPPD Launcher): local address =
192.168.1.2
Nov 27 16:52:01 notes pptpd[8647]: CTRL (PPPD Launcher): remote address
= 192.168.1.101
Nov 27 16:52:01 notes pppd[8647]: pppd 2.3.11 started by root, uid 0
Nov 27 16:52:01 notes pppd[8647]: Using interface ppp0
Nov 27 16:52:01 notes pppd[8647]: Connect: ppp0 <--> /dev/pts/3
Nov 27 16:52:01 notes pppd[8647]: sent [LCP ConfReq id=0x1 <asyncmap
0x0> <auth chap 81> <callback CBCP> <magic 0xb3d3a9ca> <pcomp> <accomp>]
Nov 27 16:52:01 notes pppd[8647]: Timeout 0x8050ba0:0x807a580 in 3
seconds.
Nov 27 16:52:01 notes pppd[8647]: rcvd [LCP ConfReq id=0x0 <magic
0x2fc1> <pcomp> <accomp> <callback CBCP> < 11 04 06 4e> < 13 17 01 5d f3
df 90 c4 77 11 d4 ab 3e 00 04 ac 3d 38 58 00 00 00 00>]
Nov 27 16:52:01 notes pppd[8647]: Fatal signal 11
Nov 27 16:52:01 notes pppd[8647]: Exit.
Nov 27 16:52:01 notes pptpd[8646]: GRE:
read(fd=5,buffer=804dac0,len=8196) from PTY failed: status = -1 error =
Eingabe-/Ausgabefehler
Nov 27 16:52:01 notes pptpd[8646]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Client 192.168.13.119 control
connection finished
Nov 27 16:52:01 notes pptpd[8646]: CTRL: Exiting now

I guess the Fatal signal 11 and the line before that are where the
problem is, but I couldn't find anything in the FAQ's.
What'S wrong???

Any help greatly appreciated
Norbert

-- 
Norbert Schmidt
Optische und elektronische Geraete Juelich
Rheingasse 8-10
53113 Bonn
Germany

Tel: +49 228 9838625
Fax: +49 228 631339


From martin at tuatha.org  Mon Nov 27 10:28:03 2000
From: martin at tuatha.org (Martin Feeney)
Date: Mon, 27 Nov 2000 16:28:03 +0000
Subject: [pptp-server] Connecting problem Caught signal 11
In-Reply-To: <3A228519.10B2A498@juelich-bonn.de>; from NorbertSchmidt@juelich-bonn.de on Mon, Nov 27, 2000 at 16:00:25 +0000
References: <3A228519.10B2A498@juelich-bonn.de>
Message-ID: <20001127162803.E3079@greenspot>

On Mon, 27 Nov 2000 16:00:25 NorbertSchmidt wrote:

> Nov 27 16:52:01 notes pppd[8647]: rcvd [LCP ConfReq id=0x0 <magic
> 0x2fc1> <pcomp> <accomp> <callback CBCP> < 11 04 06 4e> < 13 17 01 5d f3
> df 90 c4 77 11 d4 ab 3e 00 04 ac 3d 38 58 00 00 00 00>]
> Nov 27 16:52:01 notes pppd[8647]: Fatal signal 11

> I guess the Fatal signal 11 and the line before that are where the
> problem is, but I couldn't find anything in the FAQ's.
> What'S wrong???

NT, even though it's not requesting a callback seems to want to know what
level of support is provided for callbacks.

Try putting one or both of the following in your pptpd.options file:

-callback
nocallback

Martin.



From sbuhre at rzb-hamburg.com  Mon Nov 27 16:21:55 2000
From: sbuhre at rzb-hamburg.com (Stephan Buhre)
Date: Mon, 27 Nov 2000 23:21:55 +0100
Subject: [pptp-server] how to require mpppe encryption
Message-ID: <000a01c058c0$73a93cd0$0101a8c0@upside>

Hi,

I have a running pptpd configuration on suse linux 6.4 with 128 bit mppe encryption. How can I configure pppd / pptpd to disallow connections without encryption ?

Stephan Buhre
RZB Hamburg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001127/cad5a1a9/attachment.html>

From phil at vibrationresearch.com  Mon Nov 27 17:00:33 2000
From: phil at vibrationresearch.com (Phil Van Baren)
Date: Mon, 27 Nov 2000 18:00:33 -0500
Subject: [pptp-server] how to require mpppe encryption
In-Reply-To: <000a01c058c0$73a93cd0$0101a8c0@upside>
Message-ID: <000201c058c5$d908ad40$56108318@mw.mediaone.net>

4.4 Can I force incoming connections to use encryption?

	Not out of the box, but there is a pppd patch available from:
	    http://smop.de
	Apply this patch to pppd-2.3.11 after applying the mppe patches,
	and then rebuild and reinstall that package.
	To enable the feature, add the options "require-mppe" and
	"require-mppe-stateless" to your /etc/ppp/options.pptp file.

  -----Original Message-----
  From: pptp-server-admin at lists.schulte.org
[mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Stephan Buhre
  Sent: Monday, November 27, 2000 5:22 PM
  To: pptp-server at lists.schulte.org
  Subject: [pptp-server] how to require mpppe encryption


  Hi,

  I have a running pptpd configuration on suse linux 6.4 with 128 bit mppe
encryption. How can I configure pppd / pptpd to disallow connections without
encryption ?

  Stephan Buhre
  RZB Hamburg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001127/86e00f95/attachment.html>

From ffranco at interlog.com  Mon Nov 27 20:01:34 2000
From: ffranco at interlog.com (Francisco Franco)
Date: Mon, 27 Nov 2000 21:01:34 -0500
Subject: [pptp-server] Need help to run pptpd over ipchains firewall
References: <90769AF04F76D41186C700A0C90AFC3EE5AA@defiant.infohiiway.com>
Message-ID: <3A2311FC.6A0269A@interlog.com>

Hi Steve,

I think that the following is the rule that was at first blocking the access to
pptp:

+++
48   REJECT     all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
+++

So, I did some changes, here is some select output from the post changes:

+++
40   ACCEPT     pptp ------  0.0.0.0/0            0.0.0.0/0             n/a
and
79   ACCEPT     tcp  ------  0.0.0.0/0            205.189.197.50
1024:65535 ->   1723
43   ACCEPT     tcp  ------  205.189.197.50       0.0.0.0/0             1723
->   1024:65535
+++

However, I still get the following message:

+++
Nov 27 20:01:22 hammer kernel: Packet log: output REJECT eth1 PROTO=47
205.189.197.50:65535 24.114.19.225:65535 L=61 S=0x00 I=56320 F=0x0000 T=64 (#49)

+++

The following appears to be the rule that is stopping things:

+++
49   REJECT     all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
+++

Should I be posting to a different group other than this one?  I don't want to
overstay my welcome.

Regards,

Francisco

"Cowles, Steve" wrote:

> > -----Original Message-----
> > From: Francisco Franco [mailto:ffranco at interlog.com]
> > Sent: Sunday, November 26, 2000 8:32 PM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] Need help to run pptpd over ipchains firewall
> >
> > In order to allow pptpd over the firewall running ipchains, I
> > have made the following additions to the firewall.
> >
> > ++ ipchains -A output -i eth1 -j eth1-out
> > ++ ipchains -A eth1-out -s 192.168.1.0/24 -l -j DENY
> > ++ ipchains -A eth1-out -d 192.168.1.0/24 -l -j DENY
> > ++ ipchains -A input -i eth1 -j eth1-in
> > ++ ipchains -A eth1-in -s 192.168.1.0/24 -l -j DENY
> > ++ ipchains -A eth1-in -d 192.168.1.0/24 -l -j DENY
> > ++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 auth -j REJECT
> > ++ ipchains -A eth1-in -p TCP -y -d 0.0.0.0/0 1723 -j ACCEPT -l
> > ++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 1723 -j ACCEPT
> > ++ ipchains -A eth1-in -p 47 -j ACCEPT
> > ++ ipchains -A eth1-in -p TCP -j ACCEPT
> > ++ ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
> >
> > The 192.168.1.0/24 network is my internal network and it sits on eth0.
> > eth1 is my external network.  However, after I have applied the above
> > rules to the ipchains, I get the following messages in m messages log.
> >
> > Nov 26 21:09:14 hammer pptpd[983]: CTRL: Client 24.114.19.225 control
> > connection started
> > Nov 26 21:09:14 hammer pptpd[983]: CTRL: Starting call
> > (launching pppd, opening GRE)
> > Nov 26 21:09:14 hammer pppd[984]: pppd 2.3.11 started by root, uid 0
> > Nov 26 21:09:14 hammer pppd[984]: Using interface ppp0
> > Nov 26 21:09:14 hammer pppd[984]: Connect: ppp0 <--> /dev/pts/2
> > Nov 26 21:09:14 hammer kernel: Packet log: output REJECT eth1 PROTO=47
> > 205.189.197.50:65535 24.114.19.225:65535 L=61 S=0x00 I=1640 F=0x0000
> > T=64 (#48)
>
> The following might help in trying to locate why proto 47 (gre) is being
> rejected by rule number 48 on the output chain. i.e. (#48)
>
> Try using: ipchains -L -n --line-numbers
>
> Based on where the above rules are located in your firewall script, using
> the -A (append) option can cause these rules to show up at the end of a
> defined chain and being superceded by a previous DENY/REJECT rule. By using
> the --line-numbers, you will be able to tell where rule 48 is in relation to
> the rules you have defined for PPTP. Sometimes this type of problem can be
> easily resolved by changing the -A (append) to -I (insert).
>
> FWIW: You can also specify an actual rule number when inserting a rule. i.e.
> Force a rule to be added in a specific order.
> see: man ipchains
>
> Steve Cowles
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!



From dmason at littler.com  Mon Nov 27 20:26:39 2000
From: dmason at littler.com (Mason, Doug)
Date: Mon, 27 Nov 2000 18:26:39 -0800
Subject: [pptp-server] Metrics don't seem to work on NT 4.0?
Message-ID: <4147D65DE61CD211AAD000805FBB343C03794B0D@SFRBRIDGE>

Without boring the list to death:

Goal: Have users in remote office use PPTP to connect to home office but use
a metric (or anything else?) to "fail over" to an existing frame connection
in the same office.

Environment: Remote office has an existing (slow) frame connection back to
the home office.  Remote office also has DSL connection.

PPTP is set up between the remote office and the home office via DSL and can
route traffic in between these two sites.

All users in remote office are set to have the default gateway be the PPTP
server.  Everything works well, the frame connection is never touched.

However, I thought I could just use a Metric in NT 4.0 and set it so that if
the VPN connection was unavailable it would bounce traffic back over to the
frame connection (which is a router).

10.65.1.1	Router on the frame connection
10.65.1.2	PPTP server via DSL to home office (255.255.0.0)
10.7.1.65	Address of remote office connection on the home office PPTP
server
10.7.1.1		Main router in home office

Sooo....

0.0.0.0		0.0.0.0	10.7.1.1		VPN_INTERFACE	10 (metric)
0.0.0.0		0.0.0.0	10.7.1.1		10.65.1.1		20

....what I would THINK this would do is that traffic would normally all go
via the VPN interface.  If the VPN interface is unavailable (ie: DSL dies)
the higher cost metric would become active and it would forward all the
traffic to the 10.65.1.1 router.

In actual testing, however, this doesn't seem to work.  It seems like NT
will keep the original route around and never bring up the second route.  If
I switch the matrix numbers around it will start moving via the Frame
instead of the DSL, but I can't get one to fail over to the other.  Printing
out the route table shows everything correctly and lists both routes with
the correct metric.

Am I using metrics in the wrong way or is it just not supported?

Surely other people are set up a VPN connection with a backup route in case
it goes down....?

Help!

--Doug Mason (dmason at littler.com)



----
This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.

To reply to our email administrator directly, send an email to
postmaster at littler.com

Littler Mendelson, P.C.
http://www.littler.com





From ffranco at interlog.com  Mon Nov 27 21:10:24 2000
From: ffranco at interlog.com (Francisco Franco)
Date: Mon, 27 Nov 2000 22:10:24 -0500
Subject: [pptp-server] Need help to run pptpd over ipchains firewall
References: <90769AF04F76D41186C700A0C90AFC3EE5AA@defiant.infohiiway.com> <3A2311FC.6A0269A@interlog.com>
Message-ID: <3A232220.7BAF8B49@interlog.com>

Hi Steve,

Just another update, I  now have the following in my firewall:

+++
    ipchains -A forward -i $EXTERNAL_INTERFACE -p tcp  \
             -s 10.0.0.200 $UNPRIVPORTS \
             -d $ANYWHERE 1723 -j MASQ

    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp  \
             -s $ANYWHERE $UNPRIVPORTS \
             -d $IPADDR 1723 -j ACCEPT

    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
             -s $IPADDR 1723 \
             -d $ANYWHERE $UNPRIVPORTS -j ACCEPT

    ipchains -A forward -i $EXTERNAL_INTERFACE -p 47  \
             -s 10.0.0.200 \
             -d $ANYWHERE -j MASQ

    ipchains -A input  -i $EXTERNAL_INTERFACE -p 47  \
             -s $ANYWHERE \
             -d $IPADDR -j ACCEPT

    ipchains -A output -i $EXTERNAL_INTERFACE -p 47  \
             -s $IPADDR \
             -d $ANYWHERE -j ACCEPT
+++

Now I get a little further to the point where the client tries to connect to the
server, but I get the following:

+++
Nov 27 22:11:12 hammer pppd[7006]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth
chap MD5> <magic 0x5f533724> <pcomp> <accomp>]
Nov 27 22:11:39 hammer last message repeated 9 times
Nov 27 22:11:42 hammer pppd[7006]: LCP: timeout sending Config-Requests
+++

Am I missing anything else?

Francisco

Francisco Franco wrote:

> Hi Steve,
>
> I think that the following is the rule that was at first blocking the access to
> pptp:
>
> +++
> 48   REJECT     all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
> +++
>
> So, I did some changes, here is some select output from the post changes:
>
> +++
> 40   ACCEPT     pptp ------  0.0.0.0/0            0.0.0.0/0             n/a
> and
> 79   ACCEPT     tcp  ------  0.0.0.0/0            205.189.197.50
> 1024:65535 ->   1723
> 43   ACCEPT     tcp  ------  205.189.197.50       0.0.0.0/0             1723
> ->   1024:65535
> +++
>
> However, I still get the following message:
>
> +++
> Nov 27 20:01:22 hammer kernel: Packet log: output REJECT eth1 PROTO=47
> 205.189.197.50:65535 24.114.19.225:65535 L=61 S=0x00 I=56320 F=0x0000 T=64 (#49)
>
> +++
>
> The following appears to be the rule that is stopping things:
>
> +++
> 49   REJECT     all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
> +++
>
> Should I be posting to a different group other than this one?  I don't want to
> overstay my welcome.
>
> Regards,
>
> Francisco
>
> "Cowles, Steve" wrote:
>
> > > -----Original Message-----
> > > From: Francisco Franco [mailto:ffranco at interlog.com]
> > > Sent: Sunday, November 26, 2000 8:32 PM
> > > To: pptp-server at lists.schulte.org
> > > Subject: [pptp-server] Need help to run pptpd over ipchains firewall
> > >
> > > In order to allow pptpd over the firewall running ipchains, I
> > > have made the following additions to the firewall.
> > >
> > > ++ ipchains -A output -i eth1 -j eth1-out
> > > ++ ipchains -A eth1-out -s 192.168.1.0/24 -l -j DENY
> > > ++ ipchains -A eth1-out -d 192.168.1.0/24 -l -j DENY
> > > ++ ipchains -A input -i eth1 -j eth1-in
> > > ++ ipchains -A eth1-in -s 192.168.1.0/24 -l -j DENY
> > > ++ ipchains -A eth1-in -d 192.168.1.0/24 -l -j DENY
> > > ++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 auth -j REJECT
> > > ++ ipchains -A eth1-in -p TCP -y -d 0.0.0.0/0 1723 -j ACCEPT -l
> > > ++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 1723 -j ACCEPT
> > > ++ ipchains -A eth1-in -p 47 -j ACCEPT
> > > ++ ipchains -A eth1-in -p TCP -j ACCEPT
> > > ++ ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
> > >
> > > The 192.168.1.0/24 network is my internal network and it sits on eth0.
> > > eth1 is my external network.  However, after I have applied the above
> > > rules to the ipchains, I get the following messages in m messages log.
> > >
> > > Nov 26 21:09:14 hammer pptpd[983]: CTRL: Client 24.114.19.225 control
> > > connection started
> > > Nov 26 21:09:14 hammer pptpd[983]: CTRL: Starting call
> > > (launching pppd, opening GRE)
> > > Nov 26 21:09:14 hammer pppd[984]: pppd 2.3.11 started by root, uid 0
> > > Nov 26 21:09:14 hammer pppd[984]: Using interface ppp0
> > > Nov 26 21:09:14 hammer pppd[984]: Connect: ppp0 <--> /dev/pts/2
> > > Nov 26 21:09:14 hammer kernel: Packet log: output REJECT eth1 PROTO=47
> > > 205.189.197.50:65535 24.114.19.225:65535 L=61 S=0x00 I=1640 F=0x0000
> > > T=64 (#48)
> >
> > The following might help in trying to locate why proto 47 (gre) is being
> > rejected by rule number 48 on the output chain. i.e. (#48)
> >
> > Try using: ipchains -L -n --line-numbers
> >
> > Based on where the above rules are located in your firewall script, using
> > the -A (append) option can cause these rules to show up at the end of a
> > defined chain and being superceded by a previous DENY/REJECT rule. By using
> > the --line-numbers, you will be able to tell where rule 48 is in relation to
> > the rules you have defined for PPTP. Sometimes this type of problem can be
> > easily resolved by changing the -A (append) to -I (insert).
> >
> > FWIW: You can also specify an actual rule number when inserting a rule. i.e.
> > Force a rule to be added in a specific order.
> > see: man ipchains
> >
> > Steve Cowles
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!



From hshaw at HealthCentral.com  Mon Nov 27 22:34:49 2000
From: hshaw at HealthCentral.com (hshaw at HealthCentral.com)
Date: Mon, 27 Nov 2000 20:34:49 -0800
Subject: [pptp-server] Need help to run pptpd over ipchains firewall
Message-ID: <ED59CE15C2CAD311BFC8009027DCEF3801DD39AB@ASPEN>

I have this working on my firewalls. Are you accepting port 1723 AND
protocol 47 back and forth from the external to the masqed network?

I'll show you what I mean (this taken from a running Linux firewall using
ipchains that is port forwarding 1723 and protocol 47. The ip's have been
changed)

I.E. 
Chain input (policy ACCEPT):
ACCEPT     tcp  ------  0.0.0.0/0            <external IP of firewall>
* ->   1723
ACCEPT     gre  ------  0.0.0.0/0             <external IP of Firewall>
n/a
Chain forward (policy ACCEPT):
MASQ       tcp  ------  172.16.61.10         0.0.0.0/0             1723 ->
*
MASQ       gre  ------  172.16.61.10         0.0.0.0/0             n/a
MASQ       tcp  ------  0.0.0.0/0            172.16.61.10          * ->
1723
MASQ       gre  ------  0.0.0.0/0            172.16.61.10          n/a
MASQ       all  ------  172.16.61.0/24       0.0.0.0/0             n/a

this was taken from doing an ipchains -L. It has been working for almost a
year now.. It works with poptop being on the firewall and it is working with
it port forwarding the port and protocol to an internal VPN server.

Hope you can see what is going on and possibly duplicate it on yours.. 


Terrelle Shaw



-----Original Message-----
From: Francisco Franco [mailto:ffranco at interlog.com]
Sent: Monday, November 27, 2000 6:02 PM
To: pptp-server at lists.schulte.org
Subject: Re: [pptp-server] Need help to run pptpd over ipchains firewall


Hi Steve,

I think that the following is the rule that was at first blocking the access
to
pptp:

+++
48   REJECT     all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
+++

So, I did some changes, here is some select output from the post changes:

+++
40   ACCEPT     pptp ------  0.0.0.0/0            0.0.0.0/0             n/a
and
79   ACCEPT     tcp  ------  0.0.0.0/0            205.189.197.50
1024:65535 ->   1723
43   ACCEPT     tcp  ------  205.189.197.50       0.0.0.0/0             1723
->   1024:65535
+++

However, I still get the following message:

+++
Nov 27 20:01:22 hammer kernel: Packet log: output REJECT eth1 PROTO=47
205.189.197.50:65535 24.114.19.225:65535 L=61 S=0x00 I=56320 F=0x0000 T=64
(#49)

+++

The following appears to be the rule that is stopping things:

+++
49   REJECT     all  ----l-  0.0.0.0/0            0.0.0.0/0             n/a
+++

Should I be posting to a different group other than this one?  I don't want
to
overstay my welcome.

Regards,

Francisco

"Cowles, Steve" wrote:

> > -----Original Message-----
> > From: Francisco Franco [mailto:ffranco at interlog.com]
> > Sent: Sunday, November 26, 2000 8:32 PM
> > To: pptp-server at lists.schulte.org
> > Subject: [pptp-server] Need help to run pptpd over ipchains firewall
> >
> > In order to allow pptpd over the firewall running ipchains, I
> > have made the following additions to the firewall.
> >
> > ++ ipchains -A output -i eth1 -j eth1-out
> > ++ ipchains -A eth1-out -s 192.168.1.0/24 -l -j DENY
> > ++ ipchains -A eth1-out -d 192.168.1.0/24 -l -j DENY
> > ++ ipchains -A input -i eth1 -j eth1-in
> > ++ ipchains -A eth1-in -s 192.168.1.0/24 -l -j DENY
> > ++ ipchains -A eth1-in -d 192.168.1.0/24 -l -j DENY
> > ++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 auth -j REJECT
> > ++ ipchains -A eth1-in -p TCP -y -d 0.0.0.0/0 1723 -j ACCEPT -l
> > ++ ipchains -A eth1-in -p TCP -d 0.0.0.0/0 1723 -j ACCEPT
> > ++ ipchains -A eth1-in -p 47 -j ACCEPT
> > ++ ipchains -A eth1-in -p TCP -j ACCEPT
> > ++ ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
> >
> > The 192.168.1.0/24 network is my internal network and it sits on eth0.
> > eth1 is my external network.  However, after I have applied the above
> > rules to the ipchains, I get the following messages in m messages log.
> >
> > Nov 26 21:09:14 hammer pptpd[983]: CTRL: Client 24.114.19.225 control
> > connection started
> > Nov 26 21:09:14 hammer pptpd[983]: CTRL: Starting call
> > (launching pppd, opening GRE)
> > Nov 26 21:09:14 hammer pppd[984]: pppd 2.3.11 started by root, uid 0
> > Nov 26 21:09:14 hammer pppd[984]: Using interface ppp0
> > Nov 26 21:09:14 hammer pppd[984]: Connect: ppp0 <--> /dev/pts/2
> > Nov 26 21:09:14 hammer kernel: Packet log: output REJECT eth1 PROTO=47
> > 205.189.197.50:65535 24.114.19.225:65535 L=61 S=0x00 I=1640 F=0x0000
> > T=64 (#48)
>
> The following might help in trying to locate why proto 47 (gre) is being
> rejected by rule number 48 on the output chain. i.e. (#48)
>
> Try using: ipchains -L -n --line-numbers
>
> Based on where the above rules are located in your firewall script, using
> the -A (append) option can cause these rules to show up at the end of a
> defined chain and being superceded by a previous DENY/REJECT rule. By
using
> the --line-numbers, you will be able to tell where rule 48 is in relation
to
> the rules you have defined for PPTP. Sometimes this type of problem can be
> easily resolved by changing the -A (append) to -I (insert).
>
> FWIW: You can also specify an actual rule number when inserting a rule.
i.e.
> Force a rule to be added in a specific order.
> see: man ipchains
>
> Steve Cowles
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From david.landgren at bpinet.com  Tue Nov 28 03:33:08 2000
From: david.landgren at bpinet.com (David LANDGREN)
Date: Tue, 28 Nov 2000 10:33:08 +0100
Subject: [pptp-server] Getting started on OpenBSD [Closure]
Message-ID: <C12569A5.00347946.00@Brehat.bpinet.com>

||Did you configure PoPToP using the command:
||    ./configure --with-bsdppp
|
|Done.
|
||Also, check out the FreeBSD PPTP HOWTO at:
||    http://heyer.supranet.net/pptp/

Replying to myself, but especially for the archives. The problem with
running pptp on OpenBSD (version 2.7 in any event) is that by default, the
kernel will eat GRE packets. The kernel *must* be recompiled, and the
following line in the GENERIC configuration file must be commented out.

pseudo-device  gre     1       # GRE encapsulation interface

becomes

#pseudo-device  gre     1       # GRE encapsulation interface

Once this is done, pptp works flawlessly. I am not sure whether this can be
configured on the fly, but in any event compiling the kernel is simple and
fast, and you may take the opportunity to strip out a lot of functionality
that you don't need anyway.

David Landgren




From pal at sequenza.it  Tue Nov 28 06:13:19 2000
From: pal at sequenza.it (Peter Palombi)
Date: Tue, 28 Nov 2000 13:13:19 +0100
Subject: [pptp-server] information
Message-ID: <000501c05934$9a228960$3d01a8c0@gpa.it>

Hi all,

I have installed the pptp server on my linux 6.2 kernel 2.2.14-12.
I woul make only a test now  why i would make the vpn connection between 2 pc that they are in the same net.

the first PC(windows) 192.168.1.61
and the server 192.168.1.105

how can i look if the vpn work or not?

i have change the file pptp.conf

speed 115200

localip: what have to insert into this row
remoteip: what have to insert into this row

in my pptp.conf there are
localip: 192.168.0.234-238
remoteip: 192.168.1.9-15

When i make the connection on my widows 98 on the server .. the autentication work right .. but than i look in the log i receive this error:
Peer is not autorizate to use remote address 192.168.1.9
CCP terminated by peer
..
exit
GRE: PTY read or GRE write failed(pty,gre)=(4,5)


The ip address 192.168.1.9 is not in use!

in my window 98 i look a rows in the routing table

192.168.1.105 <- 192.168.1.61


For you the confguraztion is right?
or the problem is only why i would make a connection VPN between two PC on the same net?

Thanks for your help

Peter




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001128/80d9c898/attachment.html>

From ffranco at interlog.com  Tue Nov 28 10:47:43 2000
From: ffranco at interlog.com (Francisco Franco)
Date: Tue, 28 Nov 2000 11:47:43 -0500
Subject: [pptp-server] Need help to run pptpd over ipchains firewall
References: <90769AF04F76D41186C700A0C90AFC3EE5AA@defiant.infohiiway.com> <3A2311FC.6A0269A@interlog.com> <3A232220.7BAF8B49@interlog.com> <3A234335.FECF1AFB@home.com>
Message-ID: <3A23E1AF.1C5A1776@interlog.com>

Hi Folks,

Thanks very much for all your help, but unfortunatly the problem that I
was experiencing
can be totally attributed to my own stupidity and nothing else.  At home
I am connected to
a router manufactured by LinkSys.  The problem was that the device is
doing masquerading.
So, once I figured that out, I decided to connect using my ISP through a
plain old
telephone line with nothing between my PC and the PPTP server.  Once I
did that, all my
troubles went away and I was able to connect without any problems.

Once again thanks very much for all the help and suggestions.

I may soon bother you all when I move onto configuring machines running
W2K.

Francisco

Jerry Vonau wrote:

> Francisco:
>
> try from my earlier post:
>
> /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -d $EXTIP/32 1723
> /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p 47 -d $EXTIP/32
> /sbin/ipchains -A input -j ACCEPT -i ppp+ -b -s 0/0 -d 0/0
> /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp ! -y -s $EXTIP/32 1723
> /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p 47 -s $EXTIP/32 -d $UNIVERSE
> /sbin/ipchains -A output -j ACCEPT -i  ppp+ -b -s 0/0 -d 0/0
> /sbin/ipchains -A forward -j ACCEPT -i $ppp+ -s $INTLAN -d $INTLAN
> /sbin/ipchains -A forward -j ACCEPT -i $INTIF -s $INTLAN -d $INTLAN
>
> Don't forward the P 47 and GRE if this server is on the firewall, it's the final stop.
>
> If the server is behind the firewall that is a whole different ball game.
> This should allows connections. What does your /etc/ppp/options file look like?
>
> Francisco Franco wrote:
>
> > Hi Steve,
> >
> > Just another update, I  now have the following in my firewall:
> >
> > +++
> >     ipchains -A forward -i $EXTERNAL_INTERFACE -p tcp  \
> >              -s 10.0.0.200 $UNPRIVPORTS \
> >              -d $ANYWHERE 1723 -j MASQ
> >
> >     ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp  \
> >              -s $ANYWHERE $UNPRIVPORTS \
> >              -d $IPADDR 1723 -j ACCEPT
> >
> >     ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
> >              -s $IPADDR 1723 \
> >              -d $ANYWHERE $UNPRIVPORTS -j ACCEPT
> >
> >     ipchains -A forward -i $EXTERNAL_INTERFACE -p 47  \
> >              -s 10.0.0.200 \
> >              -d $ANYWHERE -j MASQ
> >
> >     ipchains -A input  -i $EXTERNAL_INTERFACE -p 47  \
> >              -s $ANYWHERE \
> >              -d $IPADDR -j ACCEPT
> >
> >     ipchains -A output -i $EXTERNAL_INTERFACE -p 47  \
> >              -s $IPADDR \
> >              -d $ANYWHERE -j ACCEPT
> > +++
> >
> > Now I get a little further to the point where the client tries to connect to the
> > server, but I get the following:
> >
> > +++
> > Nov 27 22:11:12 hammer pppd[7006]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth
> > chap MD5> <magic 0x5f533724> <pcomp> <accomp>]
> > Nov 27 22:11:39 hammer last message repeated 9 times
> > Nov 27 22:11:42 hammer pppd[7006]: LCP: timeout sending Config-Requests
> > +++
> >
> > Am I missing anything else?
> >
> > Francisco
> >


From mikes at hartwellcorp.com  Tue Nov 28 11:51:58 2000
From: mikes at hartwellcorp.com (Michael St. Laurent)
Date: Tue, 28 Nov 2000 09:51:58 -0800
Subject: [pptp-server] Authenticate against NT PDC?
Message-ID: <91A5926EFF44D3118B1200104B7276EB654E27@hart-exchange.hartwellcorp.com>

I've found the ppp patch that will authenticate against the /etc/smbpasswd
file (much better than maintaining a textfile of passwords!).  Has anyone
done the coding to authenticate against an NT PDC?


--------------------
Michael St. Laurent
Hartwell Corporation


From ingle at fastloki.Stanford.EDU  Tue Nov 28 13:17:10 2000
From: ingle at fastloki.Stanford.EDU (Nik Ingle)
Date: Tue, 28 Nov 2000 11:17:10 -0800 (PST)
Subject: [pptp-server] simple pptp with samba
Message-ID: <Pine.GSO.4.21.0011281008350.21013-100000@fastloki.Stanford.EDU>

I have a very simple set up.  A samba server/pptp server in one subnet and
a WinNT box in another subnet with no firewalls between them and no
authentication/encryption required for the VPN connection (yet).

I would like to be able to get at the samba server from the WinNT box, but
don't require full network neighborhood browsing capabilities.

So far, I have the pptp server up and running and when I run the dail-up
networking from the WinNT box to connect to it via the VPN client
software, it seems to connect (and stay connected) with no problems.  
However, I can then not find the samba/pptp machine to look at the samba
shared files (within the samba subnet, samba has been working with Win98
machines for a year).  If I go to the run menu (on the WinNT box) and type
in \\computername or \\ipaddress I get a message telling me the network
path was not found.  If I go to the START--FIND--COMPUTERS menu and type
in the computername or IP address (it is a real DNS name, and real,
registered IP address) it is not found.

I have read alot about what settings are needed and am confused about the
WINS server, whether I need it, and if I have it configured correctly.  I
thought that was only neccessary if you wanted full browsing capabilities,
but regarless, I can not get to the samba files from the WinNT box so I
must be missing something.

Here are my settings on the samba/pptp server:

/etc/ppp/options 
debug
noauth
ms-wins 198.144.198.98  (this is the IP address of the samba/pptp server
and I have wins support = yes in smb.conf)
ms-dns 198.144.198.98   (do I need this?) 

/etc/pptpd.conf
speed 115200
localip 198.144.198.98     (samba/pptp server)
remoteip 171.64.84.67     (WinNT box)

the smbd.conf file has the following turned on:
domain master = yes
preferred master = yes
wins support = yes

As for the WinNT box, I have tried a number of things including setting
the workgroup to that of the samba server, and setting the WINS Address
under contorl panel-network-protocols-TCP/IP to the samba/pptp server
(This has the side effect of causing the rest of my networking on the
WinNT box to stop working).  

Any suggestions?

thanks

Nik


Nik Ingle
Dept. Applied Physics
Stanford University 
Stanford, CA 94305-4090
(650) 725-2296






From jkreger at avidsolutionsinc.com  Tue Nov 28 13:00:50 2000
From: jkreger at avidsolutionsinc.com (Justin Kreger)
Date: Tue, 28 Nov 2000 14:00:50 -0500
Subject: [pptp-server] Authenticate against NT PDC?
Message-ID: <6B8A85826C35D31193BD0090278589C80FE6D8@CIC-EXCHANGE>

The samba team has a program that supposidly "massages" the NT registry and
sam to generate smbpasswd file.  Reportedly, it has to be run as
Administrator, Something that I don't hold on the NT boxen where I work so I
have not tried it.

-LW

-----Original Message-----
From: Michael St. Laurent [mailto:mikes at hartwellcorp.com]
Sent: Tuesday, November 28, 2000 12:52 PM
To: 'pptp-server at lists.schulte.org'
Subject: [pptp-server] Authenticate against NT PDC?


I've found the ppp patch that will authenticate against the /etc/smbpasswd
file (much better than maintaining a textfile of passwords!).  Has anyone
done the coding to authenticate against an NT PDC?


--------------------
Michael St. Laurent
Hartwell Corporation
_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From georgev at citadelcomputer.com.au  Tue Nov 28 15:31:53 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Wed, 29 Nov 2000 08:31:53 +1100
Subject: [pptp-server] simple pptp with samba
Message-ID: <90C35E9FADC0D41184770000E860EB4901BC1B@cittech>

Is your PPTP IP addresses on the same subnet as the samba machines network?
If not then you will have to specify the `hosts allow = xx.xx.xx.xx` and/or
possibly `remote announce = xxx.xxx.xxx.xxx` command in your /etc/smb.conf.

Another option in smb.conf may be the `interfaces = 192.168.2.10/24
192.168.3.10/24` etc...

try that..

thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
PGP KeyID:		0x38A9A10C


-----Original Message-----
From: Nik Ingle [mailto:ingle at fastloki.Stanford.EDU]
Sent: Wednesday, November 29, 2000 6:17 AM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] simple pptp with samba


I have a very simple set up.  A samba server/pptp server in one subnet and
a WinNT box in another subnet with no firewalls between them and no
authentication/encryption required for the VPN connection (yet).

I would like to be able to get at the samba server from the WinNT box, but
don't require full network neighborhood browsing capabilities.

So far, I have the pptp server up and running and when I run the dail-up
networking from the WinNT box to connect to it via the VPN client
software, it seems to connect (and stay connected) with no problems.  
However, I can then not find the samba/pptp machine to look at the samba
shared files (within the samba subnet, samba has been working with Win98
machines for a year).  If I go to the run menu (on the WinNT box) and type
in \\computername or \\ipaddress I get a message telling me the network
path was not found.  If I go to the START--FIND--COMPUTERS menu and type
in the computername or IP address (it is a real DNS name, and real,
registered IP address) it is not found.

I have read alot about what settings are needed and am confused about the
WINS server, whether I need it, and if I have it configured correctly.  I
thought that was only neccessary if you wanted full browsing capabilities,
but regarless, I can not get to the samba files from the WinNT box so I
must be missing something.

Here are my settings on the samba/pptp server:

/etc/ppp/options 
debug
noauth
ms-wins 198.144.198.98  (this is the IP address of the samba/pptp server
and I have wins support = yes in smb.conf)
ms-dns 198.144.198.98   (do I need this?) 

/etc/pptpd.conf
speed 115200
localip 198.144.198.98     (samba/pptp server)
remoteip 171.64.84.67     (WinNT box)

the smbd.conf file has the following turned on:
domain master = yes
preferred master = yes
wins support = yes

As for the WinNT box, I have tried a number of things including setting
the workgroup to that of the samba server, and setting the WINS Address
under contorl panel-network-protocols-TCP/IP to the samba/pptp server
(This has the side effect of causing the rest of my networking on the
WinNT box to stop working).  

Any suggestions?

thanks

Nik


Nik Ingle
Dept. Applied Physics
Stanford University 
Stanford, CA 94305-4090
(650) 725-2296




_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From jimf at HDCSI.com  Tue Nov 28 17:25:13 2000
From: jimf at HDCSI.com (Fennacy, Jim)
Date: Tue, 28 Nov 2000 15:25:13 -0800
Subject: [pptp-server] Win2000 VPN thru Linux Gateway.
Message-ID: <F01D9E96DA9FD31185DB005004A8E14A2EC2DF@MAIL>

I have a Win2000 box at home connected to a Mandrake 7.1 Linux machine
acting as a gateway/router for my home network.  I am trying to connect to
my office's Win2000 VPN server.  I can ping the machine.  When I try to make
the VPN connection I get stopped at verifying username and password.  I can
connect if I go from my Win2000 machine thru a modem.

Is this a problem PoPToP will help me with?  Is it a MSCHAP issue that my
Linux box is choking on?  

Forgive the "stupid question".

Jim.


From jvonau at home.com  Tue Nov 28 18:21:52 2000
From: jvonau at home.com (Jerry Vonau)
Date: Tue, 28 Nov 2000 18:21:52 -0600
Subject: [pptp-server] Win2000 VPN thru Linux Gateway.
References: <F01D9E96DA9FD31185DB005004A8E14A2EC2DF@MAIL>
Message-ID: <3A244C20.507B1AA2@home.com>

Jim:
check out

http://www.ibiblio.org/pub/Linux/docs/HOWTO/VPN-Masquerade-HOWTO

You need to patch thing up to MASQ a pptp connection.

If you would like to have all your protected network access the vpn server have
a look at:

http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/

It's a pptp client for linux, can be a bit of a pain to setup but it works

 Jerry Vonau

"Fennacy, Jim" wrote:

> I have a Win2000 box at home connected to a Mandrake 7.1 Linux machine
> acting as a gateway/router for my home network.  I am trying to connect to
> my office's Win2000 VPN server.  I can ping the machine.  When I try to make
> the VPN connection I get stopped at verifying username and password.  I can
> connect if I go from my Win2000 machine thru a modem.
>
> Is this a problem PoPToP will help me with?  Is it a MSCHAP issue that my
> Linux box is choking on?
>
> Forgive the "stupid question".
>
> Jim.
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!



From emmet___ at yahoo.com  Tue Nov 28 19:02:07 2000
From: emmet___ at yahoo.com (S.Ecker)
Date: Tue, 28 Nov 2000 17:02:07 -0800 (PST)
Subject: [pptp-server] Authenticate against NT PDC?
Message-ID: <20001129010207.4153.qmail@web216.mail.yahoo.com>

Where did you find that patch? link please.

-Scott

--- "Michael St. Laurent" <mikes at hartwellcorp.com>
wrote:
> I've found the ppp patch that will authenticate
> against the /etc/smbpasswd
> file (much better than maintaining a textfile of
> passwords!).  Has anyone
> done the coding to authenticate against an NT PDC?
> 
> 
> --------------------
> Michael St. Laurent
> Hartwell Corporation
> _______________________________________________
> pptp-server maillist  - 
> pptp-server at lists.schulte.org
>
http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!


__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/


From ron at mel.compumod.com.au  Tue Nov 28 21:57:05 2000
From: ron at mel.compumod.com.au (Ron Cresswell,Compumod Melbourne)
Date: Wed, 29 Nov 2000 14:57:05 +1100
Subject: [pptp-server] pptpd errors - not fixed by pptpd1.0.1! (was: PPTPD errors intermittently)
Message-ID: <3A247E91.7050409@mel.compumod.com.au>

Hi Folks
I have installed pptpd1.0.1 and I'm still getting the errors shown below 
after a few hours. These were supposedly a feature of 1.0.0 or 1.2.0. 
When this starts, I have syslogd taking up 96% CPU and the hard disk 
thrashing continuously - which makes this a bit more than a minor 
inconvenience!

Do I need to upgrade the linux client as well perhaps?

Any help gratefully received!

Thanks

Ron


Nov 26 04:03:09 ghost pptpd[12877]: CTRL: Unexpected control message 0 
in disconnect sequence
Nov 26 04:03:10 ghost pptpd[12877]: CTRL: EOF or bad error reading ctrl 
packet length.
Nov 26 04:03:10 ghost pptpd[12877]: CTRL: couldn't read packet header (exit)
Nov 26 04:03:10 ghost pptpd[12877]: CTRL: Unexpected control message 0 
in disconnect sequence
Nov 26 04:03:10 ghost pptpd[12877]: CTRL: EOF or bad error reading ctrl 
packet length.
Nov 26 04:03:10 ghost pptpd[12877]: CTRL: couldn't read packet header (exit)
Nov 26 04:03:11 ghost pptpd[12877]: CTRL: Unexpected control message 0 
in disconnect sequence
Nov 26 04:03:11 ghost pptpd[12877]: CTRL: EOF or bad error reading ctrl 
packet length.
Nov 26 04:03:11 ghost pptpd[12877]: CTRL: couldn't read packet header (exit)
Nov 26 04:03:12 ghost pptpd[12877]: CTRL: Unexpected control message 0 
in disconnect sequence

-- 
Ron Cresswell---CFD&EM Manager---Compumod Pty Ltd
Level 7---271 William St---Melbourne---Australia
---Ph.+61 3 9642 0333---Fax +61 3 9642 0330---



From georgev at citadelcomputer.com.au  Tue Nov 28 22:57:20 2000
From: georgev at citadelcomputer.com.au (George Vieira)
Date: Wed, 29 Nov 2000 15:57:20 +1100
Subject: [pptp-server] pptpd errors - not fixed by pptpd1.0.1! (was: P
	PTPD errors intermittently)
Message-ID: <90C35E9FADC0D41184770000E860EB4901BC26@cittech>

Use pptpd 1.1.2 as 1.0.1 still has those problems.. I'm using 1.1.2 and it's
OK..

thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9 A10C
PGP KeyID:		0x38A9A10C


-----Original Message-----
From: Ron Cresswell,Compumod Melbourne [mailto:ron at mel.compumod.com.au]
Sent: Wednesday, November 29, 2000 2:57 PM
To: pptp-server at lists.schulte.org
Subject: [pptp-server] pptpd errors - not fixed by pptpd1.0.1! (was:
PPTPD errors intermittently)



Hi Folks
I have installed pptpd1.0.1 and I'm still getting the errors shown below 
after a few hours. These were supposedly a feature of 1.0.0 or 1.2.0. 
When this starts, I have syslogd taking up 96% CPU and the hard disk 
thrashing continuously - which makes this a bit more than a minor 
inconvenience!

Do I need to upgrade the linux client as well perhaps?

Any help gratefully received!

Thanks

Ron


Nov 26 04:03:09 ghost pptpd[12877]: CTRL: Unexpected control message 0 
in disconnect sequence
Nov 26 04:03:10 ghost pptpd[12877]: CTRL: EOF or bad error reading ctrl 
packet length.
Nov 26 04:03:10 ghost pptpd[12877]: CTRL: couldn't read packet header (exit)
Nov 26 04:03:10 ghost pptpd[12877]: CTRL: Unexpected control message 0 
in disconnect sequence
Nov 26 04:03:10 ghost pptpd[12877]: CTRL: EOF or bad error reading ctrl 
packet length.
Nov 26 04:03:10 ghost pptpd[12877]: CTRL: couldn't read packet header (exit)
Nov 26 04:03:11 ghost pptpd[12877]: CTRL: Unexpected control message 0 
in disconnect sequence
Nov 26 04:03:11 ghost pptpd[12877]: CTRL: EOF or bad error reading ctrl 
packet length.
Nov 26 04:03:11 ghost pptpd[12877]: CTRL: couldn't read packet header (exit)
Nov 26 04:03:12 ghost pptpd[12877]: CTRL: Unexpected control message 0 
in disconnect sequence

-- 
Ron Cresswell---CFD&EM Manager---Compumod Pty Ltd
Level 7---271 William St---Melbourne---Australia
---Ph.+61 3 9642 0333---Fax +61 3 9642 0330---

_______________________________________________
pptp-server maillist  -  pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!


From pal at sequenza.it  Wed Nov 29 06:16:25 2000
From: pal at sequenza.it (Peter Palombi)
Date: Wed, 29 Nov 2000 13:16:25 +0100
Subject: [pptp-server] Error
Message-ID: <001901c059fe$326ad000$3d01a8c0@gpa.it>

Hi all,

I look always in the log this messages.

Peer is not authorized to use remote address x.x.x.x
and than
Connetion terminated

How can i solve this problem?

Thanks for your help

Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001129/32cc9f01/attachment.html>

From phil at vibrationresearch.com  Wed Nov 29 08:05:03 2000
From: phil at vibrationresearch.com (Philip Van Baren)
Date: Wed, 29 Nov 2000 09:05:03 -0500
Subject: [pptp-server] Authenticate against NT PDC?
In-Reply-To: <20001129010207.4153.qmail@web216.mail.yahoo.com>
Message-ID: <000301c05a0d$5ed29e70$4500a8c0@vibrationresearch.com>


From kamesh_23_madras at winbox.com  Wed Nov 29 09:47:09 2000
From: kamesh_23_madras at winbox.com (kamesh babu)
Date: Wed, 29 Nov 2000 16:47:09 +0100 (GMT+01:00)
Subject: [pptp-server] regarding PPTp server
Message-ID: <4970041.975512829654.JavaMail.root@www2.winbox.com>

Hi,
    I am relatively new to this VPN thing and i need your help.

My requirement:

Our office lan is in 10.X private Net with one PDC and a BDC. Pdc acts as DHCP server also and BDC acts as wins and file server.

 Our HR team Wants to connect to the PDC  and access the fileserver via internet. they will dial using windows 2000/ NT.

i have installed PoPTop 10.0.0-1 on a Redhat linux 7.0
which is the gateway to internet( with no ip chain rules as of now)
my PPP version is 2.3.11-7


 For testing purpose i am using one NT workstation 4 on the local lan . i am able to authenticate and connect .

 But after connecting i am not able to browse all the servers  in network neighbourhood and i am not able o ping any ips in local net.



in pptp config file, i have put local server ips as 10.0.0.8 ( our pdc)
in remote ips, what should i have to put?? we have dhcp server running in 10.0.0.8

for testing i have put teh range from 10.0.0.200-250
and i got 10.0.0.200

i tested by connecting from the local lan itself.



Ethernet adapter DC21X41:

        IP Address. . . . . . . . . : 10.0.0.239
        Subnet Mask . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . : 10.0.0.1
        DHCP Server . . . . . . . . : 10.0.0.8
        Primary WINS Server . . . . : 10.0.0.8
        Lease Obtained. . . . . . . : Tuesday, November 28, 2000 6:45:51 PM
        Lease Expires . . . . . . . : Friday, December 08, 2000 6:45:51 PM

PPP adapter NdisWan7:

        Description . . . . . . . . : NdisWan Adapter
        Physical Address. . . . . . : 00-01-b0-5c-80-80
        DHCP Enabled. . . . . . . . : No
        IP Address. . . . . . . . . : 10.0.0.200
        Subnet Mask . . . . . . . . : 255.0.0.0
        Default Gateway . . . . . . : 10.0.0.200
        Primary WINS Server . . . . : 10.0.0.8

PPP adapter :

        Description . . . . . . . . : NdisWan Adapter
        Physical Address. . . . . . : 00-00-00-00-00-00
        DHCP Enabled. . . . . . . . : No
        IP Address. . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . :

Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 05 40 98 64 ...... DEC DC21140 PCI Fast Ethernet Adapter
0x3 ...00 01 b0 5c 80 80 ...... NdisWan Adapter
0x4 ...00 00 00 00 00 00 ...... NdisWan Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1      10.0.0.239       2
          0.0.0.0          0.0.0.0       10.0.0.200      10.0.0.200       1
         10.0.0.0    255.255.255.0       10.0.0.200      10.0.0.200       1
         10.0.0.0        255.0.0.0       10.0.0.200      10.0.0.200       1
         10.0.0.0    255.255.255.0       10.0.0.239      10.0.0.239       2
       10.0.0.200  255.255.255.255        127.0.0.1       127.0.0.1       1
       10.0.0.239  255.255.255.255        127.0.0.1       127.0.0.1       1
       10.0.0.246  255.255.255.255       10.0.0.239      10.0.0.239       1
   10.255.255.255  255.255.255.255       10.0.0.239      10.0.0.239       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        224.0.0.0        224.0.0.0       10.0.0.200      10.0.0.200       1
        224.0.0.0        224.0.0.0       10.0.0.239      10.0.0.239       1
  255.255.255.255  255.255.255.255       10.0.0.239      10.0.0.239       1
===========================================================================



i am getting subnet of 255.0.0.0

but our actual subnet is 255.255.255.0 


what should be done??

also i want to use microsft encrypted authentication. for that what patch i need to use as my ppp version is
2.3.11-7 i am not able to find any patch.

Thank you for an early reply,

Regards,
kamesh
_________________________
Looking for an e-mail address ? Use your recipient's mobile number! +44 (385) 123456 becomes 44385123456 at winbox.com . Try it now! This is a unique service from http://www.winbox.com


From darren.kuik at lpl.com  Wed Nov 29 12:04:08 2000
From: darren.kuik at lpl.com (Darren Kuik)
Date: Wed, 29 Nov 2000 12:04:08 -0600
Subject: [pptp-server] how do I setup PPTP?
Message-ID: <HBEMLGHNBKBKDFMAPKMHMEHGCAAA.darren.kuik@lpl.com>

I have installed all the various dowloads and patches and recompiled my
kernel.  All of this worked successfully.  However, I am not sure how to
configure PPTP correctly.  All the examples seem to use a dialup connection.
I have a permanent connection through eth1.  My local ip is through eth0.
Does this mean the setup process is different?  Also I notice that most
people are running Samba server or something.  Is this required to make it
work?  I am trying to allow our business partners to connect to our NT
server which is behind my Linux firewall on which I have installed PPTP
server.

If you have any ideas or need clarification I would like to hear them.

Darren
mailto:littlekuke at hotmail.com



From mikes at hartwellcorp.com  Wed Nov 29 12:50:21 2000
From: mikes at hartwellcorp.com (Michael St. Laurent)
Date: Wed, 29 Nov 2000 10:50:21 -0800
Subject: [pptp-server] Authenticate against NT PDC?
Message-ID: <91A5926EFF44D3118B1200104B7276EB654E2D@hart-exchange.hartwellcorp.com>

Actually, if pppd uses PAM (or can be made to use PAM) then winbind might
just do the trick.  The only thing it might not do is get the PDC to check
if the user's account has RAS permissions.  I don't know if winbind will do
this or not.


--------------------
Michael St. Laurent
Hartwell Corporation


> -----Original Message-----
> From: Jerry Vonau [mailto:jvonau at home.com]
> Sent: Tuesday, November 28, 2000 6:04 PM
> To: Michael St. Laurent
> Subject: Re: [pptp-server] Authenticate against NT PDC?
> 
> 
> Found this link:
> 
> http://us2.samba.org/samba/development.html
> 
> in 2.2.0
> 
> last paragraph, winbind might be what were after.
> 
> I'm unsure on how the call is made to the PDC in samba
> If the PDC and PPTP were on the same machine this wouldn't be 
> an issue,
> the passwords would be in the file. The samba BDC code is not 
> ready for
> primetime yet.
> 
> A quick look at the archives did not look promising.
> 
> The search continues....
> 
> Jerry Vonau
> 
> 
> "Michael St. Laurent" wrote:
> 
> > The /etc/smbpasswd patch?  Sure, it's in the new FAQ.  
> Here's a link to an
> > email that has the patch and instructions:
> > 
http://lists.schulte.org/pipermail/pptp-server/2000-April/002190.html
>
> I was hoping that someone else had already used the code from this patch
as
> a springboard into using the full libsmb library.
>
> --------------------
> Michael St. Laurent
> Hartwell Corporation
>
> > -----Original Message-----
> > From: Jerry Vonau [mailto:jvonau at home.com]
> > Sent: Tuesday, November 28, 2000 4:10 PM
> > To: Michael St. Laurent
> > Subject: Re: [pptp-server] Authenticate against NT PDC?
> >
> >
> > Michael:
> >
> > Got a link for the patch? I want to play too.
> > Then my boss can play with user manager.
> > I'll get overtime fixing it when he breaks it.
> > (just kidding, long day)
> >
> > I think you need samba running, as a domain member
> > to authenticate against a PDC.
> > I unsure of the hook from smbpasswd
> > to the PDC when running as a domain member.
> > As a member I don't think smbpasswd is looked at,
> > as this would be controlled by the PDC.
> > I would like to try this too, The up keep of
> > separate files for passwords is a pain.
> > Let me know what you info you have.
> >
> > TIA
> > Jerry Vonau
> >
> > "Michael St. Laurent" wrote:
> >
> > > I've found the ppp patch that will authenticate against the
> > /etc/smbpasswd
> > > file (much better than maintaining a textfile of
> > passwords!).  Has anyone
> > > done the coding to authenticate against an NT PDC?
> > >
> > > --------------------
> > > Michael St. Laurent
> > > Hartwell Corporation
> > > _______________________________________________
> > > pptp-server maillist  -  pptp-server at lists.schulte.org
> > > http://lists.schulte.org/mailman/listinfo/pptp-server
> > > List services provided by www.schulteconsulting.com!
> >


From mikes at hartwellcorp.com  Wed Nov 29 12:50:34 2000
From: mikes at hartwellcorp.com (Michael St. Laurent)
Date: Wed, 29 Nov 2000 10:50:34 -0800
Subject: [pptp-server] Authenticate against NT PDC?
Message-ID: <91A5926EFF44D3118B1200104B7276EB654E2E@hart-exchange.hartwellcorp.com>

Check this out:
http://www.psychosis.com/listarch/portslave/1999-09-01/msg00071.html


--------------------
Michael St. Laurent
Hartwell Corporation


> -----Original Message-----
> From: Justin Kreger [mailto:jkreger at avidsolutionsinc.com]
> Sent: Tuesday, November 28, 2000 5:24 PM
> To: 'Michael St. Laurent '
> Subject: RE: [pptp-server] Authenticate against NT PDC?
> 
> 
>  What would be really nice is to get pppd to authenticate off 
> of a radius
> server.  NT Option Pack 4's Internet Authentication Services 
> is a radius
> authentication server.
> 
> -----Original Message-----
> From: Michael St. Laurent
> To: 'Justin Kreger'
> Sent: 11/28/00 2:53 PM
> Subject: RE: [pptp-server] Authenticate against NT PDC?
> 
> Yeah, I don't like them either.  Actually I was looking for something
> that
> uses the SMB calls to authenticate remotely so that I don't have to do
> anything special if the user changes their password.  What I hope is
> that
> someone has already patched pppd to use the libsmb API to do this.
> 
> 
> --------------------
> Michael St. Laurent
> Hartwell Corporation
> 
> 
> > -----Original Message-----
> > From: Justin Kreger [mailto:jkreger at avidsolutionsinc.com]
> > Sent: Tuesday, November 28, 2000 11:01 AM
> > To: 'Michael St. Laurent'; 'pptp-server at lists.schulte.org'
> > Subject: RE: [pptp-server] Authenticate against NT PDC?
> > 
> > 
> > The samba team has a program that supposidly "massages" the 
> > NT registry and
> > sam to generate smbpasswd file.  Reportedly, it has to be run as
> > Administrator, Something that I don't hold on the NT boxen 
> > where I work so I
> > have not tried it.
> > 
> > -LW
> > 
> > -----Original Message-----
> > From: Michael St. Laurent [mailto:mikes at hartwellcorp.com]
> > Sent: Tuesday, November 28, 2000 12:52 PM
> > To: 'pptp-server at lists.schulte.org'
> > Subject: [pptp-server] Authenticate against NT PDC?
> > 
> > 
> > I've found the ppp patch that will authenticate against the 
> > /etc/smbpasswd
> > file (much better than maintaining a textfile of passwords!). 
> >  Has anyone
> > done the coding to authenticate against an NT PDC?
> > 
> > 
> > --------------------
> > Michael St. Laurent
> > Hartwell Corporation
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> > 
> 


From mikes at hartwellcorp.com  Wed Nov 29 12:50:43 2000
From: mikes at hartwellcorp.com (Michael St. Laurent)
Date: Wed, 29 Nov 2000 10:50:43 -0800
Subject: [pptp-server] Authenticate against NT PDC?
Message-ID: <91A5926EFF44D3118B1200104B7276EB654E2F@hart-exchange.hartwellcorp.com>

In the new FAQ:

4.3 How can I use /etc/smbpasswd for chap authentication?

	There is a patch available for this which was posted to
	the pptp-server mailing list a while back:

	
http://lists.schulte.org/pipermail/pptp-server/2000-April/002190.html

	Apply this patch to the pppd program, rebuild, and then put
	&/etc/smbpasswd in the chap-secrets file where you would normally
	put the plain text password string.



--------------------
Michael St. Laurent
Hartwell Corporation


> -----Original Message-----
> From: S.Ecker [mailto:emmet___ at yahoo.com]
> Sent: Tuesday, November 28, 2000 5:02 PM
> To: pptp-server at lists.schulte.org
> Cc: mikes at hartwellcorp.com
> Subject: Re: [pptp-server] Authenticate against NT PDC?
> 
> 
> Where did you find that patch? link please.
> 
> -Scott
> 
> --- "Michael St. Laurent" <mikes at hartwellcorp.com>
> wrote:
> > I've found the ppp patch that will authenticate
> > against the /etc/smbpasswd
> > file (much better than maintaining a textfile of
> > passwords!).  Has anyone
> > done the coding to authenticate against an NT PDC?
> > 
> > 
> > --------------------
> > Michael St. Laurent
> > Hartwell Corporation
> > _______________________________________________
> > pptp-server maillist  - 
> > pptp-server at lists.schulte.org
> >
> http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Shopping - Thousands of Stores. Millions of Products.
> http://shopping.yahoo.com/
> 


From mikes at hartwellcorp.com  Wed Nov 29 12:51:18 2000
From: mikes at hartwellcorp.com (Michael St. Laurent)
Date: Wed, 29 Nov 2000 10:51:18 -0800
Subject: [pptp-server] Authenticate against NT PDC?
Message-ID: <91A5926EFF44D3118B1200104B7276EB654E31@hart-exchange.hartwellcorp.com>

Yeah, I don't like them either.  Actually I was looking for something that
uses the SMB calls to authenticate remotely so that I don't have to do
anything special if the user changes their password.  What I hope is that
someone has already patched pppd to use the libsmb API to do this.


--------------------
Michael St. Laurent
Hartwell Corporation


> -----Original Message-----
> From: Justin Kreger [mailto:jkreger at avidsolutionsinc.com]
> Sent: Tuesday, November 28, 2000 11:01 AM
> To: 'Michael St. Laurent'; 'pptp-server at lists.schulte.org'
> Subject: RE: [pptp-server] Authenticate against NT PDC?
> 
> 
> The samba team has a program that supposidly "massages" the 
> NT registry and
> sam to generate smbpasswd file.  Reportedly, it has to be run as
> Administrator, Something that I don't hold on the NT boxen 
> where I work so I
> have not tried it.
> 
> -LW
> 
> -----Original Message-----
> From: Michael St. Laurent [mailto:mikes at hartwellcorp.com]
> Sent: Tuesday, November 28, 2000 12:52 PM
> To: 'pptp-server at lists.schulte.org'
> Subject: [pptp-server] Authenticate against NT PDC?
> 
> 
> I've found the ppp patch that will authenticate against the 
> /etc/smbpasswd
> file (much better than maintaining a textfile of passwords!). 
>  Has anyone
> done the coding to authenticate against an NT PDC?
> 
> 
> --------------------
> Michael St. Laurent
> Hartwell Corporation
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> 


From mikes at hartwellcorp.com  Wed Nov 29 12:51:04 2000
From: mikes at hartwellcorp.com (Michael St. Laurent)
Date: Wed, 29 Nov 2000 10:51:04 -0800
Subject: [pptp-server] Authenticate against NT PDC?
Message-ID: <91A5926EFF44D3118B1200104B7276EB654E30@hart-exchange.hartwellcorp.com>

The /etc/smbpasswd patch?  Sure, it's in the new FAQ.  Here's a link to an
email that has the patch and instructions:
http://lists.schulte.org/pipermail/pptp-server/2000-April/002190.html

I was hoping that someone else had already used the code from this patch as
a springboard into using the full libsmb library.


--------------------
Michael St. Laurent
Hartwell Corporation


> -----Original Message-----
> From: Jerry Vonau [mailto:jvonau at home.com]
> Sent: Tuesday, November 28, 2000 4:10 PM
> To: Michael St. Laurent
> Subject: Re: [pptp-server] Authenticate against NT PDC?
> 
> 
> Michael:
> 
> Got a link for the patch? I want to play too.
> Then my boss can play with user manager.
> I'll get overtime fixing it when he breaks it.
> (just kidding, long day)
> 
> I think you need samba running, as a domain member
> to authenticate against a PDC.
> I unsure of the hook from smbpasswd
> to the PDC when running as a domain member.
> As a member I don't think smbpasswd is looked at,
> as this would be controlled by the PDC.
> I would like to try this too, The up keep of
> separate files for passwords is a pain.
> Let me know what you info you have.
> 
> TIA
> Jerry Vonau
> 
> "Michael St. Laurent" wrote:
> 
> > I've found the ppp patch that will authenticate against the 
> /etc/smbpasswd
> > file (much better than maintaining a textfile of 
> passwords!).  Has anyone
> > done the coding to authenticate against an NT PDC?
> >
> > --------------------
> > Michael St. Laurent
> > Hartwell Corporation
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> 


From gentil at cdludi.com.br  Wed Nov 29 14:05:37 2000
From: gentil at cdludi.com.br (Orlando Gentil)
Date: Wed, 29 Nov 2000 18:05:37 -0200
Subject: [pptp-server] Authenticate against NT PDC?
References: <91A5926EFF44D3118B1200104B7276EB654E31@hart-exchange.hartwellcorp.com>
Message-ID: <3A256191.98B47177@cdludi.com.br>

	If ppp can use PAM or be built to use it, you just have to use pam_smb
. The only thing u have to do is create the correpondent user in your
Linux box and then point your pam ppp (/etc/pam.conf or
/etc/pam.d/ppp)authentication to use the pam_smb_auth.so


"Michael St. Laurent" wrote:
> 
> Yeah, I don't like them either.  Actually I was looking for something
> that
> uses the SMB calls to authenticate remotely so that I don't have to do
> anything special if the user changes their password.  What I hope is
> that
> someone has already patched pppd to use the libsmb API to do this.
> 
> --------------------
> Michael St. Laurent
> Hartwell Corporation
>


From wim.ceulemans at nice.be  Thu Nov 30 01:51:10 2000
From: wim.ceulemans at nice.be (Wim Ceulemans)
Date: Thu, 30 Nov 2000 08:51:10 +0100
Subject: [pptp-server] PTY read or GRE write failed
Message-ID: <3A2606EE.4DC5AA06@nice.be>

Hi

I have looked through the archives and read all messages relating to the
error "PTY read or GRE write failed". I found a lot of postings similar
to mine, but no solution. I have this problem connecting from a Windows
NT4 system to my linux box, it does not happen connecting from a
Windows95/98 system.

Could someone shed some light on the solution to this problem. An
extract from the log is included below. I am using ppp-2.3.11 and
pptp-1.0.0 with kernel 2.2.14.

This is our options.pptp file:

#
# Special options for ppp started via pptpd
#
lock
debug
auth
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
proxyarp


Extract from the log:

08:02:19 pptpd[18021]: MGR: Launching /ub/pkg/pptp/sbin/pptpctrl to
handle client
08:02:19 pptpd[18021]: CTRL: local address = 192.0.20.7
08:02:19 pptpd[18021]: CTRL: remote address = 192.0.20.240
08:02:19 pptpd[18021]: CTRL: pppd speed = 115200
08:02:19 pptpd[18021]: CTRL: pppd options file =
/ub/etc/ppp/options.pptpd
08:02:19 pptpd[18021]: CTRL: Client 212.35.18.27 control connection
started
08:02:19 pptpd[18021]: CTRL: Received PPTP Control Message (type: 1)
08:02:19 pptpd[18021]: CTRL: Made a START CTRL CONN RPLY packet
08:02:19 pptpd[18021]: CTRL: I wrote 156 bytes to the client.
08:02:19 pptpd[18021]: CTRL: Sent packet to client
08:02:22 pptpd[18021]: CTRL: Received PPTP Control Message (type: 7)
08:02:22 pptpd[18021]: CTRL: Set parameters to 0 maxbps, 16 window size
08:02:22 pptpd[18021]: CTRL: Made a OUT CALL RPLY packet
08:02:22 pptpd[18021]: CTRL: Starting call (launching pppd, opening GRE)
08:02:22 pptpd[18021]: CTRL: pty_fd = 5
08:02:22 pptpd[18021]: CTRL: tty_fd = 6
08:02:22 pptpd[18021]: CTRL: I wrote 32 bytes to the client.
08:02:22 pptpd[18022]: CTRL (PPPD Launcher): Connection speed = 115200
08:02:22 pptpd[18022]: CTRL (PPPD Launcher): local address = 192.0.20.7
08:02:22 pptpd[18022]: CTRL (PPPD Launcher): remote address =
192.0.20.240
08:02:22 pptpd[18021]: CTRL: Sent packet to client
08:02:56 pptpd[18021]: GRE: read(fd=5,buffer=804dac0,len=8196) from PTY
failed: status = -1 error = Input/output error
08:02:56 pptpd[18021]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)
08:02:56 pptpd[18021]: CTRL: Client 212.35.18.27 control connection
finished
08:02:56 pptpd[18021]: CTRL: Exiting now
08:02:56 pptpd[824]: MGR: Reaped child 18021

Regards

Wim Ceulemans


From david.landgren at bpinet.com  Thu Nov 30 02:26:49 2000
From: david.landgren at bpinet.com (David LANDGREN)
Date: Thu, 30 Nov 2000 09:26:49 +0100
Subject: [pptp-server] how do I setup PPTP?
Message-ID: <C12569A7.002E66F4.00@Brehat.bpinet.com>

|configure PPTP correctly.  All the examples seem to use a dialup
connection.
|I have a permanent connection through eth1.  My local ip is through eth0.
|Does this mean the setup process is different?  Also I notice that most

Your two NICs in the machine have a private LAN address and the other with
an external public address? And your kernel can do IP forwarding?

I went through the same process (I think), and this is what I found.

/etc/pptpd.conf looks like this

pidfile /var/run/pptpd.pid
speed 115200
option /etc/ppp/options
debug
localip x.y.0.10 # private address of my tunnel box
remoteip x.y.3.1-254 # addresses I dole out to incoming clients

/etc/ppp/ppp.conf looks like this

loop-in:
 allow mode direct
pptp:
 set log phase lcp ipcp debug tun command lqm
 set timeout 0
 set speed 115200
 set ifaddr x.y.0.10 x.y.3.1/24 255.255.255.255
 set server /tmp/pptploop%d "" 0177 # to allow multiple connections
 set dns x.y.0.8 x.y.0.18
 set nbns x.y.0.1
 enable chap
 enable proxy
 enable dns
 enable lqr
 set device !/etc/ppp/secure

/etc/ppp/secure looks like

exec /usr/sbin/ppp -direct loop-in

/etc/ppp/options looks like

debug
name xxx
auth
require-pap
proxyarp
lock

Right now clients do not successfully negotiate the DNS servers I offer so
for the time being they are hard-coded in the client VPN config. And I
suppose I should switch off all the debug logging...

Hope this helps,
David
--
Paris Perl Mongers => http://paris.pm.org/




From wim.ceulemans at nice.be  Thu Nov 30 03:36:00 2000
From: wim.ceulemans at nice.be (Wim Ceulemans)
Date: Thu, 30 Nov 2000 10:36:00 +0100
Subject: [pptp-server] [Fwd: PTY read or GRE write failed]
Message-ID: <3A261F80.52D2428B@nice.be>

Retry

I got an error indicating "User's Disk Quota Exceeded".

-------- Original Message --------
Subject: PTY read or GRE write failed
Date: Thu, 30 Nov 2000 08:51:10 +0100
From: Wim Ceulemans <wim.ceulemans at nice.be>
To: pptp-server at lists.schulte.org
CC: support at able.be

Hi

I have looked through the archives and read all messages relating to the
error "PTY read or GRE write failed". I found a lot of postings similar
to mine, but no solution. I have this problem connecting from a Windows
NT4 system to my linux box, it does not happen connecting from a
Windows95/98 system.

Could someone shed some light on the solution to this problem. An
extract from the log is included below. I am using ppp-2.3.11 and
pptp-1.0.0 with kernel 2.2.14.

This is our options.pptp file:

#
# Special options for ppp started via pptpd
#
lock
debug
auth
+chap
+chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
proxyarp


Extract from the log:

08:02:19 pptpd[18021]: MGR: Launching /ub/pkg/pptp/sbin/pptpctrl to
handle client
08:02:19 pptpd[18021]: CTRL: local address = 192.0.20.7
08:02:19 pptpd[18021]: CTRL: remote address = 192.0.20.240
08:02:19 pptpd[18021]: CTRL: pppd speed = 115200
08:02:19 pptpd[18021]: CTRL: pppd options file =
/ub/etc/ppp/options.pptpd
08:02:19 pptpd[18021]: CTRL: Client 212.35.18.27 control connection
started
08:02:19 pptpd[18021]: CTRL: Received PPTP Control Message (type: 1)
08:02:19 pptpd[18021]: CTRL: Made a START CTRL CONN RPLY packet
08:02:19 pptpd[18021]: CTRL: I wrote 156 bytes to the client.
08:02:19 pptpd[18021]: CTRL: Sent packet to client
08:02:22 pptpd[18021]: CTRL: Received PPTP Control Message (type: 7)
08:02:22 pptpd[18021]: CTRL: Set parameters to 0 maxbps, 16 window size
08:02:22 pptpd[18021]: CTRL: Made a OUT CALL RPLY packet
08:02:22 pptpd[18021]: CTRL: Starting call (launching pppd, opening GRE)
08:02:22 pptpd[18021]: CTRL: pty_fd = 5
08:02:22 pptpd[18021]: CTRL: tty_fd = 6
08:02:22 pptpd[18021]: CTRL: I wrote 32 bytes to the client.
08:02:22 pptpd[18022]: CTRL (PPPD Launcher): Connection speed = 115200
08:02:22 pptpd[18022]: CTRL (PPPD Launcher): local address = 192.0.20.7
08:02:22 pptpd[18022]: CTRL (PPPD Launcher): remote address =
192.0.20.240
08:02:22 pptpd[18021]: CTRL: Sent packet to client
08:02:56 pptpd[18021]: GRE: read(fd=5,buffer=804dac0,len=8196) from PTY
failed: status = -1 error = Input/output error
08:02:56 pptpd[18021]: CTRL: PTY read or GRE write failed
(pty,gre)=(5,6)
08:02:56 pptpd[18021]: CTRL: Client 212.35.18.27 control connection
finished
08:02:56 pptpd[18021]: CTRL: Exiting now
08:02:56 pptpd[824]: MGR: Reaped child 18021

Regards

Wim Ceulemans


From mikes at hartwellcorp.com  Thu Nov 30 11:25:21 2000
From: mikes at hartwellcorp.com (Michael St. Laurent)
Date: Thu, 30 Nov 2000 09:25:21 -0800
Subject: [pptp-server] Authenticate against NT PDC?
Message-ID: <91A5926EFF44D3118B1200104B7276EB654E32@hart-exchange.hartwellcorp.com>

Perhaps looking at the code from winbind would help?

ftp://us2.samba.org/pub/samba/appliance/samba-appliance-0.5-src.tar.gz

There also a paper in PDF format about winbind written by the author:

ftp://us2.samba.org/pub/samba/appliance/winbind.pdf

or in tex format:

ftp://us2.samba.org/pub/samba/appliance/winbind.tex


--------------------
Michael St. Laurent
Hartwell Corporation


> -----Original Message-----
> From: Justin Kreger [mailto:jkreger at avidsolutionsinc.com]
> Sent: Wednesday, November 29, 2000 5:21 PM
> To: 'Michael St. Laurent '
> Subject: RE: [pptp-server] Authenticate against NT PDC?
> 
> 
>  I looked at the smbpasswd auth patch, and it makes just a 
> handfull of calls
> that are in libsmb to do the crypt work and get the hash.  
> But i cant seem
> to find any documentation on what calls are available with 
> libsmb.  There
> could be a call to go talk to a smb server and we wouldnt know it :(
> 
> -----Original Message-----
> From: Michael St. Laurent
> To: 'pptp-server at lists.schulte.org'
> Sent: 11/29/00 1:51 PM
> Subject: RE: [pptp-server] Authenticate against NT PDC?
> 
> Yeah, I don't like them either.  Actually I was looking for something
> that
> uses the SMB calls to authenticate remotely so that I don't have to do
> anything special if the user changes their password.  What I hope is
> that
> someone has already patched pppd to use the libsmb API to do this.
> 
> 
> --------------------
> Michael St. Laurent
> Hartwell Corporation
> 
> 
> > -----Original Message-----
> > From: Justin Kreger [mailto:jkreger at avidsolutionsinc.com]
> > Sent: Tuesday, November 28, 2000 11:01 AM
> > To: 'Michael St. Laurent'; 'pptp-server at lists.schulte.org'
> > Subject: RE: [pptp-server] Authenticate against NT PDC?
> > 
> > 
> > The samba team has a program that supposidly "massages" the 
> > NT registry and
> > sam to generate smbpasswd file.  Reportedly, it has to be run as
> > Administrator, Something that I don't hold on the NT boxen 
> > where I work so I
> > have not tried it.
> > 
> > -LW
> > 
> > -----Original Message-----
> > From: Michael St. Laurent [mailto:mikes at hartwellcorp.com]
> > Sent: Tuesday, November 28, 2000 12:52 PM
> > To: 'pptp-server at lists.schulte.org'
> > Subject: [pptp-server] Authenticate against NT PDC?
> > 
> > 
> > I've found the ppp patch that will authenticate against the 
> > /etc/smbpasswd
> > file (much better than maintaining a textfile of passwords!). 
> >  Has anyone
> > done the coding to authenticate against an NT PDC?
> > 
> > 
> > --------------------
> > Michael St. Laurent
> > Hartwell Corporation
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> > 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
> 


From ctooley at amoa.org  Thu Nov 30 11:42:04 2000
From: ctooley at amoa.org (ctooley at amoa.org)
Date: Thu, 30 Nov 2000 11:42:04 -0600
Subject: [pptp-server] Problems with connections
Message-ID: <862569A7.0060848D.00@amoa.org>



I've got a PoPToP server running behind a firewall and I _think_ I have all the
port forwarding turned on correctly, but I'm not positive.  I'm using the
ip_masq_pptp module to masquerade the pptp stuff through the firewall and
forwarding port 1732 (I think that's the right port, but I got the port out of
the HOWTO which isn't in front of me.  I've got the right one in the script
though I've checked it a dozen times or more.)  Anyway, I'm getting the
following in the pptpd.log file.  If you notice anything can you please tell me.

Thanks,

Chris Tooley

(See attached file: newlog)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: newlog
Type: application/octet-stream
Size: 16413 bytes
Desc: not available
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20001130/5812f707/attachment.obj>

From ahall at secureworks.net  Thu Nov 30 09:41:35 2000
From: ahall at secureworks.net (Andrew Hall)
Date: Thu, 30 Nov 2000 15:41:35 +0000
Subject: [pptp-server] pptp kernel patch
References: <91A5926EFF44D3118B1200104B7276EB654E32@hart-exchange.hartwellcorp.com>
Message-ID: <3A26752F.4935DDB2@secureworks.net>

Hello,

I have received a kernel tarball of 2.2.16 from from my vendor.  Weirdly enough it does not include
the pptp and ipsec stuff in it.  Could someone on the list pleas point my in the direction of a
pptp/ipsec kernel patch for 2.2.16.  My vendor connot provide me with a patch.  Does such a thing
extist?    I might be off base here and if I am please correct me. 


Andrew


From ahall at secureworks.net  Thu Nov 30 11:01:58 2000
From: ahall at secureworks.net (Andrew Hall)
Date: Thu, 30 Nov 2000 17:01:58 +0000
Subject: [pptp-server] pptp kernel patch
References: <91A5926EFF44D3118B1200104B7276EB654E32@hart-exchange.hartwellcorp.com> <3A26752F.4935DDB2@secureworks.net>
Message-ID: <3A268806.CF397DD4@secureworks.net>

Andrew Hall wrote:
> 
> Hello,
> 
> I have received a kernel tarball of 2.2.16 from from my vendor.  Weirdly enough it does not include
> the pptp and ipsec stuff in it.  Could someone on the list pleas point my in the direction of a
> pptp/ipsec kernel patch for 2.2.16.  My vendor connot provide me with a patch.  Does such a thing
> extist?    I might be off base here and if I am please correct me.
> 
> Andrew
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!


Nevermind I found it. 


ANdrew