From pchilders at pharsalia.com Sun Oct 1 00:04:05 2000 From: pchilders at pharsalia.com (Patrick Childers) Date: Sat, 30 Sep 2000 22:04:05 -0700 Subject: [pptp-server] Linux Client? References: <002401c02b3b$b65baca0$0200a8c0@patrick> <39D66460.1A5FD3ED@home.com> Message-ID: <001c01c02b65$080f3700$0200a8c0@patrick> Thanks that works, but the server kills my connection because I don't authenticate. How to I send my password? Patrick SYSLOG: Sep 30 22:05:50 phathat pptpd[2700]: CTRL: Starting call (launching pppd, opening GRE) Sep 30 22:05:50 phathat pppd[2701]: pppd 2.3.10 started by root, uid 0 Sep 30 22:05:50 phathat pppd[2701]: Using interface ppp1 Sep 30 22:05:50 phathat pppd[2701]: Connect: ppp1 <--> /dev/pts/3 Sep 30 22:05:52 phathat pptpd[2700]: GRE: Discarding duplicate packet Sep 30 22:05:54 phathat pppd[2701]: peer refused to authenticate: terminating link Sep 30 22:05:54 phathat pppd[2701]: Connection terminated. Sep 30 22:05:54 phathat pppd[2701]: Exit. ----- Original Message ----- From: "Jerry Vonau" To: "Patrick Childers" Cc: "PPTP List" Sent: Saturday, September 30, 2000 3:08 PM Subject: Re: [pptp-server] Linux Client? > Can you post your options file? How are you invoking the client? You > have to use all your options on the command line when you start it > Something like: /usr/sbin/pptp SERVERIP lock noauth debug user USERNAME > +chapms-v2 mppe-128 mppe-stateless noauth Replace UPPERCASE with your > stuff. > Your mileage may vary. > > Jerry > > > > Patrick Childers wrote: > > > Thanks to everyone so far for helping me setup our VPN sever, I could > > not have gotten this far with the list. But anyway I can't get the > > linux pptp client to work on my any system. We are using standard > > redhat-6.2 installs. I installed the mppe modules, but the pptp-client > > returns that "The remote system is required to authenticate itself but > > I counldn't find any suitable secret (password) for it to use to do > > so." I assume to is asking for the login/password, but how do I hand > > that to the cleint. ThanksPatrick Here is the server's > > syslog--------------------------------------------------------------Sep > > 30 17:09:32 phathat pptpd[2413]: CTRL: Client 209.187.165.235 control > > connection started > > Sep 30 17:09:33 phathat pptpd[2413]: CTRL: Starting call (launching > > pppd, opening GRE) > > Sep 30 17:09:33 phathat pppd[2414]: pppd 2.3.10 started by root, uid 0 > > > > Sep 30 17:09:33 phathat pppd[2414]: Using interface ppp0 > > Sep 30 17:09:33 phathat pppd[2414]: Connect: ppp0 <--> /dev/pts/0 > > Sep 30 17:09:36 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:09:36 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:09:39 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:09:39 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:09:42 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:09:42 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:09:45 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:09:45 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:09:48 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:09:48 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:10:00 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:10:00 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:10:03 phathat pppd[2414]: LCP: timeout sending > > Config-Requests > > Sep 30 17:10:03 phathat pppd[2414]: Connection terminated. > > Sep 30 17:10:03 phathat pppd[2414]: Exit. > > Sep 30 17:10:03 phathat pptpd[2413]: GRE: > > read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error > > = Input/output error > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: PTY read or GRE write > > failed (pty,gre)=(4,5) > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: Client 209.187.165.235 > > control connection finished > From pchilders at pharsalia.com Sun Oct 1 00:04:02 2000 From: pchilders at pharsalia.com (Patrick Childers) Date: Sat, 30 Sep 2000 22:04:02 -0700 Subject: [pptp-server] Linux Client? References: <002401c02b3b$b65baca0$0200a8c0@patrick> <39D66460.1A5FD3ED@home.com> Message-ID: <001b01c02b65$04adbc80$0200a8c0@patrick> Thanks that works, but the server kills my connection because I don't authenticate. How to I send my password? Patrick SYSLOG: Sep 30 22:05:50 phathat pptpd[2700]: CTRL: Starting call (launching pppd, opening GRE) Sep 30 22:05:50 phathat pppd[2701]: pppd 2.3.10 started by root, uid 0 Sep 30 22:05:50 phathat pppd[2701]: Using interface ppp1 Sep 30 22:05:50 phathat pppd[2701]: Connect: ppp1 <--> /dev/pts/3 Sep 30 22:05:52 phathat pptpd[2700]: GRE: Discarding duplicate packet Sep 30 22:05:54 phathat pppd[2701]: peer refused to authenticate: terminating link Sep 30 22:05:54 phathat pppd[2701]: Connection terminated. Sep 30 22:05:54 phathat pppd[2701]: Exit. ----- Original Message ----- From: "Jerry Vonau" To: "Patrick Childers" Cc: "PPTP List" Sent: Saturday, September 30, 2000 3:08 PM Subject: Re: [pptp-server] Linux Client? > Can you post your options file? How are you invoking the client? You > have to use all your options on the command line when you start it > Something like: /usr/sbin/pptp SERVERIP lock noauth debug user USERNAME > +chapms-v2 mppe-128 mppe-stateless noauth Replace UPPERCASE with your > stuff. > Your mileage may vary. > > Jerry > > > > Patrick Childers wrote: > > > Thanks to everyone so far for helping me setup our VPN sever, I could > > not have gotten this far with the list. But anyway I can't get the > > linux pptp client to work on my any system. We are using standard > > redhat-6.2 installs. I installed the mppe modules, but the pptp-client > > returns that "The remote system is required to authenticate itself but > > I counldn't find any suitable secret (password) for it to use to do > > so." I assume to is asking for the login/password, but how do I hand > > that to the cleint. ThanksPatrick Here is the server's > > syslog--------------------------------------------------------------Sep > > 30 17:09:32 phathat pptpd[2413]: CTRL: Client 209.187.165.235 control > > connection started > > Sep 30 17:09:33 phathat pptpd[2413]: CTRL: Starting call (launching > > pppd, opening GRE) > > Sep 30 17:09:33 phathat pppd[2414]: pppd 2.3.10 started by root, uid 0 > > > > Sep 30 17:09:33 phathat pppd[2414]: Using interface ppp0 > > Sep 30 17:09:33 phathat pppd[2414]: Connect: ppp0 <--> /dev/pts/0 > > Sep 30 17:09:36 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:09:36 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:09:39 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:09:39 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:09:42 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:09:42 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:09:45 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:09:45 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:09:48 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:09:48 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:10:00 phathat pptpd[2266]: GRE: Discarding out of order > > packet > > Sep 30 17:10:00 phathat pptpd[2413]: GRE: Discarding out of order > > packet > > Sep 30 17:10:03 phathat pppd[2414]: LCP: timeout sending > > Config-Requests > > Sep 30 17:10:03 phathat pppd[2414]: Connection terminated. > > Sep 30 17:10:03 phathat pppd[2414]: Exit. > > Sep 30 17:10:03 phathat pptpd[2413]: GRE: > > read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error > > = Input/output error > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: PTY read or GRE write > > failed (pty,gre)=(4,5) > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: Client 209.187.165.235 > > control connection finished > From waynes at netspace.net.au Sun Oct 1 01:18:22 2000 From: waynes at netspace.net.au (Wayne Sheehan) Date: Sun, 1 Oct 2000 16:18:22 +1000 Subject: [pptp-server] It can't be this hard Message-ID: <01C02BC3.3DA03320.waynes@netspace.net.au> Hi Group: I am having a hell of time getting PPTPD working for what I believe is a simple configuration. Well here is my layout:- WIN98 CLIENT - Static public IP address through a dialup (203.12.125.185) | | Internet cloud | | Linux server - Static public IP address through ppp (203.12.125.184) Private IP address of 192.168.1.1 The Linux server is running Samba which I want to access via the Internet from the WIN98 client. I have enabled IP forwarding and have set up the following IP chain rules:- ipchains -A forward -p tcp -d 0.0.0.0/0 -s 0.0.0.0/0 1723 -j ACCEPT ipchains -A forward -p 47 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT ipchains -A input -p tcp -d 0.0.0.0/0 -s 0.0.0.0/0 1723 -j ACCEPT ipchains -A input -p 47 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT ipchains -A output -p tcp -d 0.0.0.0/0 -s 0.0.0.0/0 1723 -j ACCEPT ipchains -A output -p 47 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT As can be seen wide open, I will alter it once I have successfully got pptpd running. The kernel I am running is 2.2.14-12 and I have not rebuilt the kernel or applied any patches as I believe that the above configuration does not warrant it (?). Enhanced Microsoft compatible authentication and encryption can wait!!! When the WIN98SE client connects it is authenticated via chap-secrets and connects, however none of the Samba shares are visible. Trying to map a network drive fails and Samba is not visible within network neighbourhood. Other workstations on the 192.168.1. subnet see the Samba share which is set up to act as the PDC and WINS server. As the configuration is very basic it should be a snap, obviously my understanding is lacking. Can someone please help. Any insights would be greatly appreciated. Regards Wayne From cogger at technologist.com Sun Oct 1 03:36:35 2000 From: cogger at technologist.com (Dean Cogger) Date: Sun, 1 Oct 2000 21:36:35 +1300 Subject: [pptp-server] Working with Win2k Message-ID: <001101c02b82$b62b7ca0$a95537d2@ibm> Hi all, I have not bee a member of this list for very long, so please tell m eif Im asking questions answered else where... Im not here to waste your time. What my question really is about is getting this working with Windows 2000 Server, I am connecting from a home PC running Windows 2000 professional and have sorted by myself problems with routing, not being able to ping etc, and my Linux background helped with this. As I do not consider myself a Windows 2000 expert, I have decided to ask for everyones help to get my problems solved in that end of the world : ). What I am wanting to know about is getting Network Neibourhood etc up and running, but Im not sure if it is quite as straight ford as I have thought, as Windows 2000 takes over with its implimentation of DNS and WINS, and I am unsure if I can replace these with Samba versions, without breaking anything. Any help, and working examples would be very helpful. If you want I can give you additional information about my setup etc, but I wont put it in this inital message as it is already long enough. =) Thanking you in advance Dean -------------- next part -------------- An HTML attachment was scrubbed... URL: From jvonau at home.com Sun Oct 1 07:46:55 2000 From: jvonau at home.com (Jerry Vonau) Date: Sun, 01 Oct 2000 07:46:55 -0500 Subject: [pptp-server] It can't be this hard References: <01C02BC3.3DA03320.waynes@netspace.net.au> Message-ID: <39D7323F.BFE01738@home.com> Some things come to mind. First is proxy arp, does the server log show that it was enabled. Second, are you feeding the client the address of the WINS server in the tcp/ip settings. Check those first. Jerry Wayne Sheehan wrote: > Hi Group: > > I am having a hell of time getting PPTPD working for what I believe is a > simple configuration. Well here is my layout:- > > WIN98 CLIENT - Static public IP address through a dialup (203.12.125.185) > | > | > Internet cloud > | > | > Linux server - Static public IP address through ppp (203.12.125.184) > Private IP address of 192.168.1.1 > > The Linux server is running Samba which I want to access via the Internet > from the WIN98 client. I have enabled IP forwarding and have set up the > following IP chain rules:- > > ipchains -A forward -p tcp -d 0.0.0.0/0 -s 0.0.0.0/0 1723 -j ACCEPT > ipchains -A forward -p 47 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT > ipchains -A input -p tcp -d 0.0.0.0/0 -s 0.0.0.0/0 1723 -j ACCEPT > ipchains -A input -p 47 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT > ipchains -A output -p tcp -d 0.0.0.0/0 -s 0.0.0.0/0 1723 -j ACCEPT > ipchains -A output -p 47 -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT > > As can be seen wide open, I will alter it once I have successfully got > pptpd running. The kernel I am running is 2.2.14-12 and I have not rebuilt > the kernel or applied any patches as I believe that the above configuration > does not warrant it (?). Enhanced Microsoft compatible authentication and > encryption can wait!!! > > When the WIN98SE client connects it is authenticated via chap-secrets and > connects, however none of the Samba shares are visible. Trying to map a > network drive fails and Samba is not visible within network neighbourhood. > Other workstations on the 192.168.1. subnet see the Samba share which is > set up to act as the PDC and WINS server. As the configuration is very > basic it should be a snap, obviously my understanding is lacking. Can > someone please help. Any insights would be greatly appreciated. > > Regards Wayne > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jp_bonello at hotmail.com Sun Oct 1 09:10:35 2000 From: jp_bonello at hotmail.com (Jean-Pierre Bonello) Date: Sun, 1 Oct 2000 15:10:35 +0100 Subject: [pptp-server] PPTP Server Quits with GRE errors! Plz OBSERVE and help.. last hope Message-ID: Hi it looks like everything is working but it keeps bailing on me at the last minute when i try and login via VPN says been disconnected this is my log of a sucessful session up until breaking point Please all look into this as your my last hope. Oct 1 15:08:40 Linux pptpd[360]: MGR: Manager process started Oct 1 15:08:43 Linux pptpd[361]: MGR: Launching /usr/local/sbin/pptpctrl to ha$ Oct 1 15:08:43 Linux pptpd[361]: CTRL: local address = 192.168.0.1 Oct 1 15:08:43 Linux pptpd[361]: CTRL: remote address = 192.168.0.2 Oct 1 15:08:43 Linux pptpd[361]: CTRL: pppd speed = 115200 Oct 1 15:08:43 Linux pptpd[361]: CTRL: pppd options file = /etc/ppp/options.pp$ Oct 1 15:08:43 Linux pptpd[361]: CTRL: Client 192.168.0.4 control connection s$ Oct 1 15:08:43 Linux pptpd[361]: CTRL: Received PPTP Control Message (type: 1) Oct 1 15:08:43 Linux pptpd[361]: CTRL: Made a START CTRL CONN RPLY packet Oct 1 15:08:43 Linux pptpd[361]: CTRL: I wrote 156 bytes to the client. Oct 1 15:08:43 Linux pptpd[361]: CTRL: Sent packet to client Oct 1 15:08:43 Linux pptpd[361]: CTRL: Received PPTP Control Message (type: 7) Oct 1 15:08:43 Linux pptpd[361]: CTRL: Set parameters to 0 maxbps, 16 window s$ Oct 1 15:08:43 Linux pptpd[361]: CTRL: Made a OUT CALL RPLY packet Oct 1 15:08:43 Linux pptpd[361]: CTRL: Starting call (launching pppd, opening $ Oct 1 15:08:43 Linux pptpd[361]: CTRL: pty_fd = 5 Oct 1 15:08:43 Linux pptpd[360]: MGR: Reaped child 361 Oct 1 15:08:43 Linux pptpd[361]: CTRL: tty_fd = 6 Oct 1 15:08:43 Linux pptpd[361]: CTRL: I wrote 32 bytes to the client. Oct 1 15:08:43 Linux pptpd[361]: CTRL: Sent packet to client Oct 1 15:08:43 Linux pppd[363]: pppd 2.3.10 started by root, uid 0 Oct 1 15:08:43 Linux pppd[363]: Device ttyS1 is locked by pid 194 Oct 1 15:08:43 Linux pppd[363]: Exit. Oct 1 15:08:43 Linux pptpd[362]: CTRL (PPPD Launcher): Connection speed = 1152$ Oct 1 15:08:43 Linux pptpd[362]: CTRL (PPPD Launcher): local address = 192.168$ Oct 1 15:08:43 Linux pptpd[362]: CTRL (PPPD Launcher): remote address = 192.16$ Oct 1 15:08:43 Linux pptpd[361]: GRE: read(fd=5,buffer=804d780,len=8196) from $ Oct 1 15:08:43 Linux pptpd[361]: CTRL: PTY read or GRE write failed (pty,gre)=$ Oct 1 15:08:43 Linux pptpd[361]: CTRL: Client 192.168.0.4 control connection f$ Oct 1 15:08:43 Linux pptpd[361]: CTRL: Exiting now PLEASE Suggestions I have 2.2.16 Kernel with PPP 2.3.10 I aint done that MPPE thing, didnt think i needed to HELP IM DYING HERE JIP -------------- next part -------------- An HTML attachment was scrubbed... URL: From eiachomb at yahoo.com Sun Oct 1 16:07:34 2000 From: eiachomb at yahoo.com (Laxman Shankar) Date: Sun, 1 Oct 2000 14:07:34 -0700 (PDT) Subject: [pptp-server] pptp over pppoe Message-ID: <20001001210734.9836.qmail@web1005.mail.yahoo.com> Hi, How do I get linux pptp's pppd packets to be transmitted over my pppoe interface ? pppoe selects /dev/ppp0 and pptp's pppd selects /dev/ppp1 Thanks Laxman __________________________________________________ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ From bsteph at home.com Sun Oct 1 16:06:37 2000 From: bsteph at home.com (Bill Stephens) Date: Sun, 1 Oct 2000 16:06:37 -0500 Subject: [pptp-server] Yet Another Stupid Ping Problem Message-ID: Yes, I did go through the archives, yes I did read the doc, and yes I probably am a bonehead for just not getting it. The docs and archives did help, but I'm stuck now. Here's my setup: Client(192.168.0.x)---(192.168.0.1-eth1)Firewall(24.7.103.x-eth0)-----(24.4. x.x-eth0)firewall/vpn(192.168.1.0/24-eth1) localip 192.168.1.80-100 remoteip 192.168.1.70-79 Destination client = 192.168.1.5 IP Forwarding is turned on, and confirmed. I connect fine, I'm able to ping 192.168.1.80 and 70. I'm also able to ping 192.168.1.1. I'm not receiving any proxyarp errors in the messages file, and by reading the doc, it appeared that putting the vpn addresses on the same subnet would remedy any arp issues. I'm also using the ip-up.local script if that helps any. Any other ideas? Thanks, Bill Stephens bsteph at home.com From david at solutionsfirst.net Sun Oct 1 20:26:40 2000 From: david at solutionsfirst.net (Dave Kempe) Date: Mon, 2 Oct 2000 11:26:40 +1000 Subject: [pptp-server] It can't be this hard In-Reply-To: <01C02BC3.3DA03320.waynes@netspace.net.au> Message-ID: Have you got the client actually using the WINS server in its dialup settings? You need to specifically go in there and change it. Also, can you ping the other ips once you connect? If you can then the problem is no wins - also note that the other clients on the network need to utilise the WINS server, otherwise they won't appear there either. dave > When the WIN98SE client connects it is authenticated via chap-secrets and > connects, however none of the Samba shares are visible. Trying to map a > network drive fails and Samba is not visible within network > neighbourhood. > Other workstations on the 192.168.1. subnet see the Samba share which is > set up to act as the PDC and WINS server. As the configuration is very > basic it should be a snap, obviously my understanding is lacking. Can > someone please help. Any insights would be greatly appreciated. > > Regards Wayne > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From david at solutionsfirst.net Sun Oct 1 20:44:17 2000 From: david at solutionsfirst.net (Dave Kempe) Date: Mon, 2 Oct 2000 11:44:17 +1000 Subject: [pptp-server] Working with Win2k In-Reply-To: <001101c02b82$b62b7ca0$a95537d2@ibm> Message-ID: Dean wrote: What I am wanting to know about is getting Network Neibourhood etc up and running, but Im not sure if it is quite as straight ford as I have thought, as Windows 2000 takes over with its implimentation of DNS and WINS, and I am unsure if I can replace these with Samba versions, without breaking anything. I don't think that win2k supports WINS. It will report to a wins database, but it won't keep one. I think there may be a wins server available, but win2k is meant to do dynamic dns instead of wins... The samba server as a wins server will work fine and the win2k server will happily report to it as such. I have got that setup here working for me. Set up samba to be wins server, point everyone on the network to it, and it should all work - point the vpn clients as well to wins server. dave From ericvan at pacbell.net Sun Oct 1 22:15:42 2000 From: ericvan at pacbell.net (Eric Van Duser) Date: Sun, 01 Oct 2000 20:15:42 -0700 Subject: [pptp-server] Please help! Failed select() in VPN pptpd Message-ID: <000d01c02c1f$0c59e480$0201a8c0@vanhome.net> Hello Sorry for the length of this post but I've been beating my head againist the wall trying to get a Win98SE VPN client to connect to a Linux firewall server. I've built the 2.2.17 kernel with the pptp masq patch and the ppp/mppe encryption patches in the kernel and the pppd. I'm running the prebuilt PoPToP 1.0.0 binary RPM. I've set all the firewall rules wide open, and connections fail coming in from the Internet or the local net with the same error. Everything builds fine, and seems to connect but the connection fails with a error in the pptpd.log file of "Sep 24 22:39:11 boo pptpd[952]: CTRL: Error with select(), quitting". I've searched the the HOW-TO's, archives and seen other pptpd logs with this same error in the select() function. What does it imply? Could Matthew Ramsay or somebody explain what is going on? I'm stumped, any help would be appreciated. I've included the important parts of the Linux log and config files as well as the Win98SE VPN log file. Thanks in advance. Eric Van Duser evanduser at pacbell.net --options file--- lock debug # ms-wins 192.158.1.253 auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp # require-chap name boo # netmask 255.255.255.0 # mru 1400 # mtu 1400 # ktune ---chap-secrets file--- # Secrets for authentication using CHAP # client server secret IP addresses GORDIAN\\eric boo password * ---pptpd.conf--- ################################################################################ # # Sample PoPToP configuration file # # for PoPToP version 1.0.0 # ################################################################################ speed 115200 option /etc/ppp/options debug localip 192.168.1.110-119 remoteip 192.168.1.120-129 pidfile /var/run/pptpd.pid --- /var/log/messages-- Sep 24 22:38:46 boo pppd[953]: pppd 2.3.11 started by root, uid 0 Sep 24 22:38:46 boo pppd[953]: Using interface ppp0 Sep 24 22:38:46 boo pppd[953]: Connect: ppp0 <--> /dev/pts/1 Sep 24 22:39:11 boo pppd[953]: Modem hangup Sep 24 22:39:11 boo pppd[953]: Connection terminated. Sep 24 22:39:11 boo pppd[953]: Exit. --- /var/log/pptpd.log--- Sep 24 22:38:46 boo pptpd[952]: MGR: Launching /usr/sbin/pptpctrl to handle client Sep 24 22:38:46 boo pptpd[952]: CTRL: local address = 192.168.1.111 Sep 24 22:38:46 boo pptpd[952]: CTRL: remote address = 192.168.1.121 Sep 24 22:38:46 boo pptpd[952]: CTRL: pppd speed = 115200 Sep 24 22:38:46 boo pptpd[952]: CTRL: pppd options file = /etc/ppp/options Sep 24 22:38:46 boo pptpd[952]: CTRL: Client 216.102.153.20 control connection started Sep 24 22:38:46 boo pptpd[952]: CTRL: Received PPTP Control Message (type: 1) Sep 24 22:38:46 boo pptpd[952]: CTRL: Made a START CTRL CONN RPLY packet Sep 24 22:38:46 boo pptpd[952]: CTRL: I wrote 156 bytes to the client. Sep 24 22:38:46 boo pptpd[952]: CTRL: Sent packet to client Sep 24 22:38:46 boo pptpd[952]: CTRL: Received PPTP Control Message (type: 7) Sep 24 22:38:46 boo pptpd[952]: CTRL: Set parameters to 0 maxbps, 16 window size Sep 24 22:38:46 boo pptpd[952]: CTRL: Made a OUT CALL RPLY packet Sep 24 22:38:46 boo pptpd[952]: CTRL: Starting call (launching pppd, opening GRE) Sep 24 22:38:46 boo pptpd[952]: CTRL: pty_fd = 5 Sep 24 22:38:46 boo pptpd[952]: CTRL: tty_fd = 6 Sep 24 22:38:46 boo pptpd[953]: CTRL (PPPD Launcher): Connection speed = 115200 Sep 24 22:38:46 boo pptpd[953]: CTRL (PPPD Launcher): local address = 192.168.1.111 Sep 24 22:38:46 boo pptpd[953]: CTRL (PPPD Launcher): remote address = 192.168.1.121 Sep 24 22:38:46 boo pptpd[952]: CTRL: I wrote 32 bytes to the client. Sep 24 22:38:46 boo pptpd[952]: CTRL: Sent packet to client Sep 24 22:39:11 boo pptpd[952]: CTRL: Received PPTP Control Message (type: 12) Sep 24 22:39:11 boo pptpd[952]: CTRL: Made a CALL DISCONNECT RPLY packet Sep 24 22:39:11 boo pptpd[952]: CTRL: Received CALL CLR request (closing call) Sep 24 22:39:11 boo pptpd[952]: CTRL: I wrote 148 bytes to the client. Sep 24 22:39:11 boo pptpd[952]: CTRL: Sent packet to client Sep 24 22:39:11 boo pptpd[952]: CTRL: Error with select(), quitting Sep 24 22:39:11 boo pptpd[952]: CTRL: Client 216.102.153.20 control connection finished Sep 24 22:39:11 boo pptpd[952]: CTRL: Exiting now Sep 24 22:39:11 boo pptpd[874]: MGR: Reaped child 952 --- Client side Win98SE log--- 09-24-2000 23:06:53.82 - Microsoft Dial Up Adapter log opened. 09-24-2000 23:06:53.82 - Server type is PPP (Point to Point Protocol). 09-24-2000 23:06:53.82 - FSA : Adding Control Protocol 80fd (CCP) to control protocol chain. 09-24-2000 23:06:53.82 - FSA : Protocol not bound - skipping control protocol 803f (NBFCP). 09-24-2000 23:06:53.82 - FSA : Adding Control Protocol 8021 (IPCP) to control protocol chain. 09-24-2000 23:06:53.82 - FSA : Protocol disabled by user - skipping control protocol 802b (IPXCP). 09-24-2000 23:06:53.82 - FSA : Adding Control Protocol c029 (CallbackCP) to control protocol chain. 09-24-2000 23:06:53.82 - FSA : Encrypted Password required. 09-24-2000 23:06:53.82 - FSA : Encrypted Password required. 09-24-2000 23:06:53.82 - FSA : Adding Control Protocol c223 (CHAP) to control protocol chain. 09-24-2000 23:06:53.82 - FSA : Adding Control Protocol c021 (LCP) to control protocol chain. 09-24-2000 23:06:53.82 - LCP : Layer started. 09-24-2000 23:06:53.82 - PPP : Transmitting Control Packet of length: 16 09-24-2000 23:06:53.82 - Data 0000: c0 21 01 01 00 0e 05 06 | .!...... 09-24-2000 23:06:53.82 - Data 0008: 02 cc dd b1 07 02 08 02 | ........ 09-24-2000 23:06:54.07 - PPP : Received Control Packet of length: 27 09-24-2000 23:06:54.07 - Data 0000: c0 21 01 01 00 19 02 06 | .!..... 09-24-2000 23:06:54.07 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:06:54.07 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:06:54.07 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:06:54.07 - LCP : Received and accepted ACCM of 0. 09-24-2000 23:06:54.07 - LCP : Received and accepted authentication protocol c223 (CHAP). 09-24-2000 23:06:54.07 - LCP : Received and accepted magic number 1507360e. 09-24-2000 23:06:54.07 - LCP : Received and accepted protocol field compression option. 09-24-2000 23:06:54.07 - LCP : Received and accepted address+control field compression option. 09-24-2000 23:06:54.07 - PPP : Transmitting Control Packet of length: 27 09-24-2000 23:06:54.07 - Data 0000: c0 21 02 01 00 19 02 06 | .!..... 09-24-2000 23:06:54.07 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:06:54.07 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:06:54.07 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:06:56.82 - PPP : Received Control Packet of length: 27 09-24-2000 23:06:56.82 - Data 0000: c0 21 01 01 00 19 02 06 | .!..... 09-24-2000 23:06:56.82 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:06:56.82 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:06:56.82 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:06:56.82 - LCP : Received and accepted ACCM of 0. 09-24-2000 23:06:56.82 - LCP : Received and accepted authentication protocol c223 (CHAP). 09-24-2000 23:06:56.82 - LCP : Received and accepted magic number 1507360e. 09-24-2000 23:06:56.82 - LCP : Received and accepted protocol field compression option. 09-24-2000 23:06:56.82 - LCP : Received and accepted address+control field compression option. 09-24-2000 23:06:56.82 - PPP : Transmitting Control Packet of length: 27 09-24-2000 23:06:56.82 - Data 0000: c0 21 02 01 00 19 02 06 | .!..... 09-24-2000 23:06:56.82 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:06:56.82 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:06:56.82 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:06:57.33 - PPP : Transmitting Control Packet of length: 16 09-24-2000 23:06:57.33 - Data 0000: c0 21 01 02 00 0e 05 06 | .!...... 09-24-2000 23:06:57.33 - Data 0008: 02 cc dd b1 07 02 08 02 | ........ 09-24-2000 23:06:59.83 - PPP : Received Control Packet of length: 27 09-24-2000 23:06:59.83 - Data 0000: c0 21 01 01 00 19 02 06 | .!..... 09-24-2000 23:06:59.83 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:06:59.83 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:06:59.83 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:06:59.83 - LCP : Received and accepted ACCM of 0. 09-24-2000 23:06:59.83 - LCP : Received and accepted authentication protocol c223 (CHAP). 09-24-2000 23:06:59.83 - LCP : Received and accepted magic number 1507360e. 09-24-2000 23:06:59.83 - LCP : Received and accepted protocol field compression option. 09-24-2000 23:06:59.83 - LCP : Received and accepted address+control field compression option. 09-24-2000 23:06:59.83 - PPP : Transmitting Control Packet of length: 27 09-24-2000 23:06:59.83 - Data 0000: c0 21 02 01 00 19 02 06 | .!..... 09-24-2000 23:06:59.83 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:06:59.83 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:06:59.83 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:00.33 - PPP : Transmitting Control Packet of length: 16 09-24-2000 23:07:00.33 - Data 0000: c0 21 01 03 00 0e 05 06 | .!...... 09-24-2000 23:07:00.33 - Data 0008: 02 cc dd b1 07 02 08 02 | ........ 09-24-2000 23:07:02.84 - PPP : Received Control Packet of length: 27 09-24-2000 23:07:02.84 - Data 0000: c0 21 01 01 00 19 02 06 | .!..... 09-24-2000 23:07:02.84 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:02.84 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:02.84 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:02.84 - LCP : Received and accepted ACCM of 0. 09-24-2000 23:07:02.84 - LCP : Received and accepted authentication protocol c223 (CHAP). 09-24-2000 23:07:02.84 - LCP : Received and accepted magic number 1507360e. 09-24-2000 23:07:02.84 - LCP : Received and accepted protocol field compression option. 09-24-2000 23:07:02.84 - LCP : Received and accepted address+control field compression option. 09-24-2000 23:07:02.84 - PPP : Transmitting Control Packet of length: 27 09-24-2000 23:07:02.84 - Data 0000: c0 21 02 01 00 19 02 06 | .!..... 09-24-2000 23:07:02.84 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:02.84 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:02.84 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:03.33 - PPP : Transmitting Control Packet of length: 16 09-24-2000 23:07:03.33 - Data 0000: c0 21 01 04 00 0e 05 06 | .!...... 09-24-2000 23:07:03.33 - Data 0008: 02 cc dd b1 07 02 08 02 | ........ 09-24-2000 23:07:05.85 - PPP : Received Control Packet of length: 27 09-24-2000 23:07:05.85 - Data 0000: c0 21 01 01 00 19 02 06 | .!..... 09-24-2000 23:07:05.85 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:05.85 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:05.85 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:05.85 - LCP : Received and accepted ACCM of 0. 09-24-2000 23:07:05.85 - LCP : Received and accepted authentication protocol c223 (CHAP). 09-24-2000 23:07:05.85 - LCP : Received and accepted magic number 1507360e. 09-24-2000 23:07:05.85 - LCP : Received and accepted protocol field compression option. 09-24-2000 23:07:05.85 - LCP : Received and accepted address+control field compression option. 09-24-2000 23:07:05.85 - PPP : Transmitting Control Packet of length: 27 09-24-2000 23:07:05.85 - Data 0000: c0 21 02 01 00 19 02 06 | .!..... 09-24-2000 23:07:05.85 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:05.85 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:05.85 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:06.33 - PPP : Transmitting Control Packet of length: 16 09-24-2000 23:07:06.33 - Data 0000: c0 21 01 05 00 0e 05 06 | .!...... 09-24-2000 23:07:06.33 - Data 0008: 02 cc dd b1 07 02 08 02 | ........ 09-24-2000 23:07:08.87 - PPP : Received Control Packet of length: 27 09-24-2000 23:07:08.87 - Data 0000: c0 21 01 01 00 19 02 06 | .!..... 09-24-2000 23:07:08.87 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:08.87 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:08.87 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:08.87 - LCP : Received and accepted ACCM of 0. 09-24-2000 23:07:08.87 - LCP : Received and accepted authentication protocol c223 (CHAP). 09-24-2000 23:07:08.87 - LCP : Received and accepted magic number 1507360e. 09-24-2000 23:07:08.87 - LCP : Received and accepted protocol field compression option. 09-24-2000 23:07:08.87 - LCP : Received and accepted address+control field compression option. 09-24-2000 23:07:08.87 - PPP : Transmitting Control Packet of length: 27 09-24-2000 23:07:08.87 - Data 0000: c0 21 02 01 00 19 02 06 | .!..... 09-24-2000 23:07:08.87 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:08.87 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:08.87 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:09.33 - PPP : Transmitting Control Packet of length: 16 09-24-2000 23:07:09.33 - Data 0000: c0 21 01 06 00 0e 05 06 | .!...... 09-24-2000 23:07:09.33 - Data 0008: 02 cc dd b1 07 02 08 02 | ........ 09-24-2000 23:07:11.88 - PPP : Received Control Packet of length: 27 09-24-2000 23:07:11.88 - Data 0000: c0 21 01 01 00 19 02 06 | .!..... 09-24-2000 23:07:11.88 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:11.88 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:11.88 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:11.88 - LCP : Received and accepted ACCM of 0. 09-24-2000 23:07:11.88 - LCP : Received and accepted authentication protocol c223 (CHAP). 09-24-2000 23:07:11.88 - LCP : Received and accepted magic number 1507360e. 09-24-2000 23:07:11.88 - LCP : Received and accepted protocol field compression option. 09-24-2000 23:07:11.88 - LCP : Received and accepted address+control field compression option. 09-24-2000 23:07:11.88 - PPP : Transmitting Control Packet of length: 27 09-24-2000 23:07:11.88 - Data 0000: c0 21 02 01 00 19 02 06 | .!..... 09-24-2000 23:07:11.88 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:11.88 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:11.88 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:12.33 - PPP : Transmitting Control Packet of length: 16 09-24-2000 23:07:12.33 - Data 0000: c0 21 01 07 00 0e 05 06 | .!...... 09-24-2000 23:07:12.33 - Data 0008: 02 cc dd b1 07 02 08 02 | ........ 09-24-2000 23:07:14.89 - PPP : Received Control Packet of length: 27 09-24-2000 23:07:14.89 - Data 0000: c0 21 01 01 00 19 02 06 | .!..... 09-24-2000 23:07:14.89 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:14.89 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:14.89 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:14.89 - LCP : Received and accepted ACCM of 0. 09-24-2000 23:07:14.89 - LCP : Received and accepted authentication protocol c223 (CHAP). 09-24-2000 23:07:14.89 - LCP : Received and accepted magic number 1507360e. 09-24-2000 23:07:14.89 - LCP : Received and accepted protocol field compression option. 09-24-2000 23:07:14.89 - LCP : Received and accepted address+control field compression option. 09-24-2000 23:07:14.89 - PPP : Transmitting Control Packet of length: 27 09-24-2000 23:07:14.89 - Data 0000: c0 21 02 01 00 19 02 06 | .!..... 09-24-2000 23:07:14.89 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:14.89 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:14.89 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:15.33 - PPP : Transmitting Control Packet of length: 16 09-24-2000 23:07:15.33 - Data 0000: c0 21 01 08 00 0e 05 06 | .!...... 09-24-2000 23:07:15.33 - Data 0008: 02 cc dd b1 07 02 08 02 | ........ 09-24-2000 23:07:17.90 - PPP : Received Control Packet of length: 27 09-24-2000 23:07:17.90 - Data 0000: c0 21 01 01 00 19 02 06 | .!..... 09-24-2000 23:07:17.90 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:17.90 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:17.90 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:17.90 - LCP : Received and accepted ACCM of 0. 09-24-2000 23:07:17.90 - LCP : Received and accepted authentication protocol c223 (CHAP). 09-24-2000 23:07:17.90 - LCP : Received and accepted magic number 1507360e. 09-24-2000 23:07:17.90 - LCP : Received and accepted protocol field compression option. 09-24-2000 23:07:17.90 - LCP : Received and accepted address+control field compression option. 09-24-2000 23:07:17.90 - PPP : Transmitting Control Packet of length: 27 09-24-2000 23:07:17.90 - Data 0000: c0 21 02 01 00 19 02 06 | .!..... 09-24-2000 23:07:17.90 - Data 0008: 00 00 00 00 03 05 c2 23 | .......# 09-24-2000 23:07:17.90 - Data 0010: 81 05 06 15 07 36 0e 07 | ....6.. 09-24-2000 23:07:17.90 - Data 0018: 02 08 02 00 00 00 00 00 | ........ 09-24-2000 23:07:18.83 - LCP : Layer finished. 09-24-2000 23:07:18.84 - Remote access driver is shutting down. 09-24-2000 23:07:18.84 - CRC Errors 0 09-24-2000 23:07:18.84 - Timeout Errors 0 09-24-2000 23:07:18.84 - Alignment Errors 0 09-24-2000 23:07:18.84 - Overrun Errors 0 09-24-2000 23:07:18.84 - Framing Errors 0 09-24-2000 23:07:18.84 - Buffer Overrun Errors 0 09-24-2000 23:07:18.84 - Incomplete Packets 0 09-24-2000 23:07:18.84 - Bytes Received 261 09-24-2000 23:07:18.84 - Bytes Transmittted 376 09-24-2000 23:07:18.84 - Frames Received 9 09-24-2000 23:07:18.84 - Frames Transmitted 16 09-24-2000 23:07:18.84 - LCP : Layer started. 09-24-2000 23:07:18.84 - Microsoft Dial Up Adapter log closed. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pgw99 at doc.ic.ac.uk Mon Oct 2 03:00:59 2000 From: pgw99 at doc.ic.ac.uk (Philip Willoughby) Date: Mon, 2 Oct 2000 09:00:59 +0100 (BST) Subject: [pptp-server] Fix for packet loss MPPE problems Message-ID: The attached is the ppp_mppe.c source which does not have exhibit the 'compressed data' problem. It wasn't me that fixed it, it was our security expert, David Wragg. Cheers, Philip Willoughby VPN Administrator, Department of Computing, Imperial College From pgw99 at doc.ic.ac.uk Mon Oct 2 03:02:14 2000 From: pgw99 at doc.ic.ac.uk (Philip Willoughby) Date: Mon, 2 Oct 2000 09:02:14 +0100 (BST) Subject: [pptp-server] Fix for packet loss MPPE problems (fwd) Message-ID: Sorry about that - I just realised I didn't attach the file. Many apologies. /me looks sheepish Philip Willoughby Email: pgw99 at doc.ic.ac.uk | I reserve the right ICQ#: 53659369 | to drink free beer. ---------- Forwarded message ---------- Date: Mon, 2 Oct 2000 09:00:59 +0100 (BST) From: Philip Willoughby To: pptp-server at lists.schulte.org Subject: Fix for packet loss MPPE problems The attached is the ppp_mppe.c source which does not have exhibit the 'compressed data' problem. It wasn't me that fixed it, it was our security expert, David Wragg. Cheers, Philip Willoughby VPN Administrator, Department of Computing, Imperial College -------------- next part -------------- /* * ==FILEVERSION 9906180== * * ppp_mppe.c - MPPE "compressor/decompressor" module. * * Copyright (c) 1994 ?rp?d Magos?nyi * All rights reserved. * Copyright (c) 1999 Tim Hockin, Cobalt Networks Inc. * * Permission to use, copy, modify, and distribute this software and its * documentation is hereby granted, provided that the above copyright * notice appears in all copies. This software is provided without any * warranty, express or implied. The Australian National University * makes no representations about the suitability of this software for * any purpose. * * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF * THE AUSTRALIAN NATIONAL UNIVERSITY HAS BEEN ADVISED OF THE POSSIBILITY * OF SUCH DAMAGE. * * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, * OR MODIFICATIONS. * * From: deflate.c,v 1.1 1996/01/18 03:17:48 paulus Exp */ #include #include #include #include #include #include #include #include #include #include #include #undef VERSION /* a nice define to generate linux version numbers */ #define VERSION(major,minor,patch) (((((major)<<8)+(minor))<<8)+(patch)) #if LINUX_VERSION_CODE >= VERSION(2,1,4) #include #endif #include #include /* to get the struct task_struct */ #include /* used in new tty drivers */ #include /* used in new tty drivers */ #include #include #include #include #include #include #include #include "rc4.h" #include "rc4_enc.c" #include "sha1dgst.c" #include "mppe.h" /* * State for a mppe "(de)compressor". */ struct ppp_mppe_state { unsigned int ccount; /*coherency count */ RC4_KEY RC4_send_key; /* chap-ms-v2 dictates 2 keys */ RC4_KEY RC4_recv_key; unsigned char session_send_key[16]; unsigned char session_recv_key[16]; unsigned char master_send_key[16]; unsigned char master_recv_key[16]; int keylen; int stateless; int decomp_error; unsigned int bits; int unit; int debug; int mru; struct compstat stats; }; #define MPPE_CCOUNT_FROM_PACKET(ibuf) ((((ibuf)[4] & 0x0f) << 8) + (ibuf)[5]) #define MPPE_BITS(ibuf) ((ibuf)[4] & 0xf0 ) #define MPPE_CTRLHI(state) ((((state)->ccount & 0xf00)>>8)|((state)->bits)) #define MPPE_CTRLLO(state) ((state)->ccount & 0xff) #define MPPE_OVHD 4 /* Procedures from the MPPE draft */ static void mppe_synchronize_key(struct ppp_mppe_state *state) { /* get new keys and flag our state as such */ RC4_set_key(&(state->RC4_send_key),state->keylen,state->session_send_key); RC4_set_key(&(state->RC4_recv_key),state->keylen,state->session_recv_key); state->bits=MPPE_BIT_FLUSHED|MPPE_BIT_ENCRYPTED; } static void mppe_initialize_key(struct ppp_mppe_state *state) { /* generate new session keys */ GetNewKeyFromSHA(state->master_send_key, state->master_send_key, state->keylen, state->session_send_key); GetNewKeyFromSHA(state->master_recv_key, state->master_recv_key, state->keylen, state->session_recv_key); if(state->keylen == 8) { /* cripple them from 64bit->40bit */ state->session_send_key[0]=state->session_recv_key[0] = MPPE_40_SALT0; state->session_send_key[1]=state->session_recv_key[1] = MPPE_40_SALT1; state->session_send_key[2]=state->session_recv_key[2] = MPPE_40_SALT2; } mppe_synchronize_key(state); } static void mppe_change_key(struct ppp_mppe_state *state) { unsigned char InterimSendKey[16]; unsigned char InterimRecvKey[16]; // printk("mppp_changekey\n"); /* get temp keys */ GetNewKeyFromSHA(state->master_send_key, state->session_send_key, state->keylen, InterimSendKey); GetNewKeyFromSHA(state->master_recv_key, state->session_recv_key, state->keylen, InterimRecvKey); /* build RC4 keys from the temp keys */ RC4_set_key(&(state->RC4_send_key), state->keylen, InterimSendKey); RC4_set_key(&(state->RC4_recv_key), state->keylen, InterimRecvKey); /* make new session keys */ RC4(&(state->RC4_send_key), state->keylen, InterimSendKey, state->session_send_key); RC4(&(state->RC4_recv_key), state->keylen, InterimRecvKey, state->session_recv_key); if(state->keylen == 8) { /* cripple them from 64->40 bits*/ state->session_send_key[0]=state->session_recv_key[0] = MPPE_40_SALT0; state->session_send_key[1]=state->session_recv_key[1] = MPPE_40_SALT1; state->session_send_key[2]=state->session_recv_key[2] = MPPE_40_SALT2; } /* make the final rc4 keys */ RC4_set_key(&(state->RC4_send_key), state->keylen, state->session_send_key); RC4_set_key(&(state->RC4_recv_key), state->keylen, state->session_recv_key); state->bits=MPPE_BIT_ENCRYPTED; } #ifdef DEBUG /* Utility procedures to print a buffer in hex/ascii */ static void ppp_print_hex (register __u8 *out, const __u8 *in, int count) { register __u8 next_ch; static char hex[] = "0123456789ABCDEF"; while (count-- > 0) { next_ch = *in++; *out++ = hex[(next_ch >> 4) & 0x0F]; *out++ = hex[next_ch & 0x0F]; ++out; } } static void ppp_print_char (register __u8 *out, const __u8 *in, int count) { register __u8 next_ch; while (count-- > 0) { next_ch = *in++; if (next_ch < 0x20 || next_ch > 0x7e) *out++ = '.'; else { *out++ = next_ch; if (next_ch == '%') /* printk/syslogd has a bug !! */ *out++ = '%'; } } *out = '\0'; } static void ppp_print_buffer (const __u8 *name, const __u8 *buf, int count) { __u8 line[44]; if (name != (__u8 *) NULL) printk (KERN_DEBUG "ppp: %s, count = %d\n", name, count); while (count > 8) { memset (line, 32, 44); ppp_print_hex (line, buf, 8); ppp_print_char (&line[8 * 3], buf, 8); printk (KERN_DEBUG "%s\n", line); count -= 8; buf += 8; } if (count > 0) { memset (line, 32, 44); ppp_print_hex (line, buf, count); ppp_print_char (&line[8 * 3], buf, count); printk (KERN_DEBUG "%s\n", line); } } #endif /* our 'compressor' proper */ static void *mppe_comp_alloc __P((unsigned char *, int)); static void mppe_comp_free __P((void *)); static int mppe_comp_init __P((void *, unsigned char *, int, int, int, int)); static int mppe_decomp_init __P((void *, unsigned char *, int, int, int, int, int)); static int mppe_compress __P((void *, unsigned char *, unsigned char *, int, int)); static void mppe_incomp __P((void *, unsigned char *, int)); static int mppe_decompress __P((void *, unsigned char *, int, unsigned char *, int)); static void mppe_comp_reset __P((void *)); static void mppe_comp_stats __P((void *, struct compstat *)); /* cleanup the compressor */ static void mppe_comp_free(void *arg) { struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; if (state) { kfree(state); MOD_DEC_USE_COUNT; } } /* allocate space for a compressor. */ static void * mppe_comp_alloc(unsigned char *options, int opt_len) { struct ppp_mppe_state *state; if (((2*8)+3 != opt_len && (2*16)+3 != opt_len) /* 2 keys + 3 */ || options[0] != CI_MPPE || options[1] != CILEN_MPPE) { printk(KERN_DEBUG "compress rejected: opt_len=%u,o[0]=%x,o[1]=%x\n", opt_len,options[0],options[1]); return NULL; } state = (struct ppp_mppe_state *)kmalloc(sizeof(*state), GFP_KERNEL); if (state == NULL) return NULL; MOD_INC_USE_COUNT; memset (state, 0, sizeof (struct ppp_mppe_state)); /* write the data in options to the right places */ memcpy(&state->stateless,options+2,1); state->keylen = (opt_len-3)/2; memcpy(state->master_send_key,options+3,state->keylen); memcpy(state->master_recv_key,options+3+state->keylen,state->keylen); mppe_initialize_key(state); return (void *) state; } static int mppe_comp_init(void *arg, unsigned char *options, int opt_len, int unit, int hdrlen, int debug) { struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg; if (options[0] != CI_MPPE || options[1] != CILEN_MPPE) { printk(KERN_DEBUG "compress rejected: opt_len=%u,o[0]=%x,o[1]=%x\n", opt_len,options[0],options[1]); return 0; } state->ccount = 0; state->unit = unit; state->debug = debug; /* 19 is the min (2*keylen) + 3 */ if(opt_len >= 19) { memcpy(&state->stateless,options+2,1); state->keylen = (opt_len-3)/2; memcpy(state->master_send_key,options+3,state->keylen); memcpy(state->master_recv_key,options+3+state->keylen,state->keylen); mppe_initialize_key(state); } return 1; } static int mppe_decomp_init(void *arg, unsigned char *options, int opt_len, int unit, int hdrlen, int mru, int debug) { struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg; if (options[0] != CI_MPPE || options[1] != CILEN_MPPE) { printk(KERN_DEBUG"options are bad: %x %x\n",options[0],options[1]); return 0; } state->ccount = 0; state->unit = unit; state->debug = debug; state->mru = mru; /* 19 is the min (2*keylen)+3 */ if(opt_len >= 19) { memcpy(&state->stateless,options+2,1); state->keylen = (opt_len-3)/2; memcpy(state->master_send_key,options+3,state->keylen); memcpy(state->master_recv_key,options+3+state->keylen,state->keylen); mppe_initialize_key(state); } return 1; } static void mppe_comp_reset(void *arg) { struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg; printk(KERN_DEBUG "mppe_comp_reset\n"); (state->stats).in_count = 0; (state->stats).bytes_out = 0; (state->stats).ratio = 0; mppe_synchronize_key(state); } static void mppe_update_count(struct ppp_mppe_state *state) { if(!state->stateless) { if ( 0xff == (state->ccount&0xff)){ /* time to change keys */ if ( 0xfff == (state->ccount&0xfff)){ state->ccount = 0; } else { (state->ccount)++; } mppe_change_key(state); } else { state->ccount++; } } else { if ( 0xFFF == (state->ccount & 0xFFF)) { state->ccount = 0; } else { (state->ccount)++; } mppe_change_key(state); } } /* the big nasty */ int mppe_compress(void *arg, unsigned char *rptr, unsigned char *obuf, int isize, int osize) { struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; int proto, olen; unsigned char *wptr; #ifdef DEBUG ppp_print_buffer("mppe_encrypt",rptr,isize); #endif if(osize < isize+MPPE_OVHD) { printk(KERN_DEBUG "Not enough space to encrypt packet: %d<%d+%d!\n", isize, osize, MPPE_OVHD); return 0; } /* Check that the protocol is in the range we handle. */ proto = PPP_PROTOCOL(rptr); if (proto < 0x0021 || proto > 0x00FA ) return 0; wptr = obuf; /* Copy over the PPP header and store the 2-byte sequence number. */ wptr[0] = PPP_ADDRESS(rptr); wptr[1] = PPP_CONTROL(rptr); wptr[2] = PPP_MPPE >>8; wptr[3] = PPP_MPPE; wptr += PPP_HDRLEN; wptr[0] = MPPE_CTRLHI(state); wptr[1] = MPPE_CTRLLO(state); wptr += 2; state->bits=MPPE_BIT_ENCRYPTED; mppe_update_count(state); /* read from rptr, write to wptr adjust for PPP_HDRLEN */ RC4(&(state->RC4_send_key),isize-2,rptr+2,wptr); olen=isize+MPPE_OVHD; (state->stats).comp_bytes += isize; (state->stats).comp_packets++; #ifdef DEBUG ppp_print_buffer("mppe_encrypt out",obuf,olen); #endif return olen; } static void mppe_comp_stats(void *arg, struct compstat *stats) { struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg; /* since we don't REALLY compress at all, this should be OK */ (state->stats).in_count = (state->stats).unc_bytes; (state->stats).bytes_out = (state->stats).comp_bytes; /* this _SHOULD_ always be 1 */ (state->stats).ratio = (state->stats).in_count/(state->stats).bytes_out; *stats = state->stats; } /* the other big nasty */ int mppe_decompress(void *arg, unsigned char *ibuf, int isize, unsigned char *obuf, int osize) { struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg; int seq; if (isize <= PPP_HDRLEN + MPPE_OVHD) { if (state->debug) { printk(KERN_DEBUG "mppe_decompress%d: short packet (len=%d)\n", state->unit, isize); } return DECOMP_ERROR; } /* Check the sequence number. */ seq = MPPE_CCOUNT_FROM_PACKET(ibuf); if(!state->stateless && (MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED)) { state->decomp_error = 0; state->ccount = seq; } if(state->decomp_error) { return DECOMP_ERROR; } if (seq != state->ccount) { if (state->debug) { printk(KERN_DEBUG "mppe_decompress%d: bad seq # %d, expected %d\n", state->unit, seq, state->ccount); } while(state->ccount != seq) { mppe_update_count(state); } } /* * Fill in the first part of the PPP header. The protocol field * comes from the decompressed data. */ obuf[0] = PPP_ADDRESS(ibuf); obuf[1] = PPP_CONTROL(ibuf); obuf += 2; if(!(MPPE_BITS(ibuf) & MPPE_BIT_ENCRYPTED)) { printk(KERN_DEBUG"ERROR: not an encrypted packet"); mppe_synchronize_key(state); return DECOMP_ERROR; } else { if(!state->stateless && (MPPE_BITS(ibuf) & MPPE_BIT_FLUSHED)) mppe_synchronize_key(state); mppe_update_count(state); /* decrypt - adjust for PPP_HDRLEN + MPPE_OVHD - mru should be OK */ RC4(&(state->RC4_recv_key),isize-6,ibuf+6,obuf); (state->stats).unc_bytes += (isize-MPPE_OVHD); (state->stats).unc_packets ++; return isize-MPPE_OVHD; } } /* Incompressible data has arrived - add it to the history. */ static void mppe_incomp(void *arg, unsigned char *ibuf, int icnt) { struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg; (state->stats).inc_bytes += icnt; (state->stats).inc_packets++; } /************************************************************* * Module interface table *************************************************************/ /* These are in ppp.c */ extern int ppp_register_compressor (struct compressor *cp); extern void ppp_unregister_compressor (struct compressor *cp); /* * Procedures exported to if_ppp.c. */ struct compressor ppp_mppe = { CI_MPPE, /* compress_proto */ mppe_comp_alloc, /* comp_alloc */ mppe_comp_free, /* comp_free */ mppe_comp_init, /* comp_init */ mppe_comp_reset, /* comp_reset */ mppe_compress, /* compress */ mppe_comp_stats, /* comp_stat */ mppe_comp_alloc, /* decomp_alloc */ mppe_comp_free, /* decomp_free */ mppe_decomp_init, /* decomp_init */ mppe_comp_reset, /* decomp_reset */ mppe_decompress, /* decompress */ mppe_incomp, /* incomp */ mppe_comp_stats, /* decomp_stat */ }; #ifdef MODULE /************************************************************* * Module support routines *************************************************************/ int init_module(void) { int answer = ppp_register_compressor(&ppp_mppe); if (answer == 0) { printk(KERN_INFO "PPP MPPE compression module registered\n"); } return answer; } void cleanup_module(void) { if (MOD_IN_USE) { printk (KERN_INFO "MPPE module busy, remove delayed\n"); } else { ppp_unregister_compressor (&ppp_mppe); printk(KERN_INFO "PPP MPPE compression module unregistered\n"); } } #endif /* MODULE */ From SCody at Gulbrandsen.com Mon Oct 2 06:48:40 2000 From: SCody at Gulbrandsen.com (Steve Cody) Date: Mon, 2 Oct 2000 07:48:40 -0400 Subject: [pptp-server] User authentication only barrier between a hacker and network Message-ID: I am trying to weigh the benefits of having easy to use VPN access to my network for my remote clients, and having username/password authentication being the only barrier between a hacker and the network. I have looked into Ipsec and it looks good and will work for me. I am looking for the lowest cost, but most functional, solution at the moment. (I know low cost and functional don't always go together).. :) Are there better ways to secure ppp authentication? Can I have the linux pptp server authenticate users via my NT domain instead of users configured on the linux box? Any help? Thanks! Steve Cody From aalang at rutgersinsurance.com Mon Oct 2 07:50:53 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 2 Oct 2000 08:50:53 -0400 Subject: [pptp-server] Multiple subnets References: Message-ID: <001501c02c6f$66829600$330a0a0a@6014cwpza006> But I want multiple subnets of ppp connections. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Al Ludwig" To: "Adam Lang" Sent: Friday, September 29, 2000 2:11 PM Subject: RE: [pptp-server] Multiple subnets > Adam, > > Just configure your routing tables to handle this... > > Different subnets are a bit different than what you are asking here it looks > like... > > I'm using ipchains (rc.firewall) and here's an example of my ruleset: > > /sbin/ipchains -F > /sbin/ipchains -P forward DENY > /sbin/ipchains -A input -i ! lo -s 127.0.0.0/255.0.0.0 -j DENY > /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ > /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ > /sbin/ipchains -A forward -s 192.168.2.0/24 -j MASQ > > My LAN users are 192.168.0.0 for one area, 192.168.1.0 for another area, and > pptp clients are 192.168.2.0. Just by adding the ipchains rule at the > bottom of that example allows the ip addresses for pptp connections to > route... > > -AL > > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Adam Lang > Sent: Friday, September 29, 2000 1:08 PM > To: Pptp > Subject: [pptp-server] Multiple subnets > > Here is a question: > > How do I setup poptop for multiple subnets? > > Say for remote employees I want them to get ranges from 10.10.9.0 > And for non employees (clients) I want to give a range of 10.10.8.0 > > I guess I really can't do that, can I? > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Mon Oct 2 07:51:49 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 2 Oct 2000 08:51:49 -0400 Subject: [pptp-server] Multiple subnets References: <001701c02a41$19fc2650$5f020a0a@carlislefsp.com> Message-ID: <001b01c02c6f$87ac9380$330a0a0a@6014cwpza006> That doesn't work? It says so in the config file... So how do you allow multiple people to connect the same time? Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Kenny Austin" To: "'Adam Lang'" ; Sent: Friday, September 29, 2000 2:14 PM Subject: RE: [pptp-server] Multiple subnets > I had pretty much the same question a while ago, > but I don't believe that it is possible to list ranges > in chap-secrets. Someone told me to use 192.168.1.1-20 > but ppp (mine at least) wouldn't accept that. > So i believe that you will have to either run multi copies > of pptpd (that idea sucks) or assign each user a few ips > from chap-secrets. > If you do find a way to do this... let me know. > Kenny Austin > kennya at carlislefsp.com > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Adam Lang > Sent: Friday, September 29, 2000 12:08 PM > To: Pptp > Subject: [pptp-server] Multiple subnets > > > Here is a question: > > How do I setup poptop for multiple subnets? > > Say for remote employees I want them to get ranges from 10.10.9.0 > And for non employees (clients) I want to give a range of 10.10.8.0 > > I guess I really can't do that, can I? > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From aalang at rutgersinsurance.com Mon Oct 2 07:56:03 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 2 Oct 2000 08:56:03 -0400 Subject: [pptp-server] Too Many Removes References: <001601c02a40$83f26bb0$5f020a0a@carlislefsp.com> Message-ID: <002101c02c70$1f62c5a0$330a0a0a@6014cwpza006> My apologies... I am on quite a few mailing lists, and people that don't take the time to look how to unsubscribe wear on my nerves also. As soon as someone said something along the lines of "I don't know how to get of the list, please help" I more than obliged sending the info on how to do it. The people that just plain send a message named "remove" to the general mailing, or the ones that send a message to the general mailing TELLING people to remove them from the list are a bit aggravating and plain lazy. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Kenny Austin" To: Sent: Friday, September 29, 2000 2:10 PM Subject: [pptp-server] Too Many Removes > Wow I thought, I haven't seen this many post on the pptp mailing list for > quite awhile. > I clicked on my pptp folder (yes, i am using outlook with message rules to > sort my email) > and saw eight emails with the word "REMOVE" in the subject. > "Did someone let the retard class out to play in the pptp mailing list?", I > asked myself. > So I invested a few minutes of my time to further study what as before me. > "Ahh....", I said out loud, "It must be that one has become lost and > stumbled across > this group of pptp mailing list bullies, whom have decided that it was much > more > profitable to themselves to throw rocks at the poor retard." > So I reasoned to myself, and came to the conclusion that I would add yet one > more > totally unrelated email to the list. Yes, I realize that now the next > person downloading > these emails will ask himself "Did someone let the 9 retards out to play?" > and that I > now make up 11.1% of the stupidity that has taken place today. But it is > worth it say: > > Grow up. > > kenny, > (yeah, maybe reading all that slashdot today wore of on me.. heheh) > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Mon Oct 2 08:02:52 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 2 Oct 2000 09:02:52 -0400 Subject: [pptp-server] Linux Client? References: <002401c02b3b$b65baca0$0200a8c0@patrick> <39D66460.1A5FD3ED@home.com> <001c01c02b65$080f3700$0200a8c0@patrick> <39D6B0ED.640E4E6E@home.com> Message-ID: <004501c02c71$1326a440$330a0a0a@6014cwpza006> Aren't you supposed to put username and password in the chap-secrets file? Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Jerry Vonau" To: "Patrick Childers" Cc: "PPTP List" Sent: Saturday, September 30, 2000 11:35 PM Subject: Re: [pptp-server] Linux Client? > In the /etc/ppp/options file > > lock > noauth > debug > > user USER > password PASSWORD > > noauth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > My client connets to an nt server > Your mileage may vary > > Jerry > > Patrick Childers wrote: > > > Thanks that works, but the server kills my connection because > > I don't authenticate. How to I send my password? > > > > Patrick > > > > SYSLOG: > > Sep 30 22:05:50 phathat pptpd[2700]: CTRL: Starting call (launching pppd, > > opening GRE) > > Sep 30 22:05:50 phathat pppd[2701]: pppd 2.3.10 started by root, uid 0 > > Sep 30 22:05:50 phathat pppd[2701]: Using interface ppp1 > > Sep 30 22:05:50 phathat pppd[2701]: Connect: ppp1 <--> /dev/pts/3 > > Sep 30 22:05:52 phathat pptpd[2700]: GRE: Discarding duplicate packet > > Sep 30 22:05:54 phathat pppd[2701]: peer refused to authenticate: > > terminating link > > Sep 30 22:05:54 phathat pppd[2701]: Connection terminated. > > Sep 30 22:05:54 phathat pppd[2701]: Exit. > > > > ----- Original Message ----- > > From: "Jerry Vonau" > > To: "Patrick Childers" > > Cc: "PPTP List" > > Sent: Saturday, September 30, 2000 3:08 PM > > Subject: Re: [pptp-server] Linux Client? > > > > > Can you post your options file? How are you invoking the client? You > > > have to use all your options on the command line when you start it > > > Something like: /usr/sbin/pptp SERVERIP lock noauth debug user USERNAME > > > +chapms-v2 mppe-128 mppe-stateless noauth Replace UPPERCASE with your > > > stuff. > > > Your mileage may vary. > > > > > > Jerry > > > > > > > > > > > > Patrick Childers wrote: > > > > > > > Thanks to everyone so far for helping me setup our VPN sever, I could > > > > not have gotten this far with the list. But anyway I can't get the > > > > linux pptp client to work on my any system. We are using standard > > > > redhat-6.2 installs. I installed the mppe modules, but the pptp-client > > > > returns that "The remote system is required to authenticate itself but > > > > I counldn't find any suitable secret (password) for it to use to do > > > > so." I assume to is asking for the login/password, but how do I hand > > > > that to the cleint. ThanksPatrick Here is the server's > > > > syslog--------------------------------------------------------------Sep > > > > 30 17:09:32 phathat pptpd[2413]: CTRL: Client 209.187.165.235 control > > > > connection started > > > > Sep 30 17:09:33 phathat pptpd[2413]: CTRL: Starting call (launching > > > > pppd, opening GRE) > > > > Sep 30 17:09:33 phathat pppd[2414]: pppd 2.3.10 started by root, uid 0 > > > > > > > > Sep 30 17:09:33 phathat pppd[2414]: Using interface ppp0 > > > > Sep 30 17:09:33 phathat pppd[2414]: Connect: ppp0 <--> /dev/pts/0 > > > > Sep 30 17:09:36 phathat pptpd[2266]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:09:36 phathat pptpd[2413]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:09:39 phathat pptpd[2266]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:09:39 phathat pptpd[2413]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:09:42 phathat pptpd[2266]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:09:42 phathat pptpd[2413]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:09:45 phathat pptpd[2266]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:09:45 phathat pptpd[2413]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:09:48 phathat pptpd[2266]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:09:48 phathat pptpd[2413]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:10:00 phathat pptpd[2266]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:10:00 phathat pptpd[2413]: GRE: Discarding out of order > > > > packet > > > > Sep 30 17:10:03 phathat pppd[2414]: LCP: timeout sending > > > > Config-Requests > > > > Sep 30 17:10:03 phathat pppd[2414]: Connection terminated. > > > > Sep 30 17:10:03 phathat pppd[2414]: Exit. > > > > Sep 30 17:10:03 phathat pptpd[2413]: GRE: > > > > read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 error > > > > = Input/output error > > > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: PTY read or GRE write > > > > failed (pty,gre)=(4,5) > > > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: Client 209.187.165.235 > > > > control connection finished > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Mon Oct 2 08:07:54 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 2 Oct 2000 09:07:54 -0400 Subject: [pptp-server] Yet Another Stupid Ping Problem References: Message-ID: <006e01c02c71$c6c1f360$330a0a0a@6014cwpza006> Ummm. what exactly is your problem? Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Bill Stephens" To: Sent: Sunday, October 01, 2000 5:06 PM Subject: [pptp-server] Yet Another Stupid Ping Problem > Yes, I did go through the archives, yes I did read the doc, and yes I > probably am a bonehead for just not getting it. The docs and archives did > help, but I'm stuck now. Here's my setup: > > Client(192.168.0.x)---(192.168.0.1-eth1)Firewall(24.7.103.x-eth0)-----(24.4. > x.x-eth0)firewall/vpn(192.168.1.0/24-eth1) > > localip 192.168.1.80-100 > remoteip 192.168.1.70-79 > > Destination client = 192.168.1.5 > > IP Forwarding is turned on, and confirmed. > > I connect fine, I'm able to ping 192.168.1.80 and 70. I'm also able to ping > 192.168.1.1. I'm not receiving any proxyarp errors in the messages file, > and by reading the doc, it appeared that putting the vpn addresses on the > same subnet would remedy any arp issues. I'm also using the ip-up.local > script if that helps any. Any other ideas? > > Thanks, > > Bill Stephens > bsteph at home.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Mon Oct 2 08:10:42 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 2 Oct 2000 09:10:42 -0400 Subject: [pptp-server] User authentication only barrier between a hacker and network References: Message-ID: <007f01c02c72$2b296180$330a0a0a@6014cwpza006> I don't think the application integrates with NT like that. To do so, you'll probably have to buy a commercial product made for NT (unless it can be done with Samba, but I haven't used it so I don't know). As for IPSec, Freeswan is the popular choice. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Steve Cody" To: "PPTP List (E-mail)" Sent: Monday, October 02, 2000 7:48 AM Subject: [pptp-server] User authentication only barrier between a hacker and network > I am trying to weigh the benefits of having easy to use VPN access to my > network for my remote clients, and having username/password authentication > being the only barrier between a hacker and the network. > > I have looked into Ipsec and it looks good and will work for me. I am > looking for the lowest cost, but most functional, solution at the moment. > (I know low cost and functional don't always go together).. :) > > Are there better ways to secure ppp authentication? Can I have the linux > pptp server authenticate users via my NT domain instead of users configured > on the linux box? > > Any help? > > Thanks! > > Steve Cody > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jvonau at home.com Mon Oct 2 08:59:39 2000 From: jvonau at home.com (Jerry Vonau) Date: Mon, 02 Oct 2000 08:59:39 -0500 Subject: [pptp-server] Linux Client? References: <002401c02b3b$b65baca0$0200a8c0@patrick> <39D66460.1A5FD3ED@home.com> <001c01c02b65$080f3700$0200a8c0@patrick> <39D6B0ED.640E4E6E@home.com> <004501c02c71$1326a440$330a0a0a@6014cwpza006> Message-ID: <39D894CA.6A4FFA3@home.com> I was fooling around to get this going, once it hit the magic combo that worked, I didn't change anything and left what I had... I have password entries in the chap-secrets, and ppp.options. I invoke it with the command line. I'm really not to sure which is correct, but I works for me. The "Discarding out of order packet" I found the cause to be in the /var/run/pptp/IP ADDRESS, if this is there before you invoke the client then it fails. Jerry Adam Lang wrote: > Aren't you supposed to put username and password in the chap-secrets file? > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > ----- Original Message ----- > From: "Jerry Vonau" > To: "Patrick Childers" > Cc: "PPTP List" > Sent: Saturday, September 30, 2000 11:35 PM > Subject: Re: [pptp-server] Linux Client? > > > In the /etc/ppp/options file > > > > lock > > noauth > > debug > > > > user USER > > password PASSWORD > > > > noauth > > +chap > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > > > My client connets to an nt server > > Your mileage may vary > > > > Jerry > > > > Patrick Childers wrote: > > > > > Thanks that works, but the server kills my connection because > > > I don't authenticate. How to I send my password? > > > > > > Patrick > > > > > > SYSLOG: > > > Sep 30 22:05:50 phathat pptpd[2700]: CTRL: Starting call (launching > pppd, > > > opening GRE) > > > Sep 30 22:05:50 phathat pppd[2701]: pppd 2.3.10 started by root, uid 0 > > > Sep 30 22:05:50 phathat pppd[2701]: Using interface ppp1 > > > Sep 30 22:05:50 phathat pppd[2701]: Connect: ppp1 <--> /dev/pts/3 > > > Sep 30 22:05:52 phathat pptpd[2700]: GRE: Discarding duplicate packet > > > Sep 30 22:05:54 phathat pppd[2701]: peer refused to authenticate: > > > terminating link > > > Sep 30 22:05:54 phathat pppd[2701]: Connection terminated. > > > Sep 30 22:05:54 phathat pppd[2701]: Exit. > > > > > > ----- Original Message ----- > > > From: "Jerry Vonau" > > > To: "Patrick Childers" > > > Cc: "PPTP List" > > > Sent: Saturday, September 30, 2000 3:08 PM > > > Subject: Re: [pptp-server] Linux Client? > > > > > > > Can you post your options file? How are you invoking the client? You > > > > have to use all your options on the command line when you start it > > > > Something like: /usr/sbin/pptp SERVERIP lock noauth debug user > USERNAME > > > > +chapms-v2 mppe-128 mppe-stateless noauth Replace UPPERCASE with your > > > > stuff. > > > > Your mileage may vary. > > > > > > > > Jerry > > > > > > > > > > > > > > > > Patrick Childers wrote: > > > > > > > > > Thanks to everyone so far for helping me setup our VPN sever, I > could > > > > > not have gotten this far with the list. But anyway I can't get the > > > > > linux pptp client to work on my any system. We are using standard > > > > > redhat-6.2 installs. I installed the mppe modules, but the > pptp-client > > > > > returns that "The remote system is required to authenticate itself > but > > > > > I counldn't find any suitable secret (password) for it to use to do > > > > > so." I assume to is asking for the login/password, but how do I hand > > > > > that to the cleint. ThanksPatrick Here is the server's > > > > > > syslog--------------------------------------------------------------Sep > > > > > 30 17:09:32 phathat pptpd[2413]: CTRL: Client 209.187.165.235 > control > > > > > connection started > > > > > Sep 30 17:09:33 phathat pptpd[2413]: CTRL: Starting call (launching > > > > > pppd, opening GRE) > > > > > Sep 30 17:09:33 phathat pppd[2414]: pppd 2.3.10 started by root, uid > 0 > > > > > > > > > > Sep 30 17:09:33 phathat pppd[2414]: Using interface ppp0 > > > > > Sep 30 17:09:33 phathat pppd[2414]: Connect: ppp0 <--> /dev/pts/0 > > > > > Sep 30 17:09:36 phathat pptpd[2266]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:09:36 phathat pptpd[2413]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:09:39 phathat pptpd[2266]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:09:39 phathat pptpd[2413]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:09:42 phathat pptpd[2266]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:09:42 phathat pptpd[2413]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:09:45 phathat pptpd[2266]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:09:45 phathat pptpd[2413]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:09:48 phathat pptpd[2266]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:09:48 phathat pptpd[2413]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:10:00 phathat pptpd[2266]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:10:00 phathat pptpd[2413]: GRE: Discarding out of order > > > > > packet > > > > > Sep 30 17:10:03 phathat pppd[2414]: LCP: timeout sending > > > > > Config-Requests > > > > > Sep 30 17:10:03 phathat pppd[2414]: Connection terminated. > > > > > Sep 30 17:10:03 phathat pppd[2414]: Exit. > > > > > Sep 30 17:10:03 phathat pptpd[2413]: GRE: > > > > > read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 > error > > > > > = Input/output error > > > > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: PTY read or GRE write > > > > > failed (pty,gre)=(4,5) > > > > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: Client 209.187.165.235 > > > > > control connection finished > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Mon Oct 2 09:20:15 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 2 Oct 2000 10:20:15 -0400 Subject: [pptp-server] Linux Client? References: <002401c02b3b$b65baca0$0200a8c0@patrick> <39D66460.1A5FD3ED@home.com> <001c01c02b65$080f3700$0200a8c0@patrick> <39D6B0ED.640E4E6E@home.com> <004501c02c71$1326a440$330a0a0a@6014cwpza006> <39D894CA.6A4FFA3@home.com> Message-ID: <00db01c02c7b$e2721220$330a0a0a@6014cwpza006> ?? People have been mentioning /var/run lately... the only relevant item I have in there is pptpd.pid. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Jerry Vonau" Cc: "PPTP List" Sent: Monday, October 02, 2000 9:59 AM Subject: Re: [pptp-server] Linux Client? > I was fooling around to get this going, once it hit the magic combo that worked, > I didn't change anything and left what I had... I have password entries in the > chap-secrets, and ppp.options. I invoke it with the command line. I'm really > not to sure which is correct, but I works for me. The "Discarding out of order > packet" I found the cause to be in the /var/run/pptp/IP ADDRESS, if this is > there before you invoke the client then it fails. > > Jerry > > > Adam Lang wrote: > > > Aren't you supposed to put username and password in the chap-secrets file? > > > > Adam Lang > > Systems Engineer > > Rutgers Casualty Insurance Company > > ----- Original Message ----- > > From: "Jerry Vonau" > > To: "Patrick Childers" > > Cc: "PPTP List" > > Sent: Saturday, September 30, 2000 11:35 PM > > Subject: Re: [pptp-server] Linux Client? > > > > > In the /etc/ppp/options file > > > > > > lock > > > noauth > > > debug > > > > > > user USER > > > password PASSWORD > > > > > > noauth > > > +chap > > > +chapms > > > +chapms-v2 > > > mppe-40 > > > mppe-128 > > > mppe-stateless > > > > > > My client connets to an nt server > > > Your mileage may vary > > > > > > Jerry > > > > > > Patrick Childers wrote: > > > > > > > Thanks that works, but the server kills my connection because > > > > I don't authenticate. How to I send my password? > > > > > > > > Patrick > > > > > > > > SYSLOG: > > > > Sep 30 22:05:50 phathat pptpd[2700]: CTRL: Starting call (launching > > pppd, > > > > opening GRE) > > > > Sep 30 22:05:50 phathat pppd[2701]: pppd 2.3.10 started by root, uid 0 > > > > Sep 30 22:05:50 phathat pppd[2701]: Using interface ppp1 > > > > Sep 30 22:05:50 phathat pppd[2701]: Connect: ppp1 <--> /dev/pts/3 > > > > Sep 30 22:05:52 phathat pptpd[2700]: GRE: Discarding duplicate packet > > > > Sep 30 22:05:54 phathat pppd[2701]: peer refused to authenticate: > > > > terminating link > > > > Sep 30 22:05:54 phathat pppd[2701]: Connection terminated. > > > > Sep 30 22:05:54 phathat pppd[2701]: Exit. > > > > > > > > ----- Original Message ----- > > > > From: "Jerry Vonau" > > > > To: "Patrick Childers" > > > > Cc: "PPTP List" > > > > Sent: Saturday, September 30, 2000 3:08 PM > > > > Subject: Re: [pptp-server] Linux Client? > > > > > > > > > Can you post your options file? How are you invoking the client? You > > > > > have to use all your options on the command line when you start it > > > > > Something like: /usr/sbin/pptp SERVERIP lock noauth debug user > > USERNAME > > > > > +chapms-v2 mppe-128 mppe-stateless noauth Replace UPPERCASE with your > > > > > stuff. > > > > > Your mileage may vary. > > > > > > > > > > Jerry > > > > > > > > > > > > > > > > > > > > Patrick Childers wrote: > > > > > > > > > > > Thanks to everyone so far for helping me setup our VPN sever, I > > could > > > > > > not have gotten this far with the list. But anyway I can't get the > > > > > > linux pptp client to work on my any system. We are using standard > > > > > > redhat-6.2 installs. I installed the mppe modules, but the > > pptp-client > > > > > > returns that "The remote system is required to authenticate itself > > but > > > > > > I counldn't find any suitable secret (password) for it to use to do > > > > > > so." I assume to is asking for the login/password, but how do I hand > > > > > > that to the cleint. ThanksPatrick Here is the server's > > > > > > > > syslog--------------------------------------------------------------Sep > > > > > > 30 17:09:32 phathat pptpd[2413]: CTRL: Client 209.187.165.235 > > control > > > > > > connection started > > > > > > Sep 30 17:09:33 phathat pptpd[2413]: CTRL: Starting call (launching > > > > > > pppd, opening GRE) > > > > > > Sep 30 17:09:33 phathat pppd[2414]: pppd 2.3.10 started by root, uid > > 0 > > > > > > > > > > > > Sep 30 17:09:33 phathat pppd[2414]: Using interface ppp0 > > > > > > Sep 30 17:09:33 phathat pppd[2414]: Connect: ppp0 <--> /dev/pts/0 > > > > > > Sep 30 17:09:36 phathat pptpd[2266]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:09:36 phathat pptpd[2413]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:09:39 phathat pptpd[2266]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:09:39 phathat pptpd[2413]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:09:42 phathat pptpd[2266]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:09:42 phathat pptpd[2413]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:09:45 phathat pptpd[2266]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:09:45 phathat pptpd[2413]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:09:48 phathat pptpd[2266]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:09:48 phathat pptpd[2413]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:10:00 phathat pptpd[2266]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:10:00 phathat pptpd[2413]: GRE: Discarding out of order > > > > > > packet > > > > > > Sep 30 17:10:03 phathat pppd[2414]: LCP: timeout sending > > > > > > Config-Requests > > > > > > Sep 30 17:10:03 phathat pppd[2414]: Connection terminated. > > > > > > Sep 30 17:10:03 phathat pppd[2414]: Exit. > > > > > > Sep 30 17:10:03 phathat pptpd[2413]: GRE: > > > > > > read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 > > error > > > > > > = Input/output error > > > > > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: PTY read or GRE write > > > > > > failed (pty,gre)=(4,5) > > > > > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: Client 209.187.165.235 > > > > > > control connection finished > > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From dxf at dewittross.net Mon Oct 2 09:24:59 2000 From: dxf at dewittross.net (Daniell Freed) Date: Mon, 02 Oct 2000 09:24:59 -0500 Subject: [pptp-server] Ipchains - Linux Firewall. References: <000701c02a6b$62996060$0200a8c0@sys1> Message-ID: <39D89ABA.3BF664CA@dewittross.net> You need to install the pptp_masq patch. That should solve the problem. "Danny L. Brow, Jr." wrote: > Hello, > > I am trying to get through my fire wall to connect to a pptp vpn server at > my friends place. I can connect to the system with an internet IP. but When > I try going through my firewall I get an 615 error. Linux ports 47 and 1723 > will not come back to this system, this is what I am not sure the problem > is. I don't want to have to setup all the system on my network, one by one > to have vpn go through the firewall. I would like a one or two line > solutions to it, so I can enter the line and all the systems can go through > the firewall. Or do I have to install the pptp_masq patch to get this to > work? Help me..... > > Thankz > Dan. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! -- Daniell Freed Computer Services Dewitt, Ross, & Stevens S.C. He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you. Beyond Good and Evil Friedrich Wilhelm Nietzche -------------- next part -------------- An HTML attachment was scrubbed... URL: From jvonau at home.com Mon Oct 2 09:36:03 2000 From: jvonau at home.com (Jerry Vonau) Date: Mon, 02 Oct 2000 09:36:03 -0500 Subject: [pptp-server] Linux Client? References: <002401c02b3b$b65baca0$0200a8c0@patrick> <39D66460.1A5FD3ED@home.com> <001c01c02b65$080f3700$0200a8c0@patrick> <39D6B0ED.640E4E6E@home.com> <004501c02c71$1326a440$330a0a0a@6014cwpza006> <39D894CA.6A4FFA3@home.com> <00db01c02c7b$e2721220$330a0a Message-ID: <39D89D53.AA3E74A0@home.com> The client creates it's lock file there.. using the server ip as it's identification. If the client doesn't delete this file when it exits, then you have problems the nest time you start it up. Jerry Adam Lang wrote: > ?? People have been mentioning /var/run lately... the only relevant item I > have in there is pptpd.pid. > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > ----- Original Message ----- > From: "Jerry Vonau" > Cc: "PPTP List" > Sent: Monday, October 02, 2000 9:59 AM > Subject: Re: [pptp-server] Linux Client? > > > I was fooling around to get this going, once it hit the magic combo that > worked, > > I didn't change anything and left what I had... I have password entries in > the > > chap-secrets, and ppp.options. I invoke it with the command line. I'm > really > > not to sure which is correct, but I works for me. The "Discarding out of > order > > packet" I found the cause to be in the /var/run/pptp/IP ADDRESS, if this > is > > there before you invoke the client then it fails. > > > > Jerry > > > > > > Adam Lang wrote: > > > > > Aren't you supposed to put username and password in the chap-secrets > file? > > > > > > Adam Lang > > > Systems Engineer > > > Rutgers Casualty Insurance Company > > > ----- Original Message ----- > > > From: "Jerry Vonau" > > > To: "Patrick Childers" > > > Cc: "PPTP List" > > > Sent: Saturday, September 30, 2000 11:35 PM > > > Subject: Re: [pptp-server] Linux Client? > > > > > > > In the /etc/ppp/options file > > > > > > > > lock > > > > noauth > > > > debug > > > > > > > > user USER > > > > password PASSWORD > > > > > > > > noauth > > > > +chap > > > > +chapms > > > > +chapms-v2 > > > > mppe-40 > > > > mppe-128 > > > > mppe-stateless > > > > > > > > My client connets to an nt server > > > > Your mileage may vary > > > > > > > > Jerry > > > > > > > > Patrick Childers wrote: > > > > > > > > > Thanks that works, but the server kills my connection because > > > > > I don't authenticate. How to I send my password? > > > > > > > > > > Patrick > > > > > > > > > > SYSLOG: > > > > > Sep 30 22:05:50 phathat pptpd[2700]: CTRL: Starting call (launching > > > pppd, > > > > > opening GRE) > > > > > Sep 30 22:05:50 phathat pppd[2701]: pppd 2.3.10 started by root, uid > 0 > > > > > Sep 30 22:05:50 phathat pppd[2701]: Using interface ppp1 > > > > > Sep 30 22:05:50 phathat pppd[2701]: Connect: ppp1 <--> /dev/pts/3 > > > > > Sep 30 22:05:52 phathat pptpd[2700]: GRE: Discarding duplicate > packet > > > > > Sep 30 22:05:54 phathat pppd[2701]: peer refused to authenticate: > > > > > terminating link > > > > > Sep 30 22:05:54 phathat pppd[2701]: Connection terminated. > > > > > Sep 30 22:05:54 phathat pppd[2701]: Exit. > > > > > > > > > > ----- Original Message ----- > > > > > From: "Jerry Vonau" > > > > > To: "Patrick Childers" > > > > > Cc: "PPTP List" > > > > > Sent: Saturday, September 30, 2000 3:08 PM > > > > > Subject: Re: [pptp-server] Linux Client? > > > > > > > > > > > Can you post your options file? How are you invoking the client? > You > > > > > > have to use all your options on the command line when you start it > > > > > > Something like: /usr/sbin/pptp SERVERIP lock noauth debug user > > > USERNAME > > > > > > +chapms-v2 mppe-128 mppe-stateless noauth Replace UPPERCASE with > your > > > > > > stuff. > > > > > > Your mileage may vary. > > > > > > > > > > > > Jerry > > > > > > > > > > > > > > > > > > > > > > > > Patrick Childers wrote: > > > > > > > > > > > > > Thanks to everyone so far for helping me setup our VPN sever, I > > > could > > > > > > > not have gotten this far with the list. But anyway I can't get > the > > > > > > > linux pptp client to work on my any system. We are using > standard > > > > > > > redhat-6.2 installs. I installed the mppe modules, but the > > > pptp-client > > > > > > > returns that "The remote system is required to authenticate > itself > > > but > > > > > > > I counldn't find any suitable secret (password) for it to use to > do > > > > > > > so." I assume to is asking for the login/password, but how do I > hand > > > > > > > that to the cleint. ThanksPatrick Here is the server's > > > > > > > > > > syslog--------------------------------------------------------------Sep > > > > > > > 30 17:09:32 phathat pptpd[2413]: CTRL: Client 209.187.165.235 > > > control > > > > > > > connection started > > > > > > > Sep 30 17:09:33 phathat pptpd[2413]: CTRL: Starting call > (launching > > > > > > > pppd, opening GRE) > > > > > > > Sep 30 17:09:33 phathat pppd[2414]: pppd 2.3.10 started by root, > uid > > > 0 > > > > > > > > > > > > > > Sep 30 17:09:33 phathat pppd[2414]: Using interface ppp0 > > > > > > > Sep 30 17:09:33 phathat pppd[2414]: Connect: ppp0 <--> > /dev/pts/0 > > > > > > > Sep 30 17:09:36 phathat pptpd[2266]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:09:36 phathat pptpd[2413]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:09:39 phathat pptpd[2266]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:09:39 phathat pptpd[2413]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:09:42 phathat pptpd[2266]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:09:42 phathat pptpd[2413]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:09:45 phathat pptpd[2266]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:09:45 phathat pptpd[2413]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:09:48 phathat pptpd[2266]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:09:48 phathat pptpd[2413]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:10:00 phathat pptpd[2266]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:10:00 phathat pptpd[2413]: GRE: Discarding out of > order > > > > > > > packet > > > > > > > Sep 30 17:10:03 phathat pppd[2414]: LCP: timeout sending > > > > > > > Config-Requests > > > > > > > Sep 30 17:10:03 phathat pppd[2414]: Connection terminated. > > > > > > > Sep 30 17:10:03 phathat pppd[2414]: Exit. > > > > > > > Sep 30 17:10:03 phathat pptpd[2413]: GRE: > > > > > > > read(fd=4,buffer=804d7e0,len=8196) from PTY failed: status = -1 > > > error > > > > > > > = Input/output error > > > > > > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: PTY read or GRE write > > > > > > > failed (pty,gre)=(4,5) > > > > > > > Sep 30 17:10:03 phathat pptpd[2413]: CTRL: Client > 209.187.165.235 > > > > > > > control connection finished > > > > > > > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulteconsulting.com! > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Mon Oct 2 10:00:10 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 2 Oct 2000 11:00:10 -0400 Subject: [pptp-server] RedHat 7 Message-ID: <00f601c02c81$75cac440$330a0a0a@6014cwpza006> Does anyone know if anything different needs to be done on a Redhat 7 installation? Adam Lang Systems Engineer Rutgers Casualty Insurance Company From alagana at discmail.com Mon Oct 2 11:00:06 2000 From: alagana at discmail.com (Aldo S. Lagana) Date: Mon, 2 Oct 2000 12:00:06 -0400 Subject: [pptp-server] errors starting pppd... Message-ID: I get these errors in messages when a client tries to connect... pppd[1372]: pppd 2.3.8 started by root, uid 0 pppd[1372]: ioctl(PPPIOCGUNIT): Operation not permitted pppd[1372]: tcsetattr: Operation not permitted pppd[1372]: Exit. Anybody have a clue? And yes I already changed permissions on /usr/sbin/pppd. Aldo S Lagana alagana at DISCmail.com 860 674 0550 www.DISClink.com From aalang at rutgersinsurance.com Mon Oct 2 12:47:03 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 2 Oct 2000 13:47:03 -0400 Subject: [pptp-server] Yet Another Stupid Ping Problem References: <20001002165234.29358.qmail@web2306.mail.yahoo.com> Message-ID: <014b01c02c98$c67b62c0$330a0a0a@6014cwpza006> Do the hosts on your network have a route added so they know how to talk back to the VPN? The VPN almost has to be thought of as a router. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Bill Stephens" To: "Adam Lang" Sent: Monday, October 02, 2000 12:52 PM Subject: Re: [pptp-server] Yet Another Stupid Ping Problem > After connecting, I can ping the server, but no other > hosts on the remote network. > > Thanks, > > Bill > --- Adam Lang wrote: > > Ummm. what exactly is your problem? > > > > > > Adam Lang > > Systems Engineer > > Rutgers Casualty Insurance Company > > ----- Original Message ----- > > From: "Bill Stephens" > > To: > > Sent: Sunday, October 01, 2000 5:06 PM > > Subject: [pptp-server] Yet Another Stupid Ping > > Problem > > > > > > > Yes, I did go through the archives, yes I did read > > the doc, and yes I > > > probably am a bonehead for just not getting it. > > The docs and archives did > > > help, but I'm stuck now. Here's my setup: > > > > > > > > > Client(192.168.0.x)---(192.168.0.1-eth1)Firewall(24.7.103.x-eth0)-----(24.4. > > > x.x-eth0)firewall/vpn(192.168.1.0/24-eth1) > > > > > > localip 192.168.1.80-100 > > > remoteip 192.168.1.70-79 > > > > > > Destination client = 192.168.1.5 > > > > > > IP Forwarding is turned on, and confirmed. > > > > > > I connect fine, I'm able to ping 192.168.1.80 and > > 70. I'm also able to > > ping > > > 192.168.1.1. I'm not receiving any proxyarp > > errors in the messages file, > > > and by reading the doc, it appeared that putting > > the vpn addresses on the > > > same subnet would remedy any arp issues. I'm also > > using the ip-up.local > > > script if that helps any. Any other ideas? > > > > > > Thanks, > > > > > > Bill Stephens > > > bsteph at home.com > > > > > > _______________________________________________ > > > pptp-server maillist - > > pptp-server at lists.schulte.org > > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by > > www.schulteconsulting.com! > > > > _______________________________________________ > > pptp-server maillist - > > pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! > http://photos.yahoo.com/ From phil at vibrationresearch.com Mon Oct 2 12:46:38 2000 From: phil at vibrationresearch.com (Philip Van Baren) Date: Mon, 2 Oct 2000 13:46:38 -0400 Subject: [pptp-server] Fix for out-of-order packets Message-ID: <000301c02c98$b6f1b980$4500a8c0@vibrationresearch.com> I put the latest version of my patch to add packet reordering to the pptpd-1.1.1 source code at: http://www.vibrationresearch.com/pptpd/index.html This patch reorders out-of-order packets so that packets don't get dropped by pptpd when the network delivers some packets out of order. This is basically the same patch as I posted to this list last week, but I've made a couple changes to improve the response when packets are lost. I also added the fix from pptpd-1.0.1 for the infinite loop on disconnect problem. The above web page also has the patch to the ppp_mppe.c source to fix the Compressed Data bug (posted to this list earlier today by Philip Willoughby -- hope you don't mind, Philip). With my patch, plus his patch to ppp_mppe, I can now get encrypted connections working even on a network that drops some packets and delivers lots of packets of out-of-order. On my VPN connection I typically get about 1% to 2% of my packets delivered out-of-order, and this can go above 10% at bad times during the day. I'm curious if I just have lame DSL providers on both ends, or if out-of-order packets is a common problem? Phil Van Baren phil at vibrationresearch.com From ajennamo at uncc.edu Mon Oct 2 12:52:10 2000 From: ajennamo at uncc.edu (Andrew Jesse Ennamorato) Date: Mon, 2 Oct 2000 13:52:10 -0400 (EDT) Subject: [pptp-server] Simple VPN/PPTP Questions Message-ID: <200010021752.NAA03765@ms-sm2.uncc.edu> I thought I had these questions figured out, but I started reading through some documentation if found today and was a lil' confused. If you guys know of a website that can answer my questions, point me to it so I don't waste your time. Here's what I am wondering: Right now, I'm just setting up a "test VPN." I've got a Linux box that will act as the firewall/VPN server, and a Win98 client that will connect to that. I'm pretty sure I understand how to setup the Winbox, but my questions regard the linux machine. My Linux box will have a registered IP, and the Win98 will have a non-registered IP on the same subnetwork. (Like I said, I only want to test at this point now). What do I need to do on the Linux box? If i'm correct, I need to configure the firewall to allow PPTP traffic (which means I need a patch, I think - which one?) and also setup a PPTP server on the Linux box (like PopTop), I believe? Is there anything I am overlooking? Thanks for the help, Andy ajennamo at uncc.edu From jvonau at ramwinn.com Mon Oct 2 14:13:22 2000 From: jvonau at ramwinn.com (Jerry Vonau) Date: Mon, 2 Oct 2000 14:13:22 -0500 Subject: [pptp-server] Chap vs Options Linux client Message-ID: <01C02C7A.ECDCCEE0.jvonau@ramwinn.com> Adam Lang wrote: > Aren't you supposed to put username and password in the chap-secrets file? Upon further testing, It works with out the lines in the options file, you are correct. >But anyway I can't get the linux pptp client to work on my any system. We are using standard redhat-6.2 installs. I installed >the mppe modules, = but the pptp-client returns that "The remote system is required to authenticate itself but I couldn't find >any suitable secret (password) for it to use to do so." I assume to is asking for the login/password, but how do I hand that to >the client. >Thanks Patrick As the client you should not be asking the server to authenticate itself to you, change the "auth" to "noauth" in the options file and on the command line. Jerry From superhero21 at hotmail.com Mon Oct 2 14:36:40 2000 From: superhero21 at hotmail.com (Piti Cherntanomwong) Date: Mon, 02 Oct 2000 19:36:40 GMT Subject: [pptp-server] What is pty? Message-ID: Hi, What is pty? and What site can expliant pty? Thank you Can _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From matthewr at moreton.com.au Mon Oct 2 16:15:54 2000 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon, 2 Oct 2000 15:15:54 -0600 Subject: [pptp-server] Fix for out-of-order packets References: <000301c02c98$b6f1b980$4500a8c0@vibrationresearch.com> Message-ID: <001701c02cb5$fad15760$0300a8c0@lineo> G'day Phil, I'll apply your changes and release 1.1.2 on the poptop.lineo.com web pages. Cheers, -matt ----- Original Message ----- From: Philip Van Baren To: Sent: Monday, October 02, 2000 11:46 AM Subject: [pptp-server] Fix for out-of-order packets > I put the latest version of my patch to add packet reordering to the > pptpd-1.1.1 source code at: > http://www.vibrationresearch.com/pptpd/index.html > > This patch reorders out-of-order packets so that packets don't get dropped > by pptpd when the network delivers some packets out of order. This is > basically the same patch as I posted to this list last week, but I've made a > couple changes to improve the response when packets are lost. I also added > the fix from pptpd-1.0.1 for the infinite loop on disconnect problem. > > The above web page also has the patch to the ppp_mppe.c source to fix the > Compressed Data bug (posted to this list earlier today by Philip > Willoughby -- hope you don't mind, Philip). With my patch, plus his patch > to ppp_mppe, I can now get encrypted connections working even on a network > that drops some packets and delivers lots of packets of out-of-order. > > On my VPN connection I typically get about 1% to 2% of my packets delivered > out-of-order, and this can go above 10% at bad times during the day. I'm > curious if I just have lame DSL providers on both ends, or if out-of-order > packets is a common problem? > > Phil Van Baren > phil at vibrationresearch.com > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From matthewr at moreton.com.au Mon Oct 2 17:32:41 2000 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon, 2 Oct 2000 16:32:41 -0600 Subject: [pptp-server] PoPToP v1.0.1 and PoPToP v1.1.2 References: <000301c02c98$b6f1b980$4500a8c0@vibrationresearch.com> Message-ID: <002501c02cc0$af85d320$0300a8c0@lineo> G'day All, PoPToP v1.0.1 was released sometime back. David Luyer added a fix for the infinite loops connection lost bug. PoPToP v1.1.2 has been released. Philip Van Baren added simple packet reorders on top of Pat's GRE hacks. v1.1.2 also includes the infinite loop fix. The downloads can be found at the new PoPToP web pages at: http://poptop.lineo.com Cheers, Matt From Steve.Cowles at infohiiway.com Mon Oct 2 21:49:51 2000 From: Steve.Cowles at infohiiway.com (Cowles, Steve) Date: Mon, 2 Oct 2000 21:49:51 -0500 Subject: [pptp-server] PoPToP v1.0.1 and PoPToP v1.1.2 Message-ID: <90769AF04F76D41186C700A0C90AFC3EE547@defiant.infohiiway.com> I downloaded PopTop 1.1.2 from the WEB site listed below. When I went to extract the tarball using... tar -xzvf pptpd-1.1.2.tar.gz I got the following message gzip: stdin: not in gzip format tar: Child returned status 1 tar: Error exit delayed from previous errors Using "tar -xvf pptpd-1.1.2.tar.gz" worked OK though. Although I did get an error at the end of the extraction process. .... .... pptpd-1.1.2/html/HOWTO-PoPToP.txt tar: Only read 1988 bytes from archive pptpd-1.1.2.tar.gz tar: Error is not recoverable: exiting now I was able to compile/install PopTop OK though even with the above error. Is anyone else seeing this behavior? Steve Cowles > -----Original Message----- > From: matthewr at moreton.com.au [mailto:matthewr at moreton.com.au] > Sent: Monday, October 02, 2000 5:33 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] PoPToP v1.0.1 and PoPToP v1.1.2 > > > G'day All, > > PoPToP v1.0.1 was released sometime back. David Luyer added a > fix for the infinite loops connection lost bug. > > PoPToP v1.1.2 has been released. Philip Van Baren added simple > packet reorders on top of Pat's GRE hacks. v1.1.2 also includes > the infinite loop fix. > > The downloads can be found at the new PoPToP web pages at: > http://poptop.lineo.com > > Cheers, > Matt From cduffy at ecst.csuchico.edu Mon Oct 2 22:50:52 2000 From: cduffy at ecst.csuchico.edu (Charles C. Duffy) Date: Mon, 2 Oct 2000 20:50:52 -0700 Subject: [pptp-server] PoPToP v1.0.1 and PoPToP v1.1.2 In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE547@defiant.infohiiway.com>; from Steve.Cowles@infohiiway.com on Mon, Oct 02, 2000 at 09:49:51PM -0500 References: <90769AF04F76D41186C700A0C90AFC3EE547@defiant.infohiiway.com> Message-ID: <20001002205052.A24975@ecst.csuchico.edu> You downloaded it with Netscape, right? Netscape sometimes gunzips downloads without telling you -- resulting in, at minimum, the first of those behaviours. Annoying, no? Consider using wget or lftp. On Mon, Oct 02, 2000 at 09:49:51PM -0500, Cowles, Steve wrote: > I downloaded PopTop 1.1.2 from the WEB site listed below. When I went to > extract the tarball using... > > tar -xzvf pptpd-1.1.2.tar.gz > > I got the following message > > gzip: stdin: not in gzip format > tar: Child returned status 1 > tar: Error exit delayed from previous errors > > Using "tar -xvf pptpd-1.1.2.tar.gz" worked OK though. Although I did get an > error at the end of the extraction process. > > .... > .... > pptpd-1.1.2/html/HOWTO-PoPToP.txt > tar: Only read 1988 bytes from archive pptpd-1.1.2.tar.gz > tar: Error is not recoverable: exiting now > > I was able to compile/install PopTop OK though even with the above error. > > Is anyone else seeing this behavior? > > Steve Cowles From Steve.Cowles at infohiiway.com Tue Oct 3 01:46:45 2000 From: Steve.Cowles at infohiiway.com (Cowles, Steve) Date: Tue, 3 Oct 2000 01:46:45 -0500 Subject: [pptp-server] PoPToP v1.0.1 and PoPToP v1.1.2 Message-ID: <90769AF04F76D41186C700A0C90AFC3EE548@defiant.infohiiway.com> > -----Original Message----- > From: Charles C. Duffy [mailto:cduffy at ecst.csuchico.edu] > Sent: Monday, October 02, 2000 10:51 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] PoPToP v1.0.1 and PoPToP v1.1.2 > > > You downloaded it with Netscape, right? No... Internet Explorer 5.5. > > Netscape sometimes gunzips downloads without telling you -- resulting > in, at minimum, the first of those behaviours. Annoying, no? > > Consider using wget or lftp. Hmm... The wget actually worked. Odd that I have never had to use this command before... I download gzipped tarballs all the time using IE5 without any problems what so ever. Steve Cowles > > On Mon, Oct 02, 2000 at 09:49:51PM -0500, Cowles, Steve wrote: > > I downloaded PopTop 1.1.2 from the WEB site listed below. > > When I went to extract the tarball using... > > > > tar -xzvf pptpd-1.1.2.tar.gz > > > > I got the following message > > > > gzip: stdin: not in gzip format > > tar: Child returned status 1 > > tar: Error exit delayed from previous errors > > > > Using "tar -xvf pptpd-1.1.2.tar.gz" worked OK though. > > Although I did get an error at the end of the extraction > > process. > > > > .... > > .... > > pptpd-1.1.2/html/HOWTO-PoPToP.txt > > tar: Only read 1988 bytes from archive pptpd-1.1.2.tar.gz > > tar: Error is not recoverable: exiting now > > > > I was able to compile/install PopTop OK though even with > > the above error. > > > > Is anyone else seeing this behavior? > > > > Steve Cowles From alan at silveregg.co.jp Tue Oct 3 03:45:59 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Tue, 03 Oct 2000 17:45:59 +0900 Subject: [pptp-server] Can't Find PDC ?!? In-Reply-To: <39A3DDCE.CFB61BA8@prodevelop.com.au> Message-ID: <4.2.0.58.J.20001003171823.00a3bef0@papaya.silveregg.co.jp> Hi, Tim, It will be REALLY helpful if you can help me with this. I have just read your mail about PDC. And it seems that you have got the VPN pptp working through Linux ipchains. I have been looking for help around many mailing list but no one out there have had a good solution. My connection to pptpd server was successfully tested LOCALLY but when I put it behind ipchains box, it doesn't work with a 650 error which means the package isn't going through properly. Here is my chains for VPN, $REMOTENET=0/0 $OUTERNET=external IP/netmask $LOCALNET=192.168.0.0/24 $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1723 -j ACCEPT $IPCHAINS -A input -p udp -s $REMOTENET -d $OUTERNET 1723 -j ACCEPT $IPCHAINS -A input -p 47 -s $REMOTENET -d $OUTERNET -j ACCEPT $IPCHAINS -A output -p tcp -s $OUTERNET -d $REMOTENET 1723 -j ACCEPT $IPCHAINS -A output -p udp -s $OUTERNET -d $REMOTENET 1723 -j ACCEPT $IPCHAINS -A output -p 47 -s $OUTERNET -d $REMOTENET -j ACCEPT $IPCHAINS -A forward -p tcp -s $LOCALNET -d $OUTERNET 1723 -j MASQ $IPCHAINS -A forward -p 47 -s $LOCALNET -d $OUTERNET -j MASQ I have also used ipfwd and ipmasqadm for port forwarding: ipfwd --masq --syslog $external_ip_of_VPNserver 47 & ipmasqadm portfw -a -P tcp -L $external_ip_of_VPNserver 1723 -R $internal_ip_of_VPNserver 1723 Everything LOOKS fine but it is not eventually. Here is errot of my dump from log: Sep 25 19:05:59 lemon pptpd[11728]: CTRL: Error with select(), quitting Sep 25 19:05:59 lemon pptpd[11728]: CTRL: Client 211.2.228.95 control connection finished Sep 25 19:05:59 lemon pptpd[11728]: CTRL: Exiting now Sep 25 19:05:59 lemon pptpd[470]: MGR: Reaped child 11728 I think I got connected but failed to pass authentication part. Also, I have been testing samba with this /etc/smb.conf and trying to make computers broweable after VPN connection is built. (I have pptpd and samba server on the same machine) 199.100.7.120 --> external interface of samba server 192.168.0.7 --> internal interface of samba server [global] workgroup = VPN server string = VPN Samba Server hosts allow = 192.168.0. 127. log file = /var/log/samba/log.%m max log size = 50 security = user password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/smbpasswd include = /etc/smb.conf.%m interfaces = 199.100.7.120/24 192.168.0.7/24 remote browse sync = 192.168.0.255 remote announce = 192.168.0.255 domain master = yes preferred master = yes domain logons = yes wins support = yes wins proxy = yes dns proxy = yes Any advise will be truely helpful and thanks in advance. Alan From tdn at stack.ru Tue Oct 3 06:13:33 2000 From: tdn at stack.ru (Dmitry Tolpanov) Date: Tue, 3 Oct 2000 18:13:33 +0700 Subject: [pptp-server] Authentification. Message-ID: <19533626031.20001003181333@cons.tsk.ru> Hi, all. There is a problem with authentification. I have: FreeBSD PPTP server and WinNT client. I've forced them to communicate with each other and client box nave access to the hole net. But it is working without any auth. And now i have to add this feature. I've add the following lines: /etc/ppp/ppp.conf pap: enable pap enable proxy /etc/options auth /etc/pap-secrets STACKLTD\\libra tdn 123 212.20.57.201 Dial account in WinNT have "Allow non crypted passwords" in Security Tab. As i understand that is PAP auth. Trying to connect ... Result: Oct 4 01:01:42 test-bsd pppd[5581]: The remote system is required to authenticate itself Oct 4 01:01:42 test-bsd pppd[5581]: but I couldn't find any suitable secret (password) for it to use to do so. Oct 4 01:01:42 test-bsd pptpd[5580]: GRE: read(fd=4,buffer=804dac0,len=8196) from PTY failed: status = 0 error = No error Oct 4 01:01:42 test-bsd pptpd[5580]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) To my mind PPPD can't allocate password or i'm wrong. Any suggestions. Thanks. Dmitry. From chavant at geosys.fr Tue Oct 3 05:45:00 2000 From: chavant at geosys.fr (Jean-Paul Chavant) Date: Tue, 3 Oct 2000 12:45:00 +0200 Subject: [pptp-server] Error with select() Message-ID: <000001c02d26$fb547fc0$7c03a8c0@pcjpc.geosys.fr> hello, when a client disconnect from my PoPToP server in the pptp.log i get this error : Oct 2 12:26:11 endeavour pptpd[7358]: CTRL: Error with select(), quitting Is It normal ? conf : Linux 2.2.14, ppp 2.3.11 with mppe/chap-ms v2 patch, pptp 1.0.0 JPaul From chavant at geosys.fr Tue Oct 3 05:45:03 2000 From: chavant at geosys.fr (Jean-Paul Chavant) Date: Tue, 3 Oct 2000 12:45:03 +0200 Subject: [pptp-server] Cannot determine ethernet address for proxy ARP Message-ID: <000101c02d26$fc610dc0$7c03a8c0@pcjpc.geosys.fr> Hello, when i connect to my VPN server i got this error : Oct 2 12:26:09 endeavour pppd[7359]: Cannot determine ethernet address for proxy ARP I don't understand why ... :( configuration : linux 2.2.14, ppp 2.3.11 with mppe/chap-ms v2 patch, pptp 1.0.0 /etc/ppp/options debug name endeavour auth require-chap +chap proxyarp <==================== (pppd do proxy arp ...) +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ms-wins 192.168.1.3 lock my arp table on the server : Adresse TypeMap AdresseMat Indicateurs Iface 192.168.1.3 ether 08:00:20:A3:6E:DB C eth0 192.168.0.100 * * MP eth0 192.168.0.101 * * MP eth0 192.168.0.102 * * MP eth0 192.168.0.103 * * MP eth0 in my ip-up.local script i launch : arp --set $REMOTE_IP_ADDRESS 00:80:C8:6A:92:A9 pub >> /var/log/ppp.log (00:80:C8:6A:92:A9 is the MAC address of the interface of my VPN server which is on my private LAN, is it correct ?) (internet)----[VPN SERVER]----LAN----[192.168.1.x]----(router)----[192.168.3.x] | | x.x.x.x 192.168.1.252 (00:80:C8:6A:92:A9) another question is : - i can ping any network/computer when a win95 client (DUN 1.3 + 128bit patch) - i can only ping network/computer on network 192.168.1.x with a win98 client (win98 client + patch vpnupd.exe) this problem is a known problem of win98 or it is because my proxy ARP doesn't work well ? someone can help me please ? JPaul From aalang at rutgersinsurance.com Tue Oct 3 07:54:05 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Tue, 3 Oct 2000 08:54:05 -0400 Subject: [pptp-server] Yet Another Stupid Ping Problem References: Message-ID: <004701c02d39$0304b5c0$330a0a0a@6014cwpza006> Granted they are IP on the same subnet, but to get to the VPN "physical" area, the packets have to be routed through the VPN server. As for being cumbersome, that is what default gateways are for. Also, typically in a VPN setup, the person connecting in doesn't need to access every single computer in the network. You only need to worry about the systems that they need access from... like File servers, email, etc. Again though, that is what a default gateway is for. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Bill Stephens" To: "Adam Lang" Sent: Monday, October 02, 2000 5:53 PM Subject: RE: [pptp-server] Yet Another Stupid Ping Problem > I haven't added anything to the remote clients. I just assumed since they > were on the same subnet, they would appear local, not needing a router. Am > I way off base, or do I need to add a host route for every incoming host? > That would seem pretty cumbersome if I had a large quantity of incoming > hosts, not that I do. > > -Bill > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Adam Lang > Sent: Monday, October 02, 2000 12:47 PM > To: Pptp > Subject: Re: [pptp-server] Yet Another Stupid Ping Problem > > > Do the hosts on your network have a route added so they know how to talk > back to the VPN? The VPN almost has to be thought of as a router. > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > ----- Original Message ----- > From: "Bill Stephens" > To: "Adam Lang" > Sent: Monday, October 02, 2000 12:52 PM > Subject: Re: [pptp-server] Yet Another Stupid Ping Problem > > > > After connecting, I can ping the server, but no other > > hosts on the remote network. > > > > Thanks, > > > > Bill > > --- Adam Lang wrote: > > > Ummm. what exactly is your problem? > > > > > > > > > Adam Lang > > > Systems Engineer > > > Rutgers Casualty Insurance Company > > > ----- Original Message ----- > > > From: "Bill Stephens" > > > To: > > > Sent: Sunday, October 01, 2000 5:06 PM > > > Subject: [pptp-server] Yet Another Stupid Ping > > > Problem > > > > > > > > > > Yes, I did go through the archives, yes I did read > > > the doc, and yes I > > > > probably am a bonehead for just not getting it. > > > The docs and archives did > > > > help, but I'm stuck now. Here's my setup: > > > > > > > > > > > > > > Client(192.168.0.x)---(192.168.0.1-eth1)Firewall(24.7.103.x-eth0)-----(24.4. > > > > x.x-eth0)firewall/vpn(192.168.1.0/24-eth1) > > > > > > > > localip 192.168.1.80-100 > > > > remoteip 192.168.1.70-79 > > > > > > > > Destination client = 192.168.1.5 > > > > > > > > IP Forwarding is turned on, and confirmed. > > > > > > > > I connect fine, I'm able to ping 192.168.1.80 and > > > 70. I'm also able to > > > ping > > > > 192.168.1.1. I'm not receiving any proxyarp > > > errors in the messages file, > > > > and by reading the doc, it appeared that putting > > > the vpn addresses on the > > > > same subnet would remedy any arp issues. I'm also > > > using the ip-up.local > > > > script if that helps any. Any other ideas? > > > > > > > > Thanks, > > > > > > > > Bill Stephens > > > > bsteph at home.com > > > > > > > > _______________________________________________ > > > > pptp-server maillist - > > > pptp-server at lists.schulte.org > > > > > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by > > > www.schulteconsulting.com! > > > > > > _______________________________________________ > > > pptp-server maillist - > > > pptp-server at lists.schulte.org > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! > > http://photos.yahoo.com/ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Tue Oct 3 07:57:12 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Tue, 3 Oct 2000 08:57:12 -0400 Subject: [pptp-server] Yet Another Stupid Ping Problem References: Message-ID: <004b01c02d39$72e267c0$330a0a0a@6014cwpza006> Also... you don't set the routing entry to the IP of the incoming clients... you set it to the internal IP of the VPN server. It's job is to route the appropriate packets to the incoming clients. if your vpn has two NICs, internally 10.10.10.10 and externally 2.2.2.2 and your VPN subnet is 192.168.0.x, then all the systems on your 10.10.10.x network only need a route to 10.10.10.10 for all packets designated for the 192.168.0.0 network. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Bill Stephens" To: "Adam Lang" Sent: Monday, October 02, 2000 5:53 PM Subject: RE: [pptp-server] Yet Another Stupid Ping Problem > I haven't added anything to the remote clients. I just assumed since they > were on the same subnet, they would appear local, not needing a router. Am > I way off base, or do I need to add a host route for every incoming host? > That would seem pretty cumbersome if I had a large quantity of incoming > hosts, not that I do. > > -Bill > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Adam Lang > Sent: Monday, October 02, 2000 12:47 PM > To: Pptp > Subject: Re: [pptp-server] Yet Another Stupid Ping Problem > > > Do the hosts on your network have a route added so they know how to talk > back to the VPN? The VPN almost has to be thought of as a router. > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > ----- Original Message ----- > From: "Bill Stephens" > To: "Adam Lang" > Sent: Monday, October 02, 2000 12:52 PM > Subject: Re: [pptp-server] Yet Another Stupid Ping Problem > > > > After connecting, I can ping the server, but no other > > hosts on the remote network. > > > > Thanks, > > > > Bill > > --- Adam Lang wrote: > > > Ummm. what exactly is your problem? > > > > > > > > > Adam Lang > > > Systems Engineer > > > Rutgers Casualty Insurance Company > > > ----- Original Message ----- > > > From: "Bill Stephens" > > > To: > > > Sent: Sunday, October 01, 2000 5:06 PM > > > Subject: [pptp-server] Yet Another Stupid Ping > > > Problem > > > > > > > > > > Yes, I did go through the archives, yes I did read > > > the doc, and yes I > > > > probably am a bonehead for just not getting it. > > > The docs and archives did > > > > help, but I'm stuck now. Here's my setup: > > > > > > > > > > > > > > Client(192.168.0.x)---(192.168.0.1-eth1)Firewall(24.7.103.x-eth0)-----(24.4. > > > > x.x-eth0)firewall/vpn(192.168.1.0/24-eth1) > > > > > > > > localip 192.168.1.80-100 > > > > remoteip 192.168.1.70-79 > > > > > > > > Destination client = 192.168.1.5 > > > > > > > > IP Forwarding is turned on, and confirmed. > > > > > > > > I connect fine, I'm able to ping 192.168.1.80 and > > > 70. I'm also able to > > > ping > > > > 192.168.1.1. I'm not receiving any proxyarp > > > errors in the messages file, > > > > and by reading the doc, it appeared that putting > > > the vpn addresses on the > > > > same subnet would remedy any arp issues. I'm also > > > using the ip-up.local > > > > script if that helps any. Any other ideas? > > > > > > > > Thanks, > > > > > > > > Bill Stephens > > > > bsteph at home.com > > > > > > > > _______________________________________________ > > > > pptp-server maillist - > > > pptp-server at lists.schulte.org > > > > > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by > > > www.schulteconsulting.com! > > > > > > _______________________________________________ > > > pptp-server maillist - > > > pptp-server at lists.schulte.org > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! > > http://photos.yahoo.com/ > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From dpg at mistec.com Tue Oct 3 08:50:38 2000 From: dpg at mistec.com (dpg) Date: Tue, 03 Oct 2000 08:50:38 -0500 Subject: [pptp-server] pptp for first time Message-ID: <200010031343.e93Dh5C09161@snaildust.schulte.org> I have setup the pptp on a redhat 6.2 server. kernel 2.2.16-9. When I try connecting with a win98se workstation to connects and disconnects. I check the ip address and it shows the correct address but shows lease time of ip address from 01 01 80 12:00am to 01 01 80 12:00am. I think that is why I am getting disconnected. Any Ideas? Thanks Doyle Glaze dpg at mistec.com From dpg at mistec.com Tue Oct 3 08:57:23 2000 From: dpg at mistec.com (dpg) Date: Tue, 03 Oct 2000 08:57:23 -0500 Subject: [pptp-server] options file Message-ID: <200010031350.e93DojO09291@snaildust.schulte.org> I dont understand what the options file is. I dont have any files under /etc/ppp/ called options. Do I have to create one and if so what needs to be in it? Do you have a sample file so I may see what is in the options file? Thanks Again Doyle Glaze dpg at mistec.com From dpg at mistec.com Tue Oct 3 09:16:44 2000 From: dpg at mistec.com (dpg) Date: Tue, 03 Oct 2000 09:16:44 -0500 Subject: [pptp-server] pptp for first time-2 Message-ID: <200010031409.e93E9E609486@snaildust.schulte.org> I am getting also in the /var/log/pptpd.log the error Peer is not authorized to use remote address... Thanks Doyle Glaze dpg at mistec.com From mtr at iwk.dk Tue Oct 3 09:33:49 2000 From: mtr at iwk.dk (Morten Troen) Date: Tue, 3 Oct 2000 16:33:49 +0200 Subject: [pptp-server] options file References: <200010031350.e93DojO09291@snaildust.schulte.org> Message-ID: <001d01c02d46$f1ec26c0$019b11ac@IDANTDOM> Hi Doyle Glaze, yes you create a options file, you can look at http://www.moretonbay.com/vpn/releases/PoPToP-RedHat-HOWTO.txt to see what it should contain : lock debug auth +chap proxyarp I didn't use proxyarp, and I don't really know what it affects. the other question you should also see in the how to about authentication. ----- Original Message ----- From: "dpg" To: Sent: Tuesday, October 03, 2000 3:57 PM Subject: [pptp-server] options file > > I dont understand what the options file is. I dont have any files > under /etc/ppp/ called options. Do I have to create one and if so what > needs to be in it? Do you have a sample file so I may see what is in the > options file? > > > Thanks Again > Doyle Glaze > dpg at mistec.com > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From chavant at geosys.fr Tue Oct 3 10:30:17 2000 From: chavant at geosys.fr (Jean-Paul Chavant) Date: Tue, 3 Oct 2000 17:30:17 +0200 Subject: [pptp-server] neibourhood network problem ... Message-ID: <002201c02d4e$d4ffb240$7c03a8c0@pcjpc.geosys.fr> hello, My VPN connexion works very well. BUT, when i browse the network from my client with the neibourhood network i see only me (the client) (RQ : i see only one time all the computer in the window. after deconnecting and re connecting i see nothing ...). When i execute \\computer_name, a windows is openned and i see shares (but the computer doesn't appears in the neibourhood network window ...). I ve made a tcpdump on the ppp interface of the connection. here is the result : my client is 192.168.0.100 my server ppp is 192.168.0.1 my wins is 192.168.1.3 and 192.168.3.2 tcpdump: listening on ppp0 17:24:41.715057 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp 177 17:24:41.715107 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 unreachable [tos 0xc0] 17:24:41.733422 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp 177 17:24:41.733466 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 unreachable [tos 0xc0] 17:24:42.227152 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp 177 17:24:42.227198 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 unreachable [tos 0xc0] 17:24:42.240954 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp 177 17:24:42.734865 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp 177 17:24:42.734926 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 unreachable [tos 0xc0] 17:24:42.748635 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp 177 17:24:43.242621 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp 177 17:24:43.242680 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 unreachable [tos 0xc0] 17:24:43.256246 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp 177 17:24:43.750179 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp 177 17:24:43.750238 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 unreachable [tos 0xc0] 17:24:43.764065 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp 177 17:24:44.257925 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp 200 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 unreachable [tos 0xc0] 17:24:44.271527 192.168.0.100.netbios-ns > 192.168.3.2.netbios-ns: udp 50 17:24:44.272127 192.168.3.2.netbios-ns > 192.168.0.100.netbios-ns: udp 62 (DF) 17:24:44.286659 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: S 2250926:2250926(0) win 8192 (DF) [tos 0xb4] 17:24:44.287819 192.168.1.106.netbios-ssn > 192.168.0.100.1063: S 34150685:34150685(0) ack 2250927 win 8532 (DF) 17:24:44.298899 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 1 win 8532 (DF) [tos 0xb4] 17:24:44.311924 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P 1:73(72) ack 1 win 8532 (DF) [tos 0xb4] 17:24:44.312348 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 1:5(4) ack 73 win 8460 (DF) 17:24:44.449233 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 5 win 8528 (DF) [tos 0xb4] 17:24:45.012402 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P 73:231(158) ack 5 win 8528 (DF) [tos 0xb4] 17:24:45.013063 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 5:86(81) ack 231 win 8302 (DF) 17:24:45.027746 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P 231:384(153) ack 86 win 8447 (DF) [tos 0xb4] 17:24:45.032217 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 86:142(56) ack 384 win 8149 (DF) 17:24:45.040314 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P 384:483(99) ack 142 win 8391 (DF) [tos 0xb4] 17:24:45.040911 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 142:252(110) ack 483 win 8050 (DF) 17:24:45.062483 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P 483:582(99) ack 252 win 8281 (DF) [tos 0xb4] 17:24:45.063076 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 252:358(106) ack 582 win 7951 (DF) 17:24:45.082843 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P 582:681(99) ack 358 win 8175 (DF) [tos 0xb4] 17:24:45.083406 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 358:468(110) ack 681 win 7852 (DF) 17:24:45.204080 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 468 win 8065 (DF) [tos 0xb4] 17:24:47.152517 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P 681:720(39) ack 468 win 8065 (DF) [tos 0xb4] 17:24:47.152980 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 468:507(39) ack 720 win 7813 (DF) 17:24:47.166714 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: F 720:720(0) ack 507 win 8026 (DF) [tos 0xb4] 17:24:47.167059 192.168.1.106.netbios-ssn > 192.168.0.100.1063: F 507:507(0) ack 721 win 7813 (DF) 17:24:47.180298 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 508 win 8026 (DF) [tos 0xb4] 46 packets received by filter 0 packets dropped by kernel first : why my client ask for 192.168.3.191 ? this computer & IP doesn't exist !!! in the tcpdump whet does means the last number ? 17:24:43.764065 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp 177 ^^^ Why i have this error : 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 unreachable [tos 0xc0] ? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ JPaul From aalang at rutgersinsurance.com Tue Oct 3 11:41:07 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Tue, 3 Oct 2000 12:41:07 -0400 Subject: [pptp-server] neibourhood network problem ... References: <002201c02d4e$d4ffb240$7c03a8c0@pcjpc.geosys.fr> Message-ID: <009f01c02d58$bb636840$330a0a0a@6014cwpza006> Network neighborhood uses netbuei, correct? Net beui is non routing, so it can't broadcast into that network to find the other shares. That would be my theory. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Jean-Paul Chavant" To: "Pptp" Sent: Tuesday, October 03, 2000 11:30 AM Subject: [pptp-server] neibourhood network problem ... > hello, > > My VPN connexion works very well. BUT, when i browse the network from my > client with the neibourhood network i see only me (the client) (RQ : i see > only one time all the computer in the window. after deconnecting and re > connecting i see nothing ...). When i execute \\computer_name, a windows is > openned and i see shares (but the computer doesn't appears in the > neibourhood network window ...). > > I ve made a tcpdump on the ppp interface of the connection. here is the > result : > > my client is 192.168.0.100 > my server ppp is 192.168.0.1 > my wins is 192.168.1.3 and 192.168.3.2 > > tcpdump: listening on ppp0 > 17:24:41.715057 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:41.715107 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:41.733422 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:41.733466 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:42.227152 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:42.227198 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:42.240954 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > 177 > 17:24:42.734865 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:42.734926 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:42.748635 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > 177 > 17:24:43.242621 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:43.242680 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:43.256246 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > 177 > 17:24:43.750179 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:43.750238 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:43.764065 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > 177 > 17:24:44.257925 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 200 > 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:44.271527 192.168.0.100.netbios-ns > 192.168.3.2.netbios-ns: udp 50 > 17:24:44.272127 192.168.3.2.netbios-ns > 192.168.0.100.netbios-ns: udp 62 > (DF) > 17:24:44.286659 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: S > 2250926:2250926(0) win 8192 0,nop,nop,sackOK> (DF) [tos 0xb4] > 17:24:44.287819 192.168.1.106.netbios-ssn > 192.168.0.100.1063: S > 34150685:34150685(0) ack 2250927 win 8532 (DF) > 17:24:44.298899 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 1 win > 8532 (DF) [tos 0xb4] > 17:24:44.311924 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P 1:73(72) > ack 1 win 8532 (DF) [tos 0xb4] > 17:24:44.312348 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 1:5(4) ack > 73 win 8460 (DF) > 17:24:44.449233 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 5 win > 8528 (DF) [tos 0xb4] > 17:24:45.012402 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 73:231(158) ack 5 win 8528 (DF) [tos 0xb4] > 17:24:45.013063 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 5:86(81) > ack 231 win 8302 (DF) > 17:24:45.027746 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 231:384(153) ack 86 win 8447 (DF) [tos 0xb4] > 17:24:45.032217 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 86:142(56) > ack 384 win 8149 (DF) > 17:24:45.040314 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 384:483(99) ack 142 win 8391 (DF) [tos 0xb4] > 17:24:45.040911 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > 142:252(110) ack 483 win 8050 (DF) > 17:24:45.062483 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 483:582(99) ack 252 win 8281 (DF) [tos 0xb4] > 17:24:45.063076 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > 252:358(106) ack 582 win 7951 (DF) > 17:24:45.082843 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 582:681(99) ack 358 win 8175 (DF) [tos 0xb4] > 17:24:45.083406 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > 358:468(110) ack 681 win 7852 (DF) > 17:24:45.204080 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 468 > win 8065 (DF) [tos 0xb4] > 17:24:47.152517 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 681:720(39) ack 468 win 8065 (DF) [tos 0xb4] > 17:24:47.152980 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > 468:507(39) ack 720 win 7813 (DF) > 17:24:47.166714 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: F 720:720(0) > ack 507 win 8026 (DF) [tos 0xb4] > 17:24:47.167059 192.168.1.106.netbios-ssn > 192.168.0.100.1063: F 507:507(0) > ack 721 win 7813 (DF) > 17:24:47.180298 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 508 > win 8026 (DF) [tos 0xb4] > > 46 packets received by filter > 0 packets dropped by kernel > > > first : why my client ask for 192.168.3.191 ? this computer & IP doesn't > exist !!! > > in the tcpdump whet does means the last number ? > 17:24:43.764065 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > 177 > > ^^^ > > Why i have this error : 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: > net 192.168.0.255 unreachable [tos 0xc0] ? > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > JPaul > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From SCody at Gulbrandsen.com Tue Oct 3 12:22:30 2000 From: SCody at Gulbrandsen.com (Steve Cody) Date: Tue, 3 Oct 2000 13:22:30 -0400 Subject: [pptp-server] neibourhood network problem ... Message-ID: The Network Neighborhood is a list of the systems that the Master Browser knows about. It does not rely on Netbeui to work, but Netbios. The entries in the tcp dump were Netbios broadcasts. If your client computer cannot communicate with the Master Browser, or thinks it is the Master Browser, then it will not have a list of computers, or may take awhile to build a list (if the broadcasts work). The best way for you to be able to browse the Network Neighborhood would be to use a WINS server. The other method is to set up lmhosts files on each client (or just the remote pptp client(s)). The Network Neighborhood doens't need to be crucial to your network access. You said that you could access the computers by doing a \\computername at the RUN menu. One other thing, if you try to access a computer that way and receive an error, it may be because it can't resolve the IP address from the Netbios name of the computer. In those cases, you can type \\ipaddressofserver at the RUN menu and access the resources that way. When viewing the resources of another computer using this method, you can map network drives to their resources to make the connections easier in the future, and you can also drag the shared folder to your desktop to create a shortcut to it. The browsing problem you are having is a Windows issue, not a pptp issue. If you need any more help, let me know and I'll send you some Microsoft Qxxxxxx articles on it. I hope this was of some assistance to you. Steve Cody, MCSE Information Systems Administrator Gulbrandsen Manufacturing, Inc. Office - 803.531.2413 x102 Email - scody at gulbrandsen.com -----Original Message----- From: Adam Lang [mailto:aalang at rutgersinsurance.com] Sent: Tuesday, October 03, 2000 12:41 PM To: Pptp Subject: Re: [pptp-server] neibourhood network problem ... Network neighborhood uses netbuei, correct? Net beui is non routing, so it can't broadcast into that network to find the other shares. That would be my theory. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Jean-Paul Chavant" To: "Pptp" Sent: Tuesday, October 03, 2000 11:30 AM Subject: [pptp-server] neibourhood network problem ... > hello, > > My VPN connexion works very well. BUT, when i browse the network from my > client with the neibourhood network i see only me (the client) (RQ : i see > only one time all the computer in the window. after deconnecting and re > connecting i see nothing ...). When i execute \\computer_name, a windows is > openned and i see shares (but the computer doesn't appears in the > neibourhood network window ...). > > I ve made a tcpdump on the ppp interface of the connection. here is the > result : > > my client is 192.168.0.100 > my server ppp is 192.168.0.1 > my wins is 192.168.1.3 and 192.168.3.2 > > tcpdump: listening on ppp0 > 17:24:41.715057 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:41.715107 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:41.733422 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:41.733466 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:42.227152 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:42.227198 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:42.240954 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > 177 > 17:24:42.734865 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:42.734926 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:42.748635 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > 177 > 17:24:43.242621 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:43.242680 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:43.256246 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > 177 > 17:24:43.750179 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 177 > 17:24:43.750238 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:43.764065 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > 177 > 17:24:44.257925 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > 200 > 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > unreachable [tos 0xc0] > 17:24:44.271527 192.168.0.100.netbios-ns > 192.168.3.2.netbios-ns: udp 50 > 17:24:44.272127 192.168.3.2.netbios-ns > 192.168.0.100.netbios-ns: udp 62 > (DF) > 17:24:44.286659 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: S > 2250926:2250926(0) win 8192 0,nop,nop,sackOK> (DF) [tos 0xb4] > 17:24:44.287819 192.168.1.106.netbios-ssn > 192.168.0.100.1063: S > 34150685:34150685(0) ack 2250927 win 8532 (DF) > 17:24:44.298899 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 1 win > 8532 (DF) [tos 0xb4] > 17:24:44.311924 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P 1:73(72) > ack 1 win 8532 (DF) [tos 0xb4] > 17:24:44.312348 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 1:5(4) ack > 73 win 8460 (DF) > 17:24:44.449233 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 5 win > 8528 (DF) [tos 0xb4] > 17:24:45.012402 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 73:231(158) ack 5 win 8528 (DF) [tos 0xb4] > 17:24:45.013063 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 5:86(81) > ack 231 win 8302 (DF) > 17:24:45.027746 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 231:384(153) ack 86 win 8447 (DF) [tos 0xb4] > 17:24:45.032217 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 86:142(56) > ack 384 win 8149 (DF) > 17:24:45.040314 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 384:483(99) ack 142 win 8391 (DF) [tos 0xb4] > 17:24:45.040911 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > 142:252(110) ack 483 win 8050 (DF) > 17:24:45.062483 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 483:582(99) ack 252 win 8281 (DF) [tos 0xb4] > 17:24:45.063076 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > 252:358(106) ack 582 win 7951 (DF) > 17:24:45.082843 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 582:681(99) ack 358 win 8175 (DF) [tos 0xb4] > 17:24:45.083406 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > 358:468(110) ack 681 win 7852 (DF) > 17:24:45.204080 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 468 > win 8065 (DF) [tos 0xb4] > 17:24:47.152517 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > 681:720(39) ack 468 win 8065 (DF) [tos 0xb4] > 17:24:47.152980 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > 468:507(39) ack 720 win 7813 (DF) > 17:24:47.166714 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: F 720:720(0) > ack 507 win 8026 (DF) [tos 0xb4] > 17:24:47.167059 192.168.1.106.netbios-ssn > 192.168.0.100.1063: F 507:507(0) > ack 721 win 7813 (DF) > 17:24:47.180298 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 508 > win 8026 (DF) [tos 0xb4] > > 46 packets received by filter > 0 packets dropped by kernel > > > first : why my client ask for 192.168.3.191 ? this computer & IP doesn't > exist !!! > > in the tcpdump whet does means the last number ? > 17:24:43.764065 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > 177 > > ^^^ > > Why i have this error : 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: > net 192.168.0.255 unreachable [tos 0xc0] ? > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > JPaul > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Tue Oct 3 13:09:11 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Tue, 3 Oct 2000 14:09:11 -0400 Subject: [pptp-server] neibourhood network problem ... References: Message-ID: <012e01c02d65$08672c60$330a0a0a@6014cwpza006> Netbeui, netbios.. tomato.. tomatoe... The point is that those packets are non routable so there is no way to poll the master browser if it resides on the side of the network past the VPN server. Unless he does what you recommended (which depends on how complicated his network is...) he isn't going to browse the network neighborhood. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Steve Cody" To: "PPTP List (E-mail)" Sent: Tuesday, October 03, 2000 1:22 PM Subject: RE: [pptp-server] neibourhood network problem ... > The Network Neighborhood is a list of the systems that the Master Browser > knows about. It does not rely on Netbeui to work, but Netbios. The entries > in the tcp dump were Netbios broadcasts. If your client computer cannot > communicate with the Master Browser, or thinks it is the Master Browser, > then it will not have a list of computers, or may take awhile to build a > list (if the broadcasts work). > > The best way for you to be able to browse the Network Neighborhood would be > to use a WINS server. The other method is to set up lmhosts files on each > client (or just the remote pptp client(s)). The Network Neighborhood > doens't need to be crucial to your network access. You said that you could > access the computers by doing a \\computername at the RUN menu. One other > thing, if you try to access a computer that way and receive an error, it may > be because it can't resolve the IP address from the Netbios name of the > computer. In those cases, you can type \\ipaddressofserver at the RUN menu > and access the resources that way. When viewing the resources of another > computer using this method, you can map network drives to their resources to > make the connections easier in the future, and you can also drag the shared > folder to your desktop to create a shortcut to it. > > The browsing problem you are having is a Windows issue, not a pptp issue. > If you need any more help, let me know and I'll send you some Microsoft > Qxxxxxx articles on it. > > I hope this was of some assistance to you. > > Steve Cody, MCSE > Information Systems Administrator > Gulbrandsen Manufacturing, Inc. > Office - 803.531.2413 x102 > Email - scody at gulbrandsen.com > > > -----Original Message----- > From: Adam Lang [mailto:aalang at rutgersinsurance.com] > Sent: Tuesday, October 03, 2000 12:41 PM > To: Pptp > Subject: Re: [pptp-server] neibourhood network problem ... > > > Network neighborhood uses netbuei, correct? Net beui is non routing, so it > can't broadcast into that network to find the other shares. > > That would be my theory. > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > ----- Original Message ----- > From: "Jean-Paul Chavant" > To: "Pptp" > Sent: Tuesday, October 03, 2000 11:30 AM > Subject: [pptp-server] neibourhood network problem ... > > > > hello, > > > > My VPN connexion works very well. BUT, when i browse the network from my > > client with the neibourhood network i see only me (the client) (RQ : i see > > only one time all the computer in the window. after deconnecting and re > > connecting i see nothing ...). When i execute \\computer_name, a windows > is > > openned and i see shares (but the computer doesn't appears in the > > neibourhood network window ...). > > > > I ve made a tcpdump on the ppp interface of the connection. here is the > > result : > > > > my client is 192.168.0.100 > > my server ppp is 192.168.0.1 > > my wins is 192.168.1.3 and 192.168.3.2 > > > > tcpdump: listening on ppp0 > > 17:24:41.715057 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > > 177 > > 17:24:41.715107 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > > unreachable [tos 0xc0] > > 17:24:41.733422 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > > 177 > > 17:24:41.733466 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > > unreachable [tos 0xc0] > > 17:24:42.227152 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > > 177 > > 17:24:42.227198 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > > unreachable [tos 0xc0] > > 17:24:42.240954 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > > 177 > > 17:24:42.734865 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > > 177 > > 17:24:42.734926 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > > unreachable [tos 0xc0] > > 17:24:42.748635 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > > 177 > > 17:24:43.242621 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > > 177 > > 17:24:43.242680 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > > unreachable [tos 0xc0] > > 17:24:43.256246 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > > 177 > > 17:24:43.750179 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > > 177 > > 17:24:43.750238 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > > unreachable [tos 0xc0] > > 17:24:43.764065 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > > 177 > > 17:24:44.257925 192.168.0.100.netbios-dgm > 192.168.0.255.netbios-dgm: udp > > 200 > > 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 > > unreachable [tos 0xc0] > > 17:24:44.271527 192.168.0.100.netbios-ns > 192.168.3.2.netbios-ns: udp 50 > > 17:24:44.272127 192.168.3.2.netbios-ns > 192.168.0.100.netbios-ns: udp 62 > > (DF) > > 17:24:44.286659 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: S > > 2250926:2250926(0) win 8192 > 0,nop,nop,sackOK> (DF) [tos 0xb4] > > 17:24:44.287819 192.168.1.106.netbios-ssn > 192.168.0.100.1063: S > > 34150685:34150685(0) ack 2250927 win 8532 (DF) > > 17:24:44.298899 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 1 > win > > 8532 (DF) [tos 0xb4] > > 17:24:44.311924 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P 1:73(72) > > ack 1 win 8532 (DF) [tos 0xb4] > > 17:24:44.312348 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 1:5(4) > ack > > 73 win 8460 (DF) > > 17:24:44.449233 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 5 > win > > 8528 (DF) [tos 0xb4] > > 17:24:45.012402 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > > 73:231(158) ack 5 win 8528 (DF) [tos 0xb4] > > 17:24:45.013063 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P 5:86(81) > > ack 231 win 8302 (DF) > > 17:24:45.027746 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > > 231:384(153) ack 86 win 8447 (DF) [tos 0xb4] > > 17:24:45.032217 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > 86:142(56) > > ack 384 win 8149 (DF) > > 17:24:45.040314 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > > 384:483(99) ack 142 win 8391 (DF) [tos 0xb4] > > 17:24:45.040911 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > > 142:252(110) ack 483 win 8050 (DF) > > 17:24:45.062483 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > > 483:582(99) ack 252 win 8281 (DF) [tos 0xb4] > > 17:24:45.063076 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > > 252:358(106) ack 582 win 7951 (DF) > > 17:24:45.082843 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > > 582:681(99) ack 358 win 8175 (DF) [tos 0xb4] > > 17:24:45.083406 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > > 358:468(110) ack 681 win 7852 (DF) > > 17:24:45.204080 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 468 > > win 8065 (DF) [tos 0xb4] > > 17:24:47.152517 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > > 681:720(39) ack 468 win 8065 (DF) [tos 0xb4] > > 17:24:47.152980 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > > 468:507(39) ack 720 win 7813 (DF) > > 17:24:47.166714 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: F > 720:720(0) > > ack 507 win 8026 (DF) [tos 0xb4] > > 17:24:47.167059 192.168.1.106.netbios-ssn > 192.168.0.100.1063: F > 507:507(0) > > ack 721 win 7813 (DF) > > 17:24:47.180298 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: . ack 508 > > win 8026 (DF) [tos 0xb4] > > > > 46 packets received by filter > > 0 packets dropped by kernel > > > > > > first : why my client ask for 192.168.3.191 ? this computer & IP doesn't > > exist !!! > > > > in the tcpdump whet does means the last number ? > > 17:24:43.764065 192.168.0.100.netbios-dgm > 192.168.3.191.netbios-dgm: udp > > 177 > > > > ^^^ > > > > Why i have this error : 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: > > net 192.168.0.255 unreachable [tos 0xc0] ? > > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > JPaul > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From gdunn at inscriber.com Tue Oct 3 13:25:16 2000 From: gdunn at inscriber.com (Graham Dunn) Date: Tue, 3 Oct 2000 14:25:16 -0400 Subject: [pptp-server] neibourhood network problem ... In-Reply-To: <012e01c02d65$08672c60$330a0a0a@6014cwpza006>; from aalang@rutgersinsurance.com on Tue, Oct 03, 2000 at 02:09:11PM -0400 References: <012e01c02d65$08672c60$330a0a0a@6014cwpza006> Message-ID: <20001003142516.H11039@inscriber.com> On Tue, Oct 03, 2000 at 02:09:11PM -0400, Adam Lang wrote: > Netbeui, netbios.. tomato.. tomatoe... The point is that those packets are > non routable so there is no way to poll the master browser if it resides on > the side of the network past the VPN server. Just a quick moment of clarification. NetBeui is a networking protocol, like TCP/IP or SPX/IPX, but not routable, whereas the other two are (well, one of SPX/IPX isn't but I forget which). NetBIOS is an API to access file and print resources, and is independent of the networking protocol it is carried across. Thus, when someone refers to a "NetBIOS broadcast", they are most likely referring to a TCP packet carrying a NetBIOS packet, directed to the broadcast IP on your LAN segment. It is also true that these packets will not be passed between subnets by routers. Therefore, if you wish to configure browsing between subnets, you must point your client to a WINS server on the other subnet, as that is the _only_ way your client will be able to gather information about what print and file services are offered on the other subnet. > > Unless he does what you recommended (which depends on how complicated his > network is...) he isn't going to browse the network neighborhood. > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company -- gdunn at inscriber.com Graham Dunn || ||| | ||| |||| | |||| | -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 293 bytes Desc: not available URL: From chavant at geosys.fr Tue Oct 3 13:32:56 2000 From: chavant at geosys.fr (Jean-Paul Chavant) Date: Tue, 3 Oct 2000 20:32:56 +0200 Subject: [pptp-server] neibourhood network problem ... In-Reply-To: Message-ID: <000a01c02d68$59d42d20$7c03a8c0@pcjpc.geosys.fr> Hello, apparently my WINS SAMBA server doesn't refresh often enough ... I have to be a little bit patient and it works :) But if you know how to tunne the SAMBA WINS server to refresh often ... ? thank you. But now I m looking for 128 bit patch for Win98 ... (the Win95 128 bit patch for win98 doesn't work ...) JPaul | -----Original Message----- | From: pptp-server-admin at lists.schulte.org | [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Steve Cody | Sent: mardi 3 octobre 2000 19:23 | To: PPTP List (E-mail) | Subject: RE: [pptp-server] neibourhood network problem ... | | | The Network Neighborhood is a list of the systems that the | Master Browser | knows about. It does not rely on Netbeui to work, but | Netbios. The entries | in the tcp dump were Netbios broadcasts. If your client | computer cannot | communicate with the Master Browser, or thinks it is the | Master Browser, | then it will not have a list of computers, or may take awhile | to build a | list (if the broadcasts work). | | The best way for you to be able to browse the Network | Neighborhood would be | to use a WINS server. The other method is to set up lmhosts | files on each | client (or just the remote pptp client(s)). The Network Neighborhood | doens't need to be crucial to your network access. You said | that you could | access the computers by doing a \\computername at the RUN | menu. One other | thing, if you try to access a computer that way and receive | an error, it may | be because it can't resolve the IP address from the Netbios | name of the | computer. In those cases, you can type \\ipaddressofserver | at the RUN menu | and access the resources that way. When viewing the | resources of another | computer using this method, you can map network drives to | their resources to | make the connections easier in the future, and you can also | drag the shared | folder to your desktop to create a shortcut to it. | | The browsing problem you are having is a Windows issue, not a | pptp issue. | If you need any more help, let me know and I'll send you some | Microsoft | Qxxxxxx articles on it. | | I hope this was of some assistance to you. | | Steve Cody, MCSE | Information Systems Administrator | Gulbrandsen Manufacturing, Inc. | Office - 803.531.2413 x102 | Email - scody at gulbrandsen.com | | | -----Original Message----- | From: Adam Lang [mailto:aalang at rutgersinsurance.com] | Sent: Tuesday, October 03, 2000 12:41 PM | To: Pptp | Subject: Re: [pptp-server] neibourhood network problem ... | | | Network neighborhood uses netbuei, correct? Net beui is non | routing, so it | can't broadcast into that network to find the other shares. | | That would be my theory. | | Adam Lang | Systems Engineer | Rutgers Casualty Insurance Company | ----- Original Message ----- | From: "Jean-Paul Chavant" | To: "Pptp" | Sent: Tuesday, October 03, 2000 11:30 AM | Subject: [pptp-server] neibourhood network problem ... | | | > hello, | > | > My VPN connexion works very well. BUT, when i browse the | network from my | > client with the neibourhood network i see only me (the | client) (RQ : i see | > only one time all the computer in the window. after | deconnecting and re | > connecting i see nothing ...). When i execute | \\computer_name, a windows | is | > openned and i see shares (but the computer doesn't appears in the | > neibourhood network window ...). | > | > I ve made a tcpdump on the ppp interface of the connection. | here is the | > result : | > | > my client is 192.168.0.100 | > my server ppp is 192.168.0.1 | > my wins is 192.168.1.3 and 192.168.3.2 | > | > tcpdump: listening on ppp0 | > 17:24:41.715057 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:41.715107 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:41.733422 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:41.733466 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:42.227152 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:42.227198 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:42.240954 192.168.0.100.netbios-dgm > | 192.168.3.191.netbios-dgm: udp | > 177 | > 17:24:42.734865 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:42.734926 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:42.748635 192.168.0.100.netbios-dgm > | 192.168.3.191.netbios-dgm: udp | > 177 | > 17:24:43.242621 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:43.242680 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:43.256246 192.168.0.100.netbios-dgm > | 192.168.3.191.netbios-dgm: udp | > 177 | > 17:24:43.750179 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:43.750238 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:43.764065 192.168.0.100.netbios-dgm > | 192.168.3.191.netbios-dgm: udp | > 177 | > 17:24:44.257925 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 200 | > 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:44.271527 192.168.0.100.netbios-ns > | 192.168.3.2.netbios-ns: udp 50 | > 17:24:44.272127 192.168.3.2.netbios-ns > | 192.168.0.100.netbios-ns: udp 62 | > (DF) | > 17:24:44.286659 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: S | > 2250926:2250926(0) win 8192 0,nop,nop,sackOK> (DF) [tos 0xb4] | > 17:24:44.287819 192.168.1.106.netbios-ssn > 192.168.0.100.1063: S | > 34150685:34150685(0) ack 2250927 win 8532 (DF) | > 17:24:44.298899 192.168.0.100.1063 > | 192.168.1.106.netbios-ssn: . ack 1 | win | > 8532 (DF) [tos 0xb4] | > 17:24:44.311924 192.168.0.100.1063 > | 192.168.1.106.netbios-ssn: P 1:73(72) | > ack 1 win 8532 (DF) [tos 0xb4] | > 17:24:44.312348 192.168.1.106.netbios-ssn > | 192.168.0.100.1063: P 1:5(4) | ack | > 73 win 8460 (DF) | > 17:24:44.449233 192.168.0.100.1063 > | 192.168.1.106.netbios-ssn: . ack 5 | win | > 8528 (DF) [tos 0xb4] | > 17:24:45.012402 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 73:231(158) ack 5 win 8528 (DF) [tos 0xb4] | > 17:24:45.013063 192.168.1.106.netbios-ssn > | 192.168.0.100.1063: P 5:86(81) | > ack 231 win 8302 (DF) | > 17:24:45.027746 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 231:384(153) ack 86 win 8447 (DF) [tos 0xb4] | > 17:24:45.032217 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P | 86:142(56) | > ack 384 win 8149 (DF) | > 17:24:45.040314 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 384:483(99) ack 142 win 8391 (DF) [tos 0xb4] | > 17:24:45.040911 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P | > 142:252(110) ack 483 win 8050 (DF) | > 17:24:45.062483 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 483:582(99) ack 252 win 8281 (DF) [tos 0xb4] | > 17:24:45.063076 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P | > 252:358(106) ack 582 win 7951 (DF) | > 17:24:45.082843 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 582:681(99) ack 358 win 8175 (DF) [tos 0xb4] | > 17:24:45.083406 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P | > 358:468(110) ack 681 win 7852 (DF) | > 17:24:45.204080 192.168.0.100.1063 > | 192.168.1.106.netbios-ssn: . ack 468 | > win 8065 (DF) [tos 0xb4] | > 17:24:47.152517 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 681:720(39) ack 468 win 8065 (DF) [tos 0xb4] | > 17:24:47.152980 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P | > 468:507(39) ack 720 win 7813 (DF) | > 17:24:47.166714 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: F | 720:720(0) | > ack 507 win 8026 (DF) [tos 0xb4] | > 17:24:47.167059 192.168.1.106.netbios-ssn > 192.168.0.100.1063: F | 507:507(0) | > ack 721 win 7813 (DF) | > 17:24:47.180298 192.168.0.100.1063 > | 192.168.1.106.netbios-ssn: . ack 508 | > win 8026 (DF) [tos 0xb4] | > | > 46 packets received by filter | > 0 packets dropped by kernel | > | > | > first : why my client ask for 192.168.3.191 ? this computer | & IP doesn't | > exist !!! | > | > in the tcpdump whet does means the last number ? | > 17:24:43.764065 192.168.0.100.netbios-dgm > | 192.168.3.191.netbios-dgm: udp | > 177 | > | > ^^^ | > | > Why i have this error : 17:24:44.257982 192.168.0.1 > | 192.168.0.100: icmp: | > net 192.168.0.255 unreachable [tos 0xc0] ? | > | > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | > | > JPaul | > | > _______________________________________________ | > pptp-server maillist - pptp-server at lists.schulte.org | > http://lists.schulte.org/mailman/listinfo/pptp-server | > List services provided by www.schulteconsulting.com! | | _______________________________________________ | pptp-server maillist - pptp-server at lists.schulte.org | http://lists.schulte.org/mailman/listinfo/pptp-server | List services provided by www.schulteconsulting.com! | _______________________________________________ | pptp-server maillist - pptp-server at lists.schulte.org | http://lists.schulte.org/mailman/listinfo/pptp-server | List services provided by www.schulteconsulting.com! | From aalang at rutgersinsurance.com Tue Oct 3 13:43:48 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Tue, 3 Oct 2000 14:43:48 -0400 Subject: [pptp-server] neibourhood network problem ... References: <000201c02d67$e42b53a0$7c03a8c0@pcjpc.geosys.fr> Message-ID: <015101c02d6a$02f703e0$330a0a0a@6014cwpza006> True, but that is WINS. Setting up Samba as a wins server. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Jean-Paul Chavant" To: "Adam Lang" Sent: Tuesday, October 03, 2000 2:29 PM Subject: RE: [pptp-server] neibourhood network problem ... > Hello, > > with the wonderfull SAMBA you can route NetBios ... :) > Samba encasulate NetBios In IP packet ... and route them over networks ... > > JPaul > > | -----Original Message----- > | From: pptp-server-admin at lists.schulte.org > | [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Adam Lang > | Sent: mardi 3 octobre 2000 20:09 > | To: PPTP List (E-mail) > | Subject: Re: [pptp-server] neibourhood network problem ... > | > | > | Netbeui, netbios.. tomato.. tomatoe... The point is that > | those packets are > | non routable so there is no way to poll the master browser if > | it resides on > | the side of the network past the VPN server. > | > | Unless he does what you recommended (which depends on how > | complicated his > | network is...) he isn't going to browse the network neighborhood. > | > | Adam Lang > | Systems Engineer > | Rutgers Casualty Insurance Company > | ----- Original Message ----- > | From: "Steve Cody" > | To: "PPTP List (E-mail)" > | Sent: Tuesday, October 03, 2000 1:22 PM > | Subject: RE: [pptp-server] neibourhood network problem ... > | > | > | > The Network Neighborhood is a list of the systems that the > | Master Browser > | > knows about. It does not rely on Netbeui to work, but Netbios. The > | entries > | > in the tcp dump were Netbios broadcasts. If your client > | computer cannot > | > communicate with the Master Browser, or thinks it is the > | Master Browser, > | > then it will not have a list of computers, or may take > | awhile to build a > | > list (if the broadcasts work). > | > > | > The best way for you to be able to browse the Network > | Neighborhood would > | be > | > to use a WINS server. The other method is to set up > | lmhosts files on each > | > client (or just the remote pptp client(s)). The Network > | Neighborhood > | > doens't need to be crucial to your network access. You > | said that you > | could > | > access the computers by doing a \\computername at the RUN > | menu. One other > | > thing, if you try to access a computer that way and receive > | an error, it > | may > | > be because it can't resolve the IP address from the Netbios > | name of the > | > computer. In those cases, you can type \\ipaddressofserver > | at the RUN > | menu > | > and access the resources that way. When viewing the > | resources of another > | > computer using this method, you can map network drives to > | their resources > | to > | > make the connections easier in the future, and you can also drag the > | shared > | > folder to your desktop to create a shortcut to it. > | > > | > The browsing problem you are having is a Windows issue, not > | a pptp issue. > | > If you need any more help, let me know and I'll send you > | some Microsoft > | > Qxxxxxx articles on it. > | > > | > I hope this was of some assistance to you. > | > > | > Steve Cody, MCSE > | > Information Systems Administrator > | > Gulbrandsen Manufacturing, Inc. > | > Office - 803.531.2413 x102 > | > Email - scody at gulbrandsen.com > | > > | > > | > -----Original Message----- > | > From: Adam Lang [mailto:aalang at rutgersinsurance.com] > | > Sent: Tuesday, October 03, 2000 12:41 PM > | > To: Pptp > | > Subject: Re: [pptp-server] neibourhood network problem ... > | > > | > > | > Network neighborhood uses netbuei, correct? Net beui is > | non routing, so > | it > | > can't broadcast into that network to find the other shares. > | > > | > That would be my theory. > | > > | > Adam Lang > | > Systems Engineer > | > Rutgers Casualty Insurance Company > | > ----- Original Message ----- > | > From: "Jean-Paul Chavant" > | > To: "Pptp" > | > Sent: Tuesday, October 03, 2000 11:30 AM > | > Subject: [pptp-server] neibourhood network problem ... > | > > | > > | > > hello, > | > > > | > > My VPN connexion works very well. BUT, when i browse the > | network from my > | > > client with the neibourhood network i see only me (the > | client) (RQ : i > | see > | > > only one time all the computer in the window. after > | deconnecting and re > | > > connecting i see nothing ...). When i execute > | \\computer_name, a windows > | > is > | > > openned and i see shares (but the computer doesn't appears in the > | > > neibourhood network window ...). > | > > > | > > I ve made a tcpdump on the ppp interface of the > | connection. here is the > | > > result : > | > > > | > > my client is 192.168.0.100 > | > > my server ppp is 192.168.0.1 > | > > my wins is 192.168.1.3 and 192.168.3.2 > | > > > | > > tcpdump: listening on ppp0 > | > > 17:24:41.715057 192.168.0.100.netbios-dgm > > | 192.168.0.255.netbios-dgm: > | udp > | > > 177 > | > > 17:24:41.715107 192.168.0.1 > 192.168.0.100: icmp: net > | 192.168.0.255 > | > > unreachable [tos 0xc0] > | > > 17:24:41.733422 192.168.0.100.netbios-dgm > > | 192.168.0.255.netbios-dgm: > | udp > | > > 177 > | > > 17:24:41.733466 192.168.0.1 > 192.168.0.100: icmp: net > | 192.168.0.255 > | > > unreachable [tos 0xc0] > | > > 17:24:42.227152 192.168.0.100.netbios-dgm > > | 192.168.0.255.netbios-dgm: > | udp > | > > 177 > | > > 17:24:42.227198 192.168.0.1 > 192.168.0.100: icmp: net > | 192.168.0.255 > | > > unreachable [tos 0xc0] > | > > 17:24:42.240954 192.168.0.100.netbios-dgm > > | 192.168.3.191.netbios-dgm: > | udp > | > > 177 > | > > 17:24:42.734865 192.168.0.100.netbios-dgm > > | 192.168.0.255.netbios-dgm: > | udp > | > > 177 > | > > 17:24:42.734926 192.168.0.1 > 192.168.0.100: icmp: net > | 192.168.0.255 > | > > unreachable [tos 0xc0] > | > > 17:24:42.748635 192.168.0.100.netbios-dgm > > | 192.168.3.191.netbios-dgm: > | udp > | > > 177 > | > > 17:24:43.242621 192.168.0.100.netbios-dgm > > | 192.168.0.255.netbios-dgm: > | udp > | > > 177 > | > > 17:24:43.242680 192.168.0.1 > 192.168.0.100: icmp: net > | 192.168.0.255 > | > > unreachable [tos 0xc0] > | > > 17:24:43.256246 192.168.0.100.netbios-dgm > > | 192.168.3.191.netbios-dgm: > | udp > | > > 177 > | > > 17:24:43.750179 192.168.0.100.netbios-dgm > > | 192.168.0.255.netbios-dgm: > | udp > | > > 177 > | > > 17:24:43.750238 192.168.0.1 > 192.168.0.100: icmp: net > | 192.168.0.255 > | > > unreachable [tos 0xc0] > | > > 17:24:43.764065 192.168.0.100.netbios-dgm > > | 192.168.3.191.netbios-dgm: > | udp > | > > 177 > | > > 17:24:44.257925 192.168.0.100.netbios-dgm > > | 192.168.0.255.netbios-dgm: > | udp > | > > 200 > | > > 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: net > | 192.168.0.255 > | > > unreachable [tos 0xc0] > | > > 17:24:44.271527 192.168.0.100.netbios-ns > > | 192.168.3.2.netbios-ns: udp > | 50 > | > > 17:24:44.272127 192.168.3.2.netbios-ns > > | 192.168.0.100.netbios-ns: udp > | 62 > | > > (DF) > | > > 17:24:44.286659 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: S > | > > 2250926:2250926(0) win 8192 | 0,nop,nop,timestamp 0 > | > > 0,nop,nop,sackOK> (DF) [tos 0xb4] > | > > 17:24:44.287819 192.168.1.106.netbios-ssn > 192.168.0.100.1063: S > | > > 34150685:34150685(0) ack 2250927 win 8532 | 1460,nop,nop,sackOK> (DF) > | > > 17:24:44.298899 192.168.0.100.1063 > > | 192.168.1.106.netbios-ssn: . ack 1 > | > win > | > > 8532 (DF) [tos 0xb4] > | > > 17:24:44.311924 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > | 1:73(72) > | > > ack 1 win 8532 (DF) [tos 0xb4] > | > > 17:24:44.312348 192.168.1.106.netbios-ssn > > | 192.168.0.100.1063: P 1:5(4) > | > ack > | > > 73 win 8460 (DF) > | > > 17:24:44.449233 192.168.0.100.1063 > > | 192.168.1.106.netbios-ssn: . ack 5 > | > win > | > > 8528 (DF) [tos 0xb4] > | > > 17:24:45.012402 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > | > > 73:231(158) ack 5 win 8528 (DF) [tos 0xb4] > | > > 17:24:45.013063 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > | 5:86(81) > | > > ack 231 win 8302 (DF) > | > > 17:24:45.027746 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > | > > 231:384(153) ack 86 win 8447 (DF) [tos 0xb4] > | > > 17:24:45.032217 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > | > 86:142(56) > | > > ack 384 win 8149 (DF) > | > > 17:24:45.040314 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > | > > 384:483(99) ack 142 win 8391 (DF) [tos 0xb4] > | > > 17:24:45.040911 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > | > > 142:252(110) ack 483 win 8050 (DF) > | > > 17:24:45.062483 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > | > > 483:582(99) ack 252 win 8281 (DF) [tos 0xb4] > | > > 17:24:45.063076 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > | > > 252:358(106) ack 582 win 7951 (DF) > | > > 17:24:45.082843 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > | > > 582:681(99) ack 358 win 8175 (DF) [tos 0xb4] > | > > 17:24:45.083406 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > | > > 358:468(110) ack 681 win 7852 (DF) > | > > 17:24:45.204080 192.168.0.100.1063 > > | 192.168.1.106.netbios-ssn: . ack > | 468 > | > > win 8065 (DF) [tos 0xb4] > | > > 17:24:47.152517 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P > | > > 681:720(39) ack 468 win 8065 (DF) [tos 0xb4] > | > > 17:24:47.152980 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P > | > > 468:507(39) ack 720 win 7813 (DF) > | > > 17:24:47.166714 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: F > | > 720:720(0) > | > > ack 507 win 8026 (DF) [tos 0xb4] > | > > 17:24:47.167059 192.168.1.106.netbios-ssn > 192.168.0.100.1063: F > | > 507:507(0) > | > > ack 721 win 7813 (DF) > | > > 17:24:47.180298 192.168.0.100.1063 > > | 192.168.1.106.netbios-ssn: . ack > | 508 > | > > win 8026 (DF) [tos 0xb4] > | > > > | > > 46 packets received by filter > | > > 0 packets dropped by kernel > | > > > | > > > | > > first : why my client ask for 192.168.3.191 ? this > | computer & IP doesn't > | > > exist !!! > | > > > | > > in the tcpdump whet does means the last number ? > | > > 17:24:43.764065 192.168.0.100.netbios-dgm > > | 192.168.3.191.netbios-dgm: > | udp > | > > 177 > | > > > | > > ^^^ > | > > > | > > Why i have this error : 17:24:44.257982 192.168.0.1 > > | 192.168.0.100: > | icmp: > | > > net 192.168.0.255 unreachable [tos 0xc0] ? > | > > > | > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > | > > > | > > JPaul > | > > > | > > _______________________________________________ > | > > pptp-server maillist - pptp-server at lists.schulte.org > | > > http://lists.schulte.org/mailman/listinfo/pptp-server > | > > List services provided by www.schulteconsulting.com! > | > > | > _______________________________________________ > | > pptp-server maillist - pptp-server at lists.schulte.org > | > http://lists.schulte.org/mailman/listinfo/pptp-server > | > List services provided by www.schulteconsulting.com! > | > _______________________________________________ > | > pptp-server maillist - pptp-server at lists.schulte.org > | > http://lists.schulte.org/mailman/listinfo/pptp-server > | > List services provided by www.schulteconsulting.com! > | > | _______________________________________________ > | pptp-server maillist - pptp-server at lists.schulte.org > | http://lists.schulte.org/mailman/listinfo/pptp-server > | List services provided by www.schulteconsulting.com! > | From SCody at Gulbrandsen.com Tue Oct 3 13:43:04 2000 From: SCody at Gulbrandsen.com (Steve Cody) Date: Tue, 3 Oct 2000 14:43:04 -0400 Subject: [pptp-server] neibourhood network problem ... Message-ID: Do you have your client pc's configured to use the Samba server as their WINS server? Also, is the Samba server configured to be the Master Browser? If not, then a client PC might with the browser election and take over the list. Steve -----Original Message----- From: Jean-Paul Chavant [mailto:chavant at geosys.fr] Sent: Tuesday, October 03, 2000 2:33 PM To: Steve Cody Cc: Pptp Subject: RE: [pptp-server] neibourhood network problem ... Hello, apparently my WINS SAMBA server doesn't refresh often enough ... I have to be a little bit patient and it works :) But if you know how to tunne the SAMBA WINS server to refresh often ... ? thank you. But now I m looking for 128 bit patch for Win98 ... (the Win95 128 bit patch for win98 doesn't work ...) JPaul | -----Original Message----- | From: pptp-server-admin at lists.schulte.org | [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Steve Cody | Sent: mardi 3 octobre 2000 19:23 | To: PPTP List (E-mail) | Subject: RE: [pptp-server] neibourhood network problem ... | | | The Network Neighborhood is a list of the systems that the | Master Browser | knows about. It does not rely on Netbeui to work, but | Netbios. The entries | in the tcp dump were Netbios broadcasts. If your client | computer cannot | communicate with the Master Browser, or thinks it is the | Master Browser, | then it will not have a list of computers, or may take awhile | to build a | list (if the broadcasts work). | | The best way for you to be able to browse the Network | Neighborhood would be | to use a WINS server. The other method is to set up lmhosts | files on each | client (or just the remote pptp client(s)). The Network Neighborhood | doens't need to be crucial to your network access. You said | that you could | access the computers by doing a \\computername at the RUN | menu. One other | thing, if you try to access a computer that way and receive | an error, it may | be because it can't resolve the IP address from the Netbios | name of the | computer. In those cases, you can type \\ipaddressofserver | at the RUN menu | and access the resources that way. When viewing the | resources of another | computer using this method, you can map network drives to | their resources to | make the connections easier in the future, and you can also | drag the shared | folder to your desktop to create a shortcut to it. | | The browsing problem you are having is a Windows issue, not a | pptp issue. | If you need any more help, let me know and I'll send you some | Microsoft | Qxxxxxx articles on it. | | I hope this was of some assistance to you. | | Steve Cody, MCSE | Information Systems Administrator | Gulbrandsen Manufacturing, Inc. | Office - 803.531.2413 x102 | Email - scody at gulbrandsen.com | | | -----Original Message----- | From: Adam Lang [mailto:aalang at rutgersinsurance.com] | Sent: Tuesday, October 03, 2000 12:41 PM | To: Pptp | Subject: Re: [pptp-server] neibourhood network problem ... | | | Network neighborhood uses netbuei, correct? Net beui is non | routing, so it | can't broadcast into that network to find the other shares. | | That would be my theory. | | Adam Lang | Systems Engineer | Rutgers Casualty Insurance Company | ----- Original Message ----- | From: "Jean-Paul Chavant" | To: "Pptp" | Sent: Tuesday, October 03, 2000 11:30 AM | Subject: [pptp-server] neibourhood network problem ... | | | > hello, | > | > My VPN connexion works very well. BUT, when i browse the | network from my | > client with the neibourhood network i see only me (the | client) (RQ : i see | > only one time all the computer in the window. after | deconnecting and re | > connecting i see nothing ...). When i execute | \\computer_name, a windows | is | > openned and i see shares (but the computer doesn't appears in the | > neibourhood network window ...). | > | > I ve made a tcpdump on the ppp interface of the connection. | here is the | > result : | > | > my client is 192.168.0.100 | > my server ppp is 192.168.0.1 | > my wins is 192.168.1.3 and 192.168.3.2 | > | > tcpdump: listening on ppp0 | > 17:24:41.715057 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:41.715107 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:41.733422 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:41.733466 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:42.227152 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:42.227198 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:42.240954 192.168.0.100.netbios-dgm > | 192.168.3.191.netbios-dgm: udp | > 177 | > 17:24:42.734865 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:42.734926 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:42.748635 192.168.0.100.netbios-dgm > | 192.168.3.191.netbios-dgm: udp | > 177 | > 17:24:43.242621 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:43.242680 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:43.256246 192.168.0.100.netbios-dgm > | 192.168.3.191.netbios-dgm: udp | > 177 | > 17:24:43.750179 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 177 | > 17:24:43.750238 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:43.764065 192.168.0.100.netbios-dgm > | 192.168.3.191.netbios-dgm: udp | > 177 | > 17:24:44.257925 192.168.0.100.netbios-dgm > | 192.168.0.255.netbios-dgm: udp | > 200 | > 17:24:44.257982 192.168.0.1 > 192.168.0.100: icmp: net 192.168.0.255 | > unreachable [tos 0xc0] | > 17:24:44.271527 192.168.0.100.netbios-ns > | 192.168.3.2.netbios-ns: udp 50 | > 17:24:44.272127 192.168.3.2.netbios-ns > | 192.168.0.100.netbios-ns: udp 62 | > (DF) | > 17:24:44.286659 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: S | > 2250926:2250926(0) win 8192 0,nop,nop,sackOK> (DF) [tos 0xb4] | > 17:24:44.287819 192.168.1.106.netbios-ssn > 192.168.0.100.1063: S | > 34150685:34150685(0) ack 2250927 win 8532 (DF) | > 17:24:44.298899 192.168.0.100.1063 > | 192.168.1.106.netbios-ssn: . ack 1 | win | > 8532 (DF) [tos 0xb4] | > 17:24:44.311924 192.168.0.100.1063 > | 192.168.1.106.netbios-ssn: P 1:73(72) | > ack 1 win 8532 (DF) [tos 0xb4] | > 17:24:44.312348 192.168.1.106.netbios-ssn > | 192.168.0.100.1063: P 1:5(4) | ack | > 73 win 8460 (DF) | > 17:24:44.449233 192.168.0.100.1063 > | 192.168.1.106.netbios-ssn: . ack 5 | win | > 8528 (DF) [tos 0xb4] | > 17:24:45.012402 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 73:231(158) ack 5 win 8528 (DF) [tos 0xb4] | > 17:24:45.013063 192.168.1.106.netbios-ssn > | 192.168.0.100.1063: P 5:86(81) | > ack 231 win 8302 (DF) | > 17:24:45.027746 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 231:384(153) ack 86 win 8447 (DF) [tos 0xb4] | > 17:24:45.032217 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P | 86:142(56) | > ack 384 win 8149 (DF) | > 17:24:45.040314 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 384:483(99) ack 142 win 8391 (DF) [tos 0xb4] | > 17:24:45.040911 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P | > 142:252(110) ack 483 win 8050 (DF) | > 17:24:45.062483 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 483:582(99) ack 252 win 8281 (DF) [tos 0xb4] | > 17:24:45.063076 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P | > 252:358(106) ack 582 win 7951 (DF) | > 17:24:45.082843 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 582:681(99) ack 358 win 8175 (DF) [tos 0xb4] | > 17:24:45.083406 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P | > 358:468(110) ack 681 win 7852 (DF) | > 17:24:45.204080 192.168.0.100.1063 > | 192.168.1.106.netbios-ssn: . ack 468 | > win 8065 (DF) [tos 0xb4] | > 17:24:47.152517 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: P | > 681:720(39) ack 468 win 8065 (DF) [tos 0xb4] | > 17:24:47.152980 192.168.1.106.netbios-ssn > 192.168.0.100.1063: P | > 468:507(39) ack 720 win 7813 (DF) | > 17:24:47.166714 192.168.0.100.1063 > 192.168.1.106.netbios-ssn: F | 720:720(0) | > ack 507 win 8026 (DF) [tos 0xb4] | > 17:24:47.167059 192.168.1.106.netbios-ssn > 192.168.0.100.1063: F | 507:507(0) | > ack 721 win 7813 (DF) | > 17:24:47.180298 192.168.0.100.1063 > | 192.168.1.106.netbios-ssn: . ack 508 | > win 8026 (DF) [tos 0xb4] | > | > 46 packets received by filter | > 0 packets dropped by kernel | > | > | > first : why my client ask for 192.168.3.191 ? this computer | & IP doesn't | > exist !!! | > | > in the tcpdump whet does means the last number ? | > 17:24:43.764065 192.168.0.100.netbios-dgm > | 192.168.3.191.netbios-dgm: udp | > 177 | > | > ^^^ | > | > Why i have this error : 17:24:44.257982 192.168.0.1 > | 192.168.0.100: icmp: | > net 192.168.0.255 unreachable [tos 0xc0] ? | > | > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | > | > JPaul | > | > _______________________________________________ | > pptp-server maillist - pptp-server at lists.schulte.org | > http://lists.schulte.org/mailman/listinfo/pptp-server | > List services provided by www.schulteconsulting.com! | | _______________________________________________ | pptp-server maillist - pptp-server at lists.schulte.org | http://lists.schulte.org/mailman/listinfo/pptp-server | List services provided by www.schulteconsulting.com! | _______________________________________________ | pptp-server maillist - pptp-server at lists.schulte.org | http://lists.schulte.org/mailman/listinfo/pptp-server | List services provided by www.schulteconsulting.com! | From natecars at real-time.com Tue Oct 3 13:56:55 2000 From: natecars at real-time.com (Nate Carlson) Date: Tue, 3 Oct 2000 13:56:55 -0500 (CDT) Subject: [pptp-server] neibourhood network problem ... In-Reply-To: <012e01c02d65$08672c60$330a0a0a@6014cwpza006> Message-ID: On Tue, 3 Oct 2000, Adam Lang wrote: > Netbeui, netbios.. tomato.. tomatoe... The point is that those packets are > non routable so there is no way to poll the master browser if it resides on > the side of the network past the VPN server. > > Unless he does what you recommended (which depends on how complicated his > network is...) he isn't going to browse the network neighborhood. WINS will let it work. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From aalang at rutgersinsurance.com Tue Oct 3 14:05:12 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Tue, 3 Oct 2000 15:05:12 -0400 Subject: [pptp-server] neibourhood network problem ... References: Message-ID: <016f01c02d6c$dbfa3660$330a0a0a@6014cwpza006> Which is what the guy before said. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Nate Carlson" To: "Adam Lang" Cc: "PPTP List (E-mail)" Sent: Tuesday, October 03, 2000 2:56 PM Subject: Re: [pptp-server] neibourhood network problem ... > On Tue, 3 Oct 2000, Adam Lang wrote: > > Netbeui, netbios.. tomato.. tomatoe... The point is that those packets are > > non routable so there is no way to poll the master browser if it resides on > > the side of the network past the VPN server. > > > > Unless he does what you recommended (which depends on how complicated his > > network is...) he isn't going to browse the network neighborhood. > > WINS will let it work. > > -- > Nate Carlson | Phone : (952)943-8700 > http://www.real-time.com | Fax : (952)943-8500 > From danielk at ap.com Tue Oct 3 14:26:24 2000 From: danielk at ap.com (Daniel) Date: Tue, 03 Oct 2000 12:26:24 -0700 Subject: [pptp-server] neibourhood network problem ... References: Message-ID: <39DA32E0.FF1A4954@ap.com> Whoa! I hope people are not forgetting the old workgroup issue. That is, if the clients on the remote side of the PPTP connection are Win9x machines they will need to have their workgroup set to be one of the workgroup names in use on your network. Note, that this is only necessary for Network Neighborhood style browsing to work, direct UNC naming should work fine. Also, you can setup your /etc/ppp/options so that the clients are passed these parameters automatically using: ms-wins XXX.XXX.XXX.XXX ms-dns XXX.XXX.XXX.XXX In short make sure your network has a WINS server and a domain master browser. BTW: This does not have to run on the PPTP server, or even be a Samba server. An MS-PDC works just fine. Next either pass the parameter for the above using /etc/ppp/options or set it manually on each client. Finally, on Win9x machines, set the workgroup of the machine to be one already in use on your network. Good luck, Dan From aalang at rutgersinsurance.com Tue Oct 3 14:41:09 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Tue, 3 Oct 2000 15:41:09 -0400 Subject: [pptp-server] neibourhood network problem ... References: <39DA32E0.FF1A4954@ap.com> Message-ID: <019f01c02d71$e1a33da0$330a0a0a@6014cwpza006> I say we go back to soup cans and twine. Life was so much easier then. :) Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Daniel" To: "PPTP List (E-mail)" Sent: Tuesday, October 03, 2000 3:26 PM Subject: Re: [pptp-server] neibourhood network problem ... > Whoa! I hope people are not forgetting the old workgroup issue. That > is, if the clients on the remote side of the PPTP connection are Win9x > machines they will need to have their workgroup set to be one of the > workgroup names in use on your network. Note, that this is only > necessary for Network Neighborhood style browsing to work, direct UNC > naming should work fine. Also, you can setup your /etc/ppp/options so > that the clients are passed these parameters automatically using: > > ms-wins XXX.XXX.XXX.XXX > ms-dns XXX.XXX.XXX.XXX > > In short make sure your network has a WINS server and a domain master > browser. BTW: This does not have to run on the PPTP server, or even be > a Samba server. An MS-PDC works just fine. Next either pass the > parameter for the above using /etc/ppp/options or set it manually on > each client. Finally, on Win9x machines, set the workgroup of the > machine to be one already in use on your network. > > Good luck, > Dan > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From tdn at stack.ru Wed Oct 4 03:13:00 2000 From: tdn at stack.ru (Dmitry Tolpanov) Date: Wed, 4 Oct 2000 15:13:00 +0700 Subject: [pptp-server] Auth files. Message-ID: <79109192560.20001004151300@cons.tsk.ru> Hi. Trying to set up authentification during PPTP connection (without this everinthing is OK) and recieving the following message: Oct 4 20:53:22 test-bsd pppd[16062]: couldn't find any suitable secret (password) for it to use to do so. It seems to me that PPPD doesn't see any secrets file, isn't it. Thanks. Dmitry. From gustave.ruffenach at swapcom.fr Wed Oct 4 02:18:03 2000 From: gustave.ruffenach at swapcom.fr (Gustave Ruffenach) Date: Wed, 4 Oct 2000 09:18:03 +0200 Subject: [pptp-server] BSD 4.1 and encryption Message-ID: <9A8FFB41436D734C95ED522664AC09180CE5@exchange2000.intranet.swapcom.fr> Hi.. I'm trying to enable MS CHAP and MS CHAP-V2 encryption on a BSD server 4.1 in order to secure a vpn cpnnexion (using poptop) Does someone know how it works and what must I do ? Thanks. Gus. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan at silveregg.co.jp Wed Oct 4 06:35:23 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Wed, 04 Oct 2000 20:35:23 +0900 Subject: [pptp-server] pptp with samba Message-ID: <4.2.0.58.J.20001004202527.00af3dd0@papaya.silveregg.co.jp> Hi, I have FINALLY got pptp through Linux firewall. But I am not able to browse anything in NETWORK NEIGHBORHOOD. 192.168.0.10 --> my internal WINS server (which is also a NT PDC) "ms-wins 192.168.0.10" is set in file /etc/ppp/options on pptpd server. Should I be able to ping WINS server from vpn client? I can't. But I can ping the VPN client IP (which not the real IP but the one created by ppp connection, for VPN client) from WINS server though. Or I need to make a Samba WINS server in order to do this? Any help is appreciated. Alan From pptp at alpha.szczepanek.de Wed Oct 4 06:57:18 2000 From: pptp at alpha.szczepanek.de (pptp at alpha.szczepanek.de) Date: Wed, 4 Oct 2000 13:57:18 +0200 (CEST) Subject: [pptp-server] Crash PPTP Message-ID: Hi! I am trying to use pptp server 1.0.0 under Suse Linux 7.0 using Kernel 2.2.16 with SMP support for a big network (student hostels bonn). Today we ran some tests and the pptpd stopped. This is what I got from the kernel log: --- snip Oct 4 12:29:25 tbc kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000070 Oct 4 12:29:25 tbc kernel: current->tss.cr3 = 2259f000, %%cr3 = 2259f000 Oct 4 12:29:25 tbc kernel: *pde = 00000000 Oct 4 12:29:25 tbc kernel: Oops: 0002 Oct 4 12:29:25 tbc kernel: CPU: 0 Oct 4 12:29:25 tbc kernel: EIP: 0010:[] Oct 4 12:29:25 tbc kernel: EFLAGS: 00010286 Oct 4 12:29:25 tbc kernel: eax: deca0400 ebx: 00000035 ecx: 00000015 edx: 00000000 Oct 4 12:29:25 tbc kernel: esi: deca0448 edi: deca06a9 ebp: ffff1548 esp: d2d65e1c Oct 4 12:29:25 tbc kernel: ds: 0018 es: 0018 ss: 0018 Oct 4 12:29:25 tbc kernel: Process pptpctrl (pid: 1544, process nr: 19, stackpage=d2d65000) Oct 4 12:29:25 tbc kernel: Stack: d55ad000 00000000 deca0400 000000fa deca0448 deca0448 00000000 d129c000 Oct 4 12:29:25 tbc kernel: deca072e 00000599 c3a0a8c0 00000000 de755780 e829cfa7 deca0400 00000000 Oct 4 12:29:25 tbc kernel: deca0634 000000fa deca0400 d55ad000 00000000 0804dac0 c01122a2 d2d65ecc Oct 4 12:29:25 tbc kernel: Call Trace: [] [kill_something_info+46/280] [] [read_super_block+234/592] [amiga_partition+316/740] [kmem_cache_grow+523/948] [loop_set_fd+440/556] Oct 4 12:29:25 tbc kernel: [ide_stall_queue+27/36] [xdr_encode_netobj+4/80] [sys_swapon+1146/1776] [machine_real_restart+24/184] [startup_32+43/169] Oct 4 12:29:25 tbc kernel: Code: f0 ff 4a 70 0f 94 c0 84 c0 74 0c 83 c4 f4 52 e8 75 2c ee d7 --- snap Is this a problem of pptpd 1.0.0? Should I use a development version? Is this a known bug?!? From aalang at rutgersinsurance.com Wed Oct 4 07:45:42 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Wed, 4 Oct 2000 08:45:42 -0400 Subject: [pptp-server] Auth files. References: <79109192560.20001004151300@cons.tsk.ru> Message-ID: <001201c02e01$021bdf80$330a0a0a@6014cwpza006> Did you add anything to the ppp/chap-secrets file? Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Dmitry Tolpanov" To: Sent: Wednesday, October 04, 2000 4:13 AM Subject: [pptp-server] Auth files. > Hi. > > Trying to set up authentification during PPTP connection (without this > everinthing is OK) and recieving the following message: > > Oct 4 20:53:22 test-bsd pppd[16062]: couldn't find any suitable secret (password) for it to use to do so. > > It seems to me that PPPD doesn't see any secrets file, isn't it. > Thanks. > > Dmitry. > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Wed Oct 4 07:47:46 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Wed, 4 Oct 2000 08:47:46 -0400 Subject: [pptp-server] pptp with samba References: <4.2.0.58.J.20001004202527.00af3dd0@papaya.silveregg.co.jp> Message-ID: <001a01c02e01$4baabea0$330a0a0a@6014cwpza006> The Wins server can ping the VPN client, but the VPN client can't ping the wins server? Wins samba and Wins NT are essentially the same thing. I wouldn't think you would have to use SAMBA specifically. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Alan Chung" To: Sent: Wednesday, October 04, 2000 7:35 AM Subject: [pptp-server] pptp with samba > Hi, > > I have FINALLY got pptp through Linux firewall. But I am not able to > browse anything in NETWORK NEIGHBORHOOD. > > 192.168.0.10 --> my internal WINS server (which is also a NT PDC) > > "ms-wins 192.168.0.10" is set in file /etc/ppp/options on pptpd > server. Should I be able to ping WINS server from vpn client? I > can't. But I can ping the VPN client IP (which not the real IP but the one > created by ppp connection, for VPN client) from WINS server though. Or I > need to make a Samba WINS server in order to do this? > > Any help is appreciated. > > Alan > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From natecars at real-time.com Wed Oct 4 14:11:29 2000 From: natecars at real-time.com (Nate Carlson) Date: Wed, 4 Oct 2000 14:11:29 -0500 (CDT) Subject: [pptp-server] Auth files. In-Reply-To: <79109192560.20001004151300@cons.tsk.ru> Message-ID: On Wed, 4 Oct 2000, Dmitry Tolpanov wrote: > Trying to set up authentification during PPTP connection (without this > everinthing is OK) and recieving the following message: > > Oct 4 20:53:22 test-bsd pppd[16062]: couldn't find any suitable secret (password) for it to use to do so. > > It seems to me that PPPD doesn't see any secrets file, isn't it. > Thanks. > > Dmitry. Is this on the client end or the server end? If it's on the server end, it means you probably didn't specify the proper username (or domain,etc).. should tell you what it's looking for a line above this message. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From natecars at real-time.com Wed Oct 4 14:12:09 2000 From: natecars at real-time.com (Nate Carlson) Date: Wed, 4 Oct 2000 14:12:09 -0500 (CDT) Subject: [pptp-server] pptp with samba In-Reply-To: <4.2.0.58.J.20001004202527.00af3dd0@papaya.silveregg.co.jp> Message-ID: On Wed, 4 Oct 2000, Alan Chung wrote: > Hi, > > I have FINALLY got pptp through Linux firewall. But I am not able to > browse anything in NETWORK NEIGHBORHOOD. > > 192.168.0.10 --> my internal WINS server (which is also a NT PDC) > > "ms-wins 192.168.0.10" is set in file /etc/ppp/options on pptpd > server. Should I be able to ping WINS server from vpn client? I > can't. But I can ping the VPN client IP (which not the real IP but the one > created by ppp connection, for VPN client) from WINS server though. Or I > need to make a Samba WINS server in order to do this? > > Any help is appreciated. Sounds like your firewall rules are messed up. Pretty much, if you can ping it from a box sitting on the network, you should be able to ping it from a remote client. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From natecars at real-time.com Wed Oct 4 14:13:05 2000 From: natecars at real-time.com (Nate Carlson) Date: Wed, 4 Oct 2000 14:13:05 -0500 (CDT) Subject: [pptp-server] Crash PPTP In-Reply-To: Message-ID: On Wed, 4 Oct 2000 pptp at alpha.szczepanek.de wrote: > I am trying to use pptp server 1.0.0 under Suse Linux 7.0 using Kernel > 2.2.16 with SMP support for a big network (student hostels bonn). > > Today we ran some tests and the pptpd stopped. This is what I got from the > kernel log: There used to be problems with SMP and poptop. I believe they are fixed in newer version of poptop and/or the kernel.. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From dosachoff at hotmail.com Wed Oct 4 16:43:04 2000 From: dosachoff at hotmail.com (Derek Osachoff) Date: Wed, 04 Oct 2000 14:43:04 PDT Subject: [pptp-server] Can't find Compress-18 mod Message-ID: I have the pptpd setup on a Red Hat 6.2, 2.2.14 kernel ppp-2.3.11 pptpd-1.1.2 SSLeay-0.9.0b ppp-2.3.10-openssl-norc4-mppe.patch (changes by R Blauvelt) I keep having the reoccuring error in my syslog about the Compress-18 not being found. I do have it in the conf.modules file. I tried to run 'insmod ppp_mppe' but it can not find the module. I have found the .c file in the /usr/src/linux-2.2.14/drivers/net directory. How can I ensure that it is loading/installed? Any feedback would be nice. Derek _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From dosachoff at hotmail.com Wed Oct 4 18:09:00 2000 From: dosachoff at hotmail.com (Derek Osachoff) Date: Wed, 04 Oct 2000 16:09:00 PDT Subject: [pptp-server] Can't find Compress-18 mod Message-ID: hmm.. You would think I would have done that. What I just tried: [cd /usr/src/linux] [make modules SUBDIRS=drivers/net] *works [make modules_install] *no responce just back to prompt And I am still getting those errors when I am connecting. [ modprobe: modprobe: Can't locate module ppp-compress-18 [ last message repeated 8 times Any other ideas? Thanks, Derek >you may need to run the command >#make install_modules > >'note the underscore > >----- Original Message ----- >From: "Derek Osachoff" >To: >Sent: Wednesday, October 04, 2000 5:43 PM >Subject: [pptp-server] Can't find Compress-18 mod > > > > I have the pptpd setup on a > > > > Red Hat 6.2, 2.2.14 kernel > > ppp-2.3.11 > > pptpd-1.1.2 > > SSLeay-0.9.0b > > ppp-2.3.10-openssl-norc4-mppe.patch (changes by R Blauvelt) > > > > I keep having the reoccuring error in my syslog about the Compress-18 >not > > being found. I do have it in the conf.modules file. I tried to run > > 'insmod ppp_mppe' but it can not find the module. I have found the .c >file > > in the /usr/src/linux-2.2.14/drivers/net directory. > > > > How can I ensure that it is loading/installed? > > > > Any feedback would be nice. > > > > Derek > > >_________________________________________________________________________ > > Get Your Private, Free E-mail from MSN Hotmail at >http://www.hotmail.com. > > > > Share information about yourself, create your own public profile at > > http://profiles.msn.com. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From bruce.morrison at sausage.com Wed Oct 4 20:44:30 2000 From: bruce.morrison at sausage.com (Bruce Morrison) Date: Thu, 05 Oct 2000 12:44:30 +1100 Subject: [pptp-server] Link fails after increased data flow Message-ID: <39DBDCFE.65EE996@sausage.com> I'm connecting a linux box to an NT system with out any problems. I can transfer data between the networks. But when the amount of data increases the link stops responding. I'm seeing the following mppe_decompress0: bad seq # 48, expected 47 ppp0: decomp err -1 ppp0: not decomp, rc_state=c24a2000 flags=f4130cb ppp0: not decomp, rc_state=c24a2000 flags=f4130cb ppp0: not decomp, rc_state=c24a2000 flags=f4130cb and also pppd[1180]: rcvd [Compressed data] 91 4f f5 d0 c4 a3 83 86 ... pppd[1180]: rcvd [Compressed data] 91 52 05 01 d1 3c ad 7c ... pppd[1180]: rcvd [Compressed data] 91 53 c6 00 6a ef c1 7b ... pppd[1180]: rcvd [Compressed data] 91 54 fc a0 a5 de 2f e4 ... pppd[1180]: rcvd [Compressed data] 91 55 49 f8 0f fd fd a3 .. The pptp control channel is still up (I can see the PPTP-ECHO request and replys). I can also see GRE packets pasing between the two systems but pinging the remote end results in failure. It seems that pppd has received some bad data and is in a bad state. Anyone have any pointers ? (Is it that the hardware is just not up to it ?) The software in use is SSLeay-0.6.6b ppp-2.3.8 (with ppp-2.3.8-mppe-others-norc4_TH7.diff) pptp-linux-1.0.2 kernel 2.2.17 The hardware is CPU P133 MEM 48Mb /etc/ppp/options is lock noauth debug nodefaultroute name XXXX\\XXXXX remotename XXXXX mppe-40 mppe-128 mppe-stateless -- Bruce Morrison Senior Systems Administrator Sausage Software, Limited From eli at rocketvox.com Wed Oct 4 20:46:01 2000 From: eli at rocketvox.com (Elijah Smith) Date: Wed, 4 Oct 2000 18:46:01 -0700 Subject: [pptp-server] pptp client, Win2k server - problems! Message-ID: <139B0D28CB05EC4B8F3D42C248A681030AF226@voxs1.intra.rocketvox.com> Hi, everyone - I'm trying to connect to my Windows 2000 router at work with my firewall/router Linux box at home. I'm almost there - so close I can smell it - but I can't figure out this problem. I've read back through the archives of this list, as well, but haven't seen any answers to this problem... my client is: RedHat Linux 6.2 pppd 2.3.8 with all patches installed pptp 1.0.2 and the server's Win2k. I can connect with a Win98 client, no problem. But when I try to connect using pptp, I get: ...Connect: ppp0 <--> /dev/ttya0 ...Sent [LCP ConfReq id=0x1 \ ...last message repeated 9 times ...LCP: timeout sending Config-Requests ...with no other interesting messages occuring. Win2k just doesn't seem to be responding. However, in the Win2k log file, I get a warning: "The user connected to port VPN3-4 has been disconnected because the authentication process did not complete within the required amount of time." So, I'm pretty stumped. Has anyone else out there seen this happen, or have any insight? Thanks in advance!! Eli Smith -------------- next part -------------- An HTML attachment was scrubbed... URL: From phil at vibrationresearch.com Wed Oct 4 21:08:51 2000 From: phil at vibrationresearch.com (Phil Van Baren) Date: Wed, 4 Oct 2000 22:08:51 -0400 Subject: [pptp-server] Re: Link fails after increased data flow Message-ID: <000001c02e71$34a84900$56108318@bud.mw.mediaone.net> Bruce, This is a bug in the ppp_mppe.c module. Apply the patch: http://www.vibrationresearch.com/pptpd/ppp_mppe_compressed_data_fix.diff to your /usr/src/linux/drivers/net/ppp_mppe.c file, rebuild and reinstall the ppp_mppe module. Phil > I'm connecting a linux box to an NT system with out any problems. I can > transfer data between the networks. But when the amount of data > increases the link stops responding. > > I'm seeing the following > > mppe_decompress0: bad seq # 48, expected 47 > ppp0: decomp err -1 > ppp0: not decomp, rc_state=c24a2000 flags=f4130cb > ppp0: not decomp, rc_state=c24a2000 flags=f4130cb > ppp0: not decomp, rc_state=c24a2000 flags=f4130cb > > and also > pppd[1180]: rcvd [Compressed data] 91 4f f5 d0 c4 a3 83 86 ... > pppd[1180]: rcvd [Compressed data] 91 52 05 01 d1 3c ad 7c ... > pppd[1180]: rcvd [Compressed data] 91 53 c6 00 6a ef c1 7b ... > pppd[1180]: rcvd [Compressed data] 91 54 fc a0 a5 de 2f e4 ... > pppd[1180]: rcvd [Compressed data] 91 55 49 f8 0f fd fd a3 .. From alan at silveregg.co.jp Wed Oct 4 22:27:19 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Thu, 05 Oct 2000 12:27:19 +0900 Subject: [pptp-server] HELP with browsing problem again Message-ID: <4.2.0.58.J.20001005121107.00b0c140@papaya.silveregg.co.jp> Hi, HELP!!! I have a linux firewall and a internal pptp server staying behind it. While I finally got the pptp traffic through firewall, I had another problem with browsing. Even when I made the ppp connection, it looks fine and got connected (I can see the connection "ppp0"with "ifconfig" command, and see the remote IP of VPN client on pptpd server). But from VPN client I can't ping the interface of pptp server, and of course can't ping any computer in remote network or browse anything either. Basically I am wondering if I was really successfully making a ppp connection or it was just a failure. Here is my /etc/ppp/options lock debug name lemon auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp ms-wins 192.168.0.12 --> which is my WINS server (also a NT PDC) Does anyone have the same problem? Alan Chung From dragan.sekerovic at datasystems.at Thu Oct 5 00:19:41 2000 From: dragan.sekerovic at datasystems.at (Sekerovic Dragan) Date: Thu, 5 Oct 2000 07:19:41 +0200 Subject: AW: [pptp-server] Can't find Compress-18 mod Message-ID: <6821E794E1FBD1118D430000F87AE2D602BCBAC8@sntw06.local.datasystems.at> hi derek! all you have to do is, to add the following line in your /etc/conf.modules alias ppp-compress-18 ppp_mppe regards, dragan -----Urspr?ngliche Nachricht----- Von: Derek Osachoff [mailto:dosachoff at hotmail.com] Gesendet: Donnerstag, 05. Oktober 2000 01:09 An: pptp-server at lists.schulte.org Betreff: Re: [pptp-server] Can't find Compress-18 mod hmm.. You would think I would have done that. What I just tried: [cd /usr/src/linux] [make modules SUBDIRS=drivers/net] *works [make modules_install] *no responce just back to prompt And I am still getting those errors when I am connecting. [ modprobe: modprobe: Can't locate module ppp-compress-18 [ last message repeated 8 times Any other ideas? Thanks, Derek >you may need to run the command >#make install_modules > >'note the underscore > >----- Original Message ----- >From: "Derek Osachoff" >To: >Sent: Wednesday, October 04, 2000 5:43 PM >Subject: [pptp-server] Can't find Compress-18 mod > > > > I have the pptpd setup on a > > > > Red Hat 6.2, 2.2.14 kernel > > ppp-2.3.11 > > pptpd-1.1.2 > > SSLeay-0.9.0b > > ppp-2.3.10-openssl-norc4-mppe.patch (changes by R Blauvelt) > > > > I keep having the reoccuring error in my syslog about the Compress-18 >not > > being found. I do have it in the conf.modules file. I tried to run > > 'insmod ppp_mppe' but it can not find the module. I have found the c >file > > in the /usr/src/linux-2.2.14/drivers/net directory. > > > > How can I ensure that it is loading/installed? > > > > Any feedback would be nice. > > > > Derek > > >_________________________________________________________________________ > > Get Your Private, Free E-mail from MSN Hotmail at >http://www.hotmail.com. > > > > Share information about yourself, create your own public profile at > > http://profiles.msn.com. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From david at flowinteractive.se Thu Oct 5 08:23:36 2000 From: david at flowinteractive.se (=?iso-8859-1?Q?David_R=F6hr?=) Date: Thu, 5 Oct 2000 15:23:36 +0200 (CEST) Subject: [pptp-server] CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Message-ID: Hmm, I'v never had problems with my pptp-server before, but now a friend of a local comapany wanted to try to connect, and the server couldn't help him. hmm.. Here's a clip from my /var/log/messages Oct 4 16:18:31 localhost pptpd[5931]: CTRL: Client 212.209.76.65 control connection started Oct 4 16:18:31 localhost pptpd[5931]: CTRL: Starting call (launching pppd, opening GRE) Oct 4 16:18:31 localhost pppd[5932]: pppd 2.3.10 started by root, uid 0 Oct 4 16:18:31 localhost pppd[5932]: Using interface ppp0 Oct 4 16:18:31 localhost pppd[5932]: Connect: ppp0 <--> /dev/pts/0 Oct 4 16:19:01 localhost pppd[5932]: LCP: timeout sending Config-Requests Oct 4 16:19:01 localhost pppd[5932]: Connection terminated. Oct 4 16:19:01 localhost pppd[5932]: Exit. Oct 4 16:19:01 localhost pptpd[5931]: GRE: read(fd=5,buffer=804d7e0,len=8196) from PTY failed: status = -1 error = Input/output error Oct 4 16:19:01 localhost pptpd[5931]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Oct 4 16:19:01 localhost pptpd[5931]: CTRL: Client 212.209.76.65 control connection finished Anyone know where the problem lays? /d -- OO david r?hr OO unix systems administrator O http://www.flowinteractive.se tel. +46 8 587 19 100 :: fax. +46 8 587 19 139 Don't praddle me, boy, or I'll quang you proper! From jvonau at home.com Thu Oct 5 08:39:57 2000 From: jvonau at home.com (Jerry Vonau) Date: Thu, 05 Oct 2000 08:39:57 -0500 Subject: [pptp-server] HELP with browsing problem again References: <4.2.0.58.J.20001005121107.00b0c140@papaya.silveregg.co.jp> Message-ID: <39DC84AC.B33237C7@home.com> Do you have ipchain rules for the PPP interface? ie: /sbin/ipchains -A input -j ACCEPT -i ppp+ -b -s 0/0 -d 0/0 /sbin/ipchains -A output -j ACCEPT -i ppp+ -b -s 0/0 -d 0/0 /sbin/ipchains -A forward -j ACCEPT -i $ppp+ -s $INTLAN -d $INTLAN Jerry Alan Chung wrote: > Hi, > > HELP!!! > > I have a linux firewall and a internal pptp server staying behind > it. While I finally got the pptp traffic through firewall, I had another > problem with browsing. Even when I made the ppp connection, it looks fine > and got connected (I can see the connection "ppp0"with "ifconfig" command, > and see the remote IP of VPN client on pptpd server). But from VPN client > I can't ping the interface of pptp server, and of course can't ping any > computer in remote network or browse anything either. Basically I am > wondering if I was really successfully making a ppp connection or it was > just a failure. Here is my /etc/ppp/options > > lock > debug > name lemon > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > proxyarp > ms-wins 192.168.0.12 --> which is my WINS server (also a NT PDC) > > Does anyone have the same problem? > > Alan Chung > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Thu Oct 5 08:49:07 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Thu, 5 Oct 2000 09:49:07 -0400 Subject: [pptp-server] pptp client, Win2k server - problems! References: <139B0D28CB05EC4B8F3D42C248A681030AF226@voxs1.intra.rocketvox.com> Message-ID: <002001c02ed3$0863a8a0$330a0a0a@6014cwpza006> This doesn't solve your immediate problem, but if I recall correctly, Win2k supports IPSEC, so a more secure and efficient implentation may be to use Freeswan for your Linux VPN and form a VPN that way. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Elijah Smith" To: Sent: Wednesday, October 04, 2000 9:46 PM Subject: [pptp-server] pptp client, Win2k server - problems! > > Hi, everyone - I'm trying to connect to my Windows 2000 router at work with > my firewall/router Linux box at home. I'm almost there - so close I can > smell it - but I can't figure out this problem. I've read back through the > archives of this list, as well, but haven't seen any answers to this > problem... > > my client is: > > RedHat Linux 6.2 > pppd 2.3.8 with all patches installed > pptp 1.0.2 > > and the server's Win2k. I can connect with a Win98 client, no problem. But > when I try to connect using pptp, I get: > > ...Connect: ppp0 <--> /dev/ttya0 > ...Sent [LCP ConfReq id=0x1 > \ > ...last message repeated 9 times > ...LCP: timeout sending Config-Requests > > ...with no other interesting messages occuring. Win2k just doesn't seem to > be responding. However, in the Win2k log file, I get a warning: > > "The user connected to port VPN3-4 has been disconnected because the > authentication process did not complete within the required amount of time." > > > So, I'm pretty stumped. Has anyone else out there seen this happen, or have > any insight? > > Thanks in advance!! > > > Eli Smith > > From aalang at rutgersinsurance.com Thu Oct 5 08:52:13 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Thu, 5 Oct 2000 09:52:13 -0400 Subject: [pptp-server] Patchs Message-ID: <003201c02ed3$76bf4e80$330a0a0a@6014cwpza006> I've noticed a LARGE amounts of patches that have been recommended for different problems. Does anyone have a complete list of all files that will be needed to use the most current PopTop version? (With ms-chaps, etc.) Adam Lang Systems Engineer Rutgers Casualty Insurance Company From jvonau at home.com Thu Oct 5 09:11:52 2000 From: jvonau at home.com (Jerry Vonau) Date: Thu, 05 Oct 2000 09:11:52 -0500 Subject: [pptp-server] pptp client, Win2k server - problems! References: <139B0D28CB05EC4B8F3D42C248A681030AF226@voxs1.intra.rocketvox.com> Message-ID: <39DC8C28.4C08ADE1@home.com> check your ppp options file if this is a client , change AUTH to NOAUTH Jerry Elijah Smith wrote: > > > Hi, everyone - I'm trying to connect to my Windows 2000 router at work > with my firewall/router Linux box at home. I'm almost there - so > close I can smell it - but I can't figure out this problem. I've read > back through the archives of this list, as well, but haven't seen any > answers to this problem... > > my client is: > > RedHat Linux 6.2 > pppd 2.3.8 with all patches installed > pptp 1.0.2 > > and the server's Win2k. I can connect with a Win98 client, no > problem. But when I try to connect using pptp, I get: > > ...Connect: ppp0 <--> /dev/ttya0 > ...Sent [LCP ConfReq id=0x1 0xe6251907> \ > ...last message repeated 9 times > ...LCP: timeout sending Config-Requests > > ...with no other interesting messages occuring. Win2k just doesn't > seem to be responding. However, in the Win2k log file, I get a > warning: > > "The user connected to port VPN3-4 has been disconnected because the > authentication process did not complete within the required amount of > time." > > So, I'm pretty stumped. Has anyone else out there seen this happen, > or have any insight? > > Thanks in advance!! > > Eli Smith From kevin.smith at econception.com Thu Oct 5 09:47:41 2000 From: kevin.smith at econception.com (Kevin Smith) Date: Thu, 5 Oct 2000 09:47:41 -0500 Subject: [pptp-server] redhat 7.0 Message-ID: <00100509493301.01121@kevin-smith.econception.int> Anyone have a basic run-down of what needs to be done to get the pptp server (with encryption) setup, using a redhat 7.0 system. The current Red Hat faq is based on 6.0, and I was wondering if any of those steps are not needed now, with the updated packages that make up the 7.0 installation. A quickstart guide using a 7.0 system would be greatly appreciated. -- Kevin Smith From aalang at rutgersinsurance.com Thu Oct 5 10:13:09 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Thu, 5 Oct 2000 11:13:09 -0400 Subject: [pptp-server] redhat 7.0 References: <00100509493301.01121@kevin-smith.econception.int> Message-ID: <002901c02ede$c59704c0$330a0a0a@6014cwpza006> I'll be giving it a go pretty soon. I successfully setup a 6.2 implentation that talks to the internal network. I'll be wiping it off and upgrading to 7.0 and putting pptp back on (only thing the server is running). That is why I asked the list for a complete list of the files and patches needed for the current release of poptop. Once I get that, I'll begin work.. I'll post any issues, notes, or steps I have involving it. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Kevin Smith" To: Sent: Thursday, October 05, 2000 10:47 AM Subject: [pptp-server] redhat 7.0 > > Anyone have a basic run-down of what needs to be done > to get the pptp server (with encryption) setup, using a redhat > 7.0 system. The current Red Hat faq is based on 6.0, and I > was wondering if any of those steps are not needed now, with > the updated packages that make up the 7.0 installation. A > quickstart guide using a 7.0 system would be greatly > appreciated. > > -- > Kevin Smith > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From dosachoff at hotmail.com Thu Oct 5 10:51:47 2000 From: dosachoff at hotmail.com (Derek Osachoff) Date: Thu, 05 Oct 2000 08:51:47 PDT Subject: AW: [pptp-server] Can't find Compress-18 mod Message-ID: I have my conf.modules file setup like that. And I still have the same compress-18 problem. How can I make sure that the module is loaded/present?? Derek > >hi derek! > >all you have to do is, to add the following line in your /etc/conf.modules > >alias ppp-compress-18 ppp_mppe > >regards, > >dragan > >-----Urspr?ngliche Nachricht----- >Von: Derek Osachoff [mailto:dosachoff at hotmail.com] >Gesendet: Donnerstag, 05. Oktober 2000 01:09 >An: pptp-server at lists.schulte.org >Betreff: Re: [pptp-server] Can't find Compress-18 mod > > >hmm.. You would think I would have done that. > >What I just tried: > >[cd /usr/src/linux] > >[make modules SUBDIRS=drivers/net] *works > >[make modules_install] *no responce just back to prompt > >And I am still getting those errors when I am connecting. > >[ modprobe: modprobe: Can't locate module ppp-compress-18 >[ last message repeated 8 times > >Any other ideas? > >Thanks, >Derek > > >you may need to run the command > >#make install_modules > > > >'note the underscore > > > >----- Original Message ----- > >From: "Derek Osachoff" > >To: > >Sent: Wednesday, October 04, 2000 5:43 PM > >Subject: [pptp-server] Can't find Compress-18 mod > > > > > > > I have the pptpd setup on a > > > > > > Red Hat 6.2, 2.2.14 kernel > > > ppp-2.3.11 > > > pptpd-1.1.2 > > > SSLeay-0.9.0b > > > ppp-2.3.10-openssl-norc4-mppe.patch (changes by R Blauvelt) > > > > > > I keep having the reoccuring error in my syslog about the Compress-18 > >not > > > being found. I do have it in the conf.modules file. I tried to run > > > 'insmod ppp_mppe' but it can not find the module. I have found the c > >file > > > in the /usr/src/linux-2.2.14/drivers/net directory. > > > > > > How can I ensure that it is loading/installed? > > > > > > Any feedback would be nice. > > > > > > Derek > > > > >_________________________________________________________________________ > > > Get Your Private, Free E-mail from MSN Hotmail at > >http://www.hotmail.com. > > > > > > Share information about yourself, create your own public profile at > > > http://profiles.msn.com. > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > >_________________________________________________________________________ >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > >Share information about yourself, create your own public profile at >http://profiles.msn.com. > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From swood at collectrite.com Thu Oct 5 10:58:37 2000 From: swood at collectrite.com (Steve Wood) Date: Thu, 5 Oct 2000 09:58:37 -0600 Subject: [pptp-server] 128 bit encryption fails Message-ID: Hi all, Something weird started happening to my pptp server yesterday and I have no idea what caused it. I have been running my pptpd server for 50 days with no problems whatsoever but suddenly yesterday my win98/2000 clients stopped connecting to my server with a (571 encryption not supported) error. If I do not have the 128 bit upgrade on my win box then I can connect fine with 40 bit encryption but if it is installed i have to disable all encryption to connect. I haven't made any changes and I checked all my modules and they are all loaded. Has anybody else seen this strange behavior before? Here is a typical win2000/98se session trying to connect with 128bit encryption. I'm not sure what the error with select() is but maybe this is my problem? --------------------------------BEGIN-------------------------------------- Oct 4 22:13:46 spock pptpd[2818]: MGR: Reaped child 2870 Oct 4 23:24:29 spock pptpd[2958]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Oct 4 23:24:29 spock pptpd[2958]: CTRL: local address = 198.186.150.101 Oct 4 23:24:29 spock pptpd[2958]: CTRL: remote address = 198.186.150.112 Oct 4 23:24:29 spock pptpd[2958]: CTRL: Client 209.136.33.71 control connection started Oct 4 23:24:29 spock pptpd[2958]: CTRL: Received PPTP Control Message (type: 1) Oct 4 23:24:29 spock pptpd[2958]: CTRL: Made a START CTRL CONN RPLY packet Oct 4 23:24:29 spock pptpd[2958]: CTRL: I wrote 156 bytes to the client. Oct 4 23:24:29 spock pptpd[2958]: CTRL: Sent packet to client Oct 4 23:24:29 spock pptpd[2958]: CTRL: Received PPTP Control Message (type: 7) Oct 4 23:24:29 spock pptpd[2958]: CTRL: Set parameters to 1525 maxbps, 64 window size Oct 4 23:24:29 spock pptpd[2958]: CTRL: Made a OUT CALL RPLY packet Oct 4 23:24:29 spock pptpd[2958]: CTRL: Starting call (launching pppd, opening GRE) Oct 4 23:24:29 spock pptpd[2958]: CTRL: pty_fd = 4 Oct 4 23:24:29 spock pptpd[2958]: CTRL: tty_fd = 5 Oct 4 23:24:29 spock pptpd[2958]: CTRL: I wrote 32 bytes to the client. Oct 4 23:24:29 spock pptpd[2959]: CTRL (PPPD Launcher): Connection speed = 115200 Oct 4 23:24:29 spock pptpd[2959]: CTRL (PPPD Launcher): local address = 198.186.150.101 Oct 4 23:24:29 spock pptpd[2959]: CTRL (PPPD Launcher): remote address = 198.186.150.112 Oct 4 23:24:29 spock pptpd[2958]: CTRL: Sent packet to client Oct 4 23:24:29 spock pptpd[2958]: CTRL: Received PPTP Control Message (type: 15) Oct 4 23:24:30 spock pptpd[2958]: CTRL: Got a SET LINK INFO packet with standard ACCMs Oct 4 23:24:30 spock pptpd[2958]: GRE: Discarding duplicate packet Oct 4 23:24:31 spock pptpd[2958]: CTRL: Received PPTP Control Message (type: 15) Oct 4 23:24:31 spock pptpd[2958]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Oct 4 23:24:32 spock pptpd[2958]: CTRL: Received PPTP Control Message (type: 15) Oct 4 23:24:32 spock pptpd[2958]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Oct 4 23:24:32 spock pptpd[2958]: CTRL: Received PPTP Control Message (type: 12) Oct 4 23:24:32 spock pptpd[2958]: CTRL: Made a CALL DISCONNECT RPLY packet Oct 4 23:24:32 spock pptpd[2958]: CTRL: Received CALL CLR request (closing call) Oct 4 23:24:32 spock pptpd[2958]: CTRL: I wrote 148 bytes to the client. Oct 4 23:24:32 spock pptpd[2958]: CTRL: Sent packet to client Oct 4 23:24:32 spock pptpd[2958]: CTRL: Error with select(), quitting Oct 4 23:24:32 spock pptpd[2958]: CTRL: Client 209.136.33.71 control connection finished Oct 4 23:24:32 spock pptpd[2958]: CTRL: Exiting now ---------------------------------END--------------------------------------- here are the corresponding entries in my messages file: --------------------------------BEGIN-------------------------------------- Oct 4 23:24:29 spock pptpd[2958]: CTRL: Client 209.136.33.71 control connection started Oct 4 23:24:29 spock pptpd[2958]: CTRL: Client 209.136.33.71 control connection started Oct 4 23:24:29 spock pptpd[2958]: CTRL: Starting call (launching pppd, opening GRE) Oct 4 23:24:29 spock pptpd[2958]: CTRL: Starting call (launching pppd, opening GRE) Oct 4 23:24:29 spock kernel: CSLIP: code copyright 1989 Regents of the University of California Oct 4 23:24:29 spock kernel: CSLIP: code copyright 1989 Regents of the University of California Oct 4 23:24:30 spock kernel: PPP: version 2.3.7 (demand dialling) Oct 4 23:24:30 spock kernel: PPP: version 2.3.7 (demand dialling) Oct 4 23:24:30 spock kernel: PPP line discipline registered. Oct 4 23:24:30 spock kernel: PPP line discipline registered. Oct 4 23:24:30 spock kernel: registered device ppp0 Oct 4 23:24:30 spock kernel: registered device ppp0 Oct 4 23:24:30 spock pppd[2959]: pppd 2.3.11 started by root, uid 0 Oct 4 23:24:30 spock pppd[2959]: pppd 2.3.11 started by root, uid 0 Oct 4 23:24:30 spock pppd[2959]: Using interface ppp0 Oct 4 23:24:30 spock pppd[2959]: Using interface ppp0 Oct 4 23:24:30 spock pppd[2959]: Connect: ppp0 <--> /dev/pts/0 Oct 4 23:24:30 spock pppd[2959]: Connect: ppp0 <--> /dev/pts/0 Oct 4 23:24:30 spock pptpd[2958]: GRE: Discarding duplicate packet Oct 4 23:24:30 spock pptpd[2958]: GRE: Discarding duplicate packet Oct 4 23:24:31 spock pptpd[2958]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Oct 4 23:24:31 spock pptpd[2958]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Oct 4 23:24:31 spock kernel: PPP BSD Compression module registered Oct 4 23:24:31 spock kernel: PPP BSD Compression module registered Oct 4 23:24:32 spock kernel: PPP MPPE compression module registered Oct 4 23:24:32 spock kernel: PPP MPPE compression module registered Oct 4 23:24:32 spock kernel: PPP Deflate Compression module registered Oct 4 23:24:32 spock kernel: PPP Deflate Compression module registered Oct 4 23:24:32 spock pppd[2959]: MSCHAP-v2 peer authentication succeeded for Steve Wood Oct 4 23:24:32 spock pppd[2959]: MSCHAP-v2 peer authentication succeeded for Steve Wood Oct 4 23:24:32 spock pptpd[2958]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Oct 4 23:24:32 spock pptpd[2958]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Oct 4 23:24:32 spock pppd[2959]: LCP terminated by peer (^VM-^@,M-2^@ I've been testing out the pptpd server for a while and its been working fine without encryption. My setup is as follows: Slackware 7.0 Kernel 2.3.3 ppp-2.3.10 ppp-2.3.10-openssl-norc4-mppe.patch openssl-0.9.5a 1) After patching and compiling, encountered an unresolved symbol RC4_set_key. Hence was unable to insert the ppp_mppe module. 2) I then decided to run pptpd and try to connect without encryption, since I can't insert the module. That's when I started having problems. a)Although no config changes had been made to /etc/pptpd.conf and /etc/ppp/options, I'm no longer able to connect with my Win98SE VPN client. b) I'm no longer able to telnet or ssh to my linux pptpd server as well ?? Has any one else encountered problem 2b ? who could shed some light as to what went wrong? Rgds, Kok-Hong Wong From aalang at rutgersinsurance.com Thu Oct 5 13:44:00 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Thu, 5 Oct 2000 14:44:00 -0400 Subject: [pptp-server] Website Message-ID: <00a601c02efc$3a3286c0$330a0a0a@6014cwpza006> Which is the official website? I was always going to Moretonbay and wondering where everyone was getting all the other versions. I see potop.lineo.com has newer versions. Which is an official site? Adam Lang Systems Engineer Rutgers Casualty Insurance Company From nathan at chicagonet.net Thu Oct 5 13:57:30 2000 From: nathan at chicagonet.net (Nathan A. Jensen) Date: Thu, 05 Oct 2000 14:57:30 -0400 Subject: [pptp-server] linux client to NT server Message-ID: <39DCCF19.62C400E3@chicagonet.net> Hello, I am trying to connect a linux pptp client at home to an NT-server at work. I have read all the archives, and I still cannot make it work. If anyone has an idea of what I may be doing wrong, I would appreciate the help. I am running RH with kenel 2.2.14. I am using pppd version 2.3.11-4, and pptp 1.0.2 when I try to connect to the server, it acts like it does connect, and there are no errors in the log. However, when I run ifconfig to see if there is a new interface, there is only localhost and ppp0(my isp). When I connect, it does create ppp1, but it is not active. It shows up if I run ifconfig -a. I have tried to bring this interface up, and it does not work. It claims that the device is not configured. I am losing my mind trying to figure out what may be wrong. If anyone may be able to help me out, I would be forever indebted Thanks, Nate Nathan at chicagonet.net From kennya at carlislefsp.com Thu Oct 5 14:46:03 2000 From: kennya at carlislefsp.com (Kenny Austin) Date: Thu, 5 Oct 2000 14:46:03 -0500 Subject: [pptp-server] Patchs In-Reply-To: <003201c02ed3$76bf4e80$330a0a0a@6014cwpza006> Message-ID: <000401c02f04$e5c7dff0$5f020a0a@carlislefsp.com> If someone would start placing these on the downloads section of the website, it would help a lot. or, if that doesn't happen and there is actually a demand for it, i could start an "unoffical" page with these on it.. and the offical website is no longer on moreton bay i, i believe it is being moved to potop.lineo.com Kenny Austin kennya at carlislefsp.com -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Adam Lang Sent: Thursday, October 05, 2000 8:52 AM To: Pptp Subject: [pptp-server] Patchs I've noticed a LARGE amounts of patches that have been recommended for different problems. Does anyone have a complete list of all files that will be needed to use the most current PopTop version? (With ms-chaps, etc.) Adam Lang Systems Engineer Rutgers Casualty Insurance Company _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From gstammw at gmx.net Thu Oct 5 15:39:20 2000 From: gstammw at gmx.net (Gunther Stammwitz) Date: Thu, 5 Oct 2000 22:39:20 +0200 Subject: [pptp-server] WEBPAGE: mirror References: <00a601c02efc$3a3286c0$330a0a0a@6014cwpza006> Message-ID: <008201c02f0c$56c77880$6401a8c0@windows> I'm running the german mirror www.poptop.de. At the moment I'm still copying the moretonbay-website - shall I change the mirror to poptop.lineo.com ??? what do you think, matthew ??? bye, Gunther From aalang at rutgersinsurance.com Thu Oct 5 15:57:25 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Thu, 5 Oct 2000 16:57:25 -0400 Subject: [pptp-server] WEBPAGE: mirror References: <00a601c02efc$3a3286c0$330a0a0a@6014cwpza006> <008201c02f0c$56c77880$6401a8c0@windows> Message-ID: <011601c02f0e$dd742d40$330a0a0a@6014cwpza006> Well, the moretonbay website is out of date. poptop.lineo.com seems to be more current. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Gunther Stammwitz" To: Sent: Thursday, October 05, 2000 4:39 PM Subject: [pptp-server] WEBPAGE: mirror > I'm running the german mirror www.poptop.de. At the moment I'm still copying > the moretonbay-website - shall I change the mirror to poptop.lineo.com ??? > > what do you think, matthew ??? > > bye, > Gunther > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From matthewr at moreton.com.au Thu Oct 5 16:27:42 2000 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu, 5 Oct 2000 15:27:42 -0600 Subject: [pptp-server] Website References: <00a601c02efc$3a3286c0$330a0a0a@6014cwpza006> Message-ID: <023a01c02f13$1e8b3ea0$0300a8c0@lineo> poptop.lineo.com is the new OFFICIAL website.. i'll be re-wiring the old moretonbay.com website one day soon. seeya! -matt ----- Original Message ----- From: Adam Lang To: Pptp Sent: Thursday, October 05, 2000 12:44 PM Subject: [pptp-server] Website > Which is the official website? I was always going to Moretonbay and > wondering where everyone was getting all the other versions. I see > potop.lineo.com has newer versions. > > Which is an official site? > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From matthewr at moreton.com.au Thu Oct 5 16:29:48 2000 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Thu, 5 Oct 2000 15:29:48 -0600 Subject: [pptp-server] Patchs References: <000401c02f04$e5c7dff0$5f020a0a@carlislefsp.com> Message-ID: <024801c02f13$660bb020$0300a8c0@lineo> Anyone who has a patch for PoPToP please email to me at: matthewr at lineo.com and I will put them on the new downloads page on the official site... patches may include scripts to help monitor PoPToP... patches for PPP... patches to make it run with BSD etc... anything you think relevant. Cheers, Matt ----- Original Message ----- From: Kenny Austin To: 'Adam Lang' ; Sent: Thursday, October 05, 2000 1:46 PM Subject: RE: [pptp-server] Patchs > If someone would start placing these on the downloads section > of the website, it would help a lot. or, if that doesn't happen > and there is actually a demand for it, i could start an "unoffical" > page with these on it.. > and the offical website is no longer on moreton bay i, i believe it > is being moved to potop.lineo.com > > Kenny Austin > kennya at carlislefsp.com > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Adam Lang > Sent: Thursday, October 05, 2000 8:52 AM > To: Pptp > Subject: [pptp-server] Patchs > > > I've noticed a LARGE amounts of patches that have been recommended for > different problems. > > Does anyone have a complete list of all files that will be needed to use the > most current PopTop version? (With ms-chaps, etc.) > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From eli at rocketvox.com Thu Oct 5 17:30:55 2000 From: eli at rocketvox.com (Elijah Smith) Date: Thu, 5 Oct 2000 15:30:55 -0700 Subject: [pptp-server] pptp client, Win2k server - problems! Message-ID: <139B0D28CB05EC4B8F3D42C248A681030AF22E@voxs1.intra.rocketvox.com> To recap - I'm getting a "LCP: timeout sending Config-Requests" error when trying to connect with a pptp client to a win2k server. there were several suggestions to change "AUTH" to "NOAUTH" in the ppp options file. So I did this. Let me ask everyone, though - as a client, should I include: +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless or are those not useful as a client? Anyway, I'm still getting the same timeout problem, but now the request being sent looks like this: ...sent [LCP ConfReq id=0x1 ] ...last message repeated 9 times ...LCP: timeout sending Config-Requests So, the bit is gone, but it's still dying. Thanks to everyone that responded, I really appreciate it! Any other suggestions? Thanks! eli -----Original Message----- From: Jerry Vonau Sent: Thursday, October 05, 2000 7:12 AM To: Elijah Smith Cc: 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] pptp client, Win2k server - problems! check your ppp options file if this is a client , change AUTH to NOAUTH Jerry Elijah Smith wrote: > > > Hi, everyone - I'm trying to connect to my Windows 2000 router at work > with my firewall/router Linux box at home. I'm almost there - so > close I can smell it - but I can't figure out this problem. I've read > back through the archives of this list, as well, but haven't seen any > answers to this problem... > > my client is: > > RedHat Linux 6.2 > pppd 2.3.8 with all patches installed > pptp 1.0.2 > > and the server's Win2k. I can connect with a Win98 client, no > problem. But when I try to connect using pptp, I get: > > ...Connect: ppp0 <--> /dev/ttya0 > ...Sent [LCP ConfReq id=0x1 0xe6251907> \ > ...last message repeated 9 times > ...LCP: timeout sending Config-Requests > > ...with no other interesting messages occuring. Win2k just doesn't > seem to be responding. However, in the Win2k log file, I get a > warning: > > "The user connected to port VPN3-4 has been disconnected because the > authentication process did not complete within the required amount of > time." > > So, I'm pretty stumped. Has anyone else out there seen this happen, > or have any insight? > > Thanks in advance!! > > Eli Smith -------------- next part -------------- An HTML attachment was scrubbed... URL: From bsteph at home.com Thu Oct 5 18:23:19 2000 From: bsteph at home.com (Bill Stephens) Date: Thu, 5 Oct 2000 18:23:19 -0500 Subject: [pptp-server] pptp with samba In-Reply-To: Message-ID: Firewall rules seem to be a big obstacle here. Has anyone published a good firewall rule set? Or at least a complete set of rules required for samba, ping masq, etc for the pptp connection? -Bill Stephens -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Nate Carlson Sent: Wednesday, October 04, 2000 2:12 PM To: Alan Chung Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] pptp with samba On Wed, 4 Oct 2000, Alan Chung wrote: > Hi, > > I have FINALLY got pptp through Linux firewall. But I am not able to > browse anything in NETWORK NEIGHBORHOOD. > > 192.168.0.10 --> my internal WINS server (which is also a NT PDC) > > "ms-wins 192.168.0.10" is set in file /etc/ppp/options on pptpd > server. Should I be able to ping WINS server from vpn client? I > can't. But I can ping the VPN client IP (which not the real IP but the one > created by ppp connection, for VPN client) from WINS server though. Or I > need to make a Samba WINS server in order to do this? > > Any help is appreciated. Sounds like your firewall rules are messed up. Pretty much, if you can ping it from a box sitting on the network, you should be able to ping it from a remote client. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From Steve.Cowles at infohiiway.com Thu Oct 5 18:29:30 2000 From: Steve.Cowles at infohiiway.com (Cowles, Steve) Date: Thu, 5 Oct 2000 18:29:30 -0500 Subject: [pptp-server] Patchs Message-ID: <90769AF04F76D41186C700A0C90AFC3EE54C@defiant.infohiiway.com> I don't know if anyone has created a MPPE patch for ppp-2.3.11. So if this has already been done, then you can ignore the rest of this e-mail. If not, I thought I would contribute my efforts. I created this MPPE ppp-2.3.11 patch file based on the ppp-2.3.10-openssl-norc4-mppe.patch file referenced on moretonbay. Wow... what a pain in the.... I had to manually apply the "failed hunks" to lcp.c and then generate a new diff. Gezz! Anyway, if you would like to try this 2.3.11 patch on your system, send me an e-mail and I will forward it to you. (I don't want to flood this list with a 50k attachment) I will also forward this to Matthew so that it can be included on the PopTop WEB site if everyone reports "success" in using this patch. Hope this helps Steve Cowles From teastep at evergo.net Thu Oct 5 18:45:00 2000 From: teastep at evergo.net (Tom Eastep) Date: Thu, 5 Oct 2000 16:45:00 -0700 (PDT) Subject: [pptp-server] pptp client, Win2k server - problems! In-Reply-To: <139B0D28CB05EC4B8F3D42C248A681030AF22E@voxs1.intra.rocketvox.com> Message-ID: Eli, Thus spoke Elijah Smith: > > To recap - I'm getting a "LCP: timeout sending Config-Requests" error when > trying to connect with a pptp client to a win2k server. > > there were several suggestions to change "AUTH" to "NOAUTH" in the ppp > options file. So I did this. Let me ask everyone, though - as a client, > should I include: > > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > or are those not useful as a client? > > Anyway, I'm still getting the same timeout problem, but now the request > being sent looks like this: > > ..sent [LCP ConfReq id=0x1 > ] > ...last message repeated 9 times > ...LCP: timeout sending Config-Requests > > So, the bit is gone, but it's still dying. > > > Thanks to everyone that responded, I really appreciate it! Any other > suggestions? > I have a patch for pptp-linux 1.0.2 that corrects problems with these symptoms at: ftp://seawall.sourceforge.net/pub/Seawall/patches/callid.patch -Tom -- Tom Eastep \ Eastep's First Principle of Computing: ICQ #60745924 \ "Any sane computer will tell you how it teastep at evergo.net \ works if you ask it the proper questions" Shoreline, Washington USA \___________________________________________ From jvonau at home.com Thu Oct 5 18:51:49 2000 From: jvonau at home.com (Jerry Vonau) Date: Thu, 05 Oct 2000 18:51:49 -0500 Subject: [pptp-server] pptp client, Win2k server - problems! References: <139B0D28CB05EC4B8F3D42C248A681030AF22E@voxs1.intra.rocketvox.com> Message-ID: <39DD1414.BF28E1AE@home.com> Hi All: This is my ppp options: lock noauth debug user USER >required for password PASSWORD >MS chap and above (sorry Adam, I was right) noauth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless start the clint form the command line: /usr/sbin/pptp SERVERIP lock noauth debug user USERNAME +chapms-v2 mppe-128 mppe-stateless noauth Replace the UPPERCASE with your info. Jerry Vonau Network Administrator Winnipeg Motor Express\ Ram Messenger Elijah Smith wrote: > > > To recap - I'm getting a "LCP: timeout sending Config-Requests" error > when trying to connect with a pptp client to a win2k server. > > there were several suggestions to change "AUTH" to "NOAUTH" in the ppp > options file. So I did this. Let me ask everyone, though - as a > client, should I include: > > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > or are those not useful as a client? > > Anyway, I'm still getting the same timeout problem, but now the > request being sent looks like this: > > ...sent [LCP ConfReq id=0x1 > ] > ...last message repeated 9 times > ...LCP: timeout sending Config-Requests > > So, the bit is gone, but it's still dying. > > Thanks to everyone that responded, I really appreciate it! Any other > suggestions? > > Thanks! > > eli > > -----Original Message----- > From: Jerry Vonau > Sent: Thursday, October 05, 2000 7:12 AM > To: Elijah Smith > Cc: 'pptp-server at lists.schulte.org' > Subject: Re: [pptp-server] pptp client, Win2k server - problems! > > check your ppp options file if this is a client , change AUTH to > NOAUTH > > Jerry > > Elijah Smith wrote: > > > > > > > Hi, everyone - I'm trying to connect to my Windows 2000 router at > work > > with my firewall/router Linux box at home. I'm almost there - so > > close I can smell it - but I can't figure out this problem. I've > read > > back through the archives of this list, as well, but haven't seen > any > > answers to this problem... > > > > my client is: > > > > RedHat Linux 6.2 > > pppd 2.3.8 with all patches installed > > pptp 1.0.2 > > > > and the server's Win2k. I can connect with a Win98 client, no > > problem. But when I try to connect using pptp, I get: > > > > ...Connect: ppp0 <--> /dev/ttya0 > > ...Sent [LCP ConfReq id=0x1 > 0xe6251907> \ > > ...last message repeated 9 times > > ...LCP: timeout sending Config-Requests > > > > ...with no other interesting messages occuring. Win2k just doesn't > > seem to be responding. However, in the Win2k log file, I get a > > warning: > > > > "The user connected to port VPN3-4 has been disconnected because the > > > authentication process did not complete within the required amount > of > > time." > > > > So, I'm pretty stumped. Has anyone else out there seen this happen, > > > or have any insight? > > > > Thanks in advance!! > > > > Eli Smith From mattgav at tempo-services.com.au Thu Oct 5 20:25:31 2000 From: mattgav at tempo-services.com.au (Matthew Gavin) Date: Fri, 6 Oct 2000 11:25:31 +1000 Subject: [pptp-server] Telnet or SSH over Pptp - VPN, Timed Out!!! Message-ID: Does anyone know of any reliable Telnet clients that can survive the odd timeout over the Internet and into the PPTP Server? We use Anzio, which really has jack all options for tweaking TeraTerm is just as bad. The VPN is great, users can browse our intranet and so on, but Telnet rarely lasts longer than 5mins!!! My last resort is Samba on the VPN in order to house the Telnet program to be run remotely and thus avoid the all too common Internet Timeout. PLEASE HELP???? Matthew Gavin Tempo Services Limited -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard at blauvelt.com Thu Oct 5 21:38:04 2000 From: richard at blauvelt.com (Richard E Blauvelt) Date: Thu, 05 Oct 2000 19:38:04 -0700 Subject: [pptp-server] Telnet or SSH over Pptp - VPN, Timed Out!!! In-Reply-To: Message-ID: <5.0.0.25.0.20001005192944.02d2deb0@blauvelt.com> I assume you are trying to use a Windows telnet client. I have had no problems using Hyperterminal on Windows9x/2000 to connect to the PoPToP server. Hyperterminal is packaged with MS Windows, but is a stripped-down version that may not include telnet. The version I use is a free (for personal use) upgrade available for download from the developer, Hilgraeve: http://www.hilgraeve.com/htpe/index.html Richard At 06:25 PM 10/5/00, Matthew Gavin wrote: >Does anyone know of any reliable Telnet clients that can survive the odd timeout over the Internet and into the PPTP Server? We use Anzio, which really has jack all options for tweaking& TeraTerm is just as bad. > > > >The VPN is great, users can browse our intranet and so on, but Telnet rarely lasts longer than 5mins!!! > > > >My last resort is Samba on the VPN in order to house the Telnet program to be run remotely and thus avoid the all too common Internet Timeout. > > > >PLEASE HELP???? > > > >Matthew Gavin > >Tempo Services Limited > > > > From Steve.Cowles at infohiiway.com Thu Oct 5 23:18:51 2000 From: Steve.Cowles at infohiiway.com (Cowles, Steve) Date: Thu, 5 Oct 2000 23:18:51 -0500 Subject: [pptp-server] Telnet or SSH over Pptp - VPN, Timed Out!!! Message-ID: <90769AF04F76D41186C700A0C90AFC3EE54F@defiant.infohiiway.com> > -----Original Message----- > From: Matthew Gavin [mailto:mattgav at tempo-services.com.au] > Sent: Thursday, October 05, 2000 8:26 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Telnet or SSH over Pptp > - VPN, Timed Out!!! > > Does anyone know of any reliable Telnet clients that > can survive the odd timeout over the Internet and into > the PPTP Server? We use Anzio, which really has jack > all options for tweaking... TeraTerm is just as bad. I wish I had a simple fix for this timeout problem you describe. In fact, I have had simalar problems. For instance, when I use my laptop and connect into my Netzero dialup account (not behind a firewall) and then establish my PPTP tunnel to my Poptop server at home, I do NOT have any timeout problems whatsoever. I've telnetted in for hours without any problems. But if I use that same laptop and place it on a LAN behind a another firewall and then establish a PPTP tunnel (through that firewall) to the same PPTP server, I have these timeout problems that you describe with telnet. > The VPN is great, users can browse our intranet and so > on, but Telnet rarely lasts longer than 5mins!!! > > My last resort is Samba on the VPN in order to house > the Telnet program to be run remotely and thus avoid > the all too common Internet Timeout. Maybe I'm mis-understanding your post, but I don't see how samba will help you with this. Maybe a VNC, Citrix, terminal server or even an xterm session acoss the VPN, but not Samba. You would still be loading the telnet program across the VPN to be run locally on the PPTP client. Steve Cowles From jbnance at tresgeek.net Fri Oct 6 03:17:23 2000 From: jbnance at tresgeek.net (Jason Bradley Nance) Date: Fri, 6 Oct 2000 03:17:23 -0500 (CDT) Subject: [pptp-server] New user questions... Message-ID: <1391.4.3.32.252.970820243.squirrel@www.tresgeek.net> Hello everyone. I just finished attempting to setup pptpd, and have a couple questions. First, is there a doc that describes the pptpd.conf file options a bit more? Especially the local and remote address stuff. When I try to connect, I am getting these errors in pptpd.log (from syslog) that I have attached at the bottom. I'm assuming that I left something out of the kernel, or that I don't have a good config file. Direction is appreciated! Thanks. j MGR: Manager process started MGR: Launching /usr/local/sbin/pptpctrl to handle client CTRL: local address = 192.168.0.1 CTRL: remote address = 192.168.1.1 CTRL: Client 4.3.33.107 control connection started CTRL: Received PPTP Control Message (type: 1) CTRL: Made a START CTRL CONN RPLY packet CTRL: I wrote 156 bytes to the client. CTRL: Sent packet to client CTRL: Received PPTP Control Message (type: 7) CTRL: Set parameters to 0 maxbps, 16 window size CTRL: Made a OUT CALL RPLY packet CTRL: Starting call (launching pppd, opening GRE) CTRL: pty_fd = 4 CTRL: tty_fd = 5 CTRL: I wrote 32 bytes to the client. CTRL: Sent packet to client CTRL (PPPD Launcher): Connection speed = 115200 CTRL (PPPD Launcher): local address = 192.168.0.1 CTRL (PPPD Launcher): remote address = 192.168.1.1 GRE: xmit failed from decaps_hdlc: Operation not permitted CTRL: PTY read or GRE write failed (pty,gre)=(4,5) CTRL: Client 4.3.33.107 control connection finished CTRL: Exiting now MGR: Reaped child 1396 From alan at silveregg.co.jp Fri Oct 6 03:28:54 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Fri, 06 Oct 2000 17:28:54 +0900 Subject: [pptp-server] network neighborhood HELP!!! Message-ID: <4.2.0.58.J.20001006172846.00b0d3d0@mail.silveregg.co.jp> I think I got so close but there was still a bit (big?) problem. Now I can dial up to my internal VPN server (running PopTop server on a Linux box) from a EXTERNAL window 98 client without any problem, the connection seems there (ppp0 connection showed by ifconfig with a remote IP, let's say 192.168.0.10), and I can ping from any internal machine to 192.168.0.10. But now I have two major problems: 1. I can't ping from that win98 VPN client to any remote internal machine. (I even tried to add a route for 192.168.0.10 on VPN server). Does it mean that the ipchains firewalling rules is not correctly setup yet? But pinging is not a problem except this though. I can ping to/from anywhere except this. 2. I am not able to see/browse any internal machine in network neighbothood. (I have set up /etc/ppp/options with ms-wins and ms-dns in it to specify WINS server, which is also a NT PDC internally). Please give me some advice if anybody knows or has the same experience. Thanks in advance. Alan From alan at silveregg.co.jp Fri Oct 6 03:39:01 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Fri, 06 Oct 2000 17:39:01 +0900 Subject: [pptp-server] network neighborhood HELP!!! Message-ID: <4.2.0.58.J.20001006172846.00b0d3d0@mail.silveregg.co.jp> I think I got so close but there was still a bit (big?) problem. Now I can dial up to my internal VPN server (running PopTop server on a Linux box) from a EXTERNAL window 98 client without any problem, the connection seems there (ppp0 connection showed by ifconfig with a remote IP, let's say 192.168.0.10), and I can ping from any internal machine to 192.168.0.10. But now I have two major problems: 1. I can't ping from that win98 VPN client to any remote internal machine. (I even tried to add a route for 192.168.0.10 on VPN server). Does it mean that the ipchains firewalling rules is not correctly setup yet? But pinging is not a problem except this though. I can ping to/from anywhere except this. 2. I am not able to see/browse any internal machine in network neighbothood. (I have set up /etc/ppp/options with ms-wins and ms-dns in it to specify WINS server, which is also a NT PDC internally). Please give me some advice if anybody knows or has the same experience. Thanks in advance. Alan From alan at silveregg.co.jp Fri Oct 6 05:59:48 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Fri, 06 Oct 2000 19:59:48 +0900 Subject: [pptp-server] NIC Message-ID: <4.2.0.58.J.20001006195928.00af9b80@mail.silveregg.co.jp> Do I need to have two network interfaces even on an internal VPN server? If the server is staying internally, one interface sounds good for me. From pptp at szczepanek.de Thu Oct 5 12:02:06 2000 From: pptp at szczepanek.de (Torge Szczepanek) Date: Thu, 5 Oct 2000 19:02:06 +0200 Subject: AW: [pptp-server] Can't find Compress-18 mod References: Message-ID: <005f01c02eee$0ff54400$02ffa8c0@maus.net> > I have my conf.modules file setup like that. And I still have the same > compress-18 problem. > > How can I make sure that the module is loaded/present?? I think you don't have sucessfully compiled your ppp_mppe.o Module. Check whether it is present in /lib/modules/2.2.14/net or in the kernel tree /usr/src/linux/drivers/net Is there somewhere a ppp_mppe.o file? Torge Szczepanek torge at szczepanek.de http://www.szczepanek.de/ From adreyer at math.uni-paderborn.de Fri Oct 6 06:24:56 2000 From: adreyer at math.uni-paderborn.de (Achim Dreyer) Date: Fri, 6 Oct 2000 13:24:56 +0200 (MET DST) Subject: [pptp-server] Telnet or SSH over Pptp - VPN, Timed Out!!! In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE54F@defiant.infohiiway.com> Message-ID: > > -----Original Message----- > > From: Matthew Gavin [mailto:mattgav at tempo-services.com.au] > > > > Does anyone know of any reliable Telnet clients that > > can survive the odd timeout over the Internet and into > > the PPTP Server? We use Anzio, which really has jack > > all options for tweaking... TeraTerm is just as bad. Did you try this combination: Client (Telnet and SSH): PuTTY http://www.chiark.greenend.org.uk/~sgtatham/putty/ Server (SSH): SSHD for NT http://marvin.criadvantage.com/caspian/Software/SSHD-NT/ Ciao, Achim From kennya at carlislefsp.com Fri Oct 6 07:24:56 2000 From: kennya at carlislefsp.com (Kenny Austin) Date: Fri, 6 Oct 2000 07:24:56 -0500 Subject: [pptp-server] pptp with samba In-Reply-To: Message-ID: <001701c02f90$6fda7dc0$5f020a0a@carlislefsp.com> i will write something up when i get a chance. hopefully later today. kenny kennya at carlislefsp.com -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Bill Stephens Sent: Thursday, October 05, 2000 6:23 PM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] pptp with samba Firewall rules seem to be a big obstacle here. Has anyone published a good firewall rule set? Or at least a complete set of rules required for samba, ping masq, etc for the pptp connection? -Bill Stephens -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Nate Carlson Sent: Wednesday, October 04, 2000 2:12 PM To: Alan Chung Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] pptp with samba On Wed, 4 Oct 2000, Alan Chung wrote: > Hi, > > I have FINALLY got pptp through Linux firewall. But I am not able to > browse anything in NETWORK NEIGHBORHOOD. > > 192.168.0.10 --> my internal WINS server (which is also a NT PDC) > > "ms-wins 192.168.0.10" is set in file /etc/ppp/options on pptpd > server. Should I be able to ping WINS server from vpn client? I > can't. But I can ping the VPN client IP (which not the real IP but the one > created by ppp connection, for VPN client) from WINS server though. Or I > need to make a Samba WINS server in order to do this? > > Any help is appreciated. Sounds like your firewall rules are messed up. Pretty much, if you can ping it from a box sitting on the network, you should be able to ping it from a remote client. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Fri Oct 6 08:09:58 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Fri, 6 Oct 2000 09:09:58 -0400 Subject: [pptp-server] Patchs References: <000401c02f04$e5c7dff0$5f020a0a@carlislefsp.com> <024801c02f13$660bb020$0300a8c0@lineo> Message-ID: <005a01c02f96$ba3354e0$330a0a0a@6014cwpza006> Thank you very much. This will end up making a lot of our lives easier. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Matthew Ramsay" To: ; "'Adam Lang'" ; Sent: Thursday, October 05, 2000 5:29 PM Subject: Re: [pptp-server] Patchs > Anyone who has a patch for PoPToP please email to me at: > matthewr at lineo.com and I will put them on the new downloads page on the > official site... patches may include scripts to help monitor PoPToP... > patches for PPP... patches to make it run with BSD etc... anything you think > relevant. > > Cheers, > Matt > > > ----- Original Message ----- > From: Kenny Austin > To: 'Adam Lang' ; > > Sent: Thursday, October 05, 2000 1:46 PM > Subject: RE: [pptp-server] Patchs > > > > If someone would start placing these on the downloads section > > of the website, it would help a lot. or, if that doesn't happen > > and there is actually a demand for it, i could start an "unoffical" > > page with these on it.. > > and the offical website is no longer on moreton bay i, i believe it > > is being moved to potop.lineo.com > > > > Kenny Austin > > kennya at carlislefsp.com > > > > -----Original Message----- > > From: pptp-server-admin at lists.schulte.org > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Adam Lang > > Sent: Thursday, October 05, 2000 8:52 AM > > To: Pptp > > Subject: [pptp-server] Patchs > > > > > > I've noticed a LARGE amounts of patches that have been recommended for > > different problems. > > > > Does anyone have a complete list of all files that will be needed to use > the > > most current PopTop version? (With ms-chaps, etc.) > > > > Adam Lang > > Systems Engineer > > Rutgers Casualty Insurance Company > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > From aalang at rutgersinsurance.com Fri Oct 6 08:13:42 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Fri, 6 Oct 2000 09:13:42 -0400 Subject: [pptp-server] pptp client, Win2k server - problems! References: <139B0D28CB05EC4B8F3D42C248A681030AF22E@voxs1.intra.rocketvox.com> <39DD1414.BF28E1AE@home.com> Message-ID: <006d01c02f97$3fbd1f60$330a0a0a@6014cwpza006> That ppp options script... is it being used for the server or the client? That is probably why I was wrong... i was referencing the server script for it. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Jerry Vonau" To: "Elijah Smith" Cc: Sent: Thursday, October 05, 2000 7:51 PM Subject: Re: [pptp-server] pptp client, Win2k server - problems! > Hi All: > > This is my ppp options: > > lock > noauth > debug > > user USER >required for > password PASSWORD >MS chap and above (sorry Adam, I was right) > > noauth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > start the clint form the command line: > /usr/sbin/pptp SERVERIP lock noauth debug user USERNAME +chapms-v2 > mppe-128 mppe-stateless noauth > > Replace the UPPERCASE with your info. > > Jerry Vonau > Network Administrator > Winnipeg Motor Express\ > Ram Messenger > > > > Elijah Smith wrote: > > > > > > > To recap - I'm getting a "LCP: timeout sending Config-Requests" error > > when trying to connect with a pptp client to a win2k server. > > > > there were several suggestions to change "AUTH" to "NOAUTH" in the ppp > > options file. So I did this. Let me ask everyone, though - as a > > client, should I include: > > > > +chap > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > > > or are those not useful as a client? > > > > Anyway, I'm still getting the same timeout problem, but now the > > request being sent looks like this: > > > > ...sent [LCP ConfReq id=0x1 > > ] > > ...last message repeated 9 times > > ...LCP: timeout sending Config-Requests > > > > So, the bit is gone, but it's still dying. > > > > Thanks to everyone that responded, I really appreciate it! Any other > > suggestions? > > > > Thanks! > > > > eli > > > > -----Original Message----- > > From: Jerry Vonau > > Sent: Thursday, October 05, 2000 7:12 AM > > To: Elijah Smith > > Cc: 'pptp-server at lists.schulte.org' > > Subject: Re: [pptp-server] pptp client, Win2k server - problems! > > > > check your ppp options file if this is a client , change AUTH to > > NOAUTH > > > > Jerry > > > > Elijah Smith wrote: > > > > > > > > > > > Hi, everyone - I'm trying to connect to my Windows 2000 router at > > work > > > with my firewall/router Linux box at home. I'm almost there - so > > > close I can smell it - but I can't figure out this problem. I've > > read > > > back through the archives of this list, as well, but haven't seen > > any > > > answers to this problem... > > > > > > my client is: > > > > > > RedHat Linux 6.2 > > > pppd 2.3.8 with all patches installed > > > pptp 1.0.2 > > > > > > and the server's Win2k. I can connect with a Win98 client, no > > > problem. But when I try to connect using pptp, I get: > > > > > > ...Connect: ppp0 <--> /dev/ttya0 > > > ...Sent [LCP ConfReq id=0x1 > > 0xe6251907> \ > > > ...last message repeated 9 times > > > ...LCP: timeout sending Config-Requests > > > > > > ...with no other interesting messages occuring. Win2k just doesn't > > > seem to be responding. However, in the Win2k log file, I get a > > > warning: > > > > > > "The user connected to port VPN3-4 has been disconnected because the > > > > > authentication process did not complete within the required amount > > of > > > time." > > > > > > So, I'm pretty stumped. Has anyone else out there seen this happen, > > > > > or have any insight? > > > > > > Thanks in advance!! > > > > > > Eli Smith > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Fri Oct 6 08:19:07 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Fri, 6 Oct 2000 09:19:07 -0400 Subject: [pptp-server] Telnet or SSH over Pptp - VPN, Timed Out!!! References: Message-ID: <008601c02f98$01cfbd60$330a0a0a@6014cwpza006> For windows based telnetting, I use KevTerm. Pretty good. (I've tried Hyperterm also, but for some unexplainable reason, it didn't agree with me.) As for timing out. I had no issue. As a matter of fact, I have my pptp server setup so that people at home can connect to the AS/400 in the companies internal network and use Client Access to work on it. That program uses the telnet 23 port. It is as if they are working at their desk at work. Of course, as someone else mentioned, I haven't tried it behind a "dual" firewall setting. Only from client, to internet, to PPTP server, to AS/400. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Matthew Gavin" To: Sent: Thursday, October 05, 2000 9:25 PM Subject: [pptp-server] Telnet or SSH over Pptp - VPN, Timed Out!!! Does anyone know of any reliable Telnet clients that can survive the odd timeout over the Internet and into the PPTP Server? We use Anzio, which really has jack all options for tweaking. TeraTerm is just as bad. The VPN is great, users can browse our intranet and so on, but Telnet rarely lasts longer than 5mins!!! My last resort is Samba on the VPN in order to house the Telnet program to be run remotely and thus avoid the all too common Internet Timeout. PLEASE HELP???? Matthew Gavin Tempo Services Limited From aalang at rutgersinsurance.com Fri Oct 6 08:23:56 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Fri, 6 Oct 2000 09:23:56 -0400 Subject: [pptp-server] NIC References: <4.2.0.58.J.20001006195928.00af9b80@mail.silveregg.co.jp> Message-ID: <009f01c02f98$af4a7200$330a0a0a@6014cwpza006> You probably need to get a little more specific with your network structure. In most cases you'll want two. One NIC connected to the internet and a second one connected to your internal network. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Alan Chung" To: Sent: Friday, October 06, 2000 6:59 AM Subject: [pptp-server] NIC > Do I need to have two network interfaces even on an internal VPN > server? If the server is staying internally, one interface sounds good for me. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From jvonau at home.com Fri Oct 6 08:30:48 2000 From: jvonau at home.com (Jerry Vonau) Date: Fri, 06 Oct 2000 08:30:48 -0500 Subject: [pptp-server] network neighborhood HELP!!! References: <4.2.0.58.J.20001006172846.00b0d3d0@mail.silveregg.co.jp> Message-ID: <39DDD408.A7B4B731@home.com> Do you have proxyarp in the options file? Does the log show that is was enabled then the client connects? Jerry Alan Chung wrote: > I think I got so close but there was still a bit (big?) problem. > > Now I can dial up to my internal VPN server (running PopTop server on a > Linux box) from a EXTERNAL window 98 client without any problem, the > connection seems there (ppp0 connection showed by ifconfig with a remote > IP, let's say 192.168.0.10), and I can ping from any internal machine to > 192.168.0.10. But now I have two major problems: > > 1. I can't ping from that win98 VPN client to any remote internal machine. > (I even tried to add a route for 192.168.0.10 on VPN server). Does it > mean that the ipchains firewalling rules is not correctly setup yet? But > pinging is not a problem except this though. I can ping to/from anywhere > except this. > > 2. I am not able to see/browse any internal machine in network > neighbothood. (I have set up /etc/ppp/options with ms-wins and ms-dns in > it to specify WINS server, which is also a NT PDC internally). > > Please give me some advice if anybody knows or has the same experience. > > Thanks in advance. > > Alan > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From rafi at radiotel.co.il Fri Oct 6 10:16:35 2000 From: rafi at radiotel.co.il (Rafi Dar (RadioTel)) Date: Fri, 6 Oct 2000 17:16:35 +0200 Subject: [pptp-server] Any PPTP server source code for pSOS RTOS (PowerPC processor) ? Message-ID: <01C02FB9.34C8BD40@pop03-2-ras4-p97.barak.net.il> Did anybody hear of porting of a PPTP server code to pSOS Real-Time OS for the PowerPC processor ? Thanks, Rafi rafi_d at bigfoot.com From phil at vibrationresearch.com Fri Oct 6 09:30:54 2000 From: phil at vibrationresearch.com (Philip Van Baren) Date: Fri, 6 Oct 2000 10:30:54 -0400 Subject: [pptp-server] Re: pptp with samba Message-ID: <000901c02fa2$08f27a10$4500a8c0@vibrationresearch.com> Below is my list of firewall rules and other configuration details for a setup that is working with Windows browsing and file sharing. With this configuration my VPN machines can access the local machines, and the internal machines can access the VPN machines. I am using ppp-2.3.11, pptpd-1.1.2, samba-2.0.5a-12, kernel-2.2.17, with ppp_mppe patches applied. eth0 is connected to my DSL line eth1 is the internal network, IP addresses 192.168.1.* ppp* is the VPN dialup, given addresses 192.168.1.40-44 Note that both the VPN machines and the local machines have IP addresses on the same subnet. This works, and avoids the need for NAT to translate addresses from one net to the other. I am using pptpd's "./configure --with-pppd-ip-alloc" option to assign fixed IP addresses (assigned in chap-secrets) for each individual VPN user. If you don't do this (i.e. you use the default dynamic IP address assignment) the VPN machines will still be able to access the local network, but the local network machines won't be able to access the VPN machines because they don't have a fixed name-to-IP address matchup. Network neighborhood browsing will work IF the machine running pptpd is also running samba, and is maintaining a browse list (look for /var/lock/samba/browse.dat on the pptpd/samba machine). The VPN machines will be able to get the browse list from the machine running pptpd, but I don't think it will be able to get browse lists from any other machine. The reason is because browsing uses broadcast packets, and these broadcast packets will make it from the VPN machine to the pptpd machine through the PPTP link, but the pptpd machine will not echo them onto the local network (broadcast doesn't go through routing). If you can browse, but not access machines (get "\\machinename is not accessible The network path was not found" errors when you double-click on a machine), then you are not getting proper name-to-IP resolution. The solution for this is to set up a c:\windows\hosts and c:\windows\lmhosts file containing the IP addresses and names of all of the machines on the local network. (In WinNT/2k this is in c:\winnt\system32\drivers\etc\hosts and lmhosts) For example: ----- c:\windows\lmhosts -and- c:\windows\hosts ----------- 192.168.1.1 gateway 192.168.1.2 moosetracks 192.168.1.3 pentium150 192.168.1.4 toshiba ------------------------------------------------- Alternatively, you can set up a wins server to aid in browsing and name resolution. To do this, add the line ms-wins 192.168.1.1 to your /etc/ppp/options.pptp file, where 192.168.1.1 must be the address of a valid WINS server (could be samba, could be winnt) for your local network. My setup is working just fine WITHOUT any WINS configuration, however. ---- /etc/ppp/chap-secrets ------------------------- billy gateway "billys-pw" 192.168.1.40 joe gateway "joes-pw" 192.168.1.41 bob gateway "bobs-pw" 192.168.1.42 dick gateway "dicks-pw" 192.168.1.43 harry gateway "harrys-pw" 192.168.1.44 ---------------------------------------------------- ---- /etc/ppp/options.pptp ------------------------- debug name gateway mru 1450 mtu 1450 auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless 192.168.1.20: -------------------------------------------- ---- /etc/pptpd.conf ----------------------- debug options /etc/ppp/options.pptp -------------------------------------------- ------- ipchains rules, including masquerading ----------------------- # Enable IP forwarding ipchains -P forward DENY ipchains -A forward -i eth0 -j MASQ # Set the timeouts for (TCP sessions) (TCP after FIN) (UDP) ipchains -M -S 1800 120 300 # Create a chain for outputs on the eth0 dialup device ipchains -N eth0-out ipchains -A output -i eth0 -j eth0-out # Log anything with local addresses seen on the eth0 devices ipchains -A eth0-out -s 192.168.0.0/16 -l -j DENY ipchains -A eth0-out -d 192.168.0.0/16 -l -j DENY # Create a chain for inputs on the eth0 dialup device ipchains -N eth0-in ipchains -A input -i eth0 -j eth0-in # Log anything with local addresses seen on the eth0 devices ipchains -A eth0-in -s 192.168.0.0/16 -l -j DENY ipchains -A eth0-in -d 192.168.0.0/16 -l -j DENY # Squash and log any attempt to access SMTP, Telnet, FTP, Samba through the eth0 devices ipchains -A eth0-in -p TCP -d 0.0.0.0/0 smtp -l -j DENY ipchains -A eth0-in -p TCP -d 0.0.0.0/0 telnet -l -j DENY ipchains -A eth0-in -p TCP -d 0.0.0.0/0 ftp -l -j DENY ipchains -A eth0-in -p TCP -d 0.0.0.0/0 netbios-ssn -l -j DENY ipchains -A eth0-in -p UDP -d 0.0.0.0/0 netbios-ssn -l -j DENY ipchains -A eth0-in -p TCP -d 0.0.0.0/0 netbios-dgm -l -j DENY ipchains -A eth0-in -p UDP -d 0.0.0.0/0 netbios-dgm -l -j DENY ipchains -A eth0-in -p TCP -d 0.0.0.0/0 netbios-ns -l -j DENY ipchains -A eth0-in -p UDP -d 0.0.0.0/0 netbios-ns -l -j DENY ipchains -A eth0-in -p TCP -d 0.0.0.0/0 sunrpc -l -j DENY ipchains -A eth0-in -p UDP -d 0.0.0.0/0 sunrpc -l -j DENY # REJECT all IDENT connections. This should improve the response of servers # that are looking for IDENT because they will get an immediate # (albeit negative) response. ipchains -A eth0-in -p TCP -d 0.0.0.0/0 auth -j REJECT # Allow ftp-data through for masquerading connections # the SYN packets are logged, others are silently accepted ipchains -A eth0-in -p TCP -y -s 0.0.0.0/0 ftp-data -d 0.0.0.0/0 1024:5999 -j ACCEPT -l ipchains -A eth0-in -p TCP -s 0.0.0.0/0 ftp-data -d 0.0.0.0/0 1024:5999 -j ACCEPT ipchains -A eth0-in -p TCP -y -s 0.0.0.0/0 ftp-data -d 0.0.0.0/0 6010: -j ACCEPT -l ipchains -A eth0-in -p TCP -s 0.0.0.0/0 ftp-data -d 0.0.0.0/0 6010: -j ACCEPT ipchains -A eth0-in -p TCP -y -d 0.0.0.0/0 ftp-data -j ACCEPT -l ipchains -A eth0-in -p TCP -d 0.0.0.0/0 ftp-data -j ACCEPT ipchains -A eth0-in -p TCP -y -d 0.0.0.0/0 pptp -j ACCEPT -l ipchains -A eth0-in -p UDP -d 0.0.0.0/0 pptp -j ACCEPT # Deny any other input traffic ipchains -A eth0-in -p TCP -y -j DENY -l # Enable packet forwarding to/from the pptpd connection ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT # Enable forwarding in the kernel echo 1 > /proc/sys/net/ipv4/ip_forward From phil at vibrationresearch.com Fri Oct 6 09:39:41 2000 From: phil at vibrationresearch.com (Philip Van Baren) Date: Fri, 6 Oct 2000 10:39:41 -0400 Subject: [pptp-server] Re: Telnet or SSH over Pptp - VPN, Timed Out!!! Message-ID: <000a01c02fa3$42efcb40$4500a8c0@vibrationresearch.com> One thing to consider is if this timeout is due to one of the machines going through a masqueraded connection. You can set the MASQ connection timeouts using the ipchains command: # Set the timeouts for (TCP sessions) (TCP after FIN) (UDP) ipchains -M -S 1800 120 300 Also, you can set your shell up to periodically generate traffic even if no other activity is happening. To do this for csh, add the following to your .cshrc file (also works for tcsh): # Force csh to send something once every 10 minutes so the TCP/IP # connection does not get cut off. alias keepalive 'echo;sched +0:10 keepalive' keepalive This will generate a little network traffic every 10 minutes when you have a command prompt. (it redraws the command problem line) From Steve.Cowles at infohiiway.com Fri Oct 6 10:06:29 2000 From: Steve.Cowles at infohiiway.com (Cowles, Steve) Date: Fri, 6 Oct 2000 10:06:29 -0500 Subject: [pptp-server] NIC Message-ID: <90769AF04F76D41186C700A0C90AFC3EE551@defiant.infohiiway.com> Alan, My poptop server is behind my linux based firewall so it only has one NIC. If I was to move poptop to my firewall, then obviously it would have two NIC's. Based on where poptop is (physically) running on your network, your firewall rules would also need to be modifed to accomodate. In my case, I have to use ipmasqadm and ipfwd (in addition to ipchain rules) to "forward" the inbound VPN connections (proto 47/port 1723) to my PPTP server. Plus my firewall kernel had to be patched to handle the masqing of PPTP/IPSEC connections. If I was to move poptop to my firewall (which violates most well written security policies) then I would NOT have to 1) patch the kernel for VPN masquerading 2) use ipmasqadm and ipfwd to forward PPTP proto/ports internally. FWIW: My linux firewall is using Seattle Firewall (seawall) developed by Tom Eastep to properly establish the firewall rules. By simply editing a well documented configuration file, Seattle Firewall will execute the appropiate ipchain, ipmasqadm, ipfwd commands based on your network design. Tom has gone to great extremes to insure that Seawall properly configures your firewall to work with PPTP servers which are either masq'd (like mine) or running on the firewall itself. Checkout: http://seawall.sourceforge.net Steve Cowles > -----Original Message----- > From: Alan Chung [mailto:alan at silveregg.co.jp] > Sent: Friday, October 06, 2000 6:00 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] NIC > > > Do I need to have two network interfaces even on an internal VPN > server? If the server is staying internally, one interface > sounds good for me. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From d_batchovski at softhome.net Fri Oct 6 10:19:31 2000 From: d_batchovski at softhome.net (Detelin Batchovski) Date: Fri, 6 Oct 2000 18:19:31 +0300 Subject: [pptp-server] OpenBSD 2.7 pptpd strange GRE errors Message-ID: Hello everyone, I have troubles with OpenBSD 2.7 and PoPToP v1.0.1 & PoPToP v1.0.0. pptpd compiled with "--with-bsdppp --with-pppd-ip-alloc". Win2k return error: "Error 619:The specified port is not connected." I can't understand what caused this: pptpd[19079]: GRE: read(fd=5,buffer=6544,len=8196) from PTY failed: status = 0 error = No error Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: deflink: Connect time: 17 secs: 0 octets in, 320 octets out Oct 6 17:56:42 obsd pptpd[19079]: CTRL: PTY read or GRE write failed (pty,gre)=(5,4) I try to make VPN connections from Win98 and Win2k, but result is equal. Anyone can help me ? Here is log file: Oct 6 17:56:25 obsd pptpd[19079]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Oct 6 17:56:25 obsd pptpd[19079]: CTRL: pppd speed = 1000000 Oct 6 17:56:25 obsd pptpd[19079]: CTRL: pppd options file = /etc/ppp/options Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Client 10.0.0.3 control connection started Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Received PPTP Control Message (type: 1) Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Made a START CTRL CONN RPLY packet Oct 6 17:56:25 obsd pptpd[19079]: CTRL: I wrote 156 bytes to the client. Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Sent packet to client Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Received PPTP Control Message (type: 7) Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Set parameters to 1525 maxbps, 64 window size Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Made a OUT CALL RPLY packet Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Starting call (launching pppd, opening GRE) Oct 6 17:56:25 obsd pptpd[19079]: CTRL: pty_fd = 5 Oct 6 17:56:25 obsd pptpd[19079]: CTRL: tty_fd = 4 Oct 6 17:56:25 obsd pptpd[19079]: CTRL: I wrote 32 bytes to the client. Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Sent packet to client Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Received PPTP Control Message (type: 15) Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Got a SET LINK INFO packet with standard ACCMs Oct 6 17:56:25 obsd ppp[28405]: Phase: Using interface: tun0 Oct 6 17:56:25 obsd ppp[28405]: Phase: deflink: Created in closed state Oct 6 17:56:25 obsd ppp[28405]: Warning: device=/dev/pty0: Invalid command Oct 6 17:56:25 obsd ppp[28405]: Warning: device=/dev/pty0: Failed 1 Oct 6 17:56:25 obsd ppp[28405]: tun0: Command: default: set speed 115200 Oct 6 17:56:25 obsd ppp[28405]: tun0: Command: pptp: enable chap Oct 6 17:56:25 obsd ppp[28405]: tun0: Command: pptp: enable proxy Oct 6 17:56:25 obsd ppp[28405]: tun0: Command: pptp: set ifaddr 10.0.0.1 10.0.0.240 255.255.255.255 Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: PPP Started (direct mode). Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: bundle: Establish Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: deflink: closed -> opening Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: deflink: Connected! Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: deflink: opening -> carrier Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: deflink: carrier -> lcp Oct 6 17:56:25 obsd ppp[28405]: tun0: LCP: FSM: Using "deflink" as a transport Oct 6 17:56:25 obsd ppp[28405]: tun0: LCP: deflink: State change Initial --> Closed Oct 6 17:56:25 obsd ppp[28405]: tun0: LCP: deflink: State change Closed --> Stopped Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: deflink: LayerStart Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: deflink: SendConfigReq(1) state = Stopped Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: ACFCOMP[2] Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: PROTOCOMP[2] Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: MRU[4] 1500 Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: MAGICNUM[6] 0x0f1806ae Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: deflink: State change Stopped --> Req-Sent Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: ACFCOMP[2] Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: PROTOCOMP[2] Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: MRU[4] 1500 Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: MAGICNUM[6] 0x0f1806ae Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: ACFCOMP[2] Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: PROTOCOMP[2] Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: MRU[4] 1500 Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: MAGICNUM[6] 0x0f1806ae Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: ACFCOMP[2] Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: PROTOCOMP[2] Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: MRU[4] 1500 Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: MAGICNUM[6] 0x0f1806ae Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: ACFCOMP[2] Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: PROTOCOMP[2] Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: MRU[4] 1500 Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: MAGICNUM[6] 0x0f1806ae Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 17:56:42 obsd ppp[28405]: tun0: LCP: deflink: LayerFinish Oct 6 17:56:42 obsd ppp[28405]: tun0: LCP: deflink: State change Req-Sent --> Stopped Oct 6 17:56:42 obsd ppp[28405]: tun0: LCP: deflink: State change Stopped --> Closed Oct 6 17:56:42 obsd ppp[28405]: tun0: LCP: deflink: State change Closed --> Initial Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: deflink: Disconnected! Oct 6 17:56:42 obsd pptpd[19079]: GRE: read(fd=5,buffer=6544,len=8196) from PTY failed: status = 0 error = No error Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: deflink: Connect time: 17 secs: 0 octets in, 320 octets out Oct 6 17:56:42 obsd pptpd[19079]: CTRL: PTY read or GRE write failed (pty,gre)=(5,4) Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: total 18 bytes/sec, peak 25 bytes/sec on Fri Oct 6 17:56:29 2000 Oct 6 17:56:42 obsd pptpd[19079]: CTRL: Client 10.0.0.3 control connection finished Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: deflink: lcp -> closed Oct 6 17:56:42 obsd pptpd[19079]: CTRL: Exiting now Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: bundle: Dead Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: PPP Terminated (normal). Oct 6 17:56:42 obsd pptpd[1167]: MGR: Reaped child 19079 Here is Win2k log file: [1308] 18:10:30:375: PPPEMSG_Start recvd, d=, hPort=5,callback=0,mask=1a30108,IfType=-1 [348] 18:10:30:375: Line up event occurred on port 5 [348] 18:10:30:375: Local identification = MSRAS-1-SERVER2K [348] 18:10:30:375: PortName: VPN4-4 [348] 18:10:30:375: Starting PPP on link with IfType=0xffffffff,IPIf=0xffffffff,IPXIf=0xffffffff [348] 18:10:30:375: RasGetBuffer returned de060 for SendBuf [348] 18:10:30:375: FsmInit called for protocol = c021, port = 5 [348] 18:10:30:375: ConfigInfo = 1a30108 [348] 18:10:30:375: APs available = 4e [348] 18:10:30:375: FsmReset called for protocol = c021, port = 5 [348] 18:10:30:375: Inserting port in bucket # 5 [348] 18:10:30:375: Inserting bundle in bucket # 2 [348] 18:10:30:375: FsmOpen event received for protocol c021 on port 5 [348] 18:10:30:375: FsmThisLayerStarted called for protocol = c021, port = 5 [348] 18:10:30:375: FsmUp event received for protocol c021 on port 5 [348] 18:10:30:375: PPP packet received at 10/06/2000 15:10:31:750 [348] 18:10:31:750: >Protocol = LCP, Type = Configure-Req, Length = 0x1f, Id = 0x1, Port = 5 [348] 18:10:31:750: >C0 21 01 01 00 1D 08 02 07 02 02 06 00 00 00 00 |.!..............| [348] 18:10:31:750: >01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 |......$..<...#..| [348] 18:10:31:750: [348] 18:10:31:750: PPP packet received at 10/06/2000 15:10:34:734 [348] 18:10:34:734: >Protocol = LCP, Type = Configure-Req, Length = 0x1f, Id = 0x1, Port = 5 [348] 18:10:34:734: >C0 21 01 01 00 1D 08 02 07 02 02 06 00 00 00 00 |.!..............| [348] 18:10:34:734: >01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 |......$..<...#..| [348] 18:10:34:734: [348] 18:10:34:734: PPP packet received at 10/06/2000 15:10:37:750 [348] 18:10:37:750: >Protocol = LCP, Type = Configure-Req, Length = 0x1f, Id = 0x1, Port = 5 [348] 18:10:37:750: >C0 21 01 01 00 1D 08 02 07 02 02 06 00 00 00 00 |.!..............| [348] 18:10:37:750: >01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 |......$..<...#..| [348] 18:10:37:750: [348] 18:10:37:750: PPP packet received at 10/06/2000 15:10:40:765 [348] 18:10:40:765: >Protocol = LCP, Type = Configure-Req, Length = 0x1f, Id = 0x1, Port = 5 [348] 18:10:40:765: >C0 21 01 01 00 1D 08 02 07 02 02 06 00 00 00 00 |.!..............| [348] 18:10:40:765: >01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 |......$..<...#..| [348] 18:10:40:765: [348] 18:10:40:765: PPP packet received at 10/06/2000 15:10:43:796 [348] 18:10:43:796: >Protocol = LCP, Type = Configure-Req, Length = 0x1f, Id = 0x1, Port = 5 [348] 18:10:43:796: >C0 21 01 01 00 1D 08 02 07 02 02 06 00 00 00 00 |.!..............| [348] 18:10:43:796: >01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 |......$..<...#..| [348] 18:10:43:796: [348] 18:10:43:796: Message-ID: <00b901c02faa$2887ad20$6e00a8c0@prepar.lan> >Oct 6 17:56:42 obsd pptpd[19079]: GRE: read(fd=5,buffer=6544,len=8196) from PTY failed: status = 0 error = No error It looks like your firewall is blocking input of protocol GRE (47). >Oct 6 17:56:42 obsd pptpd[19079]: CTRL: PTY read or GRE write failed (pty,gre)=(5,4) And it also block output of protocol GRE (47). You have to allow that proto for input and output ----- Original Message ----- From: Detelin Batchovski To: Sent: Friday, October 06, 2000 11:19 AM Subject: [pptp-server] OpenBSD 2.7 pptpd strange GRE errors > Hello everyone, > I have troubles with OpenBSD 2.7 and PoPToP v1.0.1 & PoPToP v1.0.0. > pptpd compiled with "--with-bsdppp --with-pppd-ip-alloc". > Win2k return error: "Error 619:The specified port is not connected." > I can't understand what caused this: > > pptpd[19079]: GRE: read(fd=5,buffer=6544,len=8196) from PTY failed: status = > 0 error = No error > Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: deflink: Connect time: 17 > secs: 0 octets in, 320 octets out > Oct 6 17:56:42 obsd pptpd[19079]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,4) > > I try to make VPN connections from Win98 and Win2k, but result is equal. > > Anyone can help me ? > > Here is log file: > > Oct 6 17:56:25 obsd pptpd[19079]: MGR: Launching /usr/local/sbin/pptpctrl > to handle client > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: pppd speed = 1000000 > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: pppd options file = > /etc/ppp/options > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Client 10.0.0.3 control connection > started > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Received PPTP Control Message > (type: 1) > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Made a START CTRL CONN RPLY packet > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: I wrote 156 bytes to the client. > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Sent packet to client > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Received PPTP Control Message > (type: 7) > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Set parameters to 1525 maxbps, 64 > window size > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Made a OUT CALL RPLY packet > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Starting call (launching pppd, > opening GRE) > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: pty_fd = 5 > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: tty_fd = 4 > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: I wrote 32 bytes to the client. > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Sent packet to client > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Received PPTP Control Message > (type: 15) > Oct 6 17:56:25 obsd pptpd[19079]: CTRL: Got a SET LINK INFO packet with > standard ACCMs > Oct 6 17:56:25 obsd ppp[28405]: Phase: Using interface: tun0 > Oct 6 17:56:25 obsd ppp[28405]: Phase: deflink: Created in closed state > Oct 6 17:56:25 obsd ppp[28405]: Warning: device=/dev/pty0: Invalid command > Oct 6 17:56:25 obsd ppp[28405]: Warning: device=/dev/pty0: Failed 1 > Oct 6 17:56:25 obsd ppp[28405]: tun0: Command: default: set speed 115200 > Oct 6 17:56:25 obsd ppp[28405]: tun0: Command: pptp: enable chap > Oct 6 17:56:25 obsd ppp[28405]: tun0: Command: pptp: enable proxy > Oct 6 17:56:25 obsd ppp[28405]: tun0: Command: pptp: set ifaddr 10.0.0.1 > 10.0.0.240 255.255.255.255 > Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: PPP Started (direct mode). > Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: bundle: Establish > Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: deflink: closed -> opening > Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: deflink: Connected! > Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: deflink: opening -> carrier > Oct 6 17:56:25 obsd ppp[28405]: tun0: Phase: deflink: carrier -> lcp > Oct 6 17:56:25 obsd ppp[28405]: tun0: LCP: FSM: Using "deflink" as a > transport > Oct 6 17:56:25 obsd ppp[28405]: tun0: LCP: deflink: State change > Initial --> Closed > Oct 6 17:56:25 obsd ppp[28405]: tun0: LCP: deflink: State change Closed --> > Stopped > Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: deflink: LayerStart > Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: deflink: SendConfigReq(1) state > = Stopped > Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: ACFCOMP[2] > Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: PROTOCOMP[2] > Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: ACCMAP[6] 0x00000000 > Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: MRU[4] 1500 > Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: MAGICNUM[6] 0x0f1806ae > Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) > Oct 6 17:56:26 obsd ppp[28405]: tun0: LCP: deflink: State change > Stopped --> Req-Sent > Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: deflink: SendConfigReq(1) state > = Req-Sent > Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: ACFCOMP[2] > Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: PROTOCOMP[2] > Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: ACCMAP[6] 0x00000000 > Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: MRU[4] 1500 > Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: MAGICNUM[6] 0x0f1806ae > Oct 6 17:56:29 obsd ppp[28405]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) > Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: deflink: SendConfigReq(1) state > = Req-Sent > Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: ACFCOMP[2] > Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: PROTOCOMP[2] > Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: ACCMAP[6] 0x00000000 > Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: MRU[4] 1500 > Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: MAGICNUM[6] 0x0f1806ae > Oct 6 17:56:32 obsd ppp[28405]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) > Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: deflink: SendConfigReq(1) state > = Req-Sent > Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: ACFCOMP[2] > Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: PROTOCOMP[2] > Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: ACCMAP[6] 0x00000000 > Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: MRU[4] 1500 > Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: MAGICNUM[6] 0x0f1806ae > Oct 6 17:56:35 obsd ppp[28405]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) > Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: deflink: SendConfigReq(1) state > = Req-Sent > Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: ACFCOMP[2] > Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: PROTOCOMP[2] > Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: ACCMAP[6] 0x00000000 > Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: MRU[4] 1500 > Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: MAGICNUM[6] 0x0f1806ae > Oct 6 17:56:39 obsd ppp[28405]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) > Oct 6 17:56:42 obsd ppp[28405]: tun0: LCP: deflink: LayerFinish > Oct 6 17:56:42 obsd ppp[28405]: tun0: LCP: deflink: State change > Req-Sent --> Stopped > Oct 6 17:56:42 obsd ppp[28405]: tun0: LCP: deflink: State change > Stopped --> Closed > Oct 6 17:56:42 obsd ppp[28405]: tun0: LCP: deflink: State change Closed --> > Initial > Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: deflink: Disconnected! > Oct 6 17:56:42 obsd pptpd[19079]: GRE: read(fd=5,buffer=6544,len=8196) from > PTY failed: status = 0 error = No error > Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: deflink: Connect time: 17 > secs: 0 octets in, 320 octets out > Oct 6 17:56:42 obsd pptpd[19079]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,4) > Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: total 18 bytes/sec, peak 25 > bytes/sec on Fri Oct 6 17:56:29 2000 > Oct 6 17:56:42 obsd pptpd[19079]: CTRL: Client 10.0.0.3 control connection > finished > Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: deflink: lcp -> closed > Oct 6 17:56:42 obsd pptpd[19079]: CTRL: Exiting now > Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: bundle: Dead > Oct 6 17:56:42 obsd ppp[28405]: tun0: Phase: PPP Terminated (normal). > Oct 6 17:56:42 obsd pptpd[1167]: MGR: Reaped child 19079 > > Here is Win2k log file: > > [1308] 18:10:30:375: PPPEMSG_Start recvd, d=, > hPort=5,callback=0,mask=1a30108,IfType=-1 > [348] 18:10:30:375: Line up event occurred on port 5 > [348] 18:10:30:375: Local identification = MSRAS-1-SERVER2K > [348] 18:10:30:375: PortName: VPN4-4 > [348] 18:10:30:375: Starting PPP on link with > IfType=0xffffffff,IPIf=0xffffffff,IPXIf=0xffffffff > [348] 18:10:30:375: RasGetBuffer returned de060 for SendBuf > [348] 18:10:30:375: FsmInit called for protocol = c021, port = 5 > [348] 18:10:30:375: ConfigInfo = 1a30108 > [348] 18:10:30:375: APs available = 4e > [348] 18:10:30:375: FsmReset called for protocol = c021, port = 5 > [348] 18:10:30:375: Inserting port in bucket # 5 > [348] 18:10:30:375: Inserting bundle in bucket # 2 > [348] 18:10:30:375: FsmOpen event received for protocol c021 on port 5 > [348] 18:10:30:375: FsmThisLayerStarted called for protocol = c021, port = 5 > [348] 18:10:30:375: FsmUp event received for protocol c021 on port 5 > [348] 18:10:30:375: [348] 18:10:30:375: = 0x0, Port = 5 > [348] 18:10:30:375: |.!.......P. at ....| > [348] 18:10:30:375: > [348] 18:10:30:375: InsertInTimerQ called > portid=26,Id=0,Protocol=c021,EventType=0,fAuth=0 > [348] 18:10:30:375: InsertInTimerQ called > portid=26,Id=0,Protocol=0,EventType=3,fAuth=0 > [1108] 18:10:31:750: Packet received (31 bytes) for hPort 5 > [348] 18:10:31:750: >PPP packet received at 10/06/2000 15:10:31:750 > [348] 18:10:31:750: >Protocol = LCP, Type = Configure-Req, Length = 0x1f, Id > = 0x1, Port = 5 > [348] 18:10:31:750: >C0 21 01 01 00 1D 08 02 07 02 02 06 00 00 00 00 > |.!..............| > [348] 18:10:31:750: >01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 > |......$..<...#..| > [348] 18:10:31:750: > [348] 18:10:31:750: [348] 18:10:31:750: = 0x1, Port = 5 > [348] 18:10:31:750: |.!..............| > [348] 18:10:31:750: <01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 > |......$..<...#..| > [348] 18:10:31:750: > [348] 18:10:32:375: Recv timeout event received for > portid=26,Id=0,Protocol=c021,fAuth=0 > [348] 18:10:32:375: [348] 18:10:32:375: = 0x1, Port = 5 > [348] 18:10:32:375: |.!.......P. at ....| > [348] 18:10:32:375: > [348] 18:10:32:375: InsertInTimerQ called > portid=26,Id=1,Protocol=c021,EventType=0,fAuth=0 > [1108] 18:10:34:734: Packet received (31 bytes) for hPort 5 > [348] 18:10:34:734: >PPP packet received at 10/06/2000 15:10:34:734 > [348] 18:10:34:734: >Protocol = LCP, Type = Configure-Req, Length = 0x1f, Id > = 0x1, Port = 5 > [348] 18:10:34:734: >C0 21 01 01 00 1D 08 02 07 02 02 06 00 00 00 00 > |.!..............| > [348] 18:10:34:734: >01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 > |......$..<...#..| > [348] 18:10:34:734: > [348] 18:10:34:734: [348] 18:10:34:734: = 0x1, Port = 5 > [348] 18:10:34:734: |.!..............| > [348] 18:10:34:734: <01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 > |......$..<...#..| > [348] 18:10:34:734: > [348] 18:10:35:390: Recv timeout event received for > portid=26,Id=1,Protocol=c021,fAuth=0 > [348] 18:10:35:390: [348] 18:10:35:390: = 0x2, Port = 5 > [348] 18:10:35:390: |.!.......P. at ....| > [348] 18:10:35:390: > [348] 18:10:35:390: InsertInTimerQ called > portid=26,Id=2,Protocol=c021,EventType=0,fAuth=0 > [1108] 18:10:37:750: Packet received (31 bytes) for hPort 5 > [348] 18:10:37:750: >PPP packet received at 10/06/2000 15:10:37:750 > [348] 18:10:37:750: >Protocol = LCP, Type = Configure-Req, Length = 0x1f, Id > = 0x1, Port = 5 > [348] 18:10:37:750: >C0 21 01 01 00 1D 08 02 07 02 02 06 00 00 00 00 > |.!..............| > [348] 18:10:37:750: >01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 > |......$..<...#..| > [348] 18:10:37:750: > [348] 18:10:37:750: [348] 18:10:37:750: = 0x1, Port = 5 > [348] 18:10:37:750: |.!..............| > [348] 18:10:37:750: <01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 > |......$..<...#..| > [348] 18:10:37:750: > [348] 18:10:39:390: Recv timeout event received for > portid=26,Id=2,Protocol=c021,fAuth=0 > [348] 18:10:39:390: [348] 18:10:39:390: = 0x3, Port = 5 > [348] 18:10:39:390: |.!.......P. at ....| > [348] 18:10:39:390: > [348] 18:10:39:390: InsertInTimerQ called > portid=26,Id=3,Protocol=c021,EventType=0,fAuth=0 > [1108] 18:10:40:765: Packet received (31 bytes) for hPort 5 > [348] 18:10:40:765: >PPP packet received at 10/06/2000 15:10:40:765 > [348] 18:10:40:765: >Protocol = LCP, Type = Configure-Req, Length = 0x1f, Id > = 0x1, Port = 5 > [348] 18:10:40:765: >C0 21 01 01 00 1D 08 02 07 02 02 06 00 00 00 00 > |.!..............| > [348] 18:10:40:765: >01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 > |......$..<...#..| > [348] 18:10:40:765: > [348] 18:10:40:765: [348] 18:10:40:765: = 0x1, Port = 5 > [348] 18:10:40:765: |.!..............| > [348] 18:10:40:765: <01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 > |......$..<...#..| > [348] 18:10:40:765: > [348] 18:10:43:390: Recv timeout event received for > portid=26,Id=3,Protocol=c021,fAuth=0 > [348] 18:10:43:390: [348] 18:10:43:390: = 0x4, Port = 5 > [348] 18:10:43:390: |.!.......P. at ....| > [348] 18:10:43:390: > [348] 18:10:43:390: InsertInTimerQ called > portid=26,Id=4,Protocol=c021,EventType=0,fAuth=0 > [1108] 18:10:43:781: Packet received (31 bytes) for hPort 5 > [348] 18:10:43:796: >PPP packet received at 10/06/2000 15:10:43:796 > [348] 18:10:43:796: >Protocol = LCP, Type = Configure-Req, Length = 0x1f, Id > = 0x1, Port = 5 > [348] 18:10:43:796: >C0 21 01 01 00 1D 08 02 07 02 02 06 00 00 00 00 > |.!..............| > [348] 18:10:43:796: >01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 > |......$..<...#..| > [348] 18:10:43:796: > [348] 18:10:43:796: [348] 18:10:43:796: = 0x1, Port = 5 > [348] 18:10:43:796: |.!..............| > [348] 18:10:43:796: <01 04 05 DC 05 06 24 E7 9D 3C 03 05 C2 23 05 00 > |......$..<...#..| > [348] 18:10:43:796: > [1108] 18:10:46:843: PPPEMSG_LineDown recvd, hPort=5 > > [348] 18:10:46:859: Line down event occurred on port 5 > [348] 18:10:46:890: FsmDown event received for protocol c021 on port 5 > [348] 18:10:46:890: RemoveFromTimerQ called > portid=26,Id=4,Protocol=c021,EventType=0,fAuth=0 > [348] 18:10:46:890: FsmReset called for protocol = c021, port = 5 > [348] 18:10:46:890: RemoveFromTimerQ called > portid=26,Id=0,Protocol=0,EventType=3,fAuth=0 > [348] 18:10:46:890: RemoveFromTimerQ called > portid=26,Id=0,Protocol=0,EventType=1,fAuth=0 > [348] 18:10:46:890: RemoveFromTimerQ called > portid=26,Id=0,Protocol=c029,EventType=0,fAuth=0 > [348] 18:10:46:890: LcpEnd > [348] 18:10:46:890: NotifyCaller(hPort=5, dwMsgId=23) > [348] 18:10:46:890: NotifyCaller(hPort=5, dwMsgId=10) > > Very sorry about my big mail. > > Best regards. > Detelin > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From david_luyer at pacific.net.au Fri Oct 6 10:36:30 2000 From: david_luyer at pacific.net.au (David Luyer) Date: Sat, 07 Oct 2000 02:36:30 +1100 Subject: [pptp-server] Patchs In-Reply-To: Message from matthewr@moreton.com.au (Matthew Ramsay) of "Thu, 05 Oct 2000 15:29:48 MDT." <024801c02f13$660bb020$0300a8c0@lineo> References: <000401c02f04$e5c7dff0$5f020a0a@carlislefsp.com> <024801c02f13$660bb020$0300a8c0@lineo> Message-ID: <200010061536.e96FaU401763@typhaon.pacific.net.au> > Anyone who has a patch for PoPToP please email to me at: > matthewr at lineo.com and I will put them on the new downloads page on the > official site... patches may include scripts to help monitor PoPToP... > patches for PPP... patches to make it run with BSD etc... anything you think > relevant. Attached is a short perl script to kill the older pptpd from the same IP address. This happens when people try to NAT pptp behind an unsuspecting Windows NAT program, and was the cause of almost all the out-of-sequence GRE packets I diagnosed when watching a recent deployment. David. -------------- next part -------------- A non-text attachment was scrubbed... Name: kill-dup-pptpd.pl Type: application/x-perl Size: 812 bytes Desc: kill-dup-pptpd.pl URL: -------------- next part -------------- ---------------------------------------------- David Luyer Senior Network Engineer Pacific Internet (Aust) Pty Ltd Phone: +61 3 9674 7525 Fax: +61 3 9699 8693 Mobile: +61 4 1064 2258, +61 4 1114 2258 http://www.pacific.net.au NASDAQ: PCNTF << fast 'n easy >> ---------------------------------------------- From pptp at szczepanek.de Fri Oct 6 11:57:39 2000 From: pptp at szczepanek.de (Torge Szczepanek) Date: Fri, 6 Oct 2000 18:57:39 +0200 Subject: [pptp-server] Patchs References: <90769AF04F76D41186C700A0C90AFC3EE54C@defiant.infohiiway.com> Message-ID: <012c01c02fb6$9b10d9a0$02ffa8c0@maus.net> Hi! > I don't know if anyone has created a MPPE patch for ppp-2.3.11. So if this > has already been done, then you can ignore the rest of this e-mail. If not, > I thought I would contribute my efforts. There is a nice working patch for ppp-2.3.11 at: ftp://ftp.binarix.com/pub/ppp-mppe/ Torge Szczepanek pptp at szczepanek.de From natecars at real-time.com Fri Oct 6 12:11:14 2000 From: natecars at real-time.com (Nate Carlson) Date: Fri, 6 Oct 2000 12:11:14 -0500 (CDT) Subject: [pptp-server] network neighborhood HELP!!! In-Reply-To: <4.2.0.58.J.20001006172846.00b0d3d0@mail.silveregg.co.jp> Message-ID: On Fri, 6 Oct 2000, Alan Chung wrote: > I think I got so close but there was still a bit (big?) problem. > > Now I can dial up to my internal VPN server (running PopTop server on a > Linux box) from a EXTERNAL window 98 client without any problem, the > connection seems there (ppp0 connection showed by ifconfig with a remote > IP, let's say 192.168.0.10), and I can ping from any internal machine to > 192.168.0.10. But now I have two major problems: > > 1. I can't ping from that win98 VPN client to any remote internal machine. > (I even tried to add a route for 192.168.0.10 on VPN server). Does it > mean that the ipchains firewalling rules is not correctly setup yet? But > pinging is not a problem except this though. I can ping to/from anywhere > except this. Sounds like it. > 2. I am not able to see/browse any internal machine in network > neighbothood. (I have set up /etc/ppp/options with ms-wins and ms-dns in > it to specify WINS server, which is also a NT PDC internally). If you cannot ping, you probably can't get other traffic over the link.. are you sure you have ip forwarding, etc enabled? can you show us your firewall rules? > Please give me some advice if anybody knows or has the same experience. > > Thanks in advance. > > Alan -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From dosachoff at hotmail.com Fri Oct 6 12:52:36 2000 From: dosachoff at hotmail.com (Derek Osachoff) Date: Fri, 06 Oct 2000 10:52:36 PDT Subject: AW: [pptp-server] Can't find Compress-18 mod Message-ID: Looks like I don't have it installed... >do a 'modprobe -l | grep ppp_mppe' >This will tell you whether the modules were installed correctly. came back to the prompt - not found >If there is an entry, >try doing 'modprobe -v ppp_mppe' Came back with "modprobe: Can't locate module ppp_mppe" >if that works, try 'lsmod' to see all the modules currently loaded.... this gave me a list of my modules loaded. None were ppp_mppe bsd_comp ppp_deflate Looks like none are loading..What can I do to get them loaded? What did I miss when loading pptpd? I followed the directions (I even have installed this on different systems). Thanks again. Derek > >all the best. >cheers, >faisal > >On Thu, 05 Oct 2000, you wrote: > > I have my conf.modules file setup like that. And I still have the same > > compress-18 problem. > > > > How can I make sure that the module is loaded/present?? > > > > Derek > > > > > > > > > >hi derek! > > > > > >all you have to do is, to add the following line in your >/etc/conf.modules > > > > > >alias ppp-compress-18 ppp_mppe > > > > > >regards, > > > > > >dragan > > > > > >-----Urspr?ngliche Nachricht----- > > >Von: Derek Osachoff [mailto:dosachoff at hotmail.com] > > >Gesendet: Donnerstag, 05. Oktober 2000 01:09 > > >An: pptp-server at lists.schulte.org > > >Betreff: Re: [pptp-server] Can't find Compress-18 mod > > > > > > > > >hmm.. You would think I would have done that. > > > > > >What I just tried: > > > > > >[cd /usr/src/linux] > > > > > >[make modules SUBDIRS=drivers/net] *works > > > > > >[make modules_install] *no responce just back to prompt > > > > > >And I am still getting those errors when I am connecting. > > > > > >[ modprobe: modprobe: Can't locate module ppp-compress-18 > > >[ last message repeated 8 times > > > > > >Any other ideas? > > > > > >Thanks, > > >Derek > > > > > > >you may need to run the command > > > >#make install_modules > > > > > > > >'note the underscore > > > > > > > >----- Original Message ----- > > > >From: "Derek Osachoff" > > > >To: > > > >Sent: Wednesday, October 04, 2000 5:43 PM > > > >Subject: [pptp-server] Can't find Compress-18 mod > > > > > > > > > > > > > I have the pptpd setup on a > > > > > > > > > > Red Hat 6.2, 2.2.14 kernel > > > > > ppp-2.3.11 > > > > > pptpd-1.1.2 > > > > > SSLeay-0.9.0b > > > > > ppp-2.3.10-openssl-norc4-mppe.patch (changes by R Blauvelt) > > > > > > > > > > I keep having the reoccuring error in my syslog about the >Compress-18 > > > >not > > > > > being found. I do have it in the conf.modules file. I tried to run > > > > > 'insmod ppp_mppe' but it can not find the module. I have found the >c > > > >file > > > > > in the /usr/src/linux-2.2.14/drivers/net directory. > > > > > > > > > > How can I ensure that it is loading/installed? > > > > > > > > > > Any feedback would be nice. > > > > > > > > > > Derek > > > > > > > > > >_________________________________________________________________________ > > > > > Get Your Private, Free E-mail from MSN Hotmail at > > > >http://www.hotmail.com. > > > > > > > > > > Share information about yourself, create your own public profile >at > > > > > http://profiles.msn.com. > > > > > > > > > > _______________________________________________ > > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > > List services provided by www.schulteconsulting.com! > > > > > > > > > > >_________________________________________________________________________ > > >Get Your Private, Free E-mail from MSN Hotmail at >http://www.hotmail.com. > > > > > >Share information about yourself, create your own public profile at > > >http://profiles.msn.com. > > > > > >_______________________________________________ > > >pptp-server maillist - pptp-server at lists.schulte.org > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > >List services provided by www.schulteconsulting.com! > > > > > >_______________________________________________ > > >pptp-server maillist - pptp-server at lists.schulte.org > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > >List services provided by www.schulteconsulting.com! > > > > >_________________________________________________________________________ > > Get Your Private, Free E-mail from MSN Hotmail at >http://www.hotmail.com. > > > > Share information about yourself, create your own public profile at > > http://profiles.msn.com. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! >-- >******** W A R N I N G ! ****************************************** >Linux should not be used by those under the influence of MicroSoft. >May cause dizziness or vertigo. Consult your tech support before >using Linux. (note--after using Linux, you may notice extreme >discomfort when using MicroSoft. Discontinue use of MicroSoft.) >************************************** W A R N I N G ! ************ _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From dosachoff at hotmail.com Fri Oct 6 13:00:09 2000 From: dosachoff at hotmail.com (Derek Osachoff) Date: Fri, 06 Oct 2000 11:00:09 PDT Subject: AW: [pptp-server] Can't find Compress-18 mod Message-ID: I didn't find the .o file but I did fine the .c file /usr/src/linux-2.2.14/drivers/net/ppp_mppe.c I definetly have missed something here.. What is the best next step? Recompiling and patching? [I am starting to wish for the magical rpm with all the patches loaded :P ] Cheers, Derek > > I have my conf.modules file setup like that. And I still have the same > > compress-18 problem. > > > > How can I make sure that the module is loaded/present?? > >I think you don't have sucessfully compiled your ppp_mppe.o Module. > >Check whether it is present in /lib/modules/2.2.14/net or in the kernel >tree >/usr/src/linux/drivers/net > >Is there somewhere a ppp_mppe.o file? > >Torge Szczepanek torge at szczepanek.de http://www.szczepanek.de/ > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From natecars at real-time.com Fri Oct 6 12:14:10 2000 From: natecars at real-time.com (Nate Carlson) Date: Fri, 6 Oct 2000 12:14:10 -0500 (CDT) Subject: [pptp-server] NIC In-Reply-To: <4.2.0.58.J.20001006195928.00af9b80@mail.silveregg.co.jp> Message-ID: On Fri, 6 Oct 2000, Alan Chung wrote: > Do I need to have two network interfaces even on an internal VPN > server? If the server is staying internally, one interface sounds good for me. The reason you would want two NIC's would be if this machine was a border firewall, eg: ---------- ------------ | Client |-*internet*-| PPTP Svr |-*internal network* ---------- ------------ If your config looks like.. ---------- ------------ ------------ | Client |-*internet*-| Firewall |-*internal network*-| PPTP Svr | ---------- ------------ ------------ ..and the firewall forwards incoming PPTP requests to the internal PPTP server, no, you would only need a single NIC. Might need some funky ip forwarding, though.. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From jbnance at tresgeek.net Fri Oct 6 15:58:32 2000 From: jbnance at tresgeek.net (Jason Bradley Nance) Date: Fri, 6 Oct 2000 15:58:32 -0500 (CDT) Subject: [pptp-server] ppp-mppe module not compiling...? Message-ID: <2650.4.3.32.252.970865912.squirrel@www.tresgeek.net> Hello everyone. I followed the Redhat-howto for PPTP and I don't have a ppp-mppe module. Anything off the top of your heads I did wrong? I didn't compile PPP as a module, I put it in the kernel. Or is there some way I can compile it by hand? Thanks. j From dosachoff at hotmail.com Fri Oct 6 16:56:37 2000 From: dosachoff at hotmail.com (Derek Osachoff) Date: Fri, 06 Oct 2000 14:56:37 PDT Subject: [pptp-server] ppp-mppe module not compiling...? Message-ID: Did you not download: ppp-2.3.10-openssl-norc4-mppe.patch SSLeay-0.9.0b.tar.gz ? then follow the steps to compile the patch into ppp? Reason I ask is that I may be having a similar issue. Where I get the modprobe: can't locate module ppp-compress-18 message in my syslog (reapeating). I can't seem to get the module ppp_mppe installed correctly. If this is a similar problem I maybe be able to help (especially if I figure this out). derek >Hello everyone. I followed the Redhat-howto for PPTP and I don't have a >ppp-mppe module. Anything off the top of your heads I did wrong? I didn't >compile PPP as a module, I put it in the kernel. Or is there some way I >can >compile it by hand? > >Thanks. > >j > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. From christopher at schulte.org Fri Oct 6 17:25:40 2000 From: christopher at schulte.org (Christopher Schulte) Date: Fri, 06 Oct 2000 17:25:40 -0500 Subject: [pptp-server] Fwd: Re: pptp with samba Message-ID: <5.0.0.25.2.20001006172443.020808e0@pop.schulte.org> One of two messages that were not sent to the list from today, due to emergency server maintnance. >From: "Philip Van Baren" >To: >Subject: Re: pptp with samba >Date: Fri, 6 Oct 2000 15:32:16 -0400 >X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 >Importance: Normal >Lines: 13 > >I documented the procedure that I used to set up my pptpd server with >encryption, firewall, masquerading, and windows networking/browsing all >working: > >http://www.vibrationresearch.com/pptpd/example.html > >As this is just a documentation of my configuration, I didn't bother trying >to explain alternate options. But, if your setup is the similar to mine it >should get you a working server. (My setup is a Linux box running RedHat >6.1, connected to a DSL line, doing IP masquerading and firewall for the >local network, and running samba and pptpd.) > >Phil -- Christopher Schulte | christopher at schulte.org cell:612.986.4859 | home:651.225.4557 | fax: 651.315.3339 page:612.264.1115 | free:877.271.9245 | site: schulte.org - http://noc.schulte.org/ - Network Information http://www.schulteconsulting.com/ - Consulting From christopher at schulte.org Fri Oct 6 17:25:56 2000 From: christopher at schulte.org (Christopher Schulte) Date: Fri, 06 Oct 2000 17:25:56 -0500 Subject: [pptp-server] Fwd: Troubles with PoPToP and OpenBSD Message-ID: <5.0.0.25.2.20001006172547.02074040@pop.schulte.org> Two of two messages that were not sent to the list from today, due to emergency server maintnance. >Date: Fri, 6 Oct 2000 13:36:32 -0700 (PDT) >From: David Bauer Christensen >To: pptp-server at lists.schulte.org >cc: matthewr at moreton.com.au >Subject: Troubles with PoPToP and OpenBSD > >Hello all, > > I am having a fair amount of trouble getting Windows clients > (w98se &nt4) to connect to my obsd VPN/FW via pptp. Below I have > detailed my configuration and the log entries for connection attempts. > > Any help would be GREATLY appreciated. > > Thanks, > > dbc > > >Server (bauer): > >Pentium Pro 180 w/ 128MB >OpenBSD 2.7 GENERIC#25 i386 >pptpd (PoPToP v1.0.1) >ppp (v2.3.5) > >Clients: > >XX.XXX.XX.155 >Pentium II 366 w/ 128MB (Compaq Presario 1825) >Windows 98 SE w/ all current MS updates > > >XX.XXX.XX.154 >Pentium II 266 w/ 64MB (Dell Dimension XPS D266) >Windows NT 4.0 Server w/ SP6 and all current MS updates > > >The entry in /var/log/daemon for a connection attempt from Win98 SE: > >Oct 6 03:09:10 bauer pptpd[21226]: CTRL: Client XX.XXX.XX.155 control >connection started >Oct 6 03:09:10 bauer pptpd[21226]: CTRL: Starting call (launching pppd, >opening GRE) >Oct 6 03:09:38 bauer pptpd[21226]: CTRL: Error with select(), quitting >Oct 6 03:09:38 bauer pptpd[21226]: CTRL: Client XX.XXX.XX.155 control >connection finished > > >After playing around with bauer:/etc/pptpd.conf some: > >Oct 6 12:24:46 bauer pptpd[29698]: CTRL: Client XX.XXX.XX.155 control >connection started >Oct 6 12:24:47 bauer pptpd[29698]: CTRL: Starting call (launching pppd, >opening GRE) >Oct 6 12:24:47 bauer pppd[11516]: pppd 2.3.5 started by dbc, uid 0 >Oct 6 12:24:47 bauer pppd[11516]: Using interface ppp0 >Oct 6 12:24:47 bauer pppd[11516]: Connect: ppp0 <--> /dev/ttyp1 >Oct 6 12:25:10 bauer isakmpd: transport_send_messages: giving up on >message 0xecb00 >Oct 6 12:25:17 bauer pptpd[29698]: CTRL: Error with select(), quitting >Oct 6 12:25:17 bauer pptpd[29698]: CTRL: Client XX.XXX.XX.155 control >connection finished >Oct 6 12:25:17 bauer pppd[11516]: Modem hangup >Oct 6 12:25:17 bauer pppd[11516]: Connection terminated. >Oct 6 12:25:17 bauer pppd[11516]: Exit. > > > > >The entry in /var/log/daemon for a connection attempt from NT 4.0: > >Oct 6 03:33:34 bauer pptpd[6355]: CTRL: Client XX.XXX.XX.154 control >connection started >Oct 6 03:33:34 bauer pptpd[6355]: CTRL: Starting call (launching pppd, >opening GRE) >Oct 6 03:34:04 bauer >pptpd[6355]: GRE: read(fd=4,buffer=654c,len=8196) from PTY failed: status >= 0 error = No error >Oct 6 03:34:04 bauer pptpd[6355]: CTRL: PTY read or GRE write failed >(pty,gre)=(4,5) >Oct 6 03:34:04 bauer pptpd[6355]: CTRL: Client XX.XXX.XX.154 control >connection finished/ > > >After playing around with bauer:/etc/pptpd.conf some: > >Oct 6 12:34:51 bauer pptpd[26346]: CTRL: Client XX.XXX.XX.154 control >connection started >Oct 6 12:34:51 bauer pptpd[26346]: CTRL: Starting call (launching pppd, >opening GRE) >Oct 6 12:34:51 bauer pppd[10875]: pppd 2.3.5 started by dbc, uid 0 >Oct 6 12:34:51 bauer pppd[10875]: Using interface ppp0 >Oct 6 12:34:51 bauer pppd[10875]: Connect: ppp0 <--> /dev/ttyp1 >Oct 6 12:35:10 bauer isakmpd: transport_send_messages: giving up on >message 0xecb00 >Oct 6 12:35:21 bauer pppd[10875]: LCP: timeout sending Config-Requests >Oct 6 12:35:21 bauer pppd[10875]: Connection terminated. >Oct 6 12:35:21 bauer pppd[10875]: Exit. >Oct 6 12:35:21 bauer >pptpd[26346]: GRE: read(fd=4,buffer=654c,len=8196) from PTY failed: status >= 0 error = No error >Oct 6 12:35:21 bauer pptpd[26346]: CTRL: PTY read or GRE write failed >(pty,gre)=(4,5) >Oct 6 12:35:21 bauer pptpd[26346]: CTRL: Client XX.XXX.XX.154 control >connection finished > > > >bauer:/etc/pptpd.conf: > >speed 115200 >debug >localip 192.168.0.234-238,192.168.0.245 >remoteip XX.XXX.XX.154-158,192.168.1.245 > > >bauer:/etc/ppp/options: > >debug >name bauer >#auth >#require-chap >proxyarp > > >bauer:/etc/ppp/ppp.conf: > ># >default: > set log Phase Chat LCP IPCP CCP tun command > set speed 115200 > >pptp: > enable chap > enable proxy > set ifaddr 192.168.0.1 192.168.0.200 255.255.255.255 > > >bauer:/etc/ppp/chap-secrets: > ># Secrets for authentication using CHAP ># client server secret IP addresses >beastie bauer tastie * > > >--------------------------------------------------------------------------- -- Christopher Schulte | christopher at schulte.org cell:612.986.4859 | home:651.225.4557 | fax: 651.315.3339 page:612.264.1115 | free:877.271.9245 | site: schulte.org - http://noc.schulte.org/ - Network Information http://www.schulteconsulting.com/ - Consulting From dbc at destro.newdream.net Fri Oct 6 17:44:19 2000 From: dbc at destro.newdream.net (David Bauer Christensen) Date: Fri, 6 Oct 2000 15:44:19 -0700 (PDT) Subject: [pptp-server] Fwd: Troubles with PoPToP and OpenBSD Message-ID: Hello again, I read a lot of the mailing list after sending off my message... I recompiled pptpd v1.0.1 with "--with-bsdppp" & "--with-pppd-ip-alloc". Also I am now using the following in the options file. A lot more is happening now, dbc /etc/ppp/options: auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp name bauer with WIN98SE: Oct 6 14:27:42 bauer pptpd[25128]: CTRL: Client 63.200.33.155 control connection started Oct 6 14:27:42 bauer pptpd[25128]: CTRL: Starting call (launching pppd, opening GRE) Oct 6 14:27:42 bauer ppp[11963]: Phase: Using interface: tun0 Oct 6 14:27:42 bauer ppp[11963]: Phase: deflink: Created in closed state Oct 6 14:27:42 bauer ppp[11963]: tun0: Command: default: set speed 115200 Oct 6 14:27:42 bauer ppp[11963]: tun0: Command: pptp: enable chap Oct 6 14:27:42 bauer ppp[11963]: tun0: Command: pptp: enable proxy Oct 6 14:27:42 bauer ppp[11963]: tun0: Command: pptp: set ifaddr 192.168.0.1 192.168.0.200 255.255.255.255 Oct 6 14:27:42 bauer ppp[11963]: tun0: Phase: PPP Started (direct mode). Oct 6 14:27:42 bauer ppp[11963]: tun0: Phase: bundle: Establish Oct 6 14:27:42 bauer ppp[11963]: tun0: Phase: deflink: closed -> opening Oct 6 14:27:42 bauer ppp[11963]: tun0: Phase: deflink: Connected! Oct 6 14:27:42 bauer ppp[11963]: tun0: Phase: deflink: opening -> carrier Oct 6 14:27:42 bauer ppp[11963]: tun0: Phase: deflink: carrier -> lcp Oct 6 14:27:42 bauer ppp[11963]: tun0: LCP: FSM: Using "deflink" as a transport Oct 6 14:27:42 bauer ppp[11963]: tun0: LCP: deflink: State change Initial --> Closed Oct 6 14:27:42 bauer ppp[11963]: tun0: LCP: deflink: State change Closed --> Stopped Oct 6 14:27:43 bauer ppp[11963]: tun0: LCP: deflink: LayerStart Oct 6 14:27:43 bauer ppp[11963]: tun0: LCP: deflink: SendConfigReq(1) state = Stopped Oct 6 14:27:43 bauer ppp[11963]: tun0: LCP: ACFCOMP[2] Oct 6 14:27:43 bauer ppp[11963]: tun0: LCP: PROTOCOMP[2] Oct 6 14:27:43 bauer ppp[11963]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 14:27:43 bauer ppp[11963]: tun0: LCP: MRU[4] 1500 Oct 6 14:27:43 bauer ppp[11963]: tun0: LCP: MAGICNUM[6] 0x2f1a9e71 Oct 6 14:27:43 bauer ppp[11963]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 14:27:43 bauer ppp[11963]: tun0: LCP: deflink: State change Stopped --> Req-Sent Oct 6 14:27:46 bauer ppp[11963]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 14:27:46 bauer ppp[11963]: tun0: LCP: ACFCOMP[2] Oct 6 14:27:46 bauer ppp[11963]: tun0: LCP: PROTOCOMP[2] Oct 6 14:27:46 bauer ppp[11963]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 14:27:46 bauer ppp[11963]: tun0: LCP: MRU[4] 1500 Oct 6 14:27:46 bauer ppp[11963]: tun0: LCP: MAGICNUM[6] 0x2f1a9e71 Oct 6 14:27:46 bauer ppp[11963]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 14:27:49 bauer ppp[11963]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 14:27:49 bauer ppp[11963]: tun0: LCP: ACFCOMP[2] Oct 6 14:27:49 bauer ppp[11963]: tun0: LCP: PROTOCOMP[2] Oct 6 14:27:49 bauer ppp[11963]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 14:27:49 bauer ppp[11963]: tun0: LCP: MRU[4] 1500 Oct 6 14:27:49 bauer ppp[11963]: tun0: LCP: MAGICNUM[6] 0x2f1a9e71 Oct 6 14:27:49 bauer ppp[11963]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 14:27:52 bauer ppp[11963]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 14:27:52 bauer ppp[11963]: tun0: LCP: ACFCOMP[2] Oct 6 14:27:52 bauer ppp[11963]: tun0: LCP: PROTOCOMP[2] Oct 6 14:27:52 bauer ppp[11963]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 14:27:52 bauer ppp[11963]: tun0: LCP: MRU[4] 1500 Oct 6 14:27:52 bauer ppp[11963]: tun0: LCP: MAGICNUM[6] 0x2f1a9e71 Oct 6 14:27:52 bauer ppp[11963]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 14:27:55 bauer ppp[11963]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 14:27:55 bauer ppp[11963]: tun0: LCP: ACFCOMP[2] Oct 6 14:27:55 bauer ppp[11963]: tun0: LCP: PROTOCOMP[2] Oct 6 14:27:55 bauer ppp[11963]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 14:27:55 bauer ppp[11963]: tun0: LCP: MRU[4] 1500 Oct 6 14:27:55 bauer ppp[11963]: tun0: LCP: MAGICNUM[6] 0x2f1a9e71 Oct 6 14:27:55 bauer ppp[11963]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 14:27:58 bauer ppp[11963]: tun0: LCP: deflink: LayerFinish Oct 6 14:27:58 bauer ppp[11963]: tun0: LCP: deflink: State change Req-Sent --> Stopped Oct 6 14:27:58 bauer ppp[11963]: tun0: LCP: deflink: State change Stopped --> Closed Oct 6 14:27:58 bauer ppp[11963]: tun0: LCP: deflink: State change Closed --> Initial Oct 6 14:27:58 bauer ppp[11963]: tun0: Phase: deflink: Disconnected! Oct 6 14:27:58 bauer pptpd[25128]: GRE: read(fd=6,buffer=6544,len=8196) from PTY failed: status = 0 error = No error Oct 6 14:27:58 bauer ppp[11963]: tun0: Phase: deflink: Connect time: 16 secs: 0 octets in, 305 octets out Oct 6 14:27:58 bauer pptpd[25128]: CTRL: PTY read or GRE write failed (pty,gre)=(6,5) Oct 6 14:27:58 bauer ppp[11963]: tun0: Phase: total 19 bytes/sec, peak 24 bytes/sec on Fri Oct 6 14:27:46 2000 Oct 6 14:27:58 bauer pptpd[25128]: CTRL: Client 63.200.33.155 control connection finished Oct 6 14:27:58 bauer ppp[11963]: tun0: Phase: deflink: lcp -> closed Oct 6 14:27:58 bauer ppp[11963]: tun0: Phase: bundle: Dead Oct 6 14:27:58 bauer ppp[11963]: tun0: Phase: PPP Terminated (normal). WITH WIN NT 4.0: Oct 6 14:32:44 bauer pptpd[18586]: CTRL: Client 63.200.33.154 control connection started Oct 6 14:32:44 bauer pptpd[18586]: CTRL: Starting call (launching pppd, opening GRE) Oct 6 14:32:44 bauer ppp[2153]: Phase: Using interface: tun0 Oct 6 14:32:44 bauer ppp[2153]: Phase: deflink: Created in closed state Oct 6 14:32:44 bauer ppp[2153]: tun0: Command: default: set speed 115200 Oct 6 14:32:44 bauer ppp[2153]: tun0: Command: pptp: enable chap Oct 6 14:32:44 bauer ppp[2153]: tun0: Command: pptp: enable proxy Oct 6 14:32:44 bauer ppp[2153]: tun0: Command: pptp: set ifaddr 192.168.0.1 192.168.0.200 255.255.255.255 Oct 6 14:32:44 bauer ppp[2153]: tun0: Phase: PPP Started (direct mode). Oct 6 14:32:45 bauer ppp[2153]: tun0: Phase: bundle: Establish Oct 6 14:32:45 bauer ppp[2153]: tun0: Phase: deflink: closed -> opening Oct 6 14:32:45 bauer ppp[2153]: tun0: Phase: deflink: Connected! Oct 6 14:32:45 bauer ppp[2153]: tun0: Phase: deflink: opening -> carrier Oct 6 14:32:45 bauer ppp[2153]: tun0: Phase: deflink: carrier -> lcp Oct 6 14:32:45 bauer ppp[2153]: tun0: LCP: FSM: Using "deflink" as a transport Oct 6 14:32:45 bauer ppp[2153]: tun0: LCP: deflink: State change Initial --> Closed Oct 6 14:32:45 bauer ppp[2153]: tun0: LCP: deflink: State change Closed --> Stopped Oct 6 14:32:46 bauer ppp[2153]: tun0: LCP: deflink: LayerStart Oct 6 14:32:46 bauer ppp[2153]: tun0: LCP: deflink: SendConfigReq(1) state = Stopped Oct 6 14:32:46 bauer ppp[2153]: tun0: LCP: ACFCOMP[2] Oct 6 14:32:46 bauer ppp[2153]: tun0: LCP: PROTOCOMP[2] Oct 6 14:32:46 bauer ppp[2153]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 14:32:46 bauer ppp[2153]: tun0: LCP: MRU[4] 1500 Oct 6 14:32:46 bauer ppp[2153]: tun0: LCP: MAGICNUM[6] 0x30fdcc54 Oct 6 14:32:46 bauer ppp[2153]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 14:32:46 bauer ppp[2153]: tun0: LCP: deflink: State change Stopped --> Req-Sent Oct 6 14:32:49 bauer ppp[2153]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 14:32:49 bauer ppp[2153]: tun0: LCP: ACFCOMP[2] Oct 6 14:32:49 bauer ppp[2153]: tun0: LCP: PROTOCOMP[2] Oct 6 14:32:49 bauer ppp[2153]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 14:32:49 bauer ppp[2153]: tun0: LCP: MRU[4] 1500 Oct 6 14:32:49 bauer ppp[2153]: tun0: LCP: MAGICNUM[6] 0x30fdcc54 Oct 6 14:32:49 bauer ppp[2153]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 14:32:52 bauer ppp[2153]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 14:32:52 bauer ppp[2153]: tun0: LCP: ACFCOMP[2] Oct 6 14:32:52 bauer ppp[2153]: tun0: LCP: PROTOCOMP[2] Oct 6 14:32:52 bauer ppp[2153]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 14:32:52 bauer ppp[2153]: tun0: LCP: MRU[4] 1500 Oct 6 14:32:52 bauer ppp[2153]: tun0: LCP: MAGICNUM[6] 0x30fdcc54 Oct 6 14:32:52 bauer ppp[2153]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 14:32:55 bauer ppp[2153]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 14:32:55 bauer ppp[2153]: tun0: LCP: ACFCOMP[2] Oct 6 14:32:55 bauer ppp[2153]: tun0: LCP: PROTOCOMP[2] Oct 6 14:32:55 bauer ppp[2153]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 14:32:55 bauer ppp[2153]: tun0: LCP: MRU[4] 1500 Oct 6 14:32:55 bauer ppp[2153]: tun0: LCP: MAGICNUM[6] 0x30fdcc54 Oct 6 14:32:55 bauer ppp[2153]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 14:32:58 bauer ppp[2153]: tun0: LCP: deflink: SendConfigReq(1) state = Req-Sent Oct 6 14:32:58 bauer ppp[2153]: tun0: LCP: ACFCOMP[2] Oct 6 14:32:58 bauer ppp[2153]: tun0: LCP: PROTOCOMP[2] Oct 6 14:32:58 bauer ppp[2153]: tun0: LCP: ACCMAP[6] 0x00000000 Oct 6 14:32:58 bauer ppp[2153]: tun0: LCP: MRU[4] 1500 Oct 6 14:32:58 bauer ppp[2153]: tun0: LCP: MAGICNUM[6] 0x30fdcc54 Oct 6 14:32:58 bauer ppp[2153]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 6 14:33:01 bauer ppp[2153]: tun0: LCP: deflink: LayerFinish Oct 6 14:33:01 bauer ppp[2153]: tun0: LCP: deflink: State change Req-Sent --> Stopped Oct 6 14:33:01 bauer ppp[2153]: tun0: LCP: deflink: State change Stopped --> Closed Oct 6 14:33:01 bauer ppp[2153]: tun0: LCP: deflink: State change Closed --> Initial Oct 6 14:33:01 bauer ppp[2153]: tun0: Phase: deflink: Disconnected! Oct 6 14:33:01 bauer pptpd[18586]: GRE: read(fd=6,buffer=6544,len=8196) from PTY failed: status = 0 error = No error Oct 6 14:33:01 bauer ppp[2153]: tun0: Phase: deflink: Connect time: 16 secs: 0 octets in, 300 octets out Oct 6 14:33:01 bauer pptpd[18586]: CTRL: PTY read or GRE write failed (pty,gre)=(6,5) Oct 6 14:33:01 bauer ppp[2153]: tun0: Phase: total 18 bytes/sec, peak 24 bytes/sec on Fri Oct 6 14:32:49 2000 Oct 6 14:33:01 bauer pptpd[18586]: CTRL: Client 63.200.33.154 control connection finished Oct 6 14:33:01 bauer ppp[2153]: tun0: Phase: deflink: lcp -> closed Oct 6 14:33:01 bauer ppp[2153]: tun0: Phase: bundle: Dead Oct 6 14:33:01 bauer ppp[2153]: tun0: Phase: PPP Terminated (normal). Oct 6 14:33:12 bauer isakmpd: transport_send_messages: giving up on message 0xecb00 --------------------------------------------------------------------------- Machines have less problems. I'd like to be a machine. -- Andy Warhol Yeah Right!!! From JKreger at cicteam.com Fri Oct 6 18:36:17 2000 From: JKreger at cicteam.com (Justin Kreger) Date: Fri, 6 Oct 2000 19:36:17 -0400 Subject: [pptp-server] radius auth Message-ID: <6B8A85826C35D31193BD0090278589C80FE64A@CIC-EXCHANGE> I'm wondering if anybody has gotten pppd to authenticate using a MS Radius server? I have pppd asking the MS radius server, but so far i have yet to get a client to be authorized using the radius server. Yet my Cisco 2600 works fine using the MS Radius server. -LW From d_batchovski at softhome.net Fri Oct 6 19:54:30 2000 From: d_batchovski at softhome.net (Detelin Batchovski) Date: Sat, 7 Oct 2000 03:54:30 +0300 Subject: [pptp-server] OpenBSD 2.7 pptpd strange GRE errors In-Reply-To: <00b901c02faa$2887ad20$6e00a8c0@prepar.lan> Message-ID: My configuration is: OpenBSD box: ep1 - 10.0.0.1 tun0 - dyn.ip Win2k box: 3c509b : 10.0.0.3 All of my ipf rules is on interface tun0. And also i disabled IPFilter, but results are equal. Best regards. Detelin -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Marc Charbonneau Sent: Friday, October 06, 2000 6:29 PM To: PoPToP Subject: Re: [pptp-server] OpenBSD 2.7 pptpd strange GRE errors >Oct 6 17:56:42 obsd pptpd[19079]: GRE: read(fd=5,buffer=6544,len=8196) from PTY failed: status = 0 error = No error It looks like your firewall is blocking input of protocol GRE (47). >Oct 6 17:56:42 obsd pptpd[19079]: CTRL: PTY read or GRE write failed (pty,gre)=(5,4) And it also block output of protocol GRE (47). You have to allow that proto for input and output ----- Original Message ----- From: Detelin Batchovski To: Sent: Friday, October 06, 2000 11:19 AM Subject: [pptp-server] OpenBSD 2.7 pptpd strange GRE errors From jbnance at tresgeek.net Fri Oct 6 19:52:26 2000 From: jbnance at tresgeek.net (Jason Bradley Nance) Date: Fri, 6 Oct 2000 19:52:26 -0500 (CDT) Subject: [pptp-server] Fwd: Re: pptp with samba In-Reply-To: <5.0.0.25.2.20001006172443.020808e0@pop.schulte.org> References: <5.0.0.25.2.20001006172443.020808e0@pop.schulte.org> Message-ID: <3836.4.3.32.252.970879946.squirrel@www.tresgeek.net> I followed the instructions exactly as they appear, and still no ppp_mppe module was built. I'm using Redhat 6.2 with kernel 2.2.17. =( Any suggestions? j >I documented the procedure that I used to set up my pptpd server with >encryption, firewall, masquerading, and windows networking/browsing all >working: > >http://www.vibrationresearch.com/pptpd/example.html > >As this is just a documentation of my configuration, I didn't bother trying >to explain alternate options. But, if your setup is the similar to mine it >should get you a working server. (My setup is a Linux box running RedHat >6.1, connected to a DSL line, doing IP masquerading and firewall for the >local network, and running samba and pptpd.) > >Phil From phil at vibrationresearch.com Fri Oct 6 22:18:39 2000 From: phil at vibrationresearch.com (Phil Van Baren) Date: Fri, 6 Oct 2000 23:18:39 -0400 Subject: [pptp-server] Re: pptp with samba Message-ID: <000501c0300d$49aa9cc0$56108318@bud.mw.mediaone.net> When configuring the kernel, try setting the ppp option to module (i.e. set to ). When I do this, I get the modules ppp.o, slhc.o, bsd_comp.o, ppp_mppe.o, ppp_compress.o in the directory /usr/src/linux/driver/net. I don't know what happens if you set the option to build it into the kernel (i.e. set to <*>) -- maybe it doesn't build all of the other ppp related items? Phil > I followed the instructions exactly as they appear, and still no ppp_mppe > module was built. I'm using Redhat 6.2 with kernel 2.2.17. =( > > Any suggestions? > > j > > >I documented the procedure that I used to set up my pptpd server with > >encryption, firewall, masquerading, and windows networking/browsing all > >working: > > > >http://www.vibrationresearch.com/pptpd/example.html > > From phil at vibrationresearch.com Sat Oct 7 11:31:07 2000 From: phil at vibrationresearch.com (Phil Van Baren) Date: Sat, 7 Oct 2000 12:31:07 -0400 Subject: [pptp-server] FAQ Message-ID: <000201c0307b$feb8abc0$56108318@bud.mw.mediaone.net> As I was looking through this mailing list, I realized that it is in desperate need of a FAQ. Many questions are asked repeatedly, and it appears that people are getting tired of answering the same questions, so many just get ignored. So, I took it upon myself to compile a FAQ. I began with massive plagiarism from the Troubleshooting section of the PoPToP-RedHat-HOWTO, and added many of the questions that I saw on this list. It seems to me that the main need is solutions for the various error messages that you may see in the log file, so I added a number of these error messages to the list. Many are still waiting for answers, but at least this is a start: http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt If you have more answers and/or questions to add to the FAQ, please email them to phil at vibrationresearch.com and I will try to compile a reasonable FAQ for this list. Phil From christopherandrew at ou.edu Sat Oct 7 11:37:45 2000 From: christopherandrew at ou.edu (Andy Worthington) Date: Sat, 7 Oct 2000 11:37:45 -0500 Subject: [pptp-server] src rpm Message-ID: <014501c0307d$0bd7a120$b72efea9@awlaptop> I was trying to download the src rpm file from poptop.lineo.com but the file is no longer there. Does someone have it up somewhere else or could email it to me. Thanks Andy -------------- next part -------------- An HTML attachment was scrubbed... URL: From pfolk at uni.uiuc.edu Sat Oct 7 19:31:45 2000 From: pfolk at uni.uiuc.edu (Peter Folk) Date: Sat, 7 Oct 2000 19:31:45 -0500 Subject: [pptp-server] OpenBSD PPTP problems solved! Message-ID: <033c01c030bf$234c3ea0$0100a8c0@BePC> The solution to using OpenBSD as a PPTP client is to disable GRE. I tried doing it using sysctl but that didn't work for me---I had to recompile the kernel with it disabled. Once I did that, everything worked perfectly. For the record, I had been having the problem of LCP messages timing out; the reason is that the GRE device was swallowing all the GRE packets sent from the modem (PPTP in this case is for DSL, with the PPTP between the gateway machine and the modem). I hope this helps some people! I was told this solution by Loic Tortay on the comp.unix.bsd.openbsd.misc newsgroup. Pete From jbnance at tresgeek.net Sat Oct 7 16:23:26 2000 From: jbnance at tresgeek.net (Jason Bradley Nance) Date: Sat, 7 Oct 2000 16:23:26 -0500 (CDT) Subject: [pptp-server] ppp_mppe.o Solved! Message-ID: <4273.4.3.32.252.970953806.squirrel@www.tresgeek.net> Hello everyone. The way that the patches are written for ppp_mppe causes them to only be compiled with ppp IF ppp is compiled as a module. All howto's should be updated to reflect this. Thanks. j From jbnance at tresgeek.net Sat Oct 7 17:14:05 2000 From: jbnance at tresgeek.net (Jason Bradley Nance) Date: Sat, 7 Oct 2000 17:14:05 -0500 (CDT) Subject: [pptp-server] Firewall issues... Message-ID: <4573.4.3.32.252.970956845.squirrel@www.tresgeek.net> Hello everyone... I read the FAQ, and it said that you needed to include: /sbin/ipchains -A forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.1.0/24 For SMB traffic. I did that, and I still can't get SMB working. As soon as I connect, my firewall starts spitting out errors denying connects on interface ppp0 for proto 17 by rule #34. How can I fix this? Thanks. j From david at solutionsfirst.net Sat Oct 7 18:43:15 2000 From: david at solutionsfirst.net (Dave Kempe) Date: Sun, 8 Oct 2000 09:43:15 +1000 Subject: [pptp-server] FAQ In-Reply-To: <000201c0307b$feb8abc0$56108318@bud.mw.mediaone.net> Message-ID: I've found that many many commmon browse list problems can be solved by the correct setup of wins. Note that all machines on the network have to point to the wins server, samba makes a decent wins server, and the clients need to use the wins server as well - specify that in options or in the client setup. May want to add that sort of thing into the section about lmhosts. dave > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Phil Van Baren > Sent: Sunday, 8 October 2000 2:31 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] FAQ > > > As I was looking through this mailing list, I realized that it is in > desperate need of a FAQ. Many questions are asked repeatedly, and it > appears that people are getting tired of answering the same questions, so > many just get ignored. > > So, I took it upon myself to compile a FAQ. I began with massive > plagiarism > from the Troubleshooting section of the PoPToP-RedHat-HOWTO, and > added many > of the questions that I saw on this list. It seems to me that > the main need > is solutions for the various error messages that you may see in the log > file, so I added a number of these error messages to the list. Many are > still waiting for answers, but at least this is a start: > http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt > > If you have more answers and/or questions to add to the FAQ, please email > them to phil at vibrationresearch.com and I will try to compile a reasonable > FAQ for this list. > > Phil > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jbnance at tresgeek.net Sat Oct 7 19:34:57 2000 From: jbnance at tresgeek.net (Jason Bradley Nance) Date: Sat, 7 Oct 2000 19:34:57 -0500 (CDT) Subject: [pptp-server] Firewall issues... More info... In-Reply-To: <4573.4.3.32.252.970956845.squirrel@www.tresgeek.net> References: <4573.4.3.32.252.970956845.squirrel@www.tresgeek.net> Message-ID: <1367.4.3.32.252.970965297.squirrel@www.tresgeek.net> My ipchains rule #34 says: /sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE 139 -d $EXTIP Where: $EXTIF is my external interface $UNIVERSE is 0.0.0.0/0 I know that that blocks all SMB traffic going out on the external interface, but shouldn't this rule (read AFTER that rule) allow it? And Proto 17 is UDP. How does that affect it? /sbin/ipchains -A forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.1.0/24 I don't want to route SMB traffic to the internet. But I do want to allow SMB traffic to pass between local nets over all ppp interfaces (and my internal interface). Do rules overwrite each other? Or how does that work? I'm sooo close!! =) Will you guys work with me on this? Thanks. j > For SMB traffic. I did that, and I still can't get SMB working. As soon as > I connect, my firewall starts spitting out errors denying connects on > interface ppp0 for proto 17 by rule #34. > > How can I fix this? > > Thanks. > > j > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From phil at vibrationresearch.com Sat Oct 7 22:05:15 2000 From: phil at vibrationresearch.com (Phil Van Baren) Date: Sat, 7 Oct 2000 23:05:15 -0400 Subject: [pptp-server] Firewall issues... More info... In-Reply-To: <1617.4.3.32.252.970967929.squirrel@www.tresgeek.net> Message-ID: <000301c030d4$94f5a360$56108318@bud.mw.mediaone.net> Jason, I'm confused here, because you say your rule 34 is defined to match interface $EXTIF and protocol 6 (tcp), but you also say your error log is giving errors on rule 34 matching interface ppp0 and protocol 17 (udp). They cannot be the same rule. Maybe one is an input rule and the other an output rule? As for the two rules: /sbin/ipchains -A forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.1.0/24 /sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE 139 -d $EXTIP These two rules are on two completely separate rule chains (forward and input) so neither one is before or after the other. The first applies when a packet is being forwarded, and the second applies to input packets. See the section "How Packets Traverse The Filters" in the IPCHAINS-HOWTO for more details. Phil > My ipchains rule #34 says: > > /sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE 139 -d > $EXTIP > > Where: > > $EXTIF is my external interface > $UNIVERSE is 0.0.0.0/0 > > I know that that blocks all SMB traffic going out on the external interface, > but shouldn't this rule (read AFTER that rule) allow it? And Proto 17 is > UDP. How does that affect it? > > /sbin/ipchains -A forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.1.0/24 > > I don't want to route SMB traffic to the internet. But I do want to allow > SMB traffic to pass between local nets over all ppp interfaces (and my > internal interface). > > Do rules overwrite each other? Or how does that work? > > I'm sooo close!! =) Will you guys work with me on this? > > Thanks. > > j > > > > > For SMB traffic. I did that, and I still can't get SMB working. As soon > as > > I connect, my firewall starts spitting out errors denying connects on > > interface ppp0 for proto 17 by rule #34. > > > > How can I fix this? > > > > Thanks. > > > > j From junk at puffin.org Sun Oct 8 09:09:06 2000 From: junk at puffin.org (Junk Mail) Date: Sun, 8 Oct 2000 15:09:06 +0100 Subject: [pptp-server] PoPToP and FreeBSD ppp Message-ID: <20001008150906.A54594@fluffy.puffin.org> Hi All, I'm probably missing something blindingly obvious, but I'm trying to get PoPToP running with FreeBSD's version of PPP, which is different that pppd. I've looked through the FAQ and the INSTALL file but can't find any information on how to do this, although I'm sure I saw something only the other day on what needed to be done. Could someone point me in the right direction and/or post an example configuration file? Many thanks in advance. Regards, Ade. From jbnance at tresgeek.net Sun Oct 8 14:50:04 2000 From: jbnance at tresgeek.net (Jason Bradley Nance) Date: Sun, 8 Oct 2000 14:50:04 -0500 (CDT) Subject: [pptp-server] Firewall issues... More info... In-Reply-To: <000301c030d4$94f5a360$56108318@bud.mw.mediaone.net> References: <000301c030d4$94f5a360$56108318@bud.mw.mediaone.net> Message-ID: <2538.4.3.32.252.971034604.squirrel@www.tresgeek.net> > I'm confused here, because you say your rule 34 is defined to match > interface $EXTIF and protocol 6 (tcp), but you also say your error log is > giving errors on rule 34 matching interface ppp0 and protocol 17 (udp). > They cannot be the same rule. Maybe one is an input rule and the other an > output rule? Well, how would I go about extracting rule #34. Maybe I'm not doing it right. I did: less rc.firewall | grep /sbin/ipchains > firewall.raw vi firewall.raw :34 That's what rule was on line 34. > As for the two rules: > > /sbin/ipchains -A forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.1.0/24 > /sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE 139 -d > $EXTIP > > These two rules are on two completely separate rule chains (forward and > input) so neither one is before or after the other. The first applies when > a packet is being forwarded, and the second applies to input packets. See > the section "How Packets Traverse The Filters" in the IPCHAINS-HOWTO for > more details. Can you give me an example of how to allow traffic to pass to the ppp* interface from local net to local net? My default has all SMB traffic killed that tries to leave the internal interface. j From jbnance at tresgeek.net Sun Oct 8 14:54:51 2000 From: jbnance at tresgeek.net (Jason Bradley Nance) Date: Sun, 8 Oct 2000 14:54:51 -0500 (CDT) Subject: [pptp-server] Firewall issues... More info... In-Reply-To: <6B8A85826C35D31193BD0090278589C80FE64B@CIC-EXCHANGE> References: <6B8A85826C35D31193BD0090278589C80FE64B@CIC-EXCHANGE> Message-ID: <2562.4.3.32.252.971034891.squirrel@www.tresgeek.net> > you dont NEED that rule, but you need to define the ports > > If memory serves: > 137 and 138 are UDP > and > 139 is TCP > > > BTW, its not a bad idea to block 137:139 for all protos on your internet > interface > > -LW > So are those input, output, or forward rules? Or a combination of all three? Can you give me an example of how to allow SMB traffic over the ppp* interface from local net to local net? Thanks. j From phil at vibrationresearch.com Sun Oct 8 17:22:24 2000 From: phil at vibrationresearch.com (Phil Van Baren) Date: Sun, 8 Oct 2000 18:22:24 -0400 Subject: [pptp-server] Firewall issues... More info... In-Reply-To: <2538.4.3.32.252.971034604.squirrel@www.tresgeek.net> Message-ID: <000101c03176$3bf83c80$56108318@bud.mw.mediaone.net> To get the rule line numbers, run: ipchains -L --line-numbers These should be the basic firewall rules to allow pptp traffic: # Enable packet forwarding to/from the pptpd connection ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT # Allow all PPTP traffic from the outside world ipchains -A input -i $EXTIF -p TCP -d 0.0.0.0/0 pptp -j ACCEPT ipchains -A input -i $EXTIF -p 47 -j ACCEPT # Deny all non-specified traffic from the outside world ipchains -A input -i $EXTIF -p TCP -j DENY ipchains -A input -i $EXTIF -p UDP -j DENY In addition, if you want to allow all traffic on your internel ethernet device ($INTIF) and all traffic on your pptp device ($PPTPIF), just add these rules. ipchains -A input -i $INTIF -j ACCEPT ipchains -A output -i $INTIF -j ACCEPT ipchains -A input -i $PPTPIF -j ACCEPT ipchains -A output -i $PPTPIF -j ACCEPT > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jason Bradley > Nance > Sent: Sunday, October 08, 2000 3:50 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Firewall issues... More info... > > > > I'm confused here, because you say your rule 34 is defined to match > > interface $EXTIF and protocol 6 (tcp), but you also say your > error log is > > giving errors on rule 34 matching interface ppp0 and protocol 17 (udp). > > They cannot be the same rule. Maybe one is an input rule and > the other an > > output rule? > > Well, how would I go about extracting rule #34. Maybe I'm not doing it > right. I did: > > less rc.firewall | grep /sbin/ipchains > firewall.raw > vi firewall.raw > :34 > > That's what rule was on line 34. > > > As for the two rules: > > > > /sbin/ipchains -A forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.1.0/24 > > /sbin/ipchains -A input -j REJECT -i $EXTIF -p tcp -s $UNIVERSE 139 -d > > $EXTIP > > > > These two rules are on two completely separate rule chains (forward and > > input) so neither one is before or after the other. The first applies > when > > a packet is being forwarded, and the second applies to input > packets. See > > the section "How Packets Traverse The Filters" in the IPCHAINS-HOWTO for > > more details. > > Can you give me an example of how to allow traffic to pass to the ppp* > interface from local net to local net? My default has all SMB traffic > killed that tries to leave the internal interface. > > j > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jbnance at tresgeek.net Sun Oct 8 17:50:50 2000 From: jbnance at tresgeek.net (Jason Bradley Nance) Date: Sun, 8 Oct 2000 17:50:50 -0500 (CDT) Subject: [pptp-server] Firewall issues... More info... In-Reply-To: <000101c03176$3bf83c80$56108318@bud.mw.mediaone.net> References: <000101c03176$3bf83c80$56108318@bud.mw.mediaone.net> Message-ID: <1175.4.3.33.107.971045450.squirrel@www.tresgeek.net> > In addition, if you want to allow all traffic on your internel ethernet > device ($INTIF) and all traffic on your pptp device ($PPTPIF), just add > these rules. > > ipchains -A input -i $INTIF -j ACCEPT > ipchains -A output -i $INTIF -j ACCEPT > > ipchains -A input -i $PPTPIF -j ACCEPT > ipchains -A output -i $PPTPIF -j ACCEPT Won't that allow SMB traffic to the $EXTIF too? And can I say ppp* for all ppp interfaces? Cause I will have more than one person connecting at a time. Thanks. j From kenlussier at mediaone.net Sun Oct 8 18:21:37 2000 From: kenlussier at mediaone.net (Kenneth E. Lussier) Date: Sun, 08 Oct 2000 19:21:37 -0400 Subject: [pptp-server] Firewall issues... More info... References: <000101c03176$3bf83c80$56108318@bud.mw.mediaone.net> <1175.4.3.33.107.971045450.squirrel@www.tresgeek.net> Message-ID: <39E10181.126ED6FD@mediaone.net> Actually, to specify all devices of a type, you need to use a "+". In this case, it would be ppp+ Kenny Jason Bradley Nance wrote: > > > In addition, if you want to allow all traffic on your internel ethernet > > device ($INTIF) and all traffic on your pptp device ($PPTPIF), just add > > these rules. > > > > ipchains -A input -i $INTIF -j ACCEPT > > ipchains -A output -i $INTIF -j ACCEPT > > > > ipchains -A input -i $PPTPIF -j ACCEPT > > ipchains -A output -i $PPTPIF -j ACCEPT > > Won't that allow SMB traffic to the $EXTIF too? > And can I say ppp* for all ppp interfaces? Cause I will have more than one > person connecting at a time. > > Thanks. > > j > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From phil at vibrationresearch.com Sun Oct 8 18:19:22 2000 From: phil at vibrationresearch.com (Phil Van Baren) Date: Sun, 8 Oct 2000 19:19:22 -0400 Subject: [pptp-server] Firewall issues... More info... In-Reply-To: <1175.4.3.33.107.971045450.squirrel@www.tresgeek.net> Message-ID: <000001c0317e$31557ba0$56108318@bud.mw.mediaone.net> Those rules apply only to the traffic on the internal and PPTP interfaces, and so will not affect traffic on the external interface. You must have other rules in your chains which apply to the external interface to block external traffic (or set your default policy to DENY). Specifying an interface name "ppp+" will match all interfaces which begin with the letters ppp. This should work as long as your external interface is not a ppp device as well. > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jason Bradley > Nance > Sent: Sunday, October 08, 2000 6:51 PM > To: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Firewall issues... More info... > > > > In addition, if you want to allow all traffic on your internel ethernet > > device ($INTIF) and all traffic on your pptp device ($PPTPIF), just add > > these rules. > > > > ipchains -A input -i $INTIF -j ACCEPT > > ipchains -A output -i $INTIF -j ACCEPT > > > > ipchains -A input -i $PPTPIF -j ACCEPT > > ipchains -A output -i $PPTPIF -j ACCEPT > > Won't that allow SMB traffic to the $EXTIF too? > And can I say ppp* for all ppp interfaces? Cause I will have > more than one > person connecting at a time. > > Thanks. > > j > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From adam at morrison-ind.com Mon Oct 9 06:55:45 2000 From: adam at morrison-ind.com (Adam Williams) Date: Mon, 9 Oct 2000 07:55:45 -0400 Subject: [pptp-server] PPTP and LDAP Message-ID: <200010091155.e99Btj202526@barracuda.morrison.iserv.net> I've done some work on my LDAP enabled version of PPPD for use with PoPToP. This version can be used without hacking any of the code (search filter, etc... were hard coded before). As soon as I can get into soureforge, which appears to be down right now, I'll post this and take down the old version. This is PPP 2.3.10 with MPPE, strip M$ Domain, and enforce stateless patches, plus code to get an NT password hash from an LDAP server. The code for getting the NT hash is based on the smbpasswd patch. I've used this extensively against the OpenLDAP libraries and an OpenLDAP server and it seems very stable. http://ldapconsole.sourceforge.net I'll put the word "Updated" by the relvent section of the web page, so if you don't see it I haven't gotten in yet. From aalang at rutgersinsurance.com Mon Oct 9 09:32:20 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 9 Oct 2000 10:32:20 -0400 Subject: [pptp-server] FAQ References: <000201c0307b$feb8abc0$56108318@bud.mw.mediaone.net> Message-ID: <004201c031fd$bb50de60$330a0a0a@6014cwpza006> Very good start to a FAQ. poptop.lineo.com should link to it. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Phil Van Baren" To: Sent: Saturday, October 07, 2000 12:31 PM Subject: [pptp-server] FAQ > As I was looking through this mailing list, I realized that it is in > desperate need of a FAQ. Many questions are asked repeatedly, and it > appears that people are getting tired of answering the same questions, so > many just get ignored. > > So, I took it upon myself to compile a FAQ. I began with massive plagiarism > from the Troubleshooting section of the PoPToP-RedHat-HOWTO, and added many > of the questions that I saw on this list. It seems to me that the main need > is solutions for the various error messages that you may see in the log > file, so I added a number of these error messages to the list. Many are > still waiting for answers, but at least this is a start: > http://www.vibrationresearch.com/pptpd/pptpd-FAQ.txt > > If you have more answers and/or questions to add to the FAQ, please email > them to phil at vibrationresearch.com and I will try to compile a reasonable > FAQ for this list. > > Phil > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From conrad at messagesecure.com Mon Oct 9 10:22:21 2000 From: conrad at messagesecure.com (Cary T. Conrad) Date: Mon, 09 Oct 2000 11:22:21 -0400 Subject: [pptp-server] Unsubscribe is unfriendly Message-ID: <39E1E2AD.264A2A79@messagesecure.com> This does not work, how do you 'unsubscribe' ????? CC You can unsubscribe from this list at any time. Just open a web browser and point it at http://lists.schulte.org/mailman/listinfo/pptp-server. Many thanks to Christopher Schulte of schulte.org for providing free mailing list services to this cause. From aalang at rutgersinsurance.com Mon Oct 9 10:34:10 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Mon, 9 Oct 2000 11:34:10 -0400 Subject: [pptp-server] Unsubscribe is unfriendly References: <39E1E2AD.264A2A79@messagesecure.com> Message-ID: <001301c03206$5f2310a0$330a0a0a@6014cwpza006> Read the part all the way at the bottom. The last fill in field. Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Cary T. Conrad" To: Sent: Monday, October 09, 2000 11:22 AM Subject: [pptp-server] Unsubscribe is unfriendly > This does not work, how do you 'unsubscribe' ????? > > CC > > > You can unsubscribe from this list at any time. Just open a web > browser > and point it at http://lists.schulte.org/mailman/listinfo/pptp-server. > > Many thanks to Christopher Schulte of schulte.org for providing > free mailing list services to this cause. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From TDenham at aircom.com Mon Oct 9 10:36:34 2000 From: TDenham at aircom.com (Thomas Denham) Date: Mon, 9 Oct 2000 11:36:34 -0400 Subject: [pptp-server] Unsubscribe is unfriendly Message-ID: <07BB842D3E28D411804900508BAC02BD376853@AMS1> I too am unable to unsubscribe. Please let me know how to unsubscribe. Thanks. -----Original Message----- From: Cary T. Conrad [mailto:conrad at messagesecure.com] Sent: Monday, October 09, 2000 11:22 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Unsubscribe is unfriendly This does not work, how do you 'unsubscribe' ????? CC You can unsubscribe from this list at any time. Just open a web browser and point it at http://lists.schulte.org/mailman/listinfo/pptp-server. Many thanks to Christopher Schulte of schulte.org for providing free mailing list services to this cause. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! THIS TRANSMISSION, INCLUDING ANY ATTACHMENTS OR FILES, CONTAINS AIRNET COMMUNICATIONS CORPORATION CONFIDENTIAL AND PROPRIETARY INFORMATION WHICH MAY BE OTHERWISE EXEMPT FROM DISCLOSURE. The information is intended to be for the exclusive use of the individual or entity named above. If you are not the intended recipient, be advised that any disclosure, copying, distribution or other use of this information is strictly prohibited. If you have received this transmission in error, please notify us by telephone at 1-321-984-1990 or by email to postmaster at aircom.com immediately and do not read, print or save this information in any manner. From matthewr at moreton.com.au Mon Oct 9 16:02:29 2000 From: matthewr at moreton.com.au (Matthew Ramsay) Date: Mon, 9 Oct 2000 14:02:29 -0700 Subject: [pptp-server] FAQ References: <000201c0307b$feb8abc0$56108318@bud.mw.mediaone.net> <004201c031fd$bb50de60$330a0a0a@6014cwpza006> Message-ID: <012e01c03234$3fa77080$6500a8c0@hazel> That's my plan.. I just need a few days to get back into town to sort out the links... :-) > Very good start to a FAQ. poptop.lineo.com should link to it. From aludwig at imagestor.com Mon Oct 9 16:30:23 2000 From: aludwig at imagestor.com (Al Ludwig) Date: Mon, 9 Oct 2000 17:30:23 -0400 Subject: [pptp-server] PPTP Ports References: <000201c0307b$feb8abc0$56108318@bud.mw.mediaone.net> <004201c031fd$bb50de60$330a0a0a@6014cwpza006> <012e01c03234$3fa77080$6500a8c0@hazel> Message-ID: <001101c03238$24ddd8d0$1a700718@freestyle.lore.net> I just need a reminder of which ports are necessary for pptpd to function correctly. Thanks in advance, AL From phil at vibrationresearch.com Mon Oct 9 17:42:13 2000 From: phil at vibrationresearch.com (Phil Van Baren) Date: Mon, 9 Oct 2000 18:42:13 -0400 Subject: [pptp-server] PoPToP and FreeBSD ppp In-Reply-To: <20001008150906.A54594@fluffy.puffin.org> Message-ID: <000001c03242$2b1990e0$56108318@bud.mw.mediaone.net> Configure PoPToP using the command: ./configure --with-bsdppp > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Junk Mail > Sent: Sunday, October 08, 2000 10:09 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] PoPToP and FreeBSD ppp > > > Hi All, > > I'm probably missing something blindingly obvious, but I'm trying > to get PoPToP > running with FreeBSD's version of PPP, which is different that pppd. I've > looked through the FAQ and the INSTALL file but can't find any information > on how to do this, although I'm sure I saw something only the other day > on what needed to be done. > > Could someone point me in the right direction and/or post an example > configuration file? > > Many thanks in advance. > > Regards, Ade. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From JKreger at cicteam.com Mon Oct 9 20:26:34 2000 From: JKreger at cicteam.com (Justin Kreger) Date: Mon, 9 Oct 2000 21:26:34 -0400 Subject: [pptp-server] pppd authentication Message-ID: <6B8A85826C35D31193BD0090278589C80FE654@CIC-EXCHANGE> I'm thinking of somehow directly writing authentication off of a SMB server into the pppd code. Is anybody Interrested in helping? -LW From hisdad at hisdad.org.nz Mon Oct 9 21:11:03 2000 From: hisdad at hisdad.org.nz (His dad) Date: Tue, 10 Oct 2000 15:11:03 +1300 Subject: [pptp-server] using linux 2.4.0 Message-ID: <002401c0325f$5a9d15e0$1401a8c0@MWK.co.nz> I've just tried running pptpd 1.0.1 on a test9 kernel. It fails with the 'PTY read or GRE write fail' message. The same system does work fine with 2.2.16-3 Has anyone found a solution for this? Regards Dad From John at mwk.co.nz Mon Oct 9 21:13:27 2000 From: John at mwk.co.nz (John Huttley) Date: Tue, 10 Oct 2000 15:13:27 +1300 Subject: [pptp-server] pppd 2.4.0, mppe Message-ID: <002a01c0325f$ad5fea00$1401a8c0@MWK.co.nz> I see that the 2.4.0b4 pppd is now out, Does anyone have an updated mppe patch for this pppd? Regards Dad From kenlussier at mediaone.net Mon Oct 9 21:39:33 2000 From: kenlussier at mediaone.net (Kenneth E. Lussier) Date: Mon, 09 Oct 2000 22:39:33 -0400 Subject: [pptp-server] using linux 2.4.0 References: <002401c0325f$5a9d15e0$1401a8c0@MWK.co.nz> Message-ID: <39E28165.771CCAF3@mediaone.net> The ppp/tty code has changed dramaticaly between the 2.2 and 2.4 kernels. You might want to run a diff on the original /usr/src/linux/drivers/net/ppp.c and the new one with the all of the patches. Also, in the past I have found that some of the patches miss the POLL_IN argument in the kill_fasync() function of ppp.c and you need to manually add it. Kenny His dad wrote: > > I've just tried running pptpd 1.0.1 on a test9 kernel. > It fails with the 'PTY read or GRE write fail' message. > > The same system does work fine with 2.2.16-3 > > Has anyone found a solution for this? > > Regards > Dad > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From sunil at trinc.com Tue Oct 10 04:40:48 2000 From: sunil at trinc.com (sunil) Date: Tue, 10 Oct 2000 15:10:48 +0530 Subject: [pptp-server] pptp compilation Message-ID: <200010100944.PAA22404@brahma.roc.com> Hi all I recently downloded pptp-better_tar.gz, from linux site, but while compiling i have got error like * lsocket Not a file or directory but this is included in Makefile LIBS = lsocket -lnsl i searched in "usr/bin/ld" but there is no socket file, my question is is it neccessary to reinsatall my linux or any other solutions ? please help. Also this project creates 3 executable files like client/pptp server/pptp server/pptp_server What are these ? which one is server ?, and which one is client ? Thanks -Sunil From pgw99 at doc.ic.ac.uk Tue Oct 10 06:13:40 2000 From: pgw99 at doc.ic.ac.uk (Philip Willoughby) Date: Tue, 10 Oct 2000 12:13:40 +0100 (BST) Subject: [pptp-server] pptp compilation In-Reply-To: <200010100944.PAA22404@brahma.roc.com> Message-ID: Today, sunil wrote: >Hi all > >I recently downloded pptp-better_tar.gz, from linux site, but while >compiling i have got >error like >* lsocket Not a file or directory >but this is included in Makefile > LIBS = lsocket -lnsl should be LIBS = -lsocket -lnsl I believe.. > i searched in "usr/bin/ld" but there is no socket file, >my question is is it neccessary to reinsatall my linux or any other >solutions ? >please help. > >Also this project creates 3 executable files like >client/pptp >server/pptp >server/pptp_server > >What are these ? which one is server ?, and which one is client ? > >Thanks >-Sunil >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! > Philip Willoughby Email: pgw99 at doc.ic.ac.uk | I reserve the right ICQ#: 53659369 | to drink free beer. From jbnance at tresgeek.net Tue Oct 10 09:57:14 2000 From: jbnance at tresgeek.net (Jason Bradley Nance) Date: Tue, 10 Oct 2000 09:57:14 -0500 Subject: [pptp-server] pptpd in daemon mode when max connections reached or IP pool exhausted In-Reply-To: <391539E9.C8E816D1@esoft.com> Message-ID: How do you define the IP pool? And will this be included in the next release? j > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Rodney D. Holm > Sent: Sunday, May 07, 2000 4:40 AM > To: pptp-server at lists.schulte.org > Cc: rodney at esoft.com > Subject: [pptp-server] pptpd in daemon mode when max connections reached > or IP pool exhausted > > > pptpd was dying in in daemon mode when the IP pool was exhausted, > this was being caused by a fprintf in pptpmanager.c: > > *** pptpmanager.c.orig Mon Oct 9 15:23:04 2000 > --- pptpmanager.c Mon Oct 9 15:23:17 2000 > *************** > *** 152,158 **** > > if (firstOpen == -1) { > syslog(LOG_ERR, "MGR: No free connection > slots or IPs - > no more clients can connect!"); > - fprintf(stderr, "No free connection slots or IPs > available - no more clients can connect!\n"); > FD_CLR(hostSocket, &connSet); > } else { > FD_SET(hostSocket, &connSet); > --- 152,157 ---- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From alan at silveregg.co.jp Wed Oct 11 01:32:17 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Wed, 11 Oct 2000 15:32:17 +0900 Subject: AW: [pptp-server] network neighborhood HELP!!! Message-ID: <4.2.0.58.J.20001011152915.00ae5100@mail.silveregg.co.jp> Thanks for your help. The following are the IPchains rules and related port forwarding for VPN. Like I mentioned in last mail, it seems that I got the connection through firewall but I should be able to ping internal hosts from VPN client, shouldn't I? Also I have done local test (without going through firewall) for VPN connection and it worked fine. I FINALLY got pptp through firewall but it is not working yet. Here are my ipchains rules: $REMOTENET = 0/0 $OUTERIP = IP address of external interface on firewall $OUTERNET = $OUTERIP/netmask $OUTERIF = external interface of firewall $pptp_interip = internal IP address of pptp server #-------------------------- # port forwarding for 1723 #-------------------------- ipmasqadm portfw -a -P tcp -L $OUTERIP 1723 -R $pptp_interip 1723 #---------------------- # redirect protocol 47 #---------------------- /usr/local/sbin/ipfwd --masq --syslog $pptp_interip 47 & #----------------------- # ipchains part for VPN #----------------------- ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 1723 -i $OUTERIF -j ACCEPT ipchains -A input -p 47 -s $REMOTENET -d $OUTERNET -i $OUTERIF -j ACCEPT ipchains -A output -p tcp -s $OUTERNET -d $REMOTENET 1723 -i $OUTERIF -j ACCEPT ipchains -A output -p 47 -s $OUTERNET -d $REMOTENET -i $OUTERIF -j ACCEPT Do you have any idea what could be wrong? Thanks. From V.Simic at panta-rhei.at Wed Oct 11 01:31:40 2000 From: V.Simic at panta-rhei.at (V.Simic at panta-rhei.at) Date: Wed, 11 Oct 2000 06:31:40 GMT Subject: [pptp-server] PPTPD for LINUX Message-ID: Hi! I am just a beginner in linux, so forgive me this stupid question: I am running SUSE Linux vers. 6.4 with PPTD v. 1.0.0 and with windows clients it works really fine - so far so good - (Kernel 2.2.14 - I think) but now I am trying to connect a router (BinTec X1200 - with MS PPTP) to the linux and I get always the error message (on linux): " the control connection command type:9 is not supported " I read something about MS PPTP and I found out that there is a difference between the Client and Server (PAC and PNS) - so I tried to reconfigure the linux server to work as PAC too, but I just don't found any parameters I could set.... ...the same situation on my router: it only works as PNS, and it is not possible to set the router as a PAC... but: why I am able to start a PPTP connection between my router and Windows 2000 Server - and - why it is possible to start a connnection between a Windows x Client and my linux - without any problems ??? please - HELP ME - if you can.... thank's Valentin Simic Panta Rhei Informationsmanagement GmbH Feldstrasse 1 6020 Innsbruck / Austria Tel. +43 512 581800 / Fax. +43 512 581800 18 Email: v.simic at panta-rhei.at From alan at silveregg.co.jp Wed Oct 11 01:51:58 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Wed, 11 Oct 2000 15:51:58 +0900 Subject: [pptp-server] NIC In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE551@defiant.infohiiway.co m> Message-ID: <4.2.0.58.J.20001011153813.00ae49b0@mail.silveregg.co.jp> Thanks for your message. it sounds like you have a same environment setup like me. I have my VPN setup like below, |(VPN Client R)|-INTERNET-| Linux Firewall |-internal network (internal machines A,B,C...) | | PopTop Server | When I connected from client to pptp server, connection was built (since I can see a ppp0 connection by ifconfig command on PopTop server). From PopTop server, I can see VPN client R's IP and ping it. But the problem is I can't ping from client R to any of the internal machine A ,B...even to PopTop server. So I have no way to see any internal machine and browse them after pptp connection is built. Maybe I need to add route on either VPN client side but I am not sure how to do that. Here is my ipchains rules, $REMOTENET = 0/0 $OUTERIP = IP address of external interface on firewall $OUTERNET = $OUTERIP/netmask $OUTERIF = external interface of firewall $pptp_interip = internal IP address of pptp server #-------------------------- # port forwarding for 1723 #-------------------------- ipmasqadm portfw -a -P tcp -L $OUTERIP 1723 -R $pptp_interip 1723 #---------------------- # redirect protocol 47 #---------------------- /usr/local/sbin/ipfwd --masq --syslog $pptp_interip 47 & #----------------------- # ipchains part for VPN #----------------------- ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 1723 -i $OUTERIF -j ACCEPT ipchains -A input -p 47 -s $REMOTENET -d $OUTERNET -i $OUTERIF -j ACCEPT ipchains -A output -p tcp -s $OUTERNET -d $REMOTENET 1723 -i $OUTERIF -j ACCEPT ipchains -A output -p 47 -s $OUTERNET -d $REMOTENET -i $OUTERIF -j ACCEPT Do you have any idea what could be wrong? Thanks in advance. >My poptop server is behind my linux based firewall so it only has one NIC. >If I was to move poptop to my firewall, then obviously it would have two >NIC's. Based on where poptop is (physically) running on your network, your >firewall rules would also need to be modifed to accomodate. In my case, I >have to use ipmasqadm and ipfwd (in addition to ipchain rules) to "forward" >the inbound VPN connections (proto 47/port 1723) to my PPTP server. Plus my >firewall kernel had to be patched to handle the masqing of PPTP/IPSEC >connections. If I was to move poptop to my firewall (which violates most >well written security policies) then I would NOT have to 1) patch the kernel >for VPN masquerading 2) use ipmasqadm and ipfwd to forward PPTP proto/ports >internally. > >FWIW: My linux firewall is using Seattle Firewall (seawall) developed by Tom >Eastep to properly establish the firewall rules. By simply editing a well >documented configuration file, Seattle Firewall will execute the appropiate >ipchain, ipmasqadm, ipfwd commands based on your network design. Tom has >gone to great extremes to insure that Seawall properly configures your >firewall to work with PPTP servers which are either masq'd (like mine) or >running on the firewall itself. > >Checkout: http://seawall.sourceforge.net > >Steve Cowles > > > -----Original Message----- > > From: Alan Chung [mailto:alan at silveregg.co.jp] > > Sent: Friday, October 06, 2000 6:00 AM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] NIC > > > > > > Do I need to have two network interfaces even on an internal VPN > > server? If the server is staying internally, one interface > > sounds good for me. > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! From alan at silveregg.co.jp Wed Oct 11 01:52:12 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Wed, 11 Oct 2000 15:52:12 +0900 Subject: AW: [pptp-server] network neighborhood HELP!!! Message-ID: <4.2.0.58.J.20001011152915.00ae5100@mail.silveregg.co.jp> Thanks for your help. The following are the IPchains rules and related port forwarding for VPN. Like I mentioned in last mail, it seems that I got the connection through firewall but I should be able to ping internal hosts from VPN client, shouldn't I? Also I have done local test (without going through firewall) for VPN connection and it worked fine. I FINALLY got pptp through firewall but it is not working yet. Here are my ipchains rules: $REMOTENET = 0/0 $OUTERIP = IP address of external interface on firewall $OUTERNET = $OUTERIP/netmask $OUTERIF = external interface of firewall $pptp_interip = internal IP address of pptp server #-------------------------- # port forwarding for 1723 #-------------------------- ipmasqadm portfw -a -P tcp -L $OUTERIP 1723 -R $pptp_interip 1723 #---------------------- # redirect protocol 47 #---------------------- /usr/local/sbin/ipfwd --masq --syslog $pptp_interip 47 & #----------------------- # ipchains part for VPN #----------------------- ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 1723 -i $OUTERIF -j ACCEPT ipchains -A input -p 47 -s $REMOTENET -d $OUTERNET -i $OUTERIF -j ACCEPT ipchains -A output -p tcp -s $OUTERNET -d $REMOTENET 1723 -i $OUTERIF -j ACCEPT ipchains -A output -p 47 -s $OUTERNET -d $REMOTENET -i $OUTERIF -j ACCEPT Do you have any idea what could be wrong? Thanks. From alan at silveregg.co.jp Wed Oct 11 02:17:19 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Wed, 11 Oct 2000 16:17:19 +0900 Subject: [pptp-server] NIC Message-ID: <4.2.0.58.J.20001011161716.00affa00@mail.silveregg.co.jp> Thanks for your message. it sounds like you have a same environment setup like me. I have my VPN setup like below, |(VPN Client R)|-INTERNET-| Linux Firewall |-internal network (internal machines A,B,C...) | | PopTop Server | When I connected from client to pptp server, connection was built (since I can see a ppp0 connection by ifconfig command on PopTop server). From PopTop server, I can see VPN client R's IP and ping it. But the problem is I can't ping from client R to any of the internal machine A ,B...even to PopTop server. So I have no way to see any internal machine and browse them after pptp connection is built. Maybe I need to add route on either VPN client side but I am not sure how to do that. Here is my ipchains rules, $REMOTENET = 0/0 $OUTERIP = IP address of external interface on firewall $OUTERNET = $OUTERIP/netmask $OUTERIF = external interface of firewall $pptp_interip = internal IP address of pptp server #-------------------------- # port forwarding for 1723 #-------------------------- ipmasqadm portfw -a -P tcp -L $OUTERIP 1723 -R $pptp_interip 1723 #---------------------- # redirect protocol 47 #---------------------- /usr/local/sbin/ipfwd --masq --syslog $pptp_interip 47 & #----------------------- # ipchains part for VPN #----------------------- ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 1723 -i $OUTERIF -j ACCEPT ipchains -A input -p 47 -s $REMOTENET -d $OUTERNET -i $OUTERIF -j ACCEPT ipchains -A output -p tcp -s $OUTERNET -d $REMOTENET 1723 -i $OUTERIF -j ACCEPT ipchains -A output -p 47 -s $OUTERNET -d $REMOTENET -i $OUTERIF -j ACCEPT Do you have any idea what could be wrong? Thanks in advance. >My poptop server is behind my linux based firewall so it only has one NIC. >If I was to move poptop to my firewall, then obviously it would have two >NIC's. Based on where poptop is (physically) running on your network, your >firewall rules would also need to be modifed to accomodate. In my case, I >have to use ipmasqadm and ipfwd (in addition to ipchain rules) to "forward" >the inbound VPN connections (proto 47/port 1723) to my PPTP server. Plus my >firewall kernel had to be patched to handle the masqing of PPTP/IPSEC >connections. If I was to move poptop to my firewall (which violates most >well written security policies) then I would NOT have to 1) patch the kernel >for VPN masquerading 2) use ipmasqadm and ipfwd to forward PPTP proto/ports >internally. > >FWIW: My linux firewall is using Seattle Firewall (seawall) developed by Tom >Eastep to properly establish the firewall rules. By simply editing a well >documented configuration file, Seattle Firewall will execute the appropiate >ipchain, ipmasqadm, ipfwd commands based on your network design. Tom has >gone to great extremes to insure that Seawall properly configures your >firewall to work with PPTP servers which are either masq'd (like mine) or >running on the firewall itself. > >Checkout: http://seawall.sourceforge.net > >Steve Cowles > > > -----Original Message----- > > From: Alan Chung [mailto:alan at silveregg.co.jp] > > Sent: Friday, October 06, 2000 6:00 AM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] NIC > > > > > > Do I need to have two network interfaces even on an internal VPN > > server? If the server is staying internally, one interface > > sounds good for me. > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! From alan at silveregg.co.jp Wed Oct 11 02:17:26 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Wed, 11 Oct 2000 16:17:26 +0900 Subject: AW: [pptp-server] network neighborhood HELP!!! Message-ID: <4.2.0.58.J.20001011161723.00b21380@mail.silveregg.co.jp> Thanks for your help. The following are the IPchains rules and related port forwarding for VPN. Like I mentioned in last mail, it seems that I got the connection through firewall but I should be able to ping internal hosts from VPN client, shouldn't I? Also I have done local test (without going through firewall) for VPN connection and it worked fine. I FINALLY got pptp through firewall but it is not working yet. Here are my ipchains rules: $REMOTENET = 0/0 $OUTERIP = IP address of external interface on firewall $OUTERNET = $OUTERIP/netmask $OUTERIF = external interface of firewall $pptp_interip = internal IP address of pptp server #-------------------------- # port forwarding for 1723 #-------------------------- ipmasqadm portfw -a -P tcp -L $OUTERIP 1723 -R $pptp_interip 1723 #---------------------- # redirect protocol 47 #---------------------- /usr/local/sbin/ipfwd --masq --syslog $pptp_interip 47 & #----------------------- # ipchains part for VPN #----------------------- ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 1723 -i $OUTERIF -j ACCEPT ipchains -A input -p 47 -s $REMOTENET -d $OUTERNET -i $OUTERIF -j ACCEPT ipchains -A output -p tcp -s $OUTERNET -d $REMOTENET 1723 -i $OUTERIF -j ACCEPT ipchains -A output -p 47 -s $OUTERNET -d $REMOTENET -i $OUTERIF -j ACCEPT Do you have any idea what could be wrong? Thanks. From pjreid at nbnet.nb.ca Wed Oct 11 05:53:03 2000 From: pjreid at nbnet.nb.ca (Patrick Reid) Date: Wed, 11 Oct 2000 07:53:03 -0300 Subject: [pptp-server] Where has the 128-bit DUN Update gone? In-Reply-To: <07BB842D3E28D411804900508BAC02BD376853@AMS1> Message-ID: I have been hunting all over the M$ web site and can't find the 128-bit DUN update (except for the one for Win 98 se). It used to be at http://support.microsoft.com/support/ntserver/128Eula.asp but there is nothing there now. Can anyone point to an instance of the patch for Windows 98? Patrick Reid From phil at vibrationresearch.com Wed Oct 11 08:38:35 2000 From: phil at vibrationresearch.com (Philip Van Baren) Date: Wed, 11 Oct 2000 09:38:35 -0400 Subject: [pptp-server] Where has the 128-bit DUN Update gone? In-Reply-To: Message-ID: <000401c03388$8de61990$4500a8c0@vibrationresearch.com> Patrick, Microsoft has left a note saying they have temporarily pulled the 128-bit update. It has been this way for a while now: http://www.microsoft.com/Windows98/downloads/contents/WURecommended/S_WUNetw orking/DUN128/default.asp Phil > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Patrick Reid > Sent: Wednesday, October 11, 2000 6:53 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Where has the 128-bit DUN Update gone? > > > I have been hunting all over the M$ web site and can't find the > 128-bit DUN > update (except for the one for Win 98 se). > > It used to be at > > http://support.microsoft.com/support/ntserver/128Eula.asp > > but there is nothing there now. Can anyone point to an instance > of the patch > for Windows 98? > > Patrick Reid > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From aalang at rutgersinsurance.com Wed Oct 11 09:01:42 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Wed, 11 Oct 2000 10:01:42 -0400 Subject: [pptp-server] PPTPD for LINUX References: Message-ID: <00fc01c0338b$c8a06740$330a0a0a@6014cwpza006> Sorry, but I don't have a solution to your PPTP problem, but does your router support IPSEC? If so, a good solution might be to connect your Windows 2K server, linux box, and router via IPSEC and your linux box and windows 9x clients via PPTP. Granted it is another protocol, but you might have a bit more success (Win2K should support IPSEC and Freeswan is the linux version). Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: To: Sent: Wednesday, October 11, 2000 2:31 AM Subject: [pptp-server] PPTPD for LINUX > Hi! > > I am just a beginner in linux, so forgive me this stupid question: > > I am running SUSE Linux vers. 6.4 with PPTD v. 1.0.0 and with windows > clients it works really fine - so far so good - (Kernel 2.2.14 - I think) > > but now I am trying to connect a router (BinTec X1200 - with MS PPTP) > to the linux and I get always the error message (on linux): > " the control connection command type:9 is not supported " > I read something about MS PPTP and I found out that there is a > difference between the Client and Server (PAC and PNS) - > so I tried to reconfigure the linux server to work as PAC too, but I just > don't found any parameters I could set.... > ...the same situation on my router: it only works as PNS, and it is not > possible to set the router as a PAC... > > but: why I am able to start a PPTP connection between my router > and Windows 2000 Server - and - why it is possible to start a connnection > between a Windows x Client and my linux - without any problems ??? > > > please - HELP ME - if you can.... > > > thank's > > > Valentin Simic > > Panta Rhei Informationsmanagement GmbH > Feldstrasse 1 > 6020 Innsbruck / Austria > Tel. +43 512 581800 / Fax. +43 512 581800 18 > Email: v.simic at panta-rhei.at > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Wed Oct 11 09:10:15 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Wed, 11 Oct 2000 10:10:15 -0400 Subject: [pptp-server] network neighborhood HELP!!! References: <4.2.0.58.J.20001006172846.00b0d3d0@mail.silveregg.co.jp> <4.2.0.58.J.20001011160918.00adcb80@mail.silveregg.co.jp> Message-ID: <011c01c0338c$fa5534e0$330a0a0a@6014cwpza006> As for the IPChains... I don't know... I'm far from an expert... as for the routing... Your client and your VPN don't need anything specific added to the routing (that is if your ipchains are setup correctly). It is the computers on the other side of the VPN server that need routing... your internal network. Here is an example... Internal network has a VPN server with address 10.10.10.2. You also have another computer on that network with address 10.10.10.3. When your client connects to the VPN, you set up a network of 192.168.0.200 (server) and 192.168.0.201 (client). When the client pings 10.10.10.3 or .2, it knows how to talk to it because your VPN Server knows how to route to those address. The problem is, the computer 10.10.10.3 does not know that packets from 192.168.0.x have to be sent to the VPN server at 10.10.10.3 (because then the VPN server forwards them to the 192.168.0.x network). So, for your 10.10.10.3 type computer, you'll add a route that tells it that 192.168.0.0 network packets are forwarded to 10.10.10.2 (the internal IP of the VPN server). Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Alan Chung" To: "Adam Lang" Sent: Wednesday, October 11, 2000 3:15 AM Subject: Re: [pptp-server] network neighborhood HELP!!! > Thanks for your help. > > As you mentioned, do I have to add routes on both VPN clients and pptp > server for them to know each other? It seems that pptp server alread know > where client is (since I can ping it) but client doesn't. I am not sure > how to add a route on window platform but it looks like this, > > route add [ip] mask [netmask] [gateway] > > I have tried this but it doesn't work. > > Also I have ipchains rules setup as following, > > $REMOTENET = 0/0 > $OUTERIP = IP address of external interface on firewall > $OUTERNET = $OUTERIP/netmask > $OUTERIF = external interface of firewall > $pptp_interip = internal IP address of pptp server > > > #-------------------------- > # port forwarding for 1723 > #-------------------------- > ipmasqadm portfw -a -P tcp -L $OUTERIP 1723 -R $pptp_interip 1723 > > > #---------------------- > # redirect protocol 47 > #---------------------- > /usr/local/sbin/ipfwd --masq --syslog $pptp_interip 47 & > > > #----------------------- > # ipchains part for VPN > #----------------------- > > > ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 1723 -i $OUTERIF -j ACCEPT > ipchains -A input -p 47 -s $REMOTENET -d $OUTERNET -i $OUTERIF -j > ACCEPT > > > ipchains -A output -p tcp -s $OUTERNET -d $REMOTENET 1723 -i $OUTERIF -j ACCEPT > ipchains -A output -p 47 -s $OUTERNET -d $REMOTENET -i $OUTERIF -j > ACCEPT > > > Do you have any idea what could be wrong? > > Thanks. > > Alan > > At ?? 09:22 00/10/06 -0400, you wrote: > >You need to add a route on the internal computers that points to the VPN > >server fo ryour 192.168.0.0 network. > > > >By default, I believe your VPN server should know how to talk to the PPTP > >client. > > > >Also, do you have ipchains setup in your ip-up.local file on the server? > > > >Adam Lang > >Systems Engineer > >Rutgers Casualty Insurance Company > >----- Original Message ----- > >From: "Alan Chung" > >To: > >Sent: Friday, October 06, 2000 4:28 AM > >Subject: [pptp-server] network neighborhood HELP!!! > > > > > > > I think I got so close but there was still a bit (big?) problem. > > > > > > Now I can dial up to my internal VPN server (running PopTop server on a > > > Linux box) from a EXTERNAL window 98 client without any problem, the > > > connection seems there (ppp0 connection showed by ifconfig with a remote > > > IP, let's say 192.168.0.10), and I can ping from any internal machine to > > > 192.168.0.10. But now I have two major problems: > > > > > > 1. I can't ping from that win98 VPN client to any remote internal > >machine. > > > (I even tried to add a route for 192.168.0.10 on VPN server). Does it > > > mean that the ipchains firewalling rules is not correctly setup yet? But > > > pinging is not a problem except this though. I can ping to/from anywhere > > > except this. > > > > > > 2. I am not able to see/browse any internal machine in network > > > neighbothood. (I have set up /etc/ppp/options with ms-wins and ms-dns in > > > it to specify WINS server, which is also a NT PDC internally). > > > > > > Please give me some advice if anybody knows or has the same experience. > > > > > > Thanks in advance. > > > > > > Alan > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! From jeff at kreska.org Wed Oct 11 11:01:43 2000 From: jeff at kreska.org (Jeff) Date: Wed, 11 Oct 2000 11:01:43 -0500 Subject: [pptp-server] configure bsd ipfw to work with poptop Message-ID: <39E48EE7.B8062C61@kreska.org> Any pointers on the commands that need to be in rc.firewall to let poptop work with ipfw? Thanks, Jeff From alan at silveregg.co.jp Wed Oct 11 23:59:09 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Thu, 12 Oct 2000 13:59:09 +0900 Subject: [pptp-server] network neighborhood HELP!!! In-Reply-To: <011c01c0338c$fa5534e0$330a0a0a@6014cwpza006> References: <4.2.0.58.J.20001006172846.00b0d3d0@mail.silveregg.co.jp> <4.2.0.58.J.20001011160918.00adcb80@mail.silveregg.co.jp> Message-ID: <4.2.0.58.J.20001012134536.00b576d0@mail.silveregg.co.jp> Thanks for the message. I actually set up the network of VPN the same as internal network (192.168.0.0/24), using certain range of IPs. In this case, do I still need add routes manually for each internal machine in order to see dial-up in VPN client? >When the client pings 10.10.10.3 or .2, it knows how to talk to it because >your VPN Server knows how to route to those address. The problem is, the >computer 10.10.10.3 does not know that packets from 192.168.0.x have to be >sent to the VPN server at 10.10.10.3 (because then the VPN server forwards >them to the 192.168.0.x network). Actually, my problem is reverse. In this example, I can ping from 10.10.10.2 to 192.168.0.201 but not reversely. I even tried to use ms-dns ms-wins for internal WINS server, it didn't work out. >So, for your 10.10.10.3 type computer, you'll add a route that tells it that >192.168.0.0 network packets are forwarded to 10.10.10.2 (the internal IP of >the VPN server). > >Adam Lang >Systems Engineer >Rutgers Casualty Insurance Company >----- Original Message ----- >From: "Alan Chung" >To: "Adam Lang" >Sent: Wednesday, October 11, 2000 3:15 AM >Subject: Re: [pptp-server] network neighborhood HELP!!! > > > > Thanks for your help. > > > > As you mentioned, do I have to add routes on both VPN clients and pptp > > server for them to know each other? It seems that pptp server alread know > > where client is (since I can ping it) but client doesn't. I am not sure > > how to add a route on window platform but it looks like this, > > > > route add [ip] mask [netmask] [gateway] > > > > I have tried this but it doesn't work. > > > > Also I have ipchains rules setup as following, > > > > $REMOTENET = 0/0 > > $OUTERIP = IP address of external interface on firewall > > $OUTERNET = $OUTERIP/netmask > > $OUTERIF = external interface of firewall > > $pptp_interip = internal IP address of pptp server > > > > > > #-------------------------- > > # port forwarding for 1723 > > #-------------------------- > > ipmasqadm portfw -a -P tcp -L $OUTERIP 1723 -R $pptp_interip 1723 > > > > > > #---------------------- > > # redirect protocol 47 > > #---------------------- > > /usr/local/sbin/ipfwd --masq --syslog $pptp_interip 47 & > > > > > > #----------------------- > > # ipchains part for VPN > > #----------------------- > > > > > > ipchains -A input -p tcp -s $REMOTENET -d $OUTERNET 1723 -i $OUTERIF -j >ACCEPT > > ipchains -A input -p 47 -s $REMOTENET -d $OUTERNET -i $OUTERIF -j > > ACCEPT > > > > > > ipchains -A output -p tcp -s $OUTERNET -d $REMOTENET 1723 -i $OUTERIF -j >ACCEPT > > ipchains -A output -p 47 -s $OUTERNET -d $REMOTENET -i $OUTERIF -j > > ACCEPT > > > > > > Do you have any idea what could be wrong? > > > > Thanks. > > > > Alan > > > > At ?? 09:22 00/10/06 -0400, you wrote: > > >You need to add a route on the internal computers that points to the VPN > > >server fo ryour 192.168.0.0 network. > > > > > >By default, I believe your VPN server should know how to talk to the PPTP > > >client. > > > > > >Also, do you have ipchains setup in your ip-up.local file on the server? > > > > > >Adam Lang > > >Systems Engineer > > >Rutgers Casualty Insurance Company > > >----- Original Message ----- > > >From: "Alan Chung" > > >To: > > >Sent: Friday, October 06, 2000 4:28 AM > > >Subject: [pptp-server] network neighborhood HELP!!! > > > > > > > > > > I think I got so close but there was still a bit (big?) problem. > > > > > > > > Now I can dial up to my internal VPN server (running PopTop server on >a > > > > Linux box) from a EXTERNAL window 98 client without any problem, the > > > > connection seems there (ppp0 connection showed by ifconfig with a >remote > > > > IP, let's say 192.168.0.10), and I can ping from any internal machine >to > > > > 192.168.0.10. But now I have two major problems: > > > > > > > > 1. I can't ping from that win98 VPN client to any remote internal > > >machine. > > > > (I even tried to add a route for 192.168.0.10 on VPN server). Does it > > > > mean that the ipchains firewalling rules is not correctly setup yet? >But > > > > pinging is not a problem except this though. I can ping to/from >anywhere > > > > except this. > > > > > > > > 2. I am not able to see/browse any internal machine in network > > > > neighbothood. (I have set up /etc/ppp/options with ms-wins and ms-dns >in > > > > it to specify WINS server, which is also a NT PDC internally). > > > > > > > > Please give me some advice if anybody knows or has the same >experience. > > > > > > > > Thanks in advance. > > > > > > > > Alan > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulteconsulting.com! > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >List services provided by www.schulteconsulting.com! From alan at silveregg.co.jp Thu Oct 12 00:11:41 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Thu, 12 Oct 2000 14:11:41 +0900 Subject: [pptp-server] maybe a routing problem?? In-Reply-To: <39E475A3.DB556736@home.com> References: <4.2.0.58.J.20001011161723.00b21380@mail.silveregg.co.jp> Message-ID: <4.2.0.58.J.20001012135944.00b45320@mail.silveregg.co.jp> Thanks for the help. I do have proxyarp in my /etc/ppp/options file. This is my content of that file, lock debug mtu 1400 mru 1400 auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp ms-wins 192.168.0.12 ms-dns 192.168.0.12 And, the only difference between your ipchains rules and mine is the ones for ppp interface. I am not sure if those are necessary but I have tried them. It doesn't create a different chain when I use "ipchains -L -n" to see. Also, does "ppp+" apply to all ppp0, ppp1, ppp2...? I can still see the ppp connection and ping from all internal machine to that VPN client IP (after connection is built). But not reversely, I can't ping or see even PPTP server or any of the internal hosts from VPN client. I was thinking I probably have to add routes for VPN client to see all internal machines. But I have no idea how to add a route in WIN98. I am really STUCKed. Please help. At ?? 09:13 00/10/11 -0500, you wrote: >Hi Alan: > >What are the rules on the pptp server? >These are mine: >/sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -d $EXTIP/32 1723 >/sbin/ipchains -A input -j ACCEPT -i $EXTIF -p 47 -d $EXTIP/32 >/sbin/ipchains -A input -j ACCEPT -i ppp+ -b -s 0/0 -d >0/0 <to talk to internal network, can changed to fit your needs >/sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp ! -y -s $EXTIP/32 1723 >/sbin/ipchains -A output -j ACCEPT -i $EXTIF -p 47 -s $EXTIP/32 -d $UNIVERSE >/sbin/ipchains -A output -j ACCEPT -i ppp+ -b -s 0/0 -d >0/0 <ppp to talk to internal network, can changed to fit your needs >/sbin/ipchains -A forward -j ACCEPT -i $ppp+ -s $INTLAN -d $INTLAN << needed >/sbin/ipchains -A forward -j ACCEPT -i $EXTIF -s $INTLAN -d $INTLAN >I have these rules in use, yes they work. >Is the proxyarp working in the pptp server? From pascal.fremaux at sxb.bsf.alcatel.fr Thu Oct 12 02:39:53 2000 From: pascal.fremaux at sxb.bsf.alcatel.fr (Pascal Fremaux) Date: Thu, 12 Oct 2000 09:39:53 +0200 Subject: [pptp-server] Administration of dead PPTP tunnels Message-ID: <39E56AC9.4DA27BDF@sxb.bsf.alcatel.fr> Sometimes in our tests, when clients are bad configured or somethings like that, a tunnel goes down for the client side, but stay up on the server. So there are more and more 'zombi' tunnels which 'eat' all the range of IP addresses. How could you detect automatically those zombies, and clean them ? How do you manage that ? -- Pascal Fremaux, SSII Alten Study Engineer at Alcatel Telecom R&D, Illkirch, France From alan at silveregg.co.jp Thu Oct 12 03:41:17 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Thu, 12 Oct 2000 17:41:17 +0900 Subject: [pptp-server] samba with network neighborhood Message-ID: <4.2.0.58.J.20001012173344.00b26100@mail.silveregg.co.jp> Thanks for many people's help and I have got vpn client succcessfully login INTERNAL pptp server!!! I can find the WINS samba server by finding it through START MENU --> FIND --> other computer but I can't see it in neighborhood. /etc/ppp/options is set with the following lock debug mtu 1400 mru 1400 auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless proxyarp ms-wins [ip of wins server] ms-dns [ip of wins server] And I even went to network --> TCP/IP --> WINS setup and put the ip of WINS server on VPN client. How can I see and browse local machines through neighborhood? Thanks in advance. Alan From Steve.Cowles at infohiiway.com Thu Oct 12 04:39:19 2000 From: Steve.Cowles at infohiiway.com (Cowles, Steve) Date: Thu, 12 Oct 2000 04:39:19 -0500 Subject: [pptp-server] samba with network neighborhood Message-ID: <90769AF04F76D41186C700A0C90AFC3EE559@defiant.infohiiway.com> > -----Original Message----- > From: Alan Chung [mailto:alan at silveregg.co.jp] > Sent: Thursday, October 12, 2000 3:41 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] samba with network neighborhood > > > Thanks for many people's help and I have got vpn client > succcessfully login INTERNAL pptp server!!! > Congrats!! > And I even went to network --> TCP/IP --> WINS setup and put > the ip of WINS server on VPN client. How can I see and > browse local machines through neighborhood? > Use "winipcfg" to verify that your PPTP server is sending DNS/WINS addresses to your client. There should be no need to set WINS address manually. DNS is a separate issue. Initially (when the TCP/IP stack is brought up on the client) DNS should be set to ISP's DNS servers. Then when you establish your PPTP connection, you will see your DNS servers from your local LAN "appended" to the list of DNS servers (for the TCP/IP stack) With W98, you will need to insure that the Workgroup setting matches the workgroup for your local LAN on your PPTP client. i.e. Win98 will register with WINS server under that domain/workgroup. Also, if your logging into a MS Domain Controller, you will need to set that up in Network --> Client for MS Networks. Steve Cowles From alan at silveregg.co.jp Thu Oct 12 05:55:48 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Thu, 12 Oct 2000 19:55:48 +0900 Subject: [pptp-server] more help with network neighborhood In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE559@defiant.infohiiway.co m> Message-ID: <4.2.0.58.J.20001012194410.00b44b90@mail.silveregg.co.jp> I have verified using winipcfg and it does show the correct info of ppp adapter, including WINS, DNS.... But I am still not able to browse other computers. I am currently using NT PDC internally so that it will be good if I can have VPN client log into the NT domain. But since I can't see any of internal machine (including WINS server, which is also NT PDC), there is no way I can log on NT PDC. I still have trouble with browsing internal network from VPN client. Aternatively, I can setup a samba on pptp server and then I can see it by using the FIND tool from start menu. But it is not a good solution since I am using a NT PDC already. Anyone know what could be the problem? Help please! Alan From sam at intervisual.com Thu Oct 12 08:51:54 2000 From: sam at intervisual.com (Sam Hebert) Date: Thu, 12 Oct 2000 07:51:54 -0600 Subject: [pptp-server] (no subject) Message-ID: From phil at vibrationresearch.com Thu Oct 12 08:52:53 2000 From: phil at vibrationresearch.com (Philip Van Baren) Date: Thu, 12 Oct 2000 09:52:53 -0400 Subject: [pptp-server] more help with network neighborhood In-Reply-To: <4.2.0.58.J.20001012194410.00b44b90@mail.silveregg.co.jp> Message-ID: <000201c03453$b79418c0$4500a8c0@vibrationresearch.com> Alan, Once when I had this problem, I went to the network configuration control panel, removed everything (except the ethernet adapter), and reinstalled everything. After doing this, Network Neighborhood through the VPN started working correctly. Phil > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Alan Chung > Sent: Thursday, October 12, 2000 6:56 AM > To: Cowles, Steve > Cc: pptp-server at lists.schulte.org > Subject: [pptp-server] more help with network neighborhood > > > I have verified using winipcfg and it does show the correct info of ppp > adapter, including WINS, DNS.... But I am still not able to browse other > computers. I am currently using NT PDC internally so that it > will be good > if I can have VPN client log into the NT domain. But since I > can't see any > of internal machine (including WINS server, which is also NT > PDC), there is > no way I can log on NT PDC. I still have trouble with browsing internal > network from VPN client. > > Aternatively, I can setup a samba on pptp server and then I can see it by > using the FIND tool from start menu. But it is not a good > solution since I > am using a NT PDC already. > > Anyone know what could be the problem? > > Help please! > > Alan > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From gord at amador.ca Thu Oct 12 09:15:15 2000 From: gord at amador.ca (Gord Belsey) Date: Thu, 12 Oct 2000 08:15:15 -0600 Subject: [pptp-server] Administration of dead PPTP tunnels References: <39E56AC9.4DA27BDF@sxb.bsf.alcatel.fr> Message-ID: <071a01c03456$d82db5c0$280111ac@amadorinc.com> Pascal: I fixed this problem by setting the following in the /etc/ppp/options file: lcp-echo-failure 10 lcp-echo-timeout 1 This is sort of the ppp/pptp version of a ping. In this case, if the client doesn't respond in 1 second (lcp-echo-time-out) I consider it a failed echo, and 10 failed echos (lcp-echo-failure) in a row means the link has been dropped. PoPToP will then let the connection "die". You can play around with both these settings to your liking. Hope this helps Gord Belsey ----- Original Message ----- From: Pascal Fremaux To: Sent: Thursday, October 12, 2000 1:39AM Subject: [pptp-server] Administration of dead PPTP tunnels > Sometimes in our tests, when clients are bad configured or somethings > like that, a tunnel goes down for the client side, but stay up on the > server. > So there are more and more 'zombi' tunnels which 'eat' all the range of > IP addresses. > How could you detect automatically those zombies, and clean them ? > How do you manage that ? > > -- > Pascal Fremaux, SSII Alten > Study Engineer at Alcatel Telecom > R&D, Illkirch, France > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From jvonau at home.com Thu Oct 12 10:38:49 2000 From: jvonau at home.com (Jerry Vonau) Date: Thu, 12 Oct 2000 10:38:49 -0500 Subject: [pptp-server] can't ping past pptp server Message-ID: <39E5DB08.FFB1CCC2@home.com> Hi All: The subject said it all. Proxyarp is enabled and shows in the log, no access to the LAN. ip forwarding is a 1 I have the same setup working on 2.2.12,13,14,15 kernels, but what is the trick with 2.2.16-3. I used the exact same scripts. 128bit works great, but can't ping anything on the lan except the ppp link. Jerry Vonau From ctooley at amoa.org Thu Oct 12 13:39:38 2000 From: ctooley at amoa.org (ctooley at amoa.org) Date: Thu, 12 Oct 2000 13:39:38 -0500 Subject: [pptp-server] Can't get ppp.c to compile in 2.2.17 Message-ID: <86256976.00664290.00@amoa.org> I can't seem to get the 2.2.17 kernel to compile with ppp-2.3.11 and the mppe patches found on the pptpd site. Anyone run into this problem? Chris Tooley From phil at vibrationresearch.com Thu Oct 12 13:52:52 2000 From: phil at vibrationresearch.com (Philip Van Baren) Date: Thu, 12 Oct 2000 14:52:52 -0400 Subject: [pptp-server] Can't get ppp.c to compile in 2.2.17 In-Reply-To: <86256976.00664290.00@amoa.org> Message-ID: <000b01c0347d$a02bdf40$4500a8c0@vibrationresearch.com> I have gotten it to compile using the procedure at http://www.vibrationresearch.com/pptpd/example.html This procedure has some extra patches to fix the problems you will run into when using kernel 2.2.17 and ppp-2.3.11. Phil > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > ctooley at amoa.org > Sent: Thursday, October 12, 2000 2:40 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Can't get ppp.c to compile in 2.2.17 > > > > > I can't seem to get the 2.2.17 kernel to compile with ppp-2.3.11 > and the mppe > patches found on the pptpd site. Anyone run into this problem? > > Chris Tooley > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From ctooley at amoa.org Thu Oct 12 14:32:55 2000 From: ctooley at amoa.org (ctooley at amoa.org) Date: Thu, 12 Oct 2000 14:32:55 -0500 Subject: [pptp-server] Can't get ppp.c to compile in 2.2.17 Message-ID: <86256976.006B2435.00@amoa.org> Thank you Philip, that made a huge difference. It seems to compile now. Now I just have to make the stupid thing find the module ppp_mppe.o module like it's supposed to Chris "Philip Van Baren" on 10/12/2000 01:52:52 PM To: pptp-server at lists.schulte.org cc: (bcc: Chris Tooley/AMOA) Subject: RE: [pptp-server] Can't get ppp.c to compile in 2.2.17 I have gotten it to compile using the procedure at http://www.vibrationresearch.com/pptpd/example.html This procedure has some extra patches to fix the problems you will run into when using kernel 2.2.17 and ppp-2.3.11. Phil > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of > ctooley at amoa.org > Sent: Thursday, October 12, 2000 2:40 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Can't get ppp.c to compile in 2.2.17 > > > > > I can't seem to get the 2.2.17 kernel to compile with ppp-2.3.11 > and the mppe > patches found on the pptpd site. Anyone run into this problem? > > Chris Tooley > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server List services provided by www.schulteconsulting.com! From ctooley at amoa.org Thu Oct 12 15:37:01 2000 From: ctooley at amoa.org (ctooley at amoa.org) Date: Thu, 12 Oct 2000 15:37:01 -0500 Subject: [pptp-server] Can't get ppp.c to compile in 2.2.17 Message-ID: <86256976.0071017A.00@amoa.org> Now I'm just getting errors and it's dropping when it connects. Chris Tooley PS See attached log file.(See attached file: pptpderrors) -------------- next part -------------- A non-text attachment was scrubbed... Name: pptpderrors Type: application/octet-stream Size: 2417 bytes Desc: not available URL: From alan at silveregg.co.jp Fri Oct 13 01:06:54 2000 From: alan at silveregg.co.jp (Alan Chung) Date: Fri, 13 Oct 2000 15:06:54 +0900 Subject: [pptp-server] weird browsing problem Message-ID: <4.2.0.58.J.20001013150046.00b06ae0@mail.silveregg.co.jp> I have stuck with browsing problem for a long time. Today, when I tried using another new PC for VPN client and connected to server, suddenly I could see the internal machines and I was so happy about it. But after I reconnected it was back to nothing. No matter how many times I tried to take off network setup and reinstalled it on VPN client, it wouldn't work any more. I am still not able to see or browse any internal machine after PPP connection. Isn' it awkward? What could be the problem? I am out of idea... Does anyone have the same experience? Alan From tdn at stack.ru Fri Oct 13 02:23:57 2000 From: tdn at stack.ru (Dmitry Tolpanov) Date: Fri, 13 Oct 2000 14:23:57 +0700 Subject: [pptp-server] Traffic count. Message-ID: <401323122.20001013142357@stack.ru> Hi. I need to count traffic ammount for PPTP clients (my server on FreeBSD). May be I missed this section in documentation. Can anybody help me or point to an information source. Thanks Dmitry. From zffej at netscape.net Fri Oct 13 01:30:26 2000 From: zffej at netscape.net (Jeff Zacharias) Date: 12 Oct 00 23:30:26 PDT Subject: [pptp-server] Unsupported protocol 0xd057 received Message-ID: <20001013063027.18356.qmail@www0w.netaddress.usa.net> I'm using redhat 7 with kernel 2.2.16-22, with pptpd-1.0.0-1.i386.rpm and ppp-2.3.11 with patch ppp-2.3.11-openssl-0.9.5-mppe.patch.gz. With this config it did not compile the ppp module in the kernel. So it was suggested to me that I change the following line in the /usr/src/linux/drivers/net/ppp.c kill_fasync (ppp->tty->fasync, SIGIO); to kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); With this change it finally compiled. Now when I do all the rmmod and insmod, and start pptpd, I can connect with win98 client, but I cannot ping the server signed pptpd IP address (192.168.21.2). And I get the following error in the /var/log/messages. Oct 12 22:33:19 zebra pptpd[4241]: CTRL: Client 192.168.20.5 control connection started Oct 12 22:33:19 zebra pptpd[4241]: CTRL: Starting call (launching pppd, opening GRE) Oct 12 22:33:19 zebra pppd[4242]: pppd 2.3.11 started by root, uid 0 Oct 12 22:33:19 zebra pppd[4242]: Using interface ppp1 Oct 12 22:33:19 zebra pppd[4242]: Connect: ppp1 <--> /dev/pts/3 Oct 12 22:33:19 zebra pppd[4242]: MSCHAP peer authentication succeeded for f Oct 12 22:33:19 zebra pppd[4242]: found interface eth1 for proxy arp Oct 12 22:33:19 zebra pppd[4242]: local IP address 192.168.21.2 Oct 12 22:33:19 zebra pppd[4242]: remote IP address 192.168.21.52 Oct 12 22:33:19 zebra pppd[4242]: MPPE 40 bit, stateless compression enabled Oct 12 22:33:20 zebra pppd[4242]: Unsupported protocol 0xd057 received Oct 12 22:33:22 zebra pppd[4242]: Unsupported protocol 0x8bd2 received Oct 12 22:33:22 zebra pppd[4242]: Unsupported protocol 0xe658 received Oct 12 22:33:22 zebra pppd[4242]: Unsupported protocol 0x587c received Oct 12 22:33:23 zebra pppd[4242]: Unsupported protocol 0xcf26 received ...etc I should also note that if I turn off the encryption part, everything works fine and I can ping what I want and access what I want over the pptp connection. Is there any fix for this? Sincerely Jeff Zacharias zffej at netscape.net ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail From phil at vibrationresearch.com Fri Oct 13 10:45:32 2000 From: phil at vibrationresearch.com (Philip Van Baren) Date: Fri, 13 Oct 2000 11:45:32 -0400 Subject: [pptp-server] Unsupported protocol 0xd057 received In-Reply-To: <20001013063027.18356.qmail@www0w.netaddress.usa.net> Message-ID: <001001c0352c$9eeb7c80$4500a8c0@vibrationresearch.com> This error could be due to lost or out-of-order packets. ppp_mppe has a bug that prevents it from re-syncing after a lost packet. Look on the poptop.lineo.com download page for the ppp_mppe.c compressed data bug patch to fix this. If packets are being dropped because of packet ordering problems, try pptpd-1.1.2. Phil > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Jeff Zacharias > Sent: Friday, October 13, 2000 2:30 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Unsupported protocol 0xd057 received > > > I'm using redhat 7 with kernel 2.2.16-22, with pptpd-1.0.0-1.i386.rpm and > ppp-2.3.11 with patch ppp-2.3.11-openssl-0.9.5-mppe.patch.gz. With this > config it did not compile the ppp module in the kernel. So it > was suggested > to me that I change the following line in the > /usr/src/linux/drivers/net/ppp.c > > kill_fasync (ppp->tty->fasync, SIGIO); > > to > > kill_fasync (ppp->tty->fasync, SIGIO, POLL_IN); > > With this change it finally compiled. Now when I do all the > rmmod and insmod, > and start pptpd, I can connect with win98 client, but I cannot > ping the server > signed pptpd IP address (192.168.21.2). And I get the following > error in the > /var/log/messages. > > > Oct 12 22:33:19 zebra pptpd[4241]: CTRL: Client 192.168.20.5 control > connection started > Oct 12 22:33:19 zebra pptpd[4241]: CTRL: Starting call (launching pppd, > opening GRE) > Oct 12 22:33:19 zebra pppd[4242]: pppd 2.3.11 started by root, uid 0 > Oct 12 22:33:19 zebra pppd[4242]: Using interface ppp1 > Oct 12 22:33:19 zebra pppd[4242]: Connect: ppp1 <--> /dev/pts/3 > Oct 12 22:33:19 zebra pppd[4242]: MSCHAP peer authentication > succeeded for f > Oct 12 22:33:19 zebra pppd[4242]: found interface eth1 for proxy arp > Oct 12 22:33:19 zebra pppd[4242]: local IP address 192.168.21.2 > Oct 12 22:33:19 zebra pppd[4242]: remote IP address 192.168.21.52 > Oct 12 22:33:19 zebra pppd[4242]: MPPE 40 bit, stateless > compression enabled > Oct 12 22:33:20 zebra pppd[4242]: Unsupported protocol 0xd057 received > Oct 12 22:33:22 zebra pppd[4242]: Unsupported protocol 0x8bd2 received > Oct 12 22:33:22 zebra pppd[4242]: Unsupported protocol 0xe658 received > Oct 12 22:33:22 zebra pppd[4242]: Unsupported protocol 0x587c received > Oct 12 22:33:23 zebra pppd[4242]: Unsupported protocol 0xcf26 received > ...etc > > I should also note that if I turn off the encryption part, > everything works > fine and I can ping what I want and access what I want over the pptp > connection. Is there any fix for this? > > Sincerely > Jeff Zacharias > zffej at netscape.net > > ____________________________________________________________________ > Get your own FREE, personal Netscape WebMail account today at > http://home.netscape.com/webmail > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! > From natecars at real-time.com Fri Oct 13 11:16:15 2000 From: natecars at real-time.com (Nate Carlson) Date: Fri, 13 Oct 2000 11:16:15 -0500 (CDT) Subject: [pptp-server] weird browsing problem In-Reply-To: <4.2.0.58.J.20001013150046.00b06ae0@mail.silveregg.co.jp> Message-ID: On Fri, 13 Oct 2000, Alan Chung wrote: > I have stuck with browsing problem for a long time. Today, when I tried > using another new PC for VPN client and connected to server, suddenly I > could see the internal machines and I was so happy about it. But after I > reconnected it was back to nothing. No matter how many times I tried to > take off network setup and reinstalled it on VPN client, it wouldn't work > any more. I am still not able to see or browse any internal machine after > PPP connection. Isn' it awkward? What could be the problem? I am out of > idea... > > Does anyone have the same experience? Have you gotten WINS installed properly and all that stuff? That's all I've ever had to do to get browsing working. You do have to make sure every machine on the network is registering itself to the WINS server, and that the WINS server is being used in the dial-up connection, though. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From frankh at mwes.com Fri Oct 13 11:45:10 2000 From: frankh at mwes.com (Frank) Date: Fri, 13 Oct 2000 11:45:10 -0500 Subject: [pptp-server] I'm new to all this.. Message-ID: Hi there, This is my first venture into the world of VPN so please excuse me if I ask some dumb questions. I am trying to give my remote users a better option than dialing in on a slow modem and it sounds like VPN may give me a solution. I currently have a Linux firewall running a proxy (Squid). I hope to put the PoPToP server on it but if there is a reason I can't (or shouldn't) please tell me so I can see about a different machine. The biggest question I have at this point is can I test this while we are waiting for our provider to give us a static IP address? Without boring you with a long story, there are reasons we still are doing dynamic addressing, but I can get the current address anytime I need it. I'm wondering if there is any reason I couldn't plug that in to the appropriate places (once I learn where they are) just to try it. Also, I assume I would need to make changes to the ipchains rules so if someone could point me to a FAQ/How-To? I'm sure once I get everything installed I'll generate some more questions but these will do for now. Thanks in advance, Frank Frank Holt Phone: (414) 327-0000 Project Engineer Fax: (414) 327-8821 Midwest Engineering Systems, Inc e-mail: frankh at mwes.com From aalang at rutgersinsurance.com Fri Oct 13 12:13:12 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Fri, 13 Oct 2000 13:13:12 -0400 Subject: [pptp-server] I'm new to all this.. References: Message-ID: <00e901c03538$de023060$330a0a0a@6014cwpza006> Replies inline... Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Frank" To: Sent: Friday, October 13, 2000 12:45 PM Subject: [pptp-server] I'm new to all this.. > I currently have a Linux firewall running a proxy (Squid). I hope to put the > PoPToP server on it but if there is a reason I can't (or shouldn't) please > tell me so I can see about a different machine. You can put it on the same machine, there is no technical reasons to disallow this. As far as shouldn't, that is upto you and your company's security policy. In all technicalities, should not have the pptp on your firewall, but ti comes down to how paranoid your security is. Every person has there different degrees. The only other consideration is that putting a pptp server behind your firewall complicates the configuration. > > The biggest question I have at this point is can I test this while we are > waiting for our provider to give us a static IP address? Without boring you > with a long story, there are reasons we still are doing dynamic addressing, > but I can get the current address anytime I need it. I'm wondering if there > is any reason I couldn't plug that in to the appropriate places (once I > learn where they are) just to try it. As long as you can get the current address, you are fine. > > Also, I assume I would need to make changes to the ipchains rules so if > someone could point me to a FAQ/How-To? I believe poptop.lineo.com is the most current website for information and downloads. From natecars at real-time.com Fri Oct 13 12:28:29 2000 From: natecars at real-time.com (Nate Carlson) Date: Fri, 13 Oct 2000 12:28:29 -0500 (CDT) Subject: [pptp-server] I'm new to all this.. In-Reply-To: Message-ID: On Fri, 13 Oct 2000, Frank wrote: > This is my first venture into the world of VPN so please excuse me if I ask > some dumb questions. I am trying to give my remote users a better option > than dialing in on a slow modem and it sounds like VPN may give me a > solution. > > I currently have a Linux firewall running a proxy (Squid). I hope to put the > PoPToP server on it but if there is a reason I can't (or shouldn't) please > tell me so I can see about a different machine. > > The biggest question I have at this point is can I test this while we are > waiting for our provider to give us a static IP address? Without boring you > with a long story, there are reasons we still are doing dynamic addressing, > but I can get the current address anytime I need it. I'm wondering if there > is any reason I couldn't plug that in to the appropriate places (once I > learn where they are) just to try it. Sure. Just use the Static IP address for the IP to connect to on the client end, and don't tell the PPTP daemon to bind to any IP address.. > Also, I assume I would need to make changes to the ipchains rules so if > someone could point me to a FAQ/How-To? http://poptop.lineo.com/help.html has links to many howto's. > I'm sure once I get everything installed I'll generate some more questions > but these will do for now. But of course. :) -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From kelly.black at btree.com Fri Oct 13 14:25:16 2000 From: kelly.black at btree.com (Kelly Black) Date: Fri, 13 Oct 2000 14:25:16 -0500 Subject: [pptp-server] PPTP VPN box outside of the Firewall Message-ID: <39E7619C.5CD82A81@btree.com> Can anybody point me to any good documentation about setting up PoPToP on a box outside of the companies firewall? Internet Internet |(Routeable) |(eth0 Routeable) __|__ __|__ | | DMZ | | |Fire |---------------------------------------| VPN | |_____| (Routeable) (eth1 Routeable)|_____| | | (internal non routeable) | | ----------------(internal non-routeable network )------------------- Thanks, Kelly Black Systems Administrator TestQuest, Inc. From aalang at rutgersinsurance.com Fri Oct 13 14:23:42 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Fri, 13 Oct 2000 15:23:42 -0400 Subject: [pptp-server] PPTP VPN box outside of the Firewall References: <39E7619C.5CD82A81@btree.com> Message-ID: <00c101c0354b$193077c0$330a0a0a@6014cwpza006> For the most part, all documentation is either at, or linked to, at poptop.lineo.com Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Kelly Black" To: Sent: Friday, October 13, 2000 3:25 PM Subject: [pptp-server] PPTP VPN box outside of the Firewall > Can anybody point me to any good documentation about setting up PoPToP > on a box outside of the companies firewall? > > Internet Internet > |(Routeable) |(eth0 Routeable) > __|__ __|__ > | | DMZ | | > |Fire |---------------------------------------| VPN | > |_____| (Routeable) (eth1 Routeable)|_____| > | > | (internal non routeable) > | > | > ----------------(internal non-routeable network )------------------- > > Thanks, > Kelly Black > Systems Administrator > TestQuest, Inc. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From kelly.black at btree.com Fri Oct 13 14:48:22 2000 From: kelly.black at btree.com (Kelly Black) Date: Fri, 13 Oct 2000 14:48:22 -0500 Subject: [pptp-server] PPTP VPN box outside of the Firewall References: <39E7619C.5CD82A81@btree.com> <00c101c0354b$193077c0$330a0a0a@6014cwpza006> Message-ID: <39E76706.19B8AE3F@btree.com> I have read all I could find to date, but have not found any reference to what I am trying to do. Lots of parallel paths (setting up VPN box as firewall), or VPN inside the company firewall, but nothing about VPN outside the firewall. Kelly Black Systems Administrator TestQuest, Inc. Adam Lang wrote: > > For the most part, all documentation is either at, or linked to, at > poptop.lineo.com > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > ----- Original Message ----- > From: "Kelly Black" > To: > Sent: Friday, October 13, 2000 3:25 PM > Subject: [pptp-server] PPTP VPN box outside of the Firewall > > > Can anybody point me to any good documentation about setting up PoPToP > > on a box outside of the companies firewall? > > > > Internet Internet > > |(Routeable) |(eth0 Routeable) > > __|__ __|__ > > | | DMZ | | > > |Fire |---------------------------------------| VPN | > > |_____| (Routeable) (eth1 Routeable)|_____| > > | > > | (internal non routeable) > > | > > | > > ----------------(internal non-routeable network )------------------- > > > > Thanks, > > Kelly Black > > Systems Administrator > > TestQuest, Inc. > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From christopherandrew at ou.edu Fri Oct 13 14:45:50 2000 From: christopherandrew at ou.edu (Andy Worthington) Date: Fri, 13 Oct 2000 14:45:50 -0500 Subject: [pptp-server] PPTP VPN box outside of the Firewall References: <39E7619C.5CD82A81@btree.com><00c101c0354b$193077c0$330a0a0a@6014cwpza006> <39E76706.19B8AE3F@btree.com> Message-ID: <00fb01c0354e$31d2e580$6501a8c0@rockcitycorp.com> If you setup poptop on a machine outside of your firewall there needs to be a secure way for the connections to be routed to the internal net. One solution that would probably work would be to setup ipsec (freeswan on linux) between the poptop box and the firewall so once people connected to the poptop box they would travel down the ipsec tunnel to the internal network. Andy Worthington rockcity.com ----- Original Message ----- From: "Kelly Black" Cc: Sent: Friday, October 13, 2000 2:48 PM Subject: Re: [pptp-server] PPTP VPN box outside of the Firewall > I have read all I could find to date, but have not found any reference > to what I am trying to do. > Lots of parallel paths (setting up VPN box as firewall), or VPN inside > the company firewall, > but nothing about VPN outside the firewall. > > Kelly Black > Systems Administrator > TestQuest, Inc. > > > Adam Lang wrote: > > > > For the most part, all documentation is either at, or linked to, at > > poptop.lineo.com > > > > Adam Lang > > Systems Engineer > > Rutgers Casualty Insurance Company > > ----- Original Message ----- > > From: "Kelly Black" > > To: > > Sent: Friday, October 13, 2000 3:25 PM > > Subject: [pptp-server] PPTP VPN box outside of the Firewall > > > > > Can anybody point me to any good documentation about setting up PoPToP > > > on a box outside of the companies firewall? > > > > > > Internet Internet > > > |(Routeable) |(eth0 Routeable) > > > __|__ __|__ > > > | | DMZ | | > > > |Fire |---------------------------------------| VPN | > > > |_____| (Routeable) (eth1 Routeable)|_____| > > > | > > > | (internal non routeable) > > > | > > > | > > > ----------------(internal non-routeable network )------------------- > > > > > > Thanks, > > > Kelly Black > > > Systems Administrator > > > TestQuest, Inc. > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From aalang at rutgersinsurance.com Fri Oct 13 15:02:10 2000 From: aalang at rutgersinsurance.com (Adam Lang) Date: Fri, 13 Oct 2000 16:02:10 -0400 Subject: [pptp-server] PPTP VPN box outside of the Firewall References: <39E7619C.5CD82A81@btree.com> <00c101c0354b$193077c0$330a0a0a@6014cwpza006> <39E76706.19B8AE3F@btree.com> Message-ID: <00f701c03550$78d11cc0$330a0a0a@6014cwpza006> So... what is your setup then? You'll have an internal network that connects to a firewall, andthe firewall connects to the internet. the pptp server connects to the internet... do you have a second NIC connected to the firewall? Adam Lang Systems Engineer Rutgers Casualty Insurance Company ----- Original Message ----- From: "Kelly Black" Cc: Sent: Friday, October 13, 2000 3:48 PM Subject: Re: [pptp-server] PPTP VPN box outside of the Firewall > I have read all I could find to date, but have not found any reference > to what I am trying to do. > Lots of parallel paths (setting up VPN box as firewall), or VPN inside > the company firewall, > but nothing about VPN outside the firewall. > > Kelly Black > Systems Administrator > TestQuest, Inc. > > > Adam Lang wrote: > > > > For the most part, all documentation is either at, or linked to, at > > poptop.lineo.com > > > > Adam Lang > > Systems Engineer > > Rutgers Casualty Insurance Company > > ----- Original Message ----- > > From: "Kelly Black" > > To: > > Sent: Friday, October 13, 2000 3:25 PM > > Subject: [pptp-server] PPTP VPN box outside of the Firewall > > > > > Can anybody point me to any good documentation about setting up PoPToP > > > on a box outside of the companies firewall? > > > > > > Internet Internet > > > |(Routeable) |(eth0 Routeable) > > > __|__ __|__ > > > | | DMZ | | > > > |Fire |---------------------------------------| VPN | > > > |_____| (Routeable) (eth1 Routeable)|_____| > > > | > > > | (internal non routeable) > > > | > > > | > > > ----------------(internal non-routeable network )------------------- > > > > > > Thanks, > > > Kelly Black > > > Systems Administrator > > > TestQuest, Inc. > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > List services provided by www.schulteconsulting.com! From kelly.black at btree.com Fri Oct 13 15:14:42 2000 From: kelly.black at btree.com (Kelly Black) Date: Fri, 13 Oct 2000 15:14:42 -0500 Subject: [pptp-server] PPTP VPN box outside of the Firewall References: <39E7619C.5CD82A81@btree.com><00c101c0354b$193077c0$330a0a0a@6014cwpza006> <39E76706.19B8AE3F@btree.com> <00fb01c0354e$31d2e580$6501a8c0@rockcitycorp.com> Message-ID: <39E76D32.7638B6B4@btree.com> If the VPN eth1 points to the Firewall's trusted interface on the DMZ, would the traffic need to be encrypted? Would a simple route to the interface on the Firewall's trusted interface be ok? Kelly Black Systems Administrator TestQuest, Inc. Andy Worthington wrote: > > If you setup poptop on a machine outside of your firewall there needs to be > a secure way for the connections to be routed to the internal net. One > solution that would probably work would be to setup ipsec (freeswan on > linux) between the poptop box and the firewall so once people connected to > the poptop box they would travel down the ipsec tunnel to the internal > network. > > Andy Worthington > rockcity.com > > ----- Original Message ----- > From: "Kelly Black" > Cc: > Sent: Friday, October 13, 2000 2:48 PM > Subject: Re: [pptp-server] PPTP VPN box outside of the Firewall > > > I have read all I could find to date, but have not found any reference > > to what I am trying to do. > > Lots of parallel paths (setting up VPN box as firewall), or VPN inside > > the company firewall, > > but nothing about VPN outside the firewall. > > > > Kelly Black > > Systems Administrator > > TestQuest, Inc. > > > > > > Adam Lang wrote: > > > > > > For the most part, all documentation is either at, or linked to, at > > > poptop.lineo.com > > > > > > Adam Lang > > > Systems Engineer > > > Rutgers Casualty Insurance Company > > > ----- Original Message ----- > > > From: "Kelly Black" > > > To: > > > Sent: Friday, October 13, 2000 3:25 PM > > > Subject: [pptp-server] PPTP VPN box outside of the Firewall > > > > > > > Can anybody point me to any good documentation about setting up PoPToP > > > > on a box outside of the companies firewall? > > > > > > > > Internet Internet > > > > |(Routeable) |(eth0 Routeable) > > > > __|__ __|__ > > > > | | DMZ | | > > > > |Fire |---------------------------------------| VPN | > > > > |_____| (Routeable) (eth1 Routeable)|_____| > > > > | > > > > | (internal non routeable) > > > > | > > > > | > > > > ----------------(internal non-routeable network )------------------- > > > > > > > > Thanks, > > > > Kelly Black > > > > Systems Administrator > > > > TestQuest, Inc. > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > List services provided by www.schulteconsulting.com! > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > List services provided by www.schulteconsulting.com! > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > List services provided by www.schulteconsulting.com! From kelly.black at btree.com Fri Oct 13 15:18:13 2000 From: kelly.black at btree.com (Kelly Black) Date: Fri, 13 Oct 2000 15:18:13 -0500 Subject: [pptp-server] PPTP VPN box outside of the Firewall References: <39E7619C.5CD82A81@btree.com> <00c101c0354b$193077c0$330a0a0a@6014cwpza006> <39E76706.19B8AE3F@btree.com> <00f701c03550$78d11cc0$330a0a0a@6014cwpza006> Message-ID: <39E76E05.F489793B@btree.com> Yes, The VPN and the firewall share a DMZ (a trusted interface exists on the firewall for hooking up to the VPN box). (Cheesy ascii art) > ----- Original Message ----- > > > ----- Original Message ----- > > > > > > > > Internet Internet > > > > |(Routeable) |(eth0 Routeable) > > > > __|__ __|__ > > > > | | DMZ | | > > > > |Fire |---------------------------------------| VPN | > > > > |_____| (Routeable) (eth1 Routeable)|_____| > > > > | > > > > | (internal non routeable) > > > > | > > > > | > > > > ----------------(internal non-routeable network )------------------- > > > > Adam Lang wrote: > > So... what is your setup then? You'll have an internal network that > connects to a firewall, andthe firewall connects to the internet. the pptp > server connects to the internet... do you have a second NIC connected to the > firewall? > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company From CSinsofsky at FUTUREWAY.CA Fri Oct 13 15:38:37 2000 From: CSinsofsky at FUTUREWAY.CA (Charles Sinsofsky) Date: Fri, 13 Oct 2000 16:38:37 -0400 Subject: [pptp-server] Accessing a web server on an internal masq machine Message-ID: <703D51765C3DD41187260050DA0B61FB36F561@EX01> Hello, I know i must be missing something here but let me present a scenario that I am building using your firewall / script engine. 1) I have a working VPN, with Poptop, and two nic cards. I have the mppe patches installed, works all fine and dandy. Able login users they can then find internal machines, and then can use ms-exchange no problem works great. 2) I have setup your seawall.conf for 'strong' firewall. 3) I have an entry into 'servers' file in the /etc/seawall/servers file that contains the location of my 'web server' sitting on the internal lan. ie: 192.xx address. 4) Now I have ipmasqadm installed, i also have full portfw modules created and in the kernel they all work fine. Q) Here is my problem, how does one use the 'public' side of the masq machine to call the web server when the firewall prevents anyone from seeing the public ip address in the first place: For instance: say my web server is on ip: 192.168.10.4 (example only) my firewall / poptop / masq machine has ip internal: 192.168.10.1 ip external: 216.94.165.50 (these are example ip's only not valid) Now if I were to define a www.mywebsite.com to point to 216.94.165.50 the ipmasqadm portfw would translate that to 192.168.10.4, as i included in the servers file. You give an excellent example in the documentation for the seawall site. But here lies the problem, I can not even see '216.94.165.50' because this ip is blocked by the firewall. Am I missing something here? how would an internal web server work? I know if I establish a VPN tunnel i could easily see the 192.168.10.4 machine without the need for portforwarding, I have tried this it works fine because I am now basically on the lan, BUT for external users who are not VPN'ing into my machine but I do want them to see the web server (I would consider placing it into a DMZ) but the same problem arises, I can not see the public IP side of the server from the internet so I can not see the web server or for that matter the masq machine to forward the packets to?? Any help would be greatly appreciated...I hope I explained myself well enough...I really find your seawall/conf setup to be excellent and easy to work with. I understand the ipmasqadm portfw utility, and built what the sever / firewall scripts do automatically by hand, but I do not understand how to make the public IP address receive a web request! - Charles Sinsofsky Systems Architect - FCI -------------- next part -------------- An HTML attachment was scrubbed... URL: From kelly.black at btree.com Fri Oct 13 16:14:47 2000 From: kelly.black at btree.com (Kelly Black) Date: Fri, 13 Oct 2000 16:14:47 -0500 Subject: [pptp-server] PPTP VPN box outside of the Firewall References: <39E7619C.5CD82A81@btree.com><00c101c0354b$193077c0$330a0a0a@6014cwpza006> <39E76706.19B8AE3F@btree.com> <00fb01c0354e$31d2e580$6501a8c0@rockcitycorp.com> Message-ID: <39E77B47.F3B63F2A@btree.com> Interesting idea. Could be fun to play around with freeswan. I suppose I would only need 1 interface in the machine if it has a static routeable address, and both the firewall and vpn boxes were talking via ipsec. Kelly Black Systems Administrator TestQuest, Inc. Andy Worthington wrote: > > If you setup poptop on a machine outside of your firewall there needs to be > a secure way for the connections to be routed to the internal net. One > solution that would probably work would be to setup ipsec (freeswan on > linux) between the poptop box and the firewall so once people connected to > the poptop box they would travel down the ipsec tunnel to the internal > network. > > Andy Worthington > rockcity.com > > ----- Original Message ----- > From: "Kelly Black" > Cc: > Sent: Friday, October 13, 2000 2:48 PM > Subject: Re: [pptp-server] PPTP VPN box outside of the Firewall > > > I have read all I could find to date, but have not found any reference > > to what I am trying to do. > > Lots of parallel paths (setting up VPN box as firewall), or VPN inside > > the company firewall, > > but nothing about VPN outside the firewall. > > From natecars at real-time.com Fri Oct 13 16:57:58 2000 From: natecars at real-time.com (Nate Carlson) Date: Fri, 13 Oct 2000 16:57:58 -0500 (CDT) Subject: [pptp-server] PPTP VPN box outside of the Firewall In-Reply-To: <39E7619C.5CD82A81@btree.com> Message-ID: On Fri, 13 Oct 2000, Kelly Black wrote: > Can anybody point me to any good documentation about setting up PoPToP > on a box outside of the companies firewall? > > Internet Internet > |(Routeable) |(eth0 Routeable) > __|__ __|__ > | | DMZ | | > |Fire |---------------------------------------| VPN | > |_____| (Routeable) (eth1 Routeable)|_____| > | > | (internal non routeable) > | > | > ----------------(internal non-routeable network )------------------- > > Thanks, > Kelly Black > Systems Administrator > TestQuest, Inc. Depends, what do you want to access? If you want to access the internal network, you'll need to enable access from that box to the internal non-routable network.. easiest way to get it working is just to run it on the firewall, or to give the VPN box an interface on the internal non-routable network. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From natecars at real-time.com Fri Oct 13 16:59:17 2000 From: natecars at real-time.com (Nate Carlson) Date: Fri, 13 Oct 2000 16:59:17 -0500 (CDT) Subject: [pptp-server] PPTP VPN box outside of the Firewall In-Reply-To: <39E76D32.7638B6B4@btree.com> Message-ID: On Fri, 13 Oct 2000, Kelly Black wrote: > If the VPN eth1 points to the Firewall's trusted interface on the DMZ, > would the traffic need to be encrypted? Would a simple route to the > interface on the Firewall's trusted interface be ok? Route should be enough. -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From natecars at real-time.com Fri Oct 13 16:59:46 2000 From: natecars at real-time.com (Nate Carlson) Date: Fri, 13 Oct 2000 16:59:46 -0500 (CDT) Subject: [pptp-server] PPTP VPN box outside of the Firewall In-Reply-To: <39E77B47.F3B63F2A@btree.com> Message-ID: On Fri, 13 Oct 2000, Kelly Black wrote: > Interesting idea. Could be fun to play around with freeswan. I suppose > I would only need 1 interface in the machine if it has a static > routeable address, and both the firewall and vpn boxes were talking via > ipsec. FreeS/WAN rules. But, in your situation, you probably don't need it. :) -- Nate Carlson | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500 From mmahmodani at lycos.com Sat Oct 14 04:20:03 2000 From: mmahmodani at lycos.com (Mahbod Mahmodani) Date: Sat, 14 Oct 2000 05:20:03 -0400 Subject: [pptp-server] VPN start Message-ID: