From GeorgeV at citadelcomputer.com.au Thu Aug 2 01:57:15 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 2 Aug 2001 16:57:15 +1000 Subject: [pptp-server] DUN for NT Message-ID: <200FAA488DE0D41194F10010B597610D1728A6@JUPITER> Hi all, This is sort of relevant but I need to download DUN for Win NT 4. To see if it fixes my dialup problem. I can't connect to VPN or even a modem dialup and was hoping a upgrade of DUN might help. I have only Service Pack 5 installed and I think SP6a may not help either... DUN plays up and minimises off the screen and can't kill the process without using Task Manager..etc..etc.. (not required to explain further on this list). Any ideas where abouts at Microsoft download where I can get this... I've seen posts about updating DUN for PPTP..I tried the KB and Download section but can't find it. sorry for the slight off topic but any help is appreciated.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 From wojciech.milc at milc.com.pl Thu Aug 2 02:50:43 2001 From: wojciech.milc at milc.com.pl (Wojciech Milc) Date: Thu, 2 Aug 2001 09:50:43 +0200 Subject: [pptp-server] Problem: Multiple Win98 clients IP assigment and bandwith control Message-ID: <005101c11b27$d5725940$0900000a@biurok1> I don't think I could find it in list archive, so: I need to set up a vpn server on linux machine which will accept miltiple (up to 100 or more) connections of win98 hosts. This looks like here: [win98] [win98] ... [win98] | | | | | | - dial - up ppp links to various providers | | | bandwidth range 33k - 512k | | | [ ] [ ] [ INTERNET ]-<>- X, Y, Z hosts outside country [ ] [ ] | | - 2mbit SDSL line | [linux machine] [with pptp ] The VPN shall be between win98 machines and linux machine. The pourpose of this network is that win98 host's providers have much worse international route throughput than my server using SDSL. So i need to set a number of vpn's to each of potential customers to allow them to get fast access to X, Y, Z hosts outside country. The reason why I use VPN is that my customers are mainly interested in low pings to various multiplayer game servers wchich use various ports and sometime even a peer to peer model (like Blizzard's Starcraft Broodwar) so it is hard or even impossible to use some kind of the proxy (like popular Hummingbird). I can easily get that project working as it is explained above, but there are some major problems which I have to face before my project can be fully commercial. These are: 1. I don't know how to assign a specific (and ONLY that one) IP to a specific login (I can assign an IP range to whole pptp). 2. It would be nice if second login to a specific account from another machine will cause breakdown of existing link on that account - this would happen if user would like to use vpn from a home machine while he forgot to break the vpn on another one at work. 3. I don't know how to control (limit) the throughput of every single connection (for example one - cheaper - to 56 kbps another - for another customer with other needs - to 256 kbps) I only know how to limit throughput for the whole pptp. Sinecerly Wojciech Milc wojciech.milc at milc.com.pl From sdetilly at mandrakesoft.com Thu Aug 2 11:45:50 2001 From: sdetilly at mandrakesoft.com (Sylvain de Tilly) Date: 02 Aug 2001 12:45:50 -0400 Subject: [pptp-server] obtain an ip address for the client. Message-ID: Hi, I use pptp-server-1.0.1 on a Linux mandrake 8.1 cooker (beta) and I want to connect to my server a win2000 or win98 (2nd edition) client. All clients are on the same subnet (192.168.1.0/24) But I can't obtain an ip address automaticaly (if I fix it, that's work well with two os). win2000 error message is - ERROR 738 THE SERVER DID NOT ASSIGN AN ADDRESS ! This is my /etc/ppptp.conf on test6 computer : : debug : localip 192.168.1.107 : remoteip 192.168.1.108 and my /etc/ppp/options : : debug : name ici.mandrakesoft.com : auth : require-chap : proxyarp Even my /etc/ppp/chat-secrets : : # Secrets for authentication using CHAP : # client server secret IP addresses : stilly test6.mandrakesoft.com coucou * Here my log message with a win2000 client : Aug 2 11:39:21 test6 pptpd[14054]: MGR: Manager process started Aug 2 11:39:30 test6 nmbd[1285]: [2001/08/02 11:39:30, 0] nmbd/nmbd_incomingdgrams.c:process_master_browser_announce(387) Aug 2 11:39:30 test6 nmbd[1285]: process_master_browser_announce: Not configured as domain master - ignoring master announce. Aug 2 11:39:31 test6 pptpd[14055]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Client 192.168.1.249 control connection started Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Received PPTP Control Message (type: 1) Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Made a START CTRL CONN RPLY packet Aug 2 11:39:31 test6 pptpd[14055]: CTRL: I wrote 156 bytes to the client. Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Sent packet to client Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Received PPTP Control Message (type: 7) Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Set parameters to 1525 maxbps, 64 window size Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Made a OUT CALL RPLY packet Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Starting call (launching pppd, opening GRE) Aug 2 11:39:31 test6 pptpd[14055]: CTRL: pty_fd = 4 Aug 2 11:39:31 test6 pptpd[14055]: CTRL: tty_fd = 5 Aug 2 11:39:31 test6 pptpd[14056]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 2 11:39:31 test6 pptpd[14055]: CTRL: I wrote 32 bytes to the client. Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Sent packet to client Aug 2 11:39:31 test6 pppd[14056]: pppd 2.4.1 started by root, uid 0 Aug 2 11:39:31 test6 pppd[14056]: using channel 23 Aug 2 11:39:31 test6 pppd[14056]: Using interface ppp0 Aug 2 11:39:31 test6 pppd[14056]: Connect: ppp0 <--> /dev/pts/2 Aug 2 11:39:31 test6 pppd[14056]: sent [LCP ConfReq id=0x1 ] Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Received PPTP Control Message (type: 15) Aug 2 11:39:31 test6 pptpd[14055]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 2 11:39:31 test6 pptpd[14055]: GRE: Discarding duplicate packet Aug 2 11:39:33 test6 pppd[14056]: rcvd [LCP ConfReq id=0x1 ] Aug 2 11:39:33 test6 pppd[14056]: sent [LCP ConfAck id=0x1 ] Aug 2 11:39:34 test6 pppd[14056]: sent [LCP ConfReq id=0x1 ] Aug 2 11:39:34 test6 pptpd[14055]: CTRL: Received PPTP Control Message (type: 15) Aug 2 11:39:34 test6 pptpd[14055]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Aug 2 11:39:34 test6 pppd[14056]: rcvd [LCP ConfAck id=0x1 ] Aug 2 11:39:34 test6 pppd[14056]: sent [CHAP Challenge id=0x1 <927259274fa937e31f0a4f5fb051e0dc42bd>, name = "test6.mandrakesoft.com"] Aug 2 11:39:34 test6 pppd[14056]: rcvd [CHAP Response id=0x1 <66444841fd384a61039cf252a707784a>, name = "stilly"] Aug 2 11:39:34 test6 pppd[14056]: sent [CHAP Success id=0x1 "Welcome to test6.mandrakesoft.com."] Aug 2 11:39:34 test6 pppd[14056]: sent [IPCP ConfReq id=0x1 ] Aug 2 11:39:34 test6 pppd[14056]: sent [CCP ConfReq id=0x1 ] Aug 2 11:39:34 test6 pppd[14056]: CHAP peer authentication succeeded for stilly Aug 2 11:39:34 test6 pppd[14056]: rcvd [LCP ProtRej id=0x3 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f] Aug 2 11:39:34 test6 pppd[14056]: rcvd [IPCP ConfReq id=0x2 ] Aug 2 11:39:34 test6 pppd[14056]: sent [IPCP ConfRej id=0x2 ] Aug 2 11:39:34 test6 pppd[14056]: rcvd [IPCP ConfRej id=0x1 ] Aug 2 11:39:34 test6 pppd[14056]: sent [IPCP ConfReq id=0x2 ] Aug 2 11:39:34 test6 pppd[14056]: rcvd [IPCP ConfReq id=0x4 ] Aug 2 11:39:34 test6 pppd[14056]: sent [IPCP ConfRej id=0x4 ] Aug 2 11:39:34 test6 pppd[14056]: rcvd [IPCP ConfAck id=0x2 ] Aug 2 11:39:34 test6 pppd[14056]: rcvd [IPCP TermReq id=0x5 "<\006x\37777777760\000<\37777777715t\000\000\002\37777777742"] Aug 2 11:39:34 test6 pppd[14056]: sent [IPCP TermAck id=0x5] Aug 2 11:39:34 test6 pptpd[14055]: CTRL: Received PPTP Control Message (type: 15) Aug 2 11:39:34 test6 pptpd[14055]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Aug 2 11:39:34 test6 pppd[14056]: rcvd [LCP TermReq id=0x6 "<\006x\37777777760\000<\37777777715t\000\000\000\000"] Aug 2 11:39:34 test6 pppd[14056]: LCP terminated by peer (<^FxM-p^@ Sorry for the very late reply, I ran into and solved this error on my own configuration (2.4.7 kernel) as there was no solution available on the list, I am simply posting this solution so that it will show up in future list searches. If you specify when you build your kernel that PPP should be built monolithically, rather than as a module. Then there will be no ppp_mppe.o module available. In order to alias to the module ppp_mppe.o, PPP must be built as a module. Thanks (now back to lurking), Michael J. Walter rhce mcdba mcse+i ccna cca a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com -----Original Message----- From: robert [mailto:berzerke at swbell.net] Sent: Wednesday, June 20, 2001 10:40 AM To: George Vieira Cc: PPTP List (E-mail) Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o FYI, I have mppe in my 2.4.5 kernel modules.dep file. By chance, when you did a kernel rebuild, you did type "make dep" FIRST right? On Wednesday 20 June 2001 04:41, George Vieira wrote: > Thanks, it's already in there. > > alias char-major-108 ppp_generic > alias tty-ldisc-3 ppp_async > alias tty-ldisc-14 ppp_synctty > alias ppp-compress-18 ppp_mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflat > > It's not listed in /lib/modules/2.4.5/modules.dep .I would like to know if > anybody has it there in their modules.dep file. > > Also if anybody is running 2.4.5 kernel.. I'd like to know.. > > thanks, > George. > -----Original Message----- > From: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] > Sent: Wednesday, June 20, 2001 5:39 PM > To: George Vieira > Cc: PPTP List (E-mail) > Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid > ppp_mppe.o > > > Try adding: > > alias ppp-compress-18 ppp_mppe > > to /etc/modules.conf > > josh. > > --------------------------------------- > Josh Howlett, Network Supervisor, > Networking & Digital Communications, > Information Systems & Computing, > University of Bristol, U.K. > 0117 928 7850 | josh.howlett at bris.ac.uk > --------------------------------------- > > On Wed, 20 Jun 2001, George Vieira wrote: > > OK.. I got my network card problems fixed but my ppp-compress-18 still > > won't > > > work even after blowing away my kernel again and redoing the patches (2 > > only). > > > > If I turn off data encryption it works but not encryted and I get the > > following /var/log/messages logs. Has anybody tried using pppd 2.4.1 and > > kernel 2.4.5 with pptp patches? > > > > The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but > > won't > > > see it. > > > > > > Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 > > Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 > > Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 > > Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO packet > > with real ACCMs! > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication > > succeeded > > > for georgev > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp > > Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 > > Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 > > Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more recent > > than /lib/modules/2.4.5/modules.dep > > Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module > > ppp-compress-18 > > Jun 20 08:43:56 firewall pppd[950]: Modem hangup > > Jun 20 08:43:56 firewall pppd[950]: Connection terminated. > > Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. > > Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 bytes. > > Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file descriptor > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control > > connection finished > > Jun 20 08:43:56 firewall pppd[950]: Exit. > > > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From kenny at muspellsheim.net Thu Aug 2 12:14:38 2001 From: kenny at muspellsheim.net (Kenny Austin) Date: Thu, 2 Aug 2001 12:14:38 -0500 Subject: [pptp-server] Problem: Multiple Win98 clients IP assigment and bandwith control In-Reply-To: <005101c11b27$d5725940$0900000a@biurok1> Message-ID: > 1. I don't know how to assign a specific (and ONLY that one) IP > to a specific login (I can assign an IP range to whole pptp). > > 2. It would be nice if second login to a specific account > from another machine will cause breakdown of existing link > on that account - this would happen if user would like to > use vpn from a home machine while he forgot to break the > vpn on another one at work. in chap-secrets name * password IP such as: user * passoword 192.168.100.2 I cannot remember exactly what happens when two people try logging in with the same username like this, but I "think" that it rejects the second person. > 3. I don't know how to control (limit) the throughput of > every single connection (for example one - cheaper - to 56 kbps > another - for another customer with other needs - to 256 kbps) > I only know how to limit throughput for the whole pptp. If you give certain users certain ips this should be possible. Kenny From jpetsche at eng.utoledo.edu Thu Aug 2 12:36:04 2001 From: jpetsche at eng.utoledo.edu (Joe Petsche) Date: Thu, 2 Aug 2001 13:36:04 -0400 Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o Message-ID: <004201c11b79$9b2b8d40$4f00a8c0@dundee.net> I am currently trying to get this going. I re-comiled my 2.4 kernel (I don't know the minor revision because it is whatever Cadera 3.1 version comes installed) And I don't have a ppp.o or a ppp_mppe.o file after I do a make dep, make clean, make modules SUBDIRS=drivers/net. Next to PPP (point-topoint protocol) support, I have a so it builds it as a module. As far as the 'monolithically' goes, I don't know anything about that. There has to be something that I am missing because I can't seem to build ppp.o or ppp_mppe.o. Please help! -Joe PS I am refering to the following: http://poptop.lineo.com/releases/PoPToP-RedHat-HOWTO.txt If anyone knows of a more current doc please inform! (Sorry if I sent this multiple times) ----- Original Message ----- From: "Joe Petsche" To: "Michael Walter" Sent: Thursday, August 02, 2001 1:33 PM Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o > I am currently trying to get this going. I re-comiled my 2.4 kernel (I don't > know the minor revision because it is whatever Cadera 3.1 version comes > installed) And I don't have a ppp.o or a ppp_mppe.o file after I do a > make dep, make clean, make modules SUBDIRS=drivers/net. > > Next to PPP (point-topoint protocol) support, I have a so it builds it > as a module. As far as the 'monolithically' goes, I don't know anything > about that. There has to be something that I am missing because I can't seem > to build ppp.o or ppp_mppe.o. Please help! > > -Joe > > PS I am refering to the following: > > ----- Original Message ----- > From: "Michael Walter" > To: "PPTPD User Group (E-mail)" > Sent: Thursday, August 02, 2001 11:31 AM > Subject: RE: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p > pp_mppe.o > > > > Sorry for the very late reply, I ran into and solved this error on my own > > configuration (2.4.7 kernel) as there was no solution available on the > list, > > I am simply posting this solution so that it will show up in future list > > searches. If you specify when you build your kernel that PPP should be > > built monolithically, rather than as a module. Then there will be no > > ppp_mppe.o module available. In order to alias to the module ppp_mppe.o, > > PPP must be built as a module. > > > > Thanks (now back to lurking), > > > > Michael J. Walter > > rhce mcdba mcse+i ccna cca a+ > > Network Administrator > > Gliatech, Inc. > > 23420 Commerce Park Rd. > > Beachwood, Ohio 44122 > > Tel: (216) 831-3200 > > Email: walterm at gliatech.com > > > > > > > > > > -----Original Message----- > > From: robert [mailto:berzerke at swbell.net] > > Sent: Wednesday, June 20, 2001 10:40 AM > > To: George Vieira > > Cc: PPTP List (E-mail) > > Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid > > p pp_mppe.o > > > > > > > > > > FYI, I have mppe in my 2.4.5 kernel modules.dep file. By chance, when you > > did a kernel rebuild, you did type "make dep" FIRST right? > > > > On Wednesday 20 June 2001 04:41, George Vieira wrote: > > > Thanks, it's already in there. > > > > > > alias char-major-108 ppp_generic > > > alias tty-ldisc-3 ppp_async > > > alias tty-ldisc-14 ppp_synctty > > > alias ppp-compress-18 ppp_mppe > > > alias ppp-compress-21 bsd_comp > > > alias ppp-compress-24 ppp_deflate > > > alias ppp-compress-26 ppp_deflat > > > > > > It's not listed in /lib/modules/2.4.5/modules.dep .I would like to know > if > > > anybody has it there in their modules.dep file. > > > > > > Also if anybody is running 2.4.5 kernel.. I'd like to know.. > > > > > > thanks, > > > George. > > > -----Original Message----- > > > From: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] > > > Sent: Wednesday, June 20, 2001 5:39 PM > > > To: George Vieira > > > Cc: PPTP List (E-mail) > > > Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid > > > ppp_mppe.o > > > > > > > > > Try adding: > > > > > > alias ppp-compress-18 ppp_mppe > > > > > > to /etc/modules.conf > > > > > > josh. > > > > > > --------------------------------------- > > > Josh Howlett, Network Supervisor, > > > Networking & Digital Communications, > > > Information Systems & Computing, > > > University of Bristol, U.K. > > > 0117 928 7850 | josh.howlett at bris.ac.uk > > > --------------------------------------- > > > > > > On Wed, 20 Jun 2001, George Vieira wrote: > > > > OK.. I got my network card problems fixed but my ppp-compress-18 still > > > > > > won't > > > > > > > work even after blowing away my kernel again and redoing the patches > (2 > > > > only). > > > > > > > > If I turn off data encryption it works but not encryted and I get the > > > > following /var/log/messages logs. Has anybody tried using pppd 2.4.1 > and > > > > kernel 2.4.5 with pptp patches? > > > > > > > > The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but > > > > > > won't > > > > > > > see it. > > > > > > > > > > > > Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 > > > > Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 > > > > Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 > > > > Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO > > packet > > > > with real ACCMs! > > > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication > > > > > > succeeded > > > > > > > for georgev > > > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp > > > > Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 > > > > Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 > > > > Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:56 firewall pppd[950]: Modem hangup > > > > Jun 20 08:43:56 firewall pppd[950]: Connection terminated. > > > > Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. > > > > Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 > bytes. > > > > Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file > > descriptor > > > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write > failed > > > > (pty,gre)=(-1,-1) > > > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control > > > > connection finished > > > > Jun 20 08:43:56 firewall pppd[950]: Exit. > > > > > > > > > > > > thanks, > > > > George Vieira > > > > Network Engineer > > > > Citadel Computer Systems P/L > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > From walterm at Gliatech.com Thu Aug 2 12:58:20 2001 From: walterm at Gliatech.com (Michael Walter) Date: Thu, 2 Aug 2001 13:58:20 -0400 Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o Message-ID: Hello Joe, I won't be able to offer extended help on this, T-4 hours to an extended vacation ;) My information is also limited to RedHat distributions, I don't know if it applies to Caldera or not. But I do have some comments that should point you in the right direction. First off, you won't get a ppp.o. What you should get is a slhc.o, ppp_generic.o, and ppp_mppe.o. These should be located in /lib/modules/ /kernel/drivers/net. If you have the first two, you are on the right track. Also, as far as not having ppp_mppe.o, this is exclusive to the kernel build, and has nothing to do with the ppp build. So continue to troubleshoot your kernel, don't worry about ppp or pptpd yet. Ok, now here is what I did to get this part working. First, I grabbed the 2.4.7 kernel from www.kernel.org. The 2.4.5 kernel should work just as well though. Once you have untared and unzipped, or un b-zipped the kernel, obtain the linux-2.4.0-openssl-0.9.6-mppe.patch.gz patch. I don't recall off hand where I got it, but a google search should point you in the right direction. From the /usr/src/linux directory (or where-ever you de-compressed your kernel source) type gcat /linux-2.4.0-openssl-0.9.6-mppe.patch.gz | patch -p1 If you get any errors, don't proceed, you need to troubleshoot why you got the errors. Assuming you didn't, start your make process. I use make menuconfig, but make config and make xconfig work just as well. In the Code maturity level options section, mine looks like this: [*] Prompt for development and/or incomplete code/drivers In the Network Device Support section, mine looks like this: PPP (point-to-point protocol) support <-- THIS IS NECESSARY [*] PPP multilink support (EXPERIMENTAL) PPP support for async serial ports <-- THIS IS NECESSARY PPP support for sync tty ports PPP Deflate compression <-- THIS IS NECESSARY PPP BSD-Compress compression <-- THIS IS NECESSARY PPP over Ethernet (EXPERIMENTAL) Ok, exit out (after you check your other kernel options) and run these commands: make clean make dep make bzImage make install depmod -a <-- I never bothered to figure out where I should do this, so I do it twice. make modules make modules_install depmod -a If you run into any errors, troubleshoot those before you move on to the next line. At this point, reboot, and you should have a ppp_mppe.o listed in /lib/modules/ /kernel/drivers/net Good luck, Michael J. Walter rhce mcdba mcse+i ccna cca a+ Network Administrator Gliatech, Inc. 23420 Commerce Park Rd. Beachwood, Ohio 44122 Tel: (216) 831-3200 Email: walterm at gliatech.com -----Original Message----- From: Joe Petsche [mailto:jpetsche at eng.utoledo.edu] Sent: Thursday, August 02, 2001 1:33 PM To: Michael Walter Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o I am currently trying to get this going. I re-comiled my 2.4 kernel (I don't know the minor revision because it is whatever Cadera 3.1 version comes installed) And I don't have a ppp.o or a ppp_mppe.o file after I do a make dep, make clean, make modules SUBDIRS=drivers/net. Next to PPP (point-topoint protocol) support, I have a so it builds it as a module. As far as the 'monolithically' goes, I don't know anything about that. There has to be something that I am missing because I can't seem to build ppp.o or ppp_mppe.o. Please help! -Joe PS I am refering to the following: ----- Original Message ----- From: "Michael Walter" To: "PPTPD User Group (E-mail)" Sent: Thursday, August 02, 2001 11:31 AM Subject: RE: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o > Sorry for the very late reply, I ran into and solved this error on my own > configuration (2.4.7 kernel) as there was no solution available on the list, > I am simply posting this solution so that it will show up in future list > searches. If you specify when you build your kernel that PPP should be > built monolithically, rather than as a module. Then there will be no > ppp_mppe.o module available. In order to alias to the module ppp_mppe.o, > PPP must be built as a module. > > Thanks (now back to lurking), > > Michael J. Walter > rhce mcdba mcse+i ccna cca a+ > Network Administrator > Gliatech, Inc. > 23420 Commerce Park Rd. > Beachwood, Ohio 44122 > Tel: (216) 831-3200 > Email: walterm at gliatech.com > > > > > -----Original Message----- > From: robert [mailto:berzerke at swbell.net] > Sent: Wednesday, June 20, 2001 10:40 AM > To: George Vieira > Cc: PPTP List (E-mail) > Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid > p pp_mppe.o > > > > > FYI, I have mppe in my 2.4.5 kernel modules.dep file. By chance, when you > did a kernel rebuild, you did type "make dep" FIRST right? > > On Wednesday 20 June 2001 04:41, George Vieira wrote: > > Thanks, it's already in there. > > > > alias char-major-108 ppp_generic > > alias tty-ldisc-3 ppp_async > > alias tty-ldisc-14 ppp_synctty > > alias ppp-compress-18 ppp_mppe > > alias ppp-compress-21 bsd_comp > > alias ppp-compress-24 ppp_deflate > > alias ppp-compress-26 ppp_deflat > > > > It's not listed in /lib/modules/2.4.5/modules.dep .I would like to know if > > anybody has it there in their modules.dep file. > > > > Also if anybody is running 2.4.5 kernel.. I'd like to know.. > > > > thanks, > > George. > > -----Original Message----- > > From: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] > > Sent: Wednesday, June 20, 2001 5:39 PM > > To: George Vieira > > Cc: PPTP List (E-mail) > > Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid > > ppp_mppe.o > > > > > > Try adding: > > > > alias ppp-compress-18 ppp_mppe > > > > to /etc/modules.conf > > > > josh. > > > > --------------------------------------- > > Josh Howlett, Network Supervisor, > > Networking & Digital Communications, > > Information Systems & Computing, > > University of Bristol, U.K. > > 0117 928 7850 | josh.howlett at bris.ac.uk > > --------------------------------------- > > > > On Wed, 20 Jun 2001, George Vieira wrote: > > > OK.. I got my network card problems fixed but my ppp-compress-18 still > > > > won't > > > > > work even after blowing away my kernel again and redoing the patches (2 > > > only). > > > > > > If I turn off data encryption it works but not encryted and I get the > > > following /var/log/messages logs. Has anybody tried using pppd 2.4.1 and > > > kernel 2.4.5 with pptp patches? > > > > > > The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but > > > > won't > > > > > see it. > > > > > > > > > Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 > > > Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 > > > Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 > > > Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO > packet > > > with real ACCMs! > > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication > > > > succeeded > > > > > for georgev > > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp > > > Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 > > > Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 > > > Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more > recent > > > than /lib/modules/2.4.5/modules.dep > > > Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module > > > ppp-compress-18 > > > Jun 20 08:43:56 firewall pppd[950]: Modem hangup > > > Jun 20 08:43:56 firewall pppd[950]: Connection terminated. > > > Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. > > > Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 bytes. > > > Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file > descriptor > > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write failed > > > (pty,gre)=(-1,-1) > > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control > > > connection finished > > > Jun 20 08:43:56 firewall pppd[950]: Exit. > > > > > > > > > thanks, > > > George Vieira > > > Network Engineer > > > Citadel Computer Systems P/L > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From allanc at caldera.com Thu Aug 2 13:26:40 2001 From: allanc at caldera.com (Allan Clark) Date: Thu, 02 Aug 2001 14:26:40 -0400 Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o References: <004201c11b79$9b2b8d40$4f00a8c0@dundee.net> Message-ID: <3B699B60.3006D4B8@caldera.com> > I am currently trying to get this going. I re-comiled my 2.4 kernel (I don't > know the minor revision because it is whatever Cadera 3.1 version comes > installed) 2.4.2 (FWIW) Allan From ckalos at gothambroadband.com Thu Aug 2 13:26:56 2001 From: ckalos at gothambroadband.com (Christopher Kalos) Date: Thu, 2 Aug 2001 14:26:56 -0400 Subject: [pptp-server] FreeBSD 3.4 -> 4.3 NAT issues In-Reply-To: <3B699B60.3006D4B8@caldera.com> Message-ID: After upgrading our firewall, I noticed that the pptpalias no longer exists. I've also noticed mention of the pptp forwarding not working for multiple client connections at this time. Does anyone here know what to enable for natd in order to make this work again, and what the real status is for multiple clients? Thanks, Christopher Kalos Systems Administrator Gotham Broadband 212.206.9620 x340 From jpetsche at eng.utoledo.edu Thu Aug 2 14:49:25 2001 From: jpetsche at eng.utoledo.edu (Joe Petsche) Date: Thu, 2 Aug 2001 15:49:25 -0400 Subject: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o References: Message-ID: <011a01c11b8c$3bd6f880$4f00a8c0@dundee.net> Thanks Mike for your help, it was very infomative. I am stuck with this problem. My Win98 client tries to connect and imediately dis-connects becase "The computer you're dialing in to does not support the data encryption requirements specified." I am trying to use "Encrypted Data". These messages are different from what I have been seeing (before I compiled the kernel with openssh stuff. It seems that linux is doing it's work, however it Windows isn't happy with the performance and drops the connection. I think I've done everything Mike said (I skipped making a new kernel... bzImage, etc because other documentation said it was unnecessary if using the same version source files.) Otherwise it's pretty straight forward .I did get messages like /lib/modules/2.4.2/modules.dep is not in ELF format. I don't know if these are just warning or true errors. PPP doesn't seem to complain from the messages log: Aug 1 03:39:15 tpc pppd[1202]: MSCHAP-v2 peer authentication succeeded for newdundee\\jpetsche Aug 1 03:39:15 tpc pppd[1202]: found interface eth0 for proxy arp Aug 1 03:39:15 tpc pppd[1202]: local IP address 205.244.26.240 Aug 1 03:39:15 tpc pppd[1202]: remote IP address 192.168.0.235 Aug 1 03:39:15 tpc pppd[1202]: Received bad configure-ack: Aug 1 03:39:15 tpc pppd[1202]: LCP terminated by peer Aug 1 03:39:15 tpc pptpd[1201]: CTRL: Error with select(), quitting Aug 1 03:39:15 tpc pppd[1202]: Modem hangup Aug 1 03:39:15 tpc pppd[1202]: Connection terminated. Aug 1 03:39:15 tpc pppd[1202]: Connect time 0.1 minutes. Aug 1 03:39:15 tpc pppd[1202]: Sent 146 bytes, received 146 bytes. Aug 1 03:39:15 tpc pptpd[1201]: CTRL: Client 192.168.0.79 control connection finished Aug 1 03:39:15 tpc pppd[1202]: Exit. Well if you can understand my mess give me a hollar :) -Joe ----- Original Message ----- From: "Michael Walter" To: "'Joe Petsche'" Cc: "PPTPD User Group (E-mail)" Sent: Thursday, August 02, 2001 1:58 PM Subject: RE: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p pp_mppe.o > Hello Joe, > > I won't be able to offer extended help on this, T-4 hours to an extended > vacation ;) My information is also limited to RedHat distributions, I don't > know if it applies to Caldera or not. But I do have some comments that > should point you in the right direction. First off, you won't get a ppp.o. > What you should get is a slhc.o, ppp_generic.o, and ppp_mppe.o. These > should be located in /lib/modules/ /kernel/drivers/net. If > you have the first two, you are on the right track. Also, as far as not > having ppp_mppe.o, this is exclusive to the kernel build, and has nothing to > do with the ppp build. So continue to troubleshoot your kernel, don't worry > about ppp or pptpd yet. Ok, now here is what I did to get this part > working. > > First, I grabbed the 2.4.7 kernel from www.kernel.org. The 2.4.5 kernel > should work just as well though. Once you have untared and unzipped, or un > b-zipped the kernel, obtain the linux-2.4.0-openssl-0.9.6-mppe.patch.gz > patch. I don't recall off hand where I got it, but a google search should > point you in the right direction. From the /usr/src/linux directory (or > where-ever you de-compressed your kernel source) type > > gcat /linux-2.4.0-openssl-0.9.6-mppe.patch.gz | patch -p1 > > If you get any errors, don't proceed, you need to troubleshoot why you got > the errors. Assuming you didn't, start your make process. I use make > menuconfig, but make config and make xconfig work just as well. > > In the Code maturity level options section, mine looks like this: > [*] Prompt for development and/or incomplete code/drivers > > In the Network Device Support section, mine looks like this: > PPP (point-to-point protocol) support <-- THIS IS NECESSARY > [*] PPP multilink support (EXPERIMENTAL) > PPP support for async serial ports <-- THIS IS NECESSARY > PPP support for sync tty ports > PPP Deflate compression <-- THIS IS NECESSARY > PPP BSD-Compress compression <-- THIS IS NECESSARY > PPP over Ethernet (EXPERIMENTAL) > > Ok, exit out (after you check your other kernel options) and run these > commands: > make clean > make dep > make bzImage > make install > depmod -a <-- I never bothered to figure out where I should do > this, so I do it twice. > make modules > make modules_install > depmod -a > > If you run into any errors, troubleshoot those before you move on to the > next line. > At this point, reboot, and you should have a ppp_mppe.o listed in > /lib/modules/ /kernel/drivers/net > > > Good luck, > > Michael J. Walter > rhce mcdba mcse+i ccna cca a+ > Network Administrator > Gliatech, Inc. > 23420 Commerce Park Rd. > Beachwood, Ohio 44122 > Tel: (216) 831-3200 > Email: walterm at gliatech.com > > > > > -----Original Message----- > From: Joe Petsche [mailto:jpetsche at eng.utoledo.edu] > Sent: Thursday, August 02, 2001 1:33 PM > To: Michael Walter > Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid > p pp_mppe.o > > > I am currently trying to get this going. I re-comiled my 2.4 kernel (I don't > know the minor revision because it is whatever Cadera 3.1 version comes > installed) And I don't have a ppp.o or a ppp_mppe.o file after I do a > make dep, make clean, make modules SUBDIRS=drivers/net. > > Next to PPP (point-topoint protocol) support, I have a so it builds it > as a module. As far as the 'monolithically' goes, I don't know anything > about that. There has to be something that I am missing because I can't seem > to build ppp.o or ppp_mppe.o. Please help! > > -Joe > > PS I am refering to the following: > > ----- Original Message ----- > From: "Michael Walter" > To: "PPTPD User Group (E-mail)" > Sent: Thursday, August 02, 2001 11:31 AM > Subject: RE: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid p > pp_mppe.o > > > > Sorry for the very late reply, I ran into and solved this error on my own > > configuration (2.4.7 kernel) as there was no solution available on the > list, > > I am simply posting this solution so that it will show up in future list > > searches. If you specify when you build your kernel that PPP should be > > built monolithically, rather than as a module. Then there will be no > > ppp_mppe.o module available. In order to alias to the module ppp_mppe.o, > > PPP must be built as a module. > > > > Thanks (now back to lurking), > > > > Michael J. Walter > > rhce mcdba mcse+i ccna cca a+ > > Network Administrator > > Gliatech, Inc. > > 23420 Commerce Park Rd. > > Beachwood, Ohio 44122 > > Tel: (216) 831-3200 > > Email: walterm at gliatech.com > > > > > > > > > > -----Original Message----- > > From: robert [mailto:berzerke at swbell.net] > > Sent: Wednesday, June 20, 2001 10:40 AM > > To: George Vieira > > Cc: PPTP List (E-mail) > > Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid > > p pp_mppe.o > > > > > > > > > > FYI, I have mppe in my 2.4.5 kernel modules.dep file. By chance, when you > > did a kernel rebuild, you did type "make dep" FIRST right? > > > > On Wednesday 20 June 2001 04:41, George Vieira wrote: > > > Thanks, it's already in there. > > > > > > alias char-major-108 ppp_generic > > > alias tty-ldisc-3 ppp_async > > > alias tty-ldisc-14 ppp_synctty > > > alias ppp-compress-18 ppp_mppe > > > alias ppp-compress-21 bsd_comp > > > alias ppp-compress-24 ppp_deflate > > > alias ppp-compress-26 ppp_deflat > > > > > > It's not listed in /lib/modules/2.4.5/modules.dep .I would like to know > if > > > anybody has it there in their modules.dep file. > > > > > > Also if anybody is running 2.4.5 kernel.. I'd like to know.. > > > > > > thanks, > > > George. > > > -----Original Message----- > > > From: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] > > > Sent: Wednesday, June 20, 2001 5:39 PM > > > To: George Vieira > > > Cc: PPTP List (E-mail) > > > Subject: Re: [pptp-server] pppd 2.4.1 kernel 2.4.5 and this dumb stupid > > > ppp_mppe.o > > > > > > > > > Try adding: > > > > > > alias ppp-compress-18 ppp_mppe > > > > > > to /etc/modules.conf > > > > > > josh. > > > > > > --------------------------------------- > > > Josh Howlett, Network Supervisor, > > > Networking & Digital Communications, > > > Information Systems & Computing, > > > University of Bristol, U.K. > > > 0117 928 7850 | josh.howlett at bris.ac.uk > > > --------------------------------------- > > > > > > On Wed, 20 Jun 2001, George Vieira wrote: > > > > OK.. I got my network card problems fixed but my ppp-compress-18 still > > > > > > won't > > > > > > > work even after blowing away my kernel again and redoing the patches > (2 > > > > only). > > > > > > > > If I turn off data encryption it works but not encryted and I get the > > > > following /var/log/messages logs. Has anybody tried using pppd 2.4.1 > and > > > > kernel 2.4.5 with pptp patches? > > > > > > > > The damn file exists in /lib/modules/2.4.5/drivers.net/ppp_mppe.o but > > > > > > won't > > > > > > > see it. > > > > > > > > > > > > Jun 20 08:43:09 firewall pppd[950]: pppd 2.4.1 started by root, uid 0 > > > > Jun 20 08:43:09 firewall pppd[950]: Using interface ppp0 > > > > Jun 20 08:43:09 firewall pppd[950]: Connect: ppp0 <--> /dev/pts/1 > > > > Jun 20 08:43:10 firewall pptpd[949]: CTRL: Ignored a SET LINK INFO > > packet > > > > with real ACCMs! > > > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:13 firewall pppd[950]: MSCHAP-v2 peer authentication > > > > > > succeeded > > > > > > > for georgev > > > > Jun 20 08:43:13 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:13 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:14 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:14 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:16 firewall pppd[950]: found interface eth0 for proxy arp > > > > Jun 20 08:43:16 firewall pppd[950]: local IP address 10.10.0.121 > > > > Jun 20 08:43:16 firewall pppd[950]: remote IP address 10.10.0.251 > > > > Jun 20 08:43:17 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:17 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:21 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:21 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:25 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:25 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:29 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:29 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:33 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:33 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:37 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:37 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:41 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:41 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:46 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:46 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:47 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:47 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:50 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:50 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:54 firewall modprobe: Note: /etc/modules.conf is more > > recent > > > > than /lib/modules/2.4.5/modules.dep > > > > Jun 20 08:43:54 firewall modprobe: modprobe: Can't locate module > > > > ppp-compress-18 > > > > Jun 20 08:43:56 firewall pppd[950]: Modem hangup > > > > Jun 20 08:43:56 firewall pppd[950]: Connection terminated. > > > > Jun 20 08:43:56 firewall pppd[950]: Connect time 0.8 minutes. > > > > Jun 20 08:43:56 firewall pppd[950]: Sent 289 bytes, received 275 > bytes. > > > > Jun 20 08:43:56 firewall pptpd[949]: GRE: read error: Bad file > > descriptor > > > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: PTY read or GRE write > failed > > > > (pty,gre)=(-1,-1) > > > > Jun 20 08:43:56 firewall pptpd[949]: CTRL: Client 10.10.0.69 control > > > > connection finished > > > > Jun 20 08:43:56 firewall pppd[950]: Exit. > > > > > > > > > > > > thanks, > > > > George Vieira > > > > Network Engineer > > > > Citadel Computer Systems P/L > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Thu Aug 2 17:07:30 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 3 Aug 2001 08:07:30 +1000 Subject: [pptp-server] Problem: Multiple Win98 clients IP assigment an d bandwith control Message-ID: <200FAA488DE0D41194F10010B597610D1728A8@JUPITER> No it doesn't, it actually applies both with the IP. I have seen this happen with Dialup and PPTP should be no different as they are both PPPD related issues. Just have to make sure each person has 1 login or use a script to HASH out the password in the chap-secrets file when ip-up.local starts and then unhash it with ip-down.local.... actually should be auth-up and auth-down..sorry. too lazy to undo my typing.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Kenny Austin [mailto:kenny at muspellsheim.net] Sent: Friday, August 03, 2001 3:15 AM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] Problem: Multiple Win98 clients IP assigment and bandwith control > 1. I don't know how to assign a specific (and ONLY that one) IP > to a specific login (I can assign an IP range to whole pptp). > > 2. It would be nice if second login to a specific account > from another machine will cause breakdown of existing link > on that account - this would happen if user would like to > use vpn from a home machine while he forgot to break the > vpn on another one at work. in chap-secrets name * password IP such as: user * passoword 192.168.100.2 I cannot remember exactly what happens when two people try logging in with the same username like this, but I "think" that it rejects the second person. > 3. I don't know how to control (limit) the throughput of > every single connection (for example one - cheaper - to 56 kbps > another - for another customer with other needs - to 256 kbps) > I only know how to limit throughput for the whole pptp. If you give certain users certain ips this should be possible. Kenny _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Thu Aug 2 17:41:00 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 3 Aug 2001 08:41:00 +1000 Subject: [pptp-server] Thorough PPTPD Setup Message-ID: <200FAA488DE0D41194F10010B597610D1728AD@JUPITER> No.. my work was using 2.2.19 for a while before I movd to 2.4 kernal (bad move, still haven't fixed this bloody mppe problem).. I used the 2.2.17 patches and it worked.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: No Spam! [mailto:djg at pcisys.net] Sent: Friday, August 03, 2001 2:41 PM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Thorough PPTPD Setup >> Ditto this ... and will it work on the 2.2.19 kernel? >> if_ppp_2.2.17.diff > >it's required, and no it won't work on the 2.2.19 kernel. pretty sure on >this one but someone may want to back me up or shoot me down here... Finally getting back to my machine ... so, since I can't seem to find a patch for the 2.2.19 kernel, does that mean I'm going to have to use a 2.2.17 kernel to use pptpd? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Thu Aug 2 18:39:33 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 3 Aug 2001 09:39:33 +1000 Subject: [pptp-server] Thorough PPTPD Setup Message-ID: <200FAA488DE0D41194F10010B597610D1728B3@JUPITER> Actually, I find that if I use require-mppe in my options.pptp file (which I thought I didn't have patched) and when I estabilish the connection I get.. Aug 3 09:36:47 stargate pppd[15532]: Connect: ppp1 <--> /dev/ttya0 Aug 3 09:36:48 stargate PPTPCD: Connected. Aug 3 09:36:50 stargate pppd[15532]: Remote message: S=1C7CD531B89C1EF62959D4C60257352834E8E64A Aug 3 09:36:50 stargate kernel: PPP BSD Compression module registered Aug 3 09:36:50 stargate pppd[15532]: Deflate (15) compression enabled Aug 3 09:36:50 stargate pppd[15532]: LCP terminated by peer (encryption negotiation failed) Aug 3 09:36:53 stargate pppd[15532]: Connection terminated. Aug 3 09:36:55 stargate pppd[15532]: Exit. Encryption failed.. yet ppp_mppe is loaded. is there any way of finding out why this is happening after the second connection after a reboot? I can't keep recompiling/patching and then rebooting the kernel... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Tom Eastep [mailto:teastep at seattlefirewall.dyndns.org] Sent: Friday, August 03, 2001 9:14 AM To: George Vieira Subject: Re: [pptp-server] Thorough PPTPD Setup On Thursday 02 August 2001 04:05 pm, George Vieira wrote: > I compiled 2.4 with mppe using open-ssl-096 and all seems OK on > reboot to new kernel and on first PPTP connection. > When the link drops out for whatever reason and I re-establish the > connection, mppe cannot be negotiated and I can only use non > encrypted connections to connect to work. an lsmod shows ppp_mppe is > still loaded but it just won't load up anymore. > The only way to get this to work again is a reboot and it works once > and then never again.. > > I just went back to pppd 2.4.0 (other was 2.4.1) and it still hasn't > made any difference... how annoying is that.. > From GeorgeV at citadelcomputer.com.au Thu Aug 2 20:33:01 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 3 Aug 2001 11:33:01 +1000 Subject: FW: [pptp-server] Thorough PPTPD Setup Message-ID: <200FAA488DE0D41194F10010B597610D1728C2@JUPITER> Thanks for your help Tom, has anybody work out why this encryption negotiation is failing from the logs below? This is definately produced on the server side as a reboot fixes it. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: George Vieira Sent: Friday, August 03, 2001 11:05 AM To: 'Tom Eastep' Subject: RE: [pptp-server] Thorough PPTPD Setup OK. sorry, this data is coming from my syslog monitoring software under NT so it's format is coming from an Access database... Hope this is of some info for you..... Alert When Server Code Process Message unknown 03/08/2001 10:50:27 AM 10.10.0.254 <150> pptpd[27428] CTRL: Starting call (launching pppd, opening GRE) unknown 03/08/2001 10:50:27 AM 10.10.0.254 <29> pppd[27429] pppd 2.4.0 started by root, uid 0 unknown 03/08/2001 10:50:27 AM 10.10.0.254 <31> pppd[27429] using channel 12 unknown 03/08/2001 10:50:27 AM 10.10.0.254 <30> pppd[27429] Using interface ppp0 unknown 03/08/2001 10:50:27 AM 10.10.0.254 <29> pppd[27429] Connect: ppp0 <--> /dev/pts/2 unknown 03/08/2001 10:50:28 AM 10.10.0.254 <31> pppd[27429] sent [LCP ConfReq id=0x1 ] unknown 03/08/2001 10:50:29 AM 10.10.0.254 <31> pppd[27429] rcvd [LCP ConfReq id=0x1 ] unknown 03/08/2001 10:50:29 AM 10.10.0.254 <31> pppd[27429] sent [LCP ConfAck id=0x1 ] unknown 03/08/2001 10:50:30 AM 10.10.0.254 <31> pppd[27429] rcvd [LCP ConfReq id=0x1 ] unknown 03/08/2001 10:50:30 AM 10.10.0.254 <31> pppd[27429] sent [LCP ConfAck id=0x1 ] unknown 03/08/2001 10:50:30 AM 10.10.0.254 <31> pppd[27429] sent [LCP ConfReq id=0x1 ] unknown 03/08/2001 10:50:30 AM 10.10.0.254 <31> pppd[27429] rcvd [LCP ConfAck id=0x1 ] ok 03/08/2001 10:50:30 AM 10.10.0.254 <31> pppd[27429] sent [LCP EchoReq id=0x0 magic=0xa73bae3b] unknown 03/08/2001 10:50:31 AM 10.10.0.254 <31> pppd[27429] "sent [CHAP Challenge id=0x1 <76d27e804268ee5f602d7be08a8f33fa>, name = ""firewall""]" unknown 03/08/2001 10:50:32 AM 10.10.0.254 <31> pppd[27429] "sent [LCP TermReq id=0x2 ""encryption negotiation failed""]" unknown 03/08/2001 10:50:32 AM 10.10.0.254 <31> pppd[27429] rcvd [IPCP ConfReq id=0x2 ] unknown 03/08/2001 10:50:32 AM 10.10.0.254 <31> pppd[27429] rcvd [LCP TermAck id=0x2] unknown 03/08/2001 10:50:32 AM 10.10.0.254 <29> pppd[27429] Connection terminated. unknown 03/08/2001 10:50:33 AM 10.10.0.254 <30> pppd[27429] Connect time 0.1 minutes. unknown 03/08/2001 10:50:33 AM 10.10.0.254 <30> pppd[27429] Sent 56 bytes, received 62 bytes. unknown 03/08/2001 10:50:33 AM 10.10.0.254 <30> pppd[27429] Exit. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Tom Eastep [mailto:teastep at seattlefirewall.dyndns.org] Sent: Friday, August 03, 2001 10:27 AM To: George Vieira Subject: Re: [pptp-server] Thorough PPTPD Setup On Thursday 02 August 2001 05:20 pm, George Vieira wrote: > I have enabled debug in the options.pptp on both the linux pptp > server and linux pptp client and the most I got was > > Aug 3 10:11:35 firewall pppd[16199]: MSCHAP-v2 peer authentication > succeeded for georgevvpn > Aug 3 10:11:35 firewall pppd[16199]: Deflate (15) compression > enabled Aug 3 10:11:35 firewall pppd[16199]: Connection terminated. > Aug 3 10:11:35 firewall pppd[16199]: Connect time 0.1 minutes. Aug > 3 10:11:35 firewall pppd[16199]: Sent 56 bytes, received 78 bytes. > Aug 3 10:11:35 firewall pppd[16199]: Exit. > Aug 3 10:11:35 firewall pptpd[16198]: Error reading from pppd: > Input/output error > Aug 3 10:11:35 firewall pptpd[16198]: CTRL: GRE read or PTY write > failed (gre,pty)=(6,5) > Aug 3 10:11:35 firewall pptpd[16198]: CTRL: Client 144.137.66.4 > control connection finished > You didn't modify syslog.conf correctly and/or didn't restart syslogd afterward.... -Tom -- Tom Eastep \ teastep at seattlefirewall.dyndns.org ICQ #60745924 \ http://seattlefirewall.dyndns.org Shoreline, Washington \__________________________________________ From ckalos at gothambroadband.com Fri Aug 3 10:04:48 2001 From: ckalos at gothambroadband.com (Christopher Kalos) Date: Fri, 3 Aug 2001 11:04:48 -0400 Subject: [pptp-server] Further news re: PopTop behind NAT Message-ID: This is the syslog dump (edited slightly to protect hostnames) that I got as of last night when I tried to connect remotely. This is what I got when trying to connect from a Win2000 machine to the VPN server. pppd 2.3.11 started by root, uid 0 pppd[1493]: Using interface ppp0 pppd[1493]: Connect: ppp0 <--> /dev/pts/0 pppd[1493]: MSCHAP-v2 peer authentication succeeded for gothamftp pppd[1493]: found interface eth0 for proxy arp pppd[1493]: local IP address 192.168.200.240 pppd[1493]: remote IP address 192.168.200.251 pppd[1493]: MPPE 128 bit, stateless compression enabled pppd[1493]: MPPE 128 bit, stateless compression enabled pppd[1493]: LCP terminated by peer (gM-^AZg^@ /dev/pts/0 pppd[1771]: LCP: timeout sending Config-Requests pppd[1771]: Connection terminated. pppd[1771]: Exit. The configuration goes through a FreeBSD 4.3 firewall, over natd, to get to the VPN server. These are the current flags to natd: redirect_proto gre 192.168.200.65 redirect_port tcp 192.168.200.65:pptp pptp I may need more than this, but I know that 3.4 didn't need anything beyond a port redirect and a pptpalias flag. pptpalias, however, is no longer an option for the FreeBSD natd implementation. Any help or pointers would be appreciated. Thank you, Christopher Kalos Systems Administrator Gotham Broadband 212.206.9620 x340 From bruceg at garlockprinting.com Fri Aug 3 18:25:43 2001 From: bruceg at garlockprinting.com (Bruce S. Garlock) Date: Fri, 03 Aug 2001 16:25:43 -0700 Subject: [pptp-server] Logon script / VPN Message-ID: <3B6B32F7.CF986A1B@garlockprinting.com> Hello all, I have successfully setup a VPN server on a Linux box, that also acts as a PDC. Users that are on the local network, logon, and their login scripts execute without trouble. I am having trouble with these same users who use Win95 (with DUN 1.3, and the VPN update applied) and logon to this machine. Everything works fine, browsing Net Neighborhood, and any other TCP/IP acts fine on the network. The problem is that their logon scripts do not execute when they logon, so I have put an icon on their desktops, that they click to get their drive mappings. I would like it to happen automatically. Has anyone run into this problem? This machine is also setup as a RAS, and users get their login scripts executed when dialing direct, so I'm guessing I'm missing something in the pptpd setup. TIA - Bruce RH 7.1 2.4.4 kernel pptpd 1.1.2 -- Bruce S. Garlock Garlock Printing http://www.satinwrap.com From charlieb at e-smith.com Fri Aug 3 16:00:10 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 3 Aug 2001 17:00:10 -0400 (EDT) Subject: [pptp-server] Logon script / VPN In-Reply-To: <3B6B32F7.CF986A1B@garlockprinting.com> Message-ID: On Fri, 3 Aug 2001, Bruce S. Garlock wrote: > Hello all, > > I have successfully setup a VPN server on a Linux box, that also acts as > a PDC. Users that are on the local network, logon, and their login > scripts execute without trouble. I am having trouble with these same > users who use Win95 (with DUN 1.3, and the VPN update applied) and logon > to this machine. Everything works fine, browsing Net Neighborhood, and > any other TCP/IP acts fine on the network. The problem is that their > logon scripts do not execute when they logon, so I have put an icon on > their desktops, that they click to get their drive mappings. I would > like it to happen automatically. The clients need to be configured to do domain logins, the server needs to be configured to be a login server (but you say it is configured as a PDC), and there needs to be a share called netlogon which contains netlogon.bat. At least, AFAIUI that's the way things need to be. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From bartek at cafe.milc.com.pl Sat Aug 4 04:27:51 2001 From: bartek at cafe.milc.com.pl (Yoss) Date: Sat, 4 Aug 2001 11:27:51 +0200 Subject: [pptp-server] ip-up script and real client's IP Message-ID: <20010804112751.A26767@cafe.milc.com.pl> Hi. Is there any posibility to recognize real IP of the client in ip-up script? A login and pasword is for me not enough. Until now I was makeing it with perl script, which gives me IP upon analysis of logs and `ps`. But now, when number of my clients will incerase up to one hundred this way can be uncertain. Or Is there any posibility to change pptpd to transmit real IP of client to pppd? In example as linkname option? (as far as I know this option is unused by pptp). Thank you in advance. -- Bart?omiej Butyn aka Yoss Nie ma tego z?ego co by na gorsze nie wysz?o. From GeorgeV at citadelcomputer.com.au Sat Aug 4 09:11:06 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sun, 5 Aug 2001 00:11:06 +1000 Subject: [pptp-server] ip-up script and real client's IP Message-ID: <200FAA488DE0D41194F10010B597610D1728D8@JUPITER> I know a cheat way is to read the PPPx device in ip-up.local and then find it's parent process of the pppd command this then contains the real IP and is fully legit... eg. ps -ef (eg, to show where to find the real IP ) --------------- root 5104 1111 0 23:34 ? 00:00:01 pptpd [144.137.66.4] root 5105 5104 0 23:34 ? 00:00:00 /usr/sbin/pppd local file /etc/ppp/options.pptp 115200 cat /var/run/ppp0.pid (You get "ppp0" as $1 in ip-up.local ) --------------------- 5105 if-up.local ----------------- # interface-name tty-device speed local-IP-address remote-IP-address ipparam PID=`ps -fp \`cat /var/run/$1.pid\` | tail -1` RPID=`echo $PID | cut -f 3 -d " "` IP=`ps -p $RPID -o cmd | tail -1 | cut -f 2 -d "[" | cut -f 1 -d "]"` echo "Real IP Connection : $IP " >> /var/log/pptp.log PLEASE someone find a cleaner way of doing this.. this works for me everytime but when 100 connection come in at once I bet the CPU must go bonkas with shell scripting.... Hope this helps the idea a bit... maybe someone can write a C code version which compile would be passed something like "pptpip ppp0" and it'll return the IP... Oh cool yeah!!.. -----Original Message----- From: Yoss [mailto:bartek at host9.milc.com.pl] Sent: Saturday, August 04, 2001 7:28 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] ip-up script and real client's IP Hi. Is there any posibility to recognize real IP of the client in ip-up script? A login and pasword is for me not enough. Until now I was makeing it with perl script, which gives me IP upon analysis of logs and `ps`. But now, when number of my clients will incerase up to one hundred this way can be uncertain. Or Is there any posibility to change pptpd to transmit real IP of client to pppd? In example as linkname option? (as far as I know this option is unused by pptp). Thank you in advance. -- Bart?omiej Butyn aka Yoss Nie ma tego z?ego co by na gorsze nie wysz?o. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From bartek at cafe.milc.com.pl Sat Aug 4 14:16:57 2001 From: bartek at cafe.milc.com.pl (Yoss) Date: Sat, 4 Aug 2001 21:16:57 +0200 Subject: [pptp-server] Multiple clients behind a masquerade Message-ID: <20010804211657.A29359@cafe.milc.com.pl> Hi. Quotation from "Linux VPN MAsquerade": > Masquerading multiple clients talking to the same host will >require protocol-specific > support in the form of kernel patches, which are not yet >available. Sorry. My question is: when will be the patches available? Thank you in advance. -- Bart?omiej Butyn aka Yoss Nie ma tego z?ego co by na gorsze nie wysz?o. From charlieb at e-smith.com Sat Aug 4 14:34:42 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Sat, 4 Aug 2001 15:34:42 -0400 (EDT) Subject: [pptp-server] Multiple clients behind a masquerade In-Reply-To: <20010804211657.A29359@cafe.milc.com.pl> Message-ID: On Sat, 4 Aug 2001, Yoss wrote: > Hi. > Quotation from "Linux VPN MAsquerade": > > Masquerading multiple clients talking to the same host will > >require protocol-specific > > support in the form of kernel patches, which are not yet > >available. Sorry. > > My question is: when will be the patches available? As far as I know no-one is working on them. Implementing such a feature would violate the PPTP RFC (which hasn't stopped Microsoft). Thus far, nobody in the open source community has felt the need, or found the time. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From bruceg at garlockprinting.com Sat Aug 4 19:26:33 2001 From: bruceg at garlockprinting.com (Bruce S. Garlock) Date: Sat, 04 Aug 2001 17:26:33 -0700 Subject: [pptp-server] ip-up.local Message-ID: <3B6C92B9.C06F221B@garlockprinting.com> This may sound like a strange request, but how would you tell any pppd clients that use pptpd *not* to use /etc/ppp/ip-up.local? I have a pointer to a scipt in there which updates my ip address to point to a dyndns.org address, and if a lot of people keep logging in via VPN, it executes the update to dyndns.org (via /etc/ppp/ip-up.local), therefore "abusing" the dyndns.org server. Thanks for any help.. - Bruce -- Bruce S. Garlock Garlock Printing http://www.satinwrap.com From charlieb at e-smith.com Sat Aug 4 16:38:55 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Sat, 4 Aug 2001 17:38:55 -0400 (EDT) Subject: [pptp-server] ip-up.local In-Reply-To: <3B6C92B9.C06F221B@garlockprinting.com> Message-ID: On Sat, 4 Aug 2001, Bruce S. Garlock wrote: > This may sound like a strange request, but how would you tell any pppd > clients that use pptpd *not* to use /etc/ppp/ip-up.local? You include "ipparam pptp" in the options that pptp uses when in runs pppd. Then in ip-up.local, you check the value of $6 (IIRC). You skip the action if $6 is pptp, as it will be, if this is a pptp link coming up. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From bruceg at tiac.net Sun Aug 5 10:33:52 2001 From: bruceg at tiac.net (Bruce Garlock) Date: Sun, 05 Aug 2001 11:33:52 -0400 Subject: [pptp-server] ip-up.local References: <3B6C6E55.D56A7A8C@garlockprinting.com> Message-ID: <3B6D6760.4010602@tiac.net> Bruce S. Garlock wrote: > >-------- Original Message -------- >Subject: Re: [pptp-server] ip-up.local >Date: Sat, 4 Aug 2001 17:38:55 -0400 (EDT) >From: Charlie Brady >To: "Bruce S. Garlock" >CC: pptp-server > > >On Sat, 4 Aug 2001, Bruce S. Garlock wrote: > >>This may sound like a strange request, but how would you tell any pppd >>clients that use pptpd *not* to use /etc/ppp/ip-up.local? >> > >You include "ipparam pptp" in the options that pptp uses when in runs >pppd. Then in ip-up.local, you check the value of $6 (IIRC). You skip >the >action if $6 is pptp, as it will be, if this is a pptp link coming up. > This did the trick: if [ "$6" = "pptp" ]; then exit 0 fi I put that at the top of my ip-up.local, and if a VPN connection is made, the rest of the script does not execute, keeping the folks at dyndns.org happy [:-)] Thanks for that ipparam tip. I read about it in the man page after you suggested it. Nice to know that pppd has that. From jpj at as-tech.fr Sun Aug 5 20:03:24 2001 From: jpj at as-tech.fr (jpj) Date: Mon, 06 Aug 2001 01:03:24 +0000 Subject: [pptp-server] pptp and pppoe Message-ID: <3B6DECDB.900C4FF7@as-tech.fr> Hi all, I have a Linux server connected to ADSL line with PPPOE and I need to create VPN connections to win9x client stations. For this I'm trying to use PPTPD but I always get an error 650 on the client side Thanks Following is the content of the pptpd.log . Aug 6 00:47:35 thor pptpd[2407]: MGR: Manager process started Aug 6 00:47:45 thor pptpd[2409]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Aug 6 00:47:45 thor pptpd[2409]: CTRL: pppd options file = /etc/ppp/options.pptp Aug 6 00:47:45 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control connection started Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message (type: 1) Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a START CTRL CONN RPLY packet Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 156 bytes to the client. Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message (type: 7) Aug 6 00:47:46 thor pptpd[2409]: CTRL: Set parameters to 0 maxbps, 16 window size Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a OUT CALL RPLY packet Aug 6 00:47:46 thor pptpd[2409]: CTRL: Starting call (launching pppd, opening GRE) Aug 6 00:47:46 thor pptpd[2409]: CTRL: pty_fd = 5 Aug 6 00:47:46 thor pptpd[2409]: CTRL: tty_fd = 6 Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 32 bytes to the client. Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client Aug 6 00:47:46 thor pptpd[2410]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 6 00:47:46 thor pppd[2410]: pppd 2.3.11 started by root, uid 0 Aug 6 00:47:46 thor pppd[2410]: Using interface ppp1 Aug 6 00:47:46 thor pppd[2410]: Connect: ppp1 <--> /dev/pts/8 Aug 6 00:47:46 thor pppd[2410]: sent [LCP ConfReq id=0x1 ] Aug 6 00:48:13 thor last message repeated 9 times Aug 6 00:48:16 thor pppd[2410]: LCP: timeout sending Config-Requests Aug 6 00:48:16 thor pptpd[2409]: GRE: read(fd=5,buffer=804d840,len=8196) from PTY failed: status = -1 error = Input/output error Aug 6 00:48:16 thor pptpd[2409]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Aug 6 00:48:16 thor pppd[2410]: Connection terminated. Aug 6 00:48:16 thor pppd[2410]: Exit. Aug 6 00:48:16 thor pptpd[2407]: MGR: Reaped child 2409 Aug 6 00:48:16 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control connection finished Aug 6 00:48:16 thor pptpd[2409]: CTRL: Exiting now From wahlahg17 at yahoo.com Mon Aug 6 03:12:15 2001 From: wahlahg17 at yahoo.com (Muhammad Aqeel) Date: Mon, 6 Aug 2001 01:12:15 -0700 (PDT) Subject: [pptp-server] Problem Facing while establishing vpn with the help of pptp-client Message-ID: <20010806081215.28056.qmail@web20105.mail.yahoo.com> Sir , My teacher has given me an assignment to establish vpn through pptp.in b/w two linux machines So i installed Poptop server on one machine and pptp linux client on the other machine. But during installation procedure whenver i tried to install the pptp client i got this error. "LOOKING FOR MODULES ERROR: Required module misc/mppe.o not found." And during the setup procedure of pptp client whenever i tried to add a tunnel i get the following error "Insecure depebndecny in open while running with -T switch at /usr/lib/pptp-command Line 181 Line9." What does it mean. I am using RED HAT LINUX 7.0 on the machines If this point gets solved i think i would be able to make a vpn. And if any one thinks that some more informatino is neede hten please tell me .I will Submit my network daigrma too. But Please help me in solving the problem as i have to submit the assignmnet as soon as possible. Thanks in advance __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From cusumano at acmesolutions.it Mon Aug 6 04:40:37 2001 From: cusumano at acmesolutions.it (Daniele Cusumano) Date: Mon, 6 Aug 2001 11:40:37 +0200 Subject: [pptp-server] ppp configuration Message-ID: Hi there:)) I've recently configured PoPToP on my RedHat 6.2 which also acts as a firewall and internet point (ISDN connection) When I connect from my laptop (windows 2000) I notice that my internet connection goes down to let the new VPN connection flow. Is there something wrong with my configuration? True that I have evrething on one machine..I mean that on my RedHat 6.2 server I have a firewall running, an ISDN connection that is used to connect al windows 2000 clients and now also PoPToP..shoud these config. be changed? I can't have my internet connection going in parallel with a VPN connection? Can anybody help me out..I'm a newbe here;) Thanx 4 your time:)))) Ciao from Rome (ITALY) Daniele _______________________ Cusumano Daniele Software Developer Acme Solutions S.r.l Via Maestrini, 98 00128 Roma Tel. +39(6) 50780737 Cell. +39(338) 3742790 cusumano at acmesolutions.it -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: logo2.JPG Type: image/jpeg Size: 1985 bytes Desc: not available URL: From JaminC at adapt-tele.com Mon Aug 6 07:21:50 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Mon, 6 Aug 2001 07:21:50 -0500 Subject: [pptp-server] ppp configuration Message-ID: Please refrain from posting HTML to mailing lists. Daniele Cusumano [mailto:cusumano at acmesolutions.it] > I've recently configured PoPToP on my RedHat 6.2 which also acts as > a firewall and internet point (ISDN connection) > > When I connect from my laptop (windows 2000) I notice that my > internet connection goes down to let the new VPN connection flow. > > Is there something wrong with my configuration? Most likely you have your VPN connection configured to use the Default Gateway on the remote network. This overrides your ISP default gateway setting once a connection to your PoPToP server is made. > True that I have evrething on one machine..I mean that on my > RedHat 6.2 server I have a firewall running, an ISDN connection > that is used to connect al windows 2000 clients and now also > PoPToP..shoud these config. be changed? Nope, it appears to be just a client configuration problem at the moment. > I can't have my internet connection going in parallel with a VPN > connection? Yep, unless you need the default gateway setting. Jamin W. Collins From jpj at as-tech.fr Mon Aug 6 11:01:06 2001 From: jpj at as-tech.fr (jpj) Date: Mon, 6 Aug 2001 16:01:06 +0000 Subject: [pptp-server] pptp and pppoe Message-ID: <01080616010603.01002@jpj> Hi, Yes the win9x are on other sites and connecting to the server through internet access. pptpd.conf: option /etc/ppp/options.pptp debug localip 192.168.0.234-238,192.168.0.245 remoteip 192.168.1.234-238,192.168.1.245 /etc/ppp/options.pptp: lock debug auth +chap proxyarp /etc/ppp/chap-secrets jpj * snoopy * Firewall rules disabled (except masquerading) ipchains -A forward -s 192.6.8.0/24 -d 0.0.0.0/0 -j MASQ I've try several things like localip 192.168.200.234 and remoteip 192.168.200.224 in pptpd.conf ip adresse in chap-secret On the server side the internal adresse is 192.6.8.0/24 On the othe site the internal adress is 192.168.0.0/24 No effectcs on the connection i still get the error 650 on the win9x station. Thanks for your help On Dimanche 5 Ao?t 2001 23:55, you wrote: > I'm a bit confused, "to win9x stations" are you saying that the Win9x > stations are outside and connecting to the ADSL server? > > Can you send me your file ie, /etc/ppp/chap-secrets pptpd.conf and anything > else that might show where the problem is...?? > > -----Original Message----- > From: jpj [mailto:jpj at as-tech.fr] > Sent: Monday, August 06, 2001 11:03 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp and pppoe > > > Hi all, > > I have a Linux server connected to ADSL line with PPPOE and I need to > create VPN connections to win9x client stations. > For this I'm trying to use PPTPD but I always get an error 650 on the > client side > > Thanks > > Following is the content of the pptpd.log > > .. Aug 6 00:47:35 thor pptpd[2407]: MGR: Manager process started > Aug 6 00:47:45 thor pptpd[2409]: MGR: Launching > /usr/local/sbin/pptpctrl to handle client > Aug 6 00:47:45 thor pptpd[2409]: CTRL: pppd options file = > /etc/ppp/options.pptp > Aug 6 00:47:45 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > connection started > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > (type: 1) > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a START CTRL CONN RPLY > packet > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 156 bytes to the client. > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > (type: 7) > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Set parameters to 0 maxbps, 16 > window size > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a OUT CALL RPLY packet > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Starting call (launching pppd, > opening GRE) > Aug 6 00:47:46 thor pptpd[2409]: CTRL: pty_fd = 5 > Aug 6 00:47:46 thor pptpd[2409]: CTRL: tty_fd = 6 > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 32 bytes to the client. > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > Aug 6 00:47:46 thor pptpd[2410]: CTRL (PPPD Launcher): Connection speed > = 115200 > Aug 6 00:47:46 thor pppd[2410]: pppd 2.3.11 started by root, uid 0 > Aug 6 00:47:46 thor pppd[2410]: Using interface ppp1 > Aug 6 00:47:46 thor pppd[2410]: Connect: ppp1 <--> /dev/pts/8 > Aug 6 00:47:46 thor pppd[2410]: sent [LCP ConfReq id=0x1 > ] > Aug 6 00:48:13 thor last message repeated 9 times > Aug 6 00:48:16 thor pppd[2410]: LCP: timeout sending Config-Requests > Aug 6 00:48:16 thor pptpd[2409]: GRE: > read(fd=5,buffer=804d840,len=8196) from PTY failed: status = -1 error = > Input/output error > Aug 6 00:48:16 thor pptpd[2409]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Aug 6 00:48:16 thor pppd[2410]: Connection terminated. > Aug 6 00:48:16 thor pppd[2410]: Exit. > Aug 6 00:48:16 thor pptpd[2407]: MGR: Reaped child 2409 > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > connection finished > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Exiting now > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- AS-TECH Ingenierie Systeme et Reseaux Les Crozasses - 34670 St Bres -France Tel: +33 (0)467 708 926 - Fax: +33(0)467 708 927 http://www.as-tech.fr From jpetsche at eng.utoledo.edu Mon Aug 6 10:46:29 2001 From: jpetsche at eng.utoledo.edu (Joe Petsche) Date: Mon, 6 Aug 2001 11:46:29 -0400 Subject: [pptp-server] Error Message-ID: <006f01c11e8e$f5696940$4f00a8c0@dundee.net> I am getting this error when my windows 98 and 2k box connects to the PoPtop server (in message log). The error message comes across many times when the Win2k box connects but only once when the 98 machine connects. Was wondering if anyone knows why this is/how to send the correct configuration. Aug 6 10:39:23 tpc pppd[6472]: CCP: timeout sending Config-Requests Aug 6 10:39:25 tpc pppd[6472]: Received bad configure-ack: -Joe -------------- next part -------------- An HTML attachment was scrubbed... URL: From andy at rockcity.com Mon Aug 6 12:10:56 2001 From: andy at rockcity.com (Andy Worthington) Date: Mon, 6 Aug 2001 12:10:56 -0500 Subject: [pptp-server] error on login in In-Reply-To: <20010806081215.28056.qmail@web20105.mail.yahoo.com> Message-ID: <000f01c11e9a$c258c940$4264a8c0@PRIJON> I have a pptpd server I know works that I am trying to connect a new win98 client to. The error I am getting is: Jul 31 11:44:07 fw pppd[11739]: No CHAP secret found for authenticating rockcity_la\\bob Jul 31 11:44:07 fw pppd[11739]: MSCHAP-v2 peer authentication failed for remote host rockcity_la\\bob The entries in the chap-secrets file are for Irish\\bob which is why I am getting the error. The new client has its workgroup set to Irish in the identification tab of the network properties. Anyone know of another place on the client where I need to set the workgroup to Irish that it might currently be set to rockcity_la. Thanks From JaminC at adapt-tele.com Mon Aug 6 12:26:25 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Mon, 6 Aug 2001 12:26:25 -0500 Subject: [pptp-server] error on login in Message-ID: Andy Worthington [mailto:andy at rockcity.com] wrote: > I have a pptpd server I know works that I am trying to > connect a new win98 client to. The error I am getting > is: > > Jul 31 11:44:07 fw pppd[11739]: No CHAP secret found for > authenticating rockcity_la\\bob > Jul 31 11:44:07 fw pppd[11739]: MSCHAP-v2 peer authentication > failed for remote host rockcity_la\\bob > > The entries in the chap-secrets file are for Irish\\bob which > is why I am getting the error. The new client has its > workgroup set to Irish in the identification tab of the > network properties. Anyone know of another place on the > client where I need to set the workgroup to Irish that it might > currently be set to rockcity_la. Not sure on this one, but Login Domain may effect it. Another normally viable solution is to apply the strip domain patch to the PPTP server. Jamin W. Collins From GeorgeV at citadelcomputer.com.au Mon Aug 6 17:02:59 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 7 Aug 2001 08:02:59 +1000 Subject: [pptp-server] pptp and pppoe Message-ID: <200FAA488DE0D41194F10010B597610D1728E9@JUPITER> Firstly, remove the large range for "localip" and use a single IP (preferably the local LAN one for proxyarp to work). Then use a "remoteip" range which is in the SAME subnet as "localip" OR change the "localip" to be in the same subnet as "remoteip". Then get back to us if it still fails... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: jpj [mailto:jpj at as-tech.fr] Sent: Tuesday, August 07, 2001 2:01 AM To: George Vieira Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] pptp and pppoe Hi, Yes the win9x are on other sites and connecting to the server through internet access. pptpd.conf: option /etc/ppp/options.pptp debug localip 192.168.0.234-238,192.168.0.245 remoteip 192.168.1.234-238,192.168.1.245 /etc/ppp/options.pptp: lock debug auth +chap proxyarp /etc/ppp/chap-secrets jpj * snoopy * Firewall rules disabled (except masquerading) ipchains -A forward -s 192.6.8.0/24 -d 0.0.0.0/0 -j MASQ I've try several things like localip 192.168.200.234 and remoteip 192.168.200.224 in pptpd.conf ip adresse in chap-secret On the server side the internal adresse is 192.6.8.0/24 On the othe site the internal adress is 192.168.0.0/24 No effectcs on the connection i still get the error 650 on the win9x station. Thanks for your help On Dimanche 5 Ao?t 2001 23:55, you wrote: > I'm a bit confused, "to win9x stations" are you saying that the Win9x > stations are outside and connecting to the ADSL server? > > Can you send me your file ie, /etc/ppp/chap-secrets pptpd.conf and anything > else that might show where the problem is...?? > > -----Original Message----- > From: jpj [mailto:jpj at as-tech.fr] > Sent: Monday, August 06, 2001 11:03 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp and pppoe > > > Hi all, > > I have a Linux server connected to ADSL line with PPPOE and I need to > create VPN connections to win9x client stations. > For this I'm trying to use PPTPD but I always get an error 650 on the > client side > > Thanks > > Following is the content of the pptpd.log > > .. Aug 6 00:47:35 thor pptpd[2407]: MGR: Manager process started > Aug 6 00:47:45 thor pptpd[2409]: MGR: Launching > /usr/local/sbin/pptpctrl to handle client > Aug 6 00:47:45 thor pptpd[2409]: CTRL: pppd options file = > /etc/ppp/options.pptp > Aug 6 00:47:45 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > connection started > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > (type: 1) > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a START CTRL CONN RPLY > packet > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 156 bytes to the client. > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > (type: 7) > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Set parameters to 0 maxbps, 16 > window size > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a OUT CALL RPLY packet > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Starting call (launching pppd, > opening GRE) > Aug 6 00:47:46 thor pptpd[2409]: CTRL: pty_fd = 5 > Aug 6 00:47:46 thor pptpd[2409]: CTRL: tty_fd = 6 > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 32 bytes to the client. > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > Aug 6 00:47:46 thor pptpd[2410]: CTRL (PPPD Launcher): Connection speed > = 115200 > Aug 6 00:47:46 thor pppd[2410]: pppd 2.3.11 started by root, uid 0 > Aug 6 00:47:46 thor pppd[2410]: Using interface ppp1 > Aug 6 00:47:46 thor pppd[2410]: Connect: ppp1 <--> /dev/pts/8 > Aug 6 00:47:46 thor pppd[2410]: sent [LCP ConfReq id=0x1 > ] > Aug 6 00:48:13 thor last message repeated 9 times > Aug 6 00:48:16 thor pppd[2410]: LCP: timeout sending Config-Requests > Aug 6 00:48:16 thor pptpd[2409]: GRE: > read(fd=5,buffer=804d840,len=8196) from PTY failed: status = -1 error = > Input/output error > Aug 6 00:48:16 thor pptpd[2409]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Aug 6 00:48:16 thor pppd[2410]: Connection terminated. > Aug 6 00:48:16 thor pppd[2410]: Exit. > Aug 6 00:48:16 thor pptpd[2407]: MGR: Reaped child 2409 > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > connection finished > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Exiting now > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- AS-TECH Ingenierie Systeme et Reseaux Les Crozasses - 34670 St Bres -France Tel: +33 (0)467 708 926 - Fax: +33(0)467 708 927 http://www.as-tech.fr From GeorgeV at citadelcomputer.com.au Mon Aug 6 17:05:09 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 7 Aug 2001 08:05:09 +1000 Subject: [pptp-server] Problem Facing while establishing vpn with the help of pptp-client Message-ID: <200FAA488DE0D41194F10010B597610D1728EA@JUPITER> Means that mppe is not loading and that's what then encryption is. you need to compile your pppd with mppe support. Your pppd and kernel by default don't have mppe.o installed. There are many sites showing how to compile mppe into your pppd source code and update you kernel etc.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Muhammad Aqeel [mailto:wahlahg17 at yahoo.com] Sent: Monday, August 06, 2001 6:12 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Problem Facing while establishing vpn with the help of pptp-client Sir , My teacher has given me an assignment to establish vpn through pptp.in b/w two linux machines So i installed Poptop server on one machine and pptp linux client on the other machine. But during installation procedure whenver i tried to install the pptp client i got this error. "LOOKING FOR MODULES ERROR: Required module misc/mppe.o not found." And during the setup procedure of pptp client whenever i tried to add a tunnel i get the following error "Insecure depebndecny in open while running with -T switch at /usr/lib/pptp-command Line 181 Line9." What does it mean. I am using RED HAT LINUX 7.0 on the machines If this point gets solved i think i would be able to make a vpn. And if any one thinks that some more informatino is neede hten please tell me .I will Submit my network daigrma too. But Please help me in solving the problem as i have to submit the assignmnet as soon as possible. Thanks in advance __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Mon Aug 6 17:06:41 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 7 Aug 2001 08:06:41 +1000 Subject: [pptp-server] Error Message-ID: <200FAA488DE0D41194F10010B597610D1728EB@JUPITER> Please send your configuration files. Errors mean nothing to us unless we can see your configuration files.. /etc/ppp/options.pptp and pptpd.conf and anything else that's pptp related, send them too. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Joe Petsche [mailto:jpetsche at eng.utoledo.edu] Sent: Tuesday, August 07, 2001 1:46 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Error I am getting this error when my windows 98 and 2k box connects to the PoPtop server (in message log). The error message comes across many times when the Win2k box connects but only once when the 98 machine connects. Was wondering if anyone knows why this is/how to send the correct configuration. Aug 6 10:39:23 tpc pppd[6472]: CCP: timeout sending Config-Requests Aug 6 10:39:25 tpc pppd[6472]: Received bad configure-ack: -Joe From mickh at kincrome.com.au Mon Aug 6 21:13:19 2001 From: mickh at kincrome.com.au (Michael Hayes) Date: Tue, 7 Aug 2001 12:13:19 +1000 Subject: [pptp-server] flakey adsl Message-ID: Hi, I have a remote site in New Zealand using pppoa (jetsream) to connect back to my Melbourne Australia based host running a 2mb fibre link. The host side of the connection is rock solid, I can keep 100+ hour connections from my home cable modem (melbourne based), but the pppoa seems to get heaps of atm errors, these cause me no end of problems. After a series of these atm errors the vpn connection drops, does anyone know of a way to build some more fail over protection into poptop. I am using 1.1.2 version of poptop with kernel 2.4.5 and full encryption. I'm not looking for a magic bullet, more so something that may help keep the connection up for longer than 15 odd minutes. Any sughestions would be well received. Thanks in advance. Mick From charlieb at e-smith.com Mon Aug 6 21:43:35 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 6 Aug 2001 22:43:35 -0400 (EDT) Subject: [pptp-server] flakey adsl In-Reply-To: Message-ID: On Tue, 7 Aug 2001, Michael Hayes wrote: > I have a remote site in New Zealand using pppoa (jetsream) to connect back > to my Melbourne Australia based host running a 2mb fibre link. The host > side of the connection is rock solid, I can keep 100+ hour connections from > my home cable modem (melbourne based), but the pppoa seems to get heaps of > atm errors, these cause me no end of problems. After a series of these atm > errors the vpn connection drops, does anyone know of a way to build some > more fail over protection into poptop. I am using 1.1.2 version of poptop > with kernel 2.4.5 and full encryption. I'm not looking for a magic bullet, Are you sure? > more so something that may help keep the connection up for longer than 15 > odd minutes. > > Any sughestions would be well received. If you can't avaoid pppoa, then I'd suggest that you investigate using IPSEC. The PPTP protocol isn't robust in the face of missing or out of order packets. The version of poptop you are using does its best to reorder out-of-order packets before the get to the MPPE decrypter, but it can only do so much. Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From GeorgeV at citadelcomputer.com.au Mon Aug 6 23:30:15 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 7 Aug 2001 14:30:15 +1000 Subject: [pptp-server] flakey adsl Message-ID: <200FAA488DE0D41194F10010B597610D1728F4@JUPITER> One thing that might help you a bit if your running Linux on both ends is that if you can't fix the link problem itself then put into the /etc/ppp/options.pptp file the following: lcp-echo-failure 60 lcp-echo-interval 5 This will do continous pings to check that the link is up. If the link is flakey and causes timeouts enough to trigger this, it'll drop the pppd link. Then what you can do it in your /etc/ppp/ip-down.local file, detect the `ipparam` setting you used and make it bring the link up. Though be careful not to bring a link up when a current link is still active, I wrote scripts to check this on mine and to wait until the old link fully completes... This at least will help keep the link up and any telnet/ftp session may be able to hang on longer.. worked for me anyway.... Hope this helps a bit... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Michael Hayes [mailto:mickh at kincrome.com.au] Sent: Tuesday, August 07, 2001 12:13 PM To: Pptp-Server at Lists. Schulte. Org Subject: [pptp-server] flakey adsl Hi, I have a remote site in New Zealand using pppoa (jetsream) to connect back to my Melbourne Australia based host running a 2mb fibre link. The host side of the connection is rock solid, I can keep 100+ hour connections from my home cable modem (melbourne based), but the pppoa seems to get heaps of atm errors, these cause me no end of problems. After a series of these atm errors the vpn connection drops, does anyone know of a way to build some more fail over protection into poptop. I am using 1.1.2 version of poptop with kernel 2.4.5 and full encryption. I'm not looking for a magic bullet, more so something that may help keep the connection up for longer than 15 odd minutes. Any sughestions would be well received. Thanks in advance. Mick _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From mikael.lonnroth at advancevpn.com Tue Aug 7 00:20:59 2001 From: mikael.lonnroth at advancevpn.com (Mikael =?iso-8859-1?q?L=F6nnroth?=) Date: Tue, 7 Aug 2001 08:20:59 +0300 Subject: [pptp-server] error on login in In-Reply-To: <000f01c11e9a$c258c940$4264a8c0@PRIJON> References: <000f01c11e9a$c258c940$4264a8c0@PRIJON> Message-ID: <01080708205902.15048@secure.advancevpn.com> Hello, I am having sort of similar problems: Login with Windows 98 SE does not seem to send ANY domain (that is, it seems that the person is not even logged in to Microsoft networking on the client). The primary logon (control panel -> network) is correctly set, as is the identification workgroup. WHAT'S GOING ON? =) As to your problem, I had that yesterday and I don't know if this is really what happened, but my PPTP dial-up connection sent the old domain name, even though I had changed it, until I actually created a new VPN dial-up entry. After that it sent the correct, new name. (AND HOW IS THAT POSSIBLE? =)) Regards, Mikael mikael.lonnroth at advancevpn.com www.advancevpn.com On Monday 06 August 2001 8:10 pm, Andy Worthington wrote: > I have a pptpd server I know works that I am trying to connect a new win98 > client to. The error I am getting is: > > Jul 31 11:44:07 fw pppd[11739]: No CHAP secret found for authenticating > rockcity_la\\bob > Jul 31 11:44:07 fw pppd[11739]: MSCHAP-v2 peer authentication failed for > remote host rockcity_la\\bob > > The entries in the chap-secrets file are for Irish\\bob which is why I am > getting the error. The new client has its workgroup set to Irish in the > identification tab of the network properties. Anyone know of another place > on the client where I need to set the workgroup to Irish that it might > currently be set to rockcity_la. > > Thanks > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Tue Aug 7 00:22:21 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 7 Aug 2001 15:22:21 +1000 Subject: [pptp-server] error on login in Message-ID: <200FAA488DE0D41194F10010B597610D1728F8@JUPITER> Dial Up Networking create actual files which contain information in them. They (as far as I know) are just plain text. I think it copies the domain info into the dial up file. Try opening your Dial Up Networking connection with Notepad.. I think it's text readable and contains the workgroup in there... but as Mikael says, create a new VPN is easier... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Mikael L?nnroth [mailto:mikael.lonnroth at advancevpn.com] Sent: Tuesday, August 07, 2001 3:21 PM To: Andy Worthington; pptp-server at lists.schulte.org Subject: Re: [pptp-server] error on login in Hello, I am having sort of similar problems: Login with Windows 98 SE does not seem to send ANY domain (that is, it seems that the person is not even logged in to Microsoft networking on the client). The primary logon (control panel -> network) is correctly set, as is the identification workgroup. WHAT'S GOING ON? =) As to your problem, I had that yesterday and I don't know if this is really what happened, but my PPTP dial-up connection sent the old domain name, even though I had changed it, until I actually created a new VPN dial-up entry. After that it sent the correct, new name. (AND HOW IS THAT POSSIBLE? =)) Regards, Mikael mikael.lonnroth at advancevpn.com www.advancevpn.com On Monday 06 August 2001 8:10 pm, Andy Worthington wrote: > I have a pptpd server I know works that I am trying to connect a new win98 > client to. The error I am getting is: > > Jul 31 11:44:07 fw pppd[11739]: No CHAP secret found for authenticating > rockcity_la\\bob > Jul 31 11:44:07 fw pppd[11739]: MSCHAP-v2 peer authentication failed for > remote host rockcity_la\\bob > > The entries in the chap-secrets file are for Irish\\bob which is why I am > getting the error. The new client has its workgroup set to Irish in the > identification tab of the network properties. Anyone know of another place > on the client where I need to set the workgroup to Irish that it might > currently be set to rockcity_la. > > Thanks > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From rich at riafinancial.com Tue Aug 7 10:15:12 2001 From: rich at riafinancial.com (Rich Paredes) Date: Tue, 7 Aug 2001 10:15:12 -0500 Subject: [pptp-server] Limit access to certain machines Message-ID: <004c01c11f53$e2fafa10$531fa8c0@RPLAPTOP> Is there anyway to configure the PPTP server to limit access to certain servers in the network without implementing firewall rules. My concern is that even though I could assign VPN clients a certain range of ip addresses and add rules to our firewall to only allow these range of ip's to access certain services on certain machines, our VPN clients can still assign themselves a static IP address in the VPN client setup. If they assign themselves a static ip outside of the range we blocked, they then have access to the ENTIRE NETWORK. Does anyone have any solution to this? I'm not looking to separate them on their own network... Thanks. Rich Paredes -------------- next part -------------- An HTML attachment was scrubbed... URL: From JaminC at adapt-tele.com Tue Aug 7 09:17:27 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Tue, 7 Aug 2001 09:17:27 -0500 Subject: [pptp-server] Limit access to certain machines Message-ID: Please refrain from posting to mailing lists using HTML. Rich Paredes [mailto:rich at riafinancial.com] wrote: > My concern is that even though I could assign VPN clients a certain > range of ip addresses and add rules to our firewall to only allow > these range of ip's to access certain services on certain machines, > our VPN clients can still assign themselves a static IP address in > the VPN client setup. If they assign themselves a static ip outside > of the range we blocked, they then have access to the ENTIRE NETWORK. > Does anyone have any solution to this? I'm not looking to separate > them on their own network... Thanks. With the proper firewall rules, you can control the traffic not only by source/destination IP, but also by interface. The rules can be designed so that even though the IP may be valid for access to the entire network, the interface that the connection was received on is not. Jamin W. Collins From fred_pasteck at yahoo.com Tue Aug 7 12:04:38 2001 From: fred_pasteck at yahoo.com (fred pasteck) Date: Tue, 7 Aug 2001 10:04:38 -0700 (PDT) Subject: [pptp-server] 2.2.19 kernel questions Message-ID: <20010807170438.1000.qmail@web12504.mail.yahoo.com> Hi. Can someone point me to a cumulative list of patches necessary to implement pptp on a 2.2.19 kernel? I've found no less than 10 sites that have varying and conflicting information on which patches should apply, which version is the latest, etc... There will be a pretty wide variety of clients connecting, including NT/2000/ME/98. Under what circumstances do I need the stateless patch? I'd like to implement MPPE to support encryption, but am unable to find a 2.2.19 openssl-0.9.6a patch for the kernel. When is necessary to apply the various chap1/2 fixes? thanks. __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From jpetsche at eng.utoledo.edu Tue Aug 7 13:14:12 2001 From: jpetsche at eng.utoledo.edu (Joe Petsche) Date: Tue, 7 Aug 2001 14:14:12 -0400 Subject: [pptp-server] Fw: Error Message-ID: <006a01c11f6c$c2bed5a0$4f00a8c0@dundee.net> Here are my config files: Again, I don't know exactly what the error message mean (see below). $ cat /etc/ppp/options ---------------->>>> name tpc lock auth proxyarp # For routing to other hosts on internal network +chap +chapms +chapms-v2 #mppe-40 mppe-128 mppe-stateless #require-chap # +chap equivalent? <<<<<<<<<<<<<<-------------------------- $ cat /etc/pptpd.conf ---------------->>>> #speed 115200 #option /etc/ppp/options #debug localip 192.168.0.4,205.244.26.240 remoteip 192.168.0.234-240 <<<<<<<<<<<<<<-------------------------- ----- Original Message ----- From: Joe Petsche To: pptp-server at lists.schulte.org Sent: Monday, August 06, 2001 11:46 AM Subject: Error I am getting this error when my windows 98 and 2k box connects to the PoPtop server (in message log). The error message comes across many times when the Win2k box connects but only once when the 98 machine connects. Was wondering if anyone knows why this is/how to send the correct configuration. Aug 6 10:39:23 tpc pppd[6472]: CCP: timeout sending Config-Requests Aug 6 10:39:25 tpc pppd[6472]: Received bad configure-ack: -Joe -------------- next part -------------- An HTML attachment was scrubbed... URL: From wahlahg17 at yahoo.com Tue Aug 7 14:08:08 2001 From: wahlahg17 at yahoo.com (Muhammad Aqeel) Date: Tue, 7 Aug 2001 12:08:08 -0700 (PDT) Subject: [pptp-server] Where can i find mppe module In-Reply-To: <20010807075219.80269.qmail@web20110.mail.yahoo.com> Message-ID: <20010807190808.40701.qmail@web20102.mail.yahoo.com> --- Muhammad Aqeel wrote: > Where can i get mppe module support . please tell me the > name of atelast two sites.. > and also tell me ho can i compile it into ppp and > kernel.Shold i need to compile the module in ppp and kernel separately. please help me in solving it.. i dearly needto > submit > my assugnmnet within few days > > thanks in advance > > > > > > > > --- George Vieira > wrote: > > Means that mppe is not loading and that's what > then > > encryption is. you need > > to compile your pppd with mppe support. Your pppd > > and kernel by default > > don't have mppe.o installed. > > > > There are many sites showing how to compile mppe > > into your pppd source code > > and update you kernel etc.. > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > PH +(61)2 9955 2644 > > FX +(61)2 9955 2659 > > > > -----Original Message----- > > From: Muhammad Aqeel [mailto:wahlahg17 at yahoo.com] > > Sent: Monday, August 06, 2001 6:12 PM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] Problem Facing while > > establishing vpn with the > > help of pptp-client > > > > > > Sir , > > > > My teacher has given me an assignment to establish > > vpn > > through pptp.in b/w two linux machines > > > > So i installed Poptop server on one machine > > and pptp linux client on the other machine. > > > > But during installation procedure whenver i tried > to > > install the pptp client i got this error. > > > > "LOOKING FOR MODULES > > ERROR: Required module misc/mppe.o not found." > > > > And during the setup procedure of pptp client > > whenever > > i tried to add a tunnel i get the following error > > > > "Insecure depebndecny in open while running with > -T > > switch at /usr/lib/pptp-command Line 181 > > Line9." > > > > What does it mean. I am using RED HAT LINUX 7.0 on > > the > > machines > > > > If this point gets solved i think i would be able > to > > make a vpn. > > > > And if any one thinks that some more informatino > is > > neede hten please tell me .I will Submit my > network > > daigrma too. But Please help me in solving the > > problem > > as i have to submit the assignmnet as soon as > > possible. > > > > Thanks in advance > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Make international calls for as low as $.04/minute > > with Yahoo! Messenger > > http://phonecard.yahoo.com/ > > _______________________________________________ > > pptp-server maillist - > > pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this > > line. -- > > _______________________________________________ > > pptp-server maillist - > > pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this > > line. -- > > > __________________________________________________ > Do You Yahoo!? > Make international calls for as low as $.04/minute > with Yahoo! Messenger > http://phonecard.yahoo.com/ __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From roberto at dealmeida.net Tue Aug 7 17:34:50 2001 From: roberto at dealmeida.net (roberto at dealmeida.net) Date: Tue, 7 Aug 2001 19:34:50 -0300 Subject: [pptp-server] =?iso-8859-1?Q?Can_connect_but_can=B4t_mount_shares?= Message-ID: <20010807193450.A779@xixarro.inet> Hi, all. I?ve been trying for the last few days to create a VPN to my father?s company from home. Here?s what I have: At my father?s company I?ve made a 192.168.0.x network. A firewall/router connects eth0 to the internet, and eth1 is 192.168.0.1. The firewall is running samba, and acts as file server. PoPToPd is running on the server. /etc/pptpd.conf speed 115200 debug localip 192.168.0.11-20 remoteip 192.168.0.21-30 listen 200.201.1.60 /etc/ppp/options debug name servidor auth require-chap proxyarp /etc/ppp/chap-secrets username1 servidor password1 * username2 servidor password2 * At home I have also a 192.168.0.x network, with the same setup. My firewall/router has eth0 to the internet, and eth1 is 192.168.0.1. The firewall?s rules allows the connection (I?ve installed Seattle Firewall, which has support to pptpd). I want to connect with a Windows machine. I created the VPN connection, and when I launch it, the computer connects through the VPN. I configured the client to use the pptpd server as it?s gateway, and it works fine: I can ping machines in the internal network at the office from home. Samba is configured to accept connections from eth* and ppp*, and also from 192.168.0.x. The problem is: I can?t find any computers. If I try to mount them, with \\name or \\ip, I find nothing. Is this a problem with my pptpd configuration? Or perhaps something with Samba? Thanks in advance, Roberto -- ____ / o/ Roberto A. F. Almeida < /| robertoaf at dealmeida.net | /\| |/ /_\ From JaminC at adapt-tele.com Tue Aug 7 14:41:32 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Tue, 7 Aug 2001 14:41:32 -0500 Subject: [pptp-server] =?iso-8859-1?Q?RE=3A_=5Bpptp-server=5D_Can_connect_but_can=B4t?= =?iso-8859-1?Q?_mount_shares?= Message-ID: roberto at dealmeida.net [mailto:roberto at dealmeida.net] wrote: > I?ve been trying for the last few days to create a VPN to my > father?s company from home. Here?s what I have: > > At my father?s company I?ve made a 192.168.0.x network. (snip) > At home I have also a 192.168.0.x network, with the same > setup. This is possibly part of the problem. You are using the same IP subnets on both networks. These should be different. Jamin W. Collins From roberto at dealmeida.net Tue Aug 7 17:46:09 2001 From: roberto at dealmeida.net (roberto at dealmeida.net) Date: Tue, 7 Aug 2001 19:46:09 -0300 Subject: [pptp-server] Re: =?iso-8859-1?Q?=5Bpptp-server=5D_Can_connect_but_can=B4t_mount_shares?= In-Reply-To: ; from JaminC@adapt-tele.com on Tue, Aug 07, 2001 at 02:41:32PM -0500 References: Message-ID: <20010807194609.A841@xixarro.inet> Jamin Collins escreveu (Tue, Aug 07, 2001 at 02:41:32PM -0500): > > At my father?s company I?ve made a 192.168.0.x network. > (snip) > > At home I have also a 192.168.0.x network, with the same > > setup. > This is possibly part of the problem. You are using the same IP subnets on > both networks. These should be different. Ok, I?ll change them and see what happens. Thanks, Roberto -- ____ / o/ Roberto A. F. Almeida < /| robertoaf at dealmeida.net | /\| |/ /_\ From GeorgeV at citadelcomputer.com.au Tue Aug 7 17:08:27 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 8 Aug 2001 08:08:27 +1000 Subject: [pptp-server] Limit access to certain machines Message-ID: <200FAA488DE0D41194F10010B597610D172902@JUPITER> You could assign these people IPs in the /etc/ppp/chap-secrets file. I'm sure this works where pppd will report "Peer is not authorized to use remote address 192.168.1.100" (example taken from my logs). Your firewall rules should kill anything out of this IP range as a normal firewall would. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 From GeorgeV at citadelcomputer.com.au Tue Aug 7 17:12:37 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 8 Aug 2001 08:12:37 +1000 Subject: [pptp-server] Fw: Error Message-ID: <200FAA488DE0D41194F10010B597610D172903@JUPITER> Argh these white screen text emails..!!! (white on white)..??? Please get rid of the the second IP in your "localip" and "remoteip" configs.. that'll cause problems. You also only need 1 localip and it usually is a private IP range... usually.. eg. localip 192.168.0.4 remoteip 192.168.0.234-240 that's it.. that's all you need going. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Joe Petsche [mailto:jpetsche at eng.utoledo.edu] Sent: Wednesday, August 08, 2001 4:14 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Fw: Error Here are my config files: Again, I don't know exactly what the error message mean (see below). $ cat /etc/ppp/options ---------------->>>> name tpc lock auth proxyarp # For routing to other hosts on internal network +chap +chapms +chapms-v2 #mppe-40 mppe-128 mppe-stateless #require-chap # +chap equivalent? <<<<<<<<<<<<<<-------------------------- $ cat /etc/pptpd.conf ---------------->>>> #speed 115200 #option /etc/ppp/options #debug localip 192.168.0.4,205.244.26.240 remoteip 192.168.0.234-240 <<<<<<<<<<<<<<-------------------------- ----- Original Message ----- From: Joe Petsche To: pptp-server at lists.schulte.org Sent: Monday, August 06, 2001 11:46 AM Subject: Error I am getting this error when my windows 98 and 2k box connects to the PoPtop server (in message log). The error message comes across many times when the Win2k box connects but only once when the 98 machine connects. Was wondering if anyone knows why this is/how to send the correct configuration. Aug 6 10:39:23 tpc pppd[6472]: CCP: timeout sending Config-Requests Aug 6 10:39:25 tpc pppd[6472]: Received bad configure-ack: -Joe From GeorgeV at citadelcomputer.com.au Tue Aug 7 17:15:59 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 8 Aug 2001 08:15:59 +1000 Subject: [pptp-server] =?iso-8859-1?Q?RE=3A_=5Bpptp-server=5D_Re=3A_=5Bpptp-server=5D?= =?iso-8859-1?Q?_Can_connect_but_can=B4t_mount_shares?= Message-ID: <200FAA488DE0D41194F10010B597610D172904@JUPITER> The only way this will work is to add a static/permanent route for EACH host to your PC/firewall (waste really).. Or just use a 192.168.1.x network and `route add -net 192.168.0.0/24 gw $5` in your ip-up.local (I think it's $5). thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: roberto at dealmeida.net [mailto:roberto at dealmeida.net] Sent: Wednesday, August 08, 2001 8:46 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Re: [pptp-server] Can connect but can?t mount shares Jamin Collins escreveu (Tue, Aug 07, 2001 at 02:41:32PM -0500): > > At my father?s company I?ve made a 192.168.0.x network. > (snip) > > At home I have also a 192.168.0.x network, with the same > > setup. > This is possibly part of the problem. You are using the same IP subnets on > both networks. These should be different. Ok, I?ll change them and see what happens. Thanks, Roberto -- ____ / o/ Roberto A. F. Almeida < /| robertoaf at dealmeida.net | /\| |/ /_\ _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From mikael.lonnroth at advancevpn.com Wed Aug 8 02:39:29 2001 From: mikael.lonnroth at advancevpn.com (Mikael =?iso-8859-1?q?L=F6nnroth?=) Date: Wed, 8 Aug 2001 10:39:29 +0300 Subject: [pptp-server] Where can i find mppe module In-Reply-To: <20010807190808.40701.qmail@web20102.mail.yahoo.com> References: <20010807190808.40701.qmail@web20102.mail.yahoo.com> Message-ID: <01080810392900.04389@secure.advancevpn.com> Hi there, I'll quote myself here (since I was lucky enough to get it to work) [RedHat 7.1] 1. Unzip linux-2.4.4 (kernel) into /usr/src 2. [/usr/src] patch -p0 < linux-2.4.4-openssl-0.9.6a-mppe.patch.gz (http://www.advancevpn.com/public/linux-2.4.4-openssl-0.9.6a-mppe.patch.gz?) 3. Unzip ppp-2.4.1 into /usr/src (http://www.advancevpn.com/public/ppp-2.4.1.tar.gz?) 4. [/usr/src] patch -p0 < ppp-2.4.1-openssl-0.9.6-mppe-patch (http://www.advancevpn.com/public/ppp-2.4.1-openssl-0.9.6-mppe-patch.gz?) 5. Unzip pptp-1.1.2 into /usr/src 6. In between, make and install all the packages, find correct ppp/options, pptpd.conf etc files Mikael L?nnroth mikael.lonnroth at advancevpn.com On Tuesday 07 August 2001 10:08 pm, Muhammad Aqeel wrote: > --- Muhammad Aqeel wrote: > > Where can i get mppe module support . please tell me > > the > name of atelast two sites.. > > > and also tell me ho can i compile it into ppp and > > kernel.Shold i need to compile the module in ppp and > > kernel separately. please help me in solving it.. i > dearly needto > > > submit > > my assugnmnet within few days > > > > thanks in advance > > > > > > > > > > > > > > > > --- George Vieira > > > > wrote: > > > Means that mppe is not loading and that's what > > > > then > > > > > encryption is. you need > > > to compile your pppd with mppe support. Your pppd > > > and kernel by default > > > don't have mppe.o installed. > > > > > > There are many sites showing how to compile mppe > > > into your pppd source code > > > and update you kernel etc.. > > > > > > thanks, > > > George Vieira > > > Network Engineer > > > Citadel Computer Systems P/L > > > PH +(61)2 9955 2644 > > > FX +(61)2 9955 2659 > > > > > > -----Original Message----- > > > From: Muhammad Aqeel [mailto:wahlahg17 at yahoo.com] > > > Sent: Monday, August 06, 2001 6:12 PM > > > To: pptp-server at lists.schulte.org > > > Subject: [pptp-server] Problem Facing while > > > establishing vpn with the > > > help of pptp-client > > > > > > > > > Sir , > > > > > > My teacher has given me an assignment to establish > > > vpn > > > through pptp.in b/w two linux machines > > > > > > So i installed Poptop server on one machine > > > and pptp linux client on the other machine. > > > > > > But during installation procedure whenver i tried > > > > to > > > > > install the pptp client i got this error. > > > > > > "LOOKING FOR MODULES > > > ERROR: Required module misc/mppe.o not found." > > > > > > And during the setup procedure of pptp client > > > whenever > > > i tried to add a tunnel i get the following error > > > > > > "Insecure depebndecny in open while running with > > > > -T > > > > > switch at /usr/lib/pptp-command Line 181 > > > Line9." > > > > > > What does it mean. I am using RED HAT LINUX 7.0 on > > > the > > > machines > > > > > > If this point gets solved i think i would be able > > > > to > > > > > make a vpn. > > > > > > And if any one thinks that some more informatino > > > > is > > > > > neede hten please tell me .I will Submit my > > > > network > > > > > daigrma too. But Please help me in solving the > > > problem > > > as i have to submit the assignmnet as soon as > > > possible. > > > > > > Thanks in advance > > > > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Make international calls for as low as $.04/minute > > > with Yahoo! Messenger > > > http://phonecard.yahoo.com/ > > > _______________________________________________ > > > pptp-server maillist - > > > pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this > > > line. -- > > > _______________________________________________ > > > pptp-server maillist - > > > pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this > > > line. -- > > > > __________________________________________________ > > Do You Yahoo!? > > Make international calls for as low as $.04/minute > > with Yahoo! Messenger > > http://phonecard.yahoo.com/ > > __________________________________________________ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From wojciech.milc at milc.com.pl Wed Aug 8 04:20:55 2001 From: wojciech.milc at milc.com.pl (Wojciech Milc) Date: Wed, 8 Aug 2001 11:20:55 +0200 Subject: [pptp-server] Solution: Estabilishing VPN tunnels to multiple Win98 hosts behind a masquerade Message-ID: <001101c11feb$6e349540$0900000a@biurok1> Tell me if I am wrong thinking that I can solve a problem estabilishing VPN tunnels to multiple Win98 hosts behind a masquerade (problem is that because of masquerade you are able to set up a VPN to olny one host at a time) by setting up a tunnel between masquerade machine <=> main pptp server? Then with this link estabilished it woul be possible to set up VPN tunnels between masq machine and multiple clients in that particular network, which would work exactly as VPN tunnels between these hosts and main pptp server. Am I right? Milc From GeorgeV at citadelcomputer.com.au Wed Aug 8 05:02:08 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 8 Aug 2001 20:02:08 +1000 Subject: [pptp-server] Where can i find mppe module Message-ID: <200FAA488DE0D41194F10010B597610D172921@JUPITER> Now THAT's what I like.. a straight forward install instructions in 5-10 lines.. Now where's the 40 page of "Why isn't it working though" site.. ;-) Is there still nobody updating contributing to the poptop.lineo.com site? It would be good to put a page up for special patches like the one I saw before which implemented all other patches into 1 big one (mppe,smblib,mschap,etc).. That'll be nice... -----Original Message----- From: Mikael L?nnroth [mailto:mikael.lonnroth at advancevpn.com] Sent: Wednesday, August 08, 2001 5:39 PM To: Muhammad Aqeel; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Where can i find mppe module Hi there, I'll quote myself here (since I was lucky enough to get it to work) [RedHat 7.1] 1. Unzip linux-2.4.4 (kernel) into /usr/src 2. [/usr/src] patch -p0 < linux-2.4.4-openssl-0.9.6a-mppe.patch.gz (http://www.advancevpn.com/public/linux-2.4.4-openssl-0.9.6a-mppe.patch.gz?) 3. Unzip ppp-2.4.1 into /usr/src (http://www.advancevpn.com/public/ppp-2.4.1.tar.gz?) 4. [/usr/src] patch -p0 < ppp-2.4.1-openssl-0.9.6-mppe-patch (http://www.advancevpn.com/public/ppp-2.4.1-openssl-0.9.6-mppe-patch.gz?) 5. Unzip pptp-1.1.2 into /usr/src 6. In between, make and install all the packages, find correct ppp/options, pptpd.conf etc files Mikael L?nnroth mikael.lonnroth at advancevpn.com On Tuesday 07 August 2001 10:08 pm, Muhammad Aqeel wrote: > --- Muhammad Aqeel wrote: > > Where can i get mppe module support . please tell me > > the > name of atelast two sites.. > > > and also tell me ho can i compile it into ppp and > > kernel.Shold i need to compile the module in ppp and > > kernel separately. please help me in solving it.. i > dearly needto > > > submit > > my assugnmnet within few days > > > > thanks in advance > > > > > > > > > > > > > > > > --- George Vieira > > > > wrote: > > > Means that mppe is not loading and that's what > > > > then > > > > > encryption is. you need > > > to compile your pppd with mppe support. Your pppd > > > and kernel by default > > > don't have mppe.o installed. > > > > > > There are many sites showing how to compile mppe > > > into your pppd source code > > > and update you kernel etc.. > > > > > > thanks, > > > George Vieira > > > Network Engineer > > > Citadel Computer Systems P/L > > > PH +(61)2 9955 2644 > > > FX +(61)2 9955 2659 > > > > > > -----Original Message----- > > > From: Muhammad Aqeel [mailto:wahlahg17 at yahoo.com] > > > Sent: Monday, August 06, 2001 6:12 PM > > > To: pptp-server at lists.schulte.org > > > Subject: [pptp-server] Problem Facing while > > > establishing vpn with the > > > help of pptp-client > > > > > > > > > Sir , > > > > > > My teacher has given me an assignment to establish > > > vpn > > > through pptp.in b/w two linux machines > > > > > > So i installed Poptop server on one machine > > > and pptp linux client on the other machine. > > > > > > But during installation procedure whenver i tried > > > > to > > > > > install the pptp client i got this error. > > > > > > "LOOKING FOR MODULES > > > ERROR: Required module misc/mppe.o not found." > > > > > > And during the setup procedure of pptp client > > > whenever > > > i tried to add a tunnel i get the following error > > > > > > "Insecure depebndecny in open while running with > > > > -T > > > > > switch at /usr/lib/pptp-command Line 181 > > > Line9." > > > > > > What does it mean. I am using RED HAT LINUX 7.0 on > > > the > > > machines > > > > > > If this point gets solved i think i would be able > > > > to > > > > > make a vpn. > > > > > > And if any one thinks that some more informatino > > > > is > > > > > neede hten please tell me .I will Submit my > > > > network > > > > > daigrma too. But Please help me in solving the > > > problem > > > as i have to submit the assignmnet as soon as > > > possible. > > > > > > Thanks in advance > > > > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Make international calls for as low as $.04/minute > > > with Yahoo! Messenger > > > http://phonecard.yahoo.com/ > > > _______________________________________________ > > > pptp-server maillist - > > > pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this > > > line. -- > > > _______________________________________________ > > > pptp-server maillist - > > > pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this > > > line. -- > > > > __________________________________________________ > > Do You Yahoo!? > > Make international calls for as low as $.04/minute > > with Yahoo! Messenger > > http://phonecard.yahoo.com/ > > __________________________________________________ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/ > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From bartek at cafe.milc.com.pl Wed Aug 8 05:29:42 2001 From: bartek at cafe.milc.com.pl (Yoss) Date: Wed, 8 Aug 2001 12:29:42 +0200 Subject: [pptp-server] VPN and squid Message-ID: <20010808122942.A493@cafe.milc.com.pl> Hi. I made a small VPN network. Everything works fine, almost. I have transparent proxy on squid. It's acls limits access to my customers (exactly: to my IPs). But all of my VPN customers have "Access denied" - and in the squid's log I can see their REAL ip (not, the remoteip from pptp.conf). What is going on? Why squid can see their real ip? Many of my customers have dynamic ip, so I can't add them to acls. I don't want to make open proxy. What can I do? Thank you in advance -- Bart?omiej Butyn aka Yoss Nie ma tego z?ego co by na gorsze nie wysz?o. From jvonau at home.com Wed Aug 8 06:18:29 2001 From: jvonau at home.com (Jerry Vonau) Date: Wed, 08 Aug 2001 06:18:29 -0500 Subject: [pptp-server] Solution: Estabilishing VPN tunnels to multiple Win98 hosts behind a masquerade References: <001101c11feb$6e349540$0900000a@biurok1> Message-ID: <3B712005.E0776042@home.com> yes, I have that running now. Jerry Vonau Wojciech Milc wrote: > > Tell me if I am wrong thinking that I can solve > a problem estabilishing VPN tunnels to multiple Win98 hosts behind a > masquerade (problem is that because of masquerade you are able > to set up a VPN to olny one host at a time) by setting up > a tunnel between masquerade machine <=> main pptp server? > > Then with this link estabilished it woul be possible to set up VPN > tunnels between masq machine and multiple clients in that particular > network, which would work exactly as VPN tunnels between these hosts > and main pptp server. > > Am I right? > > Milc > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From patrickl at steltor.com Wed Aug 8 02:27:43 2001 From: patrickl at steltor.com (Patrick LIN) Date: Wed, 08 Aug 2001 03:27:43 -0400 Subject: [pptp-server] PPTPD on Mandrake 8.0 kernel 2.4.7 / ppp-2.4.1 with mppe/strip domain Message-ID: <3B70E9EF.6090307@steltor.com> hi, i have installed pptpd few years (99 i think :) )ago and now the serveur where it is run Need to be replace ...... hmmm a lot of things change , and time is still my big problem :(( So i want to ask help , if i can say that like that :) Somebody can Give a step by step with all the patches and where i can find them for the following setup. (i can put it on the Web after for info) Base on Mandrake 8.0 - kernel 2.4.7 - ppp 2.4.1 - MPPE - Strip domain / fix compressed stuff - and all other interresting feature :) for config i think my config can still be used and it work for a least 2 years so :)) thanks in advance Please dont blame me.... :)) Best regards Patrick -- ____________ __________________________________( / ________| | / \ | This message is transmitted by | \ \ | 100 % recycled electrons |___________\ / |__________________________________( /__________) From jpetsche at eng.utoledo.edu Wed Aug 8 07:53:34 2001 From: jpetsche at eng.utoledo.edu (Joe Petsche) Date: Wed, 8 Aug 2001 08:53:34 -0400 Subject: [pptp-server] Fw: Error -- still no Encryption References: <200FAA488DE0D41194F10010B597610D172903@JUPITER> Message-ID: <00d201c12009$227e94c0$4f00a8c0@dundee.net> Sorry about that HTML formatted message > Argh these white screen text emails..!!! (white on white)..??? I've removed the second ipaddress from the localip and I get the error: Aug 6 20:41:40 tpc pppd[1204]: Received bad configure-ack: > Please get rid of the the second IP in your "localip" and "remoteip" > configs.. that'll cause problems. This doesn't bother me anymore. What bothers me is that I can't re-compile my kernel/ configure my modules properly to handle the correct ppp_ modules. I have compiled ppp_mppoe.o and other modules. They reside in /lib/modules/2.4.2/kernel/drivers/net However I don't think they are being used. My /lib/modules/2.4.2/modules.dep has some entries that look like the following: /lib/modules/2.4.2/kernel/drivers/net/ppp_generic.o: /lib/modules/2.4.2/kernel/drivers/net/ppp_mppe.o: /lib/modules/2.4.2/kernel/drivers/net/ppp_generic.o My guess is that when ppp_mppe.o is refrenced, ppp_generic.o is used. If this is the case then I don't know what I am doing wrong. I would like it to use the mppe.o file that I compiled. I've made sure /etc/modules.conf is correct in aliasing the proper compression numbers. I get this message in my log files: Aug 6 20:41:40 tpc insmod: Note: /etc/modules.conf is more recent than /lib/modules/2.4.2/modules.dep I am going for data encryption. I can't seem to get it going... -Joe > Here are my config files: > Again, I don't know exactly what the error message mean (see below). > > $ cat /etc/ppp/options ---------------->>>> > name tpc > lock > auth > proxyarp # For routing to other hosts on internal network > > +chap > +chapms > +chapms-v2 > #mppe-40 > mppe-128 > mppe-stateless > > #require-chap # +chap equivalent? > <<<<<<<<<<<<<<-------------------------- > > > $ cat /etc/pptpd.conf ---------------->>>> > #speed 115200 > #option /etc/ppp/options > #debug > > localip 192.168.0.4,205.244.26.240 > remoteip 192.168.0.234-240 > <<<<<<<<<<<<<<-------------------------- > > > ----- Original Message ----- > From: Joe Petsche > To: pptp-server at lists.schulte.org > Sent: Monday, August 06, 2001 11:46 AM > Subject: Error > > I am getting this error when my windows 98 and 2k box connects to the PoPtop > server (in message log). The error message comes across many times when the > Win2k box connects but only once when the 98 machine connects. Was wondering > if anyone knows why this is/how to send the correct configuration. > > > Aug 6 10:39:23 tpc pppd[6472]: CCP: timeout sending Config-Requests > Aug 6 10:39:25 tpc pppd[6472]: Received bad configure-ack: > > -Joe > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From berzerke at swbell.net Wed Aug 8 09:47:02 2001 From: berzerke at swbell.net (robert) Date: Wed, 08 Aug 2001 09:47:02 -0500 Subject: [pptp-server] Fw: Error -- still no Encryption In-Reply-To: <00d201c12009$227e94c0$4f00a8c0@dundee.net> References: <200FAA488DE0D41194F10010B597610D172903@JUPITER> <00d201c12009$227e94c0$4f00a8c0@dundee.net> Message-ID: <01080809470201.21927@linux> What does your modules.conf look like? On Wednesday 08 August 2001 07:53, Joe Petsche wrote: > Sorry about that HTML formatted message > > > Argh these white screen text emails..!!! (white on white)..??? > > I've removed the second ipaddress from the localip and I get the error: > > Aug 6 20:41:40 tpc pppd[1204]: Received bad configure-ack: > > Please get rid of the the second IP in your "localip" and "remoteip" > > configs.. that'll cause problems. > > This doesn't bother me anymore. > What bothers me is that I can't re-compile my kernel/ configure my modules > properly to handle the correct ppp_ modules. I have compiled ppp_mppoe.o > and other modules. They reside in /lib/modules/2.4.2/kernel/drivers/net > > However I don't think they are being used. My > /lib/modules/2.4.2/modules.dep has some entries that look like the > following: > > /lib/modules/2.4.2/kernel/drivers/net/ppp_generic.o: > /lib/modules/2.4.2/kernel/drivers/net/ppp_mppe.o: > /lib/modules/2.4.2/kernel/drivers/net/ppp_generic.o > > My guess is that when ppp_mppe.o is refrenced, ppp_generic.o is used. If > this is the case then I don't know what I am doing wrong. I would like it > to use the mppe.o file that I compiled. > I've made sure /etc/modules.conf is correct in aliasing the proper > compression numbers. I get this message in my log files: > > Aug 6 20:41:40 tpc insmod: Note: /etc/modules.conf is more recent than > /lib/modules/2.4.2/modules.dep > > I am going for data encryption. I can't seem to get it going... > > -Joe > > > Here are my config files: > > Again, I don't know exactly what the error message mean (see below). > > > > $ cat /etc/ppp/options ---------------->>>> > > name tpc > > lock > > auth > > proxyarp # For routing to other hosts on internal network > > > > +chap > > +chapms > > +chapms-v2 > > #mppe-40 > > mppe-128 > > mppe-stateless > > > > #require-chap # +chap equivalent? > > <<<<<<<<<<<<<<-------------------------- > > > > > > $ cat /etc/pptpd.conf ---------------->>>> > > #speed 115200 > > #option /etc/ppp/options > > #debug > > > > localip 192.168.0.4,205.244.26.240 > > remoteip 192.168.0.234-240 > > <<<<<<<<<<<<<<-------------------------- > > > > > > ----- Original Message ----- > > From: Joe Petsche > > To: pptp-server at lists.schulte.org > > Sent: Monday, August 06, 2001 11:46 AM > > Subject: Error > > > > I am getting this error when my windows 98 and 2k box connects to the > > PoPtop > > > server (in message log). The error message comes across many times when > > the > > > Win2k box connects but only once when the 98 machine connects. Was > > wondering > > > if anyone knows why this is/how to send the correct configuration. > > > > > > Aug 6 10:39:23 tpc pppd[6472]: CCP: timeout sending Config-Requests > > Aug 6 10:39:25 tpc pppd[6472]: Received bad configure-ack: > > > > -Joe > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From shughes at arn.net Wed Aug 8 11:48:53 2001 From: shughes at arn.net (Shawn Hughes) Date: Wed, 8 Aug 2001 09:48:53 -0700 Subject: [pptp-server] pptp-server on Redhat 7.1 Message-ID: <002d01c1202a$0500fa70$0204a8c0@shawn> I am needing instructions on how to install pptp on a Linux Redhat 7.1 server. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From gwu at acm.org Wed Aug 8 12:30:40 2001 From: gwu at acm.org (gwu at acm.org) Date: Wed, 8 Aug 2001 10:30:40 -0700 (PDT) Subject: [pptp-server] Connect from behind firewall ? Message-ID: I would like to connect from a Windows 2000 client behind a NAT firewall to a public Linux PPTP server. Is this doable without reconfiguring the firewall ? I've followed the setup instructions but I am not able to connect. I always get a '628' error on the Windows 2000 client. Any help would be appreciated. George -- From bruceg at garlockprinting.com Wed Aug 8 15:39:26 2001 From: bruceg at garlockprinting.com (Bruce S. Garlock) Date: Wed, 08 Aug 2001 13:39:26 -0700 Subject: [pptp-server] Connect from behind firewall ? References: Message-ID: <3B71A37D.1B9024F9@garlockprinting.com> gwu at acm.org wrote: > I would like to connect from a Windows 2000 client behind a NAT > firewall to a public Linux PPTP server. Is this doable without > reconfiguring the firewall ? I've followed the setup instructions but > I am not able to connect. I always get a '628' error on the Windows > 2000 client. > > Any help would be appreciated. > > George > > -- I think this may have to do with your firewall machine being able to properly handle pptp requests. What kind of firewall is it? Are you doing NAT behind it? I have a RH 6.2 firewall (doing NAT), and using their latest 2.2.19 kernel, which includes the patch for IP VPN masq. support. Once I loaded the ip_masq_pptp module, I was able to connect from a Win95/98 machine behind the firewall to a pptpd server. Also check the HOWTO for properly enabling the firewall to open up port 1723, and also allow packet 47 traffic. HTH... Bruce From santos at workout.com.ar Wed Aug 8 13:32:53 2001 From: santos at workout.com.ar (Santos Jorge Ariel) Date: Wed, 8 Aug 2001 15:32:53 -0300 Subject: [pptp-server] Help!! Message-ID: <00f801c12038$89339100$0240a8c0@workout.com.ar> Hello, My name is Ariel Santos I'm a net administrator in a sudamerican company. I try to make a proxy vpn so i can send through this machine so many clients as i want. Each one of those clients makes a vpn conection against the pptp server. (Look at the figure below) Linux PPTP 192.168.64.xxx --------------- > Masq and ---------> Internet --------------> PPTP Server Client 192.168.64.xxx Firewall I followed this How-to, I installed my firewall with the 2.2.17-14 kernel, all modules are running ok (modprobe ip_masq_pptp) I can make the connection with multiples clients but only one can transfer packages. When the first client (the one who could send packages) finish the connection all other users lost their connections I was wondering if there is something else that i can do, because i tried with a lot of patchs, kernel and i can't solve this problem Sorry about my english and i hope your answer as soon as posible Thanks Ariel Santos PD: I also tried with ip_masq_vpn.patch.gz Problem: I've a problem with GRE (47) protocol; error: Discard order of packets[GRE] when the second conection begins. The VPN server (ip: 200.59.152.XXX) can?t get a los of diferent in coming conections from clients who come througth a proxy (ip: 200.58.51.XXX) VPN CLIENT 1 VPN CLIENT 2 -----------< PROXY >----------------< VPN SERVER > VPN -----------<(200.58.51.XXX)>----------------<(200.59.152.XXX) > CLIENT 3 -----------< PUBLIC >----------------< PUBLIC > VPN CLIENT 4 What patch should i try ? (for vpn server's kernel) PD I try with pptpd-1.0.0 and pptpd-1.1.2 and make the patch ip_masq_vpn_2.2.X.patch.gz thanks for your time A su Disposici?n. Jorge Ariel Santos Operaciones Belgrano 430 3? D C1092AAR Buenos Aires Argentina Tel/Fax 011-4878-4444 int 55 Mail santos at workout.com.ar -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: logoB.jpg Type: image/jpeg Size: 3324 bytes Desc: not available URL: From santos at workout.com.ar Wed Aug 8 13:50:08 2001 From: santos at workout.com.ar (Santos Jorge Ariel) Date: Wed, 8 Aug 2001 15:50:08 -0300 Subject: [pptp-server] help Message-ID: <012f01c1203a$f2052520$0240a8c0@workout.com.ar> En blancoHello, My name is Ariel Santos I'm a net administrator in a sudamerican company. I try to make a proxy vpn so i can send through this machine so many clients as i want. Each one of those clients makes a vpn conection against the pptp server. (Look at the figure below) Linux PPTP 192.168.64.xxx --------------- > Masq and ---------> Internet --------------> PPTP Server Client 192.168.64.xxx Firewall I followed this How-to, I installed my firewall with the 2.2.17-14 kernel, all modules are running ok (modprobe ip_masq_pptp) I can make the connection with multiples clients but only one can transfer packages. When the first client (the one who could send packages) finish the connection all other users lost their connections I was wondering if there is something else that i can do, because i tried with a lot of patchs, kernel and i can't solve this problem Problem: I've a problem with GRE (47) protocol; error: Discard order of packets[GRE] when the second conection begins. The VPN server (ip: 200.59.152.XXX) can?t get a los of diferent in coming conections from clients who come througth a proxy (ip: 200.58.51.XXX) VPN CLIENT 1 VPN CLIENT 2 -----------< PROXY >----------------< VPN SERVER > VPN -----------<(200.58.51.XXX)>----------------<(200.59.152.XXX) > CLIENT 3 -----------< PUBLIC >----------------< PUBLIC > VPN CLIENT 4 What patch should i try ? (for vpn server's kernel) PD2: I try with pptpd-1.0.0 and pptpd-1.1.2 and make the patch ip_masq_vpn_2.2.X.patch.gz PD2: I also tried with ip_masq_vpn.patch.gz Sorry about my english and i hope your answer as soon as posible thanks for your time. Thanks Ariel Santos -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Fondo de En blanco.gif Type: image/gif Size: 145 bytes Desc: not available URL: From santos at workout.com.ar Wed Aug 8 13:58:27 2001 From: santos at workout.com.ar (Santos Jorge Ariel) Date: Wed, 8 Aug 2001 15:58:27 -0300 Subject: [pptp-server] help! Message-ID: <015d01c1203c$1bded700$0240a8c0@workout.com.ar> Hello, My name is Ariel Santos I'm a net administrator in a sudamerican company. I try to make a proxy vpn so i can send through this machine so many clients as i want. Each one of those clients makes a vpn conection against the pptp server. (Look at the figure below) Linux PPTP 192.168.64.xxx --------------- > Masq and ---------> Internet --------------> PPTP Server Client 192.168.64.xxx Firewall I followed this How-to, I installed my firewall with the 2.2.17-14 kernel, all modules are running ok (modprobe ip_masq_pptp) I can make the connection with multiples clients but only one can transfer packages. When the first client (the one who could send packages) finish the connection all other users lost their connections I was wondering if there is something else that i can do, because i tried with a lot of patchs, kernel and i can't solve this problem Problem: I've a problem with GRE (47) protocol; error: Discard order of packets[GRE] when the second conection begins. The VPN server (ip: 200.59.152.XXX) can?t get a los of diferent in coming conections from clients who come througth a proxy (ip: 200.58.51.XXX) VPN CLIENT 1 VPN CLIENT 2 -----------< PROXY >----------------< VPN SERVER > VPN -----------<(200.58.51.XXX)>----------------<(200.59.152.XXX) > CLIENT 3 -----------< PUBLIC >----------------< PUBLIC > VPN CLIENT 4 What patch should i try ? (for vpn server's kernel) PD2: I try with pptpd-1.0.0 and pptpd-1.1.2 and make the patch ip_masq_vpn_2.2.X.patch.gz PD2: I also tried with ip_masq_vpn.patch.gz Sorry about my english and i hope your answer as soon as posible thanks for your time. Thanks Ariel Santos -------------- next part -------------- An HTML attachment was scrubbed... URL: From shughes at arn.net Wed Aug 8 17:15:27 2001 From: shughes at arn.net (Shawn Hughes) Date: Wed, 8 Aug 2001 15:15:27 -0700 Subject: [pptp-server] Help Message-ID: <041501c12057$a45bd590$0204a8c0@shawn> I am use RH 7.1 and I'm trying to [gunzip ppp-2.3.10-openssl-norc4-mppe.patch.gz]. I'm getting an error that the file is not a gzip format. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tcanich at geosc.psu.edu Wed Aug 8 16:20:55 2001 From: tcanich at geosc.psu.edu (Tom Canich) Date: Wed, 8 Aug 2001 16:20:55 -0500 (EST) Subject: [pptp-server] Help In-Reply-To: <041501c12057$a45bd590$0204a8c0@shawn> Message-ID: On Wed, 8 Aug 2001, Shawn Hughes wrote: > I am use RH 7.1 and I'm trying to [gunzip ppp-2.3.10-openssl-norc4-mppe.patch.gz]. I'm getting an error that the file is not a gzip format. > Some browsers will automagically extract files (mozilla does this). Just rename the file to something without the .gz extension, or ignore the extensions, and proceed with adding the patch. tom From rparedes at ludwig.riafinancial.com Wed Aug 8 15:20:57 2001 From: rparedes at ludwig.riafinancial.com (rparedes at ludwig.riafinancial.com) Date: Wed, 8 Aug 2001 16:20:57 -0400 (EDT) Subject: [pptp-server] Help In-Reply-To: <041501c12057$a45bd590$0204a8c0@shawn> Message-ID: Shawn, it's probably not in gzip format and just in tar format. So run tar xf. You actually don't need to unzip or untar it. You can run the patch directly without uncompressing. On Wed, 8 Aug 2001, Shawn Hughes wrote: > I am use RH 7.1 and I'm trying to [gunzip ppp-2.3.10-openssl-norc4-mppe.patch.gz]. I'm getting an error that the file is not a gzip format. > From JaminC at adapt-tele.com Wed Aug 8 16:32:38 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Wed, 8 Aug 2001 16:32:38 -0500 Subject: [pptp-server] Help Message-ID: rparedes at ludwig.riafinancial.com wrote: > Shawn, it's probably not in gzip format and just in tar > format. So run tar xf. > > I am use RH 7.1 and I'm trying to [gunzip > > ppp-2.3.10-openssl-norc4-mppe.patch.gz]. I'm getting > > an error that the file is not a gzip format. As the file is a patch, it is most likely not a tar archive. Thus, tar will be of little use. The more likely cause of the problem is that the browser that downloaded it uncompressed it (gunzip) and didn't change it's filename. Jamin W. Collins From shughes at arn.net Wed Aug 8 18:45:15 2001 From: shughes at arn.net (Shawn Hughes) Date: Wed, 8 Aug 2001 16:45:15 -0700 Subject: [pptp-server] assigned IP Message-ID: <043801c12064$75df4730$0204a8c0@shawn> Can anyone tell me why after getting connected thought VPN, is it assinging 192.168.1.1? I need the address to be 192.168.4.# -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Wed Aug 8 16:52:28 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 8 Aug 2001 17:52:28 -0400 (EDT) Subject: [pptp-server] assigned IP In-Reply-To: <043801c12064$75df4730$0204a8c0@shawn> Message-ID: On Wed, 8 Aug 2001, Shawn Hughes wrote: > Can anyone tell me why after getting connected thought VPN, is it > assinging 192.168.1.1? I need the address to be 192.168.4.# Only you can tell that. Only you have the configuration files and log files on your server. -- Charlie Brady charlieb at e-smith.com http://www.e-smith.org (development) http://www.e-smith.com (corporate) Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada From berzerke at swbell.net Wed Aug 8 18:42:17 2001 From: berzerke at swbell.net (robert) Date: Wed, 08 Aug 2001 18:42:17 -0500 Subject: [pptp-server] pptp-server on Redhat 7.1 In-Reply-To: <002d01c1202a$0500fa70$0204a8c0@shawn> References: <002d01c1202a$0500fa70$0204a8c0@shawn> Message-ID: <01080818421701.23688@linux> Although not specific to redhat, a general 2.4 kernel howto is at http://home.swbell.net/berzerke On Wednesday 08 August 2001 11:48, Shawn Hughes wrote: > I am needing instructions on how to install pptp on a Linux Redhat 7.1 > server. Thanks From GeorgeV at citadelcomputer.com.au Wed Aug 8 20:19:03 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 9 Aug 2001 11:19:03 +1000 Subject: [pptp-server] =?iso-8859-1?Q?RE=3A_=5Bpptp-server=5D_Re=3A_=5Bpptp-server=5D?= =?iso-8859-1?Q?_Can_connect_but_can=B4t_mount_shares?= Message-ID: <200FAA488DE0D41194F10010B597610D172925@JUPITER> This is an example of what your looking for: # Server PPTP settings /etc/pptpd.conf localip=10.0.0.1 remoteip=10.0.0.2 # PPTP Server ip-up.local script if [ "$6" = "homelan" ]; then route add -net 192.168.1.0/24 gw 10.10.0.2 fi # PPTP Client ip-up.local script if [ "$6" = "homelan" ]; then route add -net 192.168.0.0/24 gw 10.10.0.1 fi LAN1 Network =192.168.0.x/24 | PPTPDLocal =192.168.0.254/32 PPTPDInternet=10.0.0.1/24 | | PPTPCInternet=10.0.0.2/24 PPTPCLocal =192.168.1.x/24 | LAN2 Network =192.168.1.x/24 I think is what your looking for right? thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: roberto at dealmeida.net [mailto:roberto at dealmeida.net] Sent: Thursday, August 09, 2001 12:04 AM To: George Vieira Subject: Re: [pptp-server] Re: [pptp-server] Can connect but can?t mount shares George Vieira escreveu (Wed, Aug 08, 2001 at 08:15:59AM +1000): > The only way this will work is to add a static/permanent route for EACH host > to your PC/firewall (waste really).. > > Or just use a 192.168.1.x network and `route add -net 192.168.0.0/24 gw $5` > in your ip-up.local (I think it's $5). 192.168.1.x should be the network where I?m running pptpd, right? Thanks, Roberto -- ____ / o/ Roberto A. F. Almeida < /| robertoaf at dealmeida.net | /\| |/ /_\ From GeorgeV at citadelcomputer.com.au Wed Aug 8 20:38:06 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 9 Aug 2001 11:38:06 +1000 Subject: [pptp-server] VPN and squid Message-ID: <200FAA488DE0D41194F10010B597610D172928@JUPITER> What's your ipchains rules. Are you redirecting the VPN IPs or the Real IPs? This is most likely more a ipchains problem than a pptp problem. Can you send me/us your transparent ipchains rules.. and your IP settings if that's OK.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Yoss [mailto:bartek at host9.milc.com.pl] Sent: Wednesday, August 08, 2001 8:30 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] VPN and squid Hi. I made a small VPN network. Everything works fine, almost. I have transparent proxy on squid. It's acls limits access to my customers (exactly: to my IPs). But all of my VPN customers have "Access denied" - and in the squid's log I can see their REAL ip (not, the remoteip from pptp.conf). What is going on? Why squid can see their real ip? Many of my customers have dynamic ip, so I can't add them to acls. I don't want to make open proxy. What can I do? Thank you in advance -- Bart?omiej Butyn aka Yoss Nie ma tego z?ego co by na gorsze nie wysz?o. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From cturner at netcabtec.com Wed Aug 8 20:48:45 2001 From: cturner at netcabtec.com (Chris Turner) Date: Wed, 8 Aug 2001 20:48:45 -0500 Subject: [pptp-server] MPPE Encryption not working with 2.4.2-2 Kernel and ppp-2.4.1 Message-ID: Greetings all. I am coming to my wits end and would appreciate any assistance any of you may be able to provide. I have a RedHat 7.1 system, running the 2.4.2-2 kernel and ppp 2.4.1. After two frustrating weeks, I have been unsuccessful in getting MPPE to work properly. The ppp_mppe.o module is compiling, and when I connect the log shows: amadeus pptpd[1474]: CTRL: Client 172.16.0.61 control connection started amadeus pptpd[1474]: CTRL: Starting call (launching pppd, opening GRE) amadeus pppd[1475]: pppd 2.4.1 started by root, uid 0 amadeus pppd[1475]: Using interface ppp0 amadeus pppd[1475]: Connect: ppp0 <--> /dev/pts/1 amadeus pptpd[1474]: GRE: Discarding duplicate packet amadeus pptpd[1474]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! amadeus pppd[1475]: MSCHAP-v2 peer authentication succeeded for test amadeus pppd[1475]: found interface eth0 for proxy arp amadeus pppd[1475]: local IP address 192.168.1.2 amadeus pppd[1475]: remote IP address 192.168.1.11 amadeus pppd[1475]: MPPE 128 bit, non-stateless compression enabled The client also shows 128 bit encryption enabled and functioning. I am however, unable to reach any of the machines inside the network. I cannot even ping the server address of 192.168.1.2. Running tcpdump on the ppp0 interface shows both the icmp echo request and reply, and a sniffer on the client machine shows traffic both ways (can't see it because its encrypted). Nevertheless, the client cannot ping the server, and the server cannot ping the client. Where this gets interesting is if I disable encryption, everything works fine. Client can see server and machines behind it, Server can see client, and all is well. I will attempt now to as briefly as possible cover the steps I used to compile encryption support in.... Applied the following patches to ppp-2.4.1: ppp-2.4.1-MSCHAPv2-fix.patch.gz ppp-2.4.1-openssl-0.9.6-mppe-patch.gz Both applied with no errors. Performed configure, make, and make install for ppp-2.4.1. No errors. Applied the linux-2.4.4-openssl-0.9.6a-mppe.patch.gz patch to the kernel and recompiled with loadable module support and PPP as module-loadable. I have also tried the linux-2.4.0-openssl-0.9.6-mppe.patch.gz patch with a clean source tree with the same results. All the appropriate modules seem to be loading correctly: Module Size Used by ppp_deflate 41664 0 (autoclean) ppp_mppe 23856 2 (autoclean) bsd_comp 4416 0 (autoclean) ppp_async 6640 1 (autoclean) ppp_generic 14240 4 (autoclean) [ppp_deflate ppp_mppe bsd_comp ppp_async] slhc 5216 0 [ppp_generic] At this point I am at a total loss, if anyone has any suggestions please let me know. Best regards, Chris From GeorgeV at citadelcomputer.com.au Wed Aug 8 20:46:04 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 9 Aug 2001 11:46:04 +1000 Subject: [pptp-server] MPPE Encryption not working with 2.4.2-2 Kernel and ppp-2.4.1 Message-ID: <200FAA488DE0D41194F10010B597610D17292B@JUPITER> Can you tell if your ipchains rules are blocking pings? What's your ipchains rules for the link? Is there any service that you can use to test like SSHD or something? thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Chris Turner [mailto:cturner at netcabtec.com] Sent: Thursday, August 09, 2001 11:49 AM To: 'pptp-server at lists.schulte.org ' Subject: [pptp-server] MPPE Encryption not working with 2.4.2-2 Kernel and ppp-2.4.1 Greetings all. I am coming to my wits end and would appreciate any assistance any of you may be able to provide. I have a RedHat 7.1 system, running the 2.4.2-2 kernel and ppp 2.4.1. After two frustrating weeks, I have been unsuccessful in getting MPPE to work properly. The ppp_mppe.o module is compiling, and when I connect the log shows: amadeus pptpd[1474]: CTRL: Client 172.16.0.61 control connection started amadeus pptpd[1474]: CTRL: Starting call (launching pppd, opening GRE) amadeus pppd[1475]: pppd 2.4.1 started by root, uid 0 amadeus pppd[1475]: Using interface ppp0 amadeus pppd[1475]: Connect: ppp0 <--> /dev/pts/1 amadeus pptpd[1474]: GRE: Discarding duplicate packet amadeus pptpd[1474]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! amadeus pppd[1475]: MSCHAP-v2 peer authentication succeeded for test amadeus pppd[1475]: found interface eth0 for proxy arp amadeus pppd[1475]: local IP address 192.168.1.2 amadeus pppd[1475]: remote IP address 192.168.1.11 amadeus pppd[1475]: MPPE 128 bit, non-stateless compression enabled The client also shows 128 bit encryption enabled and functioning. I am however, unable to reach any of the machines inside the network. I cannot even ping the server address of 192.168.1.2. Running tcpdump on the ppp0 interface shows both the icmp echo request and reply, and a sniffer on the client machine shows traffic both ways (can't see it because its encrypted). Nevertheless, the client cannot ping the server, and the server cannot ping the client. Where this gets interesting is if I disable encryption, everything works fine. Client can see server and machines behind it, Server can see client, and all is well. I will attempt now to as briefly as possible cover the steps I used to compile encryption support in.... Applied the following patches to ppp-2.4.1: ppp-2.4.1-MSCHAPv2-fix.patch.gz ppp-2.4.1-openssl-0.9.6-mppe-patch.gz Both applied with no errors. Performed configure, make, and make install for ppp-2.4.1. No errors. Applied the linux-2.4.4-openssl-0.9.6a-mppe.patch.gz patch to the kernel and recompiled with loadable module support and PPP as module-loadable. I have also tried the linux-2.4.0-openssl-0.9.6-mppe.patch.gz patch with a clean source tree with the same results. All the appropriate modules seem to be loading correctly: Module Size Used by ppp_deflate 41664 0 (autoclean) ppp_mppe 23856 2 (autoclean) bsd_comp 4416 0 (autoclean) ppp_async 6640 1 (autoclean) ppp_generic 14240 4 (autoclean) [ppp_deflate ppp_mppe bsd_comp ppp_async] slhc 5216 0 [ppp_generic] At this point I am at a total loss, if anyone has any suggestions please let me know. Best regards, Chris _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From jvonau at home.com Wed Aug 8 22:07:51 2001 From: jvonau at home.com (Jerry Vonau) Date: Wed, 08 Aug 2001 22:07:51 -0500 Subject: [pptp-server] clear this up for me. References: <001101c11feb$6e349540$0900000a@biurok1> <3B712005.E0776042@home.com> <20010808165604.A6653@cafe.milc.com.pl> Message-ID: <3B71FE87.D45F8E40@home.com> Yoss: I take it Squid is on the pptp server? If so I think squid is responding to the client and not the client's tunnel. What address are you using for the tunnel? private or public? (exactly: to my IPs)? What do you have in your if-up.local/firewall files? I think you may have to masq the traffic to/from the tunnel to get the server to respond to the local ip. Maybe the eazy solution to use "use default gateway on remote" on the client to force all the client's traffic up the tunnel. That should make to look like the traffic is coming from the remote ip. Will that work in your situation? Have you tried that? From jvonau at home.com Wed Aug 8 22:08:07 2001 From: jvonau at home.com (Jerry Vonau) Date: Wed, 08 Aug 2001 22:08:07 -0500 Subject: [pptp-server] clear this up for me. References: <001101c11feb$6e349540$0900000a@biurok1> <3B712005.E0776042@home.com> <20010808165604.A6653@cafe.milc.com.pl> Message-ID: <3B71FE97.5916DADB@home.com> Yoss: I take it Squid is on the pptp server? If so I think squid is responding to the client and not the client's tunnel. What address are you using for the tunnel? private or public? (exactly: to my IPs)? What do you have in your if-up.local/firewall files? I think you may have to masq the traffic to/from the tunnel to get the server to respond to the local ip. Maybe the eazy solution to use "use default gateway on remote" on the client to force all the client's traffic up the tunnel. That should make to look like the traffic is coming from the remote ip. Will that work in your situation? Have you tried that? Jerry Vonau From taro at nub.co.uk Thu Aug 9 06:04:58 2001 From: taro at nub.co.uk (Tom Owen) Date: Thu, 9 Aug 2001 12:04:58 +0100 Subject: [pptp-server] Multiple masqueraded clients Message-ID: <3B727C6A.8774.5B89B7@localhost> Can poptop support multiple connections from a single IP? I know it's OK most of the timew but I have a problem when connections close. I have a known good poptop server that has supported up to three simultaneous remote users from different sites. One of my sites dial up through a masquerading router (Eicon 1830) and a single user UUNET account. There are several W98 PCs on the LAN behind that router. All is well when a single PC uses its VPN connection. It is also fine for a second user. But when either user closes the connection, both connections drop. I haven't tried connecting to any alternative PPTP implementation. It's possible that theres a problem with the router re-writing addresses on GRE frames. But it seems to me that the likely explanation is that poptop 1.1.2 can't support multiple connections from one IP address. Is this true, and can anything be done about it? ------------------------------------------------------------- NUB Support Ltd -- Helpdesk: helpdesk at nub.co.uk 020 7553 9029 Voice: 020 7553 9020 Fax: 020 7553 9021 http://www.nub.co.uk 17 Dufferin Street, London, EC1Y 8PE "It's like having your own IT department!" From JaminC at adapt-tele.com Thu Aug 9 06:42:07 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Thu, 9 Aug 2001 06:42:07 -0500 Subject: [pptp-server] Multiple masqueraded clients Message-ID: Tom Owen [mailto:taro at nub.co.uk] wrote: > Can poptop support multiple connections from a single IP? Nope. > One of my sites dial up through a masquerading router > (Eicon 1830) and a single user UUNET account. There are > several W98 PCs on the LAN behind that router. > > All is well when a single PC uses its VPN connection. It is > also fine for a second user. But when either user closes > the connection, both connections drop. You shouldn't even be able to make the second connection at all. > But it seems > to me that the likely explanation is that poptop 1.1.2 > can't support multiple connections from one IP address. Is > this true, and can anything be done about it? There has been some discussion about this. The PoPToP currently follows the RFC which doesn't allow for multiple connections from one IP. Some people want to violate the RFC for the sake of functionality. However I don't know of anyone actually working on something of this nature. Jamin W. Collins From pstarzew at gbp.com Thu Aug 9 08:32:37 2001 From: pstarzew at gbp.com (Pete Starzewski) Date: Thu, 09 Aug 2001 08:32:37 -0500 Subject: [pptp-server] Multiple masqueraded clients In-Reply-To: Message-ID: <4.3.2.7.1.20010809075025.00b35610@mail06.gbp.com> >> All is well when a single PC uses its VPN connection. It is >>also fine for a second user. But when either user closes >> the connection, both connections drop. >You shouldn't even be able to make the second connection at all. Yes and no.... There is an initial tcp connect (I am assuming for the login, initial connect and tunnel negotiation) and then the primary connection for the tunnel itself is done with GRE which is more or less a "raw" connection. Theoretically, under a specific set of conditions, you could negotiate multiple connections over the TCP channel and even negotiate multiple tunnels. Just don't try to actually use them. >There has been some discussion about this. The PoPToP currently >follows the >RFC which doesn't allow for multiple connections from one IP. Some >people >want to violate the RFC for the sake of functionality. However I don't know >of anyone actually working on something of this nature. The RFC for pptp really doesn't have anything to do with it. The problem stems from the use of GRE for the tunnel. If you eliminate GRE from pptp, then you really have a brand new protocol. Rather than re-inventing the wheel, might I suggest IP-SEC? From dolivier at stuartallan.com Thu Aug 9 13:36:50 2001 From: dolivier at stuartallan.com (Douglas Olivier) Date: Thu, 9 Aug 2001 11:36:50 -0700 Subject: [pptp-server] Pptp thru Checkpoint firewall Message-ID: <006e01c12102$410e6c40$4d01a8c0@stuartallan.com> I have a client trying to connect to our working pptp server that uses a checkpoint firewall. Their tech claim to have opened up port 1723 fully, however when they try to connect I only see the start of the connection then they die off. I suspect \ they have not allowed protocol 47 to pass through the firewall. Does anyone have any experience with this product so I can enlighten the tech's ? **************************************************************************** ************* Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of my firm shall be understood as neither given nor endorsed by it. **************************************************************************** *** From ashleyg at uswo.net Thu Aug 9 14:55:46 2001 From: ashleyg at uswo.net (Ashley Gates) Date: Thu, 9 Aug 2001 15:55:46 -0400 Subject: [pptp-server] PPTP in NetBSD 1.5 Message-ID: <001b01c1210d$47e70b20$020aa8c0@uswo.net> I'm having problems with getting documentation that doesn't cause confusion when referring to ppp and pppd!! I followed the setup for a FreeBSD install of this and found the same problems on a FreeBSD Box -- var/log/messages shows this everytime I connect to the box via a laptop using Windows 2000 Pro with a default VPN settings: Jan 1 01:03:04 wiib-ii pptpd[269]: CTRL: Client 207.153.115.232 control connection started Jan 1 01:03:04 wiib-ii pptpd[269]: CTRL: Starting call (launching pppd, opening GRE) Jan 1 01:03:05 wiib-ii pppd[270]: unknown host: laptop1 Jan 1 01:03:05 wiib-ii pptpd[269]: GRE: read(fd=5,buffer=804daa0,len=8196)from PTY failed: status = 0 error = No error Jan 1 01:03:05 wiib-ii pptpd[269]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Jan 1 01:03:05 wiib-ii pptpd[269]: CTRL: Client 207.153.115.232 control connection finished my /etc/ppp/ppp.conf looks like this: laptop1: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login # Server (local) IP address, Range for Clients, and Netmask set ifaddr 192.168.10.1 192.168.10.250-192.168.10.254 255.255.255.0 set server /tmp/loop "" 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load laptop1 enable chap disable pap enable proxy accept dns set dns 192.168.10.1 set device !/etc/ppp/secure I have the ppp-mppe package installed from netbsd's site... What is going on? If I run pppd without options it literally hard locks my machine.. Ashley Gates Wireless Network Engineer US Wireless Online http://www.uswirelessonline.com Office: 404.815.8110 Fax: 404.815.1316 From neale at lowendale.com.au Thu Aug 9 17:47:41 2001 From: neale at lowendale.com.au (Neale Banks) Date: Fri, 10 Aug 2001 08:47:41 +1000 (EST) Subject: [pptp-server] Pptp thru Checkpoint firewall In-Reply-To: <006e01c12102$410e6c40$4d01a8c0@stuartallan.com> Message-ID: On Thu, 9 Aug 2001, Douglas Olivier wrote: > I have a client trying to connect to our working pptp server that uses a > checkpoint firewall. Their tech claim to have opened up port 1723 fully, > however when they try to connect I only see the start of the connection then > they die off. I suspect \ they have not allowed protocol 47 to pass through > the firewall. > Does anyone have any experience with this product so I can enlighten the > tech's ? Yep, strictly from the School of Hard Knocks. No warranties, YMMV, etc... They need to allow outbound TCP sessions to port 1723 - it sounds like this has been done. They then need to allow not only outbound protocol 47 but also inbound protocol 47 (with whatever IP address constrainst are applicable and/or wise). This worked for me on a not-so-recent FW1, amongst other things obviously YMMV with a more recent Checkpoint product. HTH (and once again, no warranties, use the above info at own risk, etc), Neale. From taro at nub.co.uk Fri Aug 10 04:00:18 2001 From: taro at nub.co.uk (Tom Owen) Date: Fri, 10 Aug 2001 10:00:18 +0100 Subject: [pptp-server] Multiple masqueraded clients In-Reply-To: <4.3.2.7.1.20010809075025.00b35610@mail06.gbp.com> References: Message-ID: <3B73B0B2.28344.8CFE9A@localhost> Thanks to Pete Starzewski and Jamin Collins. As I understand the replies, the absence of any subaddressing in GRE means that poptop and any other pptp server can't tell the difference between the two clients behind the masquerading router. So that would explain the frenzies of packet-out-of-order messages. Amazing it worked at all. Live and learn. > >> All is well when a single PC uses its VPN connection. It is > >>also fine for a second user. But when either user closes > >> the connection, both connections drop. > > >You shouldn't even be able to make the second connection at all. > > > Yes and no.... There is an initial tcp connect (I am assuming for the > login, initial connect and tunnel negotiation) and then the primary > connection for the tunnel itself is done with GRE which is more or less a > "raw" connection. Theoretically, under a specific set of conditions, you > could negotiate multiple connections over the TCP channel and even > negotiate multiple tunnels. Just don't try to actually use them. > > >There has been some discussion about this. The PoPToP currently >follows the > >RFC which doesn't allow for multiple connections from one IP. Some >people > >want to violate the RFC for the sake of functionality. However I don't know > >of anyone actually working on something of this nature. > > The RFC for pptp really doesn't have anything to do with it. The problem > stems from the use of GRE for the tunnel. If you eliminate GRE from pptp, > then you really have a brand new protocol. Rather than re-inventing the > wheel, might I suggest IP-SEC? > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > ------------------------------------------------------------- NUB Support Ltd -- Helpdesk: helpdesk at nub.co.uk 020 7553 9029 Voice: 020 7553 9020 Fax: 020 7553 9021 http://www.nub.co.uk 17 Dufferin Street, London, EC1Y 8PE "It's like having your own IT department!" From bcollins at newnanutilities.org Fri Aug 10 09:17:46 2001 From: bcollins at newnanutilities.org (Brian Collins) Date: Fri, 10 Aug 2001 10:17:46 -0400 Subject: [pptp-server] pptp on 2.2.19 with freeswan Message-ID: <4.3.2.7.2.20010810101744.00b91e40@192.168.1.4> We have a customer who has requested we forward ipsec thru vpn for their pptp needs. I have a machine running 2.2.17 kernel now with pptp. I have read the freeswan and pptp can co-exist. But I have some questions: Has anyone else done this with success? Freeswan wants me to use kernel 2.2.19; when I try to install the mppe patches into the 2.2.19 kernel, I don't get the option for pptp masq support. Any ideas as to what I'm doing wrong? I noticed George Vieira got 2.2.19 and pptp working. Can you forward me detailed instructions? Am I even on the right track? Thanks, Brian Collins From len at ghy.com Fri Aug 10 09:26:43 2001 From: len at ghy.com (Leonard L. Goldenstein) Date: Fri, 10 Aug 2001 09:26:43 -0500 Subject: [pptp-server] pptp on 2.2.19 with freeswan In-Reply-To: <4.3.2.7.2.20010810101744.00b91e40@192.168.1.4> Message-ID: Hi, I run poptop 1.1.2 and freeswan 1.91 under 2.2.19 together with no problems. Actually saying they run "together" is a bad description since both systems run quite independently of eachother. PPTP Masq support is only available after installing John Hardin's IP Masq PPTP patch from http://www.impsec.org/linux/masquerade/ip_masq_vpn.html. FreeSWAN is a very straight forward and automated install. The PoPToP stuff is more manual work applying patches. Good luck! ----------------------------------------------------- Leonard L. Goldenstein Information Services Consultant Geo. H. Young & Co. Ltd. 809 - 167 Lombard Ave. Winnipeg, MB R3B 3H8 Phone: (204) 947-6851 Fax: (204) 947-3306 len at ghy.com http://www.ghy.com > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Brian Collins > Sent: Friday, August 10, 2001 9:18 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp on 2.2.19 with freeswan > > > We have a customer who has requested we forward ipsec thru vpn for their > pptp needs. I have a machine running 2.2.17 kernel now with > pptp. I have > read the freeswan and pptp can co-exist. But I have some questions: > > Has anyone else done this with success? > Freeswan wants me to use kernel 2.2.19; when I try to install the mppe > patches into the 2.2.19 kernel, I don't get the option for pptp masq > support. Any ideas as to what I'm doing wrong? I noticed George Vieira > got 2.2.19 and pptp working. Can you forward me detailed instructions? > Am I even on the right track? > > Thanks, > Brian Collins > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From JaminC at adapt-tele.com Fri Aug 10 09:32:59 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Fri, 10 Aug 2001 09:32:59 -0500 Subject: [pptp-server] pptp on 2.2.19 with freeswan Message-ID: Brian Collins [mailto:bcollins at newnanutilities.org] wrote: > We have a customer who has requested we forward ipsec thru > vpn for their pptp needs. Not sure why you would want to do this. Why run an ipsec tunnel through a pptp tunnel? Why not just use an ipsec or pptp tunnel? > I have read the freeswan and pptp can co-exist. Yes they can co-exist. I'm using both on the three Linux gateways I maintain. > Freeswan wants me to use kernel 2.2.19; when I try to install > the mppe patches into the 2.2.19 kernel, I don't get the > option for pptp masq support. I believe this is because the 2.2.19 kernel contains native pptp masq support. I could be wrong on this. Curious though, why not use a 2.4.x kernel? The 2.4.x kernels I know provide native pptp masq support. Jamin W. Collins From plasticplastic at ameritech.net Sat Aug 11 14:52:02 2001 From: plasticplastic at ameritech.net (Plastic) Date: Sat, 11 Aug 2001 15:52:02 -0400 Subject: [pptp-server] It works pretty well, but still some sticky problems! Message-ID: <009701c1229f$1a2bb120$0202a8c0@shadowlamenet.sys> Hi. I've gotten everything working now, except 3-1/2 things: 1. The Win 98 VPN client can "dial in" and access the LAN, browse, access shares. The LAN machines can (finally) browse the incoming machine and access its shares. However, after the client has been connected for a certain amount of time, which varies from perhaps 15 minutes to 5 hours, the connection (at least the tunnel part) goes dead. Pppd, pptpd, and even the client's VPN adapter do not seem to be aware of this. (Sometimes the client figures it out a few hours later, tho.) Once this happens, no traffic goes through the tunnel, not even pinging. I did install the 1.1.2 version of pptpd, since I saw messages in the archives for this list to the effect that it might solve this issue, only it has not done so. The next diagnostic I'm going to try is to have the client connect with no MPPE and see if this happens, or completely fails to appear, over a full 24 hour period. 2. I downloaded the two patches on themm.net to strip off the \\WORKGROUP from login usernames and to require use of MPPE eryption, However I can find no instructions as to how to properly apply them, which may be why the patch utility gives a lot of errors when I try to do so. (I am curious as to why one incoming Win 98 machine always uses the \\WORKGROUP prefix on the login username and another never does, although they are both set up with the same workgroup name.) I'm using a ppp-2.3.11.tar.gz which somehow already has all the MPPE 40 and 128, and MSCHAP v1 and v2, stuff already enabled. It's even in the man pages! I'm using a linux 2.2.16 kernel source. I use a pkg called ppp-2.3.11-4_MPPE_MSCHAP2.i386.rpm which has a bunch of patches with an install script that automatically patches the kernel source And amazingly the kernel and modules all compile fine, with only one manual hack in a line with a call to the kill_fasynch function, that most of you are probably familiar with. 3. I saw other ppl were having a problem that I had, and still have, with pppd/ppp, which is that the ip-down script never gets called. Has anyone found a solution? Even putting an explicit "disconnect script" clause in my options.pptpd file will not force it to happen. I pulled my hair out for 2 days over the issue of making the incoming hosts visible on the LAN browse list and getting it to share it's own resources. Even a 2 hour call to Redmond did not help, even though I specifically asked if the thing that finally was the real problem could be the problem, which GREATLY delayed resolution,--they said it couldn't be. The solution turned out to be very simple. At least with Win 98 v.1, you must have NetBT enabled on not only the VPN adapter, but also on the ordinary DUN adapter, or else it refuses to make shares available on even the VPN one. This seems really illogical (thanks MS!) security-wise especially for anyone using a modem or "modem-like" situation to connect to the Net and then to the VPN server. It does not even matter if you are using DUN to connect to the Internet before "dialing up" with the VPN connectoid or not, because, even if you are accessing the Net through a gateway on the LAN over Ethernet, just having NetBT unbound from DUN adapter #1 will break things. I had followed the suggestions in the HowTos and FAQs for PoPToP and was able to offer a LAN browse list to the VPN client by pointing it at a Samba WINS service running on the LAN eth0 interface of the machine PoPToP is running on. Now, I've made the VPN client appear on the LAN browse list, too, by using the "remote browse sync = " option of Samba, setting it to "192.168.1.20/32" where 192.168.1.0 is the LAN subnet and 192.168.1.20 is the IP given to the incoming host. The only issue with this so far is that once the machine appears in the list, it won't go away, even after the VPN connection has been disconnected for many hours. I can't make Samba's nmbd active on both the LAN eth0 interface and the 192.168.1.10 IP that is the local ppp+ for pptpd, because Samba always figures out it's on the same subnet as eth0 and won't bind. I can't pre-bind it to ppp+, as Samba doesn't like that either. And finally, I cannot make the VPN clients appear on another subnet, because the Samba/PoPToP box is not the LAN's gateway, so 192.168.2.X packets would get sent to the gateway and vanish. Thanks, JS PS: I hope the Win 98 128-bit update is made available again by MS very soon. ***No fancy Net Admin tags down here, since I'm just a hobbyist!!*** -------------- next part -------------- An HTML attachment was scrubbed... URL: From giulioo at pobox.com Sun Aug 12 06:08:08 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Sun, 12 Aug 2001 13:08:08 +0200 Subject: [pptp-server] It works pretty well, but still some sticky problems! In-Reply-To: <009701c1229f$1a2bb120$0202a8c0@shadowlamenet.sys> References: <009701c1229f$1a2bb120$0202a8c0@shadowlamenet.sys> Message-ID: <20010812110451.4A20C165DD@i3.golden.dom> On Sat, 11 Aug 2001 15:52:02 -0400, you wrote: >2. I downloaded the two patches on themm.net to strip off the \\WORKGROUP from login > usernames and to require use of MPPE eryption, However I can find no instructions as to how to properly apply them, show the command you use, the error you get, the dir where you are >3. I saw other ppl were having a problem that I had, and still have, with pppd/ppp, which is that the ip-down script never gets called. Has anyone found a solution? >Even putting an explicit "disconnect script" clause in my options.pptpd file will not force it to happen. here ppp always execute ip-down when pptpd is finished. it's the normal ppp ip-down script. >I hope the Win 98 128-bit update is made available again by MS very soon. search http://ftpsearch.ntnu.no/ftpsearch for dun128 or similar. I'm using 128 with win95,98,me (included in the box) -- giulioo at pobox.com From GeorgeV at citadelcomputer.com.au Sun Aug 12 07:43:31 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sun, 12 Aug 2001 22:43:31 +1000 Subject: [pptp-server] It works pretty well, but still some sticky pro blems! Message-ID: <200FAA488DE0D41194F10010B597610D172955@JUPITER> 1. Try adding lcp-echo-failure 10 lcp-echo-interval 3 to your options.pptp file. this helps detect dead pppd links and drops the pppd connection if any. Then it's up to the client to reconnect. 2. Can't remember the patch but usually in the first line it tells you how to use it... something line patch -p1 < patchfile 3. The scripts are (usually) called. The problem may be that pppd probably didn't totally die or something... the fix in problem 1 may also fix this.. Also try using ipparam and linkname in your pppd command line.. then in ip-down.local use $6 to determine the ipparam used and log the time/date to help diagnose lose of connectione etc.. -----Original Message----- From: Plastic [mailto:plasticplastic at ameritech.net] Sent: Sunday, August 12, 2001 5:52 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] It works pretty well, but still some sticky problems! Hi. I've gotten everything working now, except 3-1/2 things: 1. The Win 98 VPN client can "dial in" and access the LAN, browse, access shares. The LAN machines can (finally) browse the incoming machine and access its shares. However, after the client has been connected for a certain amount of time, which varies from perhaps 15 minutes to 5 hours, the connection (at least the tunnel part) goes dead. Pppd, pptpd, and even the client's VPN adapter do not seem to be aware of this. (Sometimes the client figures it out a few hours later, tho.) Once this happens, no traffic goes through the tunnel, not even pinging. I did install the 1.1.2 version of pptpd, since I saw messages in the archives for this list to the effect that it might solve this issue, only it has not done so. The next diagnostic I'm going to try is to have the client connect with no MPPE and see if this happens, or completely fails to appear, over a full 24 hour period. 2. I downloaded the two patches on themm.net to strip off the \\WORKGROUP from login usernames and to require use of MPPE eryption, However I can find no instructions as to how to properly apply them, which may be why the patch utility gives a lot of errors when I try to do so. (I am curious as to why one incoming Win 98 machine always uses the \\WORKGROUP prefix on the login username and another never does, although they are both set up with the same workgroup name.) I'm using a ppp-2.3.11.tar.gz which somehow already has all the MPPE 40 and 128, and MSCHAP v1 and v2, stuff already enabled. It's even in the man pages! I'm using a linux 2.2.16 kernel source. I use a pkg called ppp-2.3.11-4_MPPE_MSCHAP2.i386.rpm which has a bunch of patches with an install script that automatically patches the kernel source And amazingly the kernel and modules all compile fine, with only one manual hack in a line with a call to the kill_fasynch function, that most of you are probably familiar with. 3. I saw other ppl were having a problem that I had, and still have, with pppd/ppp, which is that the ip-down script never gets called. Has anyone found a solution? Even putting an explicit "disconnect script" clause in my options.pptpd file will not force it to happen. I pulled my hair out for 2 days over the issue of making the incoming hosts visible on the LAN browse list and getting it to share it's own resources. Even a 2 hour call to Redmond did not help, even though I specifically asked if the thing that finally was the real problem could be the problem, which GREATLY delayed resolution,--they said it couldn't be. The solution turned out to be very simple. At least with Win 98 v.1, you must have NetBT enabled on not only the VPN adapter, but also on the ordinary DUN adapter, or else it refuses to make shares available on even the VPN one. This seems really illogical (thanks MS!) security-wise especially for anyone using a modem or "modem-like" situation to connect to the Net and then to the VPN server. It does not even matter if you are using DUN to connect to the Internet before "dialing up" with the VPN connectoid or not, because, even if you are accessing the Net through a gateway on the LAN over Ethernet, just having NetBT unbound from DUN adapter #1 will break things. I had followed the suggestions in the HowTos and FAQs for PoPToP and was able to offer a LAN browse list to the VPN client by pointing it at a Samba WINS service running on the LAN eth0 interface of the machine PoPToP is running on. Now, I've made the VPN client appear on the LAN browse list, too, by using the "remote browse sync = " option of Samba, setting it to "192.168.1.20/32" where 192.168.1.0 is the LAN subnet and 192.168.1.20 is the IP given to the incoming host. The only issue with this so far is that once the machine appears in the list, it won't go away, even after the VPN connection has been disconnected for many hours. I can't make Samba's nmbd active on both the LAN eth0 interface and the 192.168.1.10 IP that is the local ppp+ for pptpd, because Samba always figures out it's on the same subnet as eth0 and won't bind. I can't pre-bind it to ppp+, as Samba doesn't like that either. And finally, I cannot make the VPN clients appear on another subnet, because the Samba/PoPToP box is not the LAN's gateway, so 192.168.2.X packets would get sent to the gateway and vanish. Thanks, JS PS: I hope the Win 98 128-bit update is made available again by MS very soon. ***No fancy Net Admin tags down here, since I'm just a hobbyist!!*** From plasticplastic at ameritech.net Sun Aug 12 11:09:37 2001 From: plasticplastic at ameritech.net (Plastic) Date: Sun, 12 Aug 2001 12:09:37 -0400 Subject: [pptp-server] It works pretty well, but still some sticky problems! Message-ID: <003101c12349$30c9c980$0202a8c0@shadowlamenet.sys> Hi, George, and everyone else! Thanks for the help. =) I've put the two lcp* clauses in, and I'll be testing that. I feel a bit foolish, but I've just discovered the ppp-2.3.11.tar.gz source i have (and can't remember exactly where i got it from) has the require-mppe* options built-in, too, ALREADY, altho they are not documented in the included man pages like the mschap* ones are. So, one patch is is not even needed....so no wonder it won't insert! The other patch (just tried it), the \\WORKGROUP stripper won't insert completely, and I can see why. It's looking for a "ppp-2.3.11.mppe" tree at the same level as the "ppp-2.3.11" tree, which doesn't exist. I'm a bit tempted to just edit out the extra ".mppe", but that will probably just break something. I'm going to tack the whole patch onto the end of this message, and maybe someone on this list can make sense of it. I *really* don't think /etc/ppp/ip-down is running at all. It doesn't even run when a client makes a graceful disconnection. And after the client has disconnected, a "ps -ax | grep pppd" shows no lingering traces of pppd. So, I don't think putting logging code in there will help, since it won't run! It has some ipchains flushing code that definitely never is run, since it never goes into effect...although if you manually execute the script, it goes into effect pronto. In the logs, pppd always says "Exit", too. Again, thanks a lot! -- JS. ----- Original Message ----- From: "George Vieira" To: "'Plastic'" ; Sent: Sunday, August 12, 2001 8:43 AM Subject: RE: [pptp-server] It works pretty well, but still some sticky problems! > 1. Try adding > > lcp-echo-failure 10 > lcp-echo-interval 3 > > to your options.pptp file. this helps detect dead pppd links and drops the > pppd connection if any. Then it's up to the client to reconnect. > > 2. Can't remember the patch but usually in the first line it tells you how > to use it... something line > patch -p1 < patchfile > > 3. The scripts are (usually) called. The problem may be that pppd probably > didn't totally die or something... the fix in problem 1 may also fix this.. > Also try using ipparam and linkname in your pppd command line.. then in > ip-down.local use $6 to determine the ipparam used and log the time/date to > help diagnose lose of connectione etc.. > --------inserting the patch: strip-MSdomain-patch.diff from themm.net------- diff -ur ppp-2.3.11/pppd/chap.c ppp-2.3.11.mppe/pppd/chap.c --- ppp-2.3.11/pppd/chap.c Thu Mar 16 17:47:42 2000 +++ ppp-2.3.11.mppe/pppd/chap.c Wed Mar 29 13:39:10 2000 @@ -69,6 +69,10 @@ { "ms-lanman", o_bool, &ms_lanman, "Use LanMan passwd when using MS-CHAP", 1 }, #endif +#ifdef CHAPMS + { "chapms-strip-domain", o_bool, &chapms_strip_domain, + "Strip the domain prefix before the Username", 1 }, +#endif { NULL } }; @@ -518,6 +522,7 @@ int secret_len, old_state; int code; char rhostname[256]; + char tmp[256]; MD5_CTX mdContext; char secret[MAXSECRETLEN]; u_char hash[MD5_SIGNATURE_SIZE]; @@ -565,6 +570,10 @@ len = sizeof(rhostname) - 1; BCOPY(inp, rhostname, len); rhostname[len] = '\000'; + if (strrchr(rhostname, '\\') && chapms_strip_domain) { + strcpy(tmp, strrchr(rhostname, '\\') + 1); + strcpy(rhostname, tmp); + } /* * Get secret for authenticating them with us, diff -ur ppp-2.3.11/pppd/chap_ms.c ppp-2.3.11.mppe/pppd/chap_ms.c --- ppp-2.3.11/pppd/chap_ms.c Thu Mar 16 17:47:42 2000 +++ ppp-2.3.11.mppe/pppd/chap_ms.c Wed Mar 29 13:44:47 2000 @@ -84,6 +84,7 @@ bool ms_lanman = 0; /* Use LanMan password instead of NT */ /* Has meaning only with MS-CHAP challenges */ #endif +bool chapms_strip_domain = 0; static void ChallengeResponse(challenge, pwHash, response) diff -ur ppp-2.3.11/pppd/pppd.h ppp-2.3.11.mppe/pppd/pppd.h --- ppp-2.3.11/pppd/pppd.h Thu Mar 16 17:47:42 2000 +++ ppp-2.3.11.mppe/pppd/pppd.h Wed Mar 29 13:36:10 2000 @@ -226,6 +226,9 @@ extern bool ms_lanman; /* Use LanMan password instead of NT */ /* Has meaning only with MS-CHAP challenges */ #endif +#ifdef CHAPMS +extern bool chapms_strip_domain; +#endif extern char *current_option; /* the name of the option being parsed */ extern int privileged_option; /* set iff the current option came from root */ ------------end of patch code------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: From giulioo at pobox.com Sun Aug 12 11:20:02 2001 From: giulioo at pobox.com (Giulio Orsero) Date: Sun, 12 Aug 2001 18:20:02 +0200 Subject: [pptp-server] It works pretty well, but still some sticky problems! In-Reply-To: <003101c12349$30c9c980$0202a8c0@shadowlamenet.sys> References: <003101c12349$30c9c980$0202a8c0@shadowlamenet.sys> Message-ID: <20010812161646.0B8DF165DD@i3.golden.dom> On Sun, 12 Aug 2001 12:09:37 -0400, you wrote: >won't insert completely, and I can see why. It's looking for a >"ppp-2.3.11.mppe" tree at the same level as the "ppp-2.3.11" tree, which >doesn't exist. I'm a bit tempted to just edit out the extra ".mppe", but >diff -ur ppp-2.3.11/pppd/chap.c ppp-2.3.11.mppe/pppd/chap.c >--- ppp-2.3.11/pppd/chap.c Thu Mar 16 17:47:42 2000 >+++ ppp-2.3.11.mppe/pppd/chap.c Wed Mar 29 13:39:10 2000 go into your ppp-X.X.X dir and do patch -p1 < /path/patch -- giulioo at pobox.com From GeorgeV at citadelcomputer.com.au Sun Aug 12 16:58:46 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 13 Aug 2001 07:58:46 +1000 Subject: [pptp-server] It works pretty well, but still some sticky pro blems! Message-ID: <200FAA488DE0D41194F10010B597610D172958@JUPITER> Well, the problem with "don't think" is that it never gets solved to "I know". What you should do is put something into the /etc/ppp/ip-down script and do a echo "[`date +\"%H:%M:%S %d/%m/%y\"`] PPTP shutdown executed." >>/var/log/pptpd.log And in ip-up you the similar line echo "[`date +\"%H:%M:%S %d/%m/%y\"`] PPTP startup executed." >>/var/log/pptpd.log If these lines are not executed then there's something wrong.. if they work then move these files to the /etc/ppp/ip-up.local and ip-down.local. ip-up and down should have lines which execute the ip-up.local and down scripts. Let me know how it goes. -----Original Message----- From: Plastic [mailto:plasticplastic at ameritech.net] Sent: Monday, August 13, 2001 1:28 AM To: George Vieira Cc: pptp-server-request at lists.schulte.org Subject: Re: [pptp-server] It works pretty well, but still some sticky problems! Hi, George, and everyone else! Thanks for the help. =) I've put the two lcp* clauses in, and I'll be testing that. I feel a bit foolish, but I've just discovered the ppp-2.3.11.tar.gz source i have (and can't remember exactly where i got it from) has the require-mppe* options built-in, too, ALREADY, altho they are not documented in the included man pages like the mschap* ones are. So, one patch is is not even needed....so no wonder it won't insert! The other patch (just tried it), the \\WORKGROUP stripper won't insert completely, and I can see why. It's looking for a "ppp-2.3.11.mppe" tree at the same level as the "ppp-2.3.11" tree, which doesn't exist. I'm a bit tempted to just edit out the extra ".mppe", but that will probably just break something. I'm going to tack the whole patch onto the end of this message, and maybe someone on this list can make sense of it. I *really* don't think /etc/ppp/ip-down is running at all. It doesn't even run when a client makes a graceful disconnection. And after the client has disconnected, a "ps -ax | grep pppd" shows no lingering traces of pppd. So, I don't think putting logging code in there will help, since it won't run! It has some ipchains flushing code that definitely never is run, since it never goes into effect...although if you manually execute the script, it goes into effect pronto. In the logs, pppd always says "Exit", too. Again, thanks a lot! -- JS. ----- Original Message ----- From: "George Vieira" To: "'Plastic'" ; Sent: Sunday, August 12, 2001 8:43 AM Subject: RE: [pptp-server] It works pretty well, but still some sticky problems! > 1. Try adding > > lcp-echo-failure 10 > lcp-echo-interval 3 > > to your options.pptp file. this helps detect dead pppd links and drops the > pppd connection if any. Then it's up to the client to reconnect. > > 2. Can't remember the patch but usually in the first line it tells you how > to use it... something line > patch -p1 < patchfile > > 3. The scripts are (usually) called. The problem may be that pppd probably > didn't totally die or something... the fix in problem 1 may also fix this.. > Also try using ipparam and linkname in your pppd command line.. then in > ip-down.local use $6 to determine the ipparam used and log the time/date to > help diagnose lose of connectione etc.. > --------inserting the patch: strip-MSdomain-patch.diff from themm.net------- diff -ur ppp-2.3.11/pppd/chap.c ppp-2.3.11.mppe/pppd/chap.c --- ppp-2.3.11/pppd/chap.c Thu Mar 16 17:47:42 2000 +++ ppp-2.3.11.mppe/pppd/chap.c Wed Mar 29 13:39:10 2000 @@ -69,6 +69,10 @@ { "ms-lanman", o_bool, &ms_lanman, "Use LanMan passwd when using MS-CHAP", 1 }, #endif +#ifdef CHAPMS + { "chapms-strip-domain", o_bool, &chapms_strip_domain, + "Strip the domain prefix before the Username", 1 }, +#endif { NULL } }; @@ -518,6 +522,7 @@ int secret_len, old_state; int code; char rhostname[256]; + char tmp[256]; MD5_CTX mdContext; char secret[MAXSECRETLEN]; u_char hash[MD5_SIGNATURE_SIZE]; @@ -565,6 +570,10 @@ len = sizeof(rhostname) - 1; BCOPY(inp, rhostname, len); rhostname[len] = '\000'; + if (strrchr(rhostname, '\\') && chapms_strip_domain) { + strcpy(tmp, strrchr(rhostname, '\\') + 1); + strcpy(rhostname, tmp); + } /* * Get secret for authenticating them with us, diff -ur ppp-2.3.11/pppd/chap_ms.c ppp-2.3.11.mppe/pppd/chap_ms.c --- ppp-2.3.11/pppd/chap_ms.c Thu Mar 16 17:47:42 2000 +++ ppp-2.3.11.mppe/pppd/chap_ms.c Wed Mar 29 13:44:47 2000 @@ -84,6 +84,7 @@ bool ms_lanman = 0; /* Use LanMan password instead of NT */ /* Has meaning only with MS-CHAP challenges */ #endif +bool chapms_strip_domain = 0; static void ChallengeResponse(challenge, pwHash, response) diff -ur ppp-2.3.11/pppd/pppd.h ppp-2.3.11.mppe/pppd/pppd.h --- ppp-2.3.11/pppd/pppd.h Thu Mar 16 17:47:42 2000 +++ ppp-2.3.11.mppe/pppd/pppd.h Wed Mar 29 13:36:10 2000 @@ -226,6 +226,9 @@ extern bool ms_lanman; /* Use LanMan password instead of NT */ /* Has meaning only with MS-CHAP challenges */ #endif +#ifdef CHAPMS +extern bool chapms_strip_domain; +#endif extern char *current_option; /* the name of the option being parsed */ extern int privileged_option; /* set iff the current option came from root */ ------------end of patch code------------------ From santos at workout.com.ar Mon Aug 13 10:27:46 2001 From: santos at workout.com.ar (Santos Jorge Ariel) Date: Mon, 13 Aug 2001 12:27:46 -0300 Subject: [pptp-server] VPN-Server multiple clients Message-ID: <00ed01c1240c$81179b60$0240a8c0@workout.com.ar> I can make the connection with multiples clients but only one can transfer packages. When the first client (the one who could send packages) finish the connection all other users lost their connections I was wondering if there is something else that i can do, because i tried with a lot of patchs, kernel and i can't solve this problem I've a problem with GRE (47) protocol; error: Discard order of packets[GRE] when the second conection begins. The VPN server (ip: 200.59.152.XXX) can?t get a los of diferent in coming conections from clients who come througth a proxy (ip: 200.58.51.XXX) What patch should i try ? (for vpn server's kernel) A su Disposici?n. Jorge Ariel Santos Operaciones Belgrano 430 3? D C1092AAR Buenos Aires Argentina Tel/Fax 011-4878-4444 int 55 Mail santos at workout.com.ar -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: logoB.jpg Type: image/jpeg Size: 3324 bytes Desc: not available URL: From JaminC at adapt-tele.com Mon Aug 13 11:29:35 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Mon, 13 Aug 2001 11:29:35 -0500 Subject: [pptp-server] VPN-Server multiple clients Message-ID: First, please don't post HTML to mailing lists. Santos Jorge Ariel [mailto:santos at workout.com.ar] wrote: > I've a problem with GRE (47) protocol; error: Discard order of > packets[GRE] when the second conection begins. > The VPN server (ip: 200.59.152.XXX) can?t get a los of diferent > in coming conections from clients who come througth a proxy > (ip: 200.58.51.XXX) > >What patch should i try ? (for vpn server's kernel) None. There isn't a patch that allows for this. Jamin W. Collins From quasimotoca at yahoo.ca Mon Aug 13 11:37:14 2001 From: quasimotoca at yahoo.ca (Dave Cook) Date: Mon, 13 Aug 2001 12:37:14 -0400 (EDT) Subject: [pptp-server] TN520 sessions don't work Message-ID: <20010813163714.41864.qmail@web14704.mail.yahoo.com> Hi: An obscure one, I think. TN5250 sessions using PoPToP configuration perform strange. I can establish a PPTP connection and I can start the TN5250 session no problem. When I try and execute certain commands that return more than one page, I get a 'SYSTEM X' at the bottom of the emulation software screen and the session suspends. I have tried various products and the result is the same on each. I'm using a 2.4.x kernel and RH 7.1. I've also tried testing it on some commercial products which imbed PoPToP (like Astaro) and the result is the same. I'm going to try the Snap-Gear product tomorrow. Can anyone shed some light on this for me? I'm thinking it might be a key management problem or maybe certain kernel parameters chosen when PPP is built into my kernel. Note: The only product I've seen this work on so far is a commercial device made by a company called Mikotel. regards, Dave Cook President JAD Solutions Inc. _______________________________________________________ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca From quasimotoca at yahoo.ca Mon Aug 13 11:40:05 2001 From: quasimotoca at yahoo.ca (Dave Cook) Date: Mon, 13 Aug 2001 12:40:05 -0400 (EDT) Subject: [pptp-server] Sorry, I meant TN5250 sessions don't work.... Message-ID: <20010813164005.66534.qmail@web14708.mail.yahoo.com> Hi: An obscure one, I think. TN5250 sessions using PoPToP configuration perform strange. I can establish a PPTP connection and I can start the TN5250 session no problem. When I try and execute certain commands that return more than one page, I get a 'SYSTEM X' at the bottom of the emulation software screen and the session suspends. I have tried various products and the result is the same on each. I'm using a 2.4.x kernel and RH 7.1. I've also tried testing it on some commercial products which imbed PoPToP (like Astaro) and the result is the same. I'm going to try the Snap-Gear product tomorrow. Can anyone shed some light on this for me? I'm thinking it might be a key management problem or maybe certain kernel parameters chosen when PPP is built into my kernel. Note: The only product I've seen this work on so far is a commercial device made by a company called Mikotel. regards, Dave Cook President JAD Solutions Inc. _______________________________________________________ Do You Yahoo!? Get your free @yahoo.ca address at http://mail.yahoo.ca From michaelm at eyeball.com Mon Aug 13 12:46:09 2001 From: michaelm at eyeball.com (Michael McConnell) Date: Mon, 13 Aug 2001 10:46:09 -0700 Subject: [pptp-server] VPN-Server multiple clients References: <00ed01c1240c$81179b60$0240a8c0@workout.com.ar> Message-ID: <0a7801c1241f$d6695d20$db01320a@eyeball.com> PPTP Does not allow this to work. The RFC clearly stipulates that PPTP will not be able to uniquely identifiy channels. http://www.ietf.org/internet-drafts/draft-ietf-pppext-pptp-10.txt << RFC http://bmrc.berkeley.edu/people/chaffee/linux_pptp.html << potential work around ----- Original Message ----- From: Santos Jorge Ariel To: Lista de pptp Sent: Monday, August 13, 2001 8:27 AM Subject: [pptp-server] VPN-Server multiple clients I can make the connection with multiples clients but only one can transfer packages. When the first client (the one who could send packages) finish the connection all other users lost their connections I was wondering if there is something else that i can do, because i tried with a lot of patchs, kernel and i can't solve this problem I've a problem with GRE (47) protocol; error: Discard order of packets[GRE] when the second conection begins. The VPN server (ip: 200.59.152.XXX) can?t get a los of diferent in coming conections from clients who come througth a proxy (ip: 200.58.51.XXX) What patch should i try ? (for vpn server's kernel) A su Disposici?n. Jorge Ariel Santos Operaciones Belgrano 430 3? D C1092AAR Buenos Aires Argentina Tel/Fax 011-4878-4444 int 55 Mail santos at workout.com.ar -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: logoB.jpg Type: image/jpeg Size: 3324 bytes Desc: not available URL: From shughes at arn.net Mon Aug 13 18:44:43 2001 From: shughes at arn.net (Shawn Hughes) Date: Mon, 13 Aug 2001 16:44:43 -0700 Subject: [pptp-server] PPTP Auth Message-ID: <00f601c12451$f0ff0400$0204a8c0@shawn> I have got the pptp-server to authenticate and log on to my servers network, but I cann't connect to anything else on that network. On the windows computer I've got a IP Address of 192.168.4.103; Subnet Mask of 255.255.255.0; Default Gateway of 192.168.4.103. What do I need to try to get this remote PC to connect to my network. Thanks Shawn -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Mon Aug 13 17:08:50 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 14 Aug 2001 08:08:50 +1000 Subject: [pptp-server] VPN-Server multiple clients Message-ID: <200FAA488DE0D41194F10010B597610D1CEB73@JUPITER> If your clients are behind a firewall and masqueraded then this won't work.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Santos Jorge Ariel [mailto:santos at workout.com.ar] Sent: Tuesday, August 14, 2001 1:28 AM To: Lista de pptp Subject: [pptp-server] VPN-Server multiple clients I can make the connection with multiples clients but only one can transfer packages. When the first client (the one who could send packages) finish the connection all other users lost their connections I was wondering if there is something else that i can do, because i tried with a lot of patchs, kernel and i can't solve this problem I've a problem with GRE (47) protocol; error: Discard order of packets[GRE] when the second conection begins. The VPN server (ip: 200.59.152.XXX) can?t get a los of diferent in coming conections from clients who come througth a proxy (ip: 200.58.51.XXX) What patch should i try ? (for vpn server's kernel) A su Disposici?n. Jorge Ariel Santos Operaciones Belgrano 430 3? D C1092AAR Buenos Aires Argentina Tel/Fax 011-4878-4444 int 55 Mail santos at workout.com.ar -------------- next part -------------- A non-text attachment was scrubbed... Name: logoB.jpg Type: image/jpeg Size: 3324 bytes Desc: not available URL: From charlieb at e-smith.com Mon Aug 13 17:26:11 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 13 Aug 2001 18:26:11 -0400 (EDT) Subject: [pptp-server] PPTP Auth In-Reply-To: <00f601c12451$f0ff0400$0204a8c0@shawn> Message-ID: On Mon, 13 Aug 2001, Shawn Hughes wrote: > I have got the pptp-server to authenticate and log on to my servers > network, but I cann't connect to anything else on that network. On > the windows computer I've got a IP Address of 192.168.4.103; Subnet > Mask of 255.255.255.0; Default Gateway of 192.168.4.103. What do I > need to try to get this remote PC to connect to my network. Default gateway of your own IP address doesn't sound very useful. Make sure that you have proxy arp in the pppd config file on the server, and that packet forwarding is enabled there. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From patrickl at steltor.com Tue Aug 14 01:14:08 2001 From: patrickl at steltor.com (Patrick LIN) Date: Tue, 14 Aug 2001 02:14:08 -0400 Subject: [pptp-server] Routing feauture Message-ID: <3B78C1B0.2080004@steltor.com> hi everybody i finally have my setup working i have 2 question : my VPN server : Linux 2.4.6 ppp 2.4.1 pptpd 1.1.2 patches : strip-domain/mppe suite my network have sort of class (dont ask me why ) i work on it to remove that but it is not so easy :)) 10.0.0.0/8 and 192.168.0.0/16 the vpn client got adress in 10.0.0.1-253 and the server 10.0.0.254 on the eth interface the server has 10.1.1.30 so this my two question: 1 : when the client is connected everything is good and he can see any machine on 10.0.0.0/8 but he cannot see machine on 192.168.0.0/16 (i remove "use default gateway so the client can surf on internet ", yes the server can see all the network :)) when i add to the client this route route add 192.168.0.0 mask 255.255.0 10.0.0.254 everything is perfect. :) how can i add this route automatically when the user logon , until i move all my network to 10 ? is it a way to passe route from the serveur like DNS, WINS,etc.. ? 2 . someone know a tool (real time or not) to see who is connected by vpn on the Web or Cmd line ...... ? thanks a lot best regards Patrick --- ____________ __________________________________( / ________| | / \ | This message is transmitted by | \ \ | 100 % recycled electrons |___________\ / |__________________________________( /__________) From Josh.Howlett at bristol.ac.uk Tue Aug 14 07:27:42 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Tue, 14 Aug 2001 13:27:42 +0100 (BST) Subject: [pptp-server] MS-CHAP v2 exploit paper Message-ID: FAO anyone using PPTP over a sniffable network (i.e. wireless). http://mopo.informatik.uni-freiburg.de/pptp_mschapv2/ --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From tomer at netop.co.il Wed Aug 15 01:39:27 2001 From: tomer at netop.co.il (Tomer Okavi) Date: Wed, 15 Aug 2001 08:39:27 +0200 Subject: [pptp-server] Scripts Message-ID: <001501c12555$0af21650$0a64a8c0@bandit> Hey all. I made a simple script to notify by e-mail when a user has connected to the VPN box I'm running it through /etc/ppp/ip-up.local. Now, I would like to get the remote "real" ip address, (from where the user has connected). I could not find anything like that in man pppd etc. Is there a way of accomplishing this without tail,grep the logs? Thanks. Tomer -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Wed Aug 15 00:49:20 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 15 Aug 2001 15:49:20 +1000 Subject: [pptp-server] Scripts Message-ID: <200FAA488DE0D41194F10010B597610D1CEBAD@JUPITER> I sent a script close to a month ago that did this.. buggered if it's in the archives or even in my Sent Folder... What I did is detect the PPP0 or PPP1 ,etc session that it's running from and search it's PID. The Parent PID is the pptp control that started the PPPD session in the ps -ef | grep $PPID contains the IP address of the real IP. This you wil have to `cut` out.. Aha!!! Lucky.. I found my original reply to the list.. ---------------------------------------------------------------------------- ------------------------ I know a cheat way is to read the PPPx device in ip-up.local and then find it's parent process of the pppd command this then contains the real IP and is fully legit... eg. ps -ef (eg, to show where to find the real IP ) --------------- root 5104 1111 0 23:34 ? 00:00:01 pptpd [144.137.66.4] root 5105 5104 0 23:34 ? 00:00:00 /usr/sbin/pppd local file /etc/ppp/options.pptp 115200 cat /var/run/ppp0.pid (You get "ppp0" as $1 in ip-up.local ) --------------------- 5105 if-up.local ----------------- # interface-name tty-device speed local-IP-address remote-IP-address ipparam PID=`ps -fp \`cat /var/run/$1.pid\` | tail -1` RPID=`echo $PID | cut -f 3 -d " "` IP=`ps -p $RPID -o cmd | tail -1 | cut -f 2 -d "[" | cut -f 1 -d "]"` echo "Real IP Connection : $IP " >> /var/log/pptp.log PLEASE someone find a cleaner way of doing this.. this works for me everytime but when 100 connection come in at once I bet the CPU must go bonkas with shell scripting.... Hope this helps the idea a bit... maybe someone can write a C code version which compile would be passed something like "pptpip ppp0" and it'll return the IP... Oh cool yeah!!.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Tomer Okavi [mailto:tomer at netop.co.il] Sent: Wednesday, August 15, 2001 4:39 PM To: 'PPTP LIST' Subject: [pptp-server] Scripts Hey all. I made a simple script to notify by e-mail when a user has connected to the VPN box I'm running it through /etc/ppp/ip-up.local. Now, I would like to get the remote "real" ip address, (from where the user has connected). I could not find anything like that in man pppd etc. Is there a way of accomplishing this without tail,grep the logs? Thanks. Tomer From bcollins at newnanutilities.org Wed Aug 15 07:13:30 2001 From: bcollins at newnanutilities.org (Brian Collins) Date: Wed, 15 Aug 2001 08:13:30 -0400 Subject: [pptp-server] Scripts In-Reply-To: <200FAA488DE0D41194F10010B597610D1CEBAD@JUPITER> Message-ID: <4.3.2.7.2.20010815080825.00b4da20@mail.nwl.org> One of my contractors wrote this script. Don't know that it's any simpler. #!/bin/bash echo echo Current VPN Users: echo /sbin/ifconfig | grep P-t-P | awk -F' ' '{printf"%s\n", $3}' | awk -F: '{printf"%s|", $2}' > /tmp/whoson$$.tmp echo ENDOFFILE >> /tmp/whoson$$.tmp grep -E -f /tmp/whoson$$.tmp /etc/ppp/chap-secrets| awk -F' ' '{printf"%s\t%s\n",$1,$4}' echo rm /tmp/whoson$$.tmp ==================== --Brian Collins From george at george-net.de Wed Aug 15 12:55:34 2001 From: george at george-net.de (Georg Altmann) Date: Wed, 15 Aug 2001 19:55:34 +0200 Subject: [pptp-server] Lost with pppoe and pptpd Message-ID: <200108151955340128.00FF6994@mail> Hi everybody, It took me some time to find out that pptpd is conflicting with pppoe. Here is what I did so far: Recompile+install Kernel 2.4.7 with IP GRE and PPP support with linux-2.4.4-openssl-0.9.6a-mppe.patch.gz, compile+install ppp-2.4.1 with ppp-2.4.1-MSCHAPv2-fix.patch.gz and ppp-2.4.1-openssl-0.9.6-mppe-patch.gz, compile+install pptpd-1.0.1 modify syslog.conf I'm trying to connect a W2k roadwarrior (myself ;) to my linux box which is also the router with pppoe running. When I shut down pppoe and then fire up pptpd everything works fine. With pppoe running the log looks like this: Aug 15 19:44:05 router pptpd[1239]: MGR: Manager process started Aug 15 19:44:10 router pptpd[1240]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 15 19:44:10 router pptpd[1240]: CTRL: local address = 192.168.0.10 Aug 15 19:44:10 router pptpd[1240]: CTRL: remote address = 192.168.0.30 Aug 15 19:44:10 router pptpd[1240]: CTRL: pppd speed = 115200 Aug 15 19:44:10 router pptpd[1240]: CTRL: pppd options file = /etc/ppp/pptp-options Aug 15 19:44:10 router pptpd[1240]: CTRL: Client 192.168.0.51 control connection started Aug 15 19:44:10 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 1) Aug 15 19:44:10 router pptpd[1240]: CTRL: Made a START CTRL CONN RPLY packet Aug 15 19:44:10 router pptpd[1240]: CTRL: I wrote 156 bytes to the client. Aug 15 19:44:10 router pptpd[1240]: CTRL: Sent packet to client Aug 15 19:44:12 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 7) Aug 15 19:44:12 router pptpd[1240]: CTRL: Set parameters to 1525 maxbps, 64 window size Aug 15 19:44:12 router pptpd[1240]: CTRL: Made a OUT CALL RPLY packet Aug 15 19:44:12 router pptpd[1240]: CTRL: Starting call (launching pppd, opening GRE) Aug 15 19:44:12 router pptpd[1240]: CTRL: pty_fd = 5 Aug 15 19:44:12 router pptpd[1240]: CTRL: tty_fd = 6 Aug 15 19:44:12 router pptpd[1240]: CTRL: I wrote 32 bytes to the client. Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 15 19:44:12 router pptpd[1240]: CTRL: Sent packet to client Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): local address = 192.168.0.10 Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): remote address = 192.168.0.30 Aug 15 19:44:12 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 15) Aug 15 19:44:12 router pptpd[1240]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 15 19:44:12 router pppd[1241]: pppd 2.4.1 started by root, uid 0 Aug 15 19:44:12 router pppd[1241]: Using interface ppp1 Aug 15 19:44:12 router pppd[1241]: not replacing existing default route to ppp0 [217.5.98.8] Aug 15 19:44:12 router pppd[1241]: found interface eth0 for proxy arp Aug 15 19:44:12 router pppd[1241]: local IP address 192.168.0.10 Aug 15 19:44:12 router pppd[1241]: remote IP address 192.168.0.30 Aug 15 19:44:49 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 12) Aug 15 19:44:49 router pptpd[1240]: CTRL: Made a CALL DISCONNECT RPLY packet Aug 15 19:44:49 router pptpd[1240]: CTRL: Received CALL CLR request (closing call) Aug 15 19:44:49 router pptpd[1240]: CTRL: I wrote 148 bytes to the client. Aug 15 19:44:49 router pptpd[1240]: CTRL: Sent packet to client Aug 15 19:44:49 router pptpd[1240]: CTRL: Error with select(), quitting Aug 15 19:44:49 router pptpd[1240]: CTRL: Client 192.168.0.51 control connection finished Aug 15 19:44:49 router pptpd[1240]: CTRL: Exiting now Aug 15 19:44:49 router pptpd[1239]: MGR: Reaped child 1240 Is there anybody who got pppd running with pppoe? Could someone explain where the conflict between pppoe and pptpd is located? Is it that there may only be one instance of pppd running? The problem for me is, that I need this fixed until friday because I will travel to USA, and that's actually why I'm trying setting this up... ;) Thanks for any hint! Regards, Georg my options file (actually /etc/ppp/pptp-options): debug lock mtu 1490 mru 1490 name router auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 #require-chap proxyarp my pptpd.conf: speed 115200 option /etc/ppp/pptp-options debug localip 192.168.0.10 #eth0 local net remoteip 192.168.0.30-40 #listen 192.168.0.10 pidfile /var/run/pptpd.pid chap-secrets: georg router georg * -- Vote against Spam! http://www.politik-digital.de/spam/de/ The European Coalition Against Unsolicited Commercial Email: http://www.euro.cauce.org// From GeorgeV at citadelcomputer.com.au Wed Aug 15 15:20:00 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 16 Aug 2001 06:20:00 +1000 Subject: [pptp-server] Scripts Message-ID: <200FAA488DE0D41194F10010B597610D1CEBB1@JUPITER> Problem with this script is that it only shows the current connection but most people want to know (ON CONNECT) which REAL IP it's coming from. This script also only shows VPN IPs... But thanks anyway. -----Original Message----- From: Brian Collins [mailto:bcollins at newnanutilities.org] Sent: Wednesday, August 15, 2001 10:14 PM To: George Vieira; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Scripts One of my contractors wrote this script. Don't know that it's any simpler. #!/bin/bash echo echo Current VPN Users: echo /sbin/ifconfig | grep P-t-P | awk -F' ' '{printf"%s\n", $3}' | awk -F: '{printf"%s|", $2}' > /tmp/whoson$$.tmp echo ENDOFFILE >> /tmp/whoson$$.tmp grep -E -f /tmp/whoson$$.tmp /etc/ppp/chap-secrets| awk -F' ' '{printf"%s\t%s\n",$1,$4}' echo rm /tmp/whoson$$.tmp ==================== --Brian Collins From GeorgeV at citadelcomputer.com.au Wed Aug 15 15:25:22 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 16 Aug 2001 06:25:22 +1000 Subject: [pptp-server] Lost with pppoe and pptpd Message-ID: <200FAA488DE0D41194F10010B597610D1CEBB2@JUPITER> It's not really a conflict but it's the Unix version of Windows "Use remote Default Gateway".... In the /etc/ppp/options.pptp use nodefaultroute this should help with your problem... -----Original Message----- From: Georg Altmann [mailto:george at george-net.de] Sent: Thursday, August 16, 2001 3:56 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Lost with pppoe and pptpd Hi everybody, It took me some time to find out that pptpd is conflicting with pppoe. Here is what I did so far: Recompile+install Kernel 2.4.7 with IP GRE and PPP support with linux-2.4.4-openssl-0.9.6a-mppe.patch.gz, compile+install ppp-2.4.1 with ppp-2.4.1-MSCHAPv2-fix.patch.gz and ppp-2.4.1-openssl-0.9.6-mppe-patch.gz, compile+install pptpd-1.0.1 modify syslog.conf I'm trying to connect a W2k roadwarrior (myself ;) to my linux box which is also the router with pppoe running. When I shut down pppoe and then fire up pptpd everything works fine. With pppoe running the log looks like this: Aug 15 19:44:05 router pptpd[1239]: MGR: Manager process started Aug 15 19:44:10 router pptpd[1240]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 15 19:44:10 router pptpd[1240]: CTRL: local address = 192.168.0.10 Aug 15 19:44:10 router pptpd[1240]: CTRL: remote address = 192.168.0.30 Aug 15 19:44:10 router pptpd[1240]: CTRL: pppd speed = 115200 Aug 15 19:44:10 router pptpd[1240]: CTRL: pppd options file = /etc/ppp/pptp-options Aug 15 19:44:10 router pptpd[1240]: CTRL: Client 192.168.0.51 control connection started Aug 15 19:44:10 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 1) Aug 15 19:44:10 router pptpd[1240]: CTRL: Made a START CTRL CONN RPLY packet Aug 15 19:44:10 router pptpd[1240]: CTRL: I wrote 156 bytes to the client. Aug 15 19:44:10 router pptpd[1240]: CTRL: Sent packet to client Aug 15 19:44:12 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 7) Aug 15 19:44:12 router pptpd[1240]: CTRL: Set parameters to 1525 maxbps, 64 window size Aug 15 19:44:12 router pptpd[1240]: CTRL: Made a OUT CALL RPLY packet Aug 15 19:44:12 router pptpd[1240]: CTRL: Starting call (launching pppd, opening GRE) Aug 15 19:44:12 router pptpd[1240]: CTRL: pty_fd = 5 Aug 15 19:44:12 router pptpd[1240]: CTRL: tty_fd = 6 Aug 15 19:44:12 router pptpd[1240]: CTRL: I wrote 32 bytes to the client. Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 15 19:44:12 router pptpd[1240]: CTRL: Sent packet to client Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): local address = 192.168.0.10 Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): remote address = 192.168.0.30 Aug 15 19:44:12 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 15) Aug 15 19:44:12 router pptpd[1240]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 15 19:44:12 router pppd[1241]: pppd 2.4.1 started by root, uid 0 Aug 15 19:44:12 router pppd[1241]: Using interface ppp1 Aug 15 19:44:12 router pppd[1241]: not replacing existing default route to ppp0 [217.5.98.8] Aug 15 19:44:12 router pppd[1241]: found interface eth0 for proxy arp Aug 15 19:44:12 router pppd[1241]: local IP address 192.168.0.10 Aug 15 19:44:12 router pppd[1241]: remote IP address 192.168.0.30 Aug 15 19:44:49 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 12) Aug 15 19:44:49 router pptpd[1240]: CTRL: Made a CALL DISCONNECT RPLY packet Aug 15 19:44:49 router pptpd[1240]: CTRL: Received CALL CLR request (closing call) Aug 15 19:44:49 router pptpd[1240]: CTRL: I wrote 148 bytes to the client. Aug 15 19:44:49 router pptpd[1240]: CTRL: Sent packet to client Aug 15 19:44:49 router pptpd[1240]: CTRL: Error with select(), quitting Aug 15 19:44:49 router pptpd[1240]: CTRL: Client 192.168.0.51 control connection finished Aug 15 19:44:49 router pptpd[1240]: CTRL: Exiting now Aug 15 19:44:49 router pptpd[1239]: MGR: Reaped child 1240 Is there anybody who got pppd running with pppoe? Could someone explain where the conflict between pppoe and pptpd is located? Is it that there may only be one instance of pppd running? The problem for me is, that I need this fixed until friday because I will travel to USA, and that's actually why I'm trying setting this up... ;) Thanks for any hint! Regards, Georg my options file (actually /etc/ppp/pptp-options): debug lock mtu 1490 mru 1490 name router auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 #require-chap proxyarp my pptpd.conf: speed 115200 option /etc/ppp/pptp-options debug localip 192.168.0.10 #eth0 local net remoteip 192.168.0.30-40 #listen 192.168.0.10 pidfile /var/run/pptpd.pid chap-secrets: georg router georg * -- Vote against Spam! http://www.politik-digital.de/spam/de/ The European Coalition Against Unsolicited Commercial Email: http://www.euro.cauce.org// _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From patrickl at steltor.com Wed Aug 15 11:12:20 2001 From: patrickl at steltor.com (Patrick LIN) Date: Wed, 15 Aug 2001 12:12:20 -0400 Subject: [pptp-server] monitor tool for pptp Message-ID: <3B7A9F64.7090209@steltor.com> hi, i search a tool (preferably web based or command line) who can give me info on the pptp server : - whois log - how much connection time - data transfered - failure etc.... thanks a lot Patrick -- ____________ __________________________________( / ________| | / \ | This message is transmitted by | \ \ | 100 % recycled electrons |___________\ / |__________________________________( /__________) From jvonau at home.com Wed Aug 15 22:09:17 2001 From: jvonau at home.com (Jerry Vonau) Date: Wed, 15 Aug 2001 22:09:17 -0500 Subject: [pptp-server] Lost with pppoe and pptpd References: <200108151955340128.00FF6994@mail> Message-ID: <3B7B395D.F390312E@home.com> Georg: Sounds like a confict with something that is in the /etc/ppp/options or the config file for pppoe, may have something that pptp doesn't like... could you post them? There was a post a while back with a sucess story... looking now.... Jerry Vonau Georg Altmann wrote: > > Hi everybody, > > It took me some time to find out that pptpd is conflicting with pppoe. > > Here is what I did so far: > Recompile+install Kernel 2.4.7 with IP GRE and PPP support with linux-2.4.4-openssl-0.9.6a-mppe.patch.gz, > compile+install ppp-2.4.1 with ppp-2.4.1-MSCHAPv2-fix.patch.gz and ppp-2.4.1-openssl-0.9.6-mppe-patch.gz, > compile+install pptpd-1.0.1 > modify syslog.conf > > I'm trying to connect a W2k roadwarrior (myself ;) to my linux box which is also the router with pppoe running. > When I shut down pppoe and then fire up pptpd everything works fine. > > With pppoe running the log looks like this: > Aug 15 19:44:05 router pptpd[1239]: MGR: Manager process started > Aug 15 19:44:10 router pptpd[1240]: MGR: Launching /usr/sbin/pptpctrl to handle client > Aug 15 19:44:10 router pptpd[1240]: CTRL: local address = 192.168.0.10 > Aug 15 19:44:10 router pptpd[1240]: CTRL: remote address = 192.168.0.30 > Aug 15 19:44:10 router pptpd[1240]: CTRL: pppd speed = 115200 > Aug 15 19:44:10 router pptpd[1240]: CTRL: pppd options file = /etc/ppp/pptp-options > Aug 15 19:44:10 router pptpd[1240]: CTRL: Client 192.168.0.51 control connection started > Aug 15 19:44:10 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 1) > Aug 15 19:44:10 router pptpd[1240]: CTRL: Made a START CTRL CONN RPLY packet > Aug 15 19:44:10 router pptpd[1240]: CTRL: I wrote 156 bytes to the client. > Aug 15 19:44:10 router pptpd[1240]: CTRL: Sent packet to client > Aug 15 19:44:12 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 7) > Aug 15 19:44:12 router pptpd[1240]: CTRL: Set parameters to 1525 maxbps, 64 window size > Aug 15 19:44:12 router pptpd[1240]: CTRL: Made a OUT CALL RPLY packet > Aug 15 19:44:12 router pptpd[1240]: CTRL: Starting call (launching pppd, opening GRE) > Aug 15 19:44:12 router pptpd[1240]: CTRL: pty_fd = 5 > Aug 15 19:44:12 router pptpd[1240]: CTRL: tty_fd = 6 > Aug 15 19:44:12 router pptpd[1240]: CTRL: I wrote 32 bytes to the client. > Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): Connection speed = 115200 > Aug 15 19:44:12 router pptpd[1240]: CTRL: Sent packet to client > Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): local address = 192.168.0.10 > Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): remote address = 192.168.0.30 > Aug 15 19:44:12 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 15) > Aug 15 19:44:12 router pptpd[1240]: CTRL: Got a SET LINK INFO packet with standard ACCMs > Aug 15 19:44:12 router pppd[1241]: pppd 2.4.1 started by root, uid 0 > Aug 15 19:44:12 router pppd[1241]: Using interface ppp1 > Aug 15 19:44:12 router pppd[1241]: not replacing existing default route to ppp0 [217.5.98.8] > Aug 15 19:44:12 router pppd[1241]: found interface eth0 for proxy arp > Aug 15 19:44:12 router pppd[1241]: local IP address 192.168.0.10 > Aug 15 19:44:12 router pppd[1241]: remote IP address 192.168.0.30 > Aug 15 19:44:49 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 12) > Aug 15 19:44:49 router pptpd[1240]: CTRL: Made a CALL DISCONNECT RPLY packet > Aug 15 19:44:49 router pptpd[1240]: CTRL: Received CALL CLR request (closing call) > Aug 15 19:44:49 router pptpd[1240]: CTRL: I wrote 148 bytes to the client. > Aug 15 19:44:49 router pptpd[1240]: CTRL: Sent packet to client > Aug 15 19:44:49 router pptpd[1240]: CTRL: Error with select(), quitting > Aug 15 19:44:49 router pptpd[1240]: CTRL: Client 192.168.0.51 control connection finished > Aug 15 19:44:49 router pptpd[1240]: CTRL: Exiting now > Aug 15 19:44:49 router pptpd[1239]: MGR: Reaped child 1240 > > Is there anybody who got pppd running with pppoe? > Could someone explain where the conflict between pppoe and pptpd is located? > Is it that there may only be one instance of pppd running? > > The problem for me is, that I need this fixed until friday because I will travel to USA, and that's actually why I'm trying setting this up... ;) > Thanks for any hint! > > Regards, > Georg > > > > my options file (actually /etc/ppp/pptp-options): > debug > lock > mtu 1490 > mru 1490 > name router > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > #require-chap > proxyarp > > my pptpd.conf: > speed 115200 > option /etc/ppp/pptp-options > debug > localip 192.168.0.10 #eth0 local net > remoteip 192.168.0.30-40 > #listen 192.168.0.10 > pidfile /var/run/pptpd.pid > > chap-secrets: > georg router georg * > > -- > Vote against Spam! > http://www.politik-digital.de/spam/de/ > The European Coalition Against Unsolicited Commercial Email: > http://www.euro.cauce.org// > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From jvonau at home.com Wed Aug 15 22:37:54 2001 From: jvonau at home.com (Jerry Vonau) Date: Wed, 15 Aug 2001 22:37:54 -0500 Subject: [pptp-server] Lost with pppoe and pptpd References: <200108151955340128.00FF6994@mail> Message-ID: <3B7B4012.A42F6F27@home.com> found it... http://lists.schulte.org/pipermail/pptp-server/2001-January/004411.html Are you using? http://roaringpenguin.com/pppoe/ If so I need to see the adsl-connect script. It holds the configuration options in the PPP_STD_OPTIONS part. I think it may have the noipdefault option set. Jerry Vonau Georg Altmann wrote: > > Hi everybody, > > It took me some time to find out that pptpd is conflicting with pppoe. > > Here is what I did so far: > Recompile+install Kernel 2.4.7 with IP GRE and PPP support with linux-2.4.4-openssl-0.9.6a-mppe.patch.gz, > compile+install ppp-2.4.1 with ppp-2.4.1-MSCHAPv2-fix.patch.gz and ppp-2.4.1-openssl-0.9.6-mppe-patch.gz, > compile+install pptpd-1.0.1 > modify syslog.conf > > I'm trying to connect a W2k roadwarrior (myself ;) to my linux box which is also the router with pppoe running. > When I shut down pppoe and then fire up pptpd everything works fine. > > With pppoe running the log looks like this: > Aug 15 19:44:05 router pptpd[1239]: MGR: Manager process started > Aug 15 19:44:10 router pptpd[1240]: MGR: Launching /usr/sbin/pptpctrl to handle client > Aug 15 19:44:10 router pptpd[1240]: CTRL: local address = 192.168.0.10 > Aug 15 19:44:10 router pptpd[1240]: CTRL: remote address = 192.168.0.30 > Aug 15 19:44:10 router pptpd[1240]: CTRL: pppd speed = 115200 > Aug 15 19:44:10 router pptpd[1240]: CTRL: pppd options file = /etc/ppp/pptp-options > Aug 15 19:44:10 router pptpd[1240]: CTRL: Client 192.168.0.51 control connection started > Aug 15 19:44:10 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 1) > Aug 15 19:44:10 router pptpd[1240]: CTRL: Made a START CTRL CONN RPLY packet > Aug 15 19:44:10 router pptpd[1240]: CTRL: I wrote 156 bytes to the client. > Aug 15 19:44:10 router pptpd[1240]: CTRL: Sent packet to client > Aug 15 19:44:12 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 7) > Aug 15 19:44:12 router pptpd[1240]: CTRL: Set parameters to 1525 maxbps, 64 window size > Aug 15 19:44:12 router pptpd[1240]: CTRL: Made a OUT CALL RPLY packet > Aug 15 19:44:12 router pptpd[1240]: CTRL: Starting call (launching pppd, opening GRE) > Aug 15 19:44:12 router pptpd[1240]: CTRL: pty_fd = 5 > Aug 15 19:44:12 router pptpd[1240]: CTRL: tty_fd = 6 > Aug 15 19:44:12 router pptpd[1240]: CTRL: I wrote 32 bytes to the client. > Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): Connection speed = 115200 > Aug 15 19:44:12 router pptpd[1240]: CTRL: Sent packet to client > Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): local address = 192.168.0.10 > Aug 15 19:44:12 router pptpd[1241]: CTRL (PPPD Launcher): remote address = 192.168.0.30 > Aug 15 19:44:12 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 15) > Aug 15 19:44:12 router pptpd[1240]: CTRL: Got a SET LINK INFO packet with standard ACCMs > Aug 15 19:44:12 router pppd[1241]: pppd 2.4.1 started by root, uid 0 > Aug 15 19:44:12 router pppd[1241]: Using interface ppp1 > Aug 15 19:44:12 router pppd[1241]: not replacing existing default route to ppp0 [217.5.98.8] > Aug 15 19:44:12 router pppd[1241]: found interface eth0 for proxy arp > Aug 15 19:44:12 router pppd[1241]: local IP address 192.168.0.10 > Aug 15 19:44:12 router pppd[1241]: remote IP address 192.168.0.30 > Aug 15 19:44:49 router pptpd[1240]: CTRL: Received PPTP Control Message (type: 12) > Aug 15 19:44:49 router pptpd[1240]: CTRL: Made a CALL DISCONNECT RPLY packet > Aug 15 19:44:49 router pptpd[1240]: CTRL: Received CALL CLR request (closing call) > Aug 15 19:44:49 router pptpd[1240]: CTRL: I wrote 148 bytes to the client. > Aug 15 19:44:49 router pptpd[1240]: CTRL: Sent packet to client > Aug 15 19:44:49 router pptpd[1240]: CTRL: Error with select(), quitting > Aug 15 19:44:49 router pptpd[1240]: CTRL: Client 192.168.0.51 control connection finished > Aug 15 19:44:49 router pptpd[1240]: CTRL: Exiting now > Aug 15 19:44:49 router pptpd[1239]: MGR: Reaped child 1240 > > Is there anybody who got pppd running with pppoe? > Could someone explain where the conflict between pppoe and pptpd is located? > Is it that there may only be one instance of pppd running? > > The problem for me is, that I need this fixed until friday because I will travel to USA, and that's actually why I'm trying setting this up... ;) > Thanks for any hint! > > Regards, > Georg > > > > my options file (actually /etc/ppp/pptp-options): > debug > lock > mtu 1490 > mru 1490 > name router > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > #require-chap > proxyarp > > my pptpd.conf: > speed 115200 > option /etc/ppp/pptp-options > debug > localip 192.168.0.10 #eth0 local net > remoteip 192.168.0.30-40 > #listen 192.168.0.10 > pidfile /var/run/pptpd.pid > > chap-secrets: > georg router georg * > > -- > Vote against Spam! > http://www.politik-digital.de/spam/de/ > The European Coalition Against Unsolicited Commercial Email: > http://www.euro.cauce.org// > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From sp at iphh.net Thu Aug 16 04:40:01 2001 From: sp at iphh.net (Sascha E. Pollok) Date: Thu, 16 Aug 2001 11:40:01 +0200 Subject: [pptp-server] Resource for patches?! Message-ID: Folks, I know this might be a FAQ somewhere but I am searching for a definitive resource for the MPPE patches for recent kernels (like 2.4.7). Is there anyone who can point me to a appropriate resource? Thank you very much! Regards, Sascha From colin.clegg at bigfoot.com Thu Aug 16 06:10:32 2001 From: colin.clegg at bigfoot.com (Colin Clegg) Date: Thu, 16 Aug 2001 12:10:32 +0100 Subject: [pptp-server] Can you supply or help ? Message-ID: <001301c12644$15396880$1401a8c0@amd> Hi Has anybody out there got a compiled copy of the ppp_mppe.o module for RedHat kernel 2.4.2 ? I have tried downloading the kernel source and applying the linux-2.4.0-openssl-0.9.6-mppe.patch, but if I do this the kernel refuses to build. I get an error 1 on dummy.o in the drivers/net directory and then it crashes out with an error 2. Thanks Colin From jvonau at home.com Thu Aug 16 06:59:40 2001 From: jvonau at home.com (Jerry Vonau) Date: Thu, 16 Aug 2001 06:59:40 -0500 Subject: [pptp-server] Lost with pppoe and pptpd References: <200108151955340128.00FF6994@mail> <3B7B4012.A42F6F27@home.com> <200108161240440949.0084C0B0@mail> Message-ID: <3B7BB5AC.2BB7BB12@home.com> Georg: The /etc/ppp/options is a global control file that controls all pppd connections, including pptp. Try taking out all the options in the file and add them to the command line that starts the link. Like you did with the mtu/mru settings. Jerry Vonau Georg Altmann wrote: > > *********** REPLY SEPARATOR *********** > >found it... > > > >http://lists.schulte.org/pipermail/pptp-server/2001-January/004411.html > > > >Are you using? > >http://roaringpenguin.com/pppoe/ > Yes. sorry I forgot that there are multiple pppoe servers. > > >If so I need to see the adsl-connect script. > >It holds the configuration options in the PPP_STD_OPTIONS > >part. I think it may have the noipdefault option set. > I'm not using the adsl-connect script, I have a inittab script which does not set anything except the dsl ethernet-interface: > > echo -n "Bringing up ADSL link" > $PPPD pty "$PPPOE -I $ADSL_DEVICE -m 1452" > > I've also checked the options file for pppoe - I found and disabled the noipdefault option. But infact it didn't change anything. > > # /etc/ppp/options (pppoe) > demand > connect /bin/true > ipcp-accept-remote > ipcp-accept-local > usepeerdns > idle 600 > #noipdefault > defaultroute > user "" > hide-password > noaccomp > nopcomp > novj > novjccomp > nobsdcomp > nodeflate > noccp > nocrtscts > local > noauth > # mru 1492 > # mtu 1492 > lcp-echo-interval 10 > lcp-echo-failure 3 > lock > debug > #nodetach > > In the pppoe.conf only username, interface and some dsl specific stuff is set. > > Ok, I see it's basically a routing problem, right? > I added nodefaultroute to the pptp-options file as George Vieira recommended. Then I wasn't able to bring up a connection at all - even with pppoe shut down. So the pptpd link needs to set the default route which is already set when pppoe is up. > The routes to the ppp targets are set though: > Target Router Genmask Flags Metric Ref Use Iface > 217.5.98.8 * 255.255.255.255 UH 0 0 0 ppp0 => pppoe > 192.168.0.31 * 255.255.255.255 UH 0 0 0 ppp2 =>second try pptp > 192.168.0.30 * 255.255.255.255 UH 0 0 0 ppp1 =>first try pptp > 192.168.50.0 * 255.255.255.0 U 0 0 0 eth2 > 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 > 192.168.99.0 wvlan2.wireless 255.255.255.0 UG 0 0 0 eth2 > 192.168.10.0 * 255.255.255.0 U 0 0 0 eth1 =>dsl modem > 127.0.0.0 * 255.0.0.0 U 0 0 0 lo > default 217.5.98.8 0.0.0.0 UG 0 0 0 ppp0 => pppoe > > Does the kernel route in the same order the routing table is printed by route? If so is must it the pppX routes first. I just thought the packets might be routed through eth0. > Any thoughts? > > Regards, > Georg0 > > -- > Vote against Spam! > http://www.politik-digital.de/spam/de/ > The European Coalition Against Unsolicited Commercial Email: > http://www.euro.cauce.org// From berzerke at swbell.net Thu Aug 16 08:38:14 2001 From: berzerke at swbell.net (robert) Date: Thu, 16 Aug 2001 08:38:14 -0500 Subject: [pptp-server] Can you supply or help ? In-Reply-To: <001301c12644$15396880$1401a8c0@amd> References: <001301c12644$15396880$1401a8c0@amd> Message-ID: <0GI500ACBXS6V5@mta5.rcsntx.swbell.net> It is best to use a stock kernel, not a distro kernel. The patches are made for a stock kernel. BTW, I would recommend upgrading to a newer kernel anyway (at least 2.4.4). There are some nasty bugs in <2.4.4 On Thursday 16 August 2001 06:10 am, Colin Clegg wrote: > Hi > > Has anybody out there got a compiled copy of the ppp_mppe.o module for > RedHat kernel 2.4.2 ? > > I have tried downloading the kernel source and applying the > linux-2.4.0-openssl-0.9.6-mppe.patch, but if I do this the kernel refuses > to build. I get an error 1 on dummy.o in the drivers/net directory and > then it crashes out with an error 2. > > Thanks > > Colin From jvonau at home.com Thu Aug 16 17:57:04 2001 From: jvonau at home.com (Jerry Vonau) Date: Thu, 16 Aug 2001 17:57:04 -0500 Subject: [pptp-server] Lost with pppoe and pptpd References: <200108151955340128.00FF6994@mail> <3B7B4012.A42F6F27@home.com> <200108161240440949.0084C0B0@mail> <3B7BB5AC.2BB7BB12@home.com> <200108161555270257.013709F0@mail> Message-ID: <3B7C4FC0.7C433B39@home.com> Glad it worked out for you.. Jerry Voanu Georg Altmann wrote: > > *********** REPLY SEPARATOR *********** > > On 16.08.2001 at 06:59 Jerry Vonau wrote: > > >Georg: > > > >The /etc/ppp/options is a global control file that controls all pppd > >connections, including pptp. Try taking out all the options in the file > >and add them to the command line that starts the link. Like you did with > >the mtu/mru settings. > > Bang! Thanks, I thought it would be enough to set the options file as a parameter and the standard options would be left out. > Works fine now! > > Regards, > Georg > > -- > Vote against Spam! > http://www.politik-digital.de/spam/de/ > The European Coalition Against Unsolicited Commercial Email: > http://www.euro.cauce.org// From pgt at pgt.de Thu Aug 16 20:02:24 2001 From: pgt at pgt.de (Papick Garcia Taboada) Date: Fri, 17 Aug 2001 03:02:24 +0200 Subject: [pptp-server] routing again Message-ID: hi everybody, I need some help here... I am using Suse 7.2, iptables, SuSEfirewall2,... on my local subnet my w2ksp2 notebook is logging in using VPN perfectly, but - log in from "outside" is not working. - accessing/ routing/ pinging other machines on the local subnet is not working - pinging/ accessing the logged in computer from the local subnet is not working. i guess that all theese points regard my firewall/ routing iptables settings. does somebody know how to configure SuSEfirewal2 to get it working with pptpd? my scenario: i am connectiong on demand to the internet via pppoed/dsl (ppp0) my local subnet is 192.168.0.1/24 and 192.168.0.1 is the machine running the pppoed, firewall2, pptpd, dns, smb, etc... the clients logging in are mapped to localips 192.168.0.80-100 remoteips 192.168.0.200-220 and the local computers are getting their ips from dhcpd. there are some entries in SuSEfirewall2 regarding VPN, but there is no doc on how to setup it. PLEASE HELP! brgds Papick Garcia Taboada From patrickl at steltor.com Fri Aug 17 05:14:43 2001 From: patrickl at steltor.com (Patrick LIN) Date: Fri, 17 Aug 2001 06:14:43 -0400 Subject: [pptp-server] how to disallow/prevent multiple login with the same username Message-ID: <3B7CEE93.3020606@steltor.com> hi , i want to know if somebody know or have experience to prevent two connection from the dsame username at same time on the pptp server ? and nobody can help me on the previous message i send on my routing problem ? thanks Best regards, patrick -- ____________ __________________________________( / ________| | / \ | This message is transmitted by | \ \ | 100 % recycled electrons |___________\ / |__________________________________( /__________) From troy at recipezaar.com Fri Aug 17 12:48:25 2001 From: troy at recipezaar.com (troy hakala) Date: 17 Aug 2001 10:48:25 -0700 Subject: [pptp-server] can't connect anymore Message-ID: <998070505.11286.26.camel@seattle.recipezaar.com> I had an @Home account and VPN worked great with PoPToP. We just moved and got a new @Home account but VPN no longer works. When a client attempts to connect via 'telnet IPaddress 1723' they get "Connection refused" and the pptpd.log never shows a connection attempt. I'm pretty sure my firewall is not the issue because I can turn it off completely and it does the same thing. My guess is that @Home is blocking VPN at my new location, although they repeatedly claim they do not block VPN (I know, the reports of comcast at home blocking VPN are rampant, but i'm not on comcast). What can I try to figure out what the problem is? pptpd --debug doesn't give any info since no connection is attempted. Help! -------------- next part -------------- An HTML attachment was scrubbed... URL: From berzerke at swbell.net Fri Aug 17 16:03:41 2001 From: berzerke at swbell.net (robert) Date: Fri, 17 Aug 2001 16:03:41 -0500 Subject: [pptp-server] can't connect anymore In-Reply-To: <998070505.11286.26.camel@seattle.recipezaar.com> References: <998070505.11286.26.camel@seattle.recipezaar.com> Message-ID: <0GI8008PSD2FT1@mta5.rcsntx.swbell.net> Try a gre patched version of traceroute. One is available at http://home.swbell.net/berzerke Try doing the traceroute with and without gre and from port 1723. On Friday 17 August 2001 12:48 pm, troy hakala wrote: > I had an @Home account and VPN worked great with PoPToP. We just moved > and got a new @Home account but VPN no longer works. When a client > attempts to connect via 'telnet IPaddress 1723' they get "Connection > refused" and the pptpd.log never shows a connection attempt. > > I'm pretty sure my firewall is not the issue because I can turn it off > completely and it does the same thing. My guess is that @Home is > blocking VPN at my new location, although they repeatedly claim they do > not block VPN (I know, the reports of comcast at home blocking VPN are > rampant, but i'm not on comcast). > > What can I try to figure out what the problem is? pptpd --debug doesn't > give any info since no connection is attempted. > > Help! From schierz at cst-it.dyndns.org Fri Aug 17 19:14:34 2001 From: schierz at cst-it.dyndns.org (Denny Schierz) Date: Sat, 18 Aug 2001 02:14:34 +0200 Subject: [pptp-server] can connect, but no ping Message-ID: <5433961393.20010818021434@cst-it.dyndns.org> Hello pptp-server List, i have setting up a, a pptpd Server on Linux Kernel 2.2.19. I can connecting from a Win2k PC but, i can't communicate with my network behind the firewall Host. The Ping tells me, that: ing: sendto: Operation not permitted ping: wrote 192.168.100.40 64 chars, ret=-1 I've many ipchains rules (created by the Webmin Module Firewall IPCHAINS). My Firewall has the IP 192.168.100.253 (pptpd server 192.168.100.252) and the Client becomes the IP 192.168.100.40. My Internet Interface ist eth0 with 195.145.9.30 and the local Net is eth1 192.168.100.0 I'm think, that this rules are the Problem: #Do not accept packets from private class C on ext NIC /sbin/ipchains -A input -i eth0 -s 192.168.0.0/16 -j DENY /sbin/ipchains -A input -i eth0 -d 192.168.0.0/16 -j DENY /sbin/ipchains -A output -i eth0 -s 192.168.0.0/16 -j DENY /sbin/ipchains -A output -i eth0 -d 192.168.0.0/16 -j DENY can somebody help me thanks -- with greetings Denny Schierz mailto:schierz at cst-it.dyndns.org From jsg at gaaj.qc.ca Fri Aug 17 20:06:21 2001 From: jsg at gaaj.qc.ca (Jean-Serge Gagnon) Date: Fri, 17 Aug 2001 21:06:21 -0400 Subject: [pptp-server] can connect, but no ping In-Reply-To: <5433961393.20010818021434@cst-it.dyndns.org> Message-ID: Denny Schierz wrote: > Hello pptp-server List, > > i have setting up a, a pptpd Server on Linux Kernel 2.2.19. I can > connecting from a Win2k PC but, i can't communicate with my network > behind the firewall Host. The Ping tells me, that: > > ing: sendto: Operation not permitted > ping: wrote 192.168.100.40 64 chars, ret=-1 > > I've many ipchains rules (created by the Webmin Module Firewall > IPCHAINS). My Firewall has the IP 192.168.100.253 > (pptpd server 192.168.100.252) and the Client becomes the IP > 192.168.100.40. > > My Internet Interface ist eth0 with 195.145.9.30 and the local Net > is eth1 192.168.100.0 > > I'm think, that this rules are the Problem: > > #Do not accept packets from private class C on ext NIC > /sbin/ipchains -A input -i eth0 -s 192.168.0.0/16 -j DENY > /sbin/ipchains -A input -i eth0 -d 192.168.0.0/16 -j DENY > /sbin/ipchains -A output -i eth0 -s 192.168.0.0/16 -j DENY > /sbin/ipchains -A output -i eth0 -d 192.168.0.0/16 -j DENY > > can somebody help me Sounds like a pppd setup problem I had. I had a problem with the defaultroute option. Something to do with pppd trying to set the default route to the PC and not being allowed to do it since there is already one (usually your ISP's connection). Trying adding "nodefaultroute" to your ppp options. --- Talking Linux install: Newlix OfficeServer ---- Jean-Serge Gagnon GaaJ Services http://www.gaaj.qc.ca (819) 568-7883 fax: (819) 243-4824 From berzerke at swbell.net Fri Aug 17 22:56:12 2001 From: berzerke at swbell.net (robert) Date: Fri, 17 Aug 2001 22:56:12 -0500 Subject: [pptp-server] can connect, but no ping In-Reply-To: <5433961393.20010818021434@cst-it.dyndns.org> References: <5433961393.20010818021434@cst-it.dyndns.org> Message-ID: <0GI800FLQW66YR@mta4.rcsntx.swbell.net> This definately looks like a firewall issue, at least with the ping. Try going a minimal set of rules and see if you can ping. Then try adding rules back until the problem reoccurs. Yes, this is time consuming. On Friday 17 August 2001 07:14 pm, Denny Schierz wrote: > Hello pptp-server List, > > i have setting up a, a pptpd Server on Linux Kernel 2.2.19. I can > connecting from a Win2k PC but, i can't communicate with my network > behind the firewall Host. The Ping tells me, that: > > ing: sendto: Operation not permitted > ping: wrote 192.168.100.40 64 chars, ret=-1 > > I've many ipchains rules (created by the Webmin Module Firewall > IPCHAINS). My Firewall has the IP 192.168.100.253 > (pptpd server 192.168.100.252) and the Client becomes the IP > 192.168.100.40. > > My Internet Interface ist eth0 with 195.145.9.30 and the local Net > is eth1 192.168.100.0 > > I'm think, that this rules are the Problem: > > #Do not accept packets from private class C on ext NIC > /sbin/ipchains -A input -i eth0 -s 192.168.0.0/16 -j DENY > /sbin/ipchains -A input -i eth0 -d 192.168.0.0/16 -j DENY > /sbin/ipchains -A output -i eth0 -s 192.168.0.0/16 -j DENY > /sbin/ipchains -A output -i eth0 -d 192.168.0.0/16 -j DENY > > can somebody help me > > thanks From GeorgeV at citadelcomputer.com.au Sat Aug 18 00:23:39 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sat, 18 Aug 2001 15:23:39 +1000 Subject: [pptp-server] how to disallow/prevent multiple login with the same username Message-ID: <200FAA488DE0D41194F10010B597610D1CEBD9@JUPITER> You would have to disable either the login or IP... There's no automated system for this as far as I know. Could try when a user logs in it removes it's login from the chap-secrets file (bit hazardous if not carefully coded) and then next guy would bomb out. When the valid user does disconnect, it puts it's login back into the chap-secrets file... Would be great if pppd did this already but I don't see any doco allowing anything like this. It should have an option to allow disallow certain logins from doubling up. -----Original Message----- From: Patrick LIN [mailto:patrickl at steltor.com] Sent: Friday, August 17, 2001 8:15 PM To: PPTP Server Mailing list Subject: [pptp-server] how to disallow/prevent multiple login with the same username hi , i want to know if somebody know or have experience to prevent two connection from the dsame username at same time on the pptp server ? and nobody can help me on the previous message i send on my routing problem ? thanks Best regards, patrick -- ____________ __________________________________( / ________| | / \ | This message is transmitted by | \ \ | 100 % recycled electrons |___________\ / |__________________________________( /__________) _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Sat Aug 18 00:26:00 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sat, 18 Aug 2001 15:26:00 +1000 Subject: [pptp-server] can't connect anymore Message-ID: <200FAA488DE0D41194F10010B597610D1CEBDA@JUPITER> check it with a tcpdump to make sure that any packets are arriving.. tcpdump -x port 1723 -----Original Message----- From: troy hakala [mailto:troy at recipezaar.com] Sent: Saturday, August 18, 2001 3:48 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] can't connect anymore I had an @Home account and VPN worked great with PoPToP. We just moved and got a new @Home account but VPN no longer works. When a client attempts to connect via 'telnet IPaddress 1723' they get "Connection refused" and the pptpd.log never shows a connection attempt. I'm pretty sure my firewall is not the issue because I can turn it off completely and it does the same thing. My guess is that @Home is blocking VPN at my new location, although they repeatedly claim they do not block VPN (I know, the reports of comcast at home blocking VPN are rampant, but i'm not on comcast). What can I try to figure out what the problem is? pptpd --debug doesn't give any info since no connection is attempted. Help! From Sexy-Boy at NetCourrier.Com Sat Aug 18 16:38:40 2001 From: Sexy-Boy at NetCourrier.Com (Sexy Boy) Date: Sat, 18 Aug 2001 23:38:40 +0200 Subject: [pptp-server] Bypassing the firewall Message-ID: Hi, I have a litlle (big for me :-) problem and if some can help me it would be cool. So this is my problem : At home, i configure a PPTP server on my linux box and it is working fine. At my office, i would like to connect my NT 4.0 Workstation to my linux server but the problem is the firewall which allows only connection to port 21, 25, 80, 110, 443 but not 1723 ! (There is no way to change the firewall setting because it's managed by an external company and i can't ask them to change anything !) So what i'm trying to do is bypass the firewall with port redirection : On my NT 4.0 : i redirect local port 1723 to the remote port 443 on my linux box On my Linux server : i redirect local port 443 to local port 1723 So if i want to connect to my Linux server on port 1723, i configure the RAS to connect to localhost:1723 which is redirect to remote:443 (this bypass the firewall) => redirect to linux:1723. The redirection is OK because i see the packet to my linux server (with tcpdump). The problem is that my Linux server considers that a local connection is attempted and refuse the connection !!! So my question is : Is there a way to allow local connection to a PPTP server (local connection = server and client on the same machine like FTP or HHTP) ? Thanks a lots, Francois. From jsg at gaaj.qc.ca Sat Aug 18 17:24:46 2001 From: jsg at gaaj.qc.ca (Jean-Serge Gagnon) Date: Sat, 18 Aug 2001 18:24:46 -0400 Subject: [pptp-server] Bypassing the firewall In-Reply-To: Message-ID: Why don't you just change pptpd to listen on port 443? It'll cause your Linux to not be able to access https connections there, but you can always have https listen on an other port... - Talking Linux install: Newlix OfficeServer - Jean-Serge Gagnon GaaJ Services http://www.gaaj.qc.ca (819) 568-7883 fax: (819) 243-4824 > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Sexy Boy > Sent: Saturday, August 18, 2001 5:39 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Bypassing the firewall > > > Hi, > > I have a litlle (big for me :-) problem and if some can > help me it would be > cool. So this is my problem : > > At home, i configure a PPTP server on my linux box and it is working fine. > > At my office, i would like to connect my NT 4.0 Workstation to my linux > server but the problem is the firewall which allows only > connection to port > 21, 25, 80, 110, 443 but not 1723 ! (There is no way to change > the firewall > setting because it's managed by an external company and i can't > ask them to > change anything !) > > So what i'm trying to do is bypass the firewall with port redirection : > > On my NT 4.0 : i redirect local port 1723 to the remote > port 443 on my > linux box > On my Linux server : i redirect local port 443 to local port 1723 > > So if i want to connect to my Linux server on port 1723, i > configure the RAS > to connect to localhost:1723 which is redirect to remote:443 (this bypass > the firewall) => redirect to linux:1723. > > The redirection is OK because i see the packet to my linux server (with > tcpdump). > The problem is that my Linux server considers that a local connection is > attempted and refuse the connection !!! > > So my question is : Is there a way to allow local connection to a PPTP > server (local connection = server and client on the same machine > like FTP or > HHTP) ? > > Thanks a lots, > Francois. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From stan at rogge.net Sat Aug 18 17:41:48 2001 From: stan at rogge.net (Stan A. Rogge) Date: Sat, 18 Aug 2001 17:41:48 -0500 Subject: [pptp-server] Bypassing the firewall References: Message-ID: <019801c12836$f7bd2e00$fd01a8c0@harmonic.com> Isn't the purpose of your company's firewall to prevent exactly what your trying to do? If you are successful bringing up an external Network link into the middle of your company's internal network, isn't your company's Network Security compromised? ----- Original Message ----- From: "Sexy Boy" To: Sent: Saturday, August 18, 2001 4:38 PM Subject: [pptp-server] Bypassing the firewall > Hi, > > I have a litlle (big for me :-) problem and if some can help me it would be > cool. So this is my problem : > > At home, i configure a PPTP server on my linux box and it is working fine. > > At my office, i would like to connect my NT 4.0 Workstation to my linux > server but the problem is the firewall which allows only connection to port > 21, 25, 80, 110, 443 but not 1723 ! (There is no way to change the firewall > setting because it's managed by an external company and i can't ask them to > change anything !) > > So what i'm trying to do is bypass the firewall with port redirection : > > On my NT 4.0 : i redirect local port 1723 to the remote port 443 on my > linux box > On my Linux server : i redirect local port 443 to local port 1723 > > So if i want to connect to my Linux server on port 1723, i configure the RAS > to connect to localhost:1723 which is redirect to remote:443 (this bypass > the firewall) => redirect to linux:1723. > > The redirection is OK because i see the packet to my linux server (with > tcpdump). > The problem is that my Linux server considers that a local connection is > attempted and refuse the connection !!! > > So my question is : Is there a way to allow local connection to a PPTP > server (local connection = server and client on the same machine like FTP or > HHTP) ? > > Thanks a lots, > Francois. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From anesthes at cisdi.com Sat Aug 18 22:16:45 2001 From: anesthes at cisdi.com (Joey Coco) Date: Sat, 18 Aug 2001 22:16:45 -0500 (EST) Subject: [pptp-server] Bypassing the firewall In-Reply-To: <019801c12836$f7bd2e00$fd01a8c0@harmonic.com> Message-ID: Hello, Well thats kind of the whole idea behind a VPN.. Unfortunately a VPN is a "hole" and holes can be exploited. -- Joe On Sat, 18 Aug 2001, Stan A. Rogge wrote: > Isn't the purpose of your company's firewall to prevent exactly what your trying to do? > > If you are successful bringing up an external Network link into the middle of your company's internal network, isn't your company's Network Security compromised? > > ----- Original Message ----- > From: "Sexy Boy" > To: > Sent: Saturday, August 18, 2001 4:38 PM > Subject: [pptp-server] Bypassing the firewall > > > > Hi, > > > > I have a litlle (big for me :-) problem and if some can help me it would be > > cool. So this is my problem : > > > > At home, i configure a PPTP server on my linux box and it is working fine. > > > > At my office, i would like to connect my NT 4.0 Workstation to my linux > > server but the problem is the firewall which allows only connection to port > > 21, 25, 80, 110, 443 but not 1723 ! (There is no way to change the firewall > > setting because it's managed by an external company and i can't ask them to > > change anything !) > > > > So what i'm trying to do is bypass the firewall with port redirection : > > > > On my NT 4.0 : i redirect local port 1723 to the remote port 443 on my > > linux box > > On my Linux server : i redirect local port 443 to local port 1723 > > > > So if i want to connect to my Linux server on port 1723, i configure the RAS > > to connect to localhost:1723 which is redirect to remote:443 (this bypass > > the firewall) => redirect to linux:1723. > > > > The redirection is OK because i see the packet to my linux server (with > > tcpdump). > > The problem is that my Linux server considers that a local connection is > > attempted and refuse the connection !!! > > > > So my question is : Is there a way to allow local connection to a PPTP > > server (local connection = server and client on the same machine like FTP or > > HHTP) ? > > > > Thanks a lots, > > Francois. > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _____________________________________________________________________________ "I will never engage myself in a corperation backed by a religion, making tax free profits while standing behind the protection of a execution symbol. I will never allow myself to be lured by the perversion of priesthood. I will never sit and watch my brothers starve in poverty living on the steps of a so-called house of god, nor will I ever call someone my father who is not closer than a stranger.." ----------------------------------------------------------------------------- http://members.cisdi.com/~anesthes/ AIM:imd3fc0n IRC:irc.epix.net #mac defcon From JaminC at adapt-tele.com Sat Aug 18 21:48:20 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Sat, 18 Aug 2001 21:48:20 -0500 Subject: [pptp-server] Bypassing the firewall Message-ID: Joey Coco [mailto:anesthes at cisdi.com] wrote: > Well thats kind of the whole idea behind a VPN.. Unfortunately a VPN > is a "hole" and holes can be exploited. > > On Sat, 18 Aug 2001, Stan A. Rogge wrote: > > > Isn't the purpose of your company's firewall to prevent > > exactly what your trying to do? > > > > If you are successful bringing up an external Network link > > into the middle of your company's internal network, isn't > > your company's Network Security compromised? I think the point trying to be made here is that there are "allowed" VPNs and "end arounds". Based on the first post's statement: > (There is no way to change the firewall setting because it's > managed by an external company and i can't ask them to > change anything !) I would interpret this to be one of the "end arounds". After all if it were one of the "allowed" VPNs, there would be no problem in getting the firewall adjusted (unless of course the firewall was not capable of allowing something like this). However, in this case the poster clearly stated that changes where not possible because he couldn't ask them to make them. Again if this where one of the "allowed" cases, there would be no problem. At least not any that I can see. Jamin W. Collins From neale at lowendale.com.au Sat Aug 18 23:17:39 2001 From: neale at lowendale.com.au (Neale Banks) Date: Sun, 19 Aug 2001 14:17:39 +1000 (EST) Subject: [pptp-server] Bypassing the firewall In-Reply-To: <019801c12836$f7bd2e00$fd01a8c0@harmonic.com> Message-ID: On Sat, 18 Aug 2001, Stan A. Rogge wrote: > Isn't the purpose of your company's firewall to prevent exactly what > your trying to do? > > If you are successful bringing up an external Network link into the > middle of your company's internal network, isn't your company's > Network Security compromised? Indeed they would be. The words "responsibility" and "liability" come to mind here ;-) > ----- Original Message ----- > From: "Sexy Boy" > To: > Sent: Saturday, August 18, 2001 4:38 PM > Subject: [pptp-server] Bypassing the firewall > > > > Hi, > > > > I have a litlle (big for me :-) problem and if some can help me it would be > > cool. So this is my problem : > > > > At home, i configure a PPTP server on my linux box and it is working fine. > > > > At my office, i would like to connect my NT 4.0 Workstation to my linux > > server but the problem is the firewall which allows only connection to port > > 21, 25, 80, 110, 443 but not 1723 ! (There is no way to change the firewall > > setting because it's managed by an external company and i can't ask them to > > change anything !) [...] Depending on just what you re trying to achieve, had you considered having sshd listen on say port 443 on the Linux machine and using a Win32 SSH client (e.g. TeraTerm+SSH, Putty)? If that solves your problems it might be both a whole lot simpler and open less opportunities for "other things" to happen.. HTH, Neale. PS: > > So what i'm trying to do is bypass the firewall with port redirection : I don't think port redirection will help you with GRE. From charlieb at e-smith.com Sun Aug 19 09:56:45 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Sun, 19 Aug 2001 10:56:45 -0400 (EDT) Subject: [pptp-server] Bypassing the firewall In-Reply-To: Message-ID: On Sat, 18 Aug 2001, Jamin Collins wrote: > changes where not possible because he couldn't ask them to make them. Again > if this where one of the "allowed" cases, there would be no problem. At > least not any that I can see. In any case, the proposed work around won't work, as it only forwards the control channel, and not the GRE packets. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From mikael.lonnroth at advancevpn.com Mon Aug 20 03:33:52 2001 From: mikael.lonnroth at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=) Date: Mon, 20 Aug 2001 11:33:52 +0300 Subject: [pptp-server] Mirror of one WORKING PPTP-install References: <3B7CEE93.3020606@steltor.com> Message-ID: <006401c12952$d850b6f0$121b7d0a@advancevpn1> Hello, Our company has agreed to (more or less officially) host a narrow selection of PPTP-files (that to me seemed hard to come by when I tried the install). PPTP 1.1.2, PPP 2.4.1 + patches for MPPE (2.4.4 kernel and 0.9.6 OpenSSL) can now (also) be found here: http://www.advancevpn.com/en/download_other.html Kindly, Mikael L?nnroth From adharshp at yahoo.com Mon Aug 20 08:57:51 2001 From: adharshp at yahoo.com (adharsh praveen) Date: Mon, 20 Aug 2001 06:57:51 -0700 (PDT) Subject: [pptp-server] Authentication of pptp with pam Message-ID: <20010820135751.17788.qmail@web12704.mail.yahoo.com> Hai, Is there any way in which pptp can be Authenticated using PAM. please let me know. regards, adharsh ===== Adharsh Praveen.R email:adharshp at yahoo.com adharshp at rediffmail.com __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From k.jean at ee.ucl.ac.uk Mon Aug 20 09:17:38 2001 From: k.jean at ee.ucl.ac.uk (Kerry Jean) Date: Mon, 20 Aug 2001 15:17:38 +0100 Subject: [pptp-server] win2000 client Message-ID: <001b01c12982$de059680$53282880@ee.ucl.ac.uk> Hi, I am attempting make a pptp connection between a win2000 clinet and a linux server running poptop. The two machines dialed out to an ISP and obtained dynamic IP addresses. But when I try to make the pptp vpn between the client and server by I cannot connect. the win2000 client gives me error 619: the specified port is not connected. Can anyone help me please. Thank you, Kerry --------------------------------------------------------------------------------------------------------------------------------------------- Kerry Jean Research Assistant Department of Electronic Engineering University College London -------------- next part -------------- An HTML attachment was scrubbed... URL: From greiner.w at t-online.de Mon Aug 20 11:14:09 2001 From: greiner.w at t-online.de (Wolfgang Greiner) Date: Mon, 20 Aug 2001 18:14:09 +0200 Subject: [pptp-server] (no subject) Message-ID: confirm 577104 From davidonice at terra.es Mon Aug 20 13:29:22 2001 From: davidonice at terra.es (David Alvarez Ortega) Date: Mon, 20 Aug 2001 20:29:22 +0200 Subject: [pptp-server] multiple win98 clients using the same gateway Message-ID: <3B815702.5010300@terra.es> I'm trying to connect multiple win98se clients which are using the same router as the gateway to the internet to my pptp server. I'm getting all sorts of problems, clients disconecting etc... . I read somewhere that this isn't possible. Can anybody tell me if this is possible or which is the right method to solve my problem? David Alvarez Ortega Onice Sistemas S.L. davidonice at terra.es onice at madrid.com From JaminC at adapt-tele.com Mon Aug 20 13:43:08 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Mon, 20 Aug 2001 13:43:08 -0500 Subject: [pptp-server] multiple win98 clients using the same gateway Message-ID: David Alvarez Ortega [mailto:davidonice at terra.es] wrote: > I'm trying to connect multiple win98se clients which are > using the same router as the gateway to the internet to > my pptp server. No can do, one connection from one IP. > I read somewhere that this isn't possible. That's correct, it's not possible. Jamin W. Collins From jpj at as-tech.fr Mon Aug 20 17:15:30 2001 From: jpj at as-tech.fr (jpj) Date: Mon, 20 Aug 2001 22:15:30 +0000 Subject: [pptp-server] pptp and pppoe In-Reply-To: <200FAA488DE0D41194F10010B597610D1728E9@JUPITER> References: <200FAA488DE0D41194F10010B597610D1728E9@JUPITER> Message-ID: <01082022153000.00303@jpj> Hi, I've try localip in 192.168.0.245 with remoteip in 192.168.0.26 and I added nodefaultroute in /etc/ppp/options.pptp No changes, I still get: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) ? What else can I try, I'm really lost. Thanks for your help JPJ On Lundi 6 Ao?t 2001 22:02, George Vieira wrote: > Firstly, remove the large range for "localip" and use a single IP > (preferably the local LAN one for proxyarp to work). > > Then use a "remoteip" range which is in the SAME subnet as "localip" OR > change the "localip" to be in the same subnet as "remoteip". > > Then get back to us if it still fails... > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > PH +(61)2 9955 2644 > FX +(61)2 9955 2659 > > -----Original Message----- > From: jpj [mailto:jpj at as-tech.fr] > Sent: Tuesday, August 07, 2001 2:01 AM > To: George Vieira > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] pptp and pppoe > > > > Hi, > Yes the win9x are on other sites and connecting to the server through > internet access. > > pptpd.conf: > option /etc/ppp/options.pptp > debug > localip 192.168.0.234-238,192.168.0.245 > remoteip 192.168.1.234-238,192.168.1.245 > > /etc/ppp/options.pptp: > lock > debug > auth > +chap > proxyarp > > /etc/ppp/chap-secrets > jpj * snoopy * > > Firewall rules disabled (except masquerading) > ipchains -A forward -s 192.6.8.0/24 -d 0.0.0.0/0 -j MASQ > > > I've try several things like > localip 192.168.200.234 and remoteip 192.168.200.224 in pptpd.conf > ip adresse in chap-secret > On the server side the internal adresse is 192.6.8.0/24 > On the othe site the internal adress is 192.168.0.0/24 > > No effectcs on the connection i still get the error 650 on the win9x > station. > Thanks for your help > > On Dimanche 5 Ao?t 2001 23:55, you wrote: > > I'm a bit confused, "to win9x stations" are you saying that the Win9x > > stations are outside and connecting to the ADSL server? > > > > Can you send me your file ie, /etc/ppp/chap-secrets pptpd.conf and > > anything > > > else that might show where the problem is...?? > > > > -----Original Message----- > > From: jpj [mailto:jpj at as-tech.fr] > > Sent: Monday, August 06, 2001 11:03 AM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] pptp and pppoe > > > > > > Hi all, > > > > I have a Linux server connected to ADSL line with PPPOE and I need to > > create VPN connections to win9x client stations. > > For this I'm trying to use PPTPD but I always get an error 650 on the > > client side > > > > Thanks > > > > Following is the content of the pptpd.log > > > > .. Aug 6 00:47:35 thor pptpd[2407]: MGR: Manager process started > > Aug 6 00:47:45 thor pptpd[2409]: MGR: Launching > > /usr/local/sbin/pptpctrl to handle client > > Aug 6 00:47:45 thor pptpd[2409]: CTRL: pppd options file = > > /etc/ppp/options.pptp > > Aug 6 00:47:45 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > > connection started > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > > (type: 1) > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a START CTRL CONN RPLY > > packet > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 156 bytes to the client. > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > > (type: 7) > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Set parameters to 0 maxbps, 16 > > window size > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a OUT CALL RPLY packet > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Starting call (launching pppd, > > opening GRE) > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: pty_fd = 5 > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: tty_fd = 6 > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 32 bytes to the client. > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > > Aug 6 00:47:46 thor pptpd[2410]: CTRL (PPPD Launcher): Connection speed > > = 115200 > > Aug 6 00:47:46 thor pppd[2410]: pppd 2.3.11 started by root, uid 0 > > Aug 6 00:47:46 thor pppd[2410]: Using interface ppp1 > > Aug 6 00:47:46 thor pppd[2410]: Connect: ppp1 <--> /dev/pts/8 > > Aug 6 00:47:46 thor pppd[2410]: sent [LCP ConfReq id=0x1 > > ] > > Aug 6 00:48:13 thor last message repeated 9 times > > Aug 6 00:48:16 thor pppd[2410]: LCP: timeout sending Config-Requests > > Aug 6 00:48:16 thor pptpd[2409]: GRE: > > read(fd=5,buffer=804d840,len=8196) from PTY failed: status = -1 error = > > Input/output error > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: PTY read or GRE write failed > > (pty,gre)=(5,6) > > Aug 6 00:48:16 thor pppd[2410]: Connection terminated. > > Aug 6 00:48:16 thor pppd[2410]: Exit. > > Aug 6 00:48:16 thor pptpd[2407]: MGR: Reaped child 2409 > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > > connection finished > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Exiting now > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- -- AS-TECH Ingenierie Systeme et Reseaux Les Crozasses - 34670 St Bres -France Tel: +33 (0)467 708 926 - Fax: +33(0)467 708 927 http://www.as-tech.fr From GeorgeV at citadelcomputer.com.au Mon Aug 20 17:10:09 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 21 Aug 2001 08:10:09 +1000 Subject: [pptp-server] pptp and pppoe Message-ID: <200FAA488DE0D41194F10010B597610D1CEBFF@JUPITER> I think your problem is the "timeout sending Config-Requests".. not the other one. Can you connect locally from another machine on the local LAN to check that PPTP is working properly? It should work locally as well as over the net.. if it does work properly locally then the problem with when it over the net and nothing (well not really) to do with PPTP. Also, Have you turned off "Use remote as default gateway" on your Windows machines (PPTP clients)??? thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: jpj [mailto:jpj at as-tech.fr] Sent: Tuesday, August 21, 2001 8:16 AM To: George Vieira Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] pptp and pppoe Hi, I've try localip in 192.168.0.245 with remoteip in 192.168.0.26 and I added nodefaultroute in /etc/ppp/options.pptp No changes, I still get: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) ? What else can I try, I'm really lost. Thanks for your help JPJ On Lundi 6 Ao?t 2001 22:02, George Vieira wrote: > Firstly, remove the large range for "localip" and use a single IP > (preferably the local LAN one for proxyarp to work). > > Then use a "remoteip" range which is in the SAME subnet as "localip" OR > change the "localip" to be in the same subnet as "remoteip". > > Then get back to us if it still fails... > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > PH +(61)2 9955 2644 > FX +(61)2 9955 2659 > > -----Original Message----- > From: jpj [mailto:jpj at as-tech.fr] > Sent: Tuesday, August 07, 2001 2:01 AM > To: George Vieira > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] pptp and pppoe > > > > Hi, > Yes the win9x are on other sites and connecting to the server through > internet access. > > pptpd.conf: > option /etc/ppp/options.pptp > debug > localip 192.168.0.234-238,192.168.0.245 > remoteip 192.168.1.234-238,192.168.1.245 > > /etc/ppp/options.pptp: > lock > debug > auth > +chap > proxyarp > > /etc/ppp/chap-secrets > jpj * snoopy * > > Firewall rules disabled (except masquerading) > ipchains -A forward -s 192.6.8.0/24 -d 0.0.0.0/0 -j MASQ > > > I've try several things like > localip 192.168.200.234 and remoteip 192.168.200.224 in pptpd.conf > ip adresse in chap-secret > On the server side the internal adresse is 192.6.8.0/24 > On the othe site the internal adress is 192.168.0.0/24 > > No effectcs on the connection i still get the error 650 on the win9x > station. > Thanks for your help > > On Dimanche 5 Ao?t 2001 23:55, you wrote: > > I'm a bit confused, "to win9x stations" are you saying that the Win9x > > stations are outside and connecting to the ADSL server? > > > > Can you send me your file ie, /etc/ppp/chap-secrets pptpd.conf and > > anything > > > else that might show where the problem is...?? > > > > -----Original Message----- > > From: jpj [mailto:jpj at as-tech.fr] > > Sent: Monday, August 06, 2001 11:03 AM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] pptp and pppoe > > > > > > Hi all, > > > > I have a Linux server connected to ADSL line with PPPOE and I need to > > create VPN connections to win9x client stations. > > For this I'm trying to use PPTPD but I always get an error 650 on the > > client side > > > > Thanks > > > > Following is the content of the pptpd.log > > > > .. Aug 6 00:47:35 thor pptpd[2407]: MGR: Manager process started > > Aug 6 00:47:45 thor pptpd[2409]: MGR: Launching > > /usr/local/sbin/pptpctrl to handle client > > Aug 6 00:47:45 thor pptpd[2409]: CTRL: pppd options file = > > /etc/ppp/options.pptp > > Aug 6 00:47:45 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > > connection started > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > > (type: 1) > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a START CTRL CONN RPLY > > packet > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 156 bytes to the client. > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > > (type: 7) > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Set parameters to 0 maxbps, 16 > > window size > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a OUT CALL RPLY packet > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Starting call (launching pppd, > > opening GRE) > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: pty_fd = 5 > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: tty_fd = 6 > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 32 bytes to the client. > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > > Aug 6 00:47:46 thor pptpd[2410]: CTRL (PPPD Launcher): Connection speed > > = 115200 > > Aug 6 00:47:46 thor pppd[2410]: pppd 2.3.11 started by root, uid 0 > > Aug 6 00:47:46 thor pppd[2410]: Using interface ppp1 > > Aug 6 00:47:46 thor pppd[2410]: Connect: ppp1 <--> /dev/pts/8 > > Aug 6 00:47:46 thor pppd[2410]: sent [LCP ConfReq id=0x1 > > ] > > Aug 6 00:48:13 thor last message repeated 9 times > > Aug 6 00:48:16 thor pppd[2410]: LCP: timeout sending Config-Requests > > Aug 6 00:48:16 thor pptpd[2409]: GRE: > > read(fd=5,buffer=804d840,len=8196) from PTY failed: status = -1 error = > > Input/output error > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: PTY read or GRE write failed > > (pty,gre)=(5,6) > > Aug 6 00:48:16 thor pppd[2410]: Connection terminated. > > Aug 6 00:48:16 thor pppd[2410]: Exit. > > Aug 6 00:48:16 thor pptpd[2407]: MGR: Reaped child 2409 > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > > connection finished > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Exiting now > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- -- AS-TECH Ingenierie Systeme et Reseaux Les Crozasses - 34670 St Bres -France Tel: +33 (0)467 708 926 - Fax: +33(0)467 708 927 http://www.as-tech.fr From Sexy-Boy at NetCourrier.Com Mon Aug 20 17:15:45 2001 From: Sexy-Boy at NetCourrier.Com (Sexy Boy) Date: Tue, 21 Aug 2001 00:15:45 +0200 Subject: [pptp-server] Bypassing the firewall In-Reply-To: Message-ID: Yes, it could be a solution, but the problem is that there is no way to change the default settings on the Microsoft PPTP RAS client (change the called port to 443). I've looked in the registry, if the install file (*.INF) and even in some binaries (*.DLL) but without success. But your solution is ok for other protocols like SSH (i've been using it for several months). Does someone know how to force NT 4.0 PPTP Ras client to connect on another port than 1723 ? Francois. -----Message d'origine----- De : pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]De la part de Jean-Serge Gagnon Envoy? : dimanche 19 ao?t 2001 00:25 ? : Sexy-Boy at netcourrier.com; pptp-server at lists.schulte.org Objet : RE: [pptp-server] Bypassing the firewall Why don't you just change pptpd to listen on port 443? It'll cause your Linux to not be able to access https connections there, but you can always have https listen on an other port... - Talking Linux install: Newlix OfficeServer - Jean-Serge Gagnon GaaJ Services http://www.gaaj.qc.ca (819) 568-7883 fax: (819) 243-4824 > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Sexy Boy > Sent: Saturday, August 18, 2001 5:39 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Bypassing the firewall > > > Hi, > > I have a litlle (big for me :-) problem and if some can > help me it would be > cool. So this is my problem : > > At home, i configure a PPTP server on my linux box and it is working fine. > > At my office, i would like to connect my NT 4.0 Workstation to my linux > server but the problem is the firewall which allows only > connection to port > 21, 25, 80, 110, 443 but not 1723 ! (There is no way to change > the firewall > setting because it's managed by an external company and i can't > ask them to > change anything !) > > So what i'm trying to do is bypass the firewall with port redirection : > > On my NT 4.0 : i redirect local port 1723 to the remote > port 443 on my > linux box > On my Linux server : i redirect local port 443 to local port 1723 > > So if i want to connect to my Linux server on port 1723, i > configure the RAS > to connect to localhost:1723 which is redirect to remote:443 (this bypass > the firewall) => redirect to linux:1723. > > The redirection is OK because i see the packet to my linux server (with > tcpdump). > The problem is that my Linux server considers that a local connection is > attempted and refuse the connection !!! > > So my question is : Is there a way to allow local connection to a PPTP > server (local connection = server and client on the same machine > like FTP or > HHTP) ? > > Thanks a lots, > Francois. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Mon Aug 20 17:14:47 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 21 Aug 2001 08:14:47 +1000 Subject: [pptp-server] win2000 client Message-ID: <200FAA488DE0D41194F10010B597610D1CEC00@JUPITER> We are more interested in what the linux logs are saying.. Windows machines are sometimes a little cryptic in the errors.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Kerry Jean [mailto:k.jean at ee.ucl.ac.uk] Sent: Tuesday, August 21, 2001 12:18 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] win2000 client Hi, I am attempting make a pptp connection between a win2000 clinet and a linux server running poptop. The two machines dialed out to an ISP and obtained dynamic IP addresses. But when I try to make the pptp vpn between the client and server by I cannot connect. the win2000 client gives me error 619: the specified port is not connected. Can anyone help me please. Thank you, Kerry ---------------------------------------------------------------------------- ----------------------------------------------------------------- Kerry Jean Research Assistant Department of Electronic Engineering University College London From charlieb at e-smith.com Mon Aug 20 17:15:47 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 20 Aug 2001 18:15:47 -0400 (EDT) Subject: [pptp-server] Bypassing the firewall In-Reply-To: Message-ID: On Tue, 21 Aug 2001, Sexy Boy wrote: > Does someone know how to force NT 4.0 PPTP Ras client to connect on another > port than 1723 ? It doesn't matter. You still need to get GRE packets to pass through the firewall. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From GeorgeV at citadelcomputer.com.au Mon Aug 20 17:17:38 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 21 Aug 2001 08:17:38 +1000 Subject: [pptp-server] multiple win98 clients using the same gateway Message-ID: <200FAA488DE0D41194F10010B597610D1CEC01@JUPITER> Though this is the case, I have successfully use masquerading to get a few machines to get to the other network OK.. The only catch is that the "LAN" only sees them as 1 client, but at least the pptp client side has multiple connections. I have also noticed that routing a network through the PPTP to LAN network also works well. This is for those people who has joined the list. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Jamin Collins [mailto:JaminC at adapt-tele.com] Sent: Tuesday, August 21, 2001 4:43 AM To: 'David Alvarez Ortega'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] multiple win98 clients using the same gateway David Alvarez Ortega [mailto:davidonice at terra.es] wrote: > I'm trying to connect multiple win98se clients which are > using the same router as the gateway to the internet to > my pptp server. No can do, one connection from one IP. > I read somewhere that this isn't possible. That's correct, it's not possible. Jamin W. Collins _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From Sexy-Boy at NetCourrier.Com Mon Aug 20 17:21:50 2001 From: Sexy-Boy at NetCourrier.Com (Sexy Boy) Date: Tue, 21 Aug 2001 00:21:50 +0200 Subject: [pptp-server] Bypassing the firewall In-Reply-To: Message-ID: Yes, that is what i am currently using for months : SSH on port 110 and it works fine. My first post was more a challenge for me than really use this VPN (if it can be possible to make it :-)) Thanks Neale, Francois. -----Message d'origine----- De : pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]De la part de Neale Banks Envoye : dimanche 19 aout 2001 06:18 A : pptp-server at lists.schulte.org Objet : Re: [pptp-server] Bypassing the firewall On Sat, 18 Aug 2001, Stan A. Rogge wrote: > Isn't the purpose of your company's firewall to prevent exactly what > your trying to do? > > If you are successful bringing up an external Network link into the > middle of your company's internal network, isn't your company's > Network Security compromised? Indeed they would be. The words "responsibility" and "liability" come to mind here ;-) > ----- Original Message ----- > From: "Sexy Boy" > To: > Sent: Saturday, August 18, 2001 4:38 PM > Subject: [pptp-server] Bypassing the firewall > > > > Hi, > > > > I have a litlle (big for me :-) problem and if some can help me it would be > > cool. So this is my problem : > > > > At home, i configure a PPTP server on my linux box and it is working fine. > > > > At my office, i would like to connect my NT 4.0 Workstation to my linux > > server but the problem is the firewall which allows only connection to port > > 21, 25, 80, 110, 443 but not 1723 ! (There is no way to change the firewall > > setting because it's managed by an external company and i can't ask them to > > change anything !) [...] Depending on just what you re trying to achieve, had you considered having sshd listen on say port 443 on the Linux machine and using a Win32 SSH client (e.g. TeraTerm+SSH, Putty)? If that solves your problems it might be both a whole lot simpler and open less opportunities for "other things" to happen.. HTH, Neale. PS: > > So what i'm trying to do is bypass the firewall with port redirection : I don't think port redirection will help you with GRE. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From Sexy-Boy at NetCourrier.Com Mon Aug 20 17:24:12 2001 From: Sexy-Boy at NetCourrier.Com (Sexy Boy) Date: Tue, 21 Aug 2001 00:24:12 +0200 Subject: [pptp-server] Bypassing the firewall In-Reply-To: Message-ID: I currently don't know if the firewall lets or not the GRE packet pass through it. I'm trying to fix the channel connection on port 1723. But you're right this will be my second problem :-) Francois. -----Message d'origine----- De : pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]De la part de Charlie Brady Envoye : dimanche 19 aout 2001 16:57 A : Jamin Collins Cc : pptp-server at lists.schulte.org Objet : RE: [pptp-server] Bypassing the firewall On Sat, 18 Aug 2001, Jamin Collins wrote: > changes where not possible because he couldn't ask them to make them. Again > if this where one of the "allowed" cases, there would be no problem. At > least not any that I can see. In any case, the proposed work around won't work, as it only forwards the control channel, and not the GRE packets. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From Sexy-Boy at NetCourrier.Com Mon Aug 20 17:39:32 2001 From: Sexy-Boy at NetCourrier.Com (Sexy Boy) Date: Tue, 21 Aug 2001 00:39:32 +0200 Subject: [pptp-server] Bypassing the firewall In-Reply-To: <019801c12836$f7bd2e00$fd01a8c0@harmonic.com> Message-ID: Don't worry, i am very concerned with my company security and i would not do anything which could compromised its security. The external we're talking about is my linux box at home. In that case, security is only compromised if and only if the potential hackers took control of my linux box AND are waiting for me to dial in through the VPN AND that IP routing is enabled on my NT workstation at work. The last condition is not met and i hope the first condition would never be ! Now the story of the firewall :-) : Two month ago, my company don't use emails (weird !), so they decide to use an external company for the email (server, connection to internet, etc ...). So we use a dedicated line between them and us. This line is primaly used for emails, but in the way they have configure their firewall, we can use basic ports like : 80,443 (probably for webmail), 21 (FTP), 110 (POP) and 25 SMTP. => This firewall configuration is the same for all their clients, so that why we don't ask them to change anything in their firewall (i hate my customer asking me special treats, so i don't want to bother them with my request). That's why i am trying to find another solutions. Hope someone could help me ! Thanks and bye, Francois. -----Message d'origine----- De : pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]De la part de Stan A. Rogge Envoy? : dimanche 19 ao?t 2001 00:42 ? : pptp-server at lists.schulte.org Objet : Re: [pptp-server] Bypassing the firewall Isn't the purpose of your company's firewall to prevent exactly what your trying to do? If you are successful bringing up an external Network link into the middle of your company's internal network, isn't your company's Network Security compromised? ----- Original Message ----- From: "Sexy Boy" To: Sent: Saturday, August 18, 2001 4:38 PM Subject: [pptp-server] Bypassing the firewall > Hi, > > I have a litlle (big for me :-) problem and if some can help me it would be > cool. So this is my problem : > > At home, i configure a PPTP server on my linux box and it is working fine. > > At my office, i would like to connect my NT 4.0 Workstation to my linux > server but the problem is the firewall which allows only connection to port > 21, 25, 80, 110, 443 but not 1723 ! (There is no way to change the firewall > setting because it's managed by an external company and i can't ask them to > change anything !) > > So what i'm trying to do is bypass the firewall with port redirection : > > On my NT 4.0 : i redirect local port 1723 to the remote port 443 on my > linux box > On my Linux server : i redirect local port 443 to local port 1723 > > So if i want to connect to my Linux server on port 1723, i configure the RAS > to connect to localhost:1723 which is redirect to remote:443 (this bypass > the firewall) => redirect to linux:1723. > > The redirection is OK because i see the packet to my linux server (with > tcpdump). > The problem is that my Linux server considers that a local connection is > attempted and refuse the connection !!! > > So my question is : Is there a way to allow local connection to a PPTP > server (local connection = server and client on the same machine like FTP or > HHTP) ? > > Thanks a lots, > Francois. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From kjean at ee.ucl.ac.uk Tue Aug 21 09:40:07 2001 From: kjean at ee.ucl.ac.uk (Kerry Jean) Date: Tue, 21 Aug 2001 15:40:07 +0100 Subject: [pptp-server] pptp tunnel with win2000 client and linux server Message-ID: <3B8272C7.FD09E4CB@ee.ucl.ac.uk> Hi, Thank you to everyone who answere my previous request for help. I am attempting make a pptp connection between a win2000 clinet and a linux server running poptop. The two machines dialed out to an ISP and obtained dynamic IP addresses. But when I try to make the pptp vpn between the client and server by I cannot connect. the win2000 client gives me error 619: the specified port is not connected. =20 Can anyone help me please. The log from the linux machine is given below. Thank you very much for your assistance. Kerry Jean Debug information for session when a PPP link to an ISP was already active and then a PPTP tunnel was attempted between the two machines. Aug 20 19:53:07 mcbrain pptpd[18812]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: local address = 10.0.1.1 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: remote address = 10.0.1.3 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: pppd speed = 19200 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: pppd options file = /etc/ppp/pptpd-options Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 1) Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Made a START CTRL CONN RPLY packet Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: I wrote 156 bytes to the client. Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Sent packet to client Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 7) Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Set parameters to 1525 maxbps, 64 window size Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Made a OUT CALL RPLY packet Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: pty_fd = 5 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: tty_fd = 6 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: I wrote 32 bytes to the client. Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): Connection speed = 19200 Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): local address = 10.0.1.1 Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): remote address = 10.0.1.3 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Sent packet to client Aug 20 19:53:08 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 15) Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 20 19:53:11 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:12 mcbrain pppd[18781]: sent [LCP EchoReq id=0xb magic=0x2a19db7b] Aug 20 19:53:12 mcbrain pppd[18781]: rcvd [LCP EchoRep id=0xb magic=0xe557df97] Aug 20 19:53:14 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:35 mcbrain last message repeated 7 times Aug 20 19:53:38 mcbrain pptpd[18812]: CTRL: Exiting now Aug 20 19:53:38 mcbrain pptpd[18447]: MGR: Reaped child 18812 From cstorer at infinitisystems.com Tue Aug 21 10:30:05 2001 From: cstorer at infinitisystems.com (Chris Storer) Date: Tue, 21 Aug 2001 11:30:05 -0400 Subject: [pptp-server] New to PoPToP, routing issues..? Message-ID: Hi. I just recently got the PoPToP pptpd server up and running. Got everything patched and recompiled without incident, and it works beautifully for authentication with MS clients. The problem I'm having is that traffic from pptp clients is not routing to/from the LAN that the pptp server is on. Once a client authenticates, I can ping either IP address on the pptp server (it's multi-homed, bridging between 2 LANS), but I can't ping either LAN beyond the pptp server. The setup looks something like this... (Please pardon my horrid artwork!) 10.19.33.1|---------|10.19.23.22 10.19.33.0<--------------|pptpserv |----------------->10.19.23.0 |_________| | |pptp client |10.19.33.201 V There is also, on the 10.19.23.0 network, a Cisco router that does 1-1 NAT, providing a static DNAT mapping from a public IP to 10.19.23.22 Once the client authenticates, I can ping both 10.19.33.1 and 10.19.23.22 (the 2 ip's on the server). I can also ping the IP's assigned to the pptp tunnel, although I think I may be a little confused on the configuration of these. Currently, in my /etc/pptpd.conf file I have: localip 10.19.33.200 remoteip 10.19.33.201-205 In the sample pptpd.conf provided with PoPToP it says you can use just 1 localip if desired, so I'm assuming this is ok. I'm not sure if the local and remote can be in the same range...? Although I'm not very good with routing, the routing tables appear ok. Once the client authenticates there is a route statement for the client's IP on ppp0. IP forwarding is enabled, and I am running iptables, although at this point all chains are empty and set to default ACCEPT, so I don't believe that's the problem... I am able to move traffic between 10.19.23.0 and 10.19.33.0 locally... Any insights highly appreciated. I really feel like I'm missing something stupid here, I'm hoping that's the case! Thanks in advance for any information! Chris Storer IT Consultant Infiniti Systems Group, Inc. A Weatherhead 100 Company www.infinitisystems.com cstorer at infinitisystems.com From Josh.Howlett at bristol.ac.uk Tue Aug 21 10:39:53 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Tue, 21 Aug 2001 16:39:53 +0100 (BST) Subject: [pptp-server] New to PoPToP, routing issues..? In-Reply-To: Message-ID: Hi, Post your routing and arp tables when the client is connected. josh. On Tue, 21 Aug 2001, Chris Storer wrote: > Hi. I just recently got the PoPToP pptpd server up and running. Got > everything patched and recompiled without incident, and it works beautifully > for authentication with MS clients. > > The problem I'm having is that traffic from pptp clients is not routing > to/from the LAN that the pptp server is on. Once a client authenticates, I > can ping either IP address on the pptp server (it's multi-homed, bridging > between 2 LANS), but I can't ping either LAN beyond the pptp server. > > The setup looks something like this... (Please pardon my horrid artwork!) > > > 10.19.33.1|---------|10.19.23.22 > 10.19.33.0<--------------|pptpserv |----------------->10.19.23.0 > |_________| > | > |pptp client > |10.19.33.201 > V > > There is also, on the 10.19.23.0 network, a Cisco router that does 1-1 NAT, > providing a static DNAT mapping from a public IP to 10.19.23.22 > > Once the client authenticates, I can ping both 10.19.33.1 and 10.19.23.22 > (the 2 ip's on the server). > > I can also ping the IP's assigned to the pptp tunnel, although I think I may > be a little confused on the configuration of these. Currently, in my > /etc/pptpd.conf file I have: > > localip 10.19.33.200 > remoteip 10.19.33.201-205 > > In the sample pptpd.conf provided with PoPToP it says you can use just 1 > localip if desired, so I'm assuming this is ok. I'm not sure if the local > and remote can be in the same range...? > > Although I'm not very good with routing, the routing tables appear ok. Once > the client authenticates there is a route statement for the client's IP on > ppp0. > > IP forwarding is enabled, and I am running iptables, although at this point > all chains are empty and set to default ACCEPT, so I don't believe that's > the problem... I am able to move traffic between 10.19.23.0 and 10.19.33.0 > locally... > > Any insights highly appreciated. I really feel like I'm missing something > stupid here, I'm hoping that's the case! Thanks in advance for any > information! > > Chris Storer > IT Consultant > Infiniti Systems Group, Inc. > A Weatherhead 100 Company > www.infinitisystems.com > cstorer at infinitisystems.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From cstorer at infinitisystems.com Tue Aug 21 10:51:10 2001 From: cstorer at infinitisystems.com (Chris Storer) Date: Tue, 21 Aug 2001 11:51:10 -0400 Subject: [pptp-server] New to PoPToP, routing issues..? In-Reply-To: Message-ID: Ok. Just fired up a client, authenticated just fine. Client received 10.19.33.202, with a netmask of 255.0.0.0 - is that strange?? Anyway...Here is from ifconfig for ppp0: ppp0 Link encap:Point-to-Point Protocol inet addr:10.19.33.200 P-t-P:10.19.33.202 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1490 Metric:1 RX packets:84 errors:0 dropped:0 overruns:0 frame:0 TX packets:31 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 Here is routing table: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.19.33.202 * 255.255.255.255 UH 0 0 0 ppp0 10.19.33.0 * 255.255.255.0 U 0 0 0 eth1 10.19.23.0 10.19.23.22 255.255.255.0 UG 0 0 0 eth0 10.19.23.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 10.19.23.1 0.0.0.0 UG 0 0 0 eth0 Here is arp table: ? (10.19.23.7) at 00:D0:B7:69:2A:81 [ether] on eth0 ? (10.19.23.1) at 00:02:17:60:D6:4C [ether] on eth0 ? (10.19.33.202) at * PERM PUP on eth1 Thanks for your help! Chris Storer IT Consultant Infiniti Systems Group, Inc. A Weatherhead 100 Company www.infinitisystems.com cstorer at infinitisystems.com > -----Original Message----- > From: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] > Sent: Tuesday, August 21, 2001 11:40 AM > To: Chris Storer > Cc: pptp-server > Subject: Re: [pptp-server] New to PoPToP, routing issues..? > > > Hi, > > Post your routing and arp tables when the client is connected. > > josh. > > On Tue, 21 Aug 2001, Chris Storer wrote: > > > Hi. I just recently got the PoPToP pptpd server up and running. Got > > everything patched and recompiled without incident, and it > works beautifully > > for authentication with MS clients. > > > > The problem I'm having is that traffic from pptp clients is not routing > > to/from the LAN that the pptp server is on. Once a client > authenticates, I > > can ping either IP address on the pptp server (it's > multi-homed, bridging > > between 2 LANS), but I can't ping either LAN beyond the pptp server. > > > > The setup looks something like this... (Please pardon my horrid > artwork!) > > > > > > 10.19.33.1|---------|10.19.23.22 > > 10.19.33.0<--------------|pptpserv |----------------->10.19.23.0 > > |_________| > > | > > |pptp client > > |10.19.33.201 > > V > > > > There is also, on the 10.19.23.0 network, a Cisco router that > does 1-1 NAT, > > providing a static DNAT mapping from a public IP to 10.19.23.22 > > > > Once the client authenticates, I can ping both 10.19.33.1 and > 10.19.23.22 > > (the 2 ip's on the server). > > > > I can also ping the IP's assigned to the pptp tunnel, although > I think I may > > be a little confused on the configuration of these. Currently, in my > > /etc/pptpd.conf file I have: > > > > localip 10.19.33.200 > > remoteip 10.19.33.201-205 > > > > In the sample pptpd.conf provided with PoPToP it says you can use just 1 > > localip if desired, so I'm assuming this is ok. I'm not sure > if the local > > and remote can be in the same range...? > > > > Although I'm not very good with routing, the routing tables > appear ok. Once > > the client authenticates there is a route statement for the > client's IP on > > ppp0. > > > > IP forwarding is enabled, and I am running iptables, although > at this point > > all chains are empty and set to default ACCEPT, so I don't > believe that's > > the problem... I am able to move traffic between 10.19.23.0 and > 10.19.33.0 > > locally... > > > > Any insights highly appreciated. I really feel like I'm > missing something > > stupid here, I'm hoping that's the case! Thanks in advance for any > > information! > > > > Chris Storer > > IT Consultant > > Infiniti Systems Group, Inc. > > A Weatherhead 100 Company > > www.infinitisystems.com > > cstorer at infinitisystems.com > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > > > --------------------------------------- > Josh Howlett, Network Supervisor, > Networking & Digital Communications, > Information Systems & Computing, > University of Bristol, U.K. > 0117 928 7850 | josh.howlett at bris.ac.uk > --------------------------------------- From pfremond at thelab-intl.com Tue Aug 21 11:05:23 2001 From: pfremond at thelab-intl.com (Patrick Fremond) Date: Tue, 21 Aug 2001 18:05:23 +0200 Subject: [pptp-server] Can't compress and use encryption Message-ID: I ve got Kernel 2.4.4 ppp 2.4.1 openssl-0.9.6a pptpd-1.1.2.tar.gz patch ppp-2.4.1-openssl-0.9.6-mppe-patch.gz ppp-2.4.1-MSCHAPv2-fix.patch.gz linux-2.4.4-openssl-0.9.6a-mppe.patch.gz DOo you know why? This what i get : Aug 21 18:07:52 gw pppd[25919]: local IP address 192.168.0.234 Aug 21 18:07:52 gw pppd[25919]: remote IP address 192.168.1.234 Aug 21 18:07:52 gw pppd[25919]: Script /etc/ppp/ip-up started (pid 25921) Aug 21 18:07:52 gw pppd[25919]: Script /etc/ppp/ip-up finished (pid 25921), status = 0xff00 Aug 21 18:07:52 gw pppd[25919]: rcvd [CCP TermReq id=0x3] Aug 21 18:07:52 gw pppd[25919]: CCP terminated by peer Aug 21 18:07:52 gw pppd[25919]: sent [CCP TermAck id=0x3] Aug 21 18:07:52 gw pppd[25919]: Compression disabled by peer. Aug 21 18:07:52 gw pppd[25921]: Can't execute /etc/ppp/ip-up: Exec format error Aug 21 18:07:52 gw pppd[25919]: rcvd [LCP TermReq id=0x3] Aug 21 18:07:52 gw pppd[25919]: LCP terminated by peer Aug 21 18:07:52 gw pppd[25919]: sent [LCP TermAck id=0x3] Aug 21 18:07:52 gw pppd[25919]: Modem hangup Aug 21 18:07:52 gw pppd[25919]: Connection terminated. Aug 21 18:07:52 gw pppd[25919]: Connect time 0.1 minutes. Aug 21 18:07:52 gw pppd[25919]: Sent 116 bytes, received 116 bytes. Aug 21 18:07:52 gw pppd[25919]: Exit. Aug 21 18:07:57 gw pptpd[25918]: GRE: read error: Bad file descriptor Aug 21 18:07:57 gw pptpd[25918]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Aug 21 18:07:57 gw pptpd[25918]: CTRL: Client 217.128.82.204 control connection finished From GeorgeV at citadelcomputer.com.au Tue Aug 21 17:19:15 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 22 Aug 2001 08:19:15 +1000 Subject: [pptp-server] pptp tunnel with win2000 client and linux serve r Message-ID: <200FAA488DE0D41194F10010B597610D1CEC23@jupiter.citadelcomputer.com.au> Can you send us your pptpd.conf and pptpd-options file.. sorry should asked for that too... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Kerry Jean [mailto:kjean at ee.ucl.ac.uk] Sent: Wednesday, August 22, 2001 12:40 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] pptp tunnel with win2000 client and linux server Hi, Thank you to everyone who answere my previous request for help. I am attempting make a pptp connection between a win2000 clinet and a linux server running poptop. The two machines dialed out to an ISP and obtained dynamic IP addresses. But when I try to make the pptp vpn between the client and server by I cannot connect. the win2000 client gives me error 619: the specified port is not connected. =20 Can anyone help me please. The log from the linux machine is given below. Thank you very much for your assistance. Kerry Jean Debug information for session when a PPP link to an ISP was already active and then a PPTP tunnel was attempted between the two machines. Aug 20 19:53:07 mcbrain pptpd[18812]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: local address = 10.0.1.1 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: remote address = 10.0.1.3 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: pppd speed = 19200 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: pppd options file = /etc/ppp/pptpd-options Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 1) Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Made a START CTRL CONN RPLY packet Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: I wrote 156 bytes to the client. Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Sent packet to client Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 7) Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Set parameters to 1525 maxbps, 64 window size Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Made a OUT CALL RPLY packet Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: pty_fd = 5 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: tty_fd = 6 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: I wrote 32 bytes to the client. Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): Connection speed = 19200 Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): local address = 10.0.1.1 Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): remote address = 10.0.1.3 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Sent packet to client Aug 20 19:53:08 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 15) Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 20 19:53:11 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:12 mcbrain pppd[18781]: sent [LCP EchoReq id=0xb magic=0x2a19db7b] Aug 20 19:53:12 mcbrain pppd[18781]: rcvd [LCP EchoRep id=0xb magic=0xe557df97] Aug 20 19:53:14 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:35 mcbrain last message repeated 7 times Aug 20 19:53:38 mcbrain pptpd[18812]: CTRL: Exiting now Aug 20 19:53:38 mcbrain pptpd[18447]: MGR: Reaped child 18812 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Tue Aug 21 17:23:32 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 22 Aug 2001 08:23:32 +1000 Subject: [pptp-server] New to PoPToP, routing issues..? Message-ID: <200FAA488DE0D41194F10010B597610D1CEC24@jupiter.citadelcomputer.com.au> Your pptp client and the LAN are on different subnets you have 10.19.23.xx and there is 10.19.33.xx. Your problem is most likely an IP forwarding problem. Can you run tcpdump on the LAN and check that packets are arriving? If you don't route the 2 networks, you will have to use IP masquerading. Is the Cisco NATing properly? I'd start checking there with tcpdumps. Argh damn firedrill alarm.. I think I'll stay and burn with the building..... PS: Nice diagram ;-) thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Josh Howlett [mailto:Josh.Howlett at bristol.ac.uk] Sent: Wednesday, August 22, 2001 1:40 AM To: Chris Storer Cc: pptp-server Subject: Re: [pptp-server] New to PoPToP, routing issues..? Hi, Post your routing and arp tables when the client is connected. josh. On Tue, 21 Aug 2001, Chris Storer wrote: > Hi. I just recently got the PoPToP pptpd server up and running. Got > everything patched and recompiled without incident, and it works beautifully > for authentication with MS clients. > > The problem I'm having is that traffic from pptp clients is not routing > to/from the LAN that the pptp server is on. Once a client authenticates, I > can ping either IP address on the pptp server (it's multi-homed, bridging > between 2 LANS), but I can't ping either LAN beyond the pptp server. > > The setup looks something like this... (Please pardon my horrid artwork!) > > > 10.19.33.1|---------|10.19.23.22 > 10.19.33.0<--------------|pptpserv |----------------->10.19.23.0 > |_________| > | > |pptp client > |10.19.33.201 > V > > There is also, on the 10.19.23.0 network, a Cisco router that does 1-1 NAT, > providing a static DNAT mapping from a public IP to 10.19.23.22 > > Once the client authenticates, I can ping both 10.19.33.1 and 10.19.23.22 > (the 2 ip's on the server). > > I can also ping the IP's assigned to the pptp tunnel, although I think I may > be a little confused on the configuration of these. Currently, in my > /etc/pptpd.conf file I have: > > localip 10.19.33.200 > remoteip 10.19.33.201-205 > > In the sample pptpd.conf provided with PoPToP it says you can use just 1 > localip if desired, so I'm assuming this is ok. I'm not sure if the local > and remote can be in the same range...? > > Although I'm not very good with routing, the routing tables appear ok. Once > the client authenticates there is a route statement for the client's IP on > ppp0. > > IP forwarding is enabled, and I am running iptables, although at this point > all chains are empty and set to default ACCEPT, so I don't believe that's > the problem... I am able to move traffic between 10.19.23.0 and 10.19.33.0 > locally... > > Any insights highly appreciated. I really feel like I'm missing something > stupid here, I'm hoping that's the case! Thanks in advance for any > information! > > Chris Storer > IT Consultant > Infiniti Systems Group, Inc. > A Weatherhead 100 Company > www.infinitisystems.com > cstorer at infinitisystems.com > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From Steve at SteveCowles.com Tue Aug 21 17:26:03 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Tue, 21 Aug 2001 17:26:03 -0500 Subject: [pptp-server] New to PoPToP, routing issues..? Message-ID: <90769AF04F76D41186C700A0C90AFC3EE85F@defiant.infohiiway.com> > -----Original Message----- > From: Chris Storer [mailto:cstorer at infinitisystems.com] > Sent: Tuesday, August 21, 2001 10:51 AM > To: Josh Howlett > Cc: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] New to PoPToP, routing issues..? > > > Ok. Just fired up a client, authenticated just fine. Client received > 10.19.33.202, with a netmask of 255.0.0.0 - is that strange?? Microsoft assigns the pptp netmask based on the class of network. In your case the 10.0.0.0 network address is considered a class A which would have a netmask of 255.0.0.0. > > Anyway...Here is from ifconfig for ppp0: > > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.19.33.200 P-t-P:10.19.33.202 > Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1490 Metric:1 > RX packets:84 errors:0 dropped:0 overruns:0 frame:0 > TX packets:31 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > Looks good... > Here is routing table: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric > Ref Use > Iface > 10.19.33.202 * 255.255.255.255 UH 0 > 0 0 ppp0 > 10.19.33.0 * 255.255.255.0 U 0 > 0 0 eth1 > 10.19.23.0 10.19.23.22 255.255.255.0 UG 0 > 0 0 eth0 > 10.19.23.0 * 255.255.255.0 U 0 > 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 > 0 0 lo > default 10.19.23.1 0.0.0.0 UG 0 > 0 0 eth0 > Looks OK!! The dual 10.19.23.0 is a little confusing though. > Here is arp table: > > ? (10.19.23.7) at 00:D0:B7:69:2A:81 [ether] on eth0 > ? (10.19.23.1) at 00:02:17:60:D6:4C [ether] on eth0 > ? (10.19.33.202) at * PERM PUP on eth1 > In your /var/log/messages file... do you see a statement that says something like "found eth1 for proxy arp" after the local/remote ip assignment??? Without eth1 acting as a proxy arp for your PPTP client, the clients/servers on your LAN will not be able to communicate with your PPTP client. Just the PPTP server itself. Also is ip_forwarding enabled? Steve Cowles From GeorgeV at citadelcomputer.com.au Tue Aug 21 17:26:01 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 22 Aug 2001 08:26:01 +1000 Subject: [pptp-server] Can't compress and use encryption Message-ID: <200FAA488DE0D41194F10010B597610D1CEC25@jupiter.citadelcomputer.com.au> Do an ls -l of /etc/ppp/ip-up and check the permissions, it usually gets started up by sh. Then check the contents, easy thing to do is backup the file and empty it out and see if you get the same error or not.. if it doesn't then there's some bad code in there... usually it still runs though... Thing is that the connection was dropped by the peer (client side).. so I think something else is wrong there? Did the client give any vague reason? thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Patrick Fremond [mailto:pfremond at thelab-intl.com] Sent: Wednesday, August 22, 2001 2:05 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Can't compress and use encryption I ve got Kernel 2.4.4 ppp 2.4.1 openssl-0.9.6a pptpd-1.1.2.tar.gz patch ppp-2.4.1-openssl-0.9.6-mppe-patch.gz ppp-2.4.1-MSCHAPv2-fix.patch.gz linux-2.4.4-openssl-0.9.6a-mppe.patch.gz DOo you know why? This what i get : Aug 21 18:07:52 gw pppd[25919]: local IP address 192.168.0.234 Aug 21 18:07:52 gw pppd[25919]: remote IP address 192.168.1.234 Aug 21 18:07:52 gw pppd[25919]: Script /etc/ppp/ip-up started (pid 25921) Aug 21 18:07:52 gw pppd[25919]: Script /etc/ppp/ip-up finished (pid 25921), status = 0xff00 Aug 21 18:07:52 gw pppd[25919]: rcvd [CCP TermReq id=0x3] Aug 21 18:07:52 gw pppd[25919]: CCP terminated by peer Aug 21 18:07:52 gw pppd[25919]: sent [CCP TermAck id=0x3] Aug 21 18:07:52 gw pppd[25919]: Compression disabled by peer. Aug 21 18:07:52 gw pppd[25921]: Can't execute /etc/ppp/ip-up: Exec format error Aug 21 18:07:52 gw pppd[25919]: rcvd [LCP TermReq id=0x3] Aug 21 18:07:52 gw pppd[25919]: LCP terminated by peer Aug 21 18:07:52 gw pppd[25919]: sent [LCP TermAck id=0x3] Aug 21 18:07:52 gw pppd[25919]: Modem hangup Aug 21 18:07:52 gw pppd[25919]: Connection terminated. Aug 21 18:07:52 gw pppd[25919]: Connect time 0.1 minutes. Aug 21 18:07:52 gw pppd[25919]: Sent 116 bytes, received 116 bytes. Aug 21 18:07:52 gw pppd[25919]: Exit. Aug 21 18:07:57 gw pptpd[25918]: GRE: read error: Bad file descriptor Aug 21 18:07:57 gw pptpd[25918]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Aug 21 18:07:57 gw pptpd[25918]: CTRL: Client 217.128.82.204 control connection finished _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Tue Aug 21 17:32:46 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 21 Aug 2001 18:32:46 -0400 (EDT) Subject: [pptp-server] New to PoPToP, routing issues..? In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE85F@defiant.infohiiway.com> Message-ID: On Tue, 21 Aug 2001, Cowles, Steve wrote: > > -----Original Message----- > > From: Chris Storer [mailto:cstorer at infinitisystems.com] > > Sent: Tuesday, August 21, 2001 10:51 AM > > To: Josh Howlett > > Cc: pptp-server at lists.schulte.org > > Subject: RE: [pptp-server] New to PoPToP, routing issues..? > > > > > > Ok. Just fired up a client, authenticated just fine. Client received > > 10.19.33.202, with a netmask of 255.0.0.0 - is that strange?? > > Microsoft assigns the pptp netmask based on the class of network. In your > case the 10.0.0.0 network address is considered a class A which would have a > netmask of 255.0.0.0. From GeorgeV at citadelcomputer.com.au Tue Aug 21 17:37:31 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 22 Aug 2001 08:37:31 +1000 Subject: [pptp-server] New to PoPToP, routing issues..? Message-ID: <200FAA488DE0D41194F10010B597610D1CEC27@jupiter.citadelcomputer.com.au> You do have a point about the 10 Class A subnet and it's mask but you can't use proxyarp if the LAN IP is different to the PPTP IP addresses... it'll say "Can't find ethernet device for proxy arp". The first 10.19.23.0 is specifying the gateway and the other is just a network route for it. Some machines do this and others don't it's quite weird... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Cowles, Steve [mailto:Steve at SteveCowles.com] Sent: Wednesday, August 22, 2001 8:26 AM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? > -----Original Message----- > From: Chris Storer [mailto:cstorer at infinitisystems.com] > Sent: Tuesday, August 21, 2001 10:51 AM > To: Josh Howlett > Cc: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] New to PoPToP, routing issues..? > > > Ok. Just fired up a client, authenticated just fine. Client received > 10.19.33.202, with a netmask of 255.0.0.0 - is that strange?? Microsoft assigns the pptp netmask based on the class of network. In your case the 10.0.0.0 network address is considered a class A which would have a netmask of 255.0.0.0. > > Anyway...Here is from ifconfig for ppp0: > > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.19.33.200 P-t-P:10.19.33.202 > Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1490 Metric:1 > RX packets:84 errors:0 dropped:0 overruns:0 frame:0 > TX packets:31 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > Looks good... > Here is routing table: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric > Ref Use > Iface > 10.19.33.202 * 255.255.255.255 UH 0 > 0 0 ppp0 > 10.19.33.0 * 255.255.255.0 U 0 > 0 0 eth1 > 10.19.23.0 10.19.23.22 255.255.255.0 UG 0 > 0 0 eth0 > 10.19.23.0 * 255.255.255.0 U 0 > 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 > 0 0 lo > default 10.19.23.1 0.0.0.0 UG 0 > 0 0 eth0 > Looks OK!! The dual 10.19.23.0 is a little confusing though. > Here is arp table: > > ? (10.19.23.7) at 00:D0:B7:69:2A:81 [ether] on eth0 > ? (10.19.23.1) at 00:02:17:60:D6:4C [ether] on eth0 > ? (10.19.33.202) at * PERM PUP on eth1 > In your /var/log/messages file... do you see a statement that says something like "found eth1 for proxy arp" after the local/remote ip assignment??? Without eth1 acting as a proxy arp for your PPTP client, the clients/servers on your LAN will not be able to communicate with your PPTP client. Just the PPTP server itself. Also is ip_forwarding enabled? Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From return at trafficmagnet.net Wed Aug 22 02:14:44 2001 From: return at trafficmagnet.net (Christine Hall) Date: Wed, 22 Aug 2001 15:14:44 +0800 Subject: [pptp-server] POPTOP.LINEO.COM Message-ID: <200108220710.f7M7Aqr21323@trafficmagnet.net> An HTML attachment was scrubbed... URL: From eking at tangram.com Wed Aug 22 09:27:47 2001 From: eking at tangram.com (Ed King) Date: Wed, 22 Aug 2001 10:27:47 -0400 Subject: [pptp-server] New to PoPToP, routing issues..? In-Reply-To: <200FAA488DE0D41194F10010B597610D1CEC27@jupiter.citadelcomputer.com.au> Message-ID: So, let me get this straight, on the proxyarp issue, we use 172.16 addresses on our LAN and use the 192.168 addresses for the PPTP clients and I see the "can't find ehternet device for proxy arp". What does this message signify? I am starting to work on getting Network Browsing to work on the clients and have just started looking at this issue, will this affect Network Browsing? -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira Sent: Tuesday, August 21, 2001 18:38 To: 'Cowles, Steve'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? You do have a point about the 10 Class A subnet and it's mask but you can't use proxyarp if the LAN IP is different to the PPTP IP addresses... it'll say "Can't find ethernet device for proxy arp". The first 10.19.23.0 is specifying the gateway and the other is just a network route for it. Some machines do this and others don't it's quite weird... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Cowles, Steve [mailto:Steve at SteveCowles.com] Sent: Wednesday, August 22, 2001 8:26 AM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? > -----Original Message----- > From: Chris Storer [mailto:cstorer at infinitisystems.com] > Sent: Tuesday, August 21, 2001 10:51 AM > To: Josh Howlett > Cc: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] New to PoPToP, routing issues..? > > > Ok. Just fired up a client, authenticated just fine. Client received > 10.19.33.202, with a netmask of 255.0.0.0 - is that strange?? Microsoft assigns the pptp netmask based on the class of network. In your case the 10.0.0.0 network address is considered a class A which would have a netmask of 255.0.0.0. > > Anyway...Here is from ifconfig for ppp0: > > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.19.33.200 P-t-P:10.19.33.202 > Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1490 Metric:1 > RX packets:84 errors:0 dropped:0 overruns:0 frame:0 > TX packets:31 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > Looks good... > Here is routing table: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric > Ref Use > Iface > 10.19.33.202 * 255.255.255.255 UH 0 > 0 0 ppp0 > 10.19.33.0 * 255.255.255.0 U 0 > 0 0 eth1 > 10.19.23.0 10.19.23.22 255.255.255.0 UG 0 > 0 0 eth0 > 10.19.23.0 * 255.255.255.0 U 0 > 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 > 0 0 lo > default 10.19.23.1 0.0.0.0 UG 0 > 0 0 eth0 > Looks OK!! The dual 10.19.23.0 is a little confusing though. > Here is arp table: > > ? (10.19.23.7) at 00:D0:B7:69:2A:81 [ether] on eth0 > ? (10.19.23.1) at 00:02:17:60:D6:4C [ether] on eth0 > ? (10.19.33.202) at * PERM PUP on eth1 > In your /var/log/messages file... do you see a statement that says something like "found eth1 for proxy arp" after the local/remote ip assignment??? Without eth1 acting as a proxy arp for your PPTP client, the clients/servers on your LAN will not be able to communicate with your PPTP client. Just the PPTP server itself. Also is ip_forwarding enabled? Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From ckalos at gothambroadband.com Wed Aug 22 09:35:51 2001 From: ckalos at gothambroadband.com (Chris Kalos) Date: Wed, 22 Aug 2001 10:35:51 -0400 (EDT) Subject: [pptp-server] Cisco 800 series issues? Message-ID: <998490951.3b83c347731a5@cyclops.gothambroadband.com> I've got a Poptop VPN that normally works perfectly. Now I'm trying to get it working over an ISDN link on a Cisco 800 with the IP (or IP Firewall) feature set. While the router can support GRE, this one does not, and as a result, I'm consistently getting this error: Aug 22 10:22:56 thing pppd[22632]: LCP: timeout sending Config-Requests Aug 22 10:22:56 thing pppd[22632]: Connection terminated. I know that this means that a GRE tunnel can't be created. What I don't know is if there is any way to allow the protocol to get past the router. I don't need to do router to router VPN, I just want to make a Win2K system connect to the VPN server, as one would normally do. If this isn't an option, then I may have to move on to upgrading the 800 series router and setting it up as a VPN server. If I have to do this, is there any sensible way to make the 800 series talk to Poptop, or do I have to move on to an IPSec based VPN solution? Thank you, Christopher Kalos Systems Administrator Gotham Broadband From john at snake.supranet.net Wed Aug 22 09:54:13 2001 From: john at snake.supranet.net (John Heyer) Date: Wed, 22 Aug 2001 09:54:13 -0500 (CDT) Subject: [pptp-server] Netware 4.11 Server access without using IPX? In-Reply-To: <006401c12952$d850b6f0$121b7d0a@advancevpn1> Message-ID: This isn't a PPTP question, but considering my lack of Netware knowledge I thought this may be a place to turn. I'm trying to set things up so Windows95/98 clients can use the Netware client software to connect to a Netware 4.11 server. The big problem is I'm running FreeBSD on the PoPToP server, which can only do IP. Anybody have experience with this? I can ping the Novell server, but the clients can't find the server/tree when they attempt to login. -- Johh Heyer - john at personal.supranet.net - http://heyer.supranet.net "Me fail English? That's unpossible!" -- Ralph Wiggam From k.jean at ee.ucl.ac.uk Wed Aug 22 11:16:40 2001 From: k.jean at ee.ucl.ac.uk (Kerry Jean) Date: Wed, 22 Aug 2001 17:16:40 +0100 Subject: [pptp-server] pptp tunnel from win200 client to linux box Message-ID: <003501c12b25$d3dc9ec0$53282880@ee.ucl.ac.uk> Hi, Thank you to everyone who answered my previous request for help especially Mr. Vieria. I am attempting make a pptp connection between a win2000 client and a linux server running poptop. The two machines dialed out to an ISP and obtained dynamic IP addresses. But when I try to make the pptp vpn between the client and server by I cannot connect. the win2000 client gives me error 619: the specified port is not connected. Can anyone help me please. The log from the linux machine is given below and also the pptpd.conf and pptp-options files. Thank you very much for your assistance. Kerry Jean Debug information for session when a PPP link to an ISP was already active and then a PPTP tunnel was attempted between the two machines. Aug 20 19:53:07 mcbrain pptpd[18812]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: local address = 10.0.1.1 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: remote address = 10.0.1.3 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: pppd speed = 19200 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: pppd options file = /etc/ppp/pptpd-options Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 1) Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Made a START CTRL CONN RPLY packet Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: I wrote 156 bytes to the client. Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Sent packet to client Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 7) Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Set parameters to 1525 maxbps, 64 window size Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Made a OUT CALL RPLY packet Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: pty_fd = 5 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: tty_fd = 6 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: I wrote 32 bytes to the client. Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): Connection speed = 19200 Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): local address = 10.0.1.1 Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): remote address = 10.0.1.3 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Sent packet to client Aug 20 19:53:08 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 15) Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 20 19:53:11 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:12 mcbrain pppd[18781]: sent [LCP EchoReq id=0xb magic=0x2a19db7b] Aug 20 19:53:12 mcbrain pppd[18781]: rcvd [LCP EchoRep id=0xb magic=0xe557df97] Aug 20 19:53:14 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:35 mcbrain last message repeated 7 times Aug 20 19:53:38 mcbrain pptpd[18812]: CTRL: Exiting now Aug 20 19:53:38 mcbrain pptpd[18447]: MGR: Reaped child 18812 This is the pptp-options file being used. #This is the pptp-options files used to configure the pptp tunnels. -detach debug auth require-chap #require-chapms #require-chapms-v2 +chap #+chapms #+chapms-v2 #mppe-40 #mppe-128 #mppe-stateless asyncmap 0 modem crtscts lock #proxyarp ms-dns 10.0.1.1 netmask 255.255.255.0 nodefaultroute This is the pptp.conf file being used. #PoPToP configuration file for PoPToP version 0.9.12 #pptpd.conf file speed 1920 option /etc/ppp/pptpd-options debug localip 10.0.1.1 remoteip 10.0.1.2-10 -------------- next part -------------- An HTML attachment was scrubbed... URL: From tina at qvpartners.com Wed Aug 22 14:21:07 2001 From: tina at qvpartners.com (Tina) Date: Wed, 22 Aug 2001 15:21:07 -0400 Subject: [pptp-server] Unwired Express Strategic Partnerships Message-ID: <84494B9B655D964B9BB62E2D7F4A8A7B382C3F@quantum.qvpartners.com> Wednesday August 15, 2001 QUANTUM UNVEILS INVESTMENT IN UNWIRED EXPRESS. UNWIRED EXPRESS SEEKS ADDITIONAL STRATEGIC ALLIANCES. New York, NY., August 15, 2001 UNWIRED EXPRESS ("Unwired Express" or the "Company", <.http://www.unwiredexpress.com/>) nears FINAL Series B closing with a commitment from Quantum Venture Partners. Investors (Series A - 7.8M) Milind Mittal Virginia Turezyn, Infinity Capital Mark Frommer, Lehman Brothers Jay Forman, Dellet Corp. Yair Safrai, Concord Ventures Unwired Express provides the first ever context-based enterprise mobility platform that intelligently integrates and extends existing business-critical applications. The Unwired Express context-based mobile application platform solves the dilemma that has beset companies for too long: how to transform corporate data into relevant, actionable and timely information for mobile employees. Rounding out the company's capabilities, Unwired Express is partnered with Palm, Xalerts, Ventera, SoftelComm, Sun Microsystems, AvantGo, BEA Systems, Handspring, Microsoft, Enterprise Integration, NovaSync, Maxim Group, and Impact Innovations Group. DIRECTORS, ADVISORS & INVESTORS Virginia Turezyn, Managing Director, Infinity Capital Yair Safrai, General Partner, Concord Ventures Richard Cardenas, Hewlett Packard Company Ashok Mehta, Vice President, Hughes Network Systems Jigish Avalani, Senior Director, .Net marketing, Microsoft Ranjay Gulati, Professor of Technology and E-commerce at Kellogg Graduate School of Management Charles Gaylord, Formerly EVP at Intuit, Chairman of Chipsoft. Board member, eAssist Global Solutions and Stellcom Gary Hoffman, Former CEO, Skipstone Michael Grandinetti, Chief Marketing Officer, Parametric software Gideon Marks, VP of Corporate Finance, Garage.com MANAGEMENT TEAM YUVAL BOGER, President, CEO and Founder: He has served as general manager for the voice quality business unit of RADCOM (NASDAQ: RDCM). Boger also managed the creation of groundbreaking software for new communications test products and won Data Communications magazine's 1996 Hot Product of the Year award. Boger also co-founded Talia Technology, a medical diagnostic company that develops, manufactures and sells unique ophthalmic products worldwide. Boger received a master's of physics at Tel-Aviv University and recently completed an Executive MBA at the J.L. Kellogg Graduate School of Management at Northwestern University. MICHAEL S. RIEMER, Chief Strategy Officer: served as vice president of management at Nextel Communications where he led product management and development activities in the areas of voice, wireless Internet, messaging, Internet/Web and handset development. Prior to Nextel, Riemer was vice president of marketing and business development for Paragraph International. He also co-founded and served as vice president of marketing for Certus International. Riemer received his bachelor's degree from the University of Rochester in 1986. THOMAS E. YOUNG, Vice President of Sales: served as CEO of Onesoft. Young spent 6 years as vice president of Manugistics' global e-commerce division, e-Chain Technologies. Young also spent five years at Andersen Consulting, now Accenture. He received a bachelor's of science in mechanical engineering from the University of Maryland in 1988 and completed course work in high technology marketing at Stanford University in 1997. About QUANTUM VENTURE PARTNERS As a leading venture capital firm, Quantum Ventures has the bandwidth, industry expertise and access to capital to launch the next generation of category leaders. The firm has invested nationwide in various companies across the communications, software and Internet/e-Business industries. From its offices in New York, NY the firm has access to over $100 million in available and committed capital. Quantum Ventures is a 'value-add' investor to early/late-stage companies, providing entrepreneurs with access to more than just financial backing through combined access to their network of industry executives, the right resources and financial capital. If you would like to learn more about Quantum Venture Partners, please see www.qvpartners.com. PLEASE GIVE US YOUR THOUGHTS ON ANY BUSINESS DEVELOPMENT OPPORTUNITIES OR STRATEGIC PARTNERSHIPS WITH UNWIRED EXPRESS. Best regards, Raj Raj Pamnani Quantum Venture Partners 535 Fifth Avenue, 24th Floor New York, New York 10017 Tel: 1- (212) 986-9773 Fax. 1- (212) 661-2145 http://www.qvpartners.com Prefer not to receive announcements? Please reply to this email and type your name and email with the word "unsubscribe" in the subject line. This email transmission is intended for the addressee indicated above. It may contain information that is privileged, confidential or otherwise protected from disclosure. Any review, dissemination, or use of this transmission or its contents by persons other than the addressee is strictly prohibited. THIS INTRODUCTION SHEET, WHICH SHOULD BE READ IN CONJUNCTION WITH ADDITIONAL MATERIALS PROVIDED BY THE COMPANY, IS CONFIDENTIAL AND HAS BEEN PROVIDED TO THE RECIPIENT FOR INFORMATION PURPOSES ONLY AND IS SUBJECT TO THE FURTHER TERMS, CONDITIONS AND DISCLAIMERS SET FORTH IN THE OFFERING DOCUMENTS. BROKERAGE SERVICES ARE PROVIDED BY CHARLES SCHWAB & CO. MEMBER NASD/SIPC From GeorgeV at citadelcomputer.com.au Wed Aug 22 16:55:59 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 23 Aug 2001 07:55:59 +1000 Subject: [pptp-server] New to PoPToP, routing issues..? Message-ID: <200FAA488DE0D41194F10010B597610D1CEC33@jupiter.citadelcomputer.com.au> Using proxyarp is so the PPTP server accepts packets on behalf of the pptp client. When a LAN machine pings the pptp client's IP, the pptp server will relay the ping across, without proxyarp the pptp server ignores the packets destined to the pptp client. THIS MUST BE ON THE SAME SUBNET.. proxyarp helps make the pptp client truely appear to be on the LAN but isn't physically. All this does is broadcasts the pptp clients IP address against the pptp servers LAN address. All the local workstations will have an ARP table saying that to reach the pptp clients IP, send packets to this MAC address (which really is the pptp server). Simple solution for you problem, use an IP on the same subnet as your LAN network... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Ed King [mailto:eking at tangram.com] Sent: Thursday, August 23, 2001 12:28 AM To: George Vieira; 'Cowles, Steve'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? So, let me get this straight, on the proxyarp issue, we use 172.16 addresses on our LAN and use the 192.168 addresses for the PPTP clients and I see the "can't find ehternet device for proxy arp". What does this message signify? I am starting to work on getting Network Browsing to work on the clients and have just started looking at this issue, will this affect Network Browsing? -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira Sent: Tuesday, August 21, 2001 18:38 To: 'Cowles, Steve'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? You do have a point about the 10 Class A subnet and it's mask but you can't use proxyarp if the LAN IP is different to the PPTP IP addresses... it'll say "Can't find ethernet device for proxy arp". The first 10.19.23.0 is specifying the gateway and the other is just a network route for it. Some machines do this and others don't it's quite weird... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Cowles, Steve [mailto:Steve at SteveCowles.com] Sent: Wednesday, August 22, 2001 8:26 AM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? > -----Original Message----- > From: Chris Storer [mailto:cstorer at infinitisystems.com] > Sent: Tuesday, August 21, 2001 10:51 AM > To: Josh Howlett > Cc: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] New to PoPToP, routing issues..? > > > Ok. Just fired up a client, authenticated just fine. Client received > 10.19.33.202, with a netmask of 255.0.0.0 - is that strange?? Microsoft assigns the pptp netmask based on the class of network. In your case the 10.0.0.0 network address is considered a class A which would have a netmask of 255.0.0.0. > > Anyway...Here is from ifconfig for ppp0: > > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.19.33.200 P-t-P:10.19.33.202 > Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1490 Metric:1 > RX packets:84 errors:0 dropped:0 overruns:0 frame:0 > TX packets:31 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > Looks good... > Here is routing table: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric > Ref Use > Iface > 10.19.33.202 * 255.255.255.255 UH 0 > 0 0 ppp0 > 10.19.33.0 * 255.255.255.0 U 0 > 0 0 eth1 > 10.19.23.0 10.19.23.22 255.255.255.0 UG 0 > 0 0 eth0 > 10.19.23.0 * 255.255.255.0 U 0 > 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 > 0 0 lo > default 10.19.23.1 0.0.0.0 UG 0 > 0 0 eth0 > Looks OK!! The dual 10.19.23.0 is a little confusing though. > Here is arp table: > > ? (10.19.23.7) at 00:D0:B7:69:2A:81 [ether] on eth0 > ? (10.19.23.1) at 00:02:17:60:D6:4C [ether] on eth0 > ? (10.19.33.202) at * PERM PUP on eth1 > In your /var/log/messages file... do you see a statement that says something like "found eth1 for proxy arp" after the local/remote ip assignment??? Without eth1 acting as a proxy arp for your PPTP client, the clients/servers on your LAN will not be able to communicate with your PPTP client. Just the PPTP server itself. Also is ip_forwarding enabled? Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Wed Aug 22 17:17:30 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 23 Aug 2001 08:17:30 +1000 Subject: [pptp-server] New to PoPToP, routing issues..? Message-ID: <200FAA488DE0D41194F10010B597610D1CEC37@jupiter.citadelcomputer.com.au> ERROR. "All this does is broadcasts the pptp clients IP address against the pptp servers LAN address" Sorry that was meant to say : "All this does is broadcasts the pptp clients IP address against the pptp servers MAC address" thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: George Vieira Sent: Thursday, August 23, 2001 7:56 AM To: 'eking at tangram.com'; 'Cowles, Steve'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? Using proxyarp is so the PPTP server accepts packets on behalf of the pptp client. When a LAN machine pings the pptp client's IP, the pptp server will relay the ping across, without proxyarp the pptp server ignores the packets destined to the pptp client. THIS MUST BE ON THE SAME SUBNET.. proxyarp helps make the pptp client truely appear to be on the LAN but isn't physically. All this does is broadcasts the pptp clients IP address against the pptp servers LAN address. All the local workstations will have an ARP table saying that to reach the pptp clients IP, send packets to this MAC address (which really is the pptp server). Simple solution for you problem, use an IP on the same subnet as your LAN network... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Ed King [mailto:eking at tangram.com] Sent: Thursday, August 23, 2001 12:28 AM To: George Vieira; 'Cowles, Steve'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? So, let me get this straight, on the proxyarp issue, we use 172.16 addresses on our LAN and use the 192.168 addresses for the PPTP clients and I see the "can't find ehternet device for proxy arp". What does this message signify? I am starting to work on getting Network Browsing to work on the clients and have just started looking at this issue, will this affect Network Browsing? -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira Sent: Tuesday, August 21, 2001 18:38 To: 'Cowles, Steve'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? You do have a point about the 10 Class A subnet and it's mask but you can't use proxyarp if the LAN IP is different to the PPTP IP addresses... it'll say "Can't find ethernet device for proxy arp". The first 10.19.23.0 is specifying the gateway and the other is just a network route for it. Some machines do this and others don't it's quite weird... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Cowles, Steve [mailto:Steve at SteveCowles.com] Sent: Wednesday, August 22, 2001 8:26 AM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? > -----Original Message----- > From: Chris Storer [mailto:cstorer at infinitisystems.com] > Sent: Tuesday, August 21, 2001 10:51 AM > To: Josh Howlett > Cc: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] New to PoPToP, routing issues..? > > > Ok. Just fired up a client, authenticated just fine. Client received > 10.19.33.202, with a netmask of 255.0.0.0 - is that strange?? Microsoft assigns the pptp netmask based on the class of network. In your case the 10.0.0.0 network address is considered a class A which would have a netmask of 255.0.0.0. > > Anyway...Here is from ifconfig for ppp0: > > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.19.33.200 P-t-P:10.19.33.202 > Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1490 Metric:1 > RX packets:84 errors:0 dropped:0 overruns:0 frame:0 > TX packets:31 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > Looks good... > Here is routing table: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric > Ref Use > Iface > 10.19.33.202 * 255.255.255.255 UH 0 > 0 0 ppp0 > 10.19.33.0 * 255.255.255.0 U 0 > 0 0 eth1 > 10.19.23.0 10.19.23.22 255.255.255.0 UG 0 > 0 0 eth0 > 10.19.23.0 * 255.255.255.0 U 0 > 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 > 0 0 lo > default 10.19.23.1 0.0.0.0 UG 0 > 0 0 eth0 > Looks OK!! The dual 10.19.23.0 is a little confusing though. > Here is arp table: > > ? (10.19.23.7) at 00:D0:B7:69:2A:81 [ether] on eth0 > ? (10.19.23.1) at 00:02:17:60:D6:4C [ether] on eth0 > ? (10.19.33.202) at * PERM PUP on eth1 > In your /var/log/messages file... do you see a statement that says something like "found eth1 for proxy arp" after the local/remote ip assignment??? Without eth1 acting as a proxy arp for your PPTP client, the clients/servers on your LAN will not be able to communicate with your PPTP client. Just the PPTP server itself. Also is ip_forwarding enabled? Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From steve at netwaynetworks.com.au Wed Aug 22 19:41:59 2001 From: steve at netwaynetworks.com.au (Steven Evans) Date: Thu, 23 Aug 2001 10:41:59 +1000 Subject: [pptp-server] PPTP Linux client and PPTPD encryption question. Message-ID: <118DC586DF4FD311948800A0247C044D2F41E3@ntsvr1.asgard.aus.tm> Hello, I am trying to create a vpn atm. I have installed pptpd on a linux box, installed mppe, patched ppp-2.4.1 with the 2 patches that i found on mirror.binarix.com, installed them all and rebooted. I can connect my Win2k workstation to the pptpd server with 128bit encryption with no problems. I get a event on my messages log that says this. However, whenever i connect another identically built linux box using pptp client (version 1.0.2), i see in the messages log no mention of encryption: Aug 23 09:47:37 grunt pppd[422]: Using interface ppp0 Aug 23 09:47:37 grunt pppd[422]: Connect: ppp0 <--> /dev/pts/0 Aug 23 09:47:40 grunt pppd[422]: MSCHAP-v2 peer authentication succeeded for supervisor Aug 23 09:47:40 grunt pppd[422]: Deflate (15) compression enabled Aug 23 09:47:40 grunt pppd[422]: local IP address 10.1.254.1 Aug 23 09:47:40 grunt pppd[422]: remote IP address 10.1.254.15 How can i get my second linux box to connect using encryption and using pptpd? If i cant get it working using pptp client, is there another one i can use? Thanks in advance. Cheers, Steve From GeorgeV at citadelcomputer.com.au Wed Aug 22 19:44:17 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 23 Aug 2001 10:44:17 +1000 Subject: [pptp-server] New to PoPToP, routing issues..? Message-ID: <200FAA488DE0D41194F10010B597610D1CEC3D@jupiter.citadelcomputer.com.au> Also, for this setup to work with browsing etc.. You have to ROUTE the 2 subnets as well as setup on the Linux box the smb.conf setting of: remote announce = 192.168.0.1 192.168.0.2 192.168.0.3 etc..etc.. so that different subnets get these network browse lists... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Ed King [mailto:eking at tangram.com] Sent: Thursday, August 23, 2001 12:28 AM To: George Vieira; 'Cowles, Steve'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? So, let me get this straight, on the proxyarp issue, we use 172.16 addresses on our LAN and use the 192.168 addresses for the PPTP clients and I see the "can't find ehternet device for proxy arp". What does this message signify? I am starting to work on getting Network Browsing to work on the clients and have just started looking at this issue, will this affect Network Browsing? -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira Sent: Tuesday, August 21, 2001 18:38 To: 'Cowles, Steve'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? You do have a point about the 10 Class A subnet and it's mask but you can't use proxyarp if the LAN IP is different to the PPTP IP addresses... it'll say "Can't find ethernet device for proxy arp". The first 10.19.23.0 is specifying the gateway and the other is just a network route for it. Some machines do this and others don't it's quite weird... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Cowles, Steve [mailto:Steve at SteveCowles.com] Sent: Wednesday, August 22, 2001 8:26 AM To: pptp-server at lists.schulte.org Subject: RE: [pptp-server] New to PoPToP, routing issues..? > -----Original Message----- > From: Chris Storer [mailto:cstorer at infinitisystems.com] > Sent: Tuesday, August 21, 2001 10:51 AM > To: Josh Howlett > Cc: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] New to PoPToP, routing issues..? > > > Ok. Just fired up a client, authenticated just fine. Client received > 10.19.33.202, with a netmask of 255.0.0.0 - is that strange?? Microsoft assigns the pptp netmask based on the class of network. In your case the 10.0.0.0 network address is considered a class A which would have a netmask of 255.0.0.0. > > Anyway...Here is from ifconfig for ppp0: > > ppp0 Link encap:Point-to-Point Protocol > inet addr:10.19.33.200 P-t-P:10.19.33.202 > Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1490 Metric:1 > RX packets:84 errors:0 dropped:0 overruns:0 frame:0 > TX packets:31 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > Looks good... > Here is routing table: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric > Ref Use > Iface > 10.19.33.202 * 255.255.255.255 UH 0 > 0 0 ppp0 > 10.19.33.0 * 255.255.255.0 U 0 > 0 0 eth1 > 10.19.23.0 10.19.23.22 255.255.255.0 UG 0 > 0 0 eth0 > 10.19.23.0 * 255.255.255.0 U 0 > 0 0 eth0 > 127.0.0.0 * 255.0.0.0 U 0 > 0 0 lo > default 10.19.23.1 0.0.0.0 UG 0 > 0 0 eth0 > Looks OK!! The dual 10.19.23.0 is a little confusing though. > Here is arp table: > > ? (10.19.23.7) at 00:D0:B7:69:2A:81 [ether] on eth0 > ? (10.19.23.1) at 00:02:17:60:D6:4C [ether] on eth0 > ? (10.19.33.202) at * PERM PUP on eth1 > In your /var/log/messages file... do you see a statement that says something like "found eth1 for proxy arp" after the local/remote ip assignment??? Without eth1 acting as a proxy arp for your PPTP client, the clients/servers on your LAN will not be able to communicate with your PPTP client. Just the PPTP server itself. Also is ip_forwarding enabled? Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Wed Aug 22 19:46:29 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 23 Aug 2001 10:46:29 +1000 Subject: [pptp-server] PPTP Linux client and PPTPD encryption question . Message-ID: <200FAA488DE0D41194F10010B597610D1CEC3E@jupiter.citadelcomputer.com.au> How identical is IDENTICAL? Have you checked you DUN to have encryption turned ON on the second machine? Can the first machine (which works with encryption) connect a second time after the second machine has connected and disconnected? thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Steven Evans [mailto:steve at netwaynetworks.com.au] Sent: Thursday, August 23, 2001 10:42 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] PPTP Linux client and PPTPD encryption question. Hello, I am trying to create a vpn atm. I have installed pptpd on a linux box, installed mppe, patched ppp-2.4.1 with the 2 patches that i found on mirror.binarix.com, installed them all and rebooted. I can connect my Win2k workstation to the pptpd server with 128bit encryption with no problems. I get a event on my messages log that says this. However, whenever i connect another identically built linux box using pptp client (version 1.0.2), i see in the messages log no mention of encryption: Aug 23 09:47:37 grunt pppd[422]: Using interface ppp0 Aug 23 09:47:37 grunt pppd[422]: Connect: ppp0 <--> /dev/pts/0 Aug 23 09:47:40 grunt pppd[422]: MSCHAP-v2 peer authentication succeeded for supervisor Aug 23 09:47:40 grunt pppd[422]: Deflate (15) compression enabled Aug 23 09:47:40 grunt pppd[422]: local IP address 10.1.254.1 Aug 23 09:47:40 grunt pppd[422]: remote IP address 10.1.254.15 How can i get my second linux box to connect using encryption and using pptpd? If i cant get it working using pptp client, is there another one i can use? Thanks in advance. Cheers, Steve _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From jvonau at home.com Wed Aug 22 19:55:50 2001 From: jvonau at home.com (Jerry Vonau) Date: Wed, 22 Aug 2001 19:55:50 -0500 Subject: [pptp-server] PPTP Linux client and PPTPD encryption question. References: <118DC586DF4FD311948800A0247C044D2F41E3@ntsvr1.asgard.aus.tm> Message-ID: <3B845496.27A43BE2@home.com> Steven: Have you patched the client for encryption? Just patch it the same way as for poptop. Setup the /etc/ppp/options file with the options for encryption? Jerry Vonau Steven Evans wrote: > > Hello, > > I am trying to create a vpn atm. I have installed pptpd on a linux box, > installed mppe, patched ppp-2.4.1 with the 2 patches that i found on > mirror.binarix.com, installed them all and rebooted. > > I can connect my Win2k workstation to the pptpd server with 128bit > encryption with no problems. I get a event on my messages log that says > this. > > However, whenever i connect another identically built linux box using pptp > client (version 1.0.2), i see in the messages log no mention of encryption: > > Aug 23 09:47:37 grunt pppd[422]: Using interface ppp0 > Aug 23 09:47:37 grunt pppd[422]: Connect: ppp0 <--> /dev/pts/0 > Aug 23 09:47:40 grunt pppd[422]: MSCHAP-v2 peer authentication succeeded for > supervisor > Aug 23 09:47:40 grunt pppd[422]: Deflate (15) compression enabled > Aug 23 09:47:40 grunt pppd[422]: local IP address 10.1.254.1 > Aug 23 09:47:40 grunt pppd[422]: remote IP address 10.1.254.15 > > How can i get my second linux box to connect using encryption and using > pptpd? If i cant get it working using pptp client, is there another one i > can use? > > Thanks in advance. > > Cheers, > Steve > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From steve at netwaynetworks.com.au Wed Aug 22 19:58:04 2001 From: steve at netwaynetworks.com.au (Steven Evans) Date: Thu, 23 Aug 2001 10:58:04 +1000 Subject: [pptp-server] PPTP Linux client and PPTPD encryption question . Message-ID: <118DC586DF4FD311948800A0247C044D2F41E4@ntsvr1.asgard.aus.tm> heya thanks for the quick reply. The second linux box has the same configuration as the first. Infact i can get my Win2k client to connect to that box using encryption the same as it can connect to the first. Its just that they cannot connect to each other using encryption. Cheers, Steve -----Original Message----- From: George Vieira [mailto:GeorgeV at citadelcomputer.com.au] Sent: Thursday, 23 August 2001 10:46 AM To: 'Steven Evans'; 'pptp-server at lists.schulte.org' Subject: RE: [pptp-server] PPTP Linux client and PPTPD encryption question . How identical is IDENTICAL? Have you checked you DUN to have encryption turned ON on the second machine? Can the first machine (which works with encryption) connect a second time after the second machine has connected and disconnected? thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Steven Evans [mailto:steve at netwaynetworks.com.au] Sent: Thursday, August 23, 2001 10:42 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] PPTP Linux client and PPTPD encryption question. Hello, I am trying to create a vpn atm. I have installed pptpd on a linux box, installed mppe, patched ppp-2.4.1 with the 2 patches that i found on mirror.binarix.com, installed them all and rebooted. I can connect my Win2k workstation to the pptpd server with 128bit encryption with no problems. I get a event on my messages log that says this. However, whenever i connect another identically built linux box using pptp client (version 1.0.2), i see in the messages log no mention of encryption: Aug 23 09:47:37 grunt pppd[422]: Using interface ppp0 Aug 23 09:47:37 grunt pppd[422]: Connect: ppp0 <--> /dev/pts/0 Aug 23 09:47:40 grunt pppd[422]: MSCHAP-v2 peer authentication succeeded for supervisor Aug 23 09:47:40 grunt pppd[422]: Deflate (15) compression enabled Aug 23 09:47:40 grunt pppd[422]: local IP address 10.1.254.1 Aug 23 09:47:40 grunt pppd[422]: remote IP address 10.1.254.15 How can i get my second linux box to connect using encryption and using pptpd? If i cant get it working using pptp client, is there another one i can use? Thanks in advance. Cheers, Steve _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From steve at netwaynetworks.com.au Wed Aug 22 20:02:57 2001 From: steve at netwaynetworks.com.au (Steven Evans) Date: Thu, 23 Aug 2001 11:02:57 +1000 Subject: [pptp-server] PPTP Linux client and PPTPD encryption question . Message-ID: <118DC586DF4FD311948800A0247C044D2F41E5@ntsvr1.asgard.aus.tm> Heya Which options should i add into the second linux boxes' options file? Thanks Steve -----Original Message----- From: Jerry Vonau [mailto:jvonau at home.com] Sent: Thursday, 23 August 2001 10:56 AM To: Steven Evans Cc: 'pptp-server at lists.schulte.org' Subject: Re: [pptp-server] PPTP Linux client and PPTPD encryption question. Steven: Have you patched the client for encryption? Just patch it the same way as for poptop. Setup the /etc/ppp/options file with the options for encryption? Jerry Vonau Steven Evans wrote: > > Hello, > > I am trying to create a vpn atm. I have installed pptpd on a linux box, > installed mppe, patched ppp-2.4.1 with the 2 patches that i found on > mirror.binarix.com, installed them all and rebooted. > > I can connect my Win2k workstation to the pptpd server with 128bit > encryption with no problems. I get a event on my messages log that says > this. > > However, whenever i connect another identically built linux box using pptp > client (version 1.0.2), i see in the messages log no mention of encryption: > > Aug 23 09:47:37 grunt pppd[422]: Using interface ppp0 > Aug 23 09:47:37 grunt pppd[422]: Connect: ppp0 <--> /dev/pts/0 > Aug 23 09:47:40 grunt pppd[422]: MSCHAP-v2 peer authentication succeeded for > supervisor > Aug 23 09:47:40 grunt pppd[422]: Deflate (15) compression enabled > Aug 23 09:47:40 grunt pppd[422]: local IP address 10.1.254.1 > Aug 23 09:47:40 grunt pppd[422]: remote IP address 10.1.254.15 > > How can i get my second linux box to connect using encryption and using > pptpd? If i cant get it working using pptp client, is there another one i > can use? > > Thanks in advance. > > Cheers, > Steve > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Wed Aug 22 20:31:30 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 23 Aug 2001 11:31:30 +1000 Subject: [pptp-server] RE: pptp tunnel from win200 client to linux box Message-ID: <200FAA488DE0D41194F10010B597610D1CEC43@jupiter.citadelcomputer.com.au> Arrgh white on white.. I hate Outlook!!! back to the problem.. You have treated this link as a modem, I would take those settings out to start with. Here's an example of mine: name firewall mru 1450 mtu 1450 auth refuse-pap # require-mppe require-chap proxyarp +chap +chapms +chapms-v2 mppe-128 mppe-stateless ms-wins xx.xx.xx.xx lcp-echo-failure 60 lcp-echo-interval 5 so take out the "asyncmap 0" "modem" "crtscts" as these aren't needed for pptp speed = 1920 ???????? I take that as a typo.. right? There is not much left that I can think of to cause any problems.... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Kerry Jean [mailto:k.jean at ee.ucl.ac.uk] Sent: Thursday, August 23, 2001 2:17 AM To: pptp-server at lists.schulte.org Cc: George Vieira Subject: pptp tunnel from win200 client to linux box Hi, Thank you to everyone who answered my previous request for help especially Mr. Vieria. I am attempting make a pptp connection between a win2000 client and a linux server running poptop. The two machines dialed out to an ISP and obtained dynamic IP addresses. But when I try to make the pptp vpn between the client and server by I cannot connect. the win2000 client gives me error 619: the specified port is not connected. Can anyone help me please. The log from the linux machine is given below and also the pptpd.conf and pptp-options files. Thank you very much for your assistance. Kerry Jean Debug information for session when a PPP link to an ISP was already active and then a PPTP tunnel was attempted between the two machines. Aug 20 19:53:07 mcbrain pptpd[18812]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: local address = 10.0.1.1 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: remote address = 10.0.1.3 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: pppd speed = 19200 Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: pppd options file = /etc/ppp/pptpd-options Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 1) Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Made a START CTRL CONN RPLY packet Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: I wrote 156 bytes to the client. Aug 20 19:53:07 mcbrain pptpd[18812]: CTRL: Sent packet to client Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 7) Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Set parameters to 1525 maxbps, 64 window size Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Made a OUT CALL RPLY packet Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: pty_fd = 5 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: tty_fd = 6 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: I wrote 32 bytes to the client. Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): Connection speed = 19200 Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): local address = 10.0.1.1 Aug 20 19:53:08 mcbrain pptpd[18813]: CTRL (PPPD Launcher): remote address = 10.0.1.3 Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Sent packet to client Aug 20 19:53:08 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Received PPTP Control Message (type: 15) Aug 20 19:53:08 mcbrain pptpd[18812]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 20 19:53:11 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:12 mcbrain pppd[18781]: sent [LCP EchoReq id=0xb magic=0x2a19db7b] Aug 20 19:53:12 mcbrain pppd[18781]: rcvd [LCP EchoRep id=0xb magic=0xe557df97] Aug 20 19:53:14 mcbrain pppd[18813]: sent [LCP ConfReq id=0x1 ] Aug 20 19:53:35 mcbrain last message repeated 7 times Aug 20 19:53:38 mcbrain pptpd[18812]: CTRL: Exiting now Aug 20 19:53:38 mcbrain pptpd[18447]: MGR: Reaped child 18812 This is the pptp-options file being used. #This is the pptp-options files used to configure the pptp tunnels. -detach debug auth require-chap #require-chapms #require-chapms-v2 +chap #+chapms #+chapms-v2 #mppe-40 #mppe-128 #mppe-stateless asyncmap 0 modem crtscts lock #proxyarp ms-dns 10.0.1.1 netmask 255.255.255.0 nodefaultroute This is the pptp.conf file being used. #PoPToP configuration file for PoPToP version 0.9.12 #pptpd.conf file speed 1920 option /etc/ppp/pptpd-options debug localip 10.0.1.1 remoteip 10.0.1.2-10 From stan at rogge.net Wed Aug 22 22:48:16 2001 From: stan at rogge.net (Stan A. Rogge) Date: Wed, 22 Aug 2001 22:48:16 -0500 Subject: [pptp-server] Cisco 800 series issues? References: <998490951.3b83c347731a5@cyclops.gothambroadband.com> Message-ID: <006201c12b86$7199c740$fd01a8c0@harmonic.com> If I remember correctly the early software releases for the 800 series had software bugs preventing a PPTP tunnel from being possible where the client was behind it and the server somewhere else over the Internet. A software fix was made available. This was last summer 2000. How old is your router's IOS? ----- Original Message ----- From: "Chris Kalos" To: Sent: Wednesday, August 22, 2001 9:35 AM Subject: [pptp-server] Cisco 800 series issues? > I've got a Poptop VPN that normally works perfectly. Now I'm trying to get it > working over an ISDN link on a Cisco 800 with the IP (or IP Firewall) feature > set. While the router can support GRE, this one does not, and as a result, I'm > consistently getting this error: > > Aug 22 10:22:56 thing pppd[22632]: LCP: timeout sending Config-Requests > Aug 22 10:22:56 thing pppd[22632]: Connection terminated. > > I know that this means that a GRE tunnel can't be created. What I don't know > is if there is any way to allow the protocol to get past the router. I don't > need to do router to router VPN, I just want to make a Win2K system connect to > the VPN server, as one would normally do. > > If this isn't an option, then I may have to move on to upgrading the 800 series > router and setting it up as a VPN server. If I have to do this, is there any > sensible way to make the 800 series talk to Poptop, or do I have to move on to > an IPSec based VPN solution? > > > Thank you, > Christopher Kalos > Systems Administrator > Gotham Broadband > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From ckalos at gothambroadband.com Thu Aug 23 05:19:29 2001 From: ckalos at gothambroadband.com (Chris Kalos) Date: Thu, 23 Aug 2001 06:19:29 -0400 (EDT) Subject: [pptp-server] Cisco 800 series issues? In-Reply-To: <006201c12b86$7199c740$fd01a8c0@harmonic.com> References: <998490951.3b83c347731a5@cyclops.gothambroadband.com> <006201c12b86$7199c740$fd01a8c0@harmonic.com> Message-ID: <998561969.3b84d8b1535bf@cyclops.gothambroadband.com> We're running 12.0.7T of IOS, but were running 12.0.4 yesterday. Another problem that I'm seeing now is that the dialup ISDN service that we're accessing only provides the single IP for the router, thus forcing us to use NAT for any system behind this router. Since I'm trying to run a client-server VPN, and not router-to-router, could this cause any problems? The VPN server (which, again, works fine in most other cases) is also on a NAT network back home, having gre and port 1723 forwarded to it. Thanks again, CK Quoting "Stan A. Rogge" : > If I remember correctly the early software releases for the 800 series > had software bugs preventing a PPTP tunnel from being possible where the > client was behind it and the server somewhere else over the Internet. A > software fix was made available. This was last summer 2000. How old is > your router's IOS? > > ----- Original Message ----- > From: "Chris Kalos" > To: > Sent: Wednesday, August 22, 2001 9:35 AM > Subject: [pptp-server] Cisco 800 series issues? > > > > I've got a Poptop VPN that normally works perfectly. Now I'm trying > to get it > > working over an ISDN link on a Cisco 800 with the IP (or IP Firewall) > feature > > set. While the router can support GRE, this one does not, and as a > result, I'm > > consistently getting this error: > > > > Aug 22 10:22:56 thing pppd[22632]: LCP: timeout sending > Config-Requests > > Aug 22 10:22:56 thing pppd[22632]: Connection terminated. > > > > I know that this means that a GRE tunnel can't be created. What I > don't know > > is if there is any way to allow the protocol to get past the router. > I don't > > need to do router to router VPN, I just want to make a Win2K system > connect to > > the VPN server, as one would normally do. > > > > If this isn't an option, then I may have to move on to upgrading the > 800 series > > router and setting it up as a VPN server. If I have to do this, is > there any > > sensible way to make the 800 series talk to Poptop, or do I have to > move on to > > an IPSec based VPN solution? > > > > > > Thank you, > > Christopher Kalos > > Systems Administrator > > Gotham Broadband > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From allendmoore at earthlink.net Thu Aug 23 09:16:58 2001 From: allendmoore at earthlink.net (Allen Moore) Date: Thu, 23 Aug 2001 07:16:58 -0700 Subject: [pptp-server] New setup help... NAT on FLowPoint router Message-ID: <000101c12bde$458eb900$b0ae0142@tus22601> I have successfully configured pptpd to function within my small lan; however, calls from the outside via the internet go unanswered. I fear that my FlowPoint DSL router may be the culprit. I have NAT enabled & calls to WEB, TELNET & FTP services properly forwarded to my server and have added a NAT entry for TCP port 1723; however when I try to add protocol 47 (GRE) I get a 'bad protocol' message from my router. Anyone here have any FlowPoint experience? Is my suspicion correct that I must replace the router? What is an inexpensive DSL router known to work w/ PoPToP? For remote access via the internet, I assume that the pptpd.conf file still uses the servers own ip as the localip, even though from the outside we login to the gateway (external) ip on the router, or am I missing something here, too? TIA for any help! Allen "new to the list" Moore allendmoore at earthlink.net From cstorer at infinitisystems.com Thu Aug 23 09:30:01 2001 From: cstorer at infinitisystems.com (Chris Storer) Date: Thu, 23 Aug 2001 10:30:01 -0400 Subject: [pptp-server] New setup help... NAT on FLowPoint router In-Reply-To: <000101c12bde$458eb900$b0ae0142@tus22601> Message-ID: Here is the VPN/PPTP entry for the flowpoint ip filter at one of my clients... ------------------------------------------- remote ipfilter insert input accept -p 47 internet remote ipfilter insert output accept -p 47 internet remote ipfilter insert input accept -p tcp -dp 1723 internet remote ipfilter insert output accept -p tcp -sp 1723 internet -------------------------------------------- Obviously, if you're public interface isn't called "internet", you'll need to change that. This is running correctly on a flowpoint...I think it's a 5600 series... Hope this helps in some way shape or form. Chris Storer Manager, Network Services Infiniti Systems Group, Inc. A Weatherhead 100 Company www.infinitisystems.com cstorer at infinitisystems.com > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Allen Moore > Sent: Thursday, August 23, 2001 10:17 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] New setup help... NAT on FLowPoint router > > > I have successfully configured pptpd to function within my small lan; > however, calls from the outside via the internet go unanswered. I fear > that my FlowPoint DSL router may be the culprit. > > I have NAT enabled & calls to WEB, TELNET & FTP services properly > forwarded to my server and have added a NAT entry for TCP port 1723; > however when I try to add protocol 47 (GRE) I get a 'bad protocol' > message from my router. > > Anyone here have any FlowPoint experience? Is my suspicion correct that > I must replace the router? What is an inexpensive DSL router known to > work w/ PoPToP? For remote access via the internet, I assume that the > pptpd.conf file still uses the servers own ip as the localip, even > though from the outside we login to the gateway (external) ip on the > router, or am I missing something here, too? > > TIA for any help! > > Allen "new to the list" Moore > allendmoore at earthlink.net > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From ckhui at school.net.hk Thu Aug 23 14:10:16 2001 From: ckhui at school.net.hk (Hui Chun Kit) Date: Fri, 24 Aug 2001 03:10:16 +0800 Subject: [pptp-server] Simple question on MPPE Message-ID: <3B855518.E5AA114B@school.net.hk> Dear, Just simple question on MPPE. I've been using a patched PopTop server to authenicate users with a samba passwd file and mppe enabled which is working fine. However, I want to ask if it is possible to use radius or ldap instead if I still want to use mppe? What should I do? I knew that (from some mails months ago) mppe will not work with PAM because of some reasons that the NT password hash must be known to the poptop server? is this still true? if so, what can I do if I want to use radius or ldap to store all the user information? what patches should I apply? Please advise. Thanks x 10000000 -- Best Rgds, Jacky Hui Hong Kong -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2018 bytes Desc: S/MIME Cryptographic Signature URL: From charlieb at e-smith.com Thu Aug 23 14:45:25 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 23 Aug 2001 15:45:25 -0400 (EDT) Subject: [pptp-server] Simple question on MPPE In-Reply-To: <3B855518.E5AA114B@school.net.hk> Message-ID: On Fri, 24 Aug 2001, Hui Chun Kit wrote: > this still true? if so, what can I do if I want to use > radius or ldap to store all the user information? what > patches should I apply? The one you craft yourself. Or, failing that, the one that you commission from someone else. :-) [In other words, AFAIK, there isn't such a patch available.] -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From allen at mail-masters.com Thu Aug 23 16:53:31 2001 From: allen at mail-masters.com (Allen D. Moore) Date: Thu, 23 Aug 2001 14:53:31 -0700 Subject: [pptp-server] re: New setup help... ***continued- new question*** Message-ID: <001b01c12c1e$0cebb720$09fea8c0@dakotacom.net> First, thanks for all the kind, quick & knowledgeable responses to my prior question. Special thanks to Chris Storer for the very specific router instructions for my FlowPoint. Now for my next issue- I am running SuSE 7.2 and can connect locally to the PPTP server within my WAN, yet, when trying to connect from a remote machine via the internet I get the error massage: Error 751: The remote computer refused the connection. I seem to be getting through the router now, yet something is still fubar with my configuration. Any suggestions on a starting place would help! TIA again... -Allen Moore allendmoore at earthlink.net Allen Moore wrote: > I have successfully configured pptpd to function within my small lan; > however, calls from the outside via the internet go unanswered. I fear > that my FlowPoint DSL router may be the culprit. > > I have NAT enabled & calls to WEB, TELNET & FTP services properly > forwarded to my server and have added a NAT entry for TCP port 1723; > however when I try to add protocol 47 (GRE) I get a 'bad protocol' > message from my router. > > Anyone here have any FlowPoint experience? Is my suspicion correct that > I must replace the router? What is an inexpensive DSL router known to > work w/ PoPToP? For remote access via the internet, I assume that the > pptpd.conf file still uses the servers own ip as the localip, even > though from the outside we login to the gateway (external) ip on the > router, or am I missing something here, too? > > TIA for any help! > > Allen "new to the list" Moore > allendmoore at earthlink.net From matt at prosapia.com Thu Aug 23 14:37:38 2001 From: matt at prosapia.com (matt at prosapia.com) Date: Thu, 23 Aug 2001 12:37:38 -0700 Subject: [pptp-server] PPTP scalability? Message-ID: <5.1.0.14.2.20010823123640.04063068@prosapia.com> Does anyone know how well PPTP scales? I am looking for a VPN solution that 100+ Windows users can access. Thanks. -Matt From JaminC at adapt-tele.com Thu Aug 23 21:38:20 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Thu, 23 Aug 2001 21:38:20 -0500 Subject: [pptp-server] PPTP scalability? Message-ID: matt at prosapia.com [mailto:matt at prosapia.com] wrote: > Does anyone know how well PPTP scales? I assume you are refering to the PoPToP implimentation of PPTP for linux. If so, I seem to recall that there is a limit in the code currently for 100 connections. However, indications are that it is simply a limit in how connections are tracked. That is to say that if the tracking/allocation code were adjusted to not have a hardcoded 100 limitation in the algorithm that the rest of the PoPToP implimentation would still work. > I am looking for a VPN solution that > 100+ Windows users can access. Thanks. Jamin W. Collins From GeorgeV at citadelcomputer.com.au Thu Aug 23 21:38:22 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 24 Aug 2001 12:38:22 +1000 Subject: [pptp-server] PPTP scalability? Message-ID: <200FAA488DE0D41194F10010B597610D1CEC62@jupiter.citadelcomputer.com.au> Am I wrong in saying that there is nothing stppoing the chance of running 2 copies of pptpd with each listening on a different IP and seperate pptpd.conf's? should work write? you'll then only reach the next limit which is it pty's at 256 or something..... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Jamin Collins [mailto:JaminC at adapt-tele.com] Sent: Friday, August 24, 2001 12:38 PM To: 'matt at prosapia.com'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] PPTP scalability? matt at prosapia.com [mailto:matt at prosapia.com] wrote: > Does anyone know how well PPTP scales? I assume you are refering to the PoPToP implimentation of PPTP for linux. If so, I seem to recall that there is a limit in the code currently for 100 connections. However, indications are that it is simply a limit in how connections are tracked. That is to say that if the tracking/allocation code were adjusted to not have a hardcoded 100 limitation in the algorithm that the rest of the PoPToP implimentation would still work. > I am looking for a VPN solution that > 100+ Windows users can access. Thanks. Jamin W. Collins _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From ckhui at school.net.hk Thu Aug 23 21:50:25 2001 From: ckhui at school.net.hk (Hui Chun Kit) Date: Fri, 24 Aug 2001 10:50:25 +0800 Subject: [pptp-server] Simple question on MPPE References: Message-ID: <3B85C0F1.895F417F@school.net.hk> Dear , That means I still cannot use MPPE with PAM. Then how about LDAP and MPPE or Radius and MPPE? Or how about using LDAP / Radius alone? Charlie Brady wrote: > > On Fri, 24 Aug 2001, Hui Chun Kit wrote: > > > this still true? if so, what can I do if I want to use > > radius or ldap to store all the user information? what > > patches should I apply? > > The one you craft yourself. Or, failing that, the one that you commission > from someone else. :-) > > [In other words, AFAIK, there isn't such a patch available.] > > -- > > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 -- Best Rgds, Jacky Hui Hong Kong -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2018 bytes Desc: S/MIME Cryptographic Signature URL: From neale at lowendale.com.au Thu Aug 23 22:58:51 2001 From: neale at lowendale.com.au (Neale Banks) Date: Fri, 24 Aug 2001 13:58:51 +1000 (EST) Subject: [pptp-server] PPTP scalability? In-Reply-To: Message-ID: On Thu, 23 Aug 2001, Jamin Collins wrote: > matt at prosapia.com [mailto:matt at prosapia.com] wrote: > > Does anyone know how well PPTP scales? > > I assume you are refering to the PoPToP implimentation of PPTP for linux. > If so, I seem to recall that there is a limit in the code currently for 100 > connections. However, indications are that it is simply a limit in how > connections are tracked. That is to say that if the tracking/allocation > code were adjusted to not have a hardcoded 100 limitation in the algorithm > that the rest of the PoPToP implimentation would still work. Would you be refering to the limit of 100 ppp devices? That's in linux/net/core/dev.c and doesn't appear to be exclusive to ppp devices - snippet from 2.4.6: ----------------------------------8<---------------------------------- /** * dev_alloc_name - allocate a name for a device * @dev: device * @name: name format string * * Passed a format string - eg "lt%d" it will try and find a suitable * id. Not efficient for many devices, not called a lot. The caller * must hold the dev_base or rtnl lock while allocating the name and * adding the device in order to avoid duplicates. Returns the number * of the unit assigned or a negative errno code. */ int dev_alloc_name(struct net_device *dev, const char *name) { int i; char buf[32]; /* * If you need over 100 please also fix the algorithm... */ for (i = 0; i < 100; i++) { sprintf(buf,name,i); if (__dev_get_by_name(buf) == NULL) { strcpy(dev->name, buf); return i; } } return -ENFILE; /* Over 100 of the things .. bail out! */ } ----------------------------------8<---------------------------------- This looks like it would "work" if you s/100/200/ but doing a serial search for a free device like that is not a Good Idea. The key comment is "Not efficient for many devices" - with the implication that "many" is approx >=100. HTH Neale (who's sure he's posted this before). From mikael.lonnroth at advancevpn.com Fri Aug 24 00:34:06 2001 From: mikael.lonnroth at advancevpn.com (Mikael =?iso-8859-1?q?L=F6nnroth?=) Date: Fri, 24 Aug 2001 08:34:06 +0300 Subject: [pptp-server] PPTP scalability? In-Reply-To: <200FAA488DE0D41194F10010B597610D1CEC62@jupiter.citadelcomputer.com.au> References: <200FAA488DE0D41194F10010B597610D1CEC62@jupiter.citadelcomputer.com.au> Message-ID: <01082408340601.10982@secure.advancevpn.com> Hi there, I hope you're not wrong, but does anyone know of a way to inform Windows clients of the new port? Regards, Mikael L?nnroth mikael.lonnroth at advancevpn.com htto://www.advancevpn.com On Friday 24 August 2001 5:38 am, you wrote: > Am I wrong in saying that there is nothing stppoing the chance of running 2 > copies of pptpd with each listening on a different IP and seperate > pptpd.conf's? > > should work write? you'll then only reach the next limit which is it pty's > at 256 or something..... > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > PH +(61)2 9955 2644 > FX +(61)2 9955 2659 From neale at lowendale.com.au Fri Aug 24 00:31:58 2001 From: neale at lowendale.com.au (Neale Banks) Date: Fri, 24 Aug 2001 15:31:58 +1000 (EST) Subject: [pptp-server] PPTP scalability? In-Reply-To: <01082408340601.10982@secure.advancevpn.com> Message-ID: I think George meant to user the standard TCP port etc but use two (or more) IP addresses, each with its own PPTPd... HTH, Neale. On Fri, 24 Aug 2001, Mikael [iso-8859-1] L?nnroth wrote: > Hi there, > > I hope you're not wrong, but does anyone know of a way to inform Windows > clients of the new port? > > Regards, > Mikael L?nnroth > mikael.lonnroth at advancevpn.com > htto://www.advancevpn.com > > On Friday 24 August 2001 5:38 am, you wrote: > > Am I wrong in saying that there is nothing stppoing the chance of running 2 > > copies of pptpd with each listening on a different IP and seperate > > pptpd.conf's? > > > > should work write? you'll then only reach the next limit which is it pty's > > at 256 or something..... > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > PH +(61)2 9955 2644 > > FX +(61)2 9955 2659 > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From bjorn at linpro.no Fri Aug 24 00:36:07 2001 From: bjorn at linpro.no (=?iso-8859-1?q?Bj=F8rn?= Ruberg) Date: 24 Aug 2001 07:36:07 +0200 Subject: [pptp-server] PPTP scalability? In-Reply-To: Mikael=?iso-8859-1?q?_L=F6nnroth's?= message of "Fri, 24 Aug 2001 08:34:06 +0300" References: <200FAA488DE0D41194F10010B597610D1CEC62@jupiter.citadelcomputer.com.au> <01082408340601.10982@secure.advancevpn.com> Message-ID: Mikael L?nnroth writes: > Hi there, > > I hope you're not wrong, but does anyone know of a way to inform Windows > clients of the new port? What was suggested was running a separate daemon on another IP address, not on another port. > On Friday 24 August 2001 5:38 am, you wrote: > > Am I wrong in saying that there is nothing stppoing the chance of running 2 > > copies of pptpd with each listening on a different IP and seperate > > pptpd.conf's? > > > > should work write? you'll then only reach the next limit which is it pty's > > at 256 or something..... I can confirm that running two and more pptpd's on different IP addresses with separate pptpd.conf files does indeed work. Last time I did this, I used this solution to allow for different degrees of encryption according to the IP address that was contacted - thereby allowing Windows clients that would not encrypt properly to access resources in the network. -- Bj?rn Ruberg, Linpro AS bjorn at linpro.no The more you scream, the less you hear. (Fish) From GeorgeV at citadelcomputer.com.au Fri Aug 24 00:37:49 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 24 Aug 2001 15:37:49 +1000 Subject: [pptp-server] PPTP scalability? Message-ID: <200FAA488DE0D41194F10010B597610D1CEC6C@jupiter.citadelcomputer.com.au> yes your right.. simulating 2 pptpd servers running on the same box.. obviously with 2 different IPs.. Then use DNS to have 2 machine IPs on the same name.domain.com thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Neale Banks [mailto:neale at lowendale.com.au] Sent: Friday, August 24, 2001 3:32 PM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPTP scalability? This message uses a character set that is not supported by the Internet Service. To view the original message content, open the attached message. If the text doesn't display correctly, save the attachment to disk, and then open it using a viewer that can display the original character set. From mikael.lonnroth at advancevpn.com Fri Aug 24 00:48:39 2001 From: mikael.lonnroth at advancevpn.com (Mikael =?iso-8859-1?q?L=F6nnroth?=) Date: Fri, 24 Aug 2001 08:48:39 +0300 Subject: [pptp-server] PPTP scalability? In-Reply-To: <200FAA488DE0D41194F10010B597610D1CEC6C@jupiter.citadelcomputer.com.au> References: <200FAA488DE0D41194F10010B597610D1CEC6C@jupiter.citadelcomputer.com.au> Message-ID: <01082408483903.10982@secure.advancevpn.com> Hello, Yes, I'll pay more attention to actually reading what I'm commenting on in the future :) (And this reply to the public list since I'm getting around 1 mail / minute now to my personal box correcting my mistake :) ) Kindly, Mikael On Friday 24 August 2001 8:37 am, George Vieira wrote: > yes your right.. simulating 2 pptpd servers running on the same box.. > obviously with 2 different IPs.. > Then use DNS to have 2 machine IPs on the same name.domain.com > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > PH +(61)2 9955 2644 > FX +(61)2 9955 2659 > > -----Original Message----- > From: Neale Banks [mailto:neale at lowendale.com.au] > Sent: Friday, August 24, 2001 3:32 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] PPTP scalability? > > > This message uses a character set that is not supported by the Internet > Service. To view the original message content, open the attached message. > If the text doesn't display correctly, save the attachment to disk, and > then open it using a viewer that can display the original character set. > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From MJBarsalou at attglobal.net Fri Aug 24 00:09:43 2001 From: MJBarsalou at attglobal.net (Barsalou) Date: Fri, 24 Aug 2001 00:09:43 -9:00 Subject: [pptp-server] strip domain Message-ID: <3B859B47.16593.31A789@localhost> I am having trouble finding a good copy of the strip domain patch. Anyone care to point me in the right direction. I have the mppe part already...just need the ms strip domain part. Thanks. Mike From MJBarsalou at attglobal.net Fri Aug 24 00:30:35 2001 From: MJBarsalou at attglobal.net (Barsalou) Date: Fri, 24 Aug 2001 00:30:35 -9:00 Subject: [pptp-server] strip domain Message-ID: <3B85A02B.16258.44C52B@localhost> I am using the 2.4 kernel. Mike From tomten at algonet.se Fri Aug 24 04:25:11 2001 From: tomten at algonet.se (Fredrik) Date: Fri, 24 Aug 2001 11:25:11 +0200 (CEST) Subject: [pptp-server] Different VPN password & Windows password question. Message-ID: <6270820.998645111725.JavaMail.root@suntea.algonet.se> Hi, We have set up a PPTPd server and every thing is working fine, but in order for us to deploy it we have some security requirements. Is there a way to have different passwords for the VPN server and the MS network, as it is now a break in into the Linux VPN server would show all the password for the whole network in clear text. This is not acceptable (our boss does not even give sysadmins his password). I?ve spent some time looking for some info but no luck. The clients are Win 2000 machines and the server is Redhat 7.1 kernel 2.4.2. patched & ready. From akerr at uol.com.br Fri Aug 24 07:37:17 2001 From: akerr at uol.com.br (Americo Kerr Azevedo) Date: Fri, 24 Aug 2001 09:37:17 -0300 Subject: RES: [pptp-server] strip domain In-Reply-To: <3B859B47.16593.31A789@localhost> Message-ID: I'm searching for the same patch (strip domain)... It would be good if it could be posted on the "mirror.binarix.com"... -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Barsalou Enviada em: sexta-feira, 24 de agosto de 2001 06:10 Para: pptp-server at lists.schulte.org Assunto: [pptp-server] strip domain I am having trouble finding a good copy of the strip domain patch. Anyone care to point me in the right direction. I have the mppe part already...just need the ms strip domain part. Thanks. Mike _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From americo at rhesus.com Fri Aug 24 07:51:06 2001 From: americo at rhesus.com (Americo Kerr Azevedo) Date: Fri, 24 Aug 2001 09:51:06 -0300 Subject: [pptp-server] (no subject) Message-ID: Hi, I'm sorry (this is the second message I send in less than 5 minutes). I think I found the "strip domain" patch, in http://lists.schulte.org/pipermail/pptp-server/1999-September/005679.html but I'm searching the "require-mppe" patch. Does anyone know where can I find? Thanks, Americo Kerr From gimli at momsquad.net Fri Aug 24 08:52:30 2001 From: gimli at momsquad.net (Tom Hallberg) Date: Fri, 24 Aug 2001 15:52:30 +0200 Subject: [pptp-server] VPN problem Message-ID: <4.3.1.0.20010824154807.026c17e8@pop3.norton.antivirus> Hi is it possible to run a pptpd on a freebsd server that doesnt have a ISP FW and than I have a computer thats behind an ISP FW and all ports are closed so no one can connect to me.. and run an pptp client and connect to that server and make an VPN ? My computer ISP FW My internet IP serverwithout ISP FW 10.252.1.182 -> 193.*.*.* 213.*.*.* From john at snake.supranet.net Fri Aug 24 09:36:17 2001 From: john at snake.supranet.net (John Heyer) Date: Fri, 24 Aug 2001 09:36:17 -0500 (CDT) Subject: [pptp-server] VPN problem In-Reply-To: <4.3.1.0.20010824154807.026c17e8@pop3.norton.antivirus> Message-ID: If your ISP assigns non-routable addresses, you can't run any type of server, including VPN. In order to set a PPTP server working behind a firewall, you will have to open port 1723 (tcp) and make sure it can pass the GRE protocol. On Fri, 24 Aug 2001, Tom Hallberg wrote: > Hi > is it possible to run a pptpd on a freebsd server that doesnt have a ISP FW > and than I have a computer thats behind an ISP FW and all ports are closed > so no one can connect to me.. and run an pptp client and connect to that > server and make an VPN ? > > My computer ISP FW My internet > IP serverwithout ISP FW > > 10.252.1.182 > -> 193.*.*.* 213.*.*.* > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > -- Johh Heyer - john at personal.supranet.net - http://heyer.supranet.net "Me fail English? That's unpossible!" -- Ralph Wiggam From allendmoore at earthlink.net Fri Aug 24 09:40:22 2001 From: allendmoore at earthlink.net (Allen Moore) Date: Fri, 24 Aug 2001 07:40:22 -0700 Subject: [pptp-server] Error 751 Message-ID: <000501c12caa$b57b3e60$b0ae0142@tus22601> I am running SuSE 7.2 and can connect locally to the PPTP server within my LAN, yet, when trying to connect from a remote machine via the internet I get the error massage: Error 751: The remote computer refused the connection. I seem to be getting through the router now, yet something is still fubar with my configuration. Any suggestions on a starting place would help! TIA, -Allen Moore allendmoore at earthlink.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From ckalos at gothambroadband.com Fri Aug 24 10:17:44 2001 From: ckalos at gothambroadband.com (Chris Kalos) Date: Fri, 24 Aug 2001 11:17:44 -0400 (EDT) Subject: [pptp-server] Win2k VPN Message-ID: <998666264.3b867018312bb@cyclops.gothambroadband.com> I've moved away from the Cisco with limited success. Using a Win2k Pro system running an ISDN link, I can access the VPN and use Internet Connection Sharing to let the local LAN I've created access this VPN as well. However, while the other machines use this system (192.168.0.1) as the default gateway, this system will not route traffic to anything that isn't going over the VPN interface. As a result, I cannot access external resources from the clients on the network. For this to work satisfactorily, I need to be able to connect to resources outside of the VPN as well as inside. I'll assume that this is a limitation of the Win2k NAT implementation. Are they any ways to get around this? Thanks CK From matt at myfrancis.net Fri Aug 24 14:32:24 2001 From: matt at myfrancis.net (Matt Francis) Date: Fri, 24 Aug 2001 14:32:24 -0500 (CDT) Subject: [pptp-server] pptp dies, pid remains... Message-ID: Hey all, I have been trying to set up PoPToP for a couple of weeks now. I am running RedHat 7.1, kernel 2.4.9. I have compiled all the ppp stuff into my kernel, and tried to find tty and compile it in there too, but I am not too sure about that one. pptpd is in init.d and starts up (and quickly dies) at boot up. Error message is createHostSocket: Address already in use. I am running ppp-2.4.1-3mlx, and sending an example pptpd.log. Thanks for any help! Matt -------------- next part -------------- Aug 24 14:12:44 ns pptpd[1014]: MGR: Couldn't create host socket Aug 24 14:13:42 ns pptpd[1019]: CTRL: Client X.X.X.X control connection started Aug 24 14:13:42 ns pptpd[1019]: CTRL: Starting call (launching pppd, opening GRE) Aug 24 14:13:42 ns pppd[1021]: pppd 2.4.1 started by root, uid 0 Aug 24 14:13:42 ns pptpd[1019]: GRE: read(fd=4,buffer=804da20,len=8196) from PTY failed: status = -1 error = Input/output error Aug 24 14:13:42 ns pptpd[1019]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Aug 24 14:13:42 ns pptpd[1019]: CTRL: Client X.X.X.X control connection finished Aug 24 14:13:42 ns pppd[1021]: using channel 1 Aug 24 14:13:42 ns pppd[1021]: Using interface ppp0 Aug 24 14:13:42 ns pppd[1021]: Connect: ppp0 <--> /dev/modem Aug 24 14:13:42 ns pppd[1021]: sent [LCP ConfReq id=0x1 ] Aug 24 14:13:42 ns pppd[1021]: rcvd [LCP ConfReq id=0x1 ] Aug 24 14:13:42 ns pppd[1021]: sent [LCP ConfNak id=0x1 ] Aug 24 14:13:42 ns pppd[1021]: rcvd [LCP ConfNak id=0x1 ] Aug 24 14:13:42 ns pppd[1021]: sent [LCP ConfReq id=0x2 ] Aug 24 14:13:42 ns pppd[1021]: rcvd [LCP ConfReq id=0x2 ] Aug 24 14:13:42 ns pppd[1021]: sent [LCP ConfNak id=0x2 ] Aug 24 14:13:42 ns pppd[1021]: rcvd [LCP ConfNak id=0x2 ] Aug 24 14:13:42 ns pppd[1021]: sent [LCP ConfReq id=0x3 ] Aug 24 14:13:42 ns pppd[1021]: rcvd [LCP ConfReq id=0x3 ] Aug 24 14:13:42 ns pppd[1021]: sent [LCP ConfNak id=0x3 ] Aug 24 14:13:42 ns pppd[1021]: rcvd [LCP ConfNak id=0x3 ] Aug 24 14:13:42 ns pppd[1021]: sent [LCP ConfReq id=0x4 ] Aug 24 14:13:42 ns pppd[1021]: rcvd [LCP ConfReq id=0x4 ] Aug 24 14:13:42 ns pppd[1021]: sent [LCP ConfNak id=0x4 ] Aug 24 14:13:42 ns pppd[1021]: rcvd [LCP ConfNak id=0x4 ] Aug 24 14:13:42 ns pppd[1021]: sent [LCP ConfReq id=0x5 ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfReq id=0x5 ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfNak id=0x5 ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfNak id=0x5 ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfReq id=0x6 ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfReq id=0x6 ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfNak id=0x6 ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfNak id=0x6 ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfReq id=0x7 ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfReq id=0x7 ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfNak id=0x7 ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfNak id=0x7 ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfReq id=0x8 ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfReq id=0x8 ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfNak id=0x8 ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfNak id=0x8 ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfReq id=0x9 ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfReq id=0x9 ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfNak id=0x9 ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfNak id=0x9 ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfReq id=0xa ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfReq id=0xa ] Aug 24 14:13:43 ns pppd[1021]: sent [LCP ConfNak id=0xa ] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP ConfNak id=0xa ] Aug 24 14:13:43 ns pppd[1021]: Serial line is looped back. Aug 24 14:13:43 ns pppd[1021]: sent [LCP TermReq id=0xb "Loopback detected"] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP TermReq id=0xb "Loopback detected"] Aug 24 14:13:43 ns pppd[1021]: sent [LCP TermAck id=0xb] Aug 24 14:13:43 ns pppd[1021]: rcvd [LCP TermAck id=0xb] Aug 24 14:13:43 ns pppd[1021]: Connection terminated. Aug 24 14:13:43 ns pppd[1021]: Exit. From SStone at taos.com Fri Aug 24 15:21:10 2001 From: SStone at taos.com (Scott Stone) Date: Fri, 24 Aug 2001 13:21:10 -0700 Subject: [pptp-server] pptp dies, pid remains... Message-ID: <21DEAE09F017D111969700A0C9840752059DAB7B@espresso.taos.com> sounds like you're trying to start pptpd twice. ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Matt Francis [mailto:matt at myfrancis.net] Sent: Friday, August 24, 2001 12:32 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] pptp dies, pid remains... Hey all, I have been trying to set up PoPToP for a couple of weeks now. I am running RedHat 7.1, kernel 2.4.9. I have compiled all the ppp stuff into my kernel, and tried to find tty and compile it in there too, but I am not too sure about that one. pptpd is in init.d and starts up (and quickly dies) at boot up. Error message is createHostSocket: Address already in use. I am running ppp-2.4.1-3mlx, and sending an example pptpd.log. Thanks for any help! Matt From matt at myfrancis.net Fri Aug 24 15:56:46 2001 From: matt at myfrancis.net (Matt Francis) Date: Fri, 24 Aug 2001 15:56:46 -0500 (CDT) Subject: [pptp-server] pptp dies, pid remains... In-Reply-To: <21DEAE09F017D111969700A0C9840752059DAB7B@espresso.taos.com> Message-ID: Thanks, Scott... When I run ps -A, it's not listed. When I /etc/init.d/pptpd status, I get: [matt at ns init.d]$ ./pptpd status pptpd dead but pid file exists I have no idea what would cause that... Thanks again, Matt On Fri, 24 Aug 2001, Scott Stone wrote: > > sounds like you're trying to start pptpd twice. > > ----------------------------------------------------- > Scott M. Stone > Senior Technical Consultant - UNIX and Networking > Taos, the Sysadmin Company - Santa Clara, CA > > > -----Original Message----- > From: Matt Francis [mailto:matt at myfrancis.net] > Sent: Friday, August 24, 2001 12:32 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp dies, pid remains... > > > Hey all, I have been trying to set up PoPToP for a couple of weeks now. I > am running RedHat 7.1, kernel 2.4.9. I have compiled all the ppp stuff > into my kernel, and tried to find tty and compile it in there too, but I > am not too sure about that one. pptpd is in init.d and starts up (and > quickly dies) at boot up. Error message is createHostSocket: Address > already in use. I am running ppp-2.4.1-3mlx, and sending an example > pptpd.log. > > Thanks for any help! > Matt > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From SStone at taos.com Fri Aug 24 15:50:46 2001 From: SStone at taos.com (Scott Stone) Date: Fri, 24 Aug 2001 13:50:46 -0700 Subject: [pptp-server] pptp dies, pid remains... Message-ID: <21DEAE09F017D111969700A0C9840752059DAB7D@espresso.taos.com> "address already in use" means something else is listening on the control port.. use "netstat -a" to confirm that, use "lsof" to see what's doing it. ----------------------------------------------------- Scott M. Stone Senior Technical Consultant - UNIX and Networking Taos, the Sysadmin Company - Santa Clara, CA -----Original Message----- From: Matt Francis [mailto:matt at myfrancis.net] Sent: Friday, August 24, 2001 1:57 PM To: Scott Stone Cc: pptp-server at lists.schulte.org Subject: RE: [pptp-server] pptp dies, pid remains... Thanks, Scott... When I run ps -A, it's not listed. When I /etc/init.d/pptpd status, I get: [matt at ns init.d]$ ./pptpd status pptpd dead but pid file exists I have no idea what would cause that... Thanks again, Matt On Fri, 24 Aug 2001, Scott Stone wrote: > > sounds like you're trying to start pptpd twice. > > ----------------------------------------------------- > Scott M. Stone > Senior Technical Consultant - UNIX and Networking > Taos, the Sysadmin Company - Santa Clara, CA > > > -----Original Message----- > From: Matt Francis [mailto:matt at myfrancis.net] > Sent: Friday, August 24, 2001 12:32 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp dies, pid remains... > > > Hey all, I have been trying to set up PoPToP for a couple of weeks now. I > am running RedHat 7.1, kernel 2.4.9. I have compiled all the ppp stuff > into my kernel, and tried to find tty and compile it in there too, but I > am not too sure about that one. pptpd is in init.d and starts up (and > quickly dies) at boot up. Error message is createHostSocket: Address > already in use. I am running ppp-2.4.1-3mlx, and sending an example > pptpd.log. > > Thanks for any help! > Matt > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From allen at mail-masters.com Fri Aug 24 17:02:06 2001 From: allen at mail-masters.com (Allen D. Moore) Date: Fri, 24 Aug 2001 15:02:06 -0700 Subject: [pptp-server] console error messages... Message-ID: <000001c12ce8$6aaf6940$09fea8c0@dakotacom.net> Upon connecting via my LAN to the PPTPD server running on SuSE 7.2 I get: pppd[1766] cannot determine Ethernet address for proxy ARP Upon disconnecting I get: pptpd[1765] GRE read error bad file descriptor and pptpd[1765] CTRL PTY read or GRE write failed (pty,gre) = (-1,-1) Although I seem to login OK on the client side locally on the LAN- Any attempts through the router from the internet fail w/ the error: 751: Connection Refused Even though the router should be configured properly AND the log files seem to show activity from the correct remote ip I am really stumped here- any help would be greatly appreciated. -Allen Moore allendmoore at earthlink.net From bob at custompcweb.com Fri Aug 24 18:45:36 2001 From: bob at custompcweb.com (Bob Weaver) Date: Fri, 24 Aug 2001 17:45:36 -0600 Subject: [pptp-server] Server only works locally Message-ID: <01082417450401.06123@dns.herbshopconnection.com> I have been trying to set up PoPToP for a few days now and am having some problems with it.. The server is COL 3.1 (2.4.2) with the stock pppd (2.4.0) and the pptpd (1.0.1) SRPM rebuilt and installed. If I try to connect to the server from a win98 system over the LAN through the internal NIC in the server (192.168.1.3) it connects fine so I'm pretty sure that the pptp server is configured correctly. But dial-up to Qwest then trying to connect to the server just hangs on Verifying Username and Password for at least 10 mins. Here are the messages in the log file that just repeat over and over forever: Aug 24 17:27:42 dns pppd[6089]: sent [CHAP Challenge id=0x1d , name = "64.xx.xxx.67"] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfAck id=0x1d ] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfReq id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: sent [LCP ConfReq id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: sent [LCP ConfAck id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfAck id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: sent [CHAP Challenge id=0x1e <4fc469ee4f85bb3463189b961ac45bfbbea1>, name = "64.xx.xxx.67"] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfAck id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfReq id=0x1f ] Aug 24 17:27:42 dns pppd[6089]: sent [LCP ConfReq id=0x1f ] Aug 24 17:27:42 dns pppd[6089]: sent [LCP ConfAck id=0x1f ] Aug 24 17:27:43 dns pppd[6089]: rcvd [LCP ConfAck id=0x1f ] Aug 24 17:27:43 dns pppd[6089]: sent [CHAP Challenge id=0x1f <9d4e3979d61d5d2f974bca16eaea62722c7b503b086552>, name = "64.xx.xxx.67"] Aug 24 17:27:43 dns pppd[6089]: rcvd [LCP ConfAck id=0x1f ] Thanks, Bob Weaver Linux Punk From berzerke at swbell.net Fri Aug 24 19:26:46 2001 From: berzerke at swbell.net (robert) Date: Fri, 24 Aug 2001 19:26:46 -0500 Subject: [pptp-server] Error 751 In-Reply-To: <000501c12caa$b57b3e60$b0ae0142@tus22601> References: <000501c12caa$b57b3e60$b0ae0142@tus22601> Message-ID: <0GIL00D1YL47R2@mta4.rcsntx.swbell.net> Could be many things, but the key is the error message. Without seeing the pptpd logs (hint, hint!), I'd guess either a firewall on the server is blocking the connection, or pptpd isn't running. It might also be you are requiring something the client isn't using (such as a 128 bit connection, but the client is only using 40 bit). On Friday 24 August 2001 09:40 am, Allen Moore wrote: > I am running SuSE 7.2 and can connect locally to the PPTP server within > my LAN, yet, when trying to connect from a remote machine via the > internet I get the error massage: > > Error 751: The remote computer refused the connection. > > I seem to be getting through the router now, yet something is still > fubar with my configuration. Any suggestions on a starting place would > help! > > > TIA, > > -Allen Moore > allendmoore at earthlink.net From berzerke at swbell.net Fri Aug 24 19:34:31 2001 From: berzerke at swbell.net (robert) Date: Fri, 24 Aug 2001 19:34:31 -0500 Subject: [pptp-server] console error messages... In-Reply-To: <000001c12ce8$6aaf6940$09fea8c0@dakotacom.net> References: <000001c12ce8$6aaf6940$09fea8c0@dakotacom.net> Message-ID: <0GIL00HP7LH7I4@mta5.rcsntx.swbell.net> For the first message, do have the line "proxyarp" in your ppp options file? The second and third are normal. On Friday 24 August 2001 05:02 pm, Allen D. Moore wrote: > Upon connecting via my LAN to the PPTPD server running on SuSE 7.2 I > get: > > pppd[1766] cannot determine Ethernet address for proxy ARP > > Upon disconnecting I get: > > pptpd[1765] GRE read error bad file descriptor > > and > > pptpd[1765] CTRL PTY read or GRE write failed (pty,gre) = (-1,-1) > > Although I seem to login OK on the client side locally on the LAN- > > Any attempts through the router from the internet fail w/ the error: > > 751: Connection Refused Even though the router should be configured > properly AND the log files seem to show activity from the correct remote > ip > > I am really stumped here- any help would be greatly appreciated. > > -Allen Moore > allendmoore at earthlink.net > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From rex at col.com.ph Fri Aug 24 21:16:03 2001 From: rex at col.com.ph (rex at col.com.ph) Date: Sat, 25 Aug 2001 10:16:03 +0800 Subject: [pptp-server] console error messages... Message-ID: is the pptp client behind a firewall?if yes then u need the vpn ip masq that can be found at freshmeat would mind posting ur option and pptpd.conf files here Rex -- Original Message -- From: "Allen D. Moore" To: pptp-server at lists.schulte.org Send: 06:02 AM Subject: [pptp-server] console error messages... Upon connecting via my LAN to the PPTPD server running on SuSE 7.2 I get: pppd[1766] cannot determine Ethernet address for proxy ARP Upon disconnecting I get: pptpd[1765] GRE read error bad file descriptor and pptpd[1765] CTRL PTY read or GRE write failed (pty,gre) = (-1,-1) Although I seem to login OK on the client side locally on the LAN- Any attempts through the router from the internet fail w/ the error: 751: Connection Refused Even though the router should be configured properly AND the log files seem to show activity from the correct remote ip I am really stumped here- any help would be greatly appreciated. -Allen Moore allendmoore at earthlink.net _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Cagayan Online Company -- Your Gateway to the Internet From rex at col.com.ph Fri Aug 24 21:18:14 2001 From: rex at col.com.ph (rex at col.com.ph) Date: Sat, 25 Aug 2001 10:18:14 +0800 Subject: [pptp-server] Error 751 Message-ID: its maybe more on requiring high bit encryption from client which the server doesnt supportcheck ur client config if possible to to use with no encryption first to isolate the encryption prob rex -- Original Message -- From: robert To: Allen Moore ,pptp-server at lists.schulte.org Send: 08:26 AM Subject: Re: [pptp-server] Error 751 Could be many things, but the key is the error message. Without seeing the pptpd logs (hint, hint!), I'd guess either a firewall on the server is blocking the connection, or pptpd isn't running. It might also be you are requiring something the client isn't using (such as a 128 bit connection, but the client is only using 40 bit). On Friday 24 August 2001 09:40 am, Allen Moore wrote: > I am running SuSE 7.2 and can connect locally to the PPTP server within > my LAN, yet, when trying to connect from a remote machine via the > internet I get the error massage: > > Error 751: The remote computer refused the connection. > > I seem to be getting through the router now, yet something is still > fubar with my configuration. Any suggestions on a starting place would > help! > > > TIA, > > -Allen Moore > allendmoore at earthlink.net _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Cagayan Online Company -- Your Gateway to the Internet From rex at col.com.ph Fri Aug 24 21:28:40 2001 From: rex at col.com.ph (rex at col.com.ph) Date: Sat, 25 Aug 2001 10:28:40 +0800 Subject: [pptp-server] pptp dies, pid remains... Message-ID: the pptpcrtl failed to clean that up to avoid this u must specify the pid file path in your pptpd.conf Rex -- Original Message -- From: Matt Francis To: Scott Stone Send: 04:56 AM Subject: RE: [pptp-server] pptp dies, pid remains... Thanks, Scott... When I run ps -A, it's not listed. When I /etc/init.d/pptpd status, I get: [matt at ns init.d]$ ./pptpd status pptpd dead but pid file exists I have no idea what would cause that... Thanks again, Matt On Fri, 24 Aug 2001, Scott Stone wrote: > > sounds like you're trying to start pptpd twice. > > ----------------------------------------------------- > Scott M. Stone > Senior Technical Consultant - UNIX and Networking > Taos, the Sysadmin Company - Santa Clara, CA > > > -----Original Message----- > From: Matt Francis [mailto:matt at myfrancis.net] > Sent: Friday, August 24, 2001 12:32 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] pptp dies, pid remains... > > > Hey all, I have been trying to set up PoPToP for a couple of weeks now. I > am running RedHat 7.1, kernel 2.4.9. I have compiled all the ppp stuff > into my kernel, and tried to find tty and compile it in there too, but I > am not too sure about that one. pptpd is in init.d and starts up (and > quickly dies) at boot up. Error message is createHostSocket: Address > already in use. I am running ppp-2.4.1-3mlx, and sending an example > pptpd.log. > > Thanks for any help! > Matt > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Cagayan Online Company -- Your Gateway to the Internet From allendmoore at earthlink.net Fri Aug 24 23:59:23 2001 From: allendmoore at earthlink.net (Allen Moore) Date: Fri, 24 Aug 2001 21:59:23 -0700 Subject: [pptp-server] console error messages... In-Reply-To: Message-ID: <000001c12d22$b5e05340$b0ae0142@tus22601> Thanks for those trying to help... Here's more info... Server is on SuSE 7.2 box behind FlowPoint 2200 DSL Router setup tp allow PPTP per support documentation as follows: . remote ipfilter insert input accept -p 47 -da . remote ipfilter insert output accept -p 47 -sa . remote ipfilter insert input accept -p tcp -dp 1723 -da . remote ipfilter insert output accept -p tcp -sp 1723 -sa Client is WinME connected to internet via Sprint Broadband wireless ISP connection... My options.ppp0 file reads: lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name ids proxyarp pptpd.conf is: speed 115200 option /etc/ppp/options.ppp0 debug localip 192.168.254.100 remoteip 66.1.174.170-179 Hope this helps someone give me an idea... Thanks, -ADM -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of rex at col.com.ph Sent: Friday, August 24, 2001 7:16 PM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] console error messages... is the pptp client behind a firewall?if yes then u need the vpn ip masq that can be found at freshmeat would mind posting ur option and pptpd.conf files here Rex -- Original Message -- From: "Allen D. Moore" To: pptp-server at lists.schulte.org Send: 06:02 AM Subject: [pptp-server] console error messages... Upon connecting via my LAN to the PPTPD server running on SuSE 7.2 I get: pppd[1766] cannot determine Ethernet address for proxy ARP Upon disconnecting I get: pptpd[1765] GRE read error bad file descriptor and pptpd[1765] CTRL PTY read or GRE write failed (pty,gre) = (-1,-1) Although I seem to login OK on the client side locally on the LAN- Any attempts through the router from the internet fail w/ the error: 751: Connection Refused Even though the router should be configured properly AND the log files seem to show activity from the correct remote ip I am really stumped here- any help would be greatly appreciated. -Allen Moore allendmoore at earthlink.net _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Cagayan Online Company -- Your Gateway to the Internet _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From rex at col.com.ph Sat Aug 25 01:01:40 2001 From: rex at col.com.ph (rex at col.com.ph) Date: Sat, 25 Aug 2001 14:01:40 +0800 Subject: [pptp-server] console error messages... Message-ID: one problem here is the pptpd.conf u have your remoteip should be at the same subnet with your localip for the proxyarp option to work example: localip 192.168.2.1 remoteip 192.168.2.65-92 Hope that helps :p Rex - - Original Message -- From: Allen Moore To: pptp-server at lists.schulte.org Send: 12:59 PM Subject: RE: [pptp-server] console error messages... Thanks for those trying to help... Here's more info... Server is on SuSE 7.2 box behind FlowPoint 2200 DSL Router setup tp allow PPTP per support documentation as follows: remote ipfilter insert input accept -p 47 -da remote ipfilter insert output accept -p 47 -sa remote ipfilter insert input accept -p tcp -dp 1723 -da remote ipfilter insert output accept -p tcp -sp 1723 -sa Client is WinME connected to internet via Sprint Broadband wireless ISP connection... My options.ppp0 file reads: lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name ids proxyarp pptpd.conf is: speed 115200 option /etc/ppp/options.ppp0 debug localip 192.168.254.100 remoteip 66.1.174.170-179 Hope this helps someone give me an idea... Thanks, -ADM -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of rex at col.com.ph Sent: Friday, August 24, 2001 7:16 PM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] console error messages... is the pptp client behind a firewall?if yes then u need the vpn ip masq that can be found at freshmeat would mind posting ur option and pptpd.conf files here Rex -- Original Message -- From: "Allen D. Moore" To: pptp-server at lists.schulte.org Send: 06:02 AM Subject: [pptp-server] console error messages... Upon connecting via my LAN to the PPTPD server running on SuSE 7.2 I get: pppd[1766] cannot determine Ethernet address for proxy ARP Upon disconnecting I get: pptpd[1765] GRE read error bad file descriptor and pptpd[1765] CTRL PTY read or GRE write failed (pty,gre) = (-1,-1) Although I seem to login OK on the client side locally on the LAN- Any attempts through the router from the internet fail w/ the error: 751: Connection Refused Even though the router should be configured properly AND the log files seem to show activity from the correct remote ip I am really stumped here- any help would be greatly appreciated. -Allen Moore allendmoore at earthlink.net _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Cagayan Online Company -- Your Gateway to the Internet _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Cagayan Online Company -- Your Gateway to the Internet From berzerke at swbell.net Sat Aug 25 02:54:13 2001 From: berzerke at swbell.net (robert) Date: Sat, 25 Aug 2001 02:54:13 -0500 Subject: [pptp-server] console error messages... In-Reply-To: References: Message-ID: <0GIM00DFM5TZ14@mta5.rcsntx.swbell.net> You also need to enable forwarding in your firewall. On Saturday 25 August 2001 01:01 am, rex at col.com.ph wrote: > one problem here is the pptpd.conf u have your remoteip should be at the > same subnet with your localip for the proxyarp option to work > > example: localip 192.168.2.1 > remoteip 192.168.2.65-92 > > > Hope that helps :p > > Rex > > > > > > > - > - Original Message -- > From: Allen Moore > To: pptp-server at lists.schulte.org > Send: 12:59 PM > Subject: RE: [pptp-server] console error messages... > > Thanks for those trying to help... > > Here's more info... > > Server is on SuSE 7.2 box behind FlowPoint 2200 DSL Router setup tp > allow PPTP per support documentation as follows: > > remote ipfilter insert input accept -p 47 -da addr> > > remote ipfilter insert output accept -p 47 -sa addr> > > remote ipfilter insert input accept -p tcp -dp 1723 -da ip addr> > remote ipfilter insert output accept -p tcp -sp 1723 -sa ip addr> > > Client is WinME connected to internet via Sprint Broadband wireless ISP > connection... > > My options.ppp0 file reads: > > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > name ids > proxyarp > > pptpd.conf is: > > speed 115200 > option /etc/ppp/options.ppp0 > debug > localip 192.168.254.100 > remoteip 66.1.174.170-179 > > > Hope this helps someone give me an idea... > > Thanks, > > -ADM > > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org] > On Behalf Of rex at col.com.ph > Sent: Friday, August 24, 2001 7:16 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] console error messages... > > is the pptp client behind a firewall?if yes then u need the vpn ip masq > that can be found at freshmeat > would mind posting ur option and pptpd.conf files here > > > Rex > > -- Original Message -- > From: "Allen D. Moore" > To: pptp-server at lists.schulte.org > Send: 06:02 AM > Subject: [pptp-server] console error messages... > > Upon connecting via my LAN to the PPTPD server running on SuSE 7.2 I > get: > > pppd[1766] cannot determine Ethernet address for proxy ARP > > Upon disconnecting I get: > > pptpd[1765] GRE read error bad file descriptor > > and > > pptpd[1765] CTRL PTY read or GRE write failed (pty,gre) = (-1,-1) > > Although I seem to login OK on the client side locally on the LAN- > > Any attempts through the router from the internet fail w/ the error: > > 751: Connection Refused Even though the router should be configured > properly AND the log files seem to show activity from the correct remote > ip > > I am really stumped here- any help would be greatly appreciated. > > -Allen Moore > allendmoore at earthlink.net > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > > Cagayan Online Company -- Your Gateway to the Internet > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > > Cagayan Online Company -- Your Gateway to the Internet > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From allendmoore at earthlink.net Sat Aug 25 09:22:34 2001 From: allendmoore at earthlink.net (Allen Moore) Date: Sat, 25 Aug 2001 07:22:34 -0700 Subject: [pptp-server] console error messages... In-Reply-To: <0GIM00DFM5TZ14@mta5.rcsntx.swbell.net> Message-ID: <000001c12d71$62a4b3c0$b0ae0142@tus22601> Remote IP is fixed by ISP- I suppose could purchase a SOHO router for client connection... Any other option? Thanks again... -ADM -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org] On Behalf Of robert Sent: Saturday, August 25, 2001 12:54 AM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] console error messages... You also need to enable forwarding in your firewall. On Saturday 25 August 2001 01:01 am, rex at col.com.ph wrote: > one problem here is the pptpd.conf u have your remoteip should be at the > same subnet with your localip for the proxyarp option to work > > example: localip 192.168.2.1 > remoteip 192.168.2.65-92 > > > Hope that helps :p > > Rex > > > > > > > - > - Original Message -- > From: Allen Moore > To: pptp-server at lists.schulte.org > Send: 12:59 PM > Subject: RE: [pptp-server] console error messages... > > Thanks for those trying to help... > > Here's more info... > > Server is on SuSE 7.2 box behind FlowPoint 2200 DSL Router setup tp > allow PPTP per support documentation as follows: > > remote ipfilter insert input accept -p 47 -da addr> > > remote ipfilter insert output accept -p 47 -sa addr> > > remote ipfilter insert input accept -p tcp -dp 1723 -da ip addr> > remote ipfilter insert output accept -p tcp -sp 1723 -sa ip addr> > > Client is WinME connected to internet via Sprint Broadband wireless ISP > connection... > > My options.ppp0 file reads: > > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > name ids > proxyarp > > pptpd.conf is: > > speed 115200 > option /etc/ppp/options.ppp0 > debug > localip 192.168.254.100 > remoteip 66.1.174.170-179 > > > Hope this helps someone give me an idea... > > Thanks, > > -ADM > > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org] > On Behalf Of rex at col.com.ph > Sent: Friday, August 24, 2001 7:16 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] console error messages... > > is the pptp client behind a firewall?if yes then u need the vpn ip masq > that can be found at freshmeat > would mind posting ur option and pptpd.conf files here > > > Rex > > -- Original Message -- > From: "Allen D. Moore" > To: pptp-server at lists.schulte.org > Send: 06:02 AM > Subject: [pptp-server] console error messages... > > Upon connecting via my LAN to the PPTPD server running on SuSE 7.2 I > get: > > pppd[1766] cannot determine Ethernet address for proxy ARP > > Upon disconnecting I get: > > pptpd[1765] GRE read error bad file descriptor > > and > > pptpd[1765] CTRL PTY read or GRE write failed (pty,gre) = (-1,-1) > > Although I seem to login OK on the client side locally on the LAN- > > Any attempts through the router from the internet fail w/ the error: > > 751: Connection Refused Even though the router should be configured > properly AND the log files seem to show activity from the correct remote > ip > > I am really stumped here- any help would be greatly appreciated. > > -Allen Moore > allendmoore at earthlink.net > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > > Cagayan Online Company -- Your Gateway to the Internet > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > > Cagayan Online Company -- Your Gateway to the Internet > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From allendmoore at earthlink.net Sat Aug 25 09:39:18 2001 From: allendmoore at earthlink.net (Allen Moore) Date: Sat, 25 Aug 2001 07:39:18 -0700 Subject: [pptp-server] console error messages... Message-ID: <000101c12d73$b8e6b1a0$b0ae0142@tus22601> Plus, if client IP's must be on the same subnet, how do you handle DHCP dial-up users or my boss, traveling w/ his laptop, plugged into a hotel broadband Ethernet port??? Sorry in advance if I am missing the obvious here. -ADM -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at myfrancis.net Sat Aug 25 12:34:42 2001 From: matt at myfrancis.net (Matt Francis) Date: Sat, 25 Aug 2001 12:34:42 -0500 (CDT) Subject: [pptp-server] pptp dies, pid remains... In-Reply-To: Message-ID: Thanks, Rex... That is specified in the last line of my /etc/pptpd.conf When I try to connect from my LAN, I get a "Serial line is looped back" message just before I get disconnected. Any more ideas what-all is keeping me from getting this working? On Sat, 25 Aug 2001 rex at col.com.ph wrote: > the pptpcrtl failed to clean that up to avoid this u must specify the pid file path in your pptpd.conf > > > Rex > > -- Original Message -- > From: Matt Francis > To: Scott Stone > Send: 04:56 AM > Subject: RE: [pptp-server] pptp dies, pid remains... > > > Thanks, Scott... > When I run ps -A, it's not listed. When I /etc/init.d/pptpd status, I > get: > > [matt at ns init.d]$ ./pptpd status > pptpd dead but pid file exists > > I have no idea what would cause that... > Thanks again, > Matt > > > On Fri, 24 Aug 2001, Scott Stone wrote: > > > > > sounds like you're trying to start pptpd twice. > > > > ----------------------------------------------------- > > Scott M. Stone > > Senior Technical Consultant - UNIX and Networking > > Taos, the Sysadmin Company - Santa Clara, CA > > > > > > -----Original Message----- > > From: Matt Francis [mailto:matt at myfrancis.net] > > Sent: Friday, August 24, 2001 12:32 PM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] pptp dies, pid remains... > > > > > > Hey all, I have been trying to set up PoPToP for a couple of weeks now. > I > > am running RedHat 7.1, kernel 2.4.9. I have compiled all the ppp > stuff > > into my kernel, and tried to find tty and compile it in there too, but > I > > am not too sure about that one. pptpd is in init.d and starts up > (and > > quickly dies) at boot up. Error message is createHostSocket: Address > > already in use. I am running ppp-2.4.1-3mlx, and sending an example > > pptpd.log. > > > > Thanks for any help! > > Matt > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > > Cagayan Online Company -- Your Gateway to the Internet > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > -------------- next part -------------- Aug 25 10:59:01 ns pptpd[2798]: CTRL: Client 192.168.0.11 control connection started Aug 25 10:59:01 ns pptpd[2798]: CTRL: Starting call (launching pppd, opening GRE) Aug 25 10:59:01 ns pppd[2800]: pppd 2.4.1 started by root, uid 0 Aug 25 10:59:01 ns pptpd[2798]: GRE: read(fd=4,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error Aug 25 10:59:01 ns pptpd[2798]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) Aug 25 10:59:01 ns pptpd[2798]: CTRL: Client 192.168.0.11 control connection finished Aug 25 10:59:01 ns pppd[2800]: using channel 1 Aug 25 10:59:01 ns pppd[2800]: Using interface ppp0 Aug 25 10:59:01 ns pppd[2800]: Connect: ppp0 <--> /dev/modem Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfReq id=0x1 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfReq id=0x1 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfNak id=0x1 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfNak id=0x1 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfReq id=0x2 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfReq id=0x2 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfNak id=0x2 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfNak id=0x2 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfReq id=0x3 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfReq id=0x3 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfNak id=0x3 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfNak id=0x3 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfReq id=0x4 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfReq id=0x4 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfNak id=0x4 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfNak id=0x4 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfReq id=0x5 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfReq id=0x5 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfNak id=0x5 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfNak id=0x5 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfReq id=0x6 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfReq id=0x6 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfNak id=0x6 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfNak id=0x6 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfReq id=0x7 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfReq id=0x7 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfNak id=0x7 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfNak id=0x7 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfReq id=0x8 ] Aug 25 10:59:01 ns pppd[2800]: rcvd [LCP ConfReq id=0x8 ] Aug 25 10:59:01 ns pppd[2800]: sent [LCP ConfNak id=0x8 ] Aug 25 10:59:02 ns pppd[2800]: rcvd [LCP ConfNak id=0x8 ] Aug 25 10:59:02 ns pppd[2800]: sent [LCP ConfReq id=0x9 ] Aug 25 10:59:02 ns pppd[2800]: rcvd [LCP ConfReq id=0x9 ] Aug 25 10:59:02 ns pppd[2800]: sent [LCP ConfNak id=0x9 ] Aug 25 10:59:02 ns pppd[2800]: rcvd [LCP ConfNak id=0x9 ] Aug 25 10:59:02 ns pppd[2800]: sent [LCP ConfReq id=0xa ] Aug 25 10:59:02 ns pppd[2800]: rcvd [LCP ConfReq id=0xa ] Aug 25 10:59:02 ns pppd[2800]: sent [LCP ConfNak id=0xa ] Aug 25 10:59:02 ns pppd[2800]: rcvd [LCP ConfNak id=0xa ] Aug 25 10:59:02 ns pppd[2800]: Serial line is looped back. Aug 25 10:59:02 ns pppd[2800]: sent [LCP TermReq id=0xb "Loopback detected"] Aug 25 10:59:02 ns pppd[2800]: rcvd [LCP TermReq id=0xb "Loopback detected"] Aug 25 10:59:02 ns pppd[2800]: sent [LCP TermAck id=0xb] Aug 25 10:59:02 ns pppd[2800]: rcvd [LCP TermAck id=0xb] Aug 25 10:59:02 ns pppd[2800]: Connection terminated. Aug 25 10:59:02 ns pppd[2800]: Exit. Aug 25 11:00:24 ns pptpd[2812]: CTRL: Client 65.13.154.7 control connection started Aug 25 11:00:24 ns pptpd[2812]: CTRL: EOF or bad error reading ctrl packet length. Aug 25 11:00:24 ns pptpd[2812]: CTRL: couldn't read packet header (exit) Aug 25 11:00:24 ns pptpd[2812]: CTRL: CTRL read failed Aug 25 11:00:24 ns pptpd[2812]: CTRL: Client 65.13.154.7 control connection finished From JaminC at adapt-tele.com Sat Aug 25 20:37:04 2001 From: JaminC at adapt-tele.com (Jamin Collins) Date: Sat, 25 Aug 2001 20:37:04 -0500 Subject: [pptp-server] console error messages... Message-ID: Allen Moore [mailto:allendmoore at earthlink.net] wrote: > Remote IP is fixed by ISP- Um, no. You are misinterpreting the remote IP option. It does not refer to the IP the remote connection is coming from, but rather the IP the remote connection gets once connected to your system. This is typically a range of IPs as the previous poster indicated. Jamin W. Collins From matt at myfrancis.net Sun Aug 26 08:02:43 2001 From: matt at myfrancis.net (matt) Date: Sun, 26 Aug 2001 08:02:43 -0500 Subject: [pptp-server] pptp dies, pid remains... References: Message-ID: <3B88F373.7050701@myfrancis.net> Ok... I think my problem is in the way pptpctrl is started. It is started through inetd, but I have xinetd installed on my machine. I have tried to cobble together a module for xinetd, but I can't get it to work. Anybody have an xinetd module I can try? Thanks again, Matt rex at col.com.ph wrote: >the pptpcrtl failed to clean that up to avoid this u must specify the pid file path in your pptpd.conf > > >Rex > >-- Original Message -- >From: Matt Francis >To: Scott Stone >Send: 04:56 AM >Subject: RE: [pptp-server] pptp dies, pid remains... > > >Thanks, Scott... >When I run ps -A, it's not listed. When I /etc/init.d/pptpd status, I >get: > >[matt at ns init.d]$ ./pptpd status >pptpd dead but pid file exists > >I have no idea what would cause that... >Thanks again, >Matt > > >On Fri, 24 Aug 2001, Scott Stone wrote: > >>sounds like you're trying to start pptpd twice. >> >>----------------------------------------------------- >>Scott M. Stone >>Senior Technical Consultant - UNIX and Networking >>Taos, the Sysadmin Company - Santa Clara, CA >> >> >>-----Original Message----- >>From: Matt Francis [mailto:matt at myfrancis.net] >>Sent: Friday, August 24, 2001 12:32 PM >>To: pptp-server at lists.schulte.org >>Subject: [pptp-server] pptp dies, pid remains... >> >> >>Hey all, I have been trying to set up PoPToP for a couple of weeks now. >> >I > >>am running RedHat 7.1, kernel 2.4.9. I have compiled all the ppp >> >stuff > >>into my kernel, and tried to find tty and compile it in there too, but >> >I > >>am not too sure about that one. pptpd is in init.d and starts up >> >(and > >>quickly dies) at boot up. Error message is createHostSocket: Address >>already in use. I am running ppp-2.4.1-3mlx, and sending an example >>pptpd.log. >> >>Thanks for any help! >>Matt >> >> >> >>_______________________________________________ >>pptp-server maillist - pptp-server at lists.schulte.org >>http://lists.schulte.org/mailman/listinfo/pptp-server >>--- To unsubscribe, go to the url just above this line. -- >> > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- > > > >Cagayan Online Company -- Your Gateway to the Internet > > > >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- > From kparent at csd.mine.nu Sun Aug 26 10:37:43 2001 From: kparent at csd.mine.nu (Kevin Parent) Date: Sun, 26 Aug 2001 10:37:43 -0500 Subject: [pptp-server] Win2k VPN In-Reply-To: <998666264.3b867018312bb@cyclops.gothambroadband.com> Message-ID: Do you have IP forwarding enabled? Kevin -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Chris Kalos Sent: Friday, August 24, 2001 10:18 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Win2k VPN I've moved away from the Cisco with limited success. Using a Win2k Pro system running an ISDN link, I can access the VPN and use Internet Connection Sharing to let the local LAN I've created access this VPN as well. However, while the other machines use this system (192.168.0.1) as the default gateway, this system will not route traffic to anything that isn't going over the VPN interface. As a result, I cannot access external resources from the clients on the network. For this to work satisfactorily, I need to be able to connect to resources outside of the VPN as well as inside. I'll assume that this is a limitation of the Win2k NAT implementation. Are they any ways to get around this? Thanks CK _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Sun Aug 26 07:19:50 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sun, 26 Aug 2001 23:19:50 +1100 Subject: [pptp-server] pptp dies, pid remains... Message-ID: <200FAA488DE0D41194F10010B597610D1CEC71@JUPITER> Also check what's in the /etc/services for that port address 1723.. that'll give you some idea. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Matt Francis [mailto:matt at myfrancis.net] Sent: Saturday, August 25, 2001 5:32 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] pptp dies, pid remains... Hey all, I have been trying to set up PoPToP for a couple of weeks now. I am running RedHat 7.1, kernel 2.4.9. I have compiled all the ppp stuff into my kernel, and tried to find tty and compile it in there too, but I am not too sure about that one. pptpd is in init.d and starts up (and quickly dies) at boot up. Error message is createHostSocket: Address already in use. I am running ppp-2.4.1-3mlx, and sending an example pptpd.log. Thanks for any help! Matt From bob at custompcweb.com Mon Aug 27 02:46:33 2001 From: bob at custompcweb.com (Bob Weaver) Date: Mon, 27 Aug 2001 01:46:33 -0600 Subject: [pptp-server] No dice Message-ID: <01082701463300.08817@dns.herbshopconnection.com> I posted the problem I was having a couple days ago. Since then I haven't been able to check the list since my wife had a baby and all.. But things have slowed down once again. The trouble I was having is that I can connect just fine from a computer on the local lan but if I unplug that same computer from the lan and dial-up to Qwest then try to connect, the server just fills the pptpd log file with the following messages: Aug 24 17:27:42 dns pppd[6089]: sent [CHAP Challenge id=0x1d , name = "64.xx.xxx.67"] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfAck id=0x1d ] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfReq id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: sent [LCP ConfReq id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: sent [LCP ConfAck id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfAck id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: sent [CHAP Challenge id=0x1e <4fc469ee4f85bb3463189b961ac45bfbbea1>, name = "64.xx.xxx.67"] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfAck id=0x1e ] My config files are as follows: [bob at dns bob]$ cat /etc/pptpd.conf speed 115200 localip 192.168.1.61-80 remoteip 192.168.0.61-80 [bob at dns bob]$ cat /etc/ppp/options ### # /etc/ppp/options - options for pppd # debug name 64.78.134.67 auth require-chap proxyarp Nothing strange in there that I can see but I can't connect still. No error, it just tries to connect forever.. Thanks for any suggestions anyone has, Bob Weaver From GeorgeV at citadelcomputer.com.au Mon Aug 27 03:44:49 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 27 Aug 2001 18:44:49 +1000 Subject: [pptp-server] No dice Message-ID: <200FAA488DE0D41194F10010B597610D1CEC7D@JUPITER> Firstly, congrates on the new member of the family.. Try changing the localip to the same subnet as the remote eg. localip 192.168.0.1 remoteip 192.168.0.61.81 this might help as I've seen some weird problems with different subnets.. Routing is a pain too and then you can't use proxyarp if the local LAN is useing that 192.168.0 subnet. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Bob Weaver [mailto:bob at custompcweb.com] Sent: Monday, August 27, 2001 5:47 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] No dice I posted the problem I was having a couple days ago. Since then I haven't been able to check the list since my wife had a baby and all.. But things have slowed down once again. The trouble I was having is that I can connect just fine from a computer on the local lan but if I unplug that same computer from the lan and dial-up to Qwest then try to connect, the server just fills the pptpd log file with the following messages: Aug 24 17:27:42 dns pppd[6089]: sent [CHAP Challenge id=0x1d , name = "64.xx.xxx.67"] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfAck id=0x1d ] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfReq id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: sent [LCP ConfReq id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: sent [LCP ConfAck id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfAck id=0x1e ] Aug 24 17:27:42 dns pppd[6089]: sent [CHAP Challenge id=0x1e <4fc469ee4f85bb3463189b961ac45bfbbea1>, name = "64.xx.xxx.67"] Aug 24 17:27:42 dns pppd[6089]: rcvd [LCP ConfAck id=0x1e ] My config files are as follows: [bob at dns bob]$ cat /etc/pptpd.conf speed 115200 localip 192.168.1.61-80 remoteip 192.168.0.61-80 [bob at dns bob]$ cat /etc/ppp/options ### # /etc/ppp/options - options for pppd # debug name 64.78.134.67 auth require-chap proxyarp Nothing strange in there that I can see but I can't connect still. No error, it just tries to connect forever.. Thanks for any suggestions anyone has, Bob Weaver _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From apl at informatik.uni-rostock.de Mon Aug 27 05:57:30 2001 From: apl at informatik.uni-rostock.de (Sasha) Date: Mon, 27 Aug 2001 12:57:30 +0200 Subject: [pptp-server] Windows 98 and NT don't connect to PPTP Message-ID: <3B8A279A.AFD5B6BF@informatik.uni-rostock.de> Hi, people! Maybe someone already faced this problem - I've set up pptpd according to documentation, but it works neither with Windows 98 nor with Windows NT and I have no ideas why. Windows 98 gives error 720 - VPN server and this computer have no common protocols, NT gives error 742 - VPN server does not support encryption. I use PoPToP 1.0.1 under RedHat Linux 6.2, kernel 2.2.17, pppd 2.3.11. Connection properties in Windows are (not sure about exact labels, 'cause I have german Windows): [ ] Log on to network [ ] Activate software compression [X] Require encrypted password [X] Require data encryption [X] Write connection log Configuraiton files and pptp log files attached. Any ideas? Alexander -- -=Why don't we try TODAY my friend to make this world a better place?=- (C) Scorpions -------------- next part -------------- debug option /etc/ppp/options.pptp #localip 192.168.1.80-89 #remoteip 192.168.1.70-79 -------------- next part -------------- lock debug auth proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless 192.168.1.1: -------------- next part -------------- # Secrets for authentication using PAP # client server secret IP addresses ppp * Courier33.6 192.168.1.2 -------------- next part -------------- Aug 27 11:24:18 nebel syslogd 1.3-3: restart. Aug 27 11:27:24 nebel pptpd[24619]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 27 11:27:24 nebel pptpd[24619]: CTRL: pppd options file = /etc/ppp/options.pptp Aug 27 11:27:24 nebel pptpd[24619]: CTRL: Client 139.30.32.65 control connection started Aug 27 11:27:24 nebel pptpd[24619]: CTRL: Received PPTP Control Message (type: 1) Aug 27 11:27:24 nebel pptpd[24619]: CTRL: Made a START CTRL CONN RPLY packet Aug 27 11:27:24 nebel pptpd[24619]: CTRL: I wrote 156 bytes to the client. Aug 27 11:27:24 nebel pptpd[24619]: CTRL: Sent packet to client Aug 27 11:27:24 nebel pptpd[24619]: CTRL: Received PPTP Control Message (type: 7) Aug 27 11:27:24 nebel pptpd[24619]: CTRL: Set parameters to 0 maxbps, 16 window size Aug 27 11:27:24 nebel pptpd[24619]: CTRL: Made a OUT CALL RPLY packet Aug 27 11:27:24 nebel pptpd[24619]: CTRL: Starting call (launching pppd, opening GRE) Aug 27 11:27:24 nebel pptpd[24619]: CTRL: pty_fd = 5 Aug 27 11:27:24 nebel pptpd[24619]: CTRL: tty_fd = 6 Aug 27 11:27:24 nebel pptpd[24619]: CTRL: I wrote 32 bytes to the client. Aug 27 11:27:24 nebel pptpd[24619]: CTRL: Sent packet to client Aug 27 11:27:24 nebel pptpd[24620]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 27 11:27:25 nebel kernel: CSLIP: code copyright 1989 Regents of the University of California Aug 27 11:27:25 nebel kernel: PPP: version 2.3.11 (demand dialling) Aug 27 11:27:25 nebel kernel: PPP line discipline registered. Aug 27 11:27:25 nebel pppd[24620]: Couldn't open pty slave /dev/pts/0: No such file or directory Aug 27 11:27:25 nebel pptpd[24619]: GRE: Bad checksum from pppd. Aug 27 11:27:25 nebel kernel: registered device ppp0 Aug 27 11:27:25 nebel pppd[24620]: pppd 2.3.11 started by root, uid 0 Aug 27 11:27:25 nebel pppd[24620]: Using interface ppp0 Aug 27 11:27:25 nebel pppd[24620]: Connect: ppp0 <--> /dev/ttyp2 Aug 27 11:27:25 nebel pppd[24620]: sent [LCP ConfReq id=0x1 ] Aug 27 11:27:25 nebel pppd[24620]: Timeout 0x80503d4:0x80784c0 in 3 seconds. Aug 27 11:27:25 nebel pppd[24620]: rcvd [LCP ConfNak id=0x1 ] Aug 27 11:27:25 nebel pppd[24620]: Untimeout 0x80503d4:0x80784c0. Aug 27 11:27:25 nebel pppd[24620]: sent [LCP ConfReq id=0x2 ] Aug 27 11:27:25 nebel pppd[24620]: Timeout 0x80503d4:0x80784c0 in 3 seconds. Aug 27 11:27:25 nebel pppd[24620]: rcvd [LCP ConfAck id=0x1 ] Aug 27 11:27:25 nebel pppd[24620]: rcvd [LCP ConfAck id=0x2 ] Aug 27 11:27:27 nebel pppd[24620]: rcvd [LCP ConfReq id=0x2 ] Aug 27 11:27:27 nebel pppd[24620]: lcp_reqci: returning CONFACK. Aug 27 11:27:27 nebel pppd[24620]: sent [LCP ConfAck id=0x2 ] Aug 27 11:27:27 nebel pppd[24620]: Untimeout 0x80503d4:0x80784c0. Aug 27 11:27:27 nebel pppd[24620]: sent [CHAP Challenge id=0x1 <286a000cf8f59975964395aa5d259381>, name = "nebel.informatik.uni-rostock.de"] Aug 27 11:27:27 nebel pppd[24620]: Timeout 0x8055b40:0x80787a0 in 3 seconds. Aug 27 11:27:27 nebel pppd[24620]: rcvd [CHAP Response id=0x1 , name = "ppp"] Aug 27 11:27:27 nebel pppd[24620]: Untimeout 0x8055b40:0x80787a0. Aug 27 11:27:27 nebel pppd[24620]: ChapReceiveResponse: rcvd type MS-CHAP-V2 Aug 27 11:27:27 nebel pppd[24620]: sent [CHAP Success id=0x1 "S=B2775A8E0EB512241212A3AFC3AA0C7D681BD149"] Aug 27 11:27:27 nebel pppd[24620]: sent [IPCP ConfReq id=0x1 ] Aug 27 11:27:27 nebel pppd[24620]: Timeout 0x80503d4:0x8078720 in 3 seconds. Aug 27 11:27:28 nebel kernel: PPP BSD Compression module registered Aug 27 11:27:28 nebel kernel: PPP MPPE compression module registered Aug 27 11:27:28 nebel kernel: PPP Deflate Compression module registered Aug 27 11:27:28 nebel pppd[24620]: sent [CCP ConfReq id=0x1 ] Aug 27 11:27:28 nebel pppd[24620]: Timeout 0x80503d4:0x8078840 in 3 seconds. Aug 27 11:27:28 nebel pppd[24620]: MSCHAP-v2 peer authentication succeeded for ppp Aug 27 11:27:28 nebel pppd[24620]: rcvd [CCP ConfReq id=0x1 ] Aug 27 11:27:28 nebel pppd[24620]: sent [CCP ConfNak id=0x1 ] Aug 27 11:27:28 nebel pppd[24620]: rcvd [LCP ProtRej id=0x3 80 21 01 01 00 10 03 06 c0 a8 01 01 02 06 00 2d 0f 01] Aug 27 11:27:28 nebel pppd[24620]: Untimeout 0x80503d4:0x8078720. Aug 27 11:27:28 nebel pppd[24620]: rcvd [CCP ConfRej id=0x1 ] Aug 27 11:27:28 nebel pppd[24620]: Untimeout 0x80503d4:0x8078840. Aug 27 11:27:28 nebel pppd[24620]: sent [CCP ConfReq id=0x2 ] Aug 27 11:27:28 nebel pppd[24620]: Timeout 0x80503d4:0x8078840 in 3 seconds. Aug 27 11:27:28 nebel pppd[24620]: rcvd [CCP ConfReq id=0x2 ] Aug 27 11:27:28 nebel pppd[24620]: sent [CCP ConfAck id=0x2 ] Aug 27 11:27:28 nebel pppd[24620]: rcvd [CCP ConfNak id=0x2 ] Aug 27 11:27:28 nebel pppd[24620]: Untimeout 0x80503d4:0x8078840. Aug 27 11:27:28 nebel pppd[24620]: sent [CCP ConfReq id=0x3 ] Aug 27 11:27:28 nebel pppd[24620]: Timeout 0x80503d4:0x8078840 in 3 seconds. Aug 27 11:27:28 nebel pppd[24620]: rcvd [CCP ConfAck id=0x3 ] Aug 27 11:27:28 nebel pppd[24620]: Untimeout 0x80503d4:0x8078840. Aug 27 11:27:28 nebel pppd[24620]: MPPE 40 bit, stateless compression enabled Aug 27 11:27:28 nebel pppd[24620]: rcvd [LCP TermReq id=0x4] Aug 27 11:27:28 nebel pppd[24620]: LCP terminated by peer Aug 27 11:27:28 nebel pppd[24620]: IPCP: Down event in state 1! Aug 27 11:27:28 nebel pppd[24620]: Timeout 0x80503d4:0x80784c0 in 3 seconds. Aug 27 11:27:28 nebel pppd[24620]: sent [LCP TermAck id=0x4] Aug 27 11:27:28 nebel pptpd[24619]: CTRL: Received PPTP Control Message (type: 12) Aug 27 11:27:28 nebel pptpd[24619]: CTRL: Made a CALL DISCONNECT RPLY packet Aug 27 11:27:28 nebel pptpd[24619]: CTRL: Received CALL CLR request (closing call) Aug 27 11:27:28 nebel pptpd[24619]: CTRL: I wrote 148 bytes to the client. Aug 27 11:27:28 nebel pptpd[24619]: CTRL: Sent packet to client Aug 27 11:27:28 nebel pptpd[24619]: CTRL: Error with select(), quitting Aug 27 11:27:28 nebel pptpd[24619]: CTRL: Client 139.30.32.65 control connection finished Aug 27 11:27:28 nebel pptpd[24619]: CTRL: Exiting now Aug 27 11:27:28 nebel pptpd[1358]: MGR: Reaped child 24619 Aug 27 11:27:28 nebel pppd[24620]: Modem hangup Aug 27 11:27:28 nebel pppd[24620]: Untimeout 0x80503d4:0x80784c0. Aug 27 11:27:28 nebel pppd[24620]: Connection terminated. Aug 27 11:27:28 nebel pppd[24620]: Connect time 0.1 minutes. Aug 27 11:27:28 nebel pppd[24620]: Sent 442 bytes, received 448 bytes. Aug 27 11:27:28 nebel pppd[24620]: Exit. -------------- next part -------------- Aug 27 11:28:37 nebel syslogd 1.3-3: restart. Aug 27 11:30:49 nebel pptpd[24647]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 27 11:30:49 nebel pptpd[24647]: CTRL: pppd options file = /etc/ppp/options.pptp Aug 27 11:30:49 nebel pptpd[24647]: CTRL: Client 139.30.7.76 control connection started Aug 27 11:30:49 nebel pptpd[24647]: CTRL: Received PPTP Control Message (type: 1) Aug 27 11:30:49 nebel pptpd[24647]: CTRL: Made a START CTRL CONN RPLY packet Aug 27 11:30:49 nebel pptpd[24647]: CTRL: I wrote 156 bytes to the client. Aug 27 11:30:49 nebel pptpd[24647]: CTRL: Sent packet to client Aug 27 11:30:49 nebel pptpd[24647]: CTRL: Received PPTP Control Message (type: 7) Aug 27 11:30:49 nebel pptpd[24647]: CTRL: Set parameters to 152 maxbps, 3 window size Aug 27 11:30:49 nebel pptpd[24647]: CTRL: Made a OUT CALL RPLY packet Aug 27 11:30:49 nebel pptpd[24647]: CTRL: Starting call (launching pppd, opening GRE) Aug 27 11:30:49 nebel pptpd[24647]: CTRL: pty_fd = 5 Aug 27 11:30:49 nebel pptpd[24647]: CTRL: tty_fd = 6 Aug 27 11:30:49 nebel pptpd[24647]: CTRL: I wrote 32 bytes to the client. Aug 27 11:30:49 nebel pptpd[24647]: CTRL: Sent packet to client Aug 27 11:30:49 nebel pptpd[24648]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 27 11:30:49 nebel pppd[24648]: pppd 2.3.11 started by root, uid 0 Aug 27 11:30:50 nebel pppd[24648]: Using interface ppp0 Aug 27 11:30:50 nebel pppd[24648]: Connect: ppp0 <--> /dev/ttyp2 Aug 27 11:30:50 nebel pppd[24648]: sent [LCP ConfReq id=0x1 ] Aug 27 11:30:50 nebel pppd[24648]: Timeout 0x80503d4:0x80784c0 in 3 seconds. Aug 27 11:30:50 nebel pptpd[24647]: CTRL: Received PPTP Control Message (type: 15) Aug 27 11:30:50 nebel pptpd[24647]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 27 11:30:50 nebel pppd[24648]: rcvd [LCP ConfReq id=0x0 ] Aug 27 11:30:50 nebel pppd[24648]: lcp_reqci: returning CONFACK. Aug 27 11:30:50 nebel pppd[24648]: sent [LCP ConfAck id=0x0 ] Aug 27 11:30:53 nebel pppd[24648]: sent [LCP ConfReq id=0x1 ] Aug 27 11:30:53 nebel pppd[24648]: Timeout 0x80503d4:0x80784c0 in 3 seconds. Aug 27 11:30:53 nebel pppd[24648]: rcvd [LCP ConfNak id=0x1 ] Aug 27 11:30:53 nebel pppd[24648]: Untimeout 0x80503d4:0x80784c0. Aug 27 11:30:53 nebel pppd[24648]: sent [LCP ConfReq id=0x2 ] Aug 27 11:30:53 nebel pptpd[24647]: CTRL: Received PPTP Control Message (type: 15) Aug 27 11:30:53 nebel pptpd[24647]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Aug 27 11:30:53 nebel pppd[24648]: Timeout 0x80503d4:0x80784c0 in 3 seconds. Aug 27 11:30:53 nebel pppd[24648]: rcvd [LCP ConfAck id=0x2 ] Aug 27 11:30:53 nebel pppd[24648]: Untimeout 0x80503d4:0x80784c0. Aug 27 11:30:53 nebel pppd[24648]: sent [CHAP Challenge id=0x1 <1cf7a1c5c603de4c>, name = "nebel.informatik.uni-rostock.de"] Aug 27 11:30:53 nebel pppd[24648]: Timeout 0x8055b40:0x80787a0 in 3 seconds. Aug 27 11:30:53 nebel pppd[24648]: rcvd [CHAP Response id=0x1 <0d818f190e1ab792b5cdd81a01c4076a7f80c54b8bb1bf41e814a3e9a45f67ff89142cfbcfe6ae2c58bb21dcbd4c139e01>, name = "ppp"] Aug 27 11:30:53 nebel pppd[24648]: Untimeout 0x8055b40:0x80787a0. Aug 27 11:30:53 nebel pppd[24648]: ChapReceiveResponse: rcvd type MS-CHAP-V1 Aug 27 11:30:53 nebel pppd[24648]: sent [CHAP Success id=0x1 "Welcome to nebel.informatik.uni-rostock.de."] Aug 27 11:30:53 nebel pppd[24648]: sent [IPCP ConfReq id=0x1 ] Aug 27 11:30:53 nebel pppd[24648]: Timeout 0x80503d4:0x8078720 in 3 seconds. Aug 27 11:30:53 nebel pppd[24648]: sent [CCP ConfReq id=0x1 ] Aug 27 11:30:53 nebel pppd[24648]: Timeout 0x80503d4:0x8078840 in 3 seconds. Aug 27 11:30:53 nebel pppd[24648]: MSCHAP peer authentication succeeded for ppp Aug 27 11:30:53 nebel pptpd[24647]: CTRL: Received PPTP Control Message (type: 12) Aug 27 11:30:53 nebel pptpd[24647]: CTRL: Made a CALL DISCONNECT RPLY packet Aug 27 11:30:53 nebel pptpd[24647]: CTRL: Received CALL CLR request (closing call) Aug 27 11:30:53 nebel pptpd[24647]: CTRL: I wrote 148 bytes to the client. Aug 27 11:30:53 nebel pptpd[24647]: CTRL: Sent packet to client Aug 27 11:30:53 nebel pptpd[24647]: CTRL: Error with select(), quitting Aug 27 11:30:53 nebel pptpd[24647]: CTRL: Client 139.30.7.76 control connection finished Aug 27 11:30:53 nebel pptpd[24647]: CTRL: Exiting now Aug 27 11:30:53 nebel pptpd[1358]: MGR: Reaped child 24647 Aug 27 11:30:53 nebel pppd[24648]: Modem hangup Aug 27 11:30:53 nebel pppd[24648]: Untimeout 0x80503d4:0x8078720. Aug 27 11:30:53 nebel pppd[24648]: Untimeout 0x80503d4:0x8078840. Aug 27 11:30:53 nebel pppd[24648]: Connection terminated. Aug 27 11:30:53 nebel pppd[24648]: Connect time 0.1 minutes. Aug 27 11:30:53 nebel pppd[24648]: Sent 386 bytes, received 191 bytes. Aug 27 11:30:53 nebel pppd[24648]: Exit. From mickh at kincrome.com.au Mon Aug 27 06:31:53 2001 From: mickh at kincrome.com.au (Mick Hayes) Date: Mon, 27 Aug 2001 21:31:53 +1000 Subject: [pptp-server] iptables Message-ID: <00a301c12eeb$df8f5770$640aa8c0@mick> Hi, I have a poptop w2k client behind a newly installed iptables firewall, now seeing as I blew away my last ruleset, I can't for the life of me think what i have to do to make it work. It is masq'ing everything and allowing incoming protocol 47, iptable_nat module is loaded and working. Any hinst on what I could have missed. thanks mick From mickh at kincrome.com.au Mon Aug 27 06:34:05 2001 From: mickh at kincrome.com.au (Mick Hayes) Date: Mon, 27 Aug 2001 21:34:05 +1000 Subject: [pptp-server] iptables Message-ID: <00a901c12eec$2e524e30$640aa8c0@mick> Please disregard last message, allow outgoing protocol 47 and viola. Thanks Mick From jpj at as-tech.fr Mon Aug 27 10:32:19 2001 From: jpj at as-tech.fr (jpj) Date: Mon, 27 Aug 2001 15:32:19 +0000 Subject: [pptp-server] pptp and pppoe In-Reply-To: <200FAA488DE0D41194F10010B597610D1CEBFF@JUPITER> References: <200FAA488DE0D41194F10010B597610D1CEBFF@JUPITER> Message-ID: <01082715321909.00239@jpj> Hi there, The PPTP server works perfectly localy. "Use remote as default gateway" on the windows client is also off. I'm really lost. I tried on a second site using pppoe and i also get the same problem. Is there any confirmation about PPTP working together with PPPOE ? Thanks for any idea. JPJ On Lundi 20 Ao?t 2001 22:10, George Vieira wrote: > I think your problem is the "timeout sending Config-Requests".. not the > other one. > > Can you connect locally from another machine on the local LAN to check that > PPTP is working properly? It should work locally as well as over the net.. > if it does work properly locally then the problem with when it over the net > and nothing (well not really) to do with PPTP. > > Also, Have you turned off "Use remote as default gateway" on your Windows > machines (PPTP clients)??? > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > PH +(61)2 9955 2644 > FX +(61)2 9955 2659 > > -----Original Message----- > From: jpj [mailto:jpj at as-tech.fr] > Sent: Tuesday, August 21, 2001 8:16 AM > To: George Vieira > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] pptp and pppoe > > > Hi, > > I've try localip in 192.168.0.245 with remoteip in 192.168.0.26 and > I added nodefaultroute in /etc/ppp/options.pptp > > No changes, I still get: > CTRL: PTY read or GRE write failed (pty,gre)=(5,6) ? > > What else can I try, I'm really lost. > > Thanks for your help > JPJ > > On Lundi 6 Ao?t 2001 22:02, George Vieira wrote: > > Firstly, remove the large range for "localip" and use a single IP > > (preferably the local LAN one for proxyarp to work). > > > > Then use a "remoteip" range which is in the SAME subnet as "localip" OR > > change the "localip" to be in the same subnet as "remoteip". > > > > Then get back to us if it still fails... > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > PH +(61)2 9955 2644 > > FX +(61)2 9955 2659 > > > > -----Original Message----- > > From: jpj [mailto:jpj at as-tech.fr] > > Sent: Tuesday, August 07, 2001 2:01 AM > > To: George Vieira > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] pptp and pppoe > > > > > > > > Hi, > > Yes the win9x are on other sites and connecting to the server through > > internet access. > > > > pptpd.conf: > > option /etc/ppp/options.pptp > > debug > > localip 192.168.0.234-238,192.168.0.245 > > remoteip 192.168.1.234-238,192.168.1.245 > > > > /etc/ppp/options.pptp: > > lock > > debug > > auth > > +chap > > proxyarp > > > > /etc/ppp/chap-secrets > > jpj * snoopy * > > > > Firewall rules disabled (except masquerading) > > ipchains -A forward -s 192.6.8.0/24 -d 0.0.0.0/0 -j MASQ > > > > > > I've try several things like > > localip 192.168.200.234 and remoteip 192.168.200.224 in pptpd.conf > > ip adresse in chap-secret > > On the server side the internal adresse is 192.6.8.0/24 > > On the othe site the internal adress is 192.168.0.0/24 > > > > No effectcs on the connection i still get the error 650 on the win9x > > station. > > Thanks for your help > > > > On Dimanche 5 Ao?t 2001 23:55, you wrote: > > > I'm a bit confused, "to win9x stations" are you saying that the Win9x > > > stations are outside and connecting to the ADSL server? > > > > > > Can you send me your file ie, /etc/ppp/chap-secrets pptpd.conf and > > > > anything > > > > > else that might show where the problem is...?? > > > > > > -----Original Message----- > > > From: jpj [mailto:jpj at as-tech.fr] > > > Sent: Monday, August 06, 2001 11:03 AM > > > To: pptp-server at lists.schulte.org > > > Subject: [pptp-server] pptp and pppoe > > > > > > > > > Hi all, > > > > > > I have a Linux server connected to ADSL line with PPPOE and I need to > > > create VPN connections to win9x client stations. > > > For this I'm trying to use PPTPD but I always get an error 650 on the > > > client side > > > > > > Thanks > > > > > > Following is the content of the pptpd.log > > > > > > .. Aug 6 00:47:35 thor pptpd[2407]: MGR: Manager process started > > > Aug 6 00:47:45 thor pptpd[2409]: MGR: Launching > > > /usr/local/sbin/pptpctrl to handle client > > > Aug 6 00:47:45 thor pptpd[2409]: CTRL: pppd options file = > > > /etc/ppp/options.pptp > > > Aug 6 00:47:45 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > > > connection started > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > > > (type: 1) > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a START CTRL CONN RPLY > > > packet > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 156 bytes to the > > > client. > > > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > > > (type: 7) > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Set parameters to 0 maxbps, 16 > > > window size > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a OUT CALL RPLY packet > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Starting call (launching pppd, > > > opening GRE) > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: pty_fd = 5 > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: tty_fd = 6 > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 32 bytes to the client. > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > > > Aug 6 00:47:46 thor pptpd[2410]: CTRL (PPPD Launcher): Connection > > > speed = 115200 > > > Aug 6 00:47:46 thor pppd[2410]: pppd 2.3.11 started by root, uid 0 > > > Aug 6 00:47:46 thor pppd[2410]: Using interface ppp1 > > > Aug 6 00:47:46 thor pppd[2410]: Connect: ppp1 <--> /dev/pts/8 > > > Aug 6 00:47:46 thor pppd[2410]: sent [LCP ConfReq id=0x1 > > > ] > > > Aug 6 00:48:13 thor last message repeated 9 times > > > Aug 6 00:48:16 thor pppd[2410]: LCP: timeout sending Config-Requests > > > Aug 6 00:48:16 thor pptpd[2409]: GRE: > > > read(fd=5,buffer=804d840,len=8196) from PTY failed: status = -1 error = > > > Input/output error > > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: PTY read or GRE write failed > > > (pty,gre)=(5,6) > > > Aug 6 00:48:16 thor pppd[2410]: Connection terminated. > > > Aug 6 00:48:16 thor pppd[2410]: Exit. > > > Aug 6 00:48:16 thor pptpd[2407]: MGR: Reaped child 2409 > > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > > > connection finished > > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Exiting now > > > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- -- AS-TECH Ingenierie Systeme et Reseaux Les Crozasses - 34670 St Bres -France Tel: +33 (0)467 708 926 - Fax: +33(0)467 708 927 http://www.as-tech.fr From abrook at mrfiddler.sapien.net Mon Aug 27 09:26:43 2001 From: abrook at mrfiddler.sapien.net (Andrew G. Brook) Date: Mon, 27 Aug 2001 10:26:43 -0400 Subject: [pptp-server] Windows XP Message-ID: <20010827102643.A9636@localhost> I'm trying to set up a VPN to our internal network. My friend is helping me test it, and he can't connect. He is using Windows XP. First I was wondering if there are some problems with Windows XP and Poptop. Second, I was wondering if any of you had any ideas. Here is what I'm getting from the logs while his computer is trying to connect: Aug 27 09:51:13 sean pppd[24429]: sent [LCP ConfReq id=0x1 ] Aug 27 09:51:14 sean pppd[24429]: rcvd [LCP ConfReq id=0x4 < 0d 03 06>] Aug 27 09:51:14 sean pppd[24429]: sent [LCP ConfRej id=0x4 < 0d 03 06>] This keeps getting repeated until his connection times out. Any ideas? -- Proposed Additions to the PDP-11 Instruction Set: DC Divide and Conquer DMPK Destroy Memory Protect Key DO Divide and Overflow EMPC Emulate Pocket Calculator EPI Execute Programmer Immediately EROS Erase Read Only Storage EXCE Execute Customer Engineer HCF Halt and Catch Fire IBP Insert Bug and Proceed INSQSW Insert into queue somewhere (for FINO queues [First in never out]) PBC Print and Break Chain PDSK Punch Disk From cmitchel at bigpond.net.au Mon Aug 27 09:30:16 2001 From: cmitchel at bigpond.net.au (Chris Mitchell) Date: Tue, 28 Aug 2001 00:30:16 +1000 Subject: [pptp-server] remote win9x clients fail, clients on the LAN connect... Message-ID: <001a01c12f04$cefebc20$2c00a8c0@dodecaheedron> Hi, Have just setup poptop on a server. Machines on the LAN seem to connect and function correctly (one win2k machine, one win98se machine), however, when a remote client (win98se) tries to connect, it fails with an error I can't seem to find anywhere in this mailing list, or anywhere else, below is the output of the log... This is what happens when trying to connect from a remote dialup... Aug 27 21:49:20 vengabus pptpd[5579]: CTRL: Client 203.220.xx.xx control connection started Aug 27 21:49:20 vengabus pptpd[5579]: CTRL: Starting call (launching pppd, opening GRE) Aug 27 21:49:20 vengabus pppd[5580]: pppd 2.4.1 started by root, uid 0 Aug 27 21:49:20 vengabus pppd[5580]: Using interface ppp1 Aug 27 21:49:20 vengabus pppd[5580]: Connect: ppp1 <--> /dev/pts/2 Aug 27 21:49:20 vengabus pptpd[5579]: Buffering out-of-order packet; got 1 after 4294967295 Aug 27 21:49:21 vengabus pptpd[5579]: Packet reorder timeout waiting for 0 Aug 27 21:49:21 vengabus pptpd[5579]: Buffering out-of-order packet; got 2 after 0 Aug 27 21:49:21 vengabus pppd[5580]: MSCHAP-v2 peer authentication succeeded for jam Aug 27 21:49:21 vengabus pppd[5580]: found interface eth0 for proxy arp Aug 27 21:49:21 vengabus pppd[5580]: local IP address 192.168.0.100 Aug 27 21:49:21 vengabus pppd[5580]: remote IP address 192.168.0.102 Aug 27 21:49:21 vengabus pppd[5580]: MPPE 40 bit, stateless compression enabled Aug 27 21:49:31 vengabus pptpd[5579]: Error writing GRE packet: Operation not permitted Aug 27 21:49:31 vengabus pptpd[5579]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Aug 27 21:49:31 vengabus pptpd[5579]: CTRL: Client 203.220.xx.xx control connection finished Aug 27 21:49:31 vengabus pppd[5580]: Modem hangup Aug 27 21:49:31 vengabus pppd[5580]: Connection terminated. Aug 27 21:49:31 vengabus pppd[5580]: Connect time 0.2 minutes. Aug 27 21:49:31 vengabus pppd[5580]: Sent 136 bytes, received 192 bytes. Aug 27 21:49:31 vengabus pppd[5580]: Exit. Aug 27 22:00:00 vengabus kernel: PPP MPPE compression module unregistered This is what occurs when connecting over the LAN... Aug 27 21:45:26 vengabus pptpd[5221]: CTRL: Client 192.168.0.3 control connection started Aug 27 21:45:26 vengabus pptpd[5221]: CTRL: Starting call (launching pppd, opening GRE) Aug 27 21:45:26 vengabus pppd[5222]: pppd 2.4.1 started by root, uid 0 Aug 27 21:45:26 vengabus pppd[5222]: Using interface ppp1 Aug 27 21:45:26 vengabus pppd[5222]: Connect: ppp1 <--> /dev/pts/2 Aug 27 21:45:26 vengabus pptpd[5221]: Buffering out-of-order packet; got 1 after 4294967295 Aug 27 21:45:26 vengabus pptpd[5221]: Packet reorder timeout waiting for 0 Aug 27 21:45:26 vengabus pptpd[5221]: Buffering out-of-order packet; got 2 after 0 Aug 27 21:45:26 vengabus pppd[5222]: MSCHAP-v2 peer authentication succeeded for jam Aug 27 21:45:26 vengabus pppd[5222]: found interface eth0 for proxy arp Aug 27 21:45:26 vengabus pppd[5222]: local IP address 192.168.0.100 Aug 27 21:45:26 vengabus pppd[5222]: remote IP address 192.168.0.102 Aug 27 21:45:26 vengabus pppd[5222]: MPPE 40 bit, stateless compression enabled Aug 27 21:47:22 vengabus pppd[5222]: LCP terminated by peer Aug 27 21:47:22 vengabus pppd[5222]: Modem hangup Aug 27 21:47:22 vengabus pppd[5222]: Connection terminated. Aug 27 21:47:22 vengabus pppd[5222]: Connect time 2.0 minutes. Aug 27 21:47:22 vengabus pppd[5222]: Sent 556 bytes, received 640 bytes. Aug 27 21:47:23 vengabus pppd[5222]: Exit. any ideas? cheers, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From guehlh at dedigate.com Mon Aug 27 09:39:22 2001 From: guehlh at dedigate.com (=?iso-8859-1?Q?Herv=E9_Guehl?=) Date: Mon, 27 Aug 2001 16:39:22 +0200 Subject: [pptp-server] remote win9x clients fail, clients on the LAN connect... References: <001a01c12f04$cefebc20$2c00a8c0@dodecaheedron> Message-ID: <015901c12f06$106cce80$0a20a8c0@spare001> Seems like protocol 47 is filtered somewhere .. Perhaps in your VPN server ? configure iptables to accept protocol 47 on external interface... (iptables..... -p 47 -j ACCEPT) Regards Herv? ----- Original Message ----- From: Chris Mitchell To: pptp-server at lists.schulte.org Sent: Monday, August 27, 2001 4:30 PM Subject: [pptp-server] remote win9x clients fail, clients on the LAN connect... Hi, Have just setup poptop on a server. Machines on the LAN seem to connect and function correctly (one win2k machine, one win98se machine), however, when a remote client (win98se) tries to connect, it fails with an error I can't seem to find anywhere in this mailing list, or anywhere else, below is the output of the log... This is what happens when trying to connect from a remote dialup... Aug 27 21:49:20 vengabus pptpd[5579]: CTRL: Client 203.220.xx.xx control connection started Aug 27 21:49:20 vengabus pptpd[5579]: CTRL: Starting call (launching pppd, opening GRE) Aug 27 21:49:20 vengabus pppd[5580]: pppd 2.4.1 started by root, uid 0 Aug 27 21:49:20 vengabus pppd[5580]: Using interface ppp1 Aug 27 21:49:20 vengabus pppd[5580]: Connect: ppp1 <--> /dev/pts/2 Aug 27 21:49:20 vengabus pptpd[5579]: Buffering out-of-order packet; got 1 after 4294967295 Aug 27 21:49:21 vengabus pptpd[5579]: Packet reorder timeout waiting for 0 Aug 27 21:49:21 vengabus pptpd[5579]: Buffering out-of-order packet; got 2 after 0 Aug 27 21:49:21 vengabus pppd[5580]: MSCHAP-v2 peer authentication succeeded for jam Aug 27 21:49:21 vengabus pppd[5580]: found interface eth0 for proxy arp Aug 27 21:49:21 vengabus pppd[5580]: local IP address 192.168.0.100 Aug 27 21:49:21 vengabus pppd[5580]: remote IP address 192.168.0.102 Aug 27 21:49:21 vengabus pppd[5580]: MPPE 40 bit, stateless compression enabled Aug 27 21:49:31 vengabus pptpd[5579]: Error writing GRE packet: Operation not permitted Aug 27 21:49:31 vengabus pptpd[5579]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Aug 27 21:49:31 vengabus pptpd[5579]: CTRL: Client 203.220.xx.xx control connection finished Aug 27 21:49:31 vengabus pppd[5580]: Modem hangup Aug 27 21:49:31 vengabus pppd[5580]: Connection terminated. Aug 27 21:49:31 vengabus pppd[5580]: Connect time 0.2 minutes. Aug 27 21:49:31 vengabus pppd[5580]: Sent 136 bytes, received 192 bytes. Aug 27 21:49:31 vengabus pppd[5580]: Exit. Aug 27 22:00:00 vengabus kernel: PPP MPPE compression module unregistered This is what occurs when connecting over the LAN... Aug 27 21:45:26 vengabus pptpd[5221]: CTRL: Client 192.168.0.3 control connection started Aug 27 21:45:26 vengabus pptpd[5221]: CTRL: Starting call (launching pppd, opening GRE) Aug 27 21:45:26 vengabus pppd[5222]: pppd 2.4.1 started by root, uid 0 Aug 27 21:45:26 vengabus pppd[5222]: Using interface ppp1 Aug 27 21:45:26 vengabus pppd[5222]: Connect: ppp1 <--> /dev/pts/2 Aug 27 21:45:26 vengabus pptpd[5221]: Buffering out-of-order packet; got 1 after 4294967295 Aug 27 21:45:26 vengabus pptpd[5221]: Packet reorder timeout waiting for 0 Aug 27 21:45:26 vengabus pptpd[5221]: Buffering out-of-order packet; got 2 after 0 Aug 27 21:45:26 vengabus pppd[5222]: MSCHAP-v2 peer authentication succeeded for jam Aug 27 21:45:26 vengabus pppd[5222]: found interface eth0 for proxy arp Aug 27 21:45:26 vengabus pppd[5222]: local IP address 192.168.0.100 Aug 27 21:45:26 vengabus pppd[5222]: remote IP address 192.168.0.102 Aug 27 21:45:26 vengabus pppd[5222]: MPPE 40 bit, stateless compression enabled Aug 27 21:47:22 vengabus pppd[5222]: LCP terminated by peer Aug 27 21:47:22 vengabus pppd[5222]: Modem hangup Aug 27 21:47:22 vengabus pppd[5222]: Connection terminated. Aug 27 21:47:22 vengabus pppd[5222]: Connect time 2.0 minutes. Aug 27 21:47:22 vengabus pppd[5222]: Sent 556 bytes, received 640 bytes. Aug 27 21:47:23 vengabus pppd[5222]: Exit. any ideas? cheers, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From cmitchel at bigpond.net.au Mon Aug 27 09:57:47 2001 From: cmitchel at bigpond.net.au (Chris Mitchell) Date: Tue, 28 Aug 2001 00:57:47 +1000 Subject: [pptp-server] remote win9x clients fail, clients on the LAN connect... References: Message-ID: <003801c12f08$add9cae0$2c00a8c0@dodecaheedron> thats what i was thinking, however i have: #Allow pptpd connections (port 1723) /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ --sport $PUBLICPORTS --dport 1723 -j ACCEPT /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT /sbin/iptables -A INPUT -i ppp+ \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT /sbin/iptables -A OUTPUT -o ppp+ \ -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT echo "PPTPD allowed" in the firewall......am thinking this should be taking care of that... ----- Original Message ----- From: Americo Kerr Azevedo To: Chris Mitchell Sent: Monday, August 27, 2001 11:21 PM Subject: RES: [pptp-server] remote win9x clients fail, clients on the LAN connect... Seems that your firewall (or firewall rules on the Linux box, if this is the dialup server) is blocking GRE (IP protocol 47) packets. You must allow GRE packet and route TCP port 1723 to the internal VPN server. -----Mensagem original----- De: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]Em nome de Chris Mitchell Enviada em: segunda-feira, 27 de agosto de 2001 11:30 Para: pptp-server at lists.schulte.org Assunto: [pptp-server] remote win9x clients fail, clients on the LAN connect... Hi, Have just setup poptop on a server. Machines on the LAN seem to connect and function correctly (one win2k machine, one win98se machine), however, when a remote client (win98se) tries to connect, it fails with an error I can't seem to find anywhere in this mailing list, or anywhere else, below is the output of the log... This is what happens when trying to connect from a remote dialup... Aug 27 21:49:20 vengabus pptpd[5579]: CTRL: Client 203.220.xx.xx control connection started Aug 27 21:49:20 vengabus pptpd[5579]: CTRL: Starting call (launching pppd, opening GRE) Aug 27 21:49:20 vengabus pppd[5580]: pppd 2.4.1 started by root, uid 0 Aug 27 21:49:20 vengabus pppd[5580]: Using interface ppp1 Aug 27 21:49:20 vengabus pppd[5580]: Connect: ppp1 <--> /dev/pts/2 Aug 27 21:49:20 vengabus pptpd[5579]: Buffering out-of-order packet; got 1 after 4294967295 Aug 27 21:49:21 vengabus pptpd[5579]: Packet reorder timeout waiting for 0 Aug 27 21:49:21 vengabus pptpd[5579]: Buffering out-of-order packet; got 2 after 0 Aug 27 21:49:21 vengabus pppd[5580]: MSCHAP-v2 peer authentication succeeded for jam Aug 27 21:49:21 vengabus pppd[5580]: found interface eth0 for proxy arp Aug 27 21:49:21 vengabus pppd[5580]: local IP address 192.168.0.100 Aug 27 21:49:21 vengabus pppd[5580]: remote IP address 192.168.0.102 Aug 27 21:49:21 vengabus pppd[5580]: MPPE 40 bit, stateless compression enabled Aug 27 21:49:31 vengabus pptpd[5579]: Error writing GRE packet: Operation not permitted Aug 27 21:49:31 vengabus pptpd[5579]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Aug 27 21:49:31 vengabus pptpd[5579]: CTRL: Client 203.220.xx.xx control connection finished Aug 27 21:49:31 vengabus pppd[5580]: Modem hangup Aug 27 21:49:31 vengabus pppd[5580]: Connection terminated. Aug 27 21:49:31 vengabus pppd[5580]: Connect time 0.2 minutes. Aug 27 21:49:31 vengabus pppd[5580]: Sent 136 bytes, received 192 bytes. Aug 27 21:49:31 vengabus pppd[5580]: Exit. Aug 27 22:00:00 vengabus kernel: PPP MPPE compression module unregistered This is what occurs when connecting over the LAN... Aug 27 21:45:26 vengabus pptpd[5221]: CTRL: Client 192.168.0.3 control connection started Aug 27 21:45:26 vengabus pptpd[5221]: CTRL: Starting call (launching pppd, opening GRE) Aug 27 21:45:26 vengabus pppd[5222]: pppd 2.4.1 started by root, uid 0 Aug 27 21:45:26 vengabus pppd[5222]: Using interface ppp1 Aug 27 21:45:26 vengabus pppd[5222]: Connect: ppp1 <--> /dev/pts/2 Aug 27 21:45:26 vengabus pptpd[5221]: Buffering out-of-order packet; got 1 after 4294967295 Aug 27 21:45:26 vengabus pptpd[5221]: Packet reorder timeout waiting for 0 Aug 27 21:45:26 vengabus pptpd[5221]: Buffering out-of-order packet; got 2 after 0 Aug 27 21:45:26 vengabus pppd[5222]: MSCHAP-v2 peer authentication succeeded for jam Aug 27 21:45:26 vengabus pppd[5222]: found interface eth0 for proxy arp Aug 27 21:45:26 vengabus pppd[5222]: local IP address 192.168.0.100 Aug 27 21:45:26 vengabus pppd[5222]: remote IP address 192.168.0.102 Aug 27 21:45:26 vengabus pppd[5222]: MPPE 40 bit, stateless compression enabled Aug 27 21:47:22 vengabus pppd[5222]: LCP terminated by peer Aug 27 21:47:22 vengabus pppd[5222]: Modem hangup Aug 27 21:47:22 vengabus pppd[5222]: Connection terminated. Aug 27 21:47:22 vengabus pppd[5222]: Connect time 2.0 minutes. Aug 27 21:47:22 vengabus pppd[5222]: Sent 556 bytes, received 640 bytes. Aug 27 21:47:23 vengabus pppd[5222]: Exit. any ideas? cheers, Chris -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at myfrancis.net Mon Aug 27 10:43:44 2001 From: matt at myfrancis.net (Matt Francis) Date: Mon, 27 Aug 2001 10:43:44 -0500 (CDT) Subject: [pptp-server] xinetd module for pptpctrl? Message-ID: Hey all... I can't find an xinetd module to load up pptpctrl. Is anyone using xinetd to load pptpctrl, or does it have to be run by inetd? Thanks again, Matt From jamie at no.spam.jam.ca Mon Aug 27 15:03:29 2001 From: jamie at no.spam.jam.ca (Jamie Miller) Date: Mon, 27 Aug 2001 16:03:29 -0400 (EDT) Subject: [pptp-server] GRE: read error: Protocol not available Message-ID: <998942609.3b8aa791768bd@garcia.jam.ca> Howdy folks, I'm running kernel 2.4.9, pptpd-1.1.2 (tried the stable version too), and ppp-2.4.1. I'm unable to connect my pptpd server from either Win98SE, or Win2K. The logfile output follows: /var/log/messages: pptpd[656]: CTRL: Client 200.200.190.160 control connection started pptpd[656]: CTRL: Starting call (launching pppd, opening GRE) pppd 2.4.1 started by root, uid 0 pppd[657]: Using interface ppp0 pppd[657]: Connect: ppp0 <--> /dev/pts/1 pptpd[656]: GRE: read error: Protocol not available pptpd[656]: CTRL: PTY read or GRE write failed (pty,gre)=(4,5) pptpd[656]: CTRL: Client 200.200.190.160 control connection finished pppd[657]: Modem hangup pppd[657]: Connection terminated. pppd[657]: Exit. /var/log/pptpd.log: Aug 27 15:13:14 vpn pppd[657]: pppd 2.4.1 started by root, uid 0 Aug 27 15:13:14 vpn pppd[657]: using channel 2 Aug 27 15:13:14 vpn pppd[657]: Using interface ppp0 Aug 27 15:13:14 vpn pppd[657]: Connect: ppp0 <--> /dev/pts/1 Aug 27 15:13:14 vpn pppd[657]: sent [LCP ConfReq id=0x1 ] Aug 27 15:13:14 vpn pppd[657]: Modem hangup Aug 27 15:13:14 vpn pppd[657]: Connection terminated. Aug 27 15:13:14 vpn pppd[657]: Exit. Any help would be appreciated, Thanks, -- Jamie From berzerke at swbell.net Mon Aug 27 19:19:32 2001 From: berzerke at swbell.net (robert) Date: Mon, 27 Aug 2001 19:19:32 -0500 Subject: [pptp-server] remote win9x clients fail, clients on the LAN connect... In-Reply-To: <003801c12f08$add9cae0$2c00a8c0@dodecaheedron> References: <003801c12f08$add9cae0$2c00a8c0@dodecaheedron> Message-ID: <0GIR00N504RU2W@mta4.rcsntx.swbell.net> That section is correct. I'm thinking you haven't enabled forwarding between the ppp interface and the lan. A complete (and working) example iptables firewall is at http://home.swbell.net/berzerke . Try the whole thing and see the problem persists. On Monday 27 August 2001 09:57 am, Chris Mitchell wrote: > thats what i was thinking, however i have: > > #Allow pptpd connections (port 1723) > /sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP \ > --sport $PUBLICPORTS --dport 1723 -j ACCEPT > /sbin/iptables -t nat -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > /sbin/iptables -A OUTPUT -o $EXTINT -p 47 -j ACCEPT > /sbin/iptables -A INPUT -i $EXTINT -p 47 -j ACCEPT > /sbin/iptables -A INPUT -i ppp+ \ > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > /sbin/iptables -A OUTPUT -o ppp+ \ > -s $LOCALNETWORK -d $LOCALNETWORK -j ACCEPT > echo "PPTPD allowed" > > in the firewall......am thinking this should be taking care of that... > > > ----- Original Message ----- > From: Americo Kerr Azevedo > To: Chris Mitchell > Sent: Monday, August 27, 2001 11:21 PM > Subject: RES: [pptp-server] remote win9x clients fail, clients on the LAN > connect... > > > Seems that your firewall (or firewall rules on the Linux box, if this is > the dialup server) is blocking GRE (IP protocol 47) packets. You must allow > GRE packet and route TCP port 1723 to the internal VPN server. > -----Mensagem original----- > De: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]Em nome de Chris Mitchell > Enviada em: segunda-feira, 27 de agosto de 2001 11:30 > Para: pptp-server at lists.schulte.org > Assunto: [pptp-server] remote win9x clients fail, clients on the LAN > connect... > > > > Hi, > > Have just setup poptop on a server. Machines on the LAN seem to connect > and function correctly (one win2k machine, one win98se machine), however, > when a remote client (win98se) tries to connect, it fails with an error I > can't seem to find anywhere in this mailing list, or anywhere else, below > is the output of the log... > > This is what happens when trying to connect from a remote dialup... > > Aug 27 21:49:20 vengabus pptpd[5579]: CTRL: Client 203.220.xx.xx > control connection started Aug 27 21:49:20 vengabus pptpd[5579]: CTRL: > Starting call (launching pppd, opening GRE) Aug 27 21:49:20 vengabus > pppd[5580]: pppd 2.4.1 started by root, uid 0 Aug 27 21:49:20 vengabus > pppd[5580]: Using interface ppp1 > Aug 27 21:49:20 vengabus pppd[5580]: Connect: ppp1 <--> /dev/pts/2 > Aug 27 21:49:20 vengabus pptpd[5579]: Buffering out-of-order packet; > got 1 after 4294967295 Aug 27 21:49:21 vengabus pptpd[5579]: Packet reorder > timeout waiting for 0 Aug 27 21:49:21 vengabus pptpd[5579]: Buffering > out-of-order packet; got 2 after 0 Aug 27 21:49:21 vengabus pppd[5580]: > MSCHAP-v2 peer authentication succeeded for jam Aug 27 21:49:21 vengabus > pppd[5580]: found interface eth0 for proxy arp Aug 27 21:49:21 vengabus > pppd[5580]: local IP address 192.168.0.100 Aug 27 21:49:21 vengabus > pppd[5580]: remote IP address 192.168.0.102 Aug 27 21:49:21 vengabus > pppd[5580]: MPPE 40 bit, stateless compression enabled Aug 27 21:49:31 > vengabus pptpd[5579]: Error writing GRE packet: Operation not permitted Aug > 27 21:49:31 vengabus pptpd[5579]: CTRL: GRE read or PTY write failed > (gre,pty)=(6,5) Aug 27 21:49:31 vengabus pptpd[5579]: CTRL: Client > 203.220.xx.xx control connection finished Aug 27 21:49:31 vengabus > pppd[5580]: Modem hangup > Aug 27 21:49:31 vengabus pppd[5580]: Connection terminated. > Aug 27 21:49:31 vengabus pppd[5580]: Connect time 0.2 minutes. > Aug 27 21:49:31 vengabus pppd[5580]: Sent 136 bytes, received 192 > bytes. Aug 27 21:49:31 vengabus pppd[5580]: Exit. > Aug 27 22:00:00 vengabus kernel: PPP MPPE compression module > unregistered > > This is what occurs when connecting over the LAN... > > Aug 27 21:45:26 vengabus pptpd[5221]: CTRL: Client 192.168.0.3 control > connection started Aug 27 21:45:26 vengabus pptpd[5221]: CTRL: Starting > call (launching pppd, opening GRE) Aug 27 21:45:26 vengabus pppd[5222]: > pppd 2.4.1 started by root, uid 0 Aug 27 21:45:26 vengabus pppd[5222]: > Using interface ppp1 > Aug 27 21:45:26 vengabus pppd[5222]: Connect: ppp1 <--> /dev/pts/2 > Aug 27 21:45:26 vengabus pptpd[5221]: Buffering out-of-order packet; > got 1 after 4294967295 Aug 27 21:45:26 vengabus pptpd[5221]: Packet reorder > timeout waiting for 0 Aug 27 21:45:26 vengabus pptpd[5221]: Buffering > out-of-order packet; got 2 after 0 Aug 27 21:45:26 vengabus pppd[5222]: > MSCHAP-v2 peer authentication succeeded for jam Aug 27 21:45:26 vengabus > pppd[5222]: found interface eth0 for proxy arp Aug 27 21:45:26 vengabus > pppd[5222]: local IP address 192.168.0.100 Aug 27 21:45:26 vengabus > pppd[5222]: remote IP address 192.168.0.102 Aug 27 21:45:26 vengabus > pppd[5222]: MPPE 40 bit, stateless compression enabled Aug 27 21:47:22 > vengabus pppd[5222]: LCP terminated by peer > Aug 27 21:47:22 vengabus pppd[5222]: Modem hangup > Aug 27 21:47:22 vengabus pppd[5222]: Connection terminated. > Aug 27 21:47:22 vengabus pppd[5222]: Connect time 2.0 minutes. > Aug 27 21:47:22 vengabus pppd[5222]: Sent 556 bytes, received 640 > bytes. Aug 27 21:47:23 vengabus pppd[5222]: Exit. > > any ideas? > > cheers, > > Chris From berzerke at swbell.net Mon Aug 27 19:22:20 2001 From: berzerke at swbell.net (robert) Date: Mon, 27 Aug 2001 19:22:20 -0500 Subject: [pptp-server] xinetd module for pptpctrl? In-Reply-To: References: Message-ID: <0GIR00BPL4WF47@mta4.rcsntx.swbell.net> I start with by adding a line to the rc.local script, i.e.: /usr/local/sbin/pptpd -d No xinetd or inetd needed. On Monday 27 August 2001 10:43 am, Matt Francis wrote: > Hey all... > I can't find an xinetd module to load up pptpctrl. Is anyone using xinetd > to load pptpctrl, or does it have to be run by inetd? > > Thanks again, > Matt > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From patrickl at steltor.com Tue Aug 28 06:17:09 2001 From: patrickl at steltor.com (Patrick LIN) Date: Tue, 28 Aug 2001 07:17:09 -0400 Subject: [pptp-server] MPPC support in PPTD Message-ID: <3B8B7DB5.5080104@steltor.com> Hi, i want to know if there are somewhere, someone who make a patch for PPPD to support MPPC or any sort of compression supported by windows ? if so can someone can point me to this ressources thanks Best Regards, patrick -- ____________ __________________________________( / ________| | / \ | This message is transmitted by | \ \ | 100 % recycled electrons |___________\ / |__________________________________( /__________) From apl at informatik.uni-rostock.de Tue Aug 28 07:08:12 2001 From: apl at informatik.uni-rostock.de (Alexander Polonsky) Date: Tue, 28 Aug 2001 14:08:12 +0200 (MET DST) Subject: [pptp-server] Error 720 In-Reply-To: Message-ID: Hi, Steven! > You have to patch your kernel to support mppe encryption, which is the > encryption part of poptop, and then patch ppp to support encryption as well. > remember win2k doesnt have 128 bit encryption until you install the patch. I have done this. ppp_mppe module seems to work, because I tried pptp between Linux client and my PoPToP server - it works, and tcpdump shows that the traffic is encrypted. > besides that, your /etc/ppp/options.pptp file should look like this: > > " > lock > debug > name server > auth > require-chap > nobsdcomp > nodeflate > #proxyarp > > +chap > +chapms > +chapms-v2 > > mppe-40 > mppe-128 > mppe-stateless > > # require-mppe > " > > so when you run the pptpd file, it should work straight away. Monitor the > /var/log/messages file closely when your win boxes are connecting. it > should say mppe-40 or mppe-128 bit encryption when they connect. If they > dont connect, then disable "require encryption" and see if they connect, if > they still dont connect then something is majorly wrong (ie did you do a > killall pptpd and didnt type pptpd again? ipchains rules too strong? etc). > When you get it all worked out it should work sweetly. I have changed options.pptp and disabled deflate and bsd compression, but it doesn't help. As far as I know windows does not support both compression types. The following line in log says that mppe level seems to be ok: Aug 27 11:27:28 nebel pppd[24620]: rcvd [CCP ConfAck id=0x3 ] Aug 27 11:27:28 nebel pppd[24620]: MPPE 40 bit, stateless compression enabled ..but look further: Aug 27 11:27:28 nebel pppd[24620]: rcvd [LCP TermReq id=0x4] Aug 27 11:27:28 nebel pppd[24620]: LCP terminated by peer Aug 27 11:27:28 nebel pppd[24620]: IPCP: Down event in state 1! Aug 27 11:27:28 nebel pppd[24620]: Timeout 0x80503d4:0x80784c0 in 3 seconds. Aug 27 11:27:28 nebel pppd[24620]: sent [LCP TermAck id=0x4] Aug 27 11:27:28 nebel pptpd[24619]: CTRL: Received PPTP Control Message (type: 12) Aug 27 11:27:28 nebel pptpd[24619]: CTRL: Made a CALL DISCONNECT RPLY packet Seems like Windows drops LCP level without reason and shows error 720!!! I have also noticed that when encryption is completely off, Windows says connection established, but does not initiate any IPCP negotiotions and leaves PPP interface without IP address. This is OEM version of german Win98se on laptop and I cannot find other windows boxes to try, so I should set it up here. Any ideas? Thanks, Alexander From charlieb at e-smith.com Tue Aug 28 09:24:39 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 28 Aug 2001 10:24:39 -0400 (EDT) Subject: [pptp-server] MPPC support in PPTD In-Reply-To: <3B8B7DB5.5080104@steltor.com> Message-ID: On Tue, 28 Aug 2001, Patrick LIN wrote: > i want to know if there are somewhere, someone who make a patch for PPPD > to support MPPC or any sort of compression supported by windows ? I've searched for, but haven't found, such patches. AIUI, MPPC is the only compression supported by Windows PPTP. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From Josh.Howlett at bristol.ac.uk Tue Aug 28 11:03:17 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Tue, 28 Aug 2001 17:03:17 +0100 (BST) Subject: [pptp-server] pptp and pppoe In-Reply-To: <01082715321909.00239@jpj> Message-ID: Yeah, I run PPTP over PPPoE fine. Mail me for more info. josh. On Mon, 27 Aug 2001, jpj wrote: > Hi there, > The PPTP server works perfectly localy. > "Use remote as default gateway" on the windows client is also off. > I'm really lost. I tried on a second site using pppoe and i also get the same > problem. > Is there any confirmation about PPTP working together with PPPOE ? > Thanks for any idea. > JPJ > > > > > On Lundi 20 Ao{t 2001 22:10, George Vieira wrote: > > I think your problem is the "timeout sending Config-Requests".. not the > > other one. > > > > Can you connect locally from another machine on the local LAN to check that > > PPTP is working properly? It should work locally as well as over the net.. > > if it does work properly locally then the problem with when it over the net > > and nothing (well not really) to do with PPTP. > > > > Also, Have you turned off "Use remote as default gateway" on your Windows > > machines (PPTP clients)??? > > > > thanks, > > George Vieira > > Network Engineer > > Citadel Computer Systems P/L > > PH +(61)2 9955 2644 > > FX +(61)2 9955 2659 > > > > -----Original Message----- > > From: jpj [mailto:jpj at as-tech.fr] > > Sent: Tuesday, August 21, 2001 8:16 AM > > To: George Vieira > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] pptp and pppoe > > > > > > Hi, > > > > I've try localip in 192.168.0.245 with remoteip in 192.168.0.26 and > > I added nodefaultroute in /etc/ppp/options.pptp > > > > No changes, I still get: > > CTRL: PTY read or GRE write failed (pty,gre)=(5,6) > > > > What else can I try, I'm really lost. > > > > Thanks for your help > > JPJ > > > > On Lundi 6 Ao{t 2001 22:02, George Vieira wrote: > > > Firstly, remove the large range for "localip" and use a single IP > > > (preferably the local LAN one for proxyarp to work). > > > > > > Then use a "remoteip" range which is in the SAME subnet as "localip" OR > > > change the "localip" to be in the same subnet as "remoteip". > > > > > > Then get back to us if it still fails... > > > > > > thanks, > > > George Vieira > > > Network Engineer > > > Citadel Computer Systems P/L > > > PH +(61)2 9955 2644 > > > FX +(61)2 9955 2659 > > > > > > -----Original Message----- > > > From: jpj [mailto:jpj at as-tech.fr] > > > Sent: Tuesday, August 07, 2001 2:01 AM > > > To: George Vieira > > > Cc: pptp-server at lists.schulte.org > > > Subject: Re: [pptp-server] pptp and pppoe > > > > > > > > > > > > Hi, > > > Yes the win9x are on other sites and connecting to the server through > > > internet access. > > > > > > pptpd.conf: > > > option /etc/ppp/options.pptp > > > debug > > > localip 192.168.0.234-238,192.168.0.245 > > > remoteip 192.168.1.234-238,192.168.1.245 > > > > > > /etc/ppp/options.pptp: > > > lock > > > debug > > > auth > > > +chap > > > proxyarp > > > > > > /etc/ppp/chap-secrets > > > jpj * snoopy * > > > > > > Firewall rules disabled (except masquerading) > > > ipchains -A forward -s 192.6.8.0/24 -d 0.0.0.0/0 -j MASQ > > > > > > > > > I've try several things like > > > localip 192.168.200.234 and remoteip 192.168.200.224 in pptpd.conf > > > ip adresse in chap-secret > > > On the server side the internal adresse is 192.6.8.0/24 > > > On the othe site the internal adress is 192.168.0.0/24 > > > > > > No effectcs on the connection i still get the error 650 on the win9x > > > station. > > > Thanks for your help > > > > > > On Dimanche 5 Ao{t 2001 23:55, you wrote: > > > > I'm a bit confused, "to win9x stations" are you saying that the Win9x > > > > stations are outside and connecting to the ADSL server? > > > > > > > > Can you send me your file ie, /etc/ppp/chap-secrets pptpd.conf and > > > > > > anything > > > > > > > else that might show where the problem is...?? > > > > > > > > -----Original Message----- > > > > From: jpj [mailto:jpj at as-tech.fr] > > > > Sent: Monday, August 06, 2001 11:03 AM > > > > To: pptp-server at lists.schulte.org > > > > Subject: [pptp-server] pptp and pppoe > > > > > > > > > > > > Hi all, > > > > > > > > I have a Linux server connected to ADSL line with PPPOE and I need to > > > > create VPN connections to win9x client stations. > > > > For this I'm trying to use PPTPD but I always get an error 650 on the > > > > client side > > > > > > > > Thanks > > > > > > > > Following is the content of the pptpd.log > > > > > > > > .. Aug 6 00:47:35 thor pptpd[2407]: MGR: Manager process started > > > > Aug 6 00:47:45 thor pptpd[2409]: MGR: Launching > > > > /usr/local/sbin/pptpctrl to handle client > > > > Aug 6 00:47:45 thor pptpd[2409]: CTRL: pppd options file = > > > > /etc/ppp/options.pptp > > > > Aug 6 00:47:45 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > > > > connection started > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > > > > (type: 1) > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a START CTRL CONN RPLY > > > > packet > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 156 bytes to the > > > > client. > > > > > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Received PPTP Control Message > > > > (type: 7) > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Set parameters to 0 maxbps, 16 > > > > window size > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Made a OUT CALL RPLY packet > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Starting call (launching pppd, > > > > opening GRE) > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: pty_fd = 5 > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: tty_fd = 6 > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: I wrote 32 bytes to the client. > > > > Aug 6 00:47:46 thor pptpd[2409]: CTRL: Sent packet to client > > > > Aug 6 00:47:46 thor pptpd[2410]: CTRL (PPPD Launcher): Connection > > > > speed = 115200 > > > > Aug 6 00:47:46 thor pppd[2410]: pppd 2.3.11 started by root, uid 0 > > > > Aug 6 00:47:46 thor pppd[2410]: Using interface ppp1 > > > > Aug 6 00:47:46 thor pppd[2410]: Connect: ppp1 <--> /dev/pts/8 > > > > Aug 6 00:47:46 thor pppd[2410]: sent [LCP ConfReq id=0x1 > > > > ] > > > > Aug 6 00:48:13 thor last message repeated 9 times > > > > Aug 6 00:48:16 thor pppd[2410]: LCP: timeout sending Config-Requests > > > > Aug 6 00:48:16 thor pptpd[2409]: GRE: > > > > read(fd=5,buffer=804d840,len=8196) from PTY failed: status = -1 error = > > > > Input/output error > > > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: PTY read or GRE write failed > > > > (pty,gre)=(5,6) > > > > Aug 6 00:48:16 thor pppd[2410]: Connection terminated. > > > > Aug 6 00:48:16 thor pppd[2410]: Exit. > > > > Aug 6 00:48:16 thor pptpd[2407]: MGR: Reaped child 2409 > > > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Client 194.183.xxx.xxx control > > > > connection finished > > > > Aug 6 00:48:16 thor pptpd[2409]: CTRL: Exiting now > > > > > > > > > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > -- > AS-TECH > Ingenierie Systeme et Reseaux > Les Crozasses - 34670 St Bres -France > Tel: +33 (0)467 708 926 - Fax: +33(0)467 708 927 > http://www.as-tech.fr > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --------------------------------------- Josh Howlett, Network Supervisor, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From patrickl at steltor.com Tue Aug 28 14:04:49 2001 From: patrickl at steltor.com (Patrick LIN) Date: Tue, 28 Aug 2001 15:04:49 -0400 Subject: RES: [pptp-server] MPPC support in PPTD References: Message-ID: <3B8BEB51.8070302@steltor.com> Ok thanks but it is MPPC not MPPE i search for :) anyway my MPPE works like a charm just want a little bit of compression thanks patrick Americo Kerr Azevedo wrote: > U can find the patch you need here: http://mirror.binarix.com/ppp-mppe/ > > Americo > americo at rhesus.com > > -----Mensagem original----- > De: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]Em nome de Patrick LIN > Enviada em: ter?a-feira, 28 de agosto de 2001 08:17 > Para: PPTP Server Mailing list > Assunto: [pptp-server] MPPC support in PPTD > > > Hi, > > i want to know if there are somewhere, someone who make a patch for PPPD > to support MPPC or any sort of compression supported by windows ? > > if so can someone can point me to this ressources > > thanks > > Best Regards, > patrick > -- > ____________ > __________________________________( / > ________| | / > \ | This message is transmitted by | \ > \ | 100 % recycled electrons |___________\ > / |__________________________________( > /__________) > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > -- ____________ __________________________________( / ________| | / \ | This message is transmitted by | \ \ | 100 % recycled electrons |___________\ / |__________________________________( /__________) From charlieb at e-smith.com Tue Aug 28 14:25:34 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 28 Aug 2001 15:25:34 -0400 (EDT) Subject: RES: [pptp-server] MPPC support in PPTD In-Reply-To: <3B8BEB51.8070302@steltor.com> Message-ID: On Tue, 28 Aug 2001, Patrick LIN wrote: > thanks but it is MPPC not MPPE i search for :) > anyway my MPPE works like a charm just want a little bit of compression Which is what MPPC is. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From patrickl at steltor.com Tue Aug 28 14:43:52 2001 From: patrickl at steltor.com (Patrick LIN) Date: Tue, 28 Aug 2001 15:43:52 -0400 Subject: RES: [pptp-server] MPPC support in PPTD References: Message-ID: <3B8BF478.7010107@steltor.com> MPPC = Microsoft Point to Point Compression MPPE = Microsoft Point to Point Encryption Patrick Charlie Brady wrote: > On Tue, 28 Aug 2001, Patrick LIN wrote: > > >>thanks but it is MPPC not MPPE i search for :) >>anyway my MPPE works like a charm just want a little bit of compression >> > > Which is what MPPC is. > > -- ____________ __________________________________( / ________| | / \ | This message is transmitted by | \ \ | 100 % recycled electrons |___________\ / |__________________________________( /__________) From charlieb at e-smith.com Tue Aug 28 14:47:18 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 28 Aug 2001 15:47:18 -0400 (EDT) Subject: RES: [pptp-server] MPPC support in PPTD In-Reply-To: <3B8BF478.7010107@steltor.com> Message-ID: On Tue, 28 Aug 2001, Patrick LIN wrote: > MPPC = Microsoft Point to Point Compression > MPPE = Microsoft Point to Point Encryption I know! I am trying to tell you that. I am also trying to tell you that as far as I can tell, nobody has written any mppc code for pppd/pptpd for linux. Hence you cannot have the little bit of compression that you desire. Regards -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From GeorgeV at citadelcomputer.com.au Tue Aug 28 17:45:40 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 29 Aug 2001 08:45:40 +1000 Subject: [pptp-server] MPPE compression Message-ID: <200FAA488DE0D41194F10010B597610D1CEC9A@JUPITER> Hi all, Sorry if I'm not reading my mail carefully but on the discussion of MPPE and compression, my Syslog Monitor software under Windows has just shown up a message from PPP which I never noticed before and SM tells me it's "unknown syslog" so that tells me it's a first time it's gotten this too. It's the message: MPPE 128 bit, stateless receive compression enabled I (nor my software) have never noticed this message before, does this mean compression with encryption is now on? Funny enough, my MPPE dying problems are now over.. the !DAMN! CPU fan had disconnected and the CPU kept over heating which weirdly stopped the MPPE and eventually killing the CPU (Lucky it's a little Pent 233 CPU and cheap).... Now my MPPE problems are over.. funny how hardware faults trigger weird problems in software...????? thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 From ismandya at sains.com.my Tue Aug 28 21:02:03 2001 From: ismandya at sains.com.my (kukulkan) Date: Wed, 29 Aug 2001 10:02:03 +0800 Subject: [pptp-server] login user running script automatically Message-ID: <3B8C4D1A.A7F8BFDD@sains.com.my> Hi all, where can i set the setting for the user so that when they login into the pptp server, they may then run a script on the server automatically?Ok, lets say that I only allow the user with i bob to use the pptp server, an automatic script run for him will log his connection, run a script to limit his connection time?any idea how? From GeorgeV at citadelcomputer.com.au Wed Aug 29 00:00:20 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 29 Aug 2001 15:00:20 +1000 Subject: [pptp-server] Off topic a bit.. Message-ID: <200FAA488DE0D41194F10010B597610D1CECA9@JUPITER> Hi all, I have a client who is currently running Altavista Tunnelling software which I think are now no longer. It uses 56Bit Key encryption and keeps changing. We've been asked about replacing this system for another product. They are running NT (I preffered Linux 2.4) and I was thinking between PPTP and IPSec. I know PPTP requires 128Bit encription patches for DUN ( Not sure about W9x ) and IPSec I think handles Keys. If they do go for PPTP, how do you enable it on NT server (This part if definitely off topic)... Or even W2000 server, I think it's got IPSEC built in doesn't it??? I'm lost. any help would be greatly appreciated.. thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 From P39036 at exchange.sihe.ac.uk Wed Aug 29 09:42:33 2001 From: P39036 at exchange.sihe.ac.uk (P39036) Date: Wed, 29 Aug 2001 15:42:33 +0100 Subject: [pptp-server] Verification of PPTP Tunnel Message-ID: <985E3563906ED411AAB800A0C9B4214E94A659@EXCHANGE> Hi all This may be a simple question, but I hope you can help me with it. I have a Win98SE client, communicating via a PPTP tunnel with a Linux server. How can I be sure that the packets passing between them are travelling THROUGH the tunnel, and not just going round it ? For example, I want the client to send a HTTP request and download a web page from the server, all through the tunnel. Yet, when I deny port 80 (HTTP) at the Cisco router between them, the browsing is stopped. This suggests to me that the tunnel is not being used. Do I have to set up a special gateway at the client/server to force all communications through the tunnel ? Am I just being dumb ? Thanks in advance. Ken John BSc PGDip CCNA From martin at tuatha.org Wed Aug 29 11:53:32 2001 From: martin at tuatha.org (Martin Feeney) Date: Wed, 29 Aug 2001 17:53:32 +0100 Subject: [pptp-server] Poptop and Linux Kernel 2.4.9 In-Reply-To: <20010829151329.M4985@greenspot.nwcgroup.com>; from martin@tuatha.org on Thu, Jan 01, 1970 at 01:00:00 +0100 References: <20010829151329.M4985@greenspot.nwcgroup.com> Message-ID: <20010829175332.P4985@greenspot.nwcgroup.com> I'm at my wits' end here. Anyone got kernel 2.4 and poptop working? I'm using pppd 2.4.1 with strip-ms-domain and mppe patches (both applied cleanly) and kernel 2.4.9 with mppe patch (applied cleanly). If I connect with the linux pptp client (1.03) (doesn't matter what version of kernel I use), I get the logs in the attached file. Now the weird thing, If I try to connect with a windows client it works. I'm using poptop 1.0.0-4 (debian package). I could upgrade to a later version, but it would mean maintaining custom versions on multiple machines which I'd rather not do unless someone can tell me for sure that 1.0.1 or 1.1.2 works with kernel 2.4.9. OK, tested with 1.0.1 and 1.1.2 - both have the same problem. Also went back to ppp-2.4.0 just in case - no help whatsoever. I'm thinking of moving to ipsec for linux <-> linux tunnels anyway, but I'd be happy to hear if anyone has gotten poptop+kernel 2.4.9 to work while connecting from a linux pptp client. To summarise (no other changes were made except the kernel version): Server (poptop) Client | linux-2.2 | linux-2.4.9 -------------+-----------+------------- linux-2.2.19 | works | FAILS(1) linux-2.4.6 | works | FAILS(1) linux-2.4.9 | works | FAILS(2) win2k | works | works (1) server gets Modem hangup, client doesn't - it retries until it fails. (2) both server and client get Modem hangup. Client gets SIGHUP. Not sure whether to blame ppp, pptp-client or poptop as there are conflicting symptoms. Anyone have any pointers as to what may be going on? -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: pptplogs.txt URL: From martin at tuatha.org Wed Aug 29 13:30:27 2001 From: martin at tuatha.org (Martin Feeney) Date: Wed, 29 Aug 2001 19:30:27 +0100 Subject: [pptp-server] Poptop and Linux Kernel 2.4.9 In-Reply-To: <20010829175332.P4985@greenspot.nwcgroup.com>; from martin@tuatha.org on Wed, Aug 29, 2001 at 17:53:32 +0100 References: <20010829151329.M4985@greenspot.nwcgroup.com> <20010829175332.P4985@greenspot.nwcgroup.com> Message-ID: <20010829193027.V4985@greenspot.nwcgroup.com> Thanks very much to those who replied - no joy yet though. After much tcpdumping I know what's happening, but I still don't know why. It looks to be a timing/retry issue of sorts. 3 scenarios are important here: 1. Linux pptp client connecting to poptop on my 2.2 kernel. 2. Linux pptp-client connecting to poptop on my 2.4 kernel. 3. win2k connecting to poptop on my 2.4 kernel. 1. Control connection established. Server tries to contact client via GRE tunnel. Client doesn't have it open yet. Server retries and client does have it open this time. Handshaking occurs everyone is happy. doesn't matter if the client is running a 2.2 or 2.4 kernel. 2. Control connection established. Server tries to contact client via GRE tunnel. Client doesn't have it open yet. Server doesn't retry, aborts connection. If the client is on a 2.2 kernel, it doesn't know that the server has aborted and retries until it reaches it's limit (usually 10). If the client is on a 2.4 kernel, it realises that the server has given up and does the same. 3. Control connection established. Server tries to contact client via GRE tunnel. Client has gre protocol open and everything goes according to plan. Big question here is why does the kernel version seem to change the behaviour of poptop (to retry or not) and pptp-client (to give up or not)? Should poptop retry the gre exchange or should pptp-client open it at the same time as it opens the control(1723) tcp connection? Martin. From GeorgeV at citadelcomputer.com.au Wed Aug 29 18:11:34 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 30 Aug 2001 09:11:34 +1000 Subject: [pptp-server] Verification of PPTP Tunnel Message-ID: <200FAA488DE0D41194F10010B597610D1CECB0@jupiter.citadelcomputer.com.au> This all depends on how your browsing the page.... If your tunnel IPs are 192.168.0.1 <-> 192.168.0.2 and your browsing the outside IP address eg. 203.xxx.xxx.xxx then this won't work... you must browse the tunnel IP of the server. Can you provide the setup information and anything else with it that we can check what's going on..... thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: P39036 [mailto:P39036 at exchange.sihe.ac.uk] Sent: Thursday, August 30, 2001 12:43 AM To: 'pptp-server at lists.schulte.org' Subject: [pptp-server] Verification of PPTP Tunnel Hi all This may be a simple question, but I hope you can help me with it. I have a Win98SE client, communicating via a PPTP tunnel with a Linux server. How can I be sure that the packets passing between them are travelling THROUGH the tunnel, and not just going round it ? For example, I want the client to send a HTTP request and download a web page from the server, all through the tunnel. Yet, when I deny port 80 (HTTP) at the Cisco router between them, the browsing is stopped. This suggests to me that the tunnel is not being used. Do I have to set up a special gateway at the client/server to force all communications through the tunnel ? Am I just being dumb ? Thanks in advance. Ken John BSc PGDip CCNA _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From P39036 at exchange.sihe.ac.uk Thu Aug 30 05:05:16 2001 From: P39036 at exchange.sihe.ac.uk (P39036) Date: Thu, 30 Aug 2001 11:05:16 +0100 Subject: [pptp-server] Verification of PPTP Tunnel Message-ID: <985E3563906ED411AAB800A0C9B4214E94A65B@EXCHANGE> Sorry, George, I should have been more specific. The setup is very simple. The PPTP client (Win98SE) has IP address 192.168.11.2. The Linux PPTP Server has IP address 193.62.x.x, and is also the web server. So, we just have two machines in total here, not an extended LAN (this is just a demo for my MSc project). The tunnel authenticates and runs fine (problems with MPPE, but that's another story). It still works when I deny all traffic at the Cisco interface except GRE (47) and PPTP (1723). The problem is that the client (192.168.11.2) can't browse to the web server (193.62.x.x) unless I also permit HTTP (80) at the Cisco interface. Doesn't this mean that the client is for some reason ignoring the tunnel to the server ? I just can't work it out. Regards, Ken John BSc PGDip CCNA > ---------- > From: George Vieira[SMTP:GeorgeV at citadelcomputer.com.au] > Sent: 30 August 2001 00:11 > To: 'P39036'; 'pptp-server at lists.schulte.org' > Subject: RE: [pptp-server] Verification of PPTP Tunnel > > This all depends on how your browsing the page.... > > If your tunnel IPs are 192.168.0.1 <-> 192.168.0.2 and your browsing the > outside IP address eg. 203.xxx.xxx.xxx then this won't work... you must > browse the tunnel IP of the server. > > Can you provide the setup information and anything else with it that we > can > check what's going on..... > > thanks, > George Vieira > Network Engineer > Citadel Computer Systems P/L > PH +(61)2 9955 2644 > FX +(61)2 9955 2659 > > -----Original Message----- > From: P39036 [mailto:P39036 at exchange.sihe.ac.uk] > Sent: Thursday, August 30, 2001 12:43 AM > To: 'pptp-server at lists.schulte.org' > Subject: [pptp-server] Verification of PPTP Tunnel > > > Hi all > > This may be a simple question, but I hope you can help me with it. > I have a Win98SE client, communicating via a PPTP tunnel with a Linux > server. > > How can I be sure that the packets passing between them are travelling > THROUGH the tunnel, and not just going round it ? > > For example, I want the client to send a HTTP request and download a web > page from the server, all through the tunnel. Yet, when I deny port 80 > (HTTP) at the Cisco router between them, the browsing is stopped. This > suggests to me that the tunnel is not being used. > > Do I have to set up a special gateway at the client/server to force all > communications through the tunnel ? Am I just being dumb ? > > Thanks in advance. > > Ken John > BSc PGDip CCNA > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From apl at informatik.uni-rostock.de Thu Aug 30 05:51:33 2001 From: apl at informatik.uni-rostock.de (Alexander Polonsky) Date: Thu, 30 Aug 2001 12:51:33 +0200 (MET DST) Subject: [pptp-server] Error 742 in Windows NT Message-ID: Hi all! I did it - encrypted VPN connection between Windows 98 and Linux PoPToP (RedHat 6.2, kernel 2.2.17, PoPToP 1.0.1, pppd 2.3.11). But... Windows NT continues to give this crasy error 742 - "Remote server does not support encryption". On the page "Security" in the connection properties checkboxes "Enable only Microsoft Authentication" and "Require data encryption" are checked. Here is a part of PoPToP/pppd log file: Aug 30 12:44:27 nebel pppd[12388]: Timeout 0x80503d4:0x8078720 in 3 seconds. Aug 30 12:44:27 nebel pppd[12388]: sent [CCP ConfReq id=0x1 ] Aug 30 12:44:27 nebel pppd[12388]: Timeout 0x80503d4:0x8078840 in 3 seconds. Aug 30 12:44:27 nebel pppd[12388]: MSCHAP peer authentication succeeded for ppp Aug 30 12:44:27 nebel pptpd[12387]: CTRL: Received PPTP Control Message (type: 12) Aug 30 12:44:27 nebel pptpd[12387]: CTRL: Made a CALL DISCONNECT RPLY packet Aug 30 12:44:27 nebel pptpd[12387]: CTRL: Received CALL CLR request (closing call) Who has already had such an error and know how to cope with it? Help me please! Alexander -=Why don't we try TODAY my friend to make this world a better place?=- (C) Scorpions From Steve at SteveCowles.com Thu Aug 30 07:41:11 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 30 Aug 2001 07:41:11 -0500 Subject: [pptp-server] Verification of PPTP Tunnel Message-ID: <90769AF04F76D41186C700A0C90AFC3EE86A@defiant.infohiiway.com> > -----Original Message----- > From: P39036 [mailto:P39036 at exchange.sihe.ac.uk] > Sent: Thursday, August 30, 2001 5:05 AM > To: 'pptp-server at lists.schulte.org' > Subject: RE: [pptp-server] Verification of PPTP Tunnel > > > Sorry, George, I should have been more specific. The setup is > very simple. > > The PPTP client (Win98SE) has IP address 192.168.11.2. The > Linux PPTP Server has IP address 193.62.x.x, and is also the > web server. So, we just have two machines in total here, not > an extended LAN (this is just a demo for my MSc project). > > The tunnel authenticates and runs fine (problems with MPPE, but > that's another story). It still works when I deny all traffic > at the Cisco interface except GRE (47) and PPTP (1723). The > problem is that the client (192.168.11.2) can't browse to the > web server (193.62.x.x) unless I also permit HTTP (80) at the > Cisco interface. Doesn't this mean that the client is for some > reason ignoring the tunnel to the server ? I just can't work it > out. > > Regards, Ken John > BSc PGDip CCNA If I understand your post correctly... the above behavior sounds perfectly normal based on the fact you only have two machines in your demo/test environment without a LAN behind the pptp server. To clarify... type "route print" on your win9x client after you establish the tunnel. You should see a network address line that was added by the win9x pptp connection software that looks something like: 192.168.11.0 255.255.255.0 193.62.x.x So, the reason your having to open up port 80 on the cisco router is: You have established a PPTP tunnel with two end points (192.168.11.2 and 193.62.x.x) Based on the Win9x clients route tables, only traffic destined for the network address of 192.168.11.0/24 will be encapsulated and sent across the tunnel. All other traffic will use the pptp clients public (bound) ip address including traffic destined for the tunnels endpoint. Which would include http requests to 193.62.x.x. This is normal. Think about it!!! In short, the only way to force traffic across the tunnel would be to access http data at an ip address within the range of the 192.168.11.0/24 network, not the public ip of your pptp server. Again, if I understand your post correctly, your pptp server only has one ip address i.e. its not multi-homed. If this is the case, then in order to achieve your goal using your test environment, I would think you need to implement ip aliasing on your pptp server and assign (bind) an additional ip address to its ethernet interface that is within the 192.168.11.0/24 network range and then edit your pptp config file so that the local/remote assignment is something like local=192.168.11.1, remote=192.168.11.2. Then to force tunnel activity (validate)... access http://192.168.11.1 from the pptp client. Good luck Steve Cowles From martin at tuatha.org Thu Aug 30 10:35:04 2001 From: martin at tuatha.org (Martin Feeney) Date: Thu, 30 Aug 2001 16:35:04 +0100 Subject: [pptp-server] Poptop and Linux Kernel 2.4.9 In-Reply-To: <20010829193027.V4985@greenspot.nwcgroup.com>; from martin@tuatha.org on Wed, Aug 29, 2001 at 19:30:27 +0100 References: <20010829151329.M4985@greenspot.nwcgroup.com> <20010829175332.P4985@greenspot.nwcgroup.com> <20010829193027.V4985@greenspot.nwcgroup.com> Message-ID: <20010830163504.Q856@greenspot.nwcgroup.com> Final follow-up: Exactly the same configuration of poptop but with kernel-2.4.7 works fine. Must be a change in the ipv4 implementation in 2.4.8 or 2.4.9 that affects poptop. pptp-client on 2.4.9 connects to poptop on 2.4.7 without a problem. Just a heads-up in case anyone is thinking of upgrading to 2.4.8 or 2.4.9. Martin. From Etienne.Roulland at cvf.fr Thu Aug 30 11:15:48 2001 From: Etienne.Roulland at cvf.fr (Etienne Roulland) Date: Thu, 30 Aug 2001 18:15:48 +0200 Subject: [pptp-server] pptpd + nat + ipf Message-ID: <20010830181548.I3718@sphax.dev33.cvf> Hi, I'm trying to set up a pptp server to access to my office network. All rox when i connect from the internal network, but from the outside i have some problems. My pptp server is 'natted' by a IPFilter box (openbsd). The ipnat rule : bimap tx0 private-address/32 -> public-address/32 ipf rules pass in quick on tx0 proto tcp from any to private-address/32 port = 1723 flags S keep state pass in quick on tx0 proto 47 from any to any bimap tx0 private-address/32 -> public-address/32 The error log : Aug 30 17:40:45 hebus pptpd[922]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Aug 30 17:40:45 hebus pptpd[922]: CTRL: pppd speed = 115200 Aug 30 17:40:45 hebus pptpd[922]: CTRL: pppd options file = /etc/ppp/options.pptp Aug 30 17:40:45 hebus pptpd[922]: CTRL: Client 213.228.14.28 control connection started Aug 30 17:40:45 hebus pptpd[922]: CTRL: Received PPTP Control Message (type: 1) Aug 30 17:40:45 hebus pptpd[922]: CTRL: Made a START CTRL CONN RPLY packet Aug 30 17:40:45 hebus pptpd[922]: CTRL: I wrote 156 bytes to the client. Aug 30 17:40:45 hebus pptpd[922]: CTRL: Sent packet to client Aug 30 17:40:45 hebus pptpd[922]: CTRL: Received PPTP Control Message (type: 7) Aug 30 17:40:45 hebus pptpd[922]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Aug 30 17:40:45 hebus pptpd[922]: CTRL: Made a OUT CALL RPLY packet Aug 30 17:40:45 hebus pptpd[922]: CTRL: Starting call (launching pppd, opening GRE) Aug 30 17:40:45 hebus pptpd[922]: CTRL: pty_fd = 5 Aug 30 17:40:45 hebus pptpd[922]: CTRL: tty_fd = 6 Aug 30 17:40:45 hebus pptpd[923]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 30 17:40:45 hebus pppd[923]: pppd 2.4.1 started by root, uid 0 Aug 30 17:40:45 hebus pppd[923]: Using interface ppp0 Aug 30 17:40:45 hebus pppd[923]: Connect: ppp0 <--> /dev/pts/3 Aug 30 17:40:45 hebus pptpd[922]: CTRL: I wrote 32 bytes to the client. Aug 30 17:40:45 hebus pptpd[922]: CTRL: Sent packet to client Aug 30 17:40:45 hebus pptpd[922]: CTRL: Received PPTP Control Message (type: 15) Aug 30 17:40:45 hebus pptpd[922]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 30 17:41:15 hebus pppd[923]: LCP: timeout sending Config-Requests Aug 30 17:41:15 hebus pppd[923]: Connection terminated. Aug 30 17:41:15 hebus pppd[923]: Exit. Aug 30 17:41:15 hebus pptpd[922]: Error reading from pppd: Input/output error Aug 30 17:41:15 hebus pptpd[922]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Aug 30 17:41:15 hebus pptpd[922]: CTRL: Client 213.228.14.28 control connection finished Aug 30 17:41:15 hebus pptpd[922]: CTRL: Exiting now Aug 30 17:41:15 hebus pptpd[847]: MGR: Reaped child 922 Any idea ? Thanks .... -- Etienne Roulland -- CVF Bordeaux From allen at mail-masters.com Thu Aug 30 11:38:14 2001 From: allen at mail-masters.com (Allen D. Moore) Date: Thu, 30 Aug 2001 09:38:14 -0700 Subject: [pptp-server] Viewing SAMBA share via PPTP Message-ID: <000201c13172$2b28a000$09fea8c0@dakotacom.net> I have a PoPToP server running on my SuSE 7.2 server configured as follows: #pptpd.conf speed 115200 option /etc/ppp/options.ppp0 debug localip 192.168.254.100 remoteip 192.168.254.100-110 #options.ppp0 lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name ids proxyarp My server is behind a FlowPoint 2200 using NAT to forward PPTP to server (permits ONE client at a time only) I can successfully connect to the server using a WinME client over the internet, but cannot browse the SAMBA partition, or even aquire the NetBIOS name...... I've open up the SAMBA partition up w/ no security in order to test, yet still can't see partition- AND when I "Search for Computers" from the windows client I get NO activity showing in the byte counts displayed by the VPN connection monitor... FYI, here's my smb.conf, too... [global] security = share workgroup = ids browse list = yes [home] guest ok = yes read only = no path = /samba_share Any ideas- I'm sorry if this is an obvious problem to the experienced; but, I just don't get it... TIA, -Allen Moore From Steve at SteveCowles.com Thu Aug 30 13:15:52 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 30 Aug 2001 13:15:52 -0500 Subject: [pptp-server] Viewing SAMBA share via PPTP Message-ID: <90769AF04F76D41186C700A0C90AFC3EE86B@defiant.infohiiway.com> > -----Original Message----- > From: Allen D. Moore [mailto:allen at mail-masters.com] > Sent: Thursday, August 30, 2001 11:38 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Viewing SAMBA share via PPTP > > > I have a PoPToP server running on my SuSE 7.2 server configured as > follows: > > #pptpd.conf > speed 115200 > option /etc/ppp/options.ppp0 > debug > localip 192.168.254.100 > remoteip 192.168.254.100-110 > > #options.ppp0 > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > name ids > proxyarp > > > My server is behind a FlowPoint 2200 using NAT to forward > PPTP to server (permits ONE client at a time only) > > I can successfully connect to the server using a WinME client over the > internet, but cannot browse the SAMBA partition, or even aquire the > NetBIOS name...... I've open up the SAMBA partition up w/ no security > in order to test, yet still can't see partition- AND when I > "Search for Computers" from the windows client I get NO activity > showing in the byte counts displayed by the VPN connection monitor... > > FYI, here's my smb.conf, too... > [global] > security = share > workgroup = ids > browse list = yes > > [home] > guest ok = yes > read only = no > path = /samba_share > > Any ideas- I'm sorry if this is an obvious problem to the > experienced; > but, I just don't get it... > > TIA, > > -Allen Moore By default, MS networking issues broadcast packets to build the master browser list for network neighborhood. In addition, these broadcast packets are used to determine (elect) "who" is the local master browser (lmb) and/or the domain master browser (dmb) for your LAN. When you establish a PPTP connection, these broadcast packets are NOT sent across the tunnel because your PPTP server is acting as a router. So by default, you cannot browse from the remote pptp client unless you either: Preferred, by the book... 1) Enable a WINS server on your LAN. (Samba can perform this function) 2) Add "ms-wins xx.xx.xx.xx" to your option.ppp0 file 3) Make sure the remote PPTP client's workgroup registration matches the workgroup registration of your LAN. In your case... IDS 4) Make sure the remote PPTP clients WINS server address is being set after you establish the tunnel. (check it with winipcfg or ipconfig /all) It should show the WINS servers IP address along with the PPTP clients netbios node type being set to "hybrid" instead of broadcast. i.e. You want the pptp client to query the WINS server for netbios resolution, not broadcast for it. 5) If you have other client workstations/servers on your LAN, they must also be configured to register with WINS server. 6) If Samba is being used as a WINS server, it needs to be configured to win the master browser election along with being configured to answer requests from device PPP0. i.e. read up on the following smb.conf parameters... interfaces, domain master, preferred master, os level, remote browse sync, bind interfaces only or... The administration nightmare method (easy)... 1) Edit your PPTP clients "lmhosts" file and add the appropriate entries to correspond to your LAN. The lmhosts.sam file has some decent examples to get you started. If your interested in understanding "why" you need WINS (or even the lmhosts) to browse across remote networks, further reading should include some of the following MS articles: WINS servers, WINS clients and WINS proxies http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/WINDO WS2000/en/advanced/help/sag_WINS_und_Servers.htm Windows Internet Naming Service (WINS): Architecture and Capacity Planning (read all chapters) http://www.microsoft.com/ntserver/techresources/commnet/WINS/WINSwp98/WINS01 -12.asp Using WINS for netbios name resolution. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnntpro00/h tml/NetBIOS.asp How WINS Clients Register Their Names http://www.microsoft.com/WINDOWS2000/techinfo/reskit/en/CNET/cncd_win_bqtj.h tm Example of a WINS lookup http://www.microsoft.com/WINDOWS2000/techinfo/reskit/en/CNET/cncf_imp_psvl.h tm From lists at morris-clan.net Thu Aug 30 15:19:44 2001 From: lists at morris-clan.net (David Morris) Date: Thu, 30 Aug 2001 14:19:44 -0600 (MDT) Subject: [pptp-server] Connection Problems Message-ID: I recently installed pptp-server on my Debian Linux box (Version 1.0.0). I followed many suggestions in various versions of HOWTOs and FAQs arround the net, but nothing works. A summary of my problem: I configure and start up pptpd, and it has no complaints. I then go to connect the VPN from a windows computer, but the connection is never made. It fails with an error: Error 629: The port was disconnected by the remote machine. (This error produced by WinNT. Win2k produces a similar but different error.) All configuration files are included below, along with all log files. Any suggetions on what is going wrong? (Usernames/Passwords/IP Addresses changed to protect the guilty). Thanks for any suggestions anyone can provide. --David --- pptpd.conf --- speed 115200 option /etc/ppp/pptpd-options debug localip 192.168.1.101-199 remoteip 192.168.4.101-199 --- /etc/ppp/pptpd-options --- debug name pptpdserver auth #require-chap proxyarp ## Old Options (commented out to try above simpler version) ## Various combinations of the above and below have been tried. #auth #require-chap #require-chapms #require-chapms-v2 #+chap #+chapms #+chapms-v2 #mppe-40 #mppe-128 #mppe-stateless ## Fill in your addresses #ms-dns xx.xx.xx.xx #ms-wins xx.xx.xx.xx ## Fill in your netmask #netmask 255.255.255.0 ## some defaults #defaultroute #proxyarp #lock --- /etc/ppp/chap-secrets --- # Secrets for authentication using CHAP # client server secret IP addresses pptpduser pptpdserver password * --- /var/log/syslog --- Aug 30 14:03:16 pptpdserver pptpd[14618]: MGR: Manager process started Aug 30 14:05:06 pptpdserver pptpd[14624]: MGR: Launching /usr/sbin/pptpctrl to handle client Aug 30 14:05:06 pptpdserver pptpd[14624]: CTRL: local address = 192.168.1.101 Aug 30 14:05:06 pptpdserver pptpd[14624]: CTRL: remote address = 192.168.4.101 Aug 30 14:05:06 pptpdserver pptpd[14624]: CTRL: pppd speed = 115200 Aug 30 14:05:06 pptpdserver pptpd[14624]: CTRL: pppd options file = /etc/ppp/pptpd-options Aug 30 14:05:06 pptpdserver pptpd[14624]: CTRL: Client xx.xx.xx.xx control connection started Aug 30 14:05:06 pptpdserver pptpd[14624]: CTRL: Received PPTP Control Message (type: 1) Aug 30 14:05:06 pptpdserver pptpd[14624]: CTRL: Made a START CTRL CONN RPLY packet Aug 30 14:05:06 pptpdserver pptpd[14624]: CTRL: I wrote 156 bytes to the client. Aug 30 14:05:06 pptpdserver pptpd[14624]: CTRL: Sent packet to client Aug 30 14:05:07 pptpdserver pptpd[14624]: CTRL: Received PPTP Control Message (type: 7) Aug 30 14:05:07 pptpdserver pptpd[14624]: CTRL: Set parameters to 10000000 maxbps, 3 window size Aug 30 14:05:07 pptpdserver pptpd[14624]: CTRL: Made a OUT CALL RPLY packet Aug 30 14:05:07 pptpdserver pptpd[14624]: CTRL: Starting call (launching pppd, opening GRE) Aug 30 14:05:07 pptpdserver pptpd[14624]: CTRL: pty_fd = 5 Aug 30 14:05:07 pptpdserver pptpd[14624]: CTRL: tty_fd = 6 Aug 30 14:05:07 pptpdserver pptpd[14624]: CTRL: I wrote 32 bytes to the client. Aug 30 14:05:07 pptpdserver pptpd[14625]: CTRL (PPPD Launcher): Connection speed = 115200 Aug 30 14:05:07 pptpdserver pptpd[14625]: CTRL (PPPD Launcher): local address = 192.168.1.101 Aug 30 14:05:07 pptpdserver pptpd[14625]: CTRL (PPPD Launcher): remote address = 192.168.4.101 Aug 30 14:05:07 pptpdserver pptpd[14624]: CTRL: Sent packet to client Aug 30 14:05:07 pptpdserver pptpd[14624]: CTRL: Received PPTP Control Message (type: 15) Aug 30 14:05:07 pptpdserver pptpd[14624]: CTRL: Got a SET LINK INFO packet with standard ACCMs Aug 30 14:05:07 pptpdserver pppd[14625]: pppd 2.3.11 started by root, uid 0 Aug 30 14:05:07 pptpdserver pppd[14625]: Using interface ppp0 Aug 30 14:05:07 pptpdserver pppd[14625]: Connect: ppp0 <--> /dev/pts/0 Aug 30 14:05:07 pptpdserver pppd[14625]: sent [LCP ConfReq id=0x1 ] Aug 30 14:05:07 pptpdserver pppd[14625]: rcvd [LCP ConfReq id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:07 pptpdserver pppd[14625]: sent [LCP ConfRej id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:10 pptpdserver pppd[14625]: rcvd [LCP ConfReq id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:10 pptpdserver pppd[14625]: sent [LCP ConfRej id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:10 pptpdserver pppd[14625]: sent [LCP ConfReq id=0x1 ] Aug 30 14:05:13 pptpdserver pppd[14625]: rcvd [LCP ConfReq id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:13 pptpdserver pppd[14625]: sent [LCP ConfRej id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:13 pptpdserver pppd[14625]: sent [LCP ConfReq id=0x1 ] Aug 30 14:05:16 pptpdserver pppd[14625]: sent [LCP ConfReq id=0x1 ] Aug 30 14:05:17 pptpdserver pppd[14625]: rcvd [LCP ConfReq id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:17 pptpdserver pppd[14625]: sent [LCP ConfRej id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:19 pptpdserver pppd[14625]: sent [LCP ConfReq id=0x1 ] Aug 30 14:05:21 pptpdserver pppd[14625]: rcvd [LCP ConfReq id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:21 pptpdserver pppd[14625]: sent [LCP ConfRej id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:22 pptpdserver pppd[14625]: sent [LCP ConfReq id=0x1 ] Aug 30 14:05:25 pptpdserver pppd[14625]: sent [LCP ConfReq id=0x1 ] Aug 30 14:05:25 pptpdserver pppd[14625]: rcvd [LCP ConfReq id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:25 pptpdserver pppd[14625]: sent [LCP ConfRej id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:28 pptpdserver pppd[14625]: sent [LCP ConfReq id=0x1 ] Aug 30 14:05:29 pptpdserver pppd[14625]: rcvd [LCP ConfReq id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:29 pptpdserver pppd[14625]: sent [LCP ConfRej id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:31 pptpdserver pppd[14625]: sent [LCP ConfReq id=0x1 ] Aug 30 14:05:33 pptpdserver pppd[14625]: rcvd [LCP ConfReq id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:33 pptpdserver pppd[14625]: sent [LCP ConfRej id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:34 pptpdserver pppd[14625]: sent [LCP ConfReq id=0x1 ] Aug 30 14:05:37 pptpdserver pppd[14625]: rcvd [LCP ConfReq id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:37 pptpdserver pppd[14625]: sent [LCP ConfRej id=0x0 < 11 04 06 4e> < 13 17 01 7b 69 a8 f0 9b c9 11 d5 84 ca 00 b0 d0 27 f4 9b 00 00 00 00>] Aug 30 14:05:37 pptpdserver pppd[14625]: LCP: timeout sending Config-Requests Aug 30 14:05:38 pptpdserver pppd[14625]: Connection terminated. Aug 30 14:05:38 pptpdserver pppd[14625]: Exit. Aug 30 14:05:38 pptpdserver pptpd[14618]: MGR: Reaped child 14624 Aug 30 14:05:38 pptpdserver pptpd[14624]: GRE: read(fd=5,buffer=25bd8,len=8196) from PTY failed: status = -1 error = Input/output error Aug 30 14:05:38 pptpdserver pptpd[14624]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Aug 30 14:05:38 pptpdserver pptpd[14624]: CTRL: Client xx.xx.xx.xx control connection finished Aug 30 14:05:38 pptpdserver pptpd[14624]: CTRL: Exiting with active call Aug 30 14:05:38 pptpdserver pptpd[14624]: CTRL: Made a CALL DISCONNECT RPLY packet Aug 30 14:05:38 pptpdserver pptpd[14624]: CTRL: Couldn't write packet to client. Aug 30 14:05:38 pptpdserver pptpd[14624]: CTRL: Made a STOP CTRL REQ packet Aug 30 14:05:38 pptpdserver pptpd[14624]: CTRL: Couldn't write packet to client. Aug 30 14:05:38 pptpdserver pptpd[14624]: CTRL: Exiting now From GeorgeV at citadelcomputer.com.au Thu Aug 30 17:18:01 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 31 Aug 2001 08:18:01 +1000 Subject: [pptp-server] Error 742 in Windows NT Message-ID: <200FAA488DE0D41194F10010B597610D1CECC3@jupiter.citadelcomputer.com.au> Send us your config files.. if you did already then sorry, I've probably deleted it. You might need require-mppe in your options.pptp file. also, do you see any logs regarding loading the MPPE or STATELESS mode? thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Alexander Polonsky [mailto:apl at informatik.uni-rostock.de] Sent: Thursday, August 30, 2001 8:52 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Error 742 in Windows NT Hi all! I did it - encrypted VPN connection between Windows 98 and Linux PoPToP (RedHat 6.2, kernel 2.2.17, PoPToP 1.0.1, pppd 2.3.11). But... Windows NT continues to give this crasy error 742 - "Remote server does not support encryption". On the page "Security" in the connection properties checkboxes "Enable only Microsoft Authentication" and "Require data encryption" are checked. Here is a part of PoPToP/pppd log file: Aug 30 12:44:27 nebel pppd[12388]: Timeout 0x80503d4:0x8078720 in 3 seconds. Aug 30 12:44:27 nebel pppd[12388]: sent [CCP ConfReq id=0x1 ] Aug 30 12:44:27 nebel pppd[12388]: Timeout 0x80503d4:0x8078840 in 3 seconds. Aug 30 12:44:27 nebel pppd[12388]: MSCHAP peer authentication succeeded for ppp Aug 30 12:44:27 nebel pptpd[12387]: CTRL: Received PPTP Control Message (type: 12) Aug 30 12:44:27 nebel pptpd[12387]: CTRL: Made a CALL DISCONNECT RPLY packet Aug 30 12:44:27 nebel pptpd[12387]: CTRL: Received CALL CLR request (closing call) Who has already had such an error and know how to cope with it? Help me please! Alexander -=Why don't we try TODAY my friend to make this world a better place?=- (C) Scorpions _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Thu Aug 30 17:21:57 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 31 Aug 2001 08:21:57 +1000 Subject: [pptp-server] Viewing SAMBA share via PPTP Message-ID: <200FAA488DE0D41194F10010B597610D1CECC5@jupiter.citadelcomputer.com.au> I don't think it's a good idea to give a client the same IP as the Server, did you notice that? Every connection will fail because of it.. this is one problem I can see.. may not be the big one but maybe the next one... Try changing the remoteip to remoteip 192.168.254.101-110 thanks, George Vieira Network Engineer Citadel Computer Systems P/L PH +(61)2 9955 2644 FX +(61)2 9955 2659 -----Original Message----- From: Allen D. Moore [mailto:allen at mail-masters.com] Sent: Friday, August 31, 2001 2:38 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Viewing SAMBA share via PPTP I have a PoPToP server running on my SuSE 7.2 server configured as follows: #pptpd.conf speed 115200 option /etc/ppp/options.ppp0 debug localip 192.168.254.100 remoteip 192.168.254.100-110 #options.ppp0 lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name ids proxyarp My server is behind a FlowPoint 2200 using NAT to forward PPTP to server (permits ONE client at a time only) I can successfully connect to the server using a WinME client over the internet, but cannot browse the SAMBA partition, or even aquire the NetBIOS name...... I've open up the SAMBA partition up w/ no security in order to test, yet still can't see partition- AND when I "Search for Computers" from the windows client I get NO activity showing in the byte counts displayed by the VPN connection monitor... FYI, here's my smb.conf, too... [global] security = share workgroup = ids browse list = yes [home] guest ok = yes read only = no path = /samba_share Any ideas- I'm sorry if this is an obvious problem to the experienced; but, I just don't get it... TIA, -Allen Moore _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From apl at informatik.uni-rostock.de Fri Aug 31 05:45:12 2001 From: apl at informatik.uni-rostock.de (Alexander Polonsky) Date: Fri, 31 Aug 2001 12:45:12 +0200 Subject: [pptp-server] Error 742 - the answer.. which brings new questions Message-ID: <3B8F6AB8.7000107@informatik.uni-rostock.de> Hi all! I got rid of this black fortune - error 742 - by reinstalling the PPTP adapter and RAS service in NT. Now PPTP connection seems to work... but only seems. TCP/IP level is completely down. No machine in the outside network answer pings. When I look in the pppd log file, it shows a lot of messages "unsupported protocol xxxxxx received". Look here: Aug 30 14:44:25 nebel pppd[12977]: rcvd [proto=0x2576] 83 44 5f 9f 81 5d 31 ca 61 05 80 92 d8 ad 38 4e 5a 72 6d e3 1b 32 e3 bc dd 75 0c 8d 05 b5 cb 2f ... Aug 30 14:44:25 nebel pppd[12977]: Unsupported protocol 0x2576 received Aug 30 14:44:25 nebel pppd[12977]: sent [LCP ProtRej id=0x14 25 76 83 44 5f 9f 81 5d 31 ca 61 05 80 92 d8 ad 38 4e 5a 72 6d e3 1b 32 e3 bc dd 75 0c 8d 05 b5 cb 2f 85 eb e4 24 5f 2d fe 56 36 b4 d5 ff 9b 5d db bb d0 ea] Aug 30 14:44:25 nebel pppd[12977]: rcvd [proto=0x8ee1] 62 e2 3f 0b 5c d7 66 15 82 63 f5 08 84 88 5a 7a b6 48 76 6e 40 ca ea b9 7d 2a 1d be 4f 30 98 97 ... Aug 30 14:44:25 nebel pppd[12977]: Unsupported protocol 0x8ee1 received Aug 30 14:44:25 nebel pppd[12977]: sent [LCP ProtRej id=0x15 8e e1 62 e2 3f 0b 5c d7 66 15 82 63 f5 08 84 88 5a 7a b6 48 76 6e 40 ca ea b9 7d 2a 1d be 4f 30 98 97 52 50 7d 5d 00 5e bd 80 24 69 54 22 98 71 39 d4 3c d2] Aug 30 14:44:29 nebel pppd[12977]: rcvd [proto=0x1ca1] 89 93 d7 1f 8f b8 9e 01 3f c0 40 40 6d a3 ac 14 dc 36 1b a3 1f 21 6f 56 39 e0 e6 d0 4e 13 26 19 ... Aug 30 14:44:29 nebel pppd[12977]: Unsupported protocol 0x1ca1 received Aug 30 14:44:29 nebel pppd[12977]: sent [LCP ProtRej id=0x16 1c a1 89 93 d7 1f 8f b8 9e 01 3f c0 40 40 6d a3 ac 14 dc 36 1b a3 1f 21 6f 56 39 e0 e6 d0 4e 13 26 19 d8 3f 1d 33 61 4d 9d 5e 0d 99 04 8c 26 cd 1b 02 f1 e8] Have anybody faced this? Any solutions or ideas? Alexander From bcollins at newnanutilities.org Fri Aug 31 11:03:54 2001 From: bcollins at newnanutilities.org (Brian Collins) Date: Fri, 31 Aug 2001 12:03:54 -0400 Subject: [pptp-server] chapms-strip-domain Message-ID: <4.3.2.7.2.20010831120230.00b6aee0@mail.nwl.org> Which patch enables me to add chapms-strip-domain to my options file? Thanks, Brian Collins From intra at intranet.digitex.es Fri Aug 31 06:00:04 2001 From: intra at intranet.digitex.es (Alejandro =?iso-8859-1?Q?Jare=F1o=20Garc=EDa?=) Date: Fri, 31 Aug 2001 12:00:04 +0100 Subject: [pptp-server] unsubscribe References: <20010830181548.I3718@sphax.dev33.cvf> Message-ID: <3B8F6E34.84818C86@intranet.digitex.es> Etienne Roulland escribi?: > > Hi, > > I'm trying to set up a pptp server to access to my office network. > > All rox when i connect from the internal network, but from the outside i > have some problems. > > My pptp server is 'natted' by a IPFilter box (openbsd). > The ipnat rule : > > bimap tx0 private-address/32 -> public-address/32 > > ipf rules > > pass in quick on tx0 proto tcp from any to private-address/32 port = 1723 flags S keep state > pass in quick on tx0 proto 47 from any to any > > bimap tx0 private-address/32 -> public-address/32 > > The error log : > > Aug 30 17:40:45 hebus pptpd[922]: MGR: Launching /usr/local/sbin/pptpctrl to handle client > Aug 30 17:40:45 hebus pptpd[922]: CTRL: pppd speed = 115200 > Aug 30 17:40:45 hebus pptpd[922]: CTRL: pppd options file = /etc/ppp/options.pptp > Aug 30 17:40:45 hebus pptpd[922]: CTRL: Client 213.228.14.28 control connection started > Aug 30 17:40:45 hebus pptpd[922]: CTRL: Received PPTP Control Message (type: 1) > Aug 30 17:40:45 hebus pptpd[922]: CTRL: Made a START CTRL CONN RPLY packet > Aug 30 17:40:45 hebus pptpd[922]: CTRL: I wrote 156 bytes to the client. > Aug 30 17:40:45 hebus pptpd[922]: CTRL: Sent packet to client > Aug 30 17:40:45 hebus pptpd[922]: CTRL: Received PPTP Control Message (type: 7) > Aug 30 17:40:45 hebus pptpd[922]: CTRL: 0 min_bps, 1525 max_bps, 32 window size > Aug 30 17:40:45 hebus pptpd[922]: CTRL: Made a OUT CALL RPLY packet > Aug 30 17:40:45 hebus pptpd[922]: CTRL: Starting call (launching pppd, opening GRE) > Aug 30 17:40:45 hebus pptpd[922]: CTRL: pty_fd = 5 > Aug 30 17:40:45 hebus pptpd[922]: CTRL: tty_fd = 6 > Aug 30 17:40:45 hebus pptpd[923]: CTRL (PPPD Launcher): Connection speed = 115200 > Aug 30 17:40:45 hebus pppd[923]: pppd 2.4.1 started by root, uid 0 > Aug 30 17:40:45 hebus pppd[923]: Using interface ppp0 > Aug 30 17:40:45 hebus pppd[923]: Connect: ppp0 <--> /dev/pts/3 > Aug 30 17:40:45 hebus pptpd[922]: CTRL: I wrote 32 bytes to the client. > Aug 30 17:40:45 hebus pptpd[922]: CTRL: Sent packet to client > Aug 30 17:40:45 hebus pptpd[922]: CTRL: Received PPTP Control Message (type: 15) > Aug 30 17:40:45 hebus pptpd[922]: CTRL: Got a SET LINK INFO packet with standard ACCMs > Aug 30 17:41:15 hebus pppd[923]: LCP: timeout sending Config-Requests > Aug 30 17:41:15 hebus pppd[923]: Connection terminated. > Aug 30 17:41:15 hebus pppd[923]: Exit. > Aug 30 17:41:15 hebus pptpd[922]: Error reading from pppd: Input/output error > Aug 30 17:41:15 hebus pptpd[922]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) > Aug 30 17:41:15 hebus pptpd[922]: CTRL: Client 213.228.14.28 control connection finished > Aug 30 17:41:15 hebus pptpd[922]: CTRL: Exiting now > Aug 30 17:41:15 hebus pptpd[847]: MGR: Reaped child 922 > > Any idea ? Thanks .... > > -- > Etienne Roulland -- CVF Bordeaux > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From martin at tuatha.org Fri Aug 31 04:11:35 2001 From: martin at tuatha.org (Martin Feeney) Date: Fri, 31 Aug 2001 10:11:35 +0100 Subject: [pptp-server] Connection Problems In-Reply-To: ; from lists@morris-clan.net on Thu, Aug 30, 2001 at 21:19:44 +0100 References: Message-ID: <20010831101135.A9007@greenspot.nwcgroup.com> On Thu, 30 Aug 2001 21:19:44 David Morris wrote: It looks as if NT really, really wants to have a callback. Try including the following in your /etc/ppp/pptpdoptions: -callback nocallback Also, make sure that the NT connection is not configured to request a callback. Martin. From plabonte at atreus-systems.com Fri Aug 31 13:45:35 2001 From: plabonte at atreus-systems.com (Phil Labonte) Date: Fri, 31 Aug 2001 14:45:35 -0400 Subject: [pptp-server] Can I assign an IP for each client based on MAC like you can with DHCP? Message-ID: <1B5C7FA9D60DD511ABEF00508BFDEFDC329458@exchange> I would like to assign each person an IP based on their MAC address like you can with DHCPD. Can this be done with PPTP ip assigning? Thanks!