From mattgav at tempo.com.au Sat Dec 1 00:59:21 2001 From: mattgav at tempo.com.au (Matthew Gavin) Date: Sat, 1 Dec 2001 17:59:21 +1100 Subject: [pptp-server] Re: In-Reply-To: Message-ID: > It's a virus. While people continue to use Lookout! from Micky$oft, we will be periodically assaulted by such things. Get over it. I know it's a virus... but for someone to be subscribed to a mailing list, such as pptp-server, and be infected by such a common virus is scary! From slinksi at moonshyne.net Sat Dec 1 05:42:15 2001 From: slinksi at moonshyne.net (slinksi at moonshyne.net) Date: Sat, 1 Dec 2001 03:42:15 -0800 Subject: [pptp-server] questions Message-ID: <001401c17a5d$39bcb460$0800a8c0@na> I'm not sure if I'm posting to the right place, when tunneling with Windows 2000 (SP2) it returns, Error 619: Port not connected. PPTPD works with Windows 2000 SP1. I have the ppp_mppe module loaded into the kernel, and my pppd is patched. /etc/ppp/options.pptp lock debug proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless /etc/pptpd.conf debug option /etc/ppp/options.pptp localip 10.1.1.1 #look in the /etc/pptpd.conf file for more info about settings remoteip 10.1.1.2-254 From charlieb at e-smith.com Sat Dec 1 11:18:48 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Sat, 1 Dec 2001 12:18:48 -0500 (EST) Subject: [pptp-server] Re: In-Reply-To: Message-ID: On Sat, 1 Dec 2001, Matthew Gavin wrote: > > It's a virus. While people continue to use Lookout! from Micky$oft, we > will be periodically assaulted by such things. Get over it. > > I know it's a virus... but for someone to be subscribed to a mailing list, > such as pptp-server, and be infected by such a common virus is scary! You're surprised that someone on this list uses LookOut! I'm not - lots of people do (more fool them, I say). Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From beau at billbeau.net Sat Dec 1 15:58:22 2001 From: beau at billbeau.net (Bill Beauchemin) Date: Sat, 1 Dec 2001 13:58:22 -0800 Subject: [pptp-server] Re: In-Reply-To: References: Message-ID: <01120113582206.16387@ws1.billbeau.net> This is not the first time someone has assaulted us with a virus. On Nov 28th we were assaulted with almost the samething! You would think that folks would read the posts here and do something about it. Damn im glad I run Linux and not that Mickeymouse M$ crap and Lookout is dangerous to users period. I have seen more idiots turn off the warnings or just out and out not pay attention to them and trash there entire system. I hate M$ with a passion. I have more stories of idiot users that just dont have a clue why they get warnings and such on the screen when they get there mail. "Oh it says that all the time I just ignore it" YOU WHAT!!!!!! =8O > On Sat, 1 Dec 2001, Matthew Gavin wrote: > > > It's a virus. While people continue to use Lookout! from Micky$oft, we > > > > will be periodically assaulted by such things. Get over it. > > > > I know it's a virus... but for someone to be subscribed to a mailing > > list, such as pptp-server, and be infected by such a common virus is > > scary! > > You're surprised that someone on this list uses LookOut! I'm not - lots > of people do (more fool them, I say). > From awdavis at waretec.com Sat Dec 1 16:29:02 2001 From: awdavis at waretec.com (Andrew W. Davis) Date: Sat, 1 Dec 2001 16:29:02 -0600 Subject: [pptp-server] Re: In-Reply-To: <01120113582206.16387@ws1.billbeau.net>; from beau@billbeau.net on Sat, Dec 01, 2001 at 01:58:22PM -0800 References: <01120113582206.16387@ws1.billbeau.net> Message-ID: <20011201162902.A5418@falcon.waretec.com> all hail mutt!! PoPToP is an open source program running on an open source operating systems... so why are people on this list not using an open source mail client on their said open source operating systems?? Andrew -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The Day After Crew http://www.kcraves.com mailto:thedayafter at kcraves.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- On Sat, Dec 01, 2001 at 01:58:22PM -0800, Bill Beauchemin wrote: > This is not the first time someone has assaulted us with a virus. On Nov 28th > we were assaulted with almost the samething! You would think that folks would > read the posts here and do something about it. > > Damn im glad I run Linux and not that Mickeymouse M$ crap and Lookout is > dangerous to users period. I have seen more idiots turn off the warnings or > just out and out not pay attention to them and trash there entire system. I > hate M$ with a passion. I have more stories of idiot users that just dont > have a clue why they get warnings and such on the screen when they get there > mail. "Oh it says that all the time I just ignore it" YOU WHAT!!!!!! =8O > > > On Sat, 1 Dec 2001, Matthew Gavin wrote: > > > > It's a virus. While people continue to use Lookout! from Micky$oft, we > > > > > > will be periodically assaulted by such things. Get over it. > > > > > > I know it's a virus... but for someone to be subscribed to a mailing > > > list, such as pptp-server, and be infected by such a common virus is > > > scary! > > > > You're surprised that someone on this list uses LookOut! I'm not - lots > > of people do (more fool them, I say). > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From Joe at Polcari.com Sat Dec 1 21:36:57 2001 From: Joe at Polcari.com (Joe Polcari) Date: Sat, 01 Dec 2001 22:36:57 -0500 Subject: [pptp-server] Re: References: <01120113582206.16387@ws1.billbeau.net> <20011201162902.A5418@falcon.waretec.com> Message-ID: <3C09A1D8.2CF4FD92@Polcari.com> People, Can we get back to the subject. "Andrew W. Davis" wrote: > all hail mutt!! > > PoPToP is an open source program running on an open source operating systems... > so why are people on this list not using an open source mail client on their > said open source operating systems?? > > Andrew > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > The Day After Crew > http://www.kcraves.com > mailto:thedayafter at kcraves.com > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > On Sat, Dec 01, 2001 at 01:58:22PM -0800, Bill Beauchemin wrote: > > This is not the first time someone has assaulted us with a virus. On Nov 28th > > we were assaulted with almost the samething! You would think that folks would > > read the posts here and do something about it. > > > > Damn im glad I run Linux and not that Mickeymouse M$ crap and Lookout is > > dangerous to users period. I have seen more idiots turn off the warnings or > > just out and out not pay attention to them and trash there entire system. I > > hate M$ with a passion. I have more stories of idiot users that just dont > > have a clue why they get warnings and such on the screen when they get there > > mail. "Oh it says that all the time I just ignore it" YOU WHAT!!!!!! =8O > > > > > On Sat, 1 Dec 2001, Matthew Gavin wrote: > > > > > It's a virus. While people continue to use Lookout! from Micky$oft, we > > > > > > > > will be periodically assaulted by such things. Get over it. > > > > > > > > I know it's a virus... but for someone to be subscribed to a mailing > > > > list, such as pptp-server, and be infected by such a common virus is > > > > scary! > > > > > > You're surprised that someone on this list uses LookOut! I'm not - lots > > > of people do (more fool them, I say). > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From mattgav at tempo.com.au Sat Dec 1 21:09:36 2001 From: mattgav at tempo.com.au (Matt Gavin) Date: Sun, 2 Dec 2001 14:09:36 +1100 Subject: [pptp-server] Re: In-Reply-To: <20011201162902.A5418@falcon.waretec.com> Message-ID: I run 19 Linux servers and 4 Solaris servers at work, but I prefer to run Mickysoft Windows 2000 on my laptop and Mickysoft Outlook 2000 for mail. Why? Because I am yet to see a credible Open Source mail or news client. Virus protection should be done on the mail server, it should not be left up to the client... It's neither difficult or expensive to implement a scan mail procedure. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Andrew W. Davis Sent: Sunday, 2 December 2001 9:29 AM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Re: all hail mutt!! PoPToP is an open source program running on an open source operating systems... so why are people on this list not using an open source mail client on their said open source operating systems?? Andrew -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The Day After Crew http://www.kcraves.com mailto:thedayafter at kcraves.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From charlieb at e-smith.com Sat Dec 1 21:10:59 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Sat, 1 Dec 2001 22:10:59 -0500 (EST) Subject: [pptp-server] Re: In-Reply-To: Message-ID: On Sun, 2 Dec 2001, Matt Gavin wrote: > I run 19 Linux servers and 4 Solaris servers at work, but I prefer to run > Mickysoft Windows 2000 on my laptop and Mickysoft Outlook 2000 for mail. > Why? Because I am yet to see a credible Open Source mail or news client. > > Virus protection should be done on the mail server, it should not be left up > to the client... It's neither difficult or expensive to implement a scan > mail procedure. But it is always too late. Thousands/millions of machines are infected by the time the antivirus companies have come out with a fix. A credible mail client? Surely it's one which isn't a security nightmare. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From vgill at technologist.com Sun Dec 2 01:09:35 2001 From: vgill at technologist.com (Gill, Vern) Date: Sat, 1 Dec 2001 23:09:35 -0800 Subject: [pptp-server] Data Encryption Message-ID: <574607996176D51195A400A0C90AB760CA1E@mail.gillnet.org> Maybe also try pptpd-1.1.2.. Or whatever the latest version (can't recall at moent) is... -----Original Message----- From: Jason Staudenmayer [mailto:jasons at NJAQUARIUM.ORG] Sent: Friday, November 30, 2001 12:14 PM To: 'Sean'; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Data Encryption get the source for ppp-2.4.x get the patches for mppe and any others you can find for ppp-2.4.x read the README for the patches and the install. you'll propbly have to build a new kernel to. then try it -----Original Message----- From: Sean [mailto:sean at cyberfarer.com] Sent: Friday, November 30, 2001 2:44 PM To: Jason Staudenmayer; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Data Encryption I am using Mandrake Linux 8 with kernel version 2.4.3-20. I am using PopTop version 1.0.1 I have tried connecting with WinME and WinXP, both with the same result. WinME, I believe, is using DUN1.4. WinXP, I am not sure of the version number but I assume it would be the latest. Thanks. ----- Original Message ----- From: "Jason Staudenmayer" To: "'Sean'" ; Sent: Friday, November 30, 2001 2:27 PM Subject: RE: [pptp-server] Data Encryption > versions? > OS? > > > -----Original Message----- > From: Sean [mailto:sean at cyberfarer.com] > Sent: Friday, November 30, 2001 2:01 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Data Encryption > > > I have the patches for MS-CHAP and MS-CHAPV2 installed. > > When I set up the client and select password authentication and connect, > details show I am using MS-CHAPV2. > However, when I select data encryption I get the following error: "The > computer you're dialing in to does not support the data encryption > requirements specified. Please check your encryption settings in the > properties of the connection. If this problem persists, contact your > network" > > My modules.conf is as follows: > > alias ppp-compress-18 mppe > alias ppp-compress-21 bsd_comp > alias ppp-compress-24 ppp_deflate > alias ppp-compress-26 ppp_deflate > alias char-major-108 ppp > > My options.vpn is as follows: > > debug > name Server > auth > require-chap > proxyarp > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > Should I be able to select data encryption within the Win client? > > Without it, as far as I can see, data is not encrypted. > > Thanks. > > > > > > > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From muralivemuri at multitech.co.in Sun Dec 2 08:51:03 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Sun, 02 Dec 2001 20:21:03 +0530 Subject: [pptp-server] problems with win 98 client Message-ID: <3C0A3FD7.3572D1CF@multitech.co.in> hi there, i have a strange problem here, what happens is that......ppp link is fine . when i make a pptp link,some times i get the problem : "you have been disconnected from the computer you dialed." sometimes i get "vpn adapter is not responding or busy disconnect all and then connect". any ideas? regards murali From mmc at hardware-one.com Sun Dec 2 21:00:24 2001 From: mmc at hardware-one.com (Michael McCallum) Date: Mon, 3 Dec 2001 11:00:24 +0800 Subject: [pptp-server] Problems with PPTP Client connecting to PPTPD (long) Message-ID: <000401c17ba6$c3873450$3200000a@nismo> Hi, I'm currently facing some problems with PPTP Client 1.03 connecting to the PPTPD daemon. I wish to clarify that I do not have any problems establishing a connection with PPTPD using W2K VPN client. Everything works fine under W2K VPN client with maximum encryption. But I have problems trying to connect using a Linux client (PPTP client) to another Linux server (PPTPD 1.1.2). I'm currently running these setup on both Linux client and server machines: 1) Linux kernel 2.4.14 2) Linux-2.4.4-openssl-0.9.6a-mppe.patch applied to the kernel 3) PPP-2.4.1 4) ppp-2.4.1-MSCHAPv2-fix.patch applied to PPP-2.4.1 5) ppp-2.4.1-openssl-0.9.6-mppe-patch applied to PPP-2.4.1 6) pptpd-1.1.2.tar.gz (development) 7) pptp-linux-1.0.3-1 This is my 'pptpd.conf'on my Server machine. option /etc/options localip 172.16.2.1-99 remoteip 172.16.2.100-200 pidfile /var/run/pptpd.pid This is the Server '/etc/options' file. debug lock auth +chap +chapms +chapms-v2 mppe-128 mppe-40 mppe-stateless This is the '/etc/ppp/options' file in the Client machine. lock debug noauth mppe-40 mppe-128 mppe-stateless I started 'pptp' with the following parameters: pptp debug name and got the following errors (GRE: read error: Protocol not available) Dec 3 09:45:30 compaq pptpd[11467]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 3 09:45:30 compaq pptpd[11467]: CTRL: local address = 172.16.2.2 Dec 3 09:45:30 compaq pptpd[11467]: CTRL: remote address = 172.16.2.101 Dec 3 09:45:30 compaq pptpd[11467]: CTRL: pppd options file = /etc/options Dec 3 09:45:30 compaq pptpd[11467]: CTRL: Client 10.0.0.1 control connection started Dec 3 09:45:30 compaq pptpd[11467]: CTRL: Received PPTP Control Message (type: 1) Dec 3 09:45:30 compaq pptpd[11467]: CTRL: Made a START CTRL CONN RPLY packet Dec 3 09:45:30 compaq pptpd[11467]: CTRL: I wrote 156 bytes to the client. Dec 3 09:45:30 compaq pptpd[11467]: CTRL: Sent packet to client Dec 3 09:45:31 compaq pptpd[11467]: CTRL: Received PPTP Control Message (type: 7) Dec 3 09:45:31 compaq pptpd[11467]: CTRL: 0 min_bps, 152 max_bps, 32 window size Dec 3 09:45:31 compaq pptpd[11467]: CTRL: Made a OUT CALL RPLY packet Dec 3 09:45:31 compaq pptpd[11467]: CTRL: Starting call (launching pppd, opening GRE) Dec 3 09:45:31 compaq pptpd[11467]: CTRL: pty_fd = 5 Dec 3 09:45:31 compaq pptpd[11467]: CTRL: tty_fd = 6 Dec 3 09:45:31 compaq pptpd[11467]: CTRL: I wrote 32 bytes to the client. Dec 3 09:45:31 compaq pptpd[11468]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 3 09:45:31 compaq pptpd[11468]: CTRL (PPPD Launcher): local address = 172.16.2.2 Dec 3 09:45:31 compaq pptpd[11468]: CTRL (PPPD Launcher): remote address = 172.16.2.101 Dec 3 09:45:31 compaq pppd[11468]: pppd 2.4.1 started by root, uid 0 Dec 3 09:45:31 compaq pppd[11468]: using channel 43 Dec 3 09:45:31 compaq pppd[11468]: Using interface ppp0 Dec 3 09:45:31 compaq pppd[11468]: Connect: ppp0 <--> /dev/pts/2 Dec 3 09:45:31 compaq pppd[11468]: sent [LCP ConfReq id=0x1 ] Dec 3 09:45:31 compaq pptpd[11467]: CTRL: Sent packet to client Dec 3 09:45:31 compaq pptpd[11467]: GRE: read error: Protocol not available Dec 3 09:45:31 compaq pptpd[11467]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 3 09:45:31 compaq pptpd[11467]: CTRL: Client 10.0.0.1 control connection finished Dec 3 09:45:31 compaq pppd[11468]: Modem hangup Dec 3 09:45:31 compaq pppd[11468]: Connection terminated. Dec 3 09:45:31 compaq pppd[11468]: Exit. Here is the log from the client side: Dec 3 10:45:02 router01 pptp[9509]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:578]: Client connectio n established. Dec 3 10:45:04 router01 pptp[9509]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:701]: Outgoing call es tablished (call ID 0, peer's call ID 0). Dec 3 10:45:04 router01 pppd[9511]: pppd 2.4.1 started by root, uid 0 Dec 3 10:45:04 router01 pppd[9511]: using channel 35 Dec 3 10:45:04 router01 pppd[9511]: Using interface ppp0 Dec 3 10:45:04 router01 pppd[9511]: Connect: ppp0 <--> /dev/pts/6 Dec 3 10:45:04 router01 pppd[9511]: sent [LCP ConfReq id=0x1 ] Dec 3 10:45:06 router01 pptp[9510]: log[decaps_gre:pptp_gre.c:215]: short read (4294967295): Protoco l not available Dec 3 10:45:06 router01 pppd[9511]: Hangup (SIGHUP) Dec 3 10:45:06 router01 pppd[9511]: Modem hangup Dec 3 10:45:06 router01 pppd[9511]: Connection terminated. Dec 3 10:45:07 router01 pppd[9511]: Exit. Dec 3 10:45:07 router01 pptp[9509]: log[callmgr_main:pptp_callmgr.c:240]: Closing connection Dec 3 10:45:07 router01 pptp[9509]: log[pptp_conn_close:pptp_ctrl.c:307]: Closing PPTP connection Dec 3 10:45:07 router01 pptp[9509]: log[pptp_write_some:pptp_ctrl.c:376]: write error: Broken pipe Dec 3 10:45:07 router01 pptp[9509]: log[call_callback:pptp_callmgr.c:88]: Closing connection All the machines are within the same LAN and have the same subnet/netmask. So I do not think there are any firewalls which could interfere with the GRE. My hunch is that the server 'options' and client 'options' files do not agree with each other? I've would really appreciate if someone could shine a light at what is wrong with my current config. Thanks! From sean at cyberfarer.com Sun Dec 2 22:26:53 2001 From: sean at cyberfarer.com (Sean) Date: Sun, 2 Dec 2001 23:26:53 -0500 Subject: [pptp-server] One last problem References: <3C0A3FD7.3572D1CF@multitech.co.in> Message-ID: <00b201c17bb2$bcba36c0$0802a8c0@sympatico.ca> I have a new kernel with patches and Microsoft reports strong encryption being used when I click details upon connect using the MS client. I would like to give credit where credit is due. I am not a programmer and attempts at patching and recompiling only provided mixed results. I was never able to get full encryption going all though I did get the handshake. However, I downloaded a patched kernel, headers, initscripts, iptables, iptables IPv6, and ppp RPM's (I love RPM's!) from here: http://mirror.binarix.com/ppp-mppe/ In the time it took to download and install I accomplished what I have failed to do over the past three weeks. I would also like to thank those of you on this list who have generously offered assistance. It is much appreciated. My final remaining issue is the local IP. My options.vpn includes the line: 192.168.1.140: Without this, pptpd reports the local IP could not be determined. But, and please correct me if I am wrong, by having this line I am restricting myself to only one connection. I would not be able to have two connections simutaneoulsy, correct? If yes, what line would solve the issue of the local IP while allow more than a single connection? My pptpd.conf is as follows: speed 115200 option /etc/ppp/options.vpn localip 192.168.1.140-143 remoteip 192.168.1.239-241 pidfile /var/run/pptpd.pid Again, thank you. P.S. It is very fast and performs much better than expected. From Timothy.Findlay at austrimtextiles.com.au Sun Dec 2 23:33:45 2001 From: Timothy.Findlay at austrimtextiles.com.au (Timothy Findlay) Date: Mon, 3 Dec 2001 16:33:45 +1100 Subject: [pptp-server] PPTP_MAX_CTRL_PCKT_SIZE Message-ID: Hi Folks, I setup PPTP the other day (week or so ago) and all appeared cool, and seems to be running fine, but I checked the /var/log/messages file for unrelated stuff .... and found this message repeated HEAPS in it ... it looks like... Dec 3 16:22:17 atgproxy1 pptpd[20324]: CTRL: Client control connection started Dec 3 16:22:17 atgproxy1 pptpd[20324]: CTRL: Control packet > PPTP_MAX_CTRL_PCKT_SIZE (length = 18245) Dec 3 16:22:17 atgproxy1 pptpd[20324]: CTRL: couldn't read packet header (exit) Dec 3 16:22:17 atgproxy1 pptpd[20324]: CTRL: CTRL read failed Any ideas what mighta caused this ?? have I messed up the configuration of it or something perhaps ?!?! Any thoughts would be handy. Tim. -------------------------------------------------------------------------------- ----------------------------------- This e-mail and any attachments are confidential and may contain privileged and/or copyright information of Mitsubishi Motors Australia Ltd or third parties. Only the intended recipient may access or use it. Any dissemination, distribution or copying of this email is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and then erase the email. Any loss/damage incurred from the use of this material is not the sender's responsibility. No warranty is given that this email or any attachments are free from viruses or other defects. -------------------------------------------------------------------------------- ----------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From magnus at vonkoeller.de Mon Dec 3 02:30:27 2001 From: magnus at vonkoeller.de (Magnus von Koeller) Date: Mon, 3 Dec 2001 09:30:27 +0100 Subject: [pptp-server] Problems with PPTP Client connecting to PPTPD (long) In-Reply-To: <000401c17ba6$c3873450$3200000a@nismo> References: <000401c17ba6$c3873450$3200000a@nismo> Message-ID: <200112030925.44827@vonkoeller.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 03 December 2001 04:00, you wrote: > 1) Linux kernel 2.4.14 It's kernel related. This is kind of a known problem. There have been reports of setups working with kernels <= 2.4.10 but I'm not sure if they really ever tested them with Linux clients. I don't know of any solution, though. Newer kernels just don't work for Linux clients. Somebody here posted a patch to the pptp client or server that didn't make sense to me that was supposed to fix it but I didn't try it. I'm still running 2.4.2 (!) on my server for that reason. This really sucks but what can I do? Please tell me if you get this working. I tried 2.4.12-ac5 on my server and at least that kernel didn't work. - -- - -M - ------- Magnus von Koeller ------ Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany Phone: +49-(0)531/2094886 Mobile: +49-(0)179/4562940 lp1 on fire (One of the more obfuscated kernel messages) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8CzglUIvM6e6BgFARApPVAJ9WrhOlYpFnOtDpadhGtm8GiOzHTwCghTNu yACTxYutwplEKX5U8zyOuzo= =8krT -----END PGP SIGNATURE----- From mmc at hardware-one.com Mon Dec 3 03:02:44 2001 From: mmc at hardware-one.com (Michael McCallum) Date: Mon, 3 Dec 2001 17:02:44 +0800 Subject: [pptp-server] Problems with PPTP Client connecting to PPTPD (long) References: <000401c17ba6$c3873450$3200000a@nismo> <200112030925.44827@vonkoeller.de> Message-ID: <002d01c17bd9$48946910$3200000a@nismo> ----- Original Message ----- From: "Magnus von Koeller" To: "Michael McCallum" Cc: Sent: Monday, December 03, 2001 4:30 PM Subject: Re: [pptp-server] Problems with PPTP Client connecting to PPTPD (long) Hi Magnus, > On Monday 03 December 2001 04:00, you wrote: > > 1) Linux kernel 2.4.14 > > It's kernel related. > > This is kind of a known problem. There have been reports of setups > working with kernels <= 2.4.10 but I'm not sure if they really ever > tested them with Linux clients. > > I don't know of any solution, though. Newer kernels just don't work > for Linux clients. Somebody here posted a patch to the pptp client or > server that didn't make sense to me that was supposed to fix it but I > didn't try it. I'm still running 2.4.2 (!) on my server for that > reason. This really sucks but what can I do? Please tell me if you > get this working. > > I tried 2.4.12-ac5 on my server and at least that kernel didn't work. Oh dear. I will try to downgrade the kernel to a lower revision (and hopefully one without the 'ptrace' root exploit) and see if they work. Currently core files are being dumped by pptp whenever it fails to connect with the server. Need to get this fix soon, else I would have to use a W2K client machine to connect to the Linux server... Thanks for the help! From ctooley at amoa.org Mon Dec 3 08:06:40 2001 From: ctooley at amoa.org (Chris Tooley) Date: 03 Dec 2001 08:06:40 -0600 Subject: [pptp-server] Status In-Reply-To: <3C09A1D8.2CF4FD92@Polcari.com> References: <01120113582206.16387@ws1.billbeau.net> <20011201162902.A5418@falcon.waretec.com> <3C09A1D8.2CF4FD92@Polcari.com> Message-ID: <1007388404.12605.0.camel@itspec.amoa.org> As the website (http://opensource.lineo.com/poptop) doesn't appear to have been updated for a little over a year, I was wondering if there was a way to get the latest version of PoPToP. And if so, what is that version? Chris Tooley From rcd at amherst.com Mon Dec 3 08:30:00 2001 From: rcd at amherst.com (Robert Dege) Date: Mon, 3 Dec 2001 09:30:00 -0500 (EST) Subject: [pptp-server] PPTP Logging Script Message-ID: Last night, I wrote a PPTP logon script to make it easier to track who logs on & when. I got sick of screwing around with the local2.* syslog file. Basically, anyone who wants to use it may freely do so. If anyone knows how to make it more efficient, please let the list know. Lord knows, I'm no script wizard. Here's an example of how it outputs: ########################################## Start connection @ 08:10:51 AM on 12/03/01 Employee : rcd Outside IP : [128.205.90.139] Inside IP : [172.28.141.40] Ended connection @ 08:17:25 AM on 12/03/01 ########################################## Installation instructions: 1) Take the attached file (userlog.sh), and put it into the /etc/ppp directory. 2) Modify /etc/ppp/ip-up, and add the following line: /etc/ppp/userlog.sh $1 $5 3) Modify /etc/ppp/ip-down, and the following lines: FILE="/tmp/`cat /var/run/$1.pid`" DAY=`date +%D` TIME=`date +%r` echo "Ended connection @ $TIME on $DAY" >> $FILE echo "##########################################" >> $FILE echo " " >> $FILE cat $FILE >> /var/log/pptp_connections.log rm $FILE That's it! There's just a few contingencies. To extrapolate the username, the script looks for the MSCHAP entry in the syslog. This usually gets generated by syslog with either local2.*, or daemon.*. Make sure that the script points to this log file. Please let me know if anyone finds any bugs. It's not robust, but then again, that wasn't my mentality when I was writing it last night ;) -- -Rob -------------- next part -------------- A non-text attachment was scrubbed... Name: userlog.sh Type: application/x-sh Size: 802 bytes Desc: URL: From Josh.Howlett at bristol.ac.uk Tue Dec 4 08:25:32 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Tue, 4 Dec 2001 14:25:32 +0000 (GMT) Subject: [pptp-server] "localip" option Message-ID: What's the point of allocating more than one IP address to the "localip" option, if (as seems to be the case) all running pppd instances can share the same IP address without any problems. anyone know? josh. --------------------------------------- Josh Howlett, Network Support Officer, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From charlieb at e-smith.com Tue Dec 4 09:28:25 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 4 Dec 2001 10:28:25 -0500 (EST) Subject: [pptp-server] "localip" option In-Reply-To: Message-ID: On Tue, 4 Dec 2001, Josh Howlett wrote: > What's the point of allocating more than one IP address to the > "localip" option, if (as seems to be the case) all running pppd > instances can share the same IP address without any problems. > > anyone know? There might be some point if you have multiple ethernet networks, and want to proxyarp bind to a different network. Or if you want to have different packet filtering rules applied. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From alien at alienworld.org Tue Dec 4 12:41:52 2001 From: alien at alienworld.org (Alen Salamun) Date: Tue, 4 Dec 2001 19:41:52 +0100 Subject: [pptp-server] Accessing VPN server with iPAQ VPN Message-ID: <001501c17cf3$577706c0$0201a8c0@alienworld.org> I have troubles with connection to PPTP server from iPAQ PocketPC 2002 VPN. It works with Win9x/Win2000 clients but not with this one. Is this maybe a trouble with PPPD not PPTP server?? The log of pptp: Dec 4 19:33:34 discovery pptpd[15662]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 4 19:33:34 discovery pptpd[15662]: CTRL: local address = 192.168.0.200 Dec 4 19:33:34 discovery pptpd[15662]: CTRL: remote address = 192.168.0.210 Dec 4 19:33:34 discovery pptpd[15662]: CTRL: pppd speed = 115200 Dec 4 19:33:34 discovery pptpd[15662]: CTRL: pppd options file = /etc/ppp/options.vpn Dec 4 19:33:34 discovery pptpd[15662]: CTRL: Client 213.161.8.201 control connection started Dec 4 19:33:34 discovery pptpd[15662]: CTRL: Received PPTP Control Message (type: 1) Dec 4 19:33:34 discovery pptpd[15662]: CTRL: Made a START CTRL CONN RPLY packet Dec 4 19:33:34 discovery pptpd[15662]: CTRL: I wrote 156 bytes to the client. Dec 4 19:33:34 discovery pptpd[15662]: CTRL: Sent packet to client Dec 4 19:33:34 discovery pptpd[15662]: CTRL: Received PPTP Control Message (type: 7) Dec 4 19:33:34 discovery pptpd[15662]: CTRL: Set parameters to 1525 maxbps, 64 window size Dec 4 19:33:34 discovery pptpd[15662]: CTRL: Made a OUT CALL RPLY packet Dec 4 19:33:34 discovery pptpd[15662]: CTRL: Starting call (launching pppd, opening GRE) Dec 4 19:33:34 discovery pptpd[15662]: CTRL: pty_fd = 5 Dec 4 19:33:34 discovery pptpd[15662]: CTRL: tty_fd = 6 Dec 4 19:33:34 discovery pptpd[15663]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 4 19:33:34 discovery pptpd[15663]: CTRL (PPPD Launcher): local address = 192.168.0.200 Dec 4 19:33:34 discovery pptpd[15663]: CTRL (PPPD Launcher): remote address = 192.168.0.210 Dec 4 19:33:34 discovery pppd[15663]: pppd 2.4.0 started by root, uid 0 Dec 4 19:33:34 discovery pppd[15663]: using channel 2 Dec 4 19:33:34 discovery pppd[15663]: Using interface ppp0 Dec 4 19:33:34 discovery pppd[15663]: Connect: ppp0 <--> /dev/pts/1 Dec 4 19:33:34 discovery pppd[15663]: sent [LCP ConfReq id=0x1 ] Dec 4 19:33:34 discovery pptpd[15662]: CTRL: I wrote 32 bytes to the client. Dec 4 19:33:34 discovery pptpd[15662]: CTRL: Sent packet to client Dec 4 19:33:37 discovery pppd[15663]: sent [LCP ConfReq id=0x1 ] Dec 4 19:34:01 discovery pppd[15663]: sent [LCP ConfReq id=0x1 ] Dec 4 19:34:04 discovery pppd[15663]: LCP: timeout sending Config-Requests Dec 4 19:34:04 discovery pppd[15663]: Connection terminated. Dec 4 19:34:04 discovery pppd[15663]: Exit. Dec 4 19:34:04 discovery pptpd[15662]: GRE: read(fd=5,buffer=804d8c0,len=8196) from PTY failed: status = -1 error = Input/output error Dec 4 19:34:04 discovery pptpd[15662]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 4 19:34:04 discovery pptpd[15662]: CTRL: Client 213.161.8.201 control connection finished Dec 4 19:34:04 discovery pptpd[15662]: CTRL: Exiting now Dec 4 19:34:04 discovery pptpd[15654]: MGR: Reaped child 15662 Regards, Alen ?alamun From rcd at amherst.com Tue Dec 4 16:47:26 2001 From: rcd at amherst.com (Robert Dege) Date: Tue, 4 Dec 2001 17:47:26 -0500 (EST) Subject: [pptp-server] a Cosmetic problem Message-ID: I am able to make a successful PPTP connection. I know that it works, because I am able to view certain Network Neighborhood folders, & FTP to inside machines. However, when I attempt to access certain web ages, instead of loading the web page, I get a server not found error. ie: http://intranet yields not found http://192.168.1.1 yieldls site found I do have a DNS server setup in my options.pptp file, but it seems as if the web browser times out prior to checking the VPN connection for the web site. I also have the Windows client setup so that "Use degault gateway on remote network" is NOT checked. Anybody have some insight on this? -- -Rob From mattgav at tempo.com.au Tue Dec 4 17:01:08 2001 From: mattgav at tempo.com.au (Matt Gavin) Date: Wed, 5 Dec 2001 10:01:08 +1100 Subject: [pptp-server] a Cosmetic problem In-Reply-To: Message-ID: What do you get if you use the full domain ie: http://intranet.amherst.com It would be beneficial to know what version of Windows your client is. Can you ping "intranet", if so check your proxy settings... This will more than likely be an issue on your client rather than PoPToP. Matt -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege Sent: Wednesday, 5 December 2001 9:47 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] a Cosmetic problem I am able to make a successful PPTP connection. I know that it works, because I am able to view certain Network Neighborhood folders, & FTP to inside machines. However, when I attempt to access certain web ages, instead of loading the web page, I get a server not found error. ie: http://intranet yields not found http://192.168.1.1 yieldls site found I do have a DNS server setup in my options.pptp file, but it seems as if the web browser times out prior to checking the VPN connection for the web site. I also have the Windows client setup so that "Use degault gateway on remote network" is NOT checked. Anybody have some insight on this? -- -Rob _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From Joe at Polcari.com Tue Dec 4 21:44:13 2001 From: Joe at Polcari.com (Joe Polcari) Date: Tue, 04 Dec 2001 22:44:13 -0500 Subject: [pptp-server] a Cosmetic problem References: Message-ID: <3C0D980D.B407407F@Polcari.com> I have this same problem (well slightl;y different) and asked weeks ago and nobody replied. There must be someone else who has seen this and fixed it. The different part is my DNS works and I can get the index page of the intranet web site, but no other pages from it. If I go through the VPN to external sites, it works fine. I also see this with outlook. I know it connects to the server, but it never displays any mail or calendar, just the hour glass. Joe Robert Dege wrote: > I am able to make a successful PPTP connection. I know that it > works, because I am able to view certain Network Neighborhood > folders, & FTP to inside machines. However, when I attempt to access > certain web ages, instead of loading the web page, I get a server not > found error. > > ie: http://intranet yields not found > http://192.168.1.1 yieldls site found > > I do have a DNS server setup in my options.pptp file, but it seems as if > the web browser times out prior to checking the VPN connection for the web > site. > > I also have the Windows client setup so that "Use degault gateway on > remote network" is NOT checked. > > Anybody have some insight on this? > > -- > > -Rob > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From Joe at Polcari.com Tue Dec 4 21:47:04 2001 From: Joe at Polcari.com (Joe Polcari) Date: Tue, 04 Dec 2001 22:47:04 -0500 Subject: [pptp-server] a Cosmetic problem References: Message-ID: <3C0D98B7.9AF17395@Polcari.com> Full domain name matters not. I CAN nslookup/ping/telnet/ftp/ssh anything anywhere and iptables -L shows no dropped/rejected packets. Matt Gavin wrote: > What do you get if you use the full domain ie: http://intranet.amherst.com > It would be beneficial to know what version of Windows your client is. Can > you ping "intranet", if so check your proxy settings... This will more than > likely be an issue on your client rather than PoPToP. > > Matt > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > Sent: Wednesday, 5 December 2001 9:47 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] a Cosmetic problem > > I am able to make a successful PPTP connection. I know that it > works, because I am able to view certain Network Neighborhood > folders, & FTP to inside machines. However, when I attempt to access > certain web ages, instead of loading the web page, I get a server not > found error. > > ie: http://intranet yields not found > http://192.168.1.1 yieldls site found > > I do have a DNS server setup in my options.pptp file, but it seems as if > the web browser times out prior to checking the VPN connection for the web > site. > > I also have the Windows client setup so that "Use degault gateway on > remote network" is NOT checked. > > Anybody have some insight on this? > > -- > > -Rob > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From mattgav at tempo.com.au Tue Dec 4 22:22:33 2001 From: mattgav at tempo.com.au (Matt Gavin) Date: Wed, 5 Dec 2001 15:22:33 +1100 Subject: [pptp-server] a Cosmetic problem In-Reply-To: <3C0D98B7.9AF17395@Polcari.com> Message-ID: This is not a PoPToP problem. The fact that it works for the index page means that it is working and PoPToP is not failing for you, remember PoPToP simply provides a tunnel... to the private/your network. This will be Apache/IIS and/or your Proxy settings. What is your Web Server for Intranet? Do you have a proxy server? When you visit another page on the Intranet, are you maintaining the domain? Do you have a Proxy Server enabled for your Internet Access even before you reach the VPN? Matt Full domain name matters not. I CAN nslookup/ping/telnet/ftp/ssh anything anywhere and iptables -L shows no dropped/rejected packets. Matt Gavin wrote: > What do you get if you use the full domain ie: http://intranet.amherst.com > It would be beneficial to know what version of Windows your client is. Can > you ping "intranet", if so check your proxy settings... This will more than > likely be an issue on your client rather than PoPToP. > > Matt > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > Sent: Wednesday, 5 December 2001 9:47 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] a Cosmetic problem > > I am able to make a successful PPTP connection. I know that it > works, because I am able to view certain Network Neighborhood > folders, & FTP to inside machines. However, when I attempt to access > certain web ages, instead of loading the web page, I get a server not > found error. > > ie: http://intranet yields not found > http://192.168.1.1 yieldls site found > > I do have a DNS server setup in my options.pptp file, but it seems as if > the web browser times out prior to checking the VPN connection for the web > site. > > I also have the Windows client setup so that "Use degault gateway on > remote network" is NOT checked. > > Anybody have some insight on this? > > -- > > -Rob > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From kamran at prysoft.com Tue Dec 4 23:18:29 2001 From: kamran at prysoft.com (S. A. Kamran) Date: Wed, 5 Dec 2001 10:18:29 +0500 Subject: [pptp-server] Help on PPTP and Portslave using PAP Message-ID: <006101c17d4c$465e3490$6400a8c0@prisoft> Hi, I am looking at archives and found that its possible to use PPTP with radius authentication and accounting using PortSlave. Can someone please help me by pointing me to some url from where I can get patch for PAP authentication and some HOWTO on this. Thanks for you time. Kamran S. A. Kamran. http://www.prysoft.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From Joe at Polcari.com Wed Dec 5 00:43:13 2001 From: Joe at Polcari.com (Joe Polcari) Date: Wed, 05 Dec 2001 01:43:13 -0500 Subject: [pptp-server] a Cosmetic problem References: Message-ID: <3C0DC200.38DC0AAA@Polcari.com> Matt, With or without proxy doesn't matter. I'm sure my problem is in the options files. First let me give you what I sent before so can see the setup and I'll add my option files. corporate remote net=192.168.0/24 vpn remote IP=192.168.2.3 (wierd, huh?) vpn local ip=192.168.0.xxx nat to my local home net on 192.168.1.xxx all this happens on my dual if local machine 192.168.1.4 (eth0) which gateways the my local 192.168.1/24 home net to the pptp vpn and to the internet through a second if 192.168.2.100 (eth1) connected through a router/cable modem. normal default static route is to the 192.168.2.100 which gets replaced with 192.168.2.3 during pptp connection. Everything works fine except this: when I browse (http) through the vpn it works fine unless the ip is in the 192.168.0 net. In this case I can get and "/" url, but if I try anything else other than /, the connection times out. i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but http://192.168.0.10/anything doesn't. Using hostnames I get the same results. All hostnames, local and remote, resolve on my local home net. I am using pptp-command start to bring up the tunnel. ==================================== #/etc/pppd.conf persist noauth lock debug multi-link proxyarp mppe-128 mppe-40 mppe-stateless lcp-echo-failure 1000 lcp-echo-interval 1000 ipcp-accept-local ipcp-accept-remote defaultroute -am kdebug 7 ktune bsdcomp 15 deflate 15 ms-wins 192.168.0.xxx ===================================== #/etc/ppp/ppp.options (this is a link to /etc/ppp/options) noccp persist noauth lock #debug proxyarp #chap #chapms #chapms-v2 mppe-128 mppe-40 mppe-stateless lcp-echo-failure 1000 lcp-echo-interval 1000 ipcp-accept-local ipcp-accept-remote defaultroute #noipdefault #kdebug 7 name jpolcari remotename PPTP -am ms-dns 192.168.0.xxx ms-wins 192.168.0.xxx ============================== What other information can I give you? Joe Matt Gavin wrote: > This is not a PoPToP problem. The fact that it works for the index page > means that it is working and PoPToP is not failing for you, remember PoPToP > simply provides a tunnel... to the private/your network. This will be > Apache/IIS and/or your Proxy settings. > > What is your Web Server for Intranet? Do you have a proxy server? When you > visit another page on the Intranet, are you maintaining the domain? Do you > have a Proxy Server enabled for your Internet Access even before you reach > the VPN? > > Matt > > Full domain name matters not. > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere > and iptables -L shows no dropped/rejected packets. > > Matt Gavin wrote: > > > What do you get if you use the full domain ie: http://intranet.amherst.com > > It would be beneficial to know what version of Windows your client is. Can > > you ping "intranet", if so check your proxy settings... This will more > than > > likely be an issue on your client rather than PoPToP. > > > > Matt > > > > -----Original Message----- > > From: pptp-server-admin at lists.schulte.org > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > > Sent: Wednesday, 5 December 2001 9:47 AM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] a Cosmetic problem > > > > I am able to make a successful PPTP connection. I know that it > > works, because I am able to view certain Network Neighborhood > > folders, & FTP to inside machines. However, when I attempt to access > > certain web ages, instead of loading the web page, I get a server not > > found error. > > > > ie: http://intranet yields not found > > http://192.168.1.1 yieldls site found > > > > I do have a DNS server setup in my options.pptp file, but it seems as if > > the web browser times out prior to checking the VPN connection for the web > > site. > > > > I also have the Windows client setup so that "Use degault gateway on > > remote network" is NOT checked. > > > > Anybody have some insight on this? > > > > -- > > > > -Rob > > From torndorff at orndorff.com Wed Dec 5 00:08:33 2001 From: torndorff at orndorff.com (Tommy Orndorff) Date: Wed, 5 Dec 2001 01:08:33 -0500 Subject: [pptp-server] IP Chains and RH7.2 Message-ID: <200112050608.fB568XY02167@mercury.lan> I was wondering several things. Can I have my poptop server behind a NAT firewall/router with clients on the outside of the router? I read that the ip headers have some set bits in them and the NAT router may mangle them; is it possible to use this setup? Also, I cant find any detailed help about setting up ipchains rules for input/ouput. I did find a November post about them but I still dont know what I need to add to the /etc/services file, etc. Any help would be appreciated. I believe I have pptpd and pppd running correctly; Win9x, WinXP, and Win2k clients have logged in, all encrypted. I just cant transfer between the two (on the same local network) so I'm assuming its the ipchains rules. Thanks, Tommy From jorgens at coho.net Wed Dec 5 00:19:33 2001 From: jorgens at coho.net (Steve Jorgensen) Date: Tue, 4 Dec 2001 22:19:33 -0800 Subject: [pptp-server] IP Chains and RH7.2 Message-ID: <01C17D11.C06A1BE0.jorgens@coho.net> I have used PPTP servers behind several types of NAT firewall, and it has always worked to simply forward the ports. I've never had trouble with this. On Tuesday, December 04, 2001 10:09 PM, Tommy Orndorff [SMTP:torndorff at orndorff.com] wrote: > I was wondering several things. Can I have my poptop server behind a NAT firewall/router with clients on the outside of the router? I read that the ip headers have some set bits in them and the NAT router may mangle them; is it possible to use this setup? Also, I cant find any detailed help about setting up ipchains rules for input/ouput. I did find a November post about them but I still dont know what I need to add to the /etc/services file, etc. Any help would be appreciated. I believe I have pptpd and pppd running correctly; Win9x, WinXP, and Win2k clients have logged in, all encrypted. I just cant transfer between the two (on the same local network) so I'm assuming its the ipchains rules. Thanks, Tommy _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From luismi at adpsoft.com Wed Dec 5 07:45:04 2001 From: luismi at adpsoft.com (LuisMi) Date: Wed, 5 Dec 2001 14:45:04 +0100 (CET) Subject: [pptp-server] Patches for PPP??? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am running redhat 7.2. I have here the source rpmm of ppp, exactly... ppp-2.4.1-2.src.rpm I found in the web some patches but I don?t know which I need to use Microsft encryption (MPPE) and authentication (MSCHAPv2) Can someone help me? - -- +---------------------- | Luis Miguel Cruz. | | Public Key: http://www.flcnet.es/tbe/luismi/nadie/luismi_adp.asc | ----------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjwOJOEACgkQvQHLTzrFJle/rACfa9SCsajH+eGN04G/Prona96I MigAoIazpVlcdSnkhe5Wodh/JWFF4osj =UKz9 -----END PGP SIGNATURE----- From jasons at NJAQUARIUM.ORG Wed Dec 5 08:26:39 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Wed, 5 Dec 2001 09:26:39 -0500 Subject: [pptp-server] One last problem Message-ID: you must specify the IP address of the NIC in the VPN. like so VPN: NIC1: 192.168.0.1 (inside) NIC2: 25.26.123.5 (outside) options.vpn localIP 192.168.0.1 remoteIP 192.168.0.2-160 these settings tell the pppd and poptop how to handle the IP addressing and rout insertion into the route table. The local IP will or should always be the internal NIC and the remote IP whatever range of address you wish to assign the VPN connection. -----Original Message----- From: Sean [mailto:sean at cyberfarer.com] Sent: Sunday, December 02, 2001 11:27 PM To: pptplist Subject: [pptp-server] One last problem I have a new kernel with patches and Microsoft reports strong encryption being used when I click details upon connect using the MS client. I would like to give credit where credit is due. I am not a programmer and attempts at patching and recompiling only provided mixed results. I was never able to get full encryption going all though I did get the handshake. However, I downloaded a patched kernel, headers, initscripts, iptables, iptables IPv6, and ppp RPM's (I love RPM's!) from here: http://mirror.binarix.com/ppp-mppe/ In the time it took to download and install I accomplished what I have failed to do over the past three weeks. I would also like to thank those of you on this list who have generously offered assistance. It is much appreciated. My final remaining issue is the local IP. My options.vpn includes the line: 192.168.1.140: Without this, pptpd reports the local IP could not be determined. But, and please correct me if I am wrong, by having this line I am restricting myself to only one connection. I would not be able to have two connections simutaneoulsy, correct? If yes, what line would solve the issue of the local IP while allow more than a single connection? My pptpd.conf is as follows: speed 115200 option /etc/ppp/options.vpn localip 192.168.1.140-143 remoteip 192.168.1.239-241 pidfile /var/run/pptpd.pid Again, thank you. P.S. It is very fast and performs much better than expected. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From jasons at NJAQUARIUM.ORG Wed Dec 5 08:35:31 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Wed, 5 Dec 2001 09:35:31 -0500 Subject: [pptp-server] a Cosmetic problem Message-ID: That a web server/DNS problem I have several systems running that are not in my local DNS and if I don't use the last slash I times out or tells me it can't find my S: drive. I think it has to do with reverse lookups to the webserver or client. Just always remember to add the last slash it ain't that hard. -----Original Message----- From: Joe Polcari [mailto:Joe at Polcari.com] Sent: Wednesday, December 05, 2001 1:43 AM To: mattgav at tempo.com.au Cc: Robert Dege; pptp-server at lists.schulte.org Subject: Re: [pptp-server] a Cosmetic problem Matt, With or without proxy doesn't matter. I'm sure my problem is in the options files. First let me give you what I sent before so can see the setup and I'll add my option files. corporate remote net=192.168.0/24 vpn remote IP=192.168.2.3 (wierd, huh?) vpn local ip=192.168.0.xxx nat to my local home net on 192.168.1.xxx all this happens on my dual if local machine 192.168.1.4 (eth0) which gateways the my local 192.168.1/24 home net to the pptp vpn and to the internet through a second if 192.168.2.100 (eth1) connected through a router/cable modem. normal default static route is to the 192.168.2.100 which gets replaced with 192.168.2.3 during pptp connection. Everything works fine except this: when I browse (http) through the vpn it works fine unless the ip is in the 192.168.0 net. In this case I can get and "/" url, but if I try anything else other than /, the connection times out. i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but http://192.168.0.10/anything doesn't. Using hostnames I get the same results. All hostnames, local and remote, resolve on my local home net. I am using pptp-command start to bring up the tunnel. ==================================== #/etc/pppd.conf persist noauth lock debug multi-link proxyarp mppe-128 mppe-40 mppe-stateless lcp-echo-failure 1000 lcp-echo-interval 1000 ipcp-accept-local ipcp-accept-remote defaultroute -am kdebug 7 ktune bsdcomp 15 deflate 15 ms-wins 192.168.0.xxx ===================================== #/etc/ppp/ppp.options (this is a link to /etc/ppp/options) noccp persist noauth lock #debug proxyarp #chap #chapms #chapms-v2 mppe-128 mppe-40 mppe-stateless lcp-echo-failure 1000 lcp-echo-interval 1000 ipcp-accept-local ipcp-accept-remote defaultroute #noipdefault #kdebug 7 name jpolcari remotename PPTP -am ms-dns 192.168.0.xxx ms-wins 192.168.0.xxx ============================== What other information can I give you? Joe Matt Gavin wrote: > This is not a PoPToP problem. The fact that it works for the index page > means that it is working and PoPToP is not failing for you, remember PoPToP > simply provides a tunnel... to the private/your network. This will be > Apache/IIS and/or your Proxy settings. > > What is your Web Server for Intranet? Do you have a proxy server? When you > visit another page on the Intranet, are you maintaining the domain? Do you > have a Proxy Server enabled for your Internet Access even before you reach > the VPN? > > Matt > > Full domain name matters not. > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere > and iptables -L shows no dropped/rejected packets. > > Matt Gavin wrote: > > > What do you get if you use the full domain ie: http://intranet.amherst.com > > It would be beneficial to know what version of Windows your client is. Can > > you ping "intranet", if so check your proxy settings... This will more > than > > likely be an issue on your client rather than PoPToP. > > > > Matt > > > > -----Original Message----- > > From: pptp-server-admin at lists.schulte.org > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > > Sent: Wednesday, 5 December 2001 9:47 AM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] a Cosmetic problem > > > > I am able to make a successful PPTP connection. I know that it > > works, because I am able to view certain Network Neighborhood > > folders, & FTP to inside machines. However, when I attempt to access > > certain web ages, instead of loading the web page, I get a server not > > found error. > > > > ie: http://intranet yields not found > > http://192.168.1.1 yieldls site found > > > > I do have a DNS server setup in my options.pptp file, but it seems as if > > the web browser times out prior to checking the VPN connection for the web > > site. > > > > I also have the Windows client setup so that "Use degault gateway on > > remote network" is NOT checked. > > > > Anybody have some insight on this? > > > > -- > > > > -Rob > > _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From teastep at shorewall.net Wed Dec 5 08:54:03 2001 From: teastep at shorewall.net (Tom Eastep) Date: Wed, 5 Dec 2001 06:54:03 -0800 Subject: [pptp-server] Patches for PPP??? In-Reply-To: References: Message-ID: <20011205145403.20624AD06@mail.shorewall.net> On Wednesday 05 December 2001 05:45 am, LuisMi wrote: > I am running redhat 7.2. > I have here the source rpmm of ppp, exactly... ppp-2.4.1-2.src.rpm > > I found in the web some patches but I don?t know which I need to use > Microsft encryption (MPPE) and authentication (MSCHAPv2) > > Can someone help me? I've put together some instructions at http://www.shorewall.net/PPTP.htm. They are not specific to RH but should give you the necessary information. -Tom -- Tom Eastep \ teastep at shorewall.net AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ Firewalls for Linux 2.4 From rcd at amherst.com Wed Dec 5 09:02:55 2001 From: rcd at amherst.com (Robert Dege) Date: 05 Dec 2001 10:02:55 -0500 Subject: [pptp-server] a Cosmetic problem In-Reply-To: References: Message-ID: <1007564575.8666.14.camel@homer.amherst.com> I am not disputing that it is a client problem. I don't think that it's entirely PopTop's fault. I guess my question was more geared as this: Is there some way so that when the PPTP connection is made, that the ms-dns entry in my options file is queried first by the client machine instead of the default internet connection DNS servers? Or, can I add a seach domain (search amherst.com) field to the options field to force a local reverse lookup? My interpretation is that Windows (98 for this example) queries for intranet.amherst.com on the real world DNS server.... then times out. If I specify the VPN IP, then it works fine. Joe, why would adding an extra forward slash to the end of a URL make the web browser access the page correctly. I didn't think that the extra slash at the end had any significance... please elaborate. -Rob > What do you get if you use the full domain ie: http://intranet.amherst.com > It would be beneficial to know what version of Windows your client is. Can > you ping "intranet", if so check your proxy settings... This will more than > likely be an issue on your client rather than PoPToP. > > Matt > > -----Original Message----- > From: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > Sent: Wednesday, 5 December 2001 9:47 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] a Cosmetic problem > > > I am able to make a successful PPTP connection. I know that it > works, because I am able to view certain Network Neighborhood > folders, & FTP to inside machines. However, when I attempt to access > certain web ages, instead of loading the web page, I get a server not > found error. > > ie: http://intranet yields not found > http://192.168.1.1 yieldls site found > > I do have a DNS server setup in my options.pptp file, but it seems as if > the web browser times out prior to checking the VPN connection for the web > site. > > I also have the Windows client setup so that "Use degault gateway on > remote network" is NOT checked. > > Anybody have some insight on this? > > -- > > -Rob > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > -- -Rob From Steve at SteveCowles.com Wed Dec 5 10:17:54 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 5 Dec 2001 10:17:54 -0600 Subject: [pptp-server] a Cosmetic problem Message-ID: <90769AF04F76D41186C700A0C90AFC3EE932@defiant.infohiiway.com> > -----Original Message----- > From: Robert Dege [mailto:rcd at amherst.com] > Sent: Wednesday, December 05, 2001 9:03 AM > To: mattgav at tempo.com.au > Cc: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] a Cosmetic problem > > > I am not disputing that it is a client problem. I don't > think that it's entirely PopTop's fault. I guess my question > was more geared as this: > > Is there some way so that when the PPTP connection is made, that the > ms-dns entry in my options file is queried first by the client machine > instead of the default internet connection DNS servers? This is not a problem with PPTP, but more with your PPTP clients OS resolver libs and how it configures its nameserver search order when the tunnel is brought up. On my Win98 laptop, I have noticed that once I establish a PPTP tunnel and then issue a winipcfg, I see that my internal DNS server (the one listed with ms-dns) is added to the list of name servers. The odd part is that winipcfg shows my ISP's DNS servers *first* and then my internal DNS server. Magically though, Win98's resolver libs seem to query my internal DNS server first because when I ping www.mydomain.com, the internal IP address is returned, not the external IP address. This holds true for WEB access to my intranet servers. Because I also run a WINS server, I have not had any problems with MS Networking related access. Once my laptop finally authenticates against the PDC and the browser list is updated to the PPTP client (usually takes about 1-2 minutes after I bring up the PPTP tunnel), Outlook properly connects to my Exchange server without prompting me to first login. > > Or, can I add a seach domain (search amherst.com) field to the options > field to force a local reverse lookup? I always set the domain search order to include mydomain.com on the PPTP clients. Don't really know if this really helps, I just don't like to type the FQDN. > > My interpretation is that Windows (98 for this example) queries for > intranet.amherst.com on the real world DNS server.... then times out. > If I specify the VPN IP, then it works fine. I have seen this behavior before. Seems like the Windows resolver libs are doing a round-robin between all the name servers. i.e. ping www.mydomain.com The first ping will return the internal address, then the next ping will return the external address. Very irritating!!! > > Joe, why would adding an extra forward slash to the end of a URL make > the web browser access the page correctly. I didn't think that the > extra slash at the end had any significance... please elaborate. I have never had to add a trailing slash to any URL's. If I (or any of my customers using PPTP) had to add a trailing slash, they would probably fire me for not adhering to the KISS methodology when deploying PPTP functionality. i.e. Keep It Simple Stupid! There is something else wrong if your having to add a trailing slash to any URL. Steve Cowles From spenneb at spenneberg.de Wed Dec 5 15:06:58 2001 From: spenneb at spenneberg.de (spenneb at spenneberg.de) Date: Wed, 5 Dec 2001 22:06:58 +0100 Subject: [pptp-server] Patches for PPP??? In-Reply-To: ; from luismi@adpsoft.com on Wed, Dec 05, 2001 at 02:45:04PM +0100 References: Message-ID: <20011205220658.A22941@grobi> On Wed, Dec 05, 2001 at 02:45:04PM +0100, LuisMi wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am running redhat 7.2. > I have here the source rpmm of ppp, exactly... ppp-2.4.1-2.src.rpm Hi, you can download everything you need for RedHat on http://www.opensource-security.org/RPMS/VPN There you find the kernel and the ppp patched for MPPE. Those are the rpms used in the RedHat VPN class. Ralf > > I found in the web some patches but I don?t know which I need to use > Microsft encryption (MPPE) and authentication (MSCHAPv2) > > Can someone help me? > > - -- > +---------------------- > | Luis Miguel Cruz. > | | > Public Key: http://www.flcnet.es/tbe/luismi/nadie/luismi_adp.asc | > ----------------------+ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iEYEARECAAYFAjwOJOEACgkQvQHLTzrFJle/rACfa9SCsajH+eGN04G/Prona96I > MigAoIazpVlcdSnkhe5Wodh/JWFF4osj > =UKz9 > -----END PGP SIGNATURE----- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- Ralf Spenneberg MCSE+I, MCT, RHCE, RHCX, LCP, Linux-Consultant Waldring 34 48565 Steinfurt Fon: +49(0)2552 638 755 Fax: +49(0)2552 638 757 Mobil: +49(0)177 567 27 40 http://www.spenneberg.com/.net/.org/.de From rpetike at freemail.hu Wed Dec 5 17:26:38 2001 From: rpetike at freemail.hu (Risko Peter) Date: Thu, 6 Dec 2001 00:26:38 +0100 (CET) Subject: [pptp-server] How can I manage my win98 box to handle two ppp connections at the same time? Message-ID: Hi All! First, I must beg your pardon for the long letter, and the terrible English I use in it... I am trying to establish a pptp link between a Linux box, and a win98 machine. On my local ethernet network it works well: the server has IP num. 192.168.2.1, the win98 is 192.168.2.2, and I can 'dial' the server from the win machine. After dial, I can check the connection on the Linux box: in the syslog I see this (both ppp and pptp is in verbose mode): Dec 4 04: 04:54 telehost pptpd[1661]: MGR: Launching /usr/sbin/pptpctrl to handle client 04:54 telehost pptpd[1661]: CTRL: local address = 192.168.0.1 04:54 telehost pptpd[1661]: CTRL: remote address = 192.168.0.3 04:54 telehost pptpd[1661]: CTRL: pppd speed = 115200 04:54 telehost pptpd[1661]: CTRL: pppd options file = /etc/ppp/pptpd-options 04:54 telehost pptpd[1661]: CTRL: Client 192.168.2.9 control connection started 04:54 telehost pptpd[1661]: CTRL: Received PPTP Control Message (type: 1) 04:54 telehost pptpd[1661]: CTRL: Made a START CTRL CONN RPLY packet 04:54 telehost pptpd[1661]: CTRL: I wrote 156 bytes to the client. 04:54 telehost pptpd[1661]: CTRL: Sent packet to client 04:54 telehost pptpd[1661]: CTRL: Received PPTP Control Message (type: 7) 04:54 telehost pptpd[1661]: CTRL: Set parameters to 0 maxbps, 16 window size 04:54 telehost pptpd[1661]: CTRL: Made a OUT CALL RPLY packet 04:54 telehost pptpd[1661]: CTRL: Starting call (launching pppd, opening GRE) 04:54 telehost pptpd[1661]: CTRL: pty_fd = 5 04:54 telehost pptpd[1661]: CTRL: tty_fd = 6 04:54 telehost pptpd[1661]: CTRL: I wrote 32 bytes to the client. 04:54 telehost pptpd[1662]: CTRL (PPPD Launcher): Connection speed = 115200 04:54 telehost pptpd[1662]: CTRL (PPPD Launcher): local address = 192.168.0.1 04:54 telehost pptpd[1662]: CTRL (PPPD Launcher): remote address = 192.168.0.3 04:55 telehost pptpd[1661]: CTRL: Sent packet to client 04:55 telehost pppd[1662]: pppd 2.3.11 started by root, uid 0 04:55 telehost pppd[1662]: Using interface ppp0 04:55 telehost pppd[1662]: Connect: ppp0 <--> /dev/pts/1 04:55 telehost pppd[1662]: sent [LCP ConfReq id=0x1 ] 04:55 telehost pppd[1662]: rcvd [LCP ConfReq id=0x1 ] 04:55 telehost pppd[1662]: sent [LCP ConfRej id=0x1 ] 04:55 telehost pppd[1662]: rcvd [LCP ConfAck id=0x1 ] 04:55 telehost pppd[1662]: rcvd [LCP ConfReq id=0x2 ] 04:55 telehost pppd[1662]: sent [LCP ConfAck id=0x2 ] 04:55 telehost pppd[1662]: sent [LCP EchoReq id=0x0 magic=0x44272512] 04:55 telehost pppd[1662]: sent [CHAP Challenge id=0x1 <1e17aa7ab8918e7c9e1f4150e3a1234071fc405857de>, name = "serv"] 04:55 telehost pppd[1662]: rcvd [LCP EchoRep id=0x0 magic=0x4b7968] 04:55 telehost pppd[1662]: rcvd [CHAP Response id=0x1 , name = "xy"] 04:55 telehost pppd[1662]: sent [CHAP Success id=0x1 "Welcome to telehost.ris."] 04:55 telehost pppd[1662]: sent [IPCP ConfReq id=0x1 ] 04:55 telehost pppd[1662]: CHAP peer authentication succeeded for xy 04:55 telehost pppd[1662]: rcvd [IPCP ConfReq id=0x1 ] 04:55 telehost pppd[1662]: sent [IPCP ConfRej id=0x1 ] 04:55 telehost pppd[1662]: rcvd [IPCP ConfRej id=0x1 ] 04:55 telehost pppd[1662]: sent [IPCP ConfReq id=0x2 ] 04:55 telehost pppd[1662]: rcvd [IPCP ConfReq id=0x2 ] 04:55 telehost pppd[1662]: sent [IPCP ConfAck id=0x2 ] 04:55 telehost pppd[1662]: rcvd [IPCP ConfAck id=0x2 ] 04:55 telehost pppd[1662]: Cannot determine ethernet address for proxy ARP 04:55 telehost pppd[1662]: local IP address 192.168.0.1 04:55 telehost pppd[1662]: remote IP address 192.168.0.99 04:55 telehost pppd[1662]: Script /etc/ppp/ip-up started (pid 1663) 04:58 telehost pppd[1662]: Script /etc/ppp/ip-up finished (pid 1663), status = 0x0 ... But if I start a dial-up connection from the win machine, and then 'dial' the pptp server on the local lan, they can't establish the connection. I see this in the syslog (both ppp and pptp is in verbose mode): Dec 4 04: 07:25 telehost pptpd[1699]: MGR: Launching /usr/sbin/pptpctrl to handle client 07:25 telehost pptpd[1699]: CTRL: local address = 192.168.0.1 07:25 telehost pptpd[1699]: CTRL: remote address = 192.168.0.2 07:25 telehost pptpd[1699]: CTRL: pppd speed = 115200 07:25 telehost pptpd[1699]: CTRL: pppd options file = /etc/ppp/pptpd-options 07:25 telehost pptpd[1699]: CTRL: Client 192.168.2.9 control connection started 07:25 telehost pptpd[1699]: CTRL: Received PPTP Control Message (type: 1) 07:25 telehost pptpd[1699]: CTRL: Made a START CTRL CONN RPLY packet 07:25 telehost pptpd[1699]: CTRL: I wrote 156 bytes to the client. 07:25 telehost pptpd[1699]: CTRL: Sent packet to client 07:25 telehost pptpd[1699]: CTRL: Received PPTP Control Message (type: 7) 07:25 telehost pptpd[1699]: CTRL: Set parameters to 0 maxbps, 16 window size 07:25 telehost pptpd[1699]: CTRL: Made a OUT CALL RPLY packet 07:25 telehost pptpd[1699]: CTRL: Starting call (launching pppd, opening GRE) 07:25 telehost pptpd[1699]: CTRL: pty_fd = 5 07:25 telehost pptpd[1699]: CTRL: tty_fd = 6 07:25 telehost pptpd[1699]: CTRL: I wrote 32 bytes to the client. 07:25 telehost pptpd[1700]: CTRL (PPPD Launcher): Connection speed = 115200 07:25 telehost pptpd[1700]: CTRL (PPPD Launcher): local address = 192.168.0.1 07:25 telehost pptpd[1700]: CTRL (PPPD Launcher): remote address = 192.168.0.2 07:25 telehost pptpd[1699]: CTRL: Sent packet to client 07:25 telehost pppd[1700]: pppd 2.3.11 started by root, uid 0 07:26 telehost pppd[1700]: Using interface ppp0 07:26 telehost pppd[1700]: Connect: ppp0 <--> /dev/pts/1 07:26 telehost pppd[1700]: sent [LCP ConfReq id=0x1 ] 07:26 telehost pppd[1700]: rcvd [LCP ConfReq id=0x1 ] 07:26 telehost pppd[1700]: sent [LCP ConfRej id=0x1 ] 07:26 telehost pppd[1700]: rcvd [LCP ConfAck id=0x1 ] 07:26 telehost pppd[1700]: rcvd [LCP ConfReq id=0x2 ] 07:26 telehost pppd[1700]: sent [LCP ConfAck id=0x2 ] 07:26 telehost pppd[1700]: sent [LCP EchoReq id=0x0 magic=0xda6e39c7] 07:26 telehost pppd[1700]: sent [CHAP Challenge id=0x1 <18b188cc5d70daed44f4523a6da85a8bcf9483>, name = "serv"] 07:26 telehost pppd[1700]: rcvd [LCP EchoRep id=0x0 magic=0x4dc65b] 07:26 telehost pppd[1700]: rcvd [CHAP Response id=0x1 <65a94e16f652ad22d10e9c7afa3437d9>, name = "xy"] 07:26 telehost pppd[1700]: sent [CHAP Success id=0x1 "Welcome to telehost.ris."] 07:26 telehost pppd[1700]: sent [IPCP ConfReq id=0x1 ] 07:26 telehost pppd[1700]: CHAP peer authentication succeeded for xy 07:26 telehost pppd[1700]: rcvd [LCP ProtRej id=0x3 80 21 01 01 00 10 03 06 c0 a8 00 01 02 06 00 2d 0f 01] 07:56 telehost pppd[1700]: sent [LCP EchoReq id=0x1 magic=0xda6e39c7] 07:56 telehost pppd[1700]: rcvd [LCP EchoRep id=0x1 magic=0x4dc65b] ... So, it seems for me that my win98 machine can't handle two ppp connection at the same time. Finally I would like create a pptp tunnel over the Net from the win machine to a Linux box on the Net. For this, I will have to establish two ppp conns, a dial-up connection to an ISP, and then a 'dial' to the pptp server. Have you any idea? Waiting for your help: RISKO Peter From Joe at Polcari.com Wed Dec 5 22:53:31 2001 From: Joe at Polcari.com (Joe Polcari) Date: Wed, 05 Dec 2001 23:53:31 -0500 Subject: [pptp-server] a Cosmetic problem References: Message-ID: <3C0EF9CB.413A1254@Polcari.com> Nope. That's not it. I can go to http://www.vibrationresearch.com or http://www.vibrationresearch.com/ but not to http://www.vibrationresearch.com/pptpd or http://www.vibrationresearch.com/pptpd/ Jason Staudenmayer wrote: > That a web server/DNS problem > I have several systems running that are not > in my local DNS and if I don't use the last slash > I times out or tells me it can't find my S: drive. > I think it has to do with reverse lookups to the > webserver or client. Just always remember to add the last slash > it ain't that hard. > > -----Original Message----- > From: Joe Polcari [mailto:Joe at Polcari.com] > Sent: Wednesday, December 05, 2001 1:43 AM > To: mattgav at tempo.com.au > Cc: Robert Dege; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] a Cosmetic problem > > Matt, > > With or without proxy doesn't matter. > I'm sure my problem is in the options files. > First let me give you what I sent before so can see the setup > and I'll add my option files. > > corporate remote net=192.168.0/24 > vpn remote IP=192.168.2.3 (wierd, huh?) > vpn local ip=192.168.0.xxx > nat to my local home net on 192.168.1.xxx > all this happens on my dual if local machine 192.168.1.4 (eth0) > which gateways the my local 192.168.1/24 home net to the pptp vpn > and to the internet through a second if 192.168.2.100 (eth1) connected > through > a > router/cable modem. > > normal default static route is to the 192.168.2.100 which gets replaced with > 192.168.2.3 during pptp connection. > > Everything works fine except this: > when I browse (http) through the vpn it works fine unless the ip is in the > 192.168.0 net. > In this case I can get and "/" url, but if I try anything else other than /, > the > connection times out. > i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but > http://192.168.0.10/anything doesn't. Using hostnames I get the same > results. > All hostnames, local and remote, resolve on my local home net. > > I am using pptp-command start to bring up the tunnel. > > ==================================== > #/etc/pppd.conf > persist > noauth > lock > debug > multi-link > proxyarp > mppe-128 > mppe-40 > mppe-stateless > lcp-echo-failure 1000 > lcp-echo-interval 1000 > ipcp-accept-local > ipcp-accept-remote > defaultroute > -am > kdebug 7 > ktune > bsdcomp 15 > deflate 15 > ms-wins 192.168.0.xxx > ===================================== > #/etc/ppp/ppp.options (this is a link to /etc/ppp/options) > noccp > persist > noauth > lock > #debug > proxyarp > #chap > #chapms > #chapms-v2 > mppe-128 > mppe-40 > mppe-stateless > lcp-echo-failure 1000 > lcp-echo-interval 1000 > ipcp-accept-local > ipcp-accept-remote > defaultroute > #noipdefault > #kdebug 7 > name jpolcari > remotename PPTP > -am > ms-dns 192.168.0.xxx > ms-wins 192.168.0.xxx > ============================== > > What other information can I give you? > > Joe > > Matt Gavin wrote: > > > This is not a PoPToP problem. The fact that it works for the index page > > means that it is working and PoPToP is not failing for you, remember > PoPToP > > simply provides a tunnel... to the private/your network. This will be > > Apache/IIS and/or your Proxy settings. > > > > What is your Web Server for Intranet? Do you have a proxy server? When you > > visit another page on the Intranet, are you maintaining the domain? Do you > > have a Proxy Server enabled for your Internet Access even before you reach > > the VPN? > > > > Matt > > > > Full domain name matters not. > > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere > > and iptables -L shows no dropped/rejected packets. > > > > Matt Gavin wrote: > > > > > What do you get if you use the full domain ie: > http://intranet.amherst.com > > > It would be beneficial to know what version of Windows your client is. > Can > > > you ping "intranet", if so check your proxy settings... This will more > > than > > > likely be an issue on your client rather than PoPToP. > > > > > > Matt > > > > > > -----Original Message----- > > > From: pptp-server-admin at lists.schulte.org > > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > > > Sent: Wednesday, 5 December 2001 9:47 AM > > > To: pptp-server at lists.schulte.org > > > Subject: [pptp-server] a Cosmetic problem > > > > > > I am able to make a successful PPTP connection. I know that it > > > works, because I am able to view certain Network Neighborhood > > > folders, & FTP to inside machines. However, when I attempt to access > > > certain web ages, instead of loading the web page, I get a server not > > > found error. > > > > > > ie: http://intranet yields not found > > > http://192.168.1.1 yieldls site found > > > > > > I do have a DNS server setup in my options.pptp file, but it seems as if > > > the web browser times out prior to checking the VPN connection for the > web > > > site. > > > > > > I also have the Windows client setup so that "Use degault gateway on > > > remote network" is NOT checked. > > > > > > Anybody have some insight on this? > > > > > > -- > > > > > > -Rob > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From Joe at Polcari.com Wed Dec 5 23:19:39 2001 From: Joe at Polcari.com (Joe Polcari) Date: Thu, 06 Dec 2001 00:19:39 -0500 Subject: [pptp-server] a Cosmetic problem References: <90769AF04F76D41186C700A0C90AFC3EE932@defiant.infohiiway.com> Message-ID: <3C0EFFEA.D2C37F9A@Polcari.com> Ok, maybe I'm not explaining this clearly. It looks as though all of you are using your linux firewalls to not only establish a VPN, but then allow your windows laptops to make a ppp connection to the firewall and magically connect to the VPN. With what you call PopTop? I think I am doing something different. I am using my linux firewall also to establish the VPN BUT then I connect the VPN to my local network. It looks just like a subnet, thanks to NAT. My firewall then becomes a gateway to the VPN network in the same way as it would normally be a gateway to the internet. I change routes and local nameserver configuration as well so that any system on my home network can connect to any system, either on my home network, or the corporate network, simultaneously using hostname or IP address. This works great except for the http thing, and the fact that I can't browse the corporate network, which I don't care about anyway since I can still connect to any system via ssh and via a \\host\share on windows and any other way you can think of except http to any url other than the root of the web server and to the MS Exchange server using Outlook. "Cowles, Steve" wrote: > > -----Original Message----- > > From: Robert Dege [mailto:rcd at amherst.com] > > Sent: Wednesday, December 05, 2001 9:03 AM > > To: mattgav at tempo.com.au > > Cc: pptp-server at lists.schulte.org > > Subject: RE: [pptp-server] a Cosmetic problem > > > > > > I am not disputing that it is a client problem. I don't > > think that it's entirely PopTop's fault. I guess my question > > was more geared as this: > > > > Is there some way so that when the PPTP connection is made, that the > > ms-dns entry in my options file is queried first by the client machine > > instead of the default internet connection DNS servers? > > This is not a problem with PPTP, but more with your PPTP clients OS resolver > libs and how it configures its nameserver search order when the tunnel is > brought up. > > On my Win98 laptop, I have noticed that once I establish a PPTP tunnel and > then issue a winipcfg, I see that my internal DNS server (the one listed > with ms-dns) is added to the list of name servers. The odd part is that > winipcfg shows my ISP's DNS servers *first* and then my internal DNS server. > Magically though, Win98's resolver libs seem to query my internal DNS > server first because when I ping www.mydomain.com, the internal IP address > is returned, not the external IP address. > This holds true for WEB access to my intranet servers. > > Because I also run a WINS server, I have not had any problems with MS > Networking related access. Once my laptop finally authenticates against the > PDC and the browser list is updated to the PPTP client (usually takes about > 1-2 minutes after I bring up the PPTP tunnel), Outlook properly connects to > my Exchange server without prompting me to first login. > > > > > Or, can I add a seach domain (search amherst.com) field to the options > > field to force a local reverse lookup? > > I always set the domain search order to include mydomain.com on the PPTP > clients. Don't really know if this really helps, I just don't like to type > the FQDN. > > > > > My interpretation is that Windows (98 for this example) queries for > > intranet.amherst.com on the real world DNS server.... then times out. > > If I specify the VPN IP, then it works fine. > > I have seen this behavior before. Seems like the Windows resolver libs are > doing a round-robin between all the name servers. i.e. ping www.mydomain.com > The first ping will return the internal address, then the next ping will > return the external address. Very irritating!!! > > > > > Joe, why would adding an extra forward slash to the end of a URL make > > the web browser access the page correctly. I didn't think that the > > extra slash at the end had any significance... please elaborate. > > I have never had to add a trailing slash to any URL's. If I (or any of my > customers using PPTP) had to add a trailing slash, they would probably fire > me for not adhering to the KISS methodology when deploying PPTP > functionality. i.e. Keep It Simple Stupid! There is something else wrong if > your having to add a trailing slash to any URL. > > Steve Cowles > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From mckendry at mediaone.net Wed Dec 5 23:25:36 2001 From: mckendry at mediaone.net (John McKendry) Date: Thu, 06 Dec 2001 00:25:36 -0500 Subject: [pptp-server] a Cosmetic problem References: <3C0EF9CB.413A1254@Polcari.com> Message-ID: <3C0F0150.8CEA9A4C@mediaone.net> Joe Polcari wrote: > > Nope. That's not it. > I can go to http://www.vibrationresearch.com or > http://www.vibrationresearch.com/ > but not to > http://www.vibrationresearch.com/pptpd or > http://www.vibrationresearch.com/pptpd/ > Wow, that's truly bizarre. If I understand your problem description correctly, www.vibrationresearch.com is in the VPN? And you can still go to e.g. www.redhat.com/devnet or any "public" URL with no problem? If I were you, I'd start by taking a TCP trace of the traffic through the firewall. Ethereal is a good tool for that - you can get it from http://www.ethereal.com . That will at least tell you whether your HTTP GETs are being sent correctly. John From Joe at Polcari.com Thu Dec 6 00:47:44 2001 From: Joe at Polcari.com (Joe Polcari) Date: Thu, 06 Dec 2001 01:47:44 -0500 Subject: [pptp-server] a Cosmetic problem References: <3C0EF9CB.413A1254@Polcari.com> <3C0F0150.8CEA9A4C@mediaone.net> Message-ID: <3C0F1490.E2657426@Polcari.com> Yes, that's it. You saw through my bad example. The problem urls are in the VPN. I'll try ethereal and see what it can show me. John McKendry wrote: > Joe Polcari wrote: > > > > Nope. That's not it. > > I can go to http://www.vibrationresearch.com or > > http://www.vibrationresearch.com/ > > but not to > > http://www.vibrationresearch.com/pptpd or > > http://www.vibrationresearch.com/pptpd/ > > > Wow, that's truly bizarre. If I understand your problem > description correctly, www.vibrationresearch.com is > in the VPN? And you can still go to e.g. www.redhat.com/devnet > or any "public" URL with no problem? > > If I were you, I'd start by taking a TCP trace of the traffic > through the firewall. Ethereal is a good tool for that - you can > get it from http://www.ethereal.com . That will at least tell you > whether your HTTP GETs are being sent correctly. > > John > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From pntcj at aol.com Thu Dec 6 02:11:56 2001 From: pntcj at aol.com (pntcj at aol.com) Date: Thu, 6 Dec 2001 00:11:56 -0800 (PST) Subject: [pptp-server] whats up 779773057 Message-ID: <200112060811.AAA06829@jarl.cs.uop.edu> Below is the result of your feedback form. It was submitted by (pntcj at aol.com) on Thursday, December 6, 19101 at 00:11:56 --------------------------------------------------------------------------- : Hey, what's up, yall? I found a site and if you want to meet people and talk to people on webcam, you should check this out. They're now giving members totally free memberships! You don't even need your own webcam. You can watch live videos of family, friends, or anybody! What is there to lose?
http://lllil.com/livewebcam



To take yourself off my mailing list > the > > connection times out. > > i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but > > http://192.168.0.10/anything doesn't. Using hostnames I get the same > > results. > > All hostnames, local and remote, resolve on my local home net. > > > > I am using pptp-command start to bring up the tunnel. > > > > ==================================== > > #/etc/pppd.conf > > persist > > noauth > > lock > > debug > > multi-link > > proxyarp > > mppe-128 > > mppe-40 > > mppe-stateless > > lcp-echo-failure 1000 > > lcp-echo-interval 1000 > > ipcp-accept-local > > ipcp-accept-remote > > defaultroute > > -am > > kdebug 7 > > ktune > > bsdcomp 15 > > deflate 15 > > ms-wins 192.168.0.xxx > > ===================================== > > #/etc/ppp/ppp.options (this is a link to /etc/ppp/options) > > noccp > > persist > > noauth > > lock > > #debug > > proxyarp > > #chap > > #chapms > > #chapms-v2 > > mppe-128 > > mppe-40 > > mppe-stateless > > lcp-echo-failure 1000 > > lcp-echo-interval 1000 > > ipcp-accept-local > > ipcp-accept-remote > > defaultroute > > #noipdefault > > #kdebug 7 > > name jpolcari > > remotename PPTP > > -am > > ms-dns 192.168.0.xxx > > ms-wins 192.168.0.xxx > > ============================== > > > > What other information can I give you? > > > > Joe > > > > Matt Gavin wrote: > > > > > This is not a PoPToP problem. The fact that it works for the index page > > > means that it is working and PoPToP is not failing for you, remember > > PoPToP > > > simply provides a tunnel... to the private/your network. This will be > > > Apache/IIS and/or your Proxy settings. > > > > > > What is your Web Server for Intranet? Do you have a proxy server? When you > > > visit another page on the Intranet, are you maintaining the domain? Do you > > > have a Proxy Server enabled for your Internet Access even before you reach > > > the VPN? > > > > > > Matt > > > > > > Full domain name matters not. > > > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere > > > and iptables -L shows no dropped/rejected packets. > > > > > > Matt Gavin wrote: > > > > > > > What do you get if you use the full domain ie: > > http://intranet.amherst.com > > > > It would be beneficial to know what version of Windows your client is. > > Can > > > > you ping "intranet", if so check your proxy settings... This will more > > > than > > > > likely be an issue on your client rather than PoPToP. > > > > > > > > Matt > > > > > > > > -----Original Message----- > > > > From: pptp-server-admin at lists.schulte.org > > > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > > > > Sent: Wednesday, 5 December 2001 9:47 AM > > > > To: pptp-server at lists.schulte.org > > > > Subject: [pptp-server] a Cosmetic problem > > > > > > > > I am able to make a successful PPTP connection. I know that it > > > > works, because I am able to view certain Network Neighborhood > > > > folders, & FTP to inside machines. However, when I attempt to access > > > > certain web ages, instead of loading the web page, I get a server not > > > > found error. > > > > > > > > ie: http://intranet yields not found > > > > http://192.168.1.1 yieldls site found > > > > > > > > I do have a DNS server setup in my options.pptp file, but it seems as if > > > > the web browser times out prior to checking the VPN connection for the > > web > > > > site. > > > > > > > > I also have the Windows client setup so that "Use degault gateway on > > > > remote network" is NOT checked. > > > > > > > > Anybody have some insight on this? > > > > > > > > -- > > > > > > > > -Rob > > > > > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From Joe at Polcari.com Thu Dec 6 21:54:02 2001 From: Joe at Polcari.com (Joe Polcari) Date: Thu, 06 Dec 2001 22:54:02 -0500 Subject: [pptp-server] a Cosmetic problem References: <90769AF04F76D41186C700A0C90AFC3EE935@defiant.infohiiway.com> Message-ID: <3C103D5A.DC608DB9@Polcari.com> "Cowles, Steve" wrote: > > -----Original Message----- > > From: Joe Polcari [mailto:Joe at polcari.com] > > Sent: Wednesday, December 05, 2001 11:20 PM > > To: Cowles, Steve > > Cc: 'pptp-server at lists.schulte.org' > > Subject: Re: [pptp-server] a Cosmetic problem > > > > > > Ok, maybe I'm not explaining this clearly. > > .. ... .... ...8< ..... snip Steve, You're right, and thanks for the correct terms! It is a LAN to LAN tunnel using PPTP. Phew! Thy're not redirects - I will do some packet capture and see what shows up. Thanks, Joe > Your http access problem is really odd -- as another poster to this list > suggested, I would run ethereal/tcpdump an analyze every packet flying > across the vpn. Something is wrong here (duh!) with either routing or > possibly a firewall rule blocking access. > > Another thought that comes to mind... Are you sure the URL's your trying to > access are not redirects to another web server??? > > Good Luck > Steve Cowles From Joe at Polcari.com Thu Dec 6 22:26:11 2001 From: Joe at Polcari.com (Joe Polcari) Date: Thu, 06 Dec 2001 23:26:11 -0500 Subject: [pptp-server] a Cosmetic problem References: <3C0EF9CB.413A1254@Polcari.com> <3C102CF5.9CAD788@home.com> Message-ID: <3C1044E3.7B3CB3B3@Polcari.com> No, I haven't. Can you explain why that might make a difference based on the address of the web page??? Jerry Vonau wrote: > Joe: > > Have you tried playing with the mtu settings on either the ppp link or the > ethernet interface for the lan? Sounds like a fragmentation problem to me, similar > to some PPPoE problems loading web pages. > > Jerry Vonau > > Joe Polcari wrote: > > > Nope. That's not it. > > I can go to http://www.vibrationresearch.com or > > http://www.vibrationresearch.com/ > > but not to > > http://www.vibrationresearch.com/pptpd or > > http://www.vibrationresearch.com/pptpd/ > > > > Jason Staudenmayer wrote: > > > > > That a web server/DNS problem > > > I have several systems running that are not > > > in my local DNS and if I don't use the last slash > > > I times out or tells me it can't find my S: drive. > > > I think it has to do with reverse lookups to the > > > webserver or client. Just always remember to add the last slash > > > it ain't that hard. > > > > > > -----Original Message----- > > > From: Joe Polcari [mailto:Joe at Polcari.com] > > > Sent: Wednesday, December 05, 2001 1:43 AM > > > To: mattgav at tempo.com.au > > > Cc: Robert Dege; pptp-server at lists.schulte.org > > > Subject: Re: [pptp-server] a Cosmetic problem > > > > > > Matt, > > > > > > With or without proxy doesn't matter. > > > I'm sure my problem is in the options files. > > > First let me give you what I sent before so can see the setup > > > and I'll add my option files. > > > > > > corporate remote net=192.168.0/24 > > > vpn remote IP=192.168.2.3 (wierd, huh?) > > > vpn local ip=192.168.0.xxx > > > nat to my local home net on 192.168.1.xxx > > > all this happens on my dual if local machine 192.168.1.4 (eth0) > > > which gateways the my local 192.168.1/24 home net to the pptp vpn > > > and to the internet through a second if 192.168.2.100 (eth1) connected > > > through > > > a > > > router/cable modem. > > > > > > normal default static route is to the 192.168.2.100 which gets replaced with > > > 192.168.2.3 during pptp connection. > > > > > > Everything works fine except this: > > > when I browse (http) through the vpn it works fine unless the ip is in the > > > 192.168.0 net. > > > In this case I can get and "/" url, but if I try anything else other than /, > > > the > > > connection times out. > > > i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but > > > http://192.168.0.10/anything doesn't. Using hostnames I get the same > > > results. > > > All hostnames, local and remote, resolve on my local home net. > > > > > > I am using pptp-command start to bring up the tunnel. > > > > > > ==================================== > > > #/etc/pppd.conf > > > persist > > > noauth > > > lock > > > debug > > > multi-link > > > proxyarp > > > mppe-128 > > > mppe-40 > > > mppe-stateless > > > lcp-echo-failure 1000 > > > lcp-echo-interval 1000 > > > ipcp-accept-local > > > ipcp-accept-remote > > > defaultroute > > > -am > > > kdebug 7 > > > ktune > > > bsdcomp 15 > > > deflate 15 > > > ms-wins 192.168.0.xxx > > > ===================================== > > > #/etc/ppp/ppp.options (this is a link to /etc/ppp/options) > > > noccp > > > persist > > > noauth > > > lock > > > #debug > > > proxyarp > > > #chap > > > #chapms > > > #chapms-v2 > > > mppe-128 > > > mppe-40 > > > mppe-stateless > > > lcp-echo-failure 1000 > > > lcp-echo-interval 1000 > > > ipcp-accept-local > > > ipcp-accept-remote > > > defaultroute > > > #noipdefault > > > #kdebug 7 > > > name jpolcari > > > remotename PPTP > > > -am > > > ms-dns 192.168.0.xxx > > > ms-wins 192.168.0.xxx > > > ============================== > > > > > > What other information can I give you? > > > > > > Joe > > > > > > Matt Gavin wrote: > > > > > > > This is not a PoPToP problem. The fact that it works for the index page > > > > means that it is working and PoPToP is not failing for you, remember > > > PoPToP > > > > simply provides a tunnel... to the private/your network. This will be > > > > Apache/IIS and/or your Proxy settings. > > > > > > > > What is your Web Server for Intranet? Do you have a proxy server? When you > > > > visit another page on the Intranet, are you maintaining the domain? Do you > > > > have a Proxy Server enabled for your Internet Access even before you reach > > > > the VPN? > > > > > > > > Matt > > > > > > > > Full domain name matters not. > > > > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere > > > > and iptables -L shows no dropped/rejected packets. > > > > > > > > Matt Gavin wrote: > > > > > > > > > What do you get if you use the full domain ie: > > > http://intranet.amherst.com > > > > > It would be beneficial to know what version of Windows your client is. > > > Can > > > > > you ping "intranet", if so check your proxy settings... This will more > > > > than > > > > > likely be an issue on your client rather than PoPToP. > > > > > > > > > > Matt > > > > > > > > > > -----Original Message----- > > > > > From: pptp-server-admin at lists.schulte.org > > > > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > > > > > Sent: Wednesday, 5 December 2001 9:47 AM > > > > > To: pptp-server at lists.schulte.org > > > > > Subject: [pptp-server] a Cosmetic problem > > > > > > > > > > I am able to make a successful PPTP connection. I know that it > > > > > works, because I am able to view certain Network Neighborhood > > > > > folders, & FTP to inside machines. However, when I attempt to access > > > > > certain web ages, instead of loading the web page, I get a server not > > > > > found error. > > > > > > > > > > ie: http://intranet yields not found > > > > > http://192.168.1.1 yieldls site found > > > > > > > > > > I do have a DNS server setup in my options.pptp file, but it seems as if > > > > > the web browser times out prior to checking the VPN connection for the > > > web > > > > > site. > > > > > > > > > > I also have the Windows client setup so that "Use degault gateway on > > > > > remote network" is NOT checked. > > > > > > > > > > Anybody have some insight on this? > > > > > > > > > > -- > > > > > > > > > > -Rob > > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From jvonau at home.com Thu Dec 6 21:51:20 2001 From: jvonau at home.com (Jerry Vonau) Date: Thu, 06 Dec 2001 21:51:20 -0600 Subject: [pptp-server] a Cosmetic problem References: <3C0EF9CB.413A1254@Polcari.com> <3C102CF5.9CAD788@home.com> <3C1044E3.7B3CB3B3@Polcari.com> Message-ID: <3C103CB8.1789EFB4@home.com> Joe: Well I'll try to explain.. The web server on the lan see the pptp server's lan card has a mtu of 1500, but if it sends the max of 1500 then it will not fit into the ppp frame. There is overhead involved with the encapsulation, as a result it has to fragment the frame. If it has the "don't fragment bit" set then it can't go any farther down the pipe.... Found this at : http://feenix.burgiss.net/ldp/adsl/configure.html ----quote------ Note: PPPoE adds 8 bytes of extra overhead to the ethernet frames and the correct maximum setting for the ppp0 interface MTU is 1492. If the MTU is set too high, it may cause failure of some web pages to load properly, and possibly other annoying problems related to Path MTU Discovery. You may need to also set the MTU for interfaces on any masqueraded LAN connections MTU to 1452. This does not apply to PPPoA, or bridged configurations, just PPPoE! ---------------- Since both PPPoE and PPTP run on PPPD this may be the same type of problem. Just a shot in the dark, but it fits what your are describing Jerry Joe Polcari wrote: > > No, I haven't. Can you explain why that might make a difference > based on the address of the web page??? > > Jerry Vonau wrote: > > > Joe: > > > > Have you tried playing with the mtu settings on either the ppp link or the > > ethernet interface for the lan? Sounds like a fragmentation problem to me, similar > > to some PPPoE problems loading web pages. > > > > Jerry Vonau > > > > Joe Polcari wrote: > > > > > Nope. That's not it. > > > I can go to http://www.vibrationresearch.com or > > > http://www.vibrationresearch.com/ > > > but not to > > > http://www.vibrationresearch.com/pptpd or > > > http://www.vibrationresearch.com/pptpd/ > > > > > > Jason Staudenmayer wrote: > > > > > > > That a web server/DNS problem > > > > I have several systems running that are not > > > > in my local DNS and if I don't use the last slash > > > > I times out or tells me it can't find my S: drive. > > > > I think it has to do with reverse lookups to the > > > > webserver or client. Just always remember to add the last slash > > > > it ain't that hard. > > > > > > > > -----Original Message----- > > > > From: Joe Polcari [mailto:Joe at Polcari.com] > > > > Sent: Wednesday, December 05, 2001 1:43 AM > > > > To: mattgav at tempo.com.au > > > > Cc: Robert Dege; pptp-server at lists.schulte.org > > > > Subject: Re: [pptp-server] a Cosmetic problem > > > > > > > > Matt, > > > > > > > > With or without proxy doesn't matter. > > > > I'm sure my problem is in the options files. > > > > First let me give you what I sent before so can see the setup > > > > and I'll add my option files. > > > > > > > > corporate remote net=192.168.0/24 > > > > vpn remote IP=192.168.2.3 (wierd, huh?) > > > > vpn local ip=192.168.0.xxx > > > > nat to my local home net on 192.168.1.xxx > > > > all this happens on my dual if local machine 192.168.1.4 (eth0) > > > > which gateways the my local 192.168.1/24 home net to the pptp vpn > > > > and to the internet through a second if 192.168.2.100 (eth1) connected > > > > through > > > > a > > > > router/cable modem. > > > > > > > > normal default static route is to the 192.168.2.100 which gets replaced with > > > > 192.168.2.3 during pptp connection. > > > > > > > > Everything works fine except this: > > > > when I browse (http) through the vpn it works fine unless the ip is in the > > > > 192.168.0 net. > > > > In this case I can get and "/" url, but if I try anything else other than /, > > > > the > > > > connection times out. > > > > i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but > > > > http://192.168.0.10/anything doesn't. Using hostnames I get the same > > > > results. > > > > All hostnames, local and remote, resolve on my local home net. > > > > > > > > I am using pptp-command start to bring up the tunnel. > > > > > > > > ==================================== > > > > #/etc/pppd.conf > > > > persist > > > > noauth > > > > lock > > > > debug > > > > multi-link > > > > proxyarp > > > > mppe-128 > > > > mppe-40 > > > > mppe-stateless > > > > lcp-echo-failure 1000 > > > > lcp-echo-interval 1000 > > > > ipcp-accept-local > > > > ipcp-accept-remote > > > > defaultroute > > > > -am > > > > kdebug 7 > > > > ktune > > > > bsdcomp 15 > > > > deflate 15 > > > > ms-wins 192.168.0.xxx > > > > ===================================== > > > > #/etc/ppp/ppp.options (this is a link to /etc/ppp/options) > > > > noccp > > > > persist > > > > noauth > > > > lock > > > > #debug > > > > proxyarp > > > > #chap > > > > #chapms > > > > #chapms-v2 > > > > mppe-128 > > > > mppe-40 > > > > mppe-stateless > > > > lcp-echo-failure 1000 > > > > lcp-echo-interval 1000 > > > > ipcp-accept-local > > > > ipcp-accept-remote > > > > defaultroute > > > > #noipdefault > > > > #kdebug 7 > > > > name jpolcari > > > > remotename PPTP > > > > -am > > > > ms-dns 192.168.0.xxx > > > > ms-wins 192.168.0.xxx > > > > ============================== > > > > > > > > What other information can I give you? > > > > > > > > Joe > > > > > > > > Matt Gavin wrote: > > > > > > > > > This is not a PoPToP problem. The fact that it works for the index page > > > > > means that it is working and PoPToP is not failing for you, remember > > > > PoPToP > > > > > simply provides a tunnel... to the private/your network. This will be > > > > > Apache/IIS and/or your Proxy settings. > > > > > > > > > > What is your Web Server for Intranet? Do you have a proxy server? When you > > > > > visit another page on the Intranet, are you maintaining the domain? Do you > > > > > have a Proxy Server enabled for your Internet Access even before you reach > > > > > the VPN? > > > > > > > > > > Matt > > > > > > > > > > Full domain name matters not. > > > > > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere > > > > > and iptables -L shows no dropped/rejected packets. > > > > > > > > > > Matt Gavin wrote: > > > > > > > > > > > What do you get if you use the full domain ie: > > > > http://intranet.amherst.com > > > > > > It would be beneficial to know what version of Windows your client is. > > > > Can > > > > > > you ping "intranet", if so check your proxy settings... This will more > > > > > than > > > > > > likely be an issue on your client rather than PoPToP. > > > > > > > > > > > > Matt > > > > > > > > > > > > -----Original Message----- > > > > > > From: pptp-server-admin at lists.schulte.org > > > > > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > > > > > > Sent: Wednesday, 5 December 2001 9:47 AM > > > > > > To: pptp-server at lists.schulte.org > > > > > > Subject: [pptp-server] a Cosmetic problem > > > > > > > > > > > > I am able to make a successful PPTP connection. I know that it > > > > > > works, because I am able to view certain Network Neighborhood > > > > > > folders, & FTP to inside machines. However, when I attempt to access > > > > > > certain web ages, instead of loading the web page, I get a server not > > > > > > found error. > > > > > > > > > > > > ie: http://intranet yields not found > > > > > > http://192.168.1.1 yieldls site found > > > > > > > > > > > > I do have a DNS server setup in my options.pptp file, but it seems as if > > > > > > the web browser times out prior to checking the VPN connection for the > > > > web > > > > > > site. > > > > > > > > > > > > I also have the Windows client setup so that "Use degault gateway on > > > > > > remote network" is NOT checked. > > > > > > > > > > > > Anybody have some insight on this? > > > > > > > > > > > > -- > > > > > > > > > > > > -Rob > > > > > > > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- From Joe at Polcari.com Thu Dec 6 23:12:08 2001 From: Joe at Polcari.com (Joe Polcari) Date: Fri, 07 Dec 2001 00:12:08 -0500 Subject: [pptp-server] a Cosmetic problem References: <3C0EF9CB.413A1254@Polcari.com> <3C102CF5.9CAD788@home.com> <3C1044E3.7B3CB3B3@Polcari.com> <3C103CB8.1789EFB4@home.com> Message-ID: <3C104FA8.4D47D88A@Polcari.com> Jerry, Does this mean that since I am masqing anything coming in on my eth0 interface and going out any interface except eth0, that I should set eth0 MTU to 1452 or the PPP interface MTU to 1452? Joe Jerry Vonau wrote: > Joe: > > Well I'll try to explain.. > > The web server on the lan see the pptp server's lan card has > a mtu of 1500, > but if it sends the max of 1500 then it will not fit into > the ppp frame. > There is overhead involved with the encapsulation, as a > result it has to > fragment the frame. If it has the "don't fragment bit" set > then it can't > go any farther down the pipe.... > > Found this at : > http://feenix.burgiss.net/ldp/adsl/configure.html > > ----quote------ > > Note: PPPoE adds 8 bytes of extra overhead to the ethernet > frames > and the correct maximum setting for the ppp0 interface MTU > is > 1492. If the MTU is set too high, it may cause failure of > some web > pages to load properly, and possibly other annoying problems > related > to Path MTU Discovery. You may need to also set the MTU for > interfaces > on any masqueraded LAN connections MTU to 1452. This does > not apply to > PPPoA, or bridged configurations, just PPPoE! > ---------------- > > Since both PPPoE and PPTP run on PPPD this may be the same > type of problem. > > Just a shot in the dark, but it fits what your are > describing > > Jerry > > Joe Polcari wrote: > > > > No, I haven't. Can you explain why that might make a difference > > based on the address of the web page??? > > > > Jerry Vonau wrote: > > > > > Joe: > > > > > > Have you tried playing with the mtu settings on either the ppp link or the > > > ethernet interface for the lan? Sounds like a fragmentation problem to me, similar > > > to some PPPoE problems loading web pages. > > > > > > Jerry Vonau > > > > > > Joe Polcari wrote: > > > > > > > Nope. That's not it. > > > > I can go to http://www.vibrationresearch.com or > > > > http://www.vibrationresearch.com/ > > > > but not to > > > > http://www.vibrationresearch.com/pptpd or > > > > http://www.vibrationresearch.com/pptpd/ > > > > To see more info, follow the thread - Joe From GeorgeV at citadelcomputer.com.au Thu Dec 6 22:40:21 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 7 Dec 2001 15:40:21 +1100 Subject: [pptp-server] patches patches patches Message-ID: <200FAA488DE0D41194F10010B597610D2B932F@JUPITER> Krikey!!! I can't find any patches these days for PPPD..?? Where's it all gone? I just rebuilt my firewall due to a crappy Quantum drive crash and now have to rebuilt my kernal and pppd/mppe stuff. This is what I've collected... -rw-r--r-- 1 root root 536746 Dec 7 14:28 ppp-2.4.1.tar.gz -rwxr--r-- 1 georgev georgev 231 Dec 7 14:08 ppp_mppe_compressed_data_fix.diff.txt -rwxr--r-- 1 georgev georgev 329090 Dec 7 14:07 ldap+mppe+strip-domain.patch.gz Can anybody through me some URLs with WORKING files to whatever else I may need? I'm running RH7.1 kernel 2-4-2 at the moment... PS: I am currently not on the list. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -------------- next part -------------- An HTML attachment was scrubbed... URL: From mattgav at tempo.com.au Thu Dec 6 23:30:16 2001 From: mattgav at tempo.com.au (Matt Gavin) Date: Fri, 7 Dec 2001 16:30:16 +1100 Subject: [pptp-server] a Cosmetic problem In-Reply-To: <3C1044E3.7B3CB3B3@Polcari.com> Message-ID: Joe I hope that when you have this resolved, you will report back to this list your findings? I am very curious to see if your http problem has anything to do with PoPToP... Matt Gavin Tempo Services Limited ~~~~~~~~~~~~~~~~~~~~~~ From Joe at Polcari.com Fri Dec 7 00:37:37 2001 From: Joe at Polcari.com (Joe Polcari) Date: Fri, 07 Dec 2001 01:37:37 -0500 Subject: [pptp-server] a Cosmetic problem References: <3C0EF9CB.413A1254@Polcari.com> <3C102CF5.9CAD788@home.com> <3C1044E3.7B3CB3B3@Polcari.com> <3C103CB8.1789EFB4@home.com> <3C104FA8.4D47D88A@Polcari.com> Message-ID: <3C1063B1.7DE5289E@Polcari.com> Jerry, mtu 1452 in pptp options file FIXED the URL problem!! I'll try OutLook tomorrow. THANKS! Joe Polcari wrote: > Jerry, > > Does this mean that since I am masqing anything coming in on my eth0 interface > and going out any interface except eth0, that I should set eth0 MTU > to 1452 or the PPP interface MTU to 1452? > > Joe > > Jerry Vonau wrote: > > > Joe: > > > > Well I'll try to explain.. > > > > The web server on the lan see the pptp server's lan card has > > a mtu of 1500, > > but if it sends the max of 1500 then it will not fit into > > the ppp frame. > > There is overhead involved with the encapsulation, as a > > result it has to > > fragment the frame. If it has the "don't fragment bit" set > > then it can't > > go any farther down the pipe.... > > > > Found this at : > > http://feenix.burgiss.net/ldp/adsl/configure.html > > > > ----quote------ > > > > Note: PPPoE adds 8 bytes of extra overhead to the ethernet > > frames > > and the correct maximum setting for the ppp0 interface MTU > > is > > 1492. If the MTU is set too high, it may cause failure of > > some web > > pages to load properly, and possibly other annoying problems > > related > > to Path MTU Discovery. You may need to also set the MTU for > > interfaces > > on any masqueraded LAN connections MTU to 1452. This does > > not apply to > > PPPoA, or bridged configurations, just PPPoE! > > ---------------- > > > > Since both PPPoE and PPTP run on PPPD this may be the same > > type of problem. > > > > Just a shot in the dark, but it fits what your are > > describing > > > > Jerry > > > > Joe Polcari wrote: > > > > > > No, I haven't. Can you explain why that might make a difference > > > based on the address of the web page??? > > > > > > Jerry Vonau wrote: > > > > > > > Joe: > > > > > > > > Have you tried playing with the mtu settings on either the ppp link or the > > > > ethernet interface for the lan? Sounds like a fragmentation problem to me, similar > > > > to some PPPoE problems loading web pages. > > > > > > > > Jerry Vonau > > > > > > > > Joe Polcari wrote: > > > > > > > > > Nope. That's not it. > > > > > I can go to http://www.vibrationresearch.com or > > > > > http://www.vibrationresearch.com/ > > > > > but not to > > > > > http://www.vibrationresearch.com/pptpd or > > > > > http://www.vibrationresearch.com/pptpd/ > > > > > > > To see more info, follow the thread - Joe > ??????????????????????????????????????????z?sSYb?????????z??S?l??!?[^?S???i???S?l??!?[^?S??f?-f??X??)???i?Y?z?????N{?(? <3C0EF9CB.413A1254@Polcari.com> <3C102CF5.9CAD788@home.com> Message-ID: <3C10A5C3.41F10FF2@viplink.com.br> Jerry Vonau wrote: > Joe: > > Have you tried playing with the mtu settings on either the ppp link or the > ethernet interface for the lan? Sounds like a fragmentation problem to me, similar > to some PPPoE problems loading web pages. > > Jerry Vonau > > Joe Polcari wrote: > > > Nope. That's not it. > > I can go to http://www.vibrationresearch.com or > > http://www.vibrationresearch.com/ > > but not to > > http://www.vibrationresearch.com/pptpd or > > http://www.vibrationresearch.com/pptpd/ > > > > Jason Staudenmayer wrote: > > > > > That a web server/DNS problem > > > I have several systems running that are not > > > in my local DNS and if I don't use the last slash > > > I times out or tells me it can't find my S: drive. > > > I think it has to do with reverse lookups to the > > > webserver or client. Just always remember to add the last slash > > > it ain't that hard. > > > > > > -----Original Message----- > > > From: Joe Polcari [mailto:Joe at Polcari.com] > > > Sent: Wednesday, December 05, 2001 1:43 AM > > > To: mattgav at tempo.com.au > > > Cc: Robert Dege; pptp-server at lists.schulte.org > > > Subject: Re: [pptp-server] a Cosmetic problem > > > > > > Matt, > > > > > > With or without proxy doesn't matter. > > > I'm sure my problem is in the options files. > > > First let me give you what I sent before so can see the setup > > > and I'll add my option files. > > > > > > corporate remote net=192.168.0/24 > > > vpn remote IP=192.168.2.3 (wierd, huh?) > > > vpn local ip=192.168.0.xxx > > > nat to my local home net on 192.168.1.xxx > > > all this happens on my dual if local machine 192.168.1.4 (eth0) > > > which gateways the my local 192.168.1/24 home net to the pptp vpn > > > and to the internet through a second if 192.168.2.100 (eth1) connected > > > through > > > a > > > router/cable modem. > > > > > > normal default static route is to the 192.168.2.100 which gets replaced with > > > 192.168.2.3 during pptp connection. > > > > > > Everything works fine except this: > > > when I browse (http) through the vpn it works fine unless the ip is in the > > > 192.168.0 net. > > > In this case I can get and "/" url, but if I try anything else other than /, > > > the > > > connection times out. > > > i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but > > > http://192.168.0.10/anything doesn't. Using hostnames I get the same > > > results. > > > All hostnames, local and remote, resolve on my local home net. > > > > > > I am using pptp-command start to bring up the tunnel. > > > > > > ==================================== > > > #/etc/pppd.conf > > > persist > > > noauth > > > lock > > > debug > > > multi-link > > > proxyarp > > > mppe-128 > > > mppe-40 > > > mppe-stateless > > > lcp-echo-failure 1000 > > > lcp-echo-interval 1000 > > > ipcp-accept-local > > > ipcp-accept-remote > > > defaultroute > > > -am > > > kdebug 7 > > > ktune > > > bsdcomp 15 > > > deflate 15 > > > ms-wins 192.168.0.xxx > > > ===================================== > > > #/etc/ppp/ppp.options (this is a link to /etc/ppp/options) > > > noccp > > > persist > > > noauth > > > lock > > > #debug > > > proxyarp > > > #chap > > > #chapms > > > #chapms-v2 > > > mppe-128 > > > mppe-40 > > > mppe-stateless > > > lcp-echo-failure 1000 > > > lcp-echo-interval 1000 > > > ipcp-accept-local > > > ipcp-accept-remote > > > defaultroute > > > #noipdefault > > > #kdebug 7 > > > name jpolcari > > > remotename PPTP > > > -am > > > ms-dns 192.168.0.xxx > > > ms-wins 192.168.0.xxx > > > ============================== > > > > > > What other information can I give you? > > > > > > Joe > > > > > > Matt Gavin wrote: > > > > > > > This is not a PoPToP problem. The fact that it works for the index page > > > > means that it is working and PoPToP is not failing for you, remember > > > PoPToP > > > > simply provides a tunnel... to the private/your network. This will be > > > > Apache/IIS and/or your Proxy settings. > > > > > > > > What is your Web Server for Intranet? Do you have a proxy server? When you > > > > visit another page on the Intranet, are you maintaining the domain? Do you > > > > have a Proxy Server enabled for your Internet Access even before you reach > > > > the VPN? > > > > > > > > Matt > > > > > > > > Full domain name matters not. > > > > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere > > > > and iptables -L shows no dropped/rejected packets. > > > > > > > > Matt Gavin wrote: > > > > > > > > > What do you get if you use the full domain ie: > > > http://intranet.amherst.com > > > > > It would be beneficial to know what version of Windows your client is. > > > Can > > > > > you ping "intranet", if so check your proxy settings... This will more > > > > than > > > > > likely be an issue on your client rather than PoPToP. > > > > > > > > > > Matt > > > > > > > > > > -----Original Message----- > > > > > From: pptp-server-admin at lists.schulte.org > > > > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > > > > > Sent: Wednesday, 5 December 2001 9:47 AM > > > > > To: pptp-server at lists.schulte.org > > > > > Subject: [pptp-server] a Cosmetic problem > > > > > > > > > > I am able to make a successful PPTP connection. I know that it > > > > > works, because I am able to view certain Network Neighborhood > > > > > folders, & FTP to inside machines. However, when I attempt to access > > > > > certain web ages, instead of loading the web page, I get a server not > > > > > found error. > > > > > > > > > > ie: http://intranet yields not found > > > > > http://192.168.1.1 yieldls site found > > > > > > > > > > I do have a DNS server setup in my options.pptp file, but it seems as if > > > > > the web browser times out prior to checking the VPN connection for the > > > web > > > > > site. > > > > > > > > > > I also have the Windows client setup so that "Use degault gateway on > > > > > remote network" is NOT checked. > > > > > > > > > > Anybody have some insight on this? > > > > > > > > > > -- > > > > > > > > > > -Rob > > > > > > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- My pptp with MCHAP v2 don't work because the kernel compilation is return a error during compilation . What do I need to this work , any body help me with this ? From Steve at SteveCowles.com Fri Dec 7 07:57:43 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 7 Dec 2001 07:57:43 -0600 Subject: [pptp-server] a Cosmetic problem Message-ID: <90769AF04F76D41186C700A0C90AFC3EE93E@defiant.infohiiway.com> > -----Original Message----- > From: Eduardo Batista [mailto:eduardo at viplink.com.br] > Sent: Friday, December 07, 2001 5:20 AM > To: Jerry Vonau > Cc: Joe Polcari; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] a Cosmetic problem > > > My pptp with MCHAP v2 don't work because the kernel > compilation is return a error during compilation . > What do I need to this work , any body help me with this ? Might help if you could post the last few lines of your kernel compilation that show the actual errors??? Steve Cowles From rcd at amherst.com Fri Dec 7 10:16:51 2001 From: rcd at amherst.com (Robert Dege) Date: 07 Dec 2001 11:16:51 -0500 Subject: [pptp-server] a Cosmetic problem In-Reply-To: <3C103CB8.1789EFB4@home.com> References: <3C0EF9CB.413A1254@Polcari.com> <3C102CF5.9CAD788@home.com> <3C1044E3.7B3CB3B3@Polcari.com> <3C103CB8.1789EFB4@home.com> Message-ID: <1007741812.16976.8.camel@homer.amherst.com> I have a router connected to a DSL connection via PPoE. From there, it ip masquerades, and acts as a firewall. I plan on having PPTPd running eventually, but my question is more geared towards the MTU parameter. If I have my ppp0 set to 1492, and then my eth0 that masq's set to 1500 (on the same machine) does that cause internal ip fragmentation? Would it be better to set eth0 & all the Windows clients to 1492 for faster data transport, thus eliminating data fragmentation? Or am I reading too much into this whole MTU thing? -Rob > Well I'll try to explain.. > > The web server on the lan see the pptp server's lan card has > a mtu of 1500, > but if it sends the max of 1500 then it will not fit into > the ppp frame. > There is overhead involved with the encapsulation, as a > result it has to > fragment the frame. If it has the "don't fragment bit" set > then it can't > go any farther down the pipe.... > > Found this at : > http://feenix.burgiss.net/ldp/adsl/configure.html > > ----quote------ > > Note: PPPoE adds 8 bytes of extra overhead to the ethernet > frames > and the correct maximum setting for the ppp0 interface MTU > is > 1492. If the MTU is set too high, it may cause failure of > some web > pages to load properly, and possibly other annoying problems > related > to Path MTU Discovery. You may need to also set the MTU for > interfaces > on any masqueraded LAN connections MTU to 1452. This does > not apply to > PPPoA, or bridged configurations, just PPPoE! > ---------------- > > Since both PPPoE and PPTP run on PPPD this may be the same > type of problem. > > Just a shot in the dark, but it fits what your are > describing > > > Jerry > > > > > > > > > > > > > > > Joe Polcari wrote: > > > > No, I haven't. Can you explain why that might make a difference > > based on the address of the web page??? > > > > Jerry Vonau wrote: > > > > > Joe: > > > > > > Have you tried playing with the mtu settings on either the ppp link or the > > > ethernet interface for the lan? Sounds like a fragmentation problem to me, similar > > > to some PPPoE problems loading web pages. > > > > > > Jerry Vonau > > > > > > Joe Polcari wrote: > > > > > > > Nope. That's not it. > > > > I can go to http://www.vibrationresearch.com or > > > > http://www.vibrationresearch.com/ > > > > but not to > > > > http://www.vibrationresearch.com/pptpd or > > > > http://www.vibrationresearch.com/pptpd/ > > > > > > > > Jason Staudenmayer wrote: > > > > > > > > > That a web server/DNS problem > > > > > I have several systems running that are not > > > > > in my local DNS and if I don't use the last slash > > > > > I times out or tells me it can't find my S: drive. > > > > > I think it has to do with reverse lookups to the > > > > > webserver or client. Just always remember to add the last slash > > > > > it ain't that hard. > > > > > > > > > > -----Original Message----- > > > > > From: Joe Polcari [mailto:Joe at Polcari.com] > > > > > Sent: Wednesday, December 05, 2001 1:43 AM > > > > > To: mattgav at tempo.com.au > > > > > Cc: Robert Dege; pptp-server at lists.schulte.org > > > > > Subject: Re: [pptp-server] a Cosmetic problem > > > > > > > > > > Matt, > > > > > > > > > > With or without proxy doesn't matter. > > > > > I'm sure my problem is in the options files. > > > > > First let me give you what I sent before so can see the setup > > > > > and I'll add my option files. > > > > > > > > > > corporate remote net=192.168.0/24 > > > > > vpn remote IP=192.168.2.3 (wierd, huh?) > > > > > vpn local ip=192.168.0.xxx > > > > > nat to my local home net on 192.168.1.xxx > > > > > all this happens on my dual if local machine 192.168.1.4 (eth0) > > > > > which gateways the my local 192.168.1/24 home net to the pptp vpn > > > > > and to the internet through a second if 192.168.2.100 (eth1) connected > > > > > through > > > > > a > > > > > router/cable modem. > > > > > > > > > > normal default static route is to the 192.168.2.100 which gets replaced with > > > > > 192.168.2.3 during pptp connection. > > > > > > > > > > Everything works fine except this: > > > > > when I browse (http) through the vpn it works fine unless the ip is in the > > > > > 192.168.0 net. > > > > > In this case I can get and "/" url, but if I try anything else other than /, > > > > > the > > > > > connection times out. > > > > > i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but > > > > > http://192.168.0.10/anything doesn't. Using hostnames I get the same > > > > > results. > > > > > All hostnames, local and remote, resolve on my local home net. > > > > > > > > > > I am using pptp-command start to bring up the tunnel. > > > > > > > > > > ==================================== > > > > > #/etc/pppd.conf > > > > > persist > > > > > noauth > > > > > lock > > > > > debug > > > > > multi-link > > > > > proxyarp > > > > > mppe-128 > > > > > mppe-40 > > > > > mppe-stateless > > > > > lcp-echo-failure 1000 > > > > > lcp-echo-interval 1000 > > > > > ipcp-accept-local > > > > > ipcp-accept-remote > > > > > defaultroute > > > > > -am > > > > > kdebug 7 > > > > > ktune > > > > > bsdcomp 15 > > > > > deflate 15 > > > > > ms-wins 192.168.0.xxx > > > > > ===================================== > > > > > #/etc/ppp/ppp.options (this is a link to /etc/ppp/options) > > > > > noccp > > > > > persist > > > > > noauth > > > > > lock > > > > > #debug > > > > > proxyarp > > > > > #chap > > > > > #chapms > > > > > #chapms-v2 > > > > > mppe-128 > > > > > mppe-40 > > > > > mppe-stateless > > > > > lcp-echo-failure 1000 > > > > > lcp-echo-interval 1000 > > > > > ipcp-accept-local > > > > > ipcp-accept-remote > > > > > defaultroute > > > > > #noipdefault > > > > > #kdebug 7 > > > > > name jpolcari > > > > > remotename PPTP > > > > > -am > > > > > ms-dns 192.168.0.xxx > > > > > ms-wins 192.168.0.xxx > > > > > ============================== > > > > > > > > > > What other information can I give you? > > > > > > > > > > Joe > > > > > > > > > > Matt Gavin wrote: > > > > > > > > > > > This is not a PoPToP problem. The fact that it works for the index page > > > > > > means that it is working and PoPToP is not failing for you, remember > > > > > PoPToP > > > > > > simply provides a tunnel... to the private/your network. This will be > > > > > > Apache/IIS and/or your Proxy settings. > > > > > > > > > > > > What is your Web Server for Intranet? Do you have a proxy server? When you > > > > > > visit another page on the Intranet, are you maintaining the domain? Do you > > > > > > have a Proxy Server enabled for your Internet Access even before you reach > > > > > > the VPN? > > > > > > > > > > > > Matt > > > > > > > > > > > > Full domain name matters not. > > > > > > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere > > > > > > and iptables -L shows no dropped/rejected packets. > > > > > > > > > > > > Matt Gavin wrote: > > > > > > > > > > > > > What do you get if you use the full domain ie: > > > > > http://intranet.amherst.com > > > > > > > It would be beneficial to know what version of Windows your client is. > > > > > Can > > > > > > > you ping "intranet", if so check your proxy settings... This will more > > > > > > than > > > > > > > likely be an issue on your client rather than PoPToP. > > > > > > > > > > > > > > Matt > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: pptp-server-admin at lists.schulte.org > > > > > > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > > > > > > > Sent: Wednesday, 5 December 2001 9:47 AM > > > > > > > To: pptp-server at lists.schulte.org > > > > > > > Subject: [pptp-server] a Cosmetic problem > > > > > > > > > > > > > > I am able to make a successful PPTP connection. I know that it > > > > > > > works, because I am able to view certain Network Neighborhood > > > > > > > folders, & FTP to inside machines. However, when I attempt to access > > > > > > > certain web ages, instead of loading the web page, I get a server not > > > > > > > found error. > > > > > > > > > > > > > > ie: http://intranet yields not found > > > > > > > http://192.168.1.1 yieldls site found > > > > > > > > > > > > > > I do have a DNS server setup in my options.pptp file, but it seems as if > > > > > > > the web browser times out prior to checking the VPN connection for the > > > > > web > > > > > > > site. > > > > > > > > > > > > > > I also have the Windows client setup so that "Use degault gateway on > > > > > > > remote network" is NOT checked. > > > > > > > > > > > > > > Anybody have some insight on this? > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > -Rob > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > -- -Rob From shughes at arn.net Fri Dec 7 16:35:21 2001 From: shughes at arn.net (Shawn Hughes) Date: Fri, 7 Dec 2001 14:35:21 -0800 Subject: [pptp-server] Could not determine local ip address Message-ID: <023f01c17f6f$780893d0$1204a8c0@shawn> Has anyone came across this problem: "could not determine local ip address". I'm running Linux Red Hat 7.1 with pptpd installed. I can authenticate with the poptop server then the connection is terminated. If anyone else has seen or experienced this problem please help. Thanks, Shawn -------------- next part -------------- An HTML attachment was scrubbed... URL: From jasons at NJAQUARIUM.ORG Fri Dec 7 14:35:04 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Fri, 7 Dec 2001 15:35:04 -0500 Subject: [pptp-server] Could not determine local ip address Message-ID: add localip insert ipaddress here into your pptp.conf -----Original Message----- From: Shawn Hughes [mailto:shughes at arn.net] Sent: Friday, December 07, 2001 5:35 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Could not determine local ip address Has anyone came across this problem: "could not determine local ip address". I'm running Linux Red Hat 7.1 with pptpd installed. I can authenticate with the poptop server then the connection is terminated. If anyone else has seen or experienced this problem please help. Thanks, Shawn From neale at lowendale.com.au Fri Dec 7 14:55:32 2001 From: neale at lowendale.com.au (Neale Banks) Date: Sat, 8 Dec 2001 07:55:32 +1100 (EST) Subject: [pptp-server] Could not determine local ip address In-Reply-To: <023f01c17f6f$780893d0$1204a8c0@shawn> Message-ID: On Fri, 7 Dec 2001, Shawn Hughes wrote: > Has anyone came across this problem: "could not determine local ip > address". I'm running Linux Red Hat 7.1 with pptpd installed. I can > authenticate with the poptop server then the connection is terminated. > If anyone else has seen or experienced this problem please help. Please: (1) show us the ppp options you are using (2) check that (1) includes "debug" (3) show us the debug output of pppd (sanitised, if appropriate). HTH, Neale. From shughes at arn.net Fri Dec 7 17:01:15 2001 From: shughes at arn.net (Shawn Hughes) Date: Fri, 7 Dec 2001 15:01:15 -0800 Subject: [pptp-server] Could not determine local ip address References: Message-ID: <026601c17f73$15f52b00$1204a8c0@shawn> This is in my pptpd.conf file: debug option /etc/ppp/options localip 192.168.4.10 remoteip 192.168.4.105-110 ----- Original Message ----- From: "Jason Staudenmayer" To: "'Shawn Hughes'" ; Sent: Friday, December 07, 2001 12:35 PM Subject: RE: [pptp-server] Could not determine local ip address > add > localip insert ipaddress here > into your pptp.conf > > -----Original Message----- > From: Shawn Hughes [mailto:shughes at arn.net] > Sent: Friday, December 07, 2001 5:35 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Could not determine local ip address > > > Has anyone came across this problem: "could not determine local ip address". > I'm running Linux Red Hat 7.1 with pptpd installed. I can authenticate with > the poptop server then the connection is terminated. If anyone else has > seen or experienced this problem please help. > > Thanks, > Shawn > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > From jasons at NJAQUARIUM.ORG Fri Dec 7 15:00:27 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Fri, 7 Dec 2001 16:00:27 -0500 Subject: [pptp-server] Could not determine local ip address Message-ID: so 192.168.4.10 is the IP on the VPN server Internal NIC right? -----Original Message----- From: Shawn Hughes [mailto:shughes at arn.net] Sent: Friday, December 07, 2001 6:01 PM To: Jason Staudenmayer; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Could not determine local ip address This is in my pptpd.conf file: debug option /etc/ppp/options localip 192.168.4.10 remoteip 192.168.4.105-110 ----- Original Message ----- From: "Jason Staudenmayer" To: "'Shawn Hughes'" ; Sent: Friday, December 07, 2001 12:35 PM Subject: RE: [pptp-server] Could not determine local ip address > add > localip insert ipaddress here > into your pptp.conf > > -----Original Message----- > From: Shawn Hughes [mailto:shughes at arn.net] > Sent: Friday, December 07, 2001 5:35 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Could not determine local ip address > > > Has anyone came across this problem: "could not determine local ip address". > I'm running Linux Red Hat 7.1 with pptpd installed. I can authenticate with > the poptop server then the connection is terminated. If anyone else has > seen or experienced this problem please help. > > Thanks, > Shawn > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > > From shughes at arn.net Fri Dec 7 19:53:53 2001 From: shughes at arn.net (Shawn Hughes) Date: Fri, 7 Dec 2001 17:53:53 -0800 Subject: [pptp-server] Troubles Ping Local Network Message-ID: <04f001c17f8b$34032e90$1204a8c0@shawn> I'm now able to logon to the VPN server using poptop on a Linux Red Hat 7.1. But the problem that I'm having is that I'm not able to ping other devices on the local network. I would appreciate any help. Thanks Shawn -------------- next part -------------- An HTML attachment was scrubbed... URL: From jvonau at home.com Fri Dec 7 18:28:12 2001 From: jvonau at home.com (Jerry Vonau) Date: Fri, 07 Dec 2001 18:28:12 -0600 Subject: [pptp-server] Troubles Ping Local Network References: <04f001c17f8b$34032e90$1204a8c0@shawn> Message-ID: <3C115E9C.4C683DD1@home.com> Shawn: The crystal ball is broken. ;-) Can you post the config files and and a snip of /var/log/messages of the connect attempt please. Jerry Vonau > Shawn Hughes wrote: > > I'm now able to logon to the VPN server using poptop on a > Linux Red Hat 7.1. But the problem that I'm having is > that I'm not able to ping other devices on the local > network. I would appreciate any help. > > Thanks > Shawn From Joe at Polcari.com Fri Dec 7 23:12:07 2001 From: Joe at Polcari.com (Joe Polcari) Date: Sat, 08 Dec 2001 00:12:07 -0500 Subject: [pptp-server] a Cosmetic problem References: <3C0EF9CB.413A1254@Polcari.com> <3C102CF5.9CAD788@home.com> <3C1044E3.7B3CB3B3@Polcari.com> <3C103CB8.1789EFB4@home.com> <1007741812.16976.8.camel@homer.amherst.com> Message-ID: <3C11A127.A67CC72C@Polcari.com> Robert, I don't think so. It makes sense and worked for the http problems. Outlook/Exchange are a different story though, I think. I now have my MTU on the PPP interface (ppp options file) set to 1452 per the web page mentioned below but I still have one last problem of connecting Outlook to the exchange server. I posted about 45 seconds, pertinent I hope, of tcpdump trace info at http://www.Polcari.com/trace.html Could someone, hint hint - Jerry, look at it and see if anything pops out at you. I don't have anything to compare it to and I'm not too familiar with the exchange that happens between the two. Wildcat is the server so I only have the packets between it and my LAN in the trace file. Thanks, Joe Robert Dege wrote: > I have a router connected to a DSL connection via PPoE. From there, it > ip masquerades, and acts as a firewall. I plan on having PPTPd running > eventually, but my question is more geared towards the MTU parameter. > > If I have my ppp0 set to 1492, and then my eth0 that masq's set to 1500 > (on the same machine) does that cause internal ip fragmentation? Would > it be better to set eth0 & all the Windows clients to 1492 for faster > data transport, thus eliminating data fragmentation? > > Or am I reading too much into this whole MTU thing? > > -Rob > > > Well I'll try to explain.. > > > > The web server on the lan see the pptp server's lan card has > > a mtu of 1500, > > but if it sends the max of 1500 then it will not fit into > > the ppp frame. > > There is overhead involved with the encapsulation, as a > > result it has to > > fragment the frame. If it has the "don't fragment bit" set > > then it can't > > go any farther down the pipe.... > > > > Found this at : > > http://feenix.burgiss.net/ldp/adsl/configure.html > > > > ----quote------ > > > > Note: PPPoE adds 8 bytes of extra overhead to the ethernet > > frames > > and the correct maximum setting for the ppp0 interface MTU > > is > > 1492. If the MTU is set too high, it may cause failure of > > some web > > pages to load properly, and possibly other annoying problems > > related > > to Path MTU Discovery. You may need to also set the MTU for > > interfaces > > on any masqueraded LAN connections MTU to 1452. This does > > not apply to > > PPPoA, or bridged configurations, just PPPoE! > > ---------------- > > > > Since both PPPoE and PPTP run on PPPD this may be the same > > type of problem. > > > > Just a shot in the dark, but it fits what your are > > describing > > > > > > Jerry > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Joe Polcari wrote: > > > > > > No, I haven't. Can you explain why that might make a difference > > > based on the address of the web page??? > > > > > > Jerry Vonau wrote: > > > > > > > Joe: > > > > > > > > Have you tried playing with the mtu settings on either the ppp link or the > > > > ethernet interface for the lan? Sounds like a fragmentation problem to me, similar > > > > to some PPPoE problems loading web pages. > > > > > > > > Jerry Vonau > > > > > > > > Joe Polcari wrote: > > > > > > > > > Nope. That's not it. > > > > > I can go to http://www.vibrationresearch.com or > > > > > http://www.vibrationresearch.com/ > > > > > but not to > > > > > http://www.vibrationresearch.com/pptpd or > > > > > http://www.vibrationresearch.com/pptpd/ > > > > > > > > > > Jason Staudenmayer wrote: > > > > > > > > > > > That a web server/DNS problem > > > > > > I have several systems running that are not > > > > > > in my local DNS and if I don't use the last slash > > > > > > I times out or tells me it can't find my S: drive. > > > > > > I think it has to do with reverse lookups to the > > > > > > webserver or client. Just always remember to add the last slash > > > > > > it ain't that hard. > > > > > > > > > > > > -----Original Message----- > > > > > > From: Joe Polcari [mailto:Joe at Polcari.com] > > > > > > Sent: Wednesday, December 05, 2001 1:43 AM > > > > > > To: mattgav at tempo.com.au > > > > > > Cc: Robert Dege; pptp-server at lists.schulte.org > > > > > > Subject: Re: [pptp-server] a Cosmetic problem > > > > > > > > > > > > Matt, > > > > > > > > > > > > With or without proxy doesn't matter. > > > > > > I'm sure my problem is in the options files. > > > > > > First let me give you what I sent before so can see the setup > > > > > > and I'll add my option files. > > > > > > > > > > > > corporate remote net=192.168.0/24 > > > > > > vpn remote IP=192.168.2.3 (wierd, huh?) > > > > > > vpn local ip=192.168.0.xxx > > > > > > nat to my local home net on 192.168.1.xxx > > > > > > all this happens on my dual if local machine 192.168.1.4 (eth0) > > > > > > which gateways the my local 192.168.1/24 home net to the pptp vpn > > > > > > and to the internet through a second if 192.168.2.100 (eth1) connected > > > > > > through > > > > > > a > > > > > > router/cable modem. > > > > > > > > > > > > normal default static route is to the 192.168.2.100 which gets replaced with > > > > > > 192.168.2.3 during pptp connection. > > > > > > > > > > > > Everything works fine except this: > > > > > > when I browse (http) through the vpn it works fine unless the ip is in the > > > > > > 192.168.0 net. > > > > > > In this case I can get and "/" url, but if I try anything else other than /, > > > > > > the > > > > > > connection times out. > > > > > > i.e. http://192.168.0.10 works ok and http://192.168.0.10/ works ok, but > > > > > > http://192.168.0.10/anything doesn't. Using hostnames I get the same > > > > > > results. > > > > > > All hostnames, local and remote, resolve on my local home net. > > > > > > > > > > > > I am using pptp-command start to bring up the tunnel. > > > > > > > > > > > > ==================================== > > > > > > #/etc/pppd.conf > > > > > > persist > > > > > > noauth > > > > > > lock > > > > > > debug > > > > > > multi-link > > > > > > proxyarp > > > > > > mppe-128 > > > > > > mppe-40 > > > > > > mppe-stateless > > > > > > lcp-echo-failure 1000 > > > > > > lcp-echo-interval 1000 > > > > > > ipcp-accept-local > > > > > > ipcp-accept-remote > > > > > > defaultroute > > > > > > -am > > > > > > kdebug 7 > > > > > > ktune > > > > > > bsdcomp 15 > > > > > > deflate 15 > > > > > > ms-wins 192.168.0.xxx > > > > > > ===================================== > > > > > > #/etc/ppp/ppp.options (this is a link to /etc/ppp/options) > > > > > > noccp > > > > > > persist > > > > > > noauth > > > > > > lock > > > > > > #debug > > > > > > proxyarp > > > > > > #chap > > > > > > #chapms > > > > > > #chapms-v2 > > > > > > mppe-128 > > > > > > mppe-40 > > > > > > mppe-stateless > > > > > > lcp-echo-failure 1000 > > > > > > lcp-echo-interval 1000 > > > > > > ipcp-accept-local > > > > > > ipcp-accept-remote > > > > > > defaultroute > > > > > > #noipdefault > > > > > > #kdebug 7 > > > > > > name jpolcari > > > > > > remotename PPTP > > > > > > -am > > > > > > ms-dns 192.168.0.xxx > > > > > > ms-wins 192.168.0.xxx > > > > > > ============================== > > > > > > > > > > > > What other information can I give you? > > > > > > > > > > > > Joe > > > > > > > > > > > > Matt Gavin wrote: > > > > > > > > > > > > > This is not a PoPToP problem. The fact that it works for the index page > > > > > > > means that it is working and PoPToP is not failing for you, remember > > > > > > PoPToP > > > > > > > simply provides a tunnel... to the private/your network. This will be > > > > > > > Apache/IIS and/or your Proxy settings. > > > > > > > > > > > > > > What is your Web Server for Intranet? Do you have a proxy server? When you > > > > > > > visit another page on the Intranet, are you maintaining the domain? Do you > > > > > > > have a Proxy Server enabled for your Internet Access even before you reach > > > > > > > the VPN? > > > > > > > > > > > > > > Matt > > > > > > > > > > > > > > Full domain name matters not. > > > > > > > I CAN nslookup/ping/telnet/ftp/ssh anything anywhere > > > > > > > and iptables -L shows no dropped/rejected packets. > > > > > > > > > > > > > > Matt Gavin wrote: > > > > > > > > > > > > > > > What do you get if you use the full domain ie: > > > > > > http://intranet.amherst.com > > > > > > > > It would be beneficial to know what version of Windows your client is. > > > > > > Can > > > > > > > > you ping "intranet", if so check your proxy settings... This will more > > > > > > > than > > > > > > > > likely be an issue on your client rather than PoPToP. > > > > > > > > > > > > > > > > Matt > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: pptp-server-admin at lists.schulte.org > > > > > > > > [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Robert Dege > > > > > > > > Sent: Wednesday, 5 December 2001 9:47 AM > > > > > > > > To: pptp-server at lists.schulte.org > > > > > > > > Subject: [pptp-server] a Cosmetic problem > > > > > > > > > > > > > > > > I am able to make a successful PPTP connection. I know that it > > > > > > > > works, because I am able to view certain Network Neighborhood > > > > > > > > folders, & FTP to inside machines. However, when I attempt to access > > > > > > > > certain web ages, instead of loading the web page, I get a server not > > > > > > > > found error. > > > > > > > > > > > > > > > > ie: http://intranet yields not found > > > > > > > > http://192.168.1.1 yieldls site found > > > > > > > > > > > > > > > > I do have a DNS server setup in my options.pptp file, but it seems as if > > > > > > > > the web browser times out prior to checking the VPN connection for the > > > > > > web > > > > > > > > site. > > > > > > > > > > > > > > > > I also have the Windows client setup so that "Use degault gateway on > > > > > > > > remote network" is NOT checked. > > > > > > > > > > > > > > > > Anybody have some insight on this? > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > > > -Rob > > > > > > > > > > > > > > From jasons at NJAQUARIUM.ORG Sun Dec 9 08:30:12 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Sun, 9 Dec 2001 09:30:12 -0500 Subject: [pptp-server] Kernel PANIC!?! Message-ID: Anybody run in to this yet? setup: RH 7.1 Kernel 2.4.2-2 poptop 1.0.1 pppd 2.4.1 patched for mppe, mschap, strip-domain I get some kind of panic it seems after to many failed MSCHAP auths (3). I don't get it and I have only seen it happen once. I came in this morning and the system was down. I only saw the last part of the crash. Process pptpctrl (pid 3851, stackpage c15f7000) then a memory dump. There was something at the top of the screen about pgm or something I could see all of it. The last message in the message log was this Dec 8 21:27:14 shark2 pptpd[3774]: CTRL: Client xxx.xxx.xxx.xxx control connection started Dec 8 21:27:14 shark2 pptpd[3774]: CTRL: Starting call (launching pppd, opening GRE) Dec 8 21:27:14 shark2 pppd[3775]: pppd 2.4.1 started by root, uid 0 Dec 8 21:27:14 shark2 pppd[3775]: Using interface ppp1 Dec 8 21:27:14 shark2 pppd[3775]: Connect: ppp1 <--> /dev/pts/1 Dec 8 21:27:15 shark2 pppd[3775]: MSCHAP-v2 peer authentication failed for remote host domain\\ythomas Dec 8 21:27:15 shark2 pppd[3775]: Connection terminated. Dec 8 21:27:15 shark2 pptpd[3774]: CTRL: Error with select(), quitting Dec 8 21:27:15 shark2 pptpd[3774]: CTRL: Client xxx.xxx.xxx.xxx control connection finished Dec 8 21:27:15 shark2 pppd[3775]: tcflush failed: Input/output error Dec 8 21:27:15 shark2 pppd[3775]: Exit. Dec 8 21:28:01 shark2 pptpd[3799]: CTRL: Client xxx.xxx.xxx.xxx control connection started Dec 8 21:28:01 shark2 pptpd[3799]: CTRL: Starting call (launching pppd, opening GRE) Dec 8 21:28:01 shark2 pppd[3800]: pppd 2.4.1 started by root, uid 0 Dec 8 21:28:01 shark2 pppd[3800]: Using interface ppp1 Dec 8 21:28:01 shark2 pppd[3800]: Connect: ppp1 <--> /dev/pts/1 Dec 8 21:28:02 shark2 pppd[3800]: MSCHAP-v2 peer authentication failed for remote host domain\\ythomas Dec 8 21:28:02 shark2 pppd[3800]: Connection terminated. Dec 8 21:28:02 shark2 pptpd[3799]: CTRL: Error with select(), quitting Dec 8 21:28:02 shark2 pptpd[3799]: CTRL: Client xxx.xxx.xxx.xxx control connection finished Dec 8 21:28:02 shark2 pppd[3800]: tcflush failed: Input/output error Dec 8 21:28:02 shark2 pppd[3800]: Exit. Dec 8 21:28:38 shark2 pptpd[3824]: CTRL: Client xxx.xxx.xxx.xxx control connection started Dec 8 21:28:38 shark2 pptpd[3824]: CTRL: Starting call (launching pppd, opening GRE) Dec 8 21:28:38 shark2 pppd[3825]: pppd 2.4.1 started by root, uid 0 Dec 8 21:28:38 shark2 pppd[3825]: Using interface ppp1 Dec 8 21:28:38 shark2 pppd[3825]: Connect: ppp1 <--> /dev/pts/1 Dec 8 21:28:39 shark2 pppd[3825]: MSCHAP-v2 peer authentication failed for remote host domain\\ythomas Dec 8 21:28:39 shark2 pppd[3825]: Connection terminated. Dec 8 21:28:39 shark2 pptpd[3824]: CTRL: Error with select(), quitting Dec 8 21:28:39 shark2 pptpd[3824]: CTRL: Client xxx.xxx.xxx.xxx control connection finished Dec 8 21:28:39 shark2 pppd[3825]: tcflush failed: Input/output error Dec 8 21:28:39 shark2 pppd[3825]: Exit. Dec 8 21:31:48 shark2 pptpd[3851]: CTRL: Client xxx.xxx.xxx.xxx control connection started Dec 8 21:32:07 shark2 pptpd[3851]: CTRL: Starting call (launching pppd, opening GRE) Dec 8 21:32:07 shark2 pppd[3852]: pppd 2.4.1 started by root, uid 0 Dec 8 21:32:07 shark2 pppd[3852]: Using interface ppp1 Dec 8 21:32:07 shark2 pppd[3852]: Connect: ppp1 <--> /dev/pts/1 CRASH!!!!! Any Ideas??????? if you need the configs just ask From bjkbunker at highstream.net Sun Dec 9 12:35:10 2001 From: bjkbunker at highstream.net (Brett Bunker) Date: Sun, 9 Dec 2001 11:35:10 -0700 Subject: [pptp-server] can't talk Message-ID: <000801c180e0$3d14fda0$b8c70e3f@jennifer> I am running Redhat 7.2 and downloaded the 2.4.16 kernel and patch for mppe and compiled it. I recompioled ppp to use mschap. I can connect to my vpn but cannot ping or browse the network. I also cannot get encryption to work even though I applied the patches. I am running the pptp server on the same box as my firewall. Is it easier to seperate the firewall and vpn server. I do have samba running on the box and have it joined to the domain and can browse it on the local network. -------------- next part -------------- An HTML attachment was scrubbed... URL: From faralla at gmx.de Sun Dec 9 14:34:37 2001 From: faralla at gmx.de (Faralla) Date: Sun, 9 Dec 2001 21:34:37 +0100 Subject: [pptp-server] Problems routing into local network Message-ID: Hi, I installed pptpd on my linux-fw-box. I tried everything using a modem-connection and everything seemed to work fine. I could connect to my 192.168.0.x-subnet from the VPN-connection (192.168.1.x IP) an vice versa. Now a friend of mine connected using the VPN, but he can only ping the fw-box, other machines in the 192.168.0.0-subnet are unreachable. The only difference I could figure out is, that my friend is connected to the Internet directly via LAN and not via modem like my test-setup. Could anyone give me a hint how to solve the problem? All Clients are using Windows 2k. Thanks, faralla From jasons at NJAQUARIUM.ORG Sun Dec 9 14:34:18 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Sun, 9 Dec 2001 15:34:18 -0500 Subject: [pptp-server] Problems routing into local network Message-ID: did you set the proxyarp in the options files? -----Original Message----- From: Faralla [mailto:faralla at gmx.de] Sent: Sunday, December 09, 2001 3:35 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Problems routing into local network Hi, I installed pptpd on my linux-fw-box. I tried everything using a modem-connection and everything seemed to work fine. I could connect to my 192.168.0.x-subnet from the VPN-connection (192.168.1.x IP) an vice versa. Now a friend of mine connected using the VPN, but he can only ping the fw-box, other machines in the 192.168.0.0-subnet are unreachable. The only difference I could figure out is, that my friend is connected to the Internet directly via LAN and not via modem like my test-setup. Could anyone give me a hint how to solve the problem? All Clients are using Windows 2k. Thanks, faralla _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From jhiggs at iprsystems.com Sun Dec 9 15:31:47 2001 From: jhiggs at iprsystems.com (Jeremy Higgs) Date: Mon, 10 Dec 2001 08:31:47 +1100 Subject: [pptp-server] Attempts to get PPTPD and PPP working with CHAP Message-ID: Hi! I'm trying to get PPTPD (PoPToP) working with another linux machine, which has the pptp-client installed on it. I have had a look at some HOWTOs/Guides that are linked from the PoPToP site, but it doesn't seem to be working... I get this: root at piglet:~# pptp cata.mine.nu /usr/sbin/pppd: The remote system is required to authenticate itself /usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so. /usr/sbin/pppd: (None of the available passwords would let it use an IP address.) And this on the 'server' machine: No free connection slots or IPs available - no more clients can connect! Dec 9 21:54:54 bluey pptpd[15948]: MGR: No free connection slots or IPs - no more clients can connect! Dec 9 21:54:54 bluey pptpd[15957]: CTRL: Client 144.132.140.185 control connection started /usr/sbin/pppd: In file /etc/ppp/pptpd-options: unrecognized option 'mppe-40' Dec 9 21:54:55 bluey pptpd[15957]: CTRL: Starting call (launching pppd, opening GRE) Dec 9 21:54:55 bluey pppd[15958]: In file /etc/ppp/pptpd-options: unrecognized option 'mppe-40' Dec 9 21:54:55 bluey pptpd[15957]: GRE: read(fd=5,buffer=10014e54,len=8196) from PTY failed: status = -1 error = Input/output error Dec 9 21:54:55 bluey pptpd[15957]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 9 21:54:55 bluey pptpd[15957]: CTRL: Client 144.132.140.185 control connection finished Dec 9 21:54:55 bluey pptpd[15957]: CTRL: Couldn't write packet to client. ---- This is the /etc/ppp/pptd-options file on the 'server' machine, bluey: bluey:/etc/ppp# less pptpd-options ## SAMPLE ONLY ## CHANGE TO SUIT YOUR SYSTEM ## turn pppd syslog debugging on #debug ## change 'servername' to whatever you specify as your server name in chap-secre ts name bluey ## change the domainname to your local domain domain mydomain.net ## these are reasonable defaults for WinXXXX clients ## for the security related settings auth require-chap #require-chapms #require-chapms-v2 +chap #+chapms #+chapms-v2 mppe-40 mppe-128 mppe-stateless require-mppe require-mppe-stateless ## Fill in your addresses #ms-dns 10.0.0.1 #ms-wins 10.0.0.1 ## Fill in your netmask netmask 255.255.255.240 ## some defaults nodefaultroute proxyarp Lock --- I have edited the /etc/ppp/options file on the client machine, piglet, just in these two areas: # Append the domain name to the local host name for authentication # purposes. For example, if gethostname() returns the name porsche, # but the fully qualified domain name is porsche.Quotron.COM, you would # use the domain option to set the domain name to Quotron.COM. #domain domain shacknet.nu ... # Set the name of the local system for authentication purposes to . # This is a privileged option. With this option, pppd will use lines in the # secrets files which have as the second field when looking for a # secret to use in authenticating the peer. In addition, unless overridden # with the user option, will be used as the name to send to the peer # when authenticating the local system to the peer. (Note that pppd does # not append the domain name to .) #name name piglet --- This is the chap-secrets file on the client machine, piglet (passwords blanked out...)(I also based this on the example in the PPP HOWTO... Is this correct?): root at piglet:/etc/ppp# less chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses bluey piglet "*********" * piglet bluey "********" * And the chap-secrets for the 'server', bluey: bluey:/etc/ppp# less chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses piglet bluey "*********" * bluey piglet "********" * On the /etc/pptpd.conf file on bluey, I've also got this: ... option /etc/ppp/pptpd-options ... --- I can post more info, if needed... But would anyone be able to help me? I've had a look at a number of sites, but I can't seem to solve it... Thanks a lot! From GeorgeV at citadelcomputer.com.au Sun Dec 9 15:31:52 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 10 Dec 2001 08:31:52 +1100 Subject: [pptp-server] GRE: read error: Protocol not available Message-ID: <200FAA488DE0D41194F10010B597610D2B9338@JUPITER> Hey peeps, Rebuilding my firewall and reinstalling all the patches etc for Kernel 2.4.16 and pppd 2.4.1 but I got errors when connecting about a protocol not avialable.. I assume it's GRE as below. Which options could this be in the kernel? Should it be a module or built into the kernel? It's been a while since I've built kernels and done anything with pptp.....argh! Dec 10 07:51:48 firewall pptpd[1201]: CTRL: Starting call (launching pppd, opening GRE) Dec 10 07:51:48 firewall kernel: CSLIP: code copyright 1989 Regents of the University of California Dec 10 07:51:48 firewall kernel: PPP generic driver version 2.4.1 Dec 10 07:51:48 firewall pppd[1202]: pppd 2.4.1 started by root, uid 0 Dec 10 07:51:49 firewall pppd[1202]: Using interface ppp0 Dec 10 07:51:49 firewall pppd[1202]: Connect: ppp0 <--> /dev/pts/0 Dec 10 07:51:49 firewall pptpd[1201]: GRE: read error: Protocol not available Dec 10 07:51:49 firewall pptpd[1201]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 10 07:51:49 firewall pptpd[1201]: CTRL: Client x.x.x.x control connection finished Dec 10 07:51:49 firewall pppd[1202]: Modem hangup Dec 10 07:51:49 firewall pppd[1202]: Connection terminated. Dec 10 07:51:49 firewall pppd[1202]: Exit. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -------------- next part -------------- An HTML attachment was scrubbed... URL: From magnus at vonkoeller.de Sun Dec 9 15:51:02 2001 From: magnus at vonkoeller.de (Magnus von Koeller) Date: Sun, 9 Dec 2001 22:51:02 +0100 Subject: [pptp-server] GRE: read error: Protocol not available In-Reply-To: <200FAA488DE0D41194F10010B597610D2B9338@JUPITER> References: <200FAA488DE0D41194F10010B597610D2B9338@JUPITER> Message-ID: <200112092249.22495@vonkoeller.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 09 December 2001 22:31, you wrote: > Rebuilding my firewall and reinstalling all the patches etc for > Kernel 2.4.16 and pppd 2.4.1 but I got errors when connecting about > a protocol not avialable.. I assume it's GRE as below. Well, I don't know if this is the problem you are talking about but there have there have been problems with Kernel Versions > 2.4.10 on the pptp server and Linux clients (i.e. it doesn't work). - -- - -M - ------- Magnus von Koeller ------ Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany Phone: +49-(0)531/2094886 Mobile: +49-(0)179/4562940 lp1 on fire (One of the more obfuscated kernel messages) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8E9zKUIvM6e6BgFARAtqnAKDcIdikHJIIQpY6co6NpgrRhHZPpACfTD2c FBlbz+qdXOkyvSsTmMzANL8= =u5Np -----END PGP SIGNATURE----- From jditto at woh.rr.com Sun Dec 9 16:03:14 2001 From: jditto at woh.rr.com (joe ditto) Date: Sun, 9 Dec 2001 17:03:14 -0500 Subject: [pptp-server] speed Message-ID: <002201c180fd$4d1ea620$8402a8c0@joe> hello, time for me to revisit this subject again. i did some testing against a standard windows 2000 professional box that accepts vpn connections, as it will allow only one. i used a program called goldmine to see how long it would take to open the program at a remote location. it took over 2 minutes to open up on the linux box(10/100 ethernet, pIII 1ghz) and 25-30 seconds on the windows 2000 box(a little faster on the processor but not much), the servers were tested from the same location. i need some help maybe someone could look at my configuration. ppp-options file has: name * lock debug mtu 1490 mru 1490 proxyarp auth idle 3600 +chap +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless nobsdcomp I'm running only windows millenium clients, and followed the 2.4 setup guide on their dial up settings. I ran ifconfig on the linux box and of course it says the mtu is 1500, does this affect ppp in any way? is their something i can do before i have to resort to implementing windows 2000. the log files don't show any errors so i don't know what's going on or what's slowing me down, could it be samba? it runs great on the local lan. samba configuration: # Global parameters [global] workgroup = LAW netbios name = FILE_SERVER server string = Samba Server %v encrypt passwords = Yes log file = /var/log/samba/log.%m max log size = 50 dns proxy = No remote announce = yes [homes] comment = Home Directories writeable = Yes [c-drive] path = /home/public/c valid users = jim rlditto kathie brent beth doris mary writeable = Yes create mask = 0777 directory mask = 0777 [d] path = /home/public/d valid users = jim brent doris beth mary kathie rlditto writeable = Yes create mask = 0777 directory mask = 0777 [public] path = /backup valid users = rlditto create mask = 0777 directory mask = 0777 please help me, before i'm forced to switch to mickeysoft! thank-you -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhiggs at iprsystems.com Sun Dec 9 16:09:24 2001 From: jhiggs at iprsystems.com (Jeremy Higgs) Date: Mon, 10 Dec 2001 09:09:24 +1100 Subject: [pptp-server] Attempts to get PPTPD and PPP working with CHAP In-Reply-To: <200FAA488DE0D41194F10010B597610D2B9339@JUPITER> Message-ID: On 10/12/01 8:37 AM, "George Vieira" wrote: > Your problem is that mppe is not setup on your client system. It doesn't > recognise "mppe-40" as a pppd option.. > > hash that out and try connecting again... but this means your not encrypting > data... > > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > Thanks. I had to edit out all of the mppe-* lines to get it working. I thought I had applied the mppe patch with the debian package I installed for it... Hmmm Anyway, when connecting after the changes, I got this: Dec 10 09:07:10 bluey pptpd[16484]: MGR: No free connection slots or IPs - no more clients can connect! Dec 10 09:07:10 bluey pptpd[16486]: CTRL: Client 144.132.140.185 control connection started Dec 10 09:07:11 bluey pptpd[16486]: CTRL: Starting call (launching pppd, opening GRE) Dec 10 09:07:11 bluey modprobe: modprobe: Invalid line 82 in /etc/modules.conf ^I/lib/modules/2.2.20/ Dec 10 09:07:11 bluey pppd[16487]: pppd 2.4.1 started by root, uid 0 Dec 10 09:07:11 bluey pppd[16487]: Using interface ppp1 Dec 10 09:07:11 bluey pppd[16487]: Connect: ppp1 <--> /dev/pts/2 Dec 10 09:07:13 bluey pptpd[16486]: GRE: Discarding duplicate packet Dec 10 09:07:14 bluey pppd[16487]: CHAP peer authentication failed for remote host piglet Dec 10 09:07:14 bluey pppd[16487]: Connection terminated. Dec 10 09:07:14 bluey pppd[16487]: Exit. Dec 10 09:07:14 bluey pptpd[16486]: GRE: read(fd=5,buffer=10014e54,len=8196) from PTY failed: status = -1 error = Input/output error Dec 10 09:07:14 bluey pptpd[16486]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 10 09:07:14 bluey pptpd[16486]: CTRL: Client 144.132.140.185 control connection finished Dec 10 09:07:14 bluey pptpd[16486]: CTRL: Couldn't write packet to client. So... It seems authentication isn't working... Is there anything I need to fix? Thanks. From GeorgeV at citadelcomputer.com.au Sun Dec 9 16:10:22 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 10 Dec 2001 09:10:22 +1100 Subject: [pptp-server] Attempts to get PPTPD and PPP working with CHAP Message-ID: <200FAA488DE0D41194F10010B597610D2B933D@JUPITER> Your pptpd.conf has 0 free IPs to allow extra connections.. check your pptpd.conf file or email it to us.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Jeremy Higgs [mailto:jhiggs at iprsystems.com] Sent: Monday, 10 December 2001 9:09 AM To: George Vieira; PPTP-Server Subject: Re: [pptp-server] Attempts to get PPTPD and PPP working with CHAP On 10/12/01 8:37 AM, "George Vieira" wrote: > Your problem is that mppe is not setup on your client system. It doesn't > recognise "mppe-40" as a pppd option.. > > hash that out and try connecting again... but this means your not encrypting > data... > > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > Thanks. I had to edit out all of the mppe-* lines to get it working. I thought I had applied the mppe patch with the debian package I installed for it... Hmmm Anyway, when connecting after the changes, I got this: Dec 10 09:07:10 bluey pptpd[16484]: MGR: No free connection slots or IPs - no more clients can connect! Dec 10 09:07:10 bluey pptpd[16486]: CTRL: Client 144.132.140.185 control connection started Dec 10 09:07:11 bluey pptpd[16486]: CTRL: Starting call (launching pppd, opening GRE) Dec 10 09:07:11 bluey modprobe: modprobe: Invalid line 82 in /etc/modules.conf ^I/lib/modules/2.2.20/ Dec 10 09:07:11 bluey pppd[16487]: pppd 2.4.1 started by root, uid 0 Dec 10 09:07:11 bluey pppd[16487]: Using interface ppp1 Dec 10 09:07:11 bluey pppd[16487]: Connect: ppp1 <--> /dev/pts/2 Dec 10 09:07:13 bluey pptpd[16486]: GRE: Discarding duplicate packet Dec 10 09:07:14 bluey pppd[16487]: CHAP peer authentication failed for remote host piglet Dec 10 09:07:14 bluey pppd[16487]: Connection terminated. Dec 10 09:07:14 bluey pppd[16487]: Exit. Dec 10 09:07:14 bluey pptpd[16486]: GRE: read(fd=5,buffer=10014e54,len=8196) from PTY failed: status = -1 error = Input/output error Dec 10 09:07:14 bluey pptpd[16486]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 10 09:07:14 bluey pptpd[16486]: CTRL: Client 144.132.140.185 control connection finished Dec 10 09:07:14 bluey pptpd[16486]: CTRL: Couldn't write packet to client. So... It seems authentication isn't working... Is there anything I need to fix? Thanks. From jditto at woh.rr.com Sun Dec 9 16:19:18 2001 From: jditto at woh.rr.com (joe ditto) Date: Sun, 9 Dec 2001 17:19:18 -0500 Subject: [pptp-server] speed Message-ID: <002001c180ff$8bddf6c0$8402a8c0@joe> i'm a little daft as to logs, which one's would you like to see as to my pptpd.conf file, here you go: ################################################################################ # # Sample PoPToP configuration file # # for PoPToP version 1.0.0 # ################################################################################ # TAG: speed # # Specifies the speed for the PPP daemon to talk at. # Some PPP daemons will ignore this value. # #speed 921600 #115200 # TAG: option # # Specifies the location of the PPP options file. # By default PPP looks in '/etc/ppp/options' # #option /this/is/the/options/file # TAG: debug # # Turns on (more) debugging to syslog. # debug # TAG: localip # TAG: remoteip # # Specifies the local and remote IP address ranges. # # You can specify single IP addresses seperated by commas or you can # specify ranges, or both. For example: # # 192.168.0.234,192.168.0.245-249,192.168.0.254 # # IMPORTANT RESTRICTIONS: # # 1. No spaces are permitted between commas or within addresses. # # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, # you must type 234-238 if you mean this. # # 4. If you give a single localIP, that's ok - all local IPs will # be set to the given one. You MUST still give at least one remote # IP for each simultaneous client. # localip 192.168.0.20 #1-190 remoteip 192.168.0.199 #191-200 # TAG: ipxnets # # This gives the range of IPX networks to allocate to clients. By # default IPX network number allocation is not handled internally. # By putting a low and high network number here a pool of IPX networks # can be defined. If this is done then there must be one IPX network # per client. # # The format is a pair of hex numbers without any 0x prefix separated # by a hyphen. # #ipxnets 00001000-00001FFF # TAG: listen # # Defines the IP address of the local interface on which pptpd # should listen for connections. The default is to listen on all # local interfaces (even ones brought up by pptp connections, thus # permitting pptp tunnels inside the pptp tunnels). # #listen 192.168.0.1 # TAG: pidfile # # This defines the file name in which pptpd should store its process # ID (or pid). The default is /var/run/pptpd.pid. # #pidfile /var/run/pptpd.pid -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Sun Dec 9 16:41:07 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Sun, 9 Dec 2001 17:41:07 -0500 (EST) Subject: [pptp-server] Attempts to get PPTPD and PPP working with CHAP In-Reply-To: Message-ID: On Mon, 10 Dec 2001, Jeremy Higgs wrote: > So... It seems authentication isn't working... Is there anything I need to > fix? Well, I would start with: 1. > Dec 10 09:07:10 bluey pptpd[16484]: MGR: No free connection slots or IPs - > no more clients can connect! 2. > Dec 10 09:07:11 bluey modprobe: modprobe: Invalid line 82 in > /etc/modules.conf ^I/lib/modules/2.2.20/ and 3. > Dec 10 09:07:14 bluey pppd[16487]: CHAP peer authentication failed for > remote host piglet Remember, log files are your friends. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From paul at bsdc.ca Sun Dec 9 17:58:48 2001 From: paul at bsdc.ca (Paul Reed) Date: Sun, 9 Dec 2001 18:58:48 -0500 Subject: [pptp-server] Linux clients can't connect after server kernel update from 2.4.2 to 2.4.12-ac5 References: <20011024132838.1BE1ED1421@poontang.schulte.org> <200110251631.36438@vonkoeller.de> <001f01c15d66$cb19d640$1e6ea8c0@omega> <200112092253.26803@vonkoeller.de> Message-ID: <001b01c1810d$722fae90$1e6ea8c0@omega> Hi Magnus, I currently have a 128-bit MSCHAPv2 patched pptp link setup between a 2.4.9(server) and a 2.4.10(client) box .. The server also hosts for a number of windows ME/98/2000 VPN clients. Both linux boxes are redhat 7.1 with modified kernels. I have yet to try later kernels, been really busy with other stuff, but i'm sure it can be done. If and when I do try newer kernels, I shall post a success story or my problems on the list... :) Let me know if you want my notes on the 2.4.9/10 setup .. i'll see if i can find them. I am also going to CC the list, as someone else maybe able to help as well .. :) Maybe someone who has it working would be willing to post thier setup notes for a later kernel w/MSCHAP 128-bit patches etc ... And Maybe one of these day's i'll set up a faq page like i've wanted to do for some time ... Unless there already is one being maintained somewhere .. then perhaps I could contribute to it... Anyways .. hope this helps, Paul Reed Systems Administrator Black Sheep Digital Corp. paul at bsdc.ca ----- Original Message ----- From: "Magnus von Koeller" To: "Paul Reed" Sent: Sunday, December 09, 2001 4:53 PM Subject: Re: [pptp-server] Linux clients can't connect after server kernel update from 2.4.2 to 2.4.12-ac5 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 25 October 2001 17:07, you wrote: > > Success with 2.4.4, 2.4.9 and 2.4.10, all openssl 0.9.6a-mppe > > patched. ... ppp-2.4.1 openssl-0.9.6-mppe patched. > > Hope this helps .. > > Do you have Linux clients working with this setup? Did you maybe also > try even later kernels? > > - -- > - -M > > - ------- Magnus von Koeller ------ > Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany > Phone: +49-(0)531/2094886 Mobile: +49-(0)179/4562940 > > lp1 on fire (One of the more obfuscated kernel messages) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE8E91vUIvM6e6BgFARAu+nAKCrGKlRO+YuT9KKA/7yyVTv2CRfiQCeOgaE > F5Tx0Llhicf0AYLhXHM8OMQ= > =nCiY > -----END PGP SIGNATURE----- From muralivemuri at multitech.co.in Sun Dec 9 18:30:24 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Mon, 10 Dec 2001 06:00:24 +0530 Subject: [pptp-server] GRE: read error: Protocol not available References: <200FAA488DE0D41194F10010B597610D2B9338@JUPITER> Message-ID: <3C140220.8060383E@multitech.co.in> hey ! i am also getting precisely the same error with kernel 2.4.6, ppp 2.4.1 and pptp 1.0.1 & 1.1.2 ( i tried both). any suggestions ? regds murali George Vieira wrote: > Hey peeps,Rebuilding my firewall and reinstalling all the patches etc > for Kernel 2.4.16 and pppd 2.4.1 but I got errors when connecting > about a protocol not avialable.. I assume it's GRE as below.Which > options could this be in the kernel? Should it be a module or built > into the kernel? It's been a while since I've built kernels and done > anything with pptp.....argh! Dec 10 07:51:48 firewall pptpd[1201]: > CTRL: Starting call (launching pppd, opening GRE) > Dec 10 07:51:48 firewall kernel: CSLIP: code copyright 1989 Regents of > the University of California > Dec 10 07:51:48 firewall kernel: PPP generic driver version 2.4.1 > Dec 10 07:51:48 firewall pppd[1202]: pppd 2.4.1 started by root, uid 0 > > Dec 10 07:51:49 firewall pppd[1202]: Using interface ppp0 > Dec 10 07:51:49 firewall pppd[1202]: Connect: ppp0 <--> /dev/pts/0 > Dec 10 07:51:49 firewall pptpd[1201]: GRE: read error: Protocol not > available > Dec 10 07:51:49 firewall pptpd[1201]: CTRL: PTY read or GRE write > failed (pty,gre)=(5,6) > Dec 10 07:51:49 firewall pptpd[1201]: CTRL: Client x.x.x.x control > connection finished > Dec 10 07:51:49 firewall pppd[1202]: Modem hangup > Dec 10 07:51:49 firewall pppd[1202]: Connection terminated. > Dec 10 07:51:49 firewall pppd[1202]: Exit. > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Sun Dec 9 18:34:19 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 10 Dec 2001 11:34:19 +1100 Subject: [pptp-server] GRE: read error: Protocol not available Message-ID: <200FAA488DE0D41194F10010B597610D2B934D@JUPITER> I think I may have missed something in the kernel compile... Will find out in an hours time if the changes I did may have helped or not... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Monday, 10 December 2001 11:30 AM To: George Vieira Cc: PPTP List (E-mail) Subject: Re: [pptp-server] GRE: read error: Protocol not available hey ! i am also getting precisely the same error with kernel 2.4.6, ppp 2.4.1 and pptp 1.0.1 & 1.1.2 ( i tried both). any suggestions ? regds murali George Vieira wrote: Hey peeps,Rebuilding my firewall and reinstalling all the patches etc for Kernel 2.4.16 and pppd 2.4.1 but I got errors when connecting about a protocol not avialable.. I assume it's GRE as below.Which options could this be in the kernel? Should it be a module or built into the kernel? It's been a while since I've built kernels and done anything with pptp.....argh! Dec 10 07:51:48 firewall pptpd[1201]: CTRL: Starting call (launching pppd, opening GRE) Dec 10 07:51:48 firewall kernel: CSLIP: code copyright 1989 Regents of the University of California Dec 10 07:51:48 firewall kernel: PPP generic driver version 2.4.1 Dec 10 07:51:48 firewall pppd[1202]: pppd 2.4.1 started by root, uid 0 Dec 10 07:51:49 firewall pppd[1202]: Using interface ppp0 Dec 10 07:51:49 firewall pppd[1202]: Connect: ppp0 <--> /dev/pts/0 Dec 10 07:51:49 firewall pptpd[1201]: GRE: read error: Protocol not available Dec 10 07:51:49 firewall pptpd[1201]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 10 07:51:49 firewall pptpd[1201]: CTRL: Client x.x.x.x control connection finished Dec 10 07:51:49 firewall pppd[1202]: Modem hangup Dec 10 07:51:49 firewall pppd[1202]: Connection terminated. Dec 10 07:51:49 firewall pppd[1202]: Exit. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -------------- next part -------------- An HTML attachment was scrubbed... URL: From EBennett at powerlan.com.au Sun Dec 9 20:58:43 2001 From: EBennett at powerlan.com.au (EBennett at powerlan.com.au) Date: Mon, 10 Dec 2001 13:58:43 +1100 Subject: [pptp-server] pptp w radius authentication on a solaris system Message-ID: Hi all, Just about to embark on a project which it doesn't appear a lot of people have done before after looking over some list traffic, is there anyone out there who's configured poptop on solaris? Is this a difficult project or pretty much the same as under linux? How is streams encryption handled, I know it's a kernel component in linux but I don't see how it would be done in solaris. Any assistance and reference points appreciated. Thanks in advance. Regards Eric -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Sun Dec 9 21:14:04 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Mon, 10 Dec 2001 08:44:04 +0530 Subject: [pptp-server] GRE: read error: Protocol not available References: <200FAA488DE0D41194F10010B597610D2B934D@JUPITER> Message-ID: <3C14287C.15182B22@multitech.co.in> hey, i am getting inconsistent errors. some times i get the error " Error with select (), quitting" and some other times, i get the error " PTY read or GRE write failed" i am using kernel 2.4.6, ppp 2.4.1 and pptp 1.0.1 , 1.1.2 ( i had been getting the same problem with both). client is win 98 machine ppp link is fine with mppe -40 encryption. also, if i enable only "mppe-128" on the server, he fails to connect. any ideas? regds murali krishna vemuri George Vieira wrote: > I think I may have missed something in the kernel compile... Will find > out in an hours time if the changes I did may have helped or not... > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > Sent: Monday, 10 December 2001 11:30 AM > To: George Vieira > Cc: PPTP List (E-mail) > Subject: Re: [pptp-server] GRE: read error: Protocol not available > hey ! > > i am also getting precisely the same error with kernel 2.4.6, ppp > 2.4.1 and pptp 1.0.1 & 1.1.2 ( i tried both). > any suggestions ? > regds > murali > George Vieira wrote: > >> Hey peeps,Rebuilding my firewall and reinstalling all the patches >> etc for Kernel 2.4.16 and pppd 2.4.1 but I got errors when >> connecting about a protocol not avialable.. I assume it's GRE as >> below.Which options could this be in the kernel? Should it be a >> module or built into the kernel? It's been a while since I've built >> kernels and done anything with pptp.....argh!Dec 10 07:51:48 >> firewall pptpd[1201]: CTRL: Starting call (launching pppd, opening >> GRE) >> Dec 10 07:51:48 firewall kernel: CSLIP: code copyright 1989 Regents >> of the University of California >> Dec 10 07:51:48 firewall kernel: PPP generic driver version 2.4.1 >> Dec 10 07:51:48 firewall pppd[1202]: pppd 2.4.1 started by root, uid >> 0 >> Dec 10 07:51:49 firewall pppd[1202]: Using interface ppp0 >> Dec 10 07:51:49 firewall pppd[1202]: Connect: ppp0 <--> /dev/pts/0 >> Dec 10 07:51:49 firewall pptpd[1201]: GRE: read error: Protocol not >> available >> Dec 10 07:51:49 firewall pptpd[1201]: CTRL: PTY read or GRE write >> failed (pty,gre)=(5,6) >> Dec 10 07:51:49 firewall pptpd[1201]: CTRL: Client x.x.x.x control >> connection finished >> Dec 10 07:51:49 firewall pppd[1202]: Modem hangup >> Dec 10 07:51:49 firewall pppd[1202]: Connection terminated. >> Dec 10 07:51:49 firewall pppd[1202]: Exit. >> >> thanks, >> George Vieira >> Systems Manager >> Citadel Computer Systems P/L > -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Sun Dec 9 21:14:21 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 10 Dec 2001 14:14:21 +1100 Subject: [pptp-server] GRE: read error: Protocol not available Message-ID: <200FAA488DE0D41194F10010B597610D2B935D@JUPITER> He most likely only supports 40bit encryption.. he might have to download DUN1.4 from microsoft and update it. Did you compile your PPPD driver as a module or built into the kernel? Can you paste a small section of a complete pppd connection which fails..? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Monday, 10 December 2001 2:14 PM To: George Vieira Cc: PPTP List (E-mail) Subject: Re: [pptp-server] GRE: read error: Protocol not available hey, i am getting inconsistent errors. some times i get the error " Error with select (), quitting" and some other times, i get the error " PTY read or GRE write failed" i am using kernel 2.4.6, ppp 2.4.1 and pptp 1.0.1 , 1.1.2 ( i had been getting the same problem with both). client is win 98 machine ppp link is fine with mppe -40 encryption. also, if i enable only "mppe-128" on the server, he fails to connect. any ideas? regds murali krishna vemuri George Vieira wrote: I think I may have missed something in the kernel compile... Will find out in an hours time if the changes I did may have helped or not... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [ mailto:muralivemuri at multitech.co.in ] Sent: Monday, 10 December 2001 11:30 AM To: George Vieira Cc: PPTP List (E-mail) Subject: Re: [pptp-server] GRE: read error: Protocol not available hey ! i am also getting precisely the same error with kernel 2.4.6, ppp 2.4.1 and pptp 1.0.1 & 1.1.2 ( i tried both). any suggestions ? regds murali George Vieira wrote: Hey peeps,Rebuilding my firewall and reinstalling all the patches etc for Kernel 2.4.16 and pppd 2.4.1 but I got errors when connecting about a protocol not avialable.. I assume it's GRE as below.Which options could this be in the kernel? Should it be a module or built into the kernel? It's been a while since I've built kernels and done anything with pptp.....argh!Dec 10 07:51:48 firewall pptpd[1201]: CTRL: Starting call (launching pppd, opening GRE) Dec 10 07:51:48 firewall kernel: CSLIP: code copyright 1989 Regents of the University of California Dec 10 07:51:48 firewall kernel: PPP generic driver version 2.4.1 Dec 10 07:51:48 firewall pppd[1202]: pppd 2.4.1 started by root, uid 0 Dec 10 07:51:49 firewall pppd[1202]: Using interface ppp0 Dec 10 07:51:49 firewall pppd[1202]: Connect: ppp0 <--> /dev/pts/0 Dec 10 07:51:49 firewall pptpd[1201]: GRE: read error: Protocol not available Dec 10 07:51:49 firewall pptpd[1201]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 10 07:51:49 firewall pptpd[1201]: CTRL: Client x.x.x.x control connection finished Dec 10 07:51:49 firewall pppd[1202]: Modem hangup Dec 10 07:51:49 firewall pppd[1202]: Connection terminated. Dec 10 07:51:49 firewall pppd[1202]: Exit. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -------------- next part -------------- An HTML attachment was scrubbed... URL: From jditto at woh.rr.com Sun Dec 9 21:39:00 2001 From: jditto at woh.rr.com (joe ditto) Date: Sun, 9 Dec 2001 22:39:00 -0500 Subject: [pptp-server] speed Message-ID: <002d01c1812c$34beace0$8402a8c0@joe> also i have a router separating my server from the internet. server is connected directly to my isp across the street on a cat5 cable and the client is on a roadrunner cable modem connection. by manually setting doing a ping from my client to the remote router (ping 1.2.3.4 -f -l 1472) i get no fragmentation. can fragmentation cause this much trouble in terms of performance. and by changing the mtu and mru values in the /ppp/options affect the pptp connection between client and server or is their something else i have to look at. looking through regedit on the windows machine i noticed 3 string values called automatic, large, medium, small set to 0,1500, 1000, 576 in several keys referencing network connections. the more i get into this the more frustrated i get. can someone please help me with fine tuning my connection. I humbly Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Sun Dec 9 21:51:48 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Mon, 10 Dec 2001 09:21:48 +0530 Subject: [pptp-server] GRE: read error: Protocol not available References: <200FAA488DE0D41194F10010B597610D2B935D@JUPITER> Message-ID: <3C143154.9F41FBC7@multitech.co.in> hi, attached file is the message posted when the connection fails due to mppe-128. it has another curious message as well: " cannot find eth0 for proxy arp". also, i was digging a bit more into the PPTP error. when i use 1.1.2, i get the error " PTY read or GRE write failed" if i use 1.0.1 i get " error with select ()". any ideas? regds murali krishna vemuri George Vieira wrote: > He most likely only supports 40bit encryption.. he might have to > download DUN1.4 from microsoft and update it.Did you compile your PPPD > driver as a module or built into the kernel?Can you paste a small > section of a complete pppd connection which fails..? > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > Sent: Monday, 10 December 2001 2:14 PM > To: George Vieira > Cc: PPTP List (E-mail) > Subject: Re: [pptp-server] GRE: read error: Protocol not available > hey, > > i am getting inconsistent errors. some times i get the error " Error > with select (), quitting" > and some other times, i get the error " PTY read or GRE write failed" > i am using kernel 2.4.6, ppp 2.4.1 and pptp 1.0.1 , 1.1.2 ( i had been > getting the same problem with both). > client is win 98 machine ppp link is fine with mppe -40 encryption. > also, if i enable only "mppe-128" on the server, he fails to connect. > any ideas? > regds > murali krishna vemuri > George Vieira wrote: -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- Dec 10 09:15:37 yogi mgetty[4311]: data dev=ttyS0, pid=4311, caller='none', conn='14400 LAPM', name='', cmd='/usr/sbin/pppd', user='/AutoPPP/' Dec 10 09:15:38 yogi pppd[4311]: pppd 2.4.1 started by a_ppp, uid 0 Dec 10 09:15:38 yogi pppd[4311]: Using interface ppp0 Dec 10 09:15:38 yogi pppd[4311]: Connect: ppp0 <--> /dev/ttyS0 Dec 10 09:15:39 yogi automount[725]: attempting to mount entry /misc/.directory Dec 10 09:15:39 yogi automount[4341]: lookup(file): lookup for .directory failed Dec 10 09:15:41 yogi kernel: PPP BSD Compression module registered Dec 10 09:15:41 yogi kernel: PPP Deflate Compression module registered Dec 10 09:15:41 yogi pppd[4311]: MSCHAP-v2 peer authentication succeeded for murali Dec 10 09:15:42 yogi pppd[4311]: Cannot determine ethernet address for proxy ARP Dec 10 09:15:42 yogi pppd[4311]: local IP address 10.110.2.1 Dec 10 09:15:42 yogi pppd[4311]: remote IP address 10.110.2.3 Dec 10 09:15:42 yogi pppd[4311]: MPPE 40 bit, non-stateless transmit compression enabled Dec 10 09:15:42 yogi pppd[4311]: CCP terminated by peer Dec 10 09:15:42 yogi pppd[4311]: Compression disabled by peer. Dec 10 09:15:42 yogi pppd[4311]: LCP terminated by peer Dec 10 09:15:43 yogi pppd[4311]: Hangup (SIGHUP) Dec 10 09:15:43 yogi pppd[4311]: Modem hangup Dec 10 09:15:43 yogi pppd[4311]: Connection terminated. Dec 10 09:15:43 yogi pppd[4311]: Connect time 0.1 minutes. Dec 10 09:15:43 yogi pppd[4311]: Sent 133 bytes, received 127 bytes. Dec 10 09:15:43 yogi pppd[4311]: Exit. From GeorgeV at citadelcomputer.com.au Sun Dec 9 21:54:30 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 10 Dec 2001 14:54:30 +1100 Subject: [pptp-server] GRE: read error: Protocol not available Message-ID: <200FAA488DE0D41194F10010B597610D2B9364@JUPITER> I don't see any mention of the error messages below except for proxy arp. Proxyarp only works if your internal LAN address is in the same network as your VPN addresses.... IE.. LAN Clients VPN Server LAN IP VPN Client 192.168.0.1-200 <----> 192.168.0.254 <-----// Internet//-------> 192.168.0.201 Because the VPN client has an IP which is the same as the local LAN, proxyarp will respond to network packets destined to 192.168.0.201 and forward them on to the VPN client if ip_forward is enabled... Everybody makes this mistake/misunderstanding. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Monday, 10 December 2001 2:52 PM To: George Vieira Cc: PPTP List (E-mail) Subject: Re: [pptp-server] GRE: read error: Protocol not available hi, attached file is the message posted when the connection fails due to mppe-128. it has another curious message as well: " cannot find eth0 for proxy arp". also, i was digging a bit more into the PPTP error. when i use 1.1.2, i get the error " PTY read or GRE write failed" if i use 1.0.1 i get " error with select ()". any ideas? regds murali krishna vemuri George Vieira wrote: He most likely only supports 40bit encryption.. he might have to download DUN1.4 from microsoft and update it.Did you compile your PPPD driver as a module or built into the kernel?Can you paste a small section of a complete pppd connection which fails..? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [ mailto:muralivemuri at multitech.co.in ] Sent: Monday, 10 December 2001 2:14 PM To: George Vieira Cc: PPTP List (E-mail) Subject: Re: [pptp-server] GRE: read error: Protocol not available hey, i am getting inconsistent errors. some times i get the error " Error with select (), quitting" and some other times, i get the error " PTY read or GRE write failed" i am using kernel 2.4.6, ppp 2.4.1 and pptp 1.0.1 , 1.1.2 ( i had been getting the same problem with both). client is win 98 machine ppp link is fine with mppe -40 encryption. also, if i enable only "mppe-128" on the server, he fails to connect. any ideas? regds murali krishna vemuri George Vieira wrote: -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Sun Dec 9 21:56:00 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Sun, 9 Dec 2001 22:56:00 -0500 (EST) Subject: [pptp-server] pptp w radius authentication on a solaris system In-Reply-To: Message-ID: On Mon, 10 Dec 2001 EBennett at powerlan.com.au wrote: > Just about to embark on a project which it doesn't appear a lot of people > have done before after looking over some list traffic, is there anyone out > there who's configured poptop on solaris? Is this a difficult project or > pretty much the same as under linux? How is streams encryption handled, I > know it's a kernel component in linux but I don't see how it would be done > in solaris. See ppp-2.4.1/solaric/ppp_comp.c: /* * ppp_comp.c - STREAMS module for kernel-level compression and CCP support. * ... MPPE is a PPP compression protocol - even though it does compression, and even though it makes the payload larger, not smaller - remember, this is a Microsoft hack. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From muralivemuri at multitech.co.in Sun Dec 9 22:19:04 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Mon, 10 Dec 2001 09:49:04 +0530 Subject: [pptp-server] error with 1.1.2 & 1.0.1 Message-ID: <3C1437B8.6F81D22F@multitech.co.in> well................ i am attaching two files which are " copy - pastes " of /var/log/messages with 1.1.2 ( text1) and 1.0.1 (text2). juz go through and may be you can help me : kernel : 2.4.6 ppp 2.4.1 pptp : poptop 1.0.1 & 1.1.2 regds murali -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- Dec 10 09:11:24 yogi pptpd[3694]: CTRL: Client 10.110.2.3 control connection started Dec 10 09:11:24 yogi pptpd[3694]: CTRL: Starting call (launching pppd, opening GRE) Dec 10 09:11:24 yogi pppd[3697]: pppd 2.4.1 started by root, uid 0 Dec 10 09:11:24 yogi pppd[3697]: Using interface ppp1 Dec 10 09:11:24 yogi pppd[3697]: Connect: ppp1 <--> /dev/pts/3 Dec 10 09:11:25 yogi pptpd[3694]: CTRL: Error with select(), quitting Dec 10 09:11:25 yogi pptpd[3694]: CTRL: Client 10.110.2.3 control connection finished Dec 10 09:11:25 yogi pppd[3697]: Modem hangup Dec 10 09:11:25 yogi pppd[3697]: Connection terminated. Dec 10 09:11:25 yogi pppd[3697]: Exit. -------------- next part -------------- Dec 10 09:25:30 yogi pptpd[4520]: CTRL: Client 10.110.2.3 control connection started Dec 10 09:25:30 yogi pptpd[4520]: CTRL: Starting call (launching pppd, opening GRE) Dec 10 09:25:30 yogi pppd[4521]: pppd 2.4.1 started by root, uid 0 Dec 10 09:25:30 yogi pppd[4521]: Using interface ppp1 Dec 10 09:25:30 yogi pppd[4521]: Connect: ppp1 <--> /dev/pts/3 Dec 10 09:25:30 yogi pppd[4521]: Modem hangup Dec 10 09:25:30 yogi pppd[4521]: Connection terminated. Dec 10 09:25:30 yogi pppd[4521]: Exit. Dec 10 09:26:00 yogi pptpd[4520]: GRE: read error: Bad file descriptor Dec 10 09:26:00 yogi pptpd[4520]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Dec 10 09:26:00 yogi pptpd[4520]: CTRL: Client 10.110.2.3 control connection finished Dec 10 09:42:12 yogi automount[725]: attempting to mount entry /misc/.directory Dec 10 09:42:12 yogi automount[4607]: lookup(file): lookup for .directory failed From muralivemuri at multitech.co.in Mon Dec 10 00:29:14 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Mon, 10 Dec 2001 11:59:14 +0530 Subject: [pptp-server] pptp is not coming up Message-ID: <3C14563A.74167B08@multitech.co.in> hi , I am using the following setup and my configuration files are attached. kernel 2.4.6 ppp 2.4.1, pptp 1.0.1 & 1.1.2 ( i tried both) i get the error " PTY read or GRE write failed" with pptp 1.1.2 and "Error with select ()" with pptp 1.0.1 and in either case, the client (win98 ) gets this message " The microsoft dial-up adapter is in use or not responding properly. disconnect other connections and then try again if the problem persists, shut down and restart your computer" and the client is not at all able to connect to the server. regds murali -------------- next part -------------- debug #noccp #asyncmap 0 name yogi #/dev/ttys0 proxyarp notty lock auth login require-chap require-pap 10.110.2.1:10.110.2.3 #192.168.1.240:192.168.1.241 +chap +chapms +chapms-v2 +mppe-40 +mppe-128 +mppe-stateless logfile /var/log/ppp.log -------------- next part -------------- +chap +chapms +chapms-v2 chapms-strip-domain mppe-40 #mppe-128 require-chap require-mppe -------------- next part -------------- # Secrets for authentication using CHAP # client server secret IP addresses murali * murali * -------------- next part -------------- ################################################################################ # # Sample PoPToP configuration file # # for PoPToP version 1.0.1 # ################################################################################ # TAG: speed # # Specifies the speed for the PPP daemon to talk at. # Some PPP daemons will ignore this value. # speed 19200 # TAG: option # # Specifies the location of the PPP options file. # By default PPP looks in '/etc/ppp/options' # #option /this/is/the/options/file # TAG: debug # # Turns on (more) debugging to syslog. # debug localip 192.168.1.230 remoteip 192.168.1.235-240 logfile /var/log/pptpd.log # TAG: localip # TAG: remoteip # # Specifies the local and remote IP address ranges. # # You can specify single IP addresses seperated by commas or you can # specify ranges, or both. For example: # # 192.168.0.234,192.168.0.245-249,192.168.0.254 # # IMPORTANT RESTRICTIONS: # # 1. No spaces are permitted between commas or within addresses. # # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, # you must type 234-238 if you mean this. # # 4. If you give a single localIP, that's ok - all local IPs will # be set to the given one. You MUST still give at least one remote # IP for each simultaneous client. # #localip 192.168.0.234-238,192.168.0.245 #remoteip 192.168.1.234-238,192.168.1.245 # TAG: ipxnets # # This gives the range of IPX networks to allocate to clients. By # default IPX network number allocation is not handled internally. # By putting a low and high network number here a pool of IPX networks # can be defined. If this is done then there must be one IPX network # per client. # # The format is a pair of hex numbers without any 0x prefix separated # by a hyphen. # #ipxnets 00001000-00001FFF # TAG: listen # # Defines the IP address of the local interface on which pptpd # should listen for connections. The default is to listen on all # local interfaces (even ones brought up by pptp connections, thus # permitting pptp tunnels inside the pptp tunnels). # #listen 192.168.0.1 # TAG: pidfile # # This defines the file name in which pptpd should store its process # ID (or pid). The default is /var/run/pptpd.pid. # pidfile /var/run/pptpd.pid From mirek31 at yahoo.com Mon Dec 10 02:05:36 2001 From: mirek31 at yahoo.com (Mirek Horvath) Date: Mon, 10 Dec 2001 00:05:36 -0800 (PST) Subject: [pptp-server] WIN 98 (95) problem Message-ID: <20011210080536.19345.qmail@web20606.mail.yahoo.com> Hi, I successfuly configured PPtPD for W2K. I am trying to use the same config for WIN98, but I could not see anything behind PPtPD machine. My working setup is W2K --->Linux PPtPD---->internal web or mail I would like to get up and running this config: W98 --->Linux PPtPD---->internal web or mail. There is my options file: name * lock noauth proxyarp +chap +chapms-v2 mppe-40 mppe-128 mppe-stateless There is may pptpd.conf file: debug localip 10.1.1.7 remoteip 10.1.1.70-79 The linux server is behind firewall, but I do not suppose, that there could be any problem, because my W2K configuration is working... Do you have any suggestions, whay I am not able to access the local web server? It looks for outside internet address and no for inside one (10.1.1.4). It is working without any problems in W2K config... Thank you for any ideas mirek __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com From jhiggs at iprsystems.com Mon Dec 10 02:44:09 2001 From: jhiggs at iprsystems.com (Jeremy Higgs) Date: Mon, 10 Dec 2001 19:44:09 +1100 Subject: [pptp-server] Attempts to get PPTPD and PPP working with CHAP In-Reply-To: <200FAA488DE0D41194F10010B597610D2B933D@JUPITER> Message-ID: On 10/12/01 9:10 AM, "George Vieira" wrote: > Your pptpd.conf has 0 free IPs to allow extra connections.. > > check your pptpd.conf file or email it to us.. > > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > I assume that's the 'localip' and 'remoteip' options in the conf file? I haven't edited the pptp.conf file, but I have two subnets that I am able to use Ips from... Both connected to the linux box. I assume that when a user connects to the pptp server, it effectively gains one of the Ips specified? If so... What do I need to put in localip and remoteip? The man page wasn't too clear on exactly what the difference was between them. Thanks! From dholmes at bigpond.net.au Mon Dec 10 03:58:09 2001 From: dholmes at bigpond.net.au (Janet Holmes) Date: Mon, 10 Dec 2001 20:58:09 +1100 Subject: [pptp-server] Attempts to get PPTPD and PPP working with CHAP Message-ID: <01C181BD.60432620.dholmes@bigpond.net.au> Hii Jem > > I assume that's the 'localip' and 'remoteip' options in the conf file? > > I haven't edited the pptp.conf file, but I have two subnets that I am able > to use Ips from... Both connected to the linux box. I assume that when a > user connects to the pptp server, it effectively gains one of the Ips > specified? > Yup, that's what happens > If so... What do I need to put in localip and remoteip? The man page wasn't > too clear on exactly what the difference was between them. > Put one of your spare IP's as the localip. This is the address given to the PPTP server end of the link Put a range of IP's as the remoteip. One of these will be given to the PPTP client end of the link. If you want to use proxyarp, the remoteip range needs to be in your spare IP's, otherwise it can be any range. The range size should allow for the maximum number of simultaneous PPTP connections. Dougal -- Dougal Holmes (at home) mailto:dholmes at bigpond.net.au From gustav.jansen at lincom.no Mon Dec 10 08:18:43 2001 From: gustav.jansen at lincom.no (Gustav Jansen) Date: Mon, 10 Dec 2001 15:18:43 +0100 (CET) Subject: [pptp-server] PoPToP and PAM In-Reply-To: <01C181BD.60432620.dholmes@bigpond.net.au> Message-ID: Hi! I was wondering if there is any possibility to verify login to a pptpd server using PAM. Or if there are any plans on developing support for this auth. mechanism? -- regards Gustav Jansen Linux Communications AS http://www.lincom.no/ 1AB5 1DD3 4412 9F03 1A4D 9C64 4763 DD26 62DA 54BF From gustav.jansen at lincom.no Mon Dec 10 09:40:46 2001 From: gustav.jansen at lincom.no (Gustav Jansen) Date: Mon, 10 Dec 2001 16:40:46 +0100 (CET) Subject: [pptp-server] PoPToP and PAM In-Reply-To: Message-ID: On Mon, 10 Dec 2001, Josh Howlett wrote: > Use the "login" option in your pppd options file. > > You can only use this with PAP auth. What I was thinking, was that if I could login via PAM, I could use the PAM-module that ships with Samba, to authenticate to a Win2000 PDC. But I still need the CHAP protocol(or similar) to have a secure( more secure) way of transferring the passwords. > On Mon, 10 Dec 2001, Gustav Jansen wrote: > > I was wondering if there is any possibility to verify login to a pptpd > > server using PAM. Or if there are any plans on developing support for this > > auth. mechanism? -- regards Gustav Jansen Linux Communications AS http://www.lincom.no/ 1AB5 1DD3 4412 9F03 1A4D 9C64 4763 DD26 62DA 54BF From Josh.Howlett at bristol.ac.uk Mon Dec 10 08:44:01 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Mon, 10 Dec 2001 14:44:01 +0000 (GMT) Subject: [pptp-server] PoPToP and PAM In-Reply-To: Message-ID: On Mon, 10 Dec 2001, Gustav Jansen wrote: > On Mon, 10 Dec 2001, Josh Howlett wrote: > > Use the "login" option in your pppd options file. > > > > You can only use this with PAP auth. > > What I was thinking, was that if I could login via PAM, I could use the > PAM-module that ships with Samba, to authenticate to a Win2000 PDC. But > I still need the CHAP protocol(or similar) to have a > secure( more secure) way of transferring the passwords. This isn't possible using PAM. > > On Mon, 10 Dec 2001, Gustav Jansen wrote: > > > I was wondering if there is any possibility to verify login to a pptpd > > > server using PAM. Or if there are any plans on developing support for this > > > auth. mechanism? > > -- > regards > > Gustav Jansen > Linux Communications AS > > http://www.lincom.no/ > > 1AB5 1DD3 4412 9F03 1A4D 9C64 4763 DD26 62DA 54BF > > --------------------------------------- Josh Howlett, Network Support Officer, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From charlieb at e-smith.com Mon Dec 10 08:47:27 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 10 Dec 2001 09:47:27 -0500 (EST) Subject: [pptp-server] Attempts to get PPTPD and PPP working with CHAP In-Reply-To: <01C181BD.60432620.dholmes@bigpond.net.au> Message-ID: On Mon, 10 Dec 2001, Janet (but actually Dougal) Holmes wrote: > > If so... What do I need to put in localip and remoteip? The man page > wasn't > > too clear on exactly what the difference was between them. > > Put one of your spare IP's as the localip. This is the address given to the > PPTP server end of the link There's very rarely any reason to use a spare IP as the localip. Use the same IP as the local ethernet interface of the server. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From dick at tienhuis.nl Mon Dec 10 10:55:19 2001 From: dick at tienhuis.nl (Dick Visser) Date: Mon, 10 Dec 2001 17:55:19 +0100 (CET) Subject: [pptp-server] no route to host problem Message-ID: Hi I am trying to set up a VPN from an w2k client to my linux box. Linux = 2.4.8, pppd = 2.4.0 I have not yet entered the encryption stage... If I do a connect to the box, this shows up in the logfile: CTRL: Client 192.87.30.65 control connection started CTRL: Starting call (launching pppd, opening GRE) pppd 2.4.0 started by root, uid 0 using channel 33 Using interface ppp1 Connect: ppp1 <--> /dev/pts/3 sent [LCP ConfReq id=0x1 ] GRE: Discarding duplicate packet GRE: read(fd=6,buffer=bfffd520,len=8260) from network failed: status = -1 error = No route to host CTRL: GRE read or PTY write failed (gre,pty)=(6,5) CTRL: Client 192.87.30.65 control connection finished Modem hangup Connection terminated. Exit. /etc/options.pptpd: lock debug +chap /etc/pptpd.conf: speed 115200 option /etc/ppp/options.pptpd localip 192.168.0.1 remoteip 192.168.0.100-101 The linux box is connected with ADSL to the internet. The ISP I have uses already a PPTP connection. SO one of my ethercards has 10.0.0.150, the ADSL modem is 10.0.0.138, and between these is a pptp tunnel. Therefore ppp0 is my internet interface. eth0: 10.0.0.150 <---> ADSL-modem 10.0.0.138 ppp0: 213.84.57.x eth1: 192.168.0.1 (local interface for my firewalled LAN) Is it possible that this setup is not going to work? I mean it should be able to work, but a tunnel in a tunnel is not exactly straighforward. I heard of a trick with the ADSL modem that makes the modem itself do the pptp setup, so if that works, I would have just a static IP on my NIC like this: eth0: 213.84.57.x eth1: 192.168.0.1 Any Hints? -- * *** Dick Visser ** * * TIENHUIS Networking * * *** J. Catskade 10h Phone: +3120 6843731 * * * * 1052 BW Amsterdam Fax: +3120 8641420 * ** * The Netherlands Cell: +3162 2698108 * * * WWW: http://www.tienhuis.nl * * * Email: d.n.m.visser at tienhuis.nl *** *** PGP-key: http://www.tienhuis.nl/pgp.key From jhenson at connecterra.com Mon Dec 10 12:14:40 2001 From: jhenson at connecterra.com (Jimmy Henson) Date: Mon, 10 Dec 2001 13:14:40 -0500 Subject: [pptp-server] Newbie question: routing problem? Message-ID: <001001c181a6$89225f50$667ba8c0@waltham> Hi folks, I've been able to get my Linux pptpd server up and running, thanks to the fine HOWTO document prepared by Mr. Spotswood. But I have a strange problem, and my logs aren't providing any helpful clues. My pptpd server is running behind a SMC Barricade firewall, and I've opened port 1723 to the server. The firewall performs NATting, of course, and the pptpd server sits on the LAN. With a Windows client (Win 2K and Win ME tested) on the WAN, I can connect to the pptpd server with no problem. However, after I connect, I can't ping *anything* on the VPN -- not even the pptpd server to which I'm connected! The pptpd server isn't running a firewall (e.g. netfilter/iptables), and from the pptpd server console, I can see (ping) the rest of my LAN. As for the cause of my problem, I've considered several possibilities: * GRE. Is my firewall incapable of passing GRE? * Mis-configured kernel. I recompiled my kernel in order to get pptpd to work -- could I have left out an important module? * Routing. My pptpd server is running on a single NIC box. Do I still need to worry about routing (e.g. do I need to run "routed" and/or enable ipv4 packet forwarding?) I'm stumped. Am I overlooking something incredibly basic?? Thanks for reading, Jimmy -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhenson at connecterra.com Mon Dec 10 12:57:59 2001 From: jhenson at connecterra.com (Jimmy Henson) Date: Mon, 10 Dec 2001 13:57:59 -0500 Subject: [pptp-server] =?iso-8859-1?Q?Re:_=5Bpptp-server=5D_Newbie_question:_=A0routing_proble?= =?iso-8859-1?Q?m=3F?= References: Message-ID: <001e01c181ac$964f9340$667ba8c0@waltham> I tested again with a client on the local LAN, and with this setup, I can ping the pptpd server, but I still can't ping anything else on the subnet... ----- Original Message ----- From: Scott Taylor To: jhenson at connecterra.com Sent: Monday, December 10, 2001 1:46 PM Subject: Re: [pptp-server] Newbie question: routing problem? You also need to pass protocol 47 through your firewal for the connection to work THERE IS ONLY ONE... SOCCER.COM, The Center of the Soccer Universe http://www.soccer.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Mon Dec 10 14:46:12 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 11 Dec 2001 07:46:12 +1100 Subject: [pptp-server] WIN 98 (95) problem Message-ID: <200FAA488DE0D41194F10010B597610D2B9371@JUPITER> I can only think this may be a routing problem. Have you tried a "route print" command between the two? My feeling is that possibly the W2K machine is adding a route for the VPN network whereas the W98 may not be..??? Also, have you made sure the default gateway option has been removed from the W98 machine? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Mirek Horvath [mailto:mirek31 at yahoo.com] Sent: Monday, 10 December 2001 7:06 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] WIN 98 (95) problem Hi, I successfuly configured PPtPD for W2K. I am trying to use the same config for WIN98, but I could not see anything behind PPtPD machine. My working setup is W2K --->Linux PPtPD---->internal web or mail I would like to get up and running this config: W98 --->Linux PPtPD---->internal web or mail. There is my options file: name * lock noauth proxyarp +chap +chapms-v2 mppe-40 mppe-128 mppe-stateless There is may pptpd.conf file: debug localip 10.1.1.7 remoteip 10.1.1.70-79 The linux server is behind firewall, but I do not suppose, that there could be any problem, because my W2K configuration is working... Do you have any suggestions, whay I am not able to access the local web server? It looks for outside internet address and no for inside one (10.1.1.4). It is working without any problems in W2K config... Thank you for any ideas mirek __________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Mon Dec 10 14:52:13 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 11 Dec 2001 07:52:13 +1100 Subject: [pptp-server] Newbie question: routing problem? Message-ID: <200FAA488DE0D41194F10010B597610D2B9372@JUPITER> We really need to have a peep at your logs for pppd. I don't think your SMC firewall is passing/NATing GRE through is it? I don't even think this will work as I've seen talks about NATing which doesn't work for pptpd.. Have you tried connecting to your server within the LAN (locally).. if this works then your setup/options are fine but the outside conection is the problem. My bet it's the SMC firewall.. Don't forget to pass protocol 47. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Jimmy Henson [mailto:jhenson at connecterra.com] Sent: Tuesday, 11 December 2001 5:15 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Newbie question: routing problem? Hi folks, I've been able to get my Linux pptpd server up and running, thanks to the fine HOWTO document prepared by Mr. Spotswood. But I have a strange problem, and my logs aren't providing any helpful clues. My pptpd server is running behind a SMC Barricade firewall, and I've opened port 1723 to the server. The firewall performs NATting, of course, and the pptpd server sits on the LAN. With a Windows client (Win 2K and Win ME tested) on the WAN, I can connect to the pptpd server with no problem. However, after I connect, I can't ping *anything* on the VPN -- not even the pptpd server to which I'm connected! The pptpd server isn't running a firewall (e.g. netfilter/iptables), and from the pptpd server console, I can see (ping) the rest of my LAN. As for the cause of my problem, I've considered several possibilities: * GRE. Is my firewall incapable of passing GRE? * Mis-configured kernel. I recompiled my kernel in order to get pptpd to work -- could I have left out an important module? * Routing. My pptpd server is running on a single NIC box. Do I still need to worry about routing (e.g. do I need to run "routed" and/or enable ipv4 packet forwarding?) I'm stumped. Am I overlooking something incredibly basic?? Thanks for reading, Jimmy -------------- next part -------------- An HTML attachment was scrubbed... URL: From dick at tienhuis.nl Mon Dec 10 15:48:53 2001 From: dick at tienhuis.nl (Dick Visser) Date: Mon, 10 Dec 2001 22:48:53 +0100 (CET) Subject: [pptp-server] Re: no route to host problem Message-ID: Hi I found what was wrong with my setup. In the /etc/pptpd.conf file, I put a statement like this: option /etc/ppp/options.pptpd It seems that this file is parsed OK, but that the default options for pppd (usually /etc/ppp/options) is also parsed. In this file was the option "noipdefault". I commented that out and it worked. There is a posting in comp.protocols.ppp stating this. As far as I can see, this is a bug in the software; pptpd should parse *only* the given configfile, and not append it to the existing default. I know this is done with the pppd "call" statement, and currently it seems to use the "file" statement. Correct me if I'm wrong :) Here's the link: http://groups.google.com/groups?q=pptpd+options&hl=en&rnum=4&selm=3A5341EF.94D4E62A%40free.fr.NOSPAM.invalid Regards, -- * *** Dick Visser ** * * TIENHUIS Networking * * *** J. Catskade 10h Phone: +3120 6843731 * * * * 1052 BW Amsterdam Fax: +3120 8641420 * ** * The Netherlands Cell: +3162 2698108 * * * WWW: http://www.tienhuis.nl * * * Email: d.n.m.visser at tienhuis.nl *** *** PGP-key: http://www.tienhuis.nl/pgp.key From GeorgeV at citadelcomputer.com.au Mon Dec 10 16:01:20 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 11 Dec 2001 09:01:20 +1100 Subject: [pptp-server] Re: no route to host problem Message-ID: <200FAA488DE0D41194F10010B597610D2B9374@JUPITER> Yes, This is a lesson for all of us.. I found this out too a long time ago and my lesson is to NEVER put anything in /etc/ppp/options file and to specify everything required into it's own options file eg. /etc/ppp/options.dialinuser /etc/ppp/options.pptpd /etc/ppp/options.dialout /etc/ppp/options.anotherspecialsetup this way every pppd called must specify which option file is needed and since it reads /etc/ppp/options, there's nothing in it and so it does nothing for it. I've found that the /etc/ppp/options is like a global file and is always read if it exists... pppd man page specifies the order of overiding and command line is first priority.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Dick Visser [mailto:dick at tienhuis.nl] Sent: Tuesday, 11 December 2001 8:49 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Re: no route to host problem Hi I found what was wrong with my setup. In the /etc/pptpd.conf file, I put a statement like this: option /etc/ppp/options.pptpd It seems that this file is parsed OK, but that the default options for pppd (usually /etc/ppp/options) is also parsed. In this file was the option "noipdefault". I commented that out and it worked. There is a posting in comp.protocols.ppp stating this. As far as I can see, this is a bug in the software; pptpd should parse *only* the given configfile, and not append it to the existing default. I know this is done with the pppd "call" statement, and currently it seems to use the "file" statement. Correct me if I'm wrong :) Here's the link: http://groups.google.com/groups?q=pptpd+options&hl=en&rnum=4&selm=3A5341EF.9 4D4E62A%40free.fr.NOSPAM.invalid Regards, -- * *** Dick Visser ** * * TIENHUIS Networking * * *** J. Catskade 10h Phone: +3120 6843731 * * * * 1052 BW Amsterdam Fax: +3120 8641420 * ** * The Netherlands Cell: +3162 2698108 * * * WWW: http://www.tienhuis.nl * * * Email: d.n.m.visser at tienhuis.nl *** *** PGP-key: http://www.tienhuis.nl/pgp.key _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From dholmes at bigpond.net.au Mon Dec 10 16:05:18 2001 From: dholmes at bigpond.net.au (Dougal Holmes) Date: Tue, 11 Dec 2001 09:05:18 +1100 Subject: [pptp-server] Attempts to get PPTPD and PPP working with CHAP References: Message-ID: <001201c181c6$c1a22020$1103a8c0@mel.watsonwyatt.com.au> > > There's very rarely any reason to use a spare IP as the localip. Use the > same IP as the local ethernet interface of the server. > It makes setting up firewalls _much_ easier (especially when using ipchains) if the localip is different from the local ethernet IP. Dougal -- Dougal Holmes (at home) mailto://dholmes at bigpond.net.au From charlieb at e-smith.com Mon Dec 10 16:11:29 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Mon, 10 Dec 2001 17:11:29 -0500 (EST) Subject: [pptp-server] Attempts to get PPTPD and PPP working with CHAP In-Reply-To: <001201c181c6$c1a22020$1103a8c0@mel.watsonwyatt.com.au> Message-ID: On Tue, 11 Dec 2001, Dougal Holmes wrote: > > There's very rarely any reason to use a spare IP as the localip. Use the > > same IP as the local ethernet interface of the server. > > It makes setting up firewalls _much_ easier (especially when using ipchains) > if the localip is different from the local ethernet IP. Yes, special firewall rules is the only advantage that I know of. [And in that case, you can differentiate real local traffic from VPN traffic by using the interface name.] -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From Steve at SteveCowles.com Mon Dec 10 16:44:15 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 10 Dec 2001 16:44:15 -0600 Subject: [pptp-server] Newbie question: routing problem? Message-ID: <90769AF04F76D41186C700A0C90AFC3EE943@defiant.infohiiway.com> Since your able to connect to your PPTP server, it sounds like you have properly configured your SMC firewall and its doing its job. BTW: SMC does support PPTP/IPSEC protocols. Most of these so called "firewall in a box" units do. I've installed dozens of them. Checkout: http://www.smc.com/index.cfm?action=support_tools_list_FAQs&faq_category=5 Anyway, I would think your problem is related to routing at the PPTP server. Specifically, ip_forwarding. Remember, even though your PPTP server only has one Ethernet interface, its actually acting as a router so it need ip_forwarding enabled. i.e. route packets of data to/from eth0<->ppp0. Also, make sure eth0 is acting as a proxy for arp requests on behalf of the PPTP client. i.e. proxyarp. Steve Cowles From pptp at szczepanek.de Mon Dec 10 17:36:29 2001 From: pptp at szczepanek.de (Torge Szczepanek) Date: Tue, 11 Dec 2001 00:36:29 +0100 Subject: [pptp-server] Patch to prevent domain names in authentication?!? Message-ID: <007901c181d3$7eab4280$02ffa8c0@cygnus> Hi! I am currently using pptpd for authentication of users in our student hostel network. Very often some of our users are complaining about the windows DUN error 691. When I am looking in the logfiles I find that their windows machines are sending WORKGROUP\\accountname as there user-id. The people tell they changed nothing. After deleting the VPN-connection and recreating it, everything just works fine again and the MS VPN client is sending the correct username. I think this is some problem of the microsoft client. Is there a patch to pptpd or pppd to just throw away everything before the accountname including the \\ characters? Is this possible with encrypted passwords?!? Torge Szczepanek From vgill at technologist.com Mon Dec 10 18:17:30 2001 From: vgill at technologist.com (Gill, Vern) Date: Mon, 10 Dec 2001 16:17:30 -0800 Subject: [pptp-server] Patch to prevent domain names in authentication ?!? Message-ID: <574607996176D51195A400A0C90AB760CA78@mail.gillnet.org> you can gety the patch from my site at http://linus.dns2go.com click the tab at the top for ppp Read the info there... Yes, you can use it with encrypted p/w's -----Original Message----- From: Torge Szczepanek [mailto:pptp at szczepanek.de] Sent: Monday, December 10, 2001 3:36 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Patch to prevent domain names in authentication?!? Hi! I am currently using pptpd for authentication of users in our student hostel network. Very often some of our users are complaining about the windows DUN error 691. When I am looking in the logfiles I find that their windows machines are sending WORKGROUP\\accountname as there user-id. The people tell they changed nothing. After deleting the VPN-connection and recreating it, everything just works fine again and the MS VPN client is sending the correct username. I think this is some problem of the microsoft client. Is there a patch to pptpd or pppd to just throw away everything before the accountname including the \\ characters? Is this possible with encrypted passwords?!? Torge Szczepanek _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From alien at 12inch.com Mon Dec 10 19:08:47 2001 From: alien at 12inch.com (alan premselaar) Date: Tue, 11 Dec 2001 10:08:47 +0900 Subject: [pptp-server] Re: [pptp-server] Newbie question: =?iso-2022-jp?B?GyRCJU8bKEJyb3V0aW5nIA==?=problem? In-Reply-To: <001e01c181ac$964f9340$667ba8c0@waltham> References: <001e01c181ac$964f9340$667ba8c0@waltham> Message-ID: A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1268 bytes Desc: not available URL: From Joe at Polcari.com Mon Dec 10 20:42:01 2001 From: Joe at Polcari.com (Joe Polcari) Date: Mon, 10 Dec 2001 21:42:01 -0500 Subject: [pptp-server] Newbie question: routing problem? References: <200FAA488DE0D41194F10010B597610D2B9372@JUPITER> Message-ID: <3C157279.BFE3FB1A@Polcari.com> I connect through an SMC Barricade, no pptpd just win2k direct using the built in MS VPN, and it's just like sitting on the corporate LAN. I believe it only NATs IP, not GRE. Joe George Vieira wrote: > We really need to have a peep at your logs for pppd. I don't think > your SMC firewall is passing/NATing GRE through is it? I don't even > think this will work as I've seen talks about NATing which doesn't > work for pptpd..Have you tried connecting to your server within the > LAN (locally).. if this works then your setup/options are fine but the > outside conection is the problem. My bet it's the SMC firewall..Don't > forget to pass protocol 47. > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > -----Original Message----- > From: Jimmy Henson [mailto:jhenson at connecterra.com] > Sent: Tuesday, 11 December 2001 5:15 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Newbie question: routing problem? > > Hi folks, I've been able to get my Linux pptpd server up and running, > thanks to the fine HOWTO document prepared by Mr. Spotswood. But I > have a strange problem, and my logs aren't providing any helpful > clues. My pptpd server is running behind a SMC Barricade firewall, and > I've opened port 1723 to the server. The firewall performs NATting, > of course, and the pptpd server sits on the LAN. With a Windows > client (Win 2K and Win ME tested) on the WAN, I can connect to the > pptpd server with no problem. However, after I connect, I can't ping > *anything* on the VPN -- not even the pptpd server to which I'm > connected! The pptpd server isn't running a firewall (e.g. > netfilter/iptables), and from the pptpd server console, I can see > (ping) the rest of my LAN. As for the cause of my problem, I've > considered several possibilities:* GRE. Is my firewall incapable of > passing GRE?* Mis-configured kernel. I recompiled my kernel in order > to get pptpd to work -- could I have left out an important module?* > Routing. My pptpd server is running on a single NIC box. Do I still > need to worry about routing (e.g. do I need to run "routed" and/or > enable ipv4 packet forwarding?) I'm stumped. Am I overlooking > something incredibly basic??Thanks for reading,Jimmy From GeorgeV at citadelcomputer.com.au Mon Dec 10 19:49:23 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 11 Dec 2001 12:49:23 +1100 Subject: [pptp-server] Newbie question: routing problem? Message-ID: <200FAA488DE0D41194F10010B597610D2B9384@JUPITER> You might need to tcpdump it and watch all packets including if any GRE is coming through.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Joe Polcari [mailto:Joe at polcari.com] Sent: Tuesday, 11 December 2001 1:42 PM To: George Vieira Cc: 'Jimmy Henson'; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Newbie question: routing problem? I connect through an SMC Barricade, no pptpd just win2k direct using the built in MS VPN, and it's just like sitting on the corporate LAN. I believe it only NATs IP, not GRE. Joe George Vieira wrote: > We really need to have a peep at your logs for pppd. I don't think > your SMC firewall is passing/NATing GRE through is it? I don't even > think this will work as I've seen talks about NATing which doesn't > work for pptpd..Have you tried connecting to your server within the > LAN (locally).. if this works then your setup/options are fine but the > outside conection is the problem. My bet it's the SMC firewall..Don't > forget to pass protocol 47. > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > -----Original Message----- > From: Jimmy Henson [mailto:jhenson at connecterra.com] > Sent: Tuesday, 11 December 2001 5:15 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Newbie question: routing problem? > > Hi folks, I've been able to get my Linux pptpd server up and running, > thanks to the fine HOWTO document prepared by Mr. Spotswood. But I > have a strange problem, and my logs aren't providing any helpful > clues. My pptpd server is running behind a SMC Barricade firewall, and > I've opened port 1723 to the server. The firewall performs NATting, > of course, and the pptpd server sits on the LAN. With a Windows > client (Win 2K and Win ME tested) on the WAN, I can connect to the > pptpd server with no problem. However, after I connect, I can't ping > *anything* on the VPN -- not even the pptpd server to which I'm > connected! The pptpd server isn't running a firewall (e.g. > netfilter/iptables), and from the pptpd server console, I can see > (ping) the rest of my LAN. As for the cause of my problem, I've > considered several possibilities:* GRE. Is my firewall incapable of > passing GRE?* Mis-configured kernel. I recompiled my kernel in order > to get pptpd to work -- could I have left out an important module?* > Routing. My pptpd server is running on a single NIC box. Do I still > need to worry about routing (e.g. do I need to run "routed" and/or > enable ipv4 packet forwarding?) I'm stumped. Am I overlooking > something incredibly basic??Thanks for reading,Jimmy From jditto at woh.rr.com Mon Dec 10 21:44:57 2001 From: jditto at woh.rr.com (joe ditto) Date: Mon, 10 Dec 2001 22:44:57 -0500 Subject: [pptp-server] Newbie question: routing problem? Message-ID: <004801c181f6$348899f0$8402a8c0@joe> to whom it may concern, i use a smc router repost your original question as i have my setup working and getting the router to work was very simple. so repost please. -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Tue Dec 11 04:33:38 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Tue, 11 Dec 2001 16:03:38 +0530 Subject: [pptp-server] pptp is not coming up References: <3C14563A.74167B08@multitech.co.in> Message-ID: <3C15E102.BC98F870@multitech.co.in> hi guys, i posted this question y'day and no one responded. and as usual i kept on trying............ and finally i got a solution. when you are making your win98 client aware of vpn support, you should not " right click the network neighbourhood, and add an adapter in the properties". this will result in this error! whereas, the same thing, if you do it by, " start -> settings -> control panel -> add remove programs -> windows setup -> communications -> vpn support" and this does work! now i have one problem.............................! on my linux pptp server, ifconfig does not show any pptp related ip at all as well as win98 client does not get any ip address from /etc/pptpd.conf. i have everything in place there. any ideas? regds "Murali K. Vemuri" wrote: > hi , > > I am using the following setup and my configuration files are > attached. > kernel 2.4.6 ppp 2.4.1, pptp 1.0.1 & 1.1.2 ( i tried both) > i get the error " PTY read or GRE write failed" with pptp 1.1.2 and > "Error with select ()" with pptp 1.0.1 > and in either case, the client (win98 ) gets this message > " The microsoft dial-up adapter is in use or not responding properly. > disconnect other connections and then try again > if the problem persists, shut down and restart your computer" > > and the client is not at all able to connect to the server. > > regds > murali > > ------------------------------------------------------------------------ > debug > #noccp > #asyncmap 0 > name yogi > #/dev/ttys0 > proxyarp > notty > lock > auth > login > require-chap > require-pap > 10.110.2.1:10.110.2.3 > #192.168.1.240:192.168.1.241 > +chap > +chapms > +chapms-v2 > +mppe-40 > +mppe-128 > +mppe-stateless > logfile /var/log/ppp.log > > ------------------------------------------------------------------------ > +chap > +chapms > +chapms-v2 > chapms-strip-domain > mppe-40 > #mppe-128 > require-chap > require-mppe > > ------------------------------------------------------------------------ > # Secrets for authentication using CHAP > # client server secret IP addresses > murali * murali * > > ------------------------------------------------------------------------ > ################################################################################ > # > # Sample PoPToP configuration file > # > # for PoPToP version 1.0.1 > # > ################################################################################ > > # TAG: speed > # > # Specifies the speed for the PPP daemon to talk at. > # Some PPP daemons will ignore this value. > # > speed 19200 > > # TAG: option > # > # Specifies the location of the PPP options file. > # By default PPP looks in '/etc/ppp/options' > # > #option /this/is/the/options/file > > # TAG: debug > # > # Turns on (more) debugging to syslog. > # > debug > > localip 192.168.1.230 > remoteip 192.168.1.235-240 > logfile /var/log/pptpd.log > # TAG: localip > # TAG: remoteip > # > # Specifies the local and remote IP address ranges. > # > # You can specify single IP addresses seperated by commas or you can > # specify ranges, or both. For example: > # > # 192.168.0.234,192.168.0.245-249,192.168.0.254 > # > # IMPORTANT RESTRICTIONS: > # > # 1. No spaces are permitted between commas or within addresses. > # > # 2. If you give more IP addresses than MAX_CONNECTIONS, it will > # start at the beginning of the list and go until it gets > # MAX_CONNECTIONS IPs. Others will be ignored. > # > # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, > # you must type 234-238 if you mean this. > # > # 4. If you give a single localIP, that's ok - all local IPs will > # be set to the given one. You MUST still give at least one remote > # IP for each simultaneous client. > # > #localip 192.168.0.234-238,192.168.0.245 > #remoteip 192.168.1.234-238,192.168.1.245 > > # TAG: ipxnets > # > # This gives the range of IPX networks to allocate to clients. By > # default IPX network number allocation is not handled internally. > # By putting a low and high network number here a pool of IPX networks > # can be defined. If this is done then there must be one IPX network > # per client. > # > # The format is a pair of hex numbers without any 0x prefix separated > # by a hyphen. > # > #ipxnets 00001000-00001FFF > > # TAG: listen > # > # Defines the IP address of the local interface on which pptpd > # should listen for connections. The default is to listen on all > # local interfaces (even ones brought up by pptp connections, thus > # permitting pptp tunnels inside the pptp tunnels). > # > #listen 192.168.0.1 > > # TAG: pidfile > # > # This defines the file name in which pptpd should store its process > # ID (or pid). The default is /var/run/pptpd.pid. > # > pidfile /var/run/pptpd.pid -- with thanks for your time, Murali Krishna Vemuri off: Multitech Software Systems, #95, 17th'B' Main Road, V Block, Koramangala, BANGALORE 560 095 tel: 080 5534471 xtn: 214 res: #12, 6th 'A' Cross, Ramaswamy Palya, Vignana Nagara, Martha Halli Post, Bangalore 560 037. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- ################################################################################ # # Sample PoPToP configuration file # # for PoPToP version 1.0.1 # ################################################################################ # TAG: speed # # Specifies the speed for the PPP daemon to talk at. # Some PPP daemons will ignore this value. # #speed 115200 # TAG: option # # Specifies the location of the PPP options file. # By default PPP looks in '/etc/ppp/options' # #option /this/is/the/options/file # TAG: debug # # Turns on (more) debugging to syslog. # #debug # TAG: localip # TAG: remoteip # # Specifies the local and remote IP address ranges. # # You can specify single IP addresses seperated by commas or you can # specify ranges, or both. For example: # # 192.168.0.234,192.168.0.245-249,192.168.0.254 # # IMPORTANT RESTRICTIONS: # # 1. No spaces are permitted between commas or within addresses. # # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, # you must type 234-238 if you mean this. # # 4. If you give a single localIP, that's ok - all local IPs will # be set to the given one. You MUST still give at least one remote # IP for each simultaneous client. # #localip 192.168.0.234-238,192.168.0.245 #remoteip 192.168.1.234-238,192.168.1.245 # TAG: ipxnets # # This gives the range of IPX networks to allocate to clients. By # default IPX network number allocation is not handled internally. # By putting a low and high network number here a pool of IPX networks # can be defined. If this is done then there must be one IPX network # per client. # # The format is a pair of hex numbers without any 0x prefix separated # by a hyphen. # #ipxnets 00001000-00001FFF # TAG: listen # # Defines the IP address of the local interface on which pptpd # should listen for connections. The default is to listen on all # local interfaces (even ones brought up by pptp connections, thus # permitting pptp tunnels inside the pptp tunnels). # #listen 192.168.0.1 # TAG: pidfile # # This defines the file name in which pptpd should store its process # ID (or pid). The default is /var/run/pptpd.pid. # #pidfile /var/run/pptpd.pid -------------- next part -------------- debug proxyarp lock auth login 10.110.2.1:10.110.2.3 +pap +chap +chapms +chapms-v2 +mppe-40 +mppe-128 +mppe-stateless logfile /var/log/ppp.log -------------- next part -------------- # Secrets for authentication using CHAP # client server secret IP addresses #murali * murali * From RLDITTO at BRIGHT.NET Tue Dec 11 08:05:19 2001 From: RLDITTO at BRIGHT.NET (JOE) Date: Tue, 11 Dec 2001 09:05:19 -0500 Subject: [pptp-server] SPEED Message-ID: <004d01c1824c$e13bc2c0$0b00a8c0@backdog> more information the linux server i'm running has only one network card. when running ifconfig i have 3 adapters eth0 lo and ppp0(when connected). all have mtu's of 1500 except for the ppp connection which is set to whatever i set it to i've tried high mtu's and low mtu's to no avail. when the connection is up i can ping to the ip address of the vpn server (ping 1.2.3.4 -f -l 1420, which is about as high as i can get it with out fragmentation) and get a decent response but when it comes to actually transferring data it's a dog, even with encryption disabled. i even follwed another walk thru by tom eastep and changed my samba config file to closely match and i still have problems. is their something i can do is their andy more information you need to help me? could the mtu's of the eth0 and ppp0 be conflicting? if i ping the router from the server's location the max mtu is 1478, could my linux box be sending units at 1500 buffering my ppp and forwarding them over my eth0 connection causeing fragmentation and thus causing poor performance? please help joe -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Tue Dec 11 15:25:22 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Dec 2001 08:25:22 +1100 Subject: [pptp-server] SPEED Message-ID: <200FAA488DE0D41194F10010B597610D2B938B@JUPITER> what are you testing as a transfer test? If you using SMB/Samba and tranfering files that way then that's a bad choice as SMB over FTP is slow. Transfer a large file (say 10MB) and then do a : pppstats -c 10000 -w 1 ppp0 This will show you your transfer speed in Bytes/s. Let us know if what the speed is like.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: JOE [mailto:RLDITTO at BRIGHT.NET] Sent: Wednesday, 12 December 2001 1:05 AM To: PPTP LIST Subject: [pptp-server] SPEED more information the linux server i'm running has only one network card. when running ifconfig i have 3 adapters eth0 lo and ppp0(when connected). all have mtu's of 1500 except for the ppp connection which is set to whatever i set it to i've tried high mtu's and low mtu's to no avail. when the connection is up i can ping to the ip address of the vpn server (ping 1.2.3.4 -f -l 1420, which is about as high as i can get it with out fragmentation) and get a decent response but when it comes to actually transferring data it's a dog, even with encryption disabled. i even follwed another walk thru by tom eastep and changed my samba config file to closely match and i still have problems. is their something i can do is their andy more information you need to help me? could the mtu's of the eth0 and ppp0 be conflicting? if i ping the router from the server's location the max mtu is 1478, could my linux box be sending units at 1500 buffering my ppp and forwarding them over my eth0 connection causeing fragmentation and thus causing poor performance? please help joe -------------- next part -------------- An HTML attachment was scrubbed... URL: From cfast at alliedbuilding.com Tue Dec 11 16:08:02 2001 From: cfast at alliedbuilding.com (Clint Fast) Date: Tue, 11 Dec 2001 17:08:02 -0500 Subject: [pptp-server] Question regarding the speed setting in pptpd.conf Message-ID: <3C1683C2.876F9284@alliedbuilding.com> What effect does the speed setting have in the pptpd.conf? What is the maximum setting you can enter here, and what is more realistic? Any ideas? I'm currently set to 115200 for the speed setting but am quite curious as to which is better. Obviously, for dialup or something you want a slower speed setting, but what about higher connections, such as DSL/Cablemodem lines, etc. Thanks. --Clint. From GeorgeV at citadelcomputer.com.au Tue Dec 11 16:07:17 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Dec 2001 09:07:17 +1100 Subject: [pptp-server] Question regarding the speed setting in pptpd.c onf Message-ID: <200FAA488DE0D41194F10010B597610D2B938C@JUPITER> the "speed" option is passed to pppd (AFAIK) and sets the maximum speed. I don't even set it and my DSL to work is quite quick. I don't even think it has limited the speed at all. Here is a tranfer using FTP to my machine at home on a DSL 512k/128k link mput Hexidecimal-map-pack-v1.zip? y 227 Entering Passive Mode (10,10,0,97,8,214). 150 Opening BINARY mode data connection for Hexidecimal-map-pack-v1.zip send aborted waiting for remote to finish abort 226 Transfer complete. 376832 bytes sent in 6.95 secs (53 Kbytes/sec) Because the size is 28MB and I didn't want to download it again, I stopped the transfer. But notice my link went to MAX speed (512Kb/s)........ thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Clint Fast [mailto:cfast at alliedbuilding.com] Sent: Wednesday, 12 December 2001 9:08 AM To: pptplist Subject: [pptp-server] Question regarding the speed setting in pptpd.conf What effect does the speed setting have in the pptpd.conf? What is the maximum setting you can enter here, and what is more realistic? Any ideas? I'm currently set to 115200 for the speed setting but am quite curious as to which is better. Obviously, for dialup or something you want a slower speed setting, but what about higher connections, such as DSL/Cablemodem lines, etc. Thanks. --Clint. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From mattgav at tempo.com.au Tue Dec 11 16:16:36 2001 From: mattgav at tempo.com.au (- Matt Gavin -) Date: Wed, 12 Dec 2001 09:16:36 +1100 Subject: [pptp-server] Question regarding the speed setting in pptpd.conf In-Reply-To: <200FAA488DE0D41194F10010B597610D2B938C@JUPITER> Message-ID: 53 Kbytes/sec, that's unreal!!! Did you comment the "speed" line out or just leave no value after speed? Matt. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira Sent: Wednesday, 12 December 2001 9:07 AM To: 'Clint Fast'; pptplist Subject: RE: [pptp-server] Question regarding the speed setting in pptpd.conf the "speed" option is passed to pppd (AFAIK) and sets the maximum speed. I don't even set it and my DSL to work is quite quick. I don't even think it has limited the speed at all. Here is a tranfer using FTP to my machine at home on a DSL 512k/128k link mput Hexidecimal-map-pack-v1.zip? y 227 Entering Passive Mode (10,10,0,97,8,214). 150 Opening BINARY mode data connection for Hexidecimal-map-pack-v1.zip send aborted waiting for remote to finish abort 226 Transfer complete. 376832 bytes sent in 6.95 secs (53 Kbytes/sec) Because the size is 28MB and I didn't want to download it again, I stopped the transfer. But notice my link went to MAX speed (512Kb/s)........ thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Clint Fast [mailto:cfast at alliedbuilding.com] Sent: Wednesday, 12 December 2001 9:08 AM To: pptplist Subject: [pptp-server] Question regarding the speed setting in pptpd.conf What effect does the speed setting have in the pptpd.conf? What is the maximum setting you can enter here, and what is more realistic? Any ideas? I'm currently set to 115200 for the speed setting but am quite curious as to which is better. Obviously, for dialup or something you want a slower speed setting, but what about higher connections, such as DSL/Cablemodem lines, etc. Thanks. --Clint. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Tue Dec 11 16:20:36 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Dec 2001 09:20:36 +1100 Subject: [pptp-server] Question regarding the speed setting in pptpd.c onf Message-ID: <200FAA488DE0D41194F10010B597610D2B938D@JUPITER> *George's checks his settings again*.... Nah not set at all.. Again AFAIK pppd has this option but only accepts values up to 115200 even though it'll go higher but what for when we want max speed... best check the man pages I guess... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: - Matt Gavin - [mailto:mattgav at tempo.com.au] Sent: Wednesday, 12 December 2001 9:17 AM To: pptplist Subject: RE: [pptp-server] Question regarding the speed setting in pptpd.conf 53 Kbytes/sec, that's unreal!!! Did you comment the "speed" line out or just leave no value after speed? Matt. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of George Vieira Sent: Wednesday, 12 December 2001 9:07 AM To: 'Clint Fast'; pptplist Subject: RE: [pptp-server] Question regarding the speed setting in pptpd.conf the "speed" option is passed to pppd (AFAIK) and sets the maximum speed. I don't even set it and my DSL to work is quite quick. I don't even think it has limited the speed at all. Here is a tranfer using FTP to my machine at home on a DSL 512k/128k link mput Hexidecimal-map-pack-v1.zip? y 227 Entering Passive Mode (10,10,0,97,8,214). 150 Opening BINARY mode data connection for Hexidecimal-map-pack-v1.zip send aborted waiting for remote to finish abort 226 Transfer complete. 376832 bytes sent in 6.95 secs (53 Kbytes/sec) Because the size is 28MB and I didn't want to download it again, I stopped the transfer. But notice my link went to MAX speed (512Kb/s)........ thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Clint Fast [mailto:cfast at alliedbuilding.com] Sent: Wednesday, 12 December 2001 9:08 AM To: pptplist Subject: [pptp-server] Question regarding the speed setting in pptpd.conf What effect does the speed setting have in the pptpd.conf? What is the maximum setting you can enter here, and what is more realistic? Any ideas? I'm currently set to 115200 for the speed setting but am quite curious as to which is better. Obviously, for dialup or something you want a slower speed setting, but what about higher connections, such as DSL/Cablemodem lines, etc. Thanks. --Clint. _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Tue Dec 11 16:27:55 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Tue, 11 Dec 2001 17:27:55 -0500 (EST) Subject: [pptp-server] Question regarding the speed setting in pptpd.c onf In-Reply-To: <200FAA488DE0D41194F10010B597610D2B938D@JUPITER> Message-ID: On Wed, 12 Dec 2001, George Vieira wrote: > *George's checks his settings again*.... Nah not set at all.. > > Again AFAIK pppd has this option but only accepts values up to 115200 even > though it'll go higher but what for when we want max speed... > > best check the man pages I guess... No, you should check the code. My guess is that the setting won't be used by pppd unless the PPP connection is over a real serial device. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From jditto at woh.rr.com Tue Dec 11 19:44:05 2001 From: jditto at woh.rr.com (joe ditto) Date: Tue, 11 Dec 2001 20:44:05 -0500 Subject: [pptp-server] speed Message-ID: <004901c182ae$7c7dbca0$0702a8c0@joe> ok i ran pppstat | got 400-1049|2-21|0|0|0| 7-67484|0-49|0|0|0-46 | is this normal? -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Tue Dec 11 19:50:06 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Dec 2001 12:50:06 +1100 Subject: [pptp-server] speed Message-ID: <200FAA488DE0D41194F10010B597610D2B9396@JUPITER> This is what I get with Linux RedHat... your OS must be different.. [root at citadel2k /root]$pppstats -c 1000 -w 1 ppp3 IN PACK VJCOMP VJUNC VJERR | OUT PACK VJCOMP VJUNC NON-VJ 501454 6446 5493 564 0 | 2916873 6908 6419 268 221 56 5 5 0 0 | 2717 5 5 0 0 57 5 5 0 0 | 2718 5 5 0 0 46 4 4 0 0 | 2174 4 4 0 0 55 5 5 0 0 | 3263 6 6 0 0 56 5 5 0 0 | 2717 5 5 0 0 Obviously this is from a dial up not my vpn... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: joe ditto [mailto:jditto at woh.rr.com] Sent: Wednesday, 12 December 2001 12:44 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] speed ok i ran pppstat | got 400-1049|2-21|0|0|0| 7-67484|0-49|0|0|0-46 | is this normal? -------------- next part -------------- An HTML attachment was scrubbed... URL: From alien at 12inch.com Tue Dec 11 20:15:33 2001 From: alien at 12inch.com (alan premselaar) Date: Wed, 12 Dec 2001 11:15:33 +0900 Subject: [pptp-server] problems with win2k client Message-ID: I'm running a redhat linux 6.2 installation with the 2.2.19 kernel (downloaded and compiled from source) i've installed pptpd-1.1.2 and pppd 2.3.11 (with the mppe and ms-chapv2 patches) i've got 3 ethernet cards installed in the machine, 1 setup on the DMZ, 1 on the local internal network (192.168.0.x), and 1 configured as a completely different (192.168.254.x) network for testing purposes. I've setup a PC running win2k pro on the 192.168.254.x network as a test connection machine. i have a couple of seperate problems, i think. Firstly, In all the documentation i've read, and the mail on this list, people keep making reference to setting "localip " and "remoteip " in the options.pptp file (or /etc/ppp/options file) ... whenever I do that, PPP barfs saying that it's an invalid option. i'm a little confused by that, but it's not my main problem. the main problem i'm having is this: I can connect via the test vpn from my win2k client. I can connect to my exchange server no problem. when I open the network neighborhood (or whatever it's called in w2k) i can see my domain(s) and all the computers in the domain show up when i double-click the domain name... (so far so good) ... however, when i double-click any of the computers I can't connect. for the purpose of the testing, i have my password in the chap-secrets file set identically to my domain-login password, and my username set identically to my domain-username. also, for the time being, I have my firewall disabled on this machine (i can worry about firewalling once I've gotten the configuration working) this seems to be the case regardless of whether or not I've got samba running on the linux machine. (I've tried both ways) also note that I have added the following rules in my ipchains: ipchains -I forward 1 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT ipchains -I forward 2 -s 192.168.0.0/24 -j MASQ *EVERYTHING* (as far as i can tell) aside from the network browsing is working properly thru the vpn. any advice, assistance, ritual dance recommendation, etc. are greatly appreciated. thanks in advance alan premselaar ---- there's nothing like the undying sense of reliability provided by modern technology. ---- alan premselaar alien at 12inch.com www.12inch.com From GeorgeV at citadelcomputer.com.au Tue Dec 11 20:22:37 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Dec 2001 13:22:37 +1100 Subject: [pptp-server] problems with win2k client Message-ID: <200FAA488DE0D41194F10010B597610D2B9399@JUPITER> firstly, localip and remoteip is for pptpd.conf not /etc/ppp/options.pptpd or whatever. You may be having a name resolution problem with the neighbourhood problem.. you get the list but it doesn't know how to get there... can you ping them or even net view \\machinename it at all?? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: alan premselaar [mailto:alien at 12inch.com] Sent: Wednesday, 12 December 2001 1:16 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] problems with win2k client I'm running a redhat linux 6.2 installation with the 2.2.19 kernel (downloaded and compiled from source) i've installed pptpd-1.1.2 and pppd 2.3.11 (with the mppe and ms-chapv2 patches) i've got 3 ethernet cards installed in the machine, 1 setup on the DMZ, 1 on the local internal network (192.168.0.x), and 1 configured as a completely different (192.168.254.x) network for testing purposes. I've setup a PC running win2k pro on the 192.168.254.x network as a test connection machine. i have a couple of seperate problems, i think. Firstly, In all the documentation i've read, and the mail on this list, people keep making reference to setting "localip " and "remoteip " in the options.pptp file (or /etc/ppp/options file) ... whenever I do that, PPP barfs saying that it's an invalid option. i'm a little confused by that, but it's not my main problem. the main problem i'm having is this: I can connect via the test vpn from my win2k client. I can connect to my exchange server no problem. when I open the network neighborhood (or whatever it's called in w2k) i can see my domain(s) and all the computers in the domain show up when i double-click the domain name... (so far so good) ... however, when i double-click any of the computers I can't connect. for the purpose of the testing, i have my password in the chap-secrets file set identically to my domain-login password, and my username set identically to my domain-username. also, for the time being, I have my firewall disabled on this machine (i can worry about firewalling once I've gotten the configuration working) this seems to be the case regardless of whether or not I've got samba running on the linux machine. (I've tried both ways) also note that I have added the following rules in my ipchains: ipchains -I forward 1 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT ipchains -I forward 2 -s 192.168.0.0/24 -j MASQ *EVERYTHING* (as far as i can tell) aside from the network browsing is working properly thru the vpn. any advice, assistance, ritual dance recommendation, etc. are greatly appreciated. thanks in advance alan premselaar ---- there's nothing like the undying sense of reliability provided by modern technology. ---- alan premselaar alien at 12inch.com www.12inch.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From alien at 12inch.com Tue Dec 11 20:40:33 2001 From: alien at 12inch.com (alan premselaar) Date: Wed, 12 Dec 2001 11:40:33 +0900 Subject: [pptp-server] problems with win2k client In-Reply-To: <200FAA488DE0D41194F10010B597610D2B9399@JUPITER> References: <200FAA488DE0D41194F10010B597610D2B9399@JUPITER> Message-ID: George, Thanks for the reply. I've double-checked and I'm resolving names properly. i'm able to ping the host(s) no problem, but i don't get any response from "net view \\hostname" or the network neighborhood... (and it takes its time to timeout) in explorer (network neighborhood) it times out and returns with "can't access \\. can't find network path" (this is a loose translation as i'm using a japanese operating system on the w2k machine) from "net view \\" i get: system error 1311: (a bunch of japanese i *can't* read) and "no login server" any other ideas? alan At 1:22?? +1100 12.12.01, George Vieira wrote: >firstly, localip and remoteip is for pptpd.conf not /etc/ppp/options.pptpd >or whatever. > >You may be having a name resolution problem with the neighbourhood problem.. >you get the list but it doesn't know how to get there... >can you ping them or even net view \\machinename it at all?? > > >thanks, >George Vieira >Systems Manager >Citadel Computer Systems P/L > > >-----Original Message----- >From: alan premselaar [mailto:alien at 12inch.com] >Sent: Wednesday, 12 December 2001 1:16 PM >To: pptp-server at lists.schulte.org >Subject: [pptp-server] problems with win2k client > > >I'm running a redhat linux 6.2 installation with the 2.2.19 kernel >(downloaded and compiled from source) >i've installed pptpd-1.1.2 and pppd 2.3.11 (with the mppe and ms-chapv2 >patches) > >i've got 3 ethernet cards installed in the machine, 1 setup on the DMZ, 1 >on the local internal network (192.168.0.x), and 1 configured as a >completely different (192.168.254.x) network for testing purposes. > >I've setup a PC running win2k pro on the 192.168.254.x network as a test >connection machine. > >i have a couple of seperate problems, i think. > >Firstly, In all the documentation i've read, and the mail on this list, >people keep making reference to setting "localip " and "remoteip " >in the options.pptp file (or /etc/ppp/options file) ... whenever I do that, >PPP barfs saying that it's an invalid option. i'm a little confused by >that, but it's not my main problem. > > >the main problem i'm having is this: > >I can connect via the test vpn from my win2k client. I can connect to my >exchange server no problem. when I open the network neighborhood (or >whatever it's called in w2k) i can see my domain(s) and all the computers >in the domain show up when i double-click the domain name... (so far so >good) ... however, when i double-click any of the computers I can't connect. > >for the purpose of the testing, i have my password in the chap-secrets file >set identically to my domain-login password, and my username set >identically to my domain-username. also, for the time being, I have my >firewall disabled on this machine (i can worry about firewalling once I've >gotten the configuration working) > >this seems to be the case regardless of whether or not I've got samba >running on the linux machine. (I've tried both ways) > >also note that I have added the following rules in my ipchains: > >ipchains -I forward 1 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT >ipchains -I forward 2 -s 192.168.0.0/24 -j MASQ > > >*EVERYTHING* (as far as i can tell) aside from the network browsing is >working properly thru the vpn. > >any advice, assistance, ritual dance recommendation, etc. are greatly >appreciated. > > >thanks in advance > >alan premselaar >---- > there's nothing like the undying sense of reliability provided by modern >technology. >---- >alan premselaar >alien at 12inch.com >www.12inch.com >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- ---- there's nothing like the undying sense of reliability provided by modern technology. ---- alan premselaar alien at 12inch.com www.12inch.com From GeorgeV at citadelcomputer.com.au Tue Dec 11 21:24:22 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Dec 2001 14:24:22 +1100 Subject: [pptp-server] problems with win2k client Message-ID: <200FAA488DE0D41194F10010B597610D2B93A0@JUPITER> Do you have an account on the server? Are all of these NT type machines or any of them Windows 98? OK, can you try by IP address? net view \\10.10.10.10 or something.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: alan premselaar [mailto:alien at 12inch.com] Sent: Wednesday, 12 December 2001 1:41 PM To: George Vieira; pptp-server at lists.schulte.org Subject: RE: [pptp-server] problems with win2k client George, Thanks for the reply. I've double-checked and I'm resolving names properly. i'm able to ping the host(s) no problem, but i don't get any response from "net view \\hostname" or the network neighborhood... (and it takes its time to timeout) in explorer (network neighborhood) it times out and returns with "can't access \\. can't find network path" (this is a loose translation as i'm using a japanese operating system on the w2k machine) from "net view \\" i get: system error 1311: (a bunch of japanese i *can't* read) and "no login server" any other ideas? alan At 1:22?? +1100 12.12.01, George Vieira wrote: >firstly, localip and remoteip is for pptpd.conf not /etc/ppp/options.pptpd >or whatever. > >You may be having a name resolution problem with the neighbourhood problem.. >you get the list but it doesn't know how to get there... >can you ping them or even net view ??machinename it at all?? > > >thanks, >George Vieira >Systems Manager >Citadel Computer Systems P/L > > >-----Original Message----- >From: alan premselaar [mailto:alien at 12inch.com] >Sent: Wednesday, 12 December 2001 1:16 PM >To: pptp-server at lists.schulte.org >Subject: [pptp-server] problems with win2k client > > >I'm running a redhat linux 6.2 installation with the 2.2.19 kernel >(downloaded and compiled from source) >i've installed pptpd-1.1.2 and pppd 2.3.11 (with the mppe and ms-chapv2 >patches) > >i've got 3 ethernet cards installed in the machine, 1 setup on the DMZ, 1 >on the local internal network (192.168.0.x), and 1 configured as a >completely different (192.168.254.x) network for testing purposes. > >I've setup a PC running win2k pro on the 192.168.254.x network as a test >connection machine. > >i have a couple of seperate problems, i think. > >Firstly, In all the documentation i've read, and the mail on this list, >people keep making reference to setting "localip " and "remoteip " >in the options.pptp file (or /etc/ppp/options file) ... whenever I do that, >PPP barfs saying that it's an invalid option. i'm a little confused by >that, but it's not my main problem. > > >the main problem i'm having is this: > >I can connect via the test vpn from my win2k client. I can connect to my >exchange server no problem. when I open the network neighborhood (or >whatever it's called in w2k) i can see my domain(s) and all the computers >in the domain show up when i double-click the domain name... (so far so >good) ... however, when i double-click any of the computers I can't connect. > >for the purpose of the testing, i have my password in the chap-secrets file >set identically to my domain-login password, and my username set >identically to my domain-username. also, for the time being, I have my >firewall disabled on this machine (i can worry about firewalling once I've >gotten the configuration working) > >this seems to be the case regardless of whether or not I've got samba >running on the linux machine. (I've tried both ways) > >also note that I have added the following rules in my ipchains: > >ipchains -I forward 1 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT >ipchains -I forward 2 -s 192.168.0.0/24 -j MASQ > > >*EVERYTHING* (as far as i can tell) aside from the network browsing is >working properly thru the vpn. > >any advice, assistance, ritual dance recommendation, etc. are greatly >appreciated. > > >thanks in advance > >alan premselaar >---- > there's nothing like the undying sense of reliability provided by modern >technology. >---- >alan premselaar >alien at 12inch.com >www.12inch.com >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- ---- there's nothing like the undying sense of reliability provided by modern technology. ---- alan premselaar alien at 12inch.com www.12inch.com From muralivemuri at multitech.co.in Tue Dec 11 21:29:14 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Wed, 12 Dec 2001 08:59:14 +0530 Subject: [pptp-server] client does not get any address Message-ID: <3C16CF09.5722AB3C@multitech.co.in> hi , after a bit of struggle, i could make the win98 client login through the microsoft vpn adapter. but, after this, neither the client nor the server show up with any addresses which i configured in the /etc/pptpd.conf. my /etc/pptpd.conf' file is as follows: speed 19200 debug localip 192.168.1.230 remoteip 192.168.1.235-240 logfile /var/log/pptpd.log pidfile /var/run/pptpd.pid. and etc/ppp/options is attached here. the client shows that he is able to login and even /var/log/pptpd.log as well as /var/log/messages show that the client has logged in. but strangely enough, 'ifconfig' on the server does not show the above address and neither the "winipcfg' on the client. any ideas? regds murali krishna vemuri From GeorgeV at citadelcomputer.com.au Tue Dec 11 21:29:18 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Dec 2001 14:29:18 +1100 Subject: [pptp-server] RE: client does not get any address Message-ID: <200FAA488DE0D41194F10010B597610D2B93A2@JUPITER> are you sure the client hasn't dropped off the link for any reason? can you provide a log when this happens as the previous logs you supplied were different problems/symptoms.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Wednesday, 12 December 2001 2:29 PM To: pptplist; George Vieira Subject: client does not get any address hi , after a bit of struggle, i could make the win98 client login through the microsoft vpn adapter. but, after this, neither the client nor the server show up with any addresses which i configured in the /etc/pptpd.conf. my /etc/pptpd.conf' file is as follows: speed 19200 debug localip 192.168.1.230 remoteip 192.168.1.235-240 logfile /var/log/pptpd.log pidfile /var/run/pptpd.pid. and etc/ppp/options is attached here. the client shows that he is able to login and even /var/log/pptpd.log as well as /var/log/messages show that the client has logged in. but strangely enough, 'ifconfig' on the server does not show the above address and neither the "winipcfg' on the client. any ideas? regds murali krishna vemuri From GeorgeV at citadelcomputer.com.au Tue Dec 11 21:33:40 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Dec 2001 14:33:40 +1100 Subject: [pptp-server] problems with win2k client Message-ID: <200FAA488DE0D41194F10010B597610D2B93A3@JUPITER> OK.. it's probably because your workstations don't have an account for you locally on their machine and your not logged into the domain so your authenticating on "username" and not "domain/username" which the workstations are trusting you on... get it.. test this: Get a workstation to add your username locally on their PC with the same login and password as the username password your vpn client is logged in... then try it to that workstation.. ANOTHER thing: try mapping a share on a workstation and click the "different username" and selected Administrator and password.. Obviously you need administrator priveledges but this is JUST to test what's going on.. My guess is that the workstations are authenticating you on the machine login which is not on the domain itself.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: alan premselaar [mailto:alien at 12inch.com] Sent: Wednesday, 12 December 2001 2:29 PM To: George Vieira Subject: RE: [pptp-server] problems with win2k client I have a domain account (actually, i guess it's active directory) ... they're all win2k machines i get error 5: access denied when i try "net view " or "net view \\" alan >Do you have an account on the server? Are all of these NT type machines or >any of them Windows 98? > >OK, can you try by IP address? > >net view \\10.10.10.10 > >or something.. > > >thanks, >George Vieira >Systems Manager >Citadel Computer Systems P/L > > >-----Original Message----- >From: alan premselaar [mailto:alien at 12inch.com] >Sent: Wednesday, 12 December 2001 1:41 PM >To: George Vieira; pptp-server at lists.schulte.org >Subject: RE: [pptp-server] problems with win2k client > > >George, > > Thanks for the reply. I've double-checked and I'm resolving names >properly. i'm able to ping the host(s) no problem, but i don't get any >response from "net view \\hostname" or the network neighborhood... (and it >takes its time to timeout) > >in explorer (network neighborhood) it times out and returns with "can't >access \\. can't find network path" (this is a loose >translation as i'm using a japanese operating system on the w2k machine) > >from "net view \\" i get: > >system error 1311: (a bunch of japanese i *can't* read) and "no login >server" > > >any other ideas? > >alan > >At 1:22?? +1100 12.12.01, George Vieira wrote: > >firstly, localip and remoteip is for pptpd.conf not /etc/ppp/options.pptpd > >or whatever. > > > >You may be having a name resolution problem with the neighbourhood >problem.. > >you get the list but it doesn't know how to get there... > >can you ping them or even net view ??machinename it at all?? > > > > > >thanks, > >George Vieira > >Systems Manager > >Citadel Computer Systems P/L > > > > > >-----Original Message----- > >From: alan premselaar [mailto:alien at 12inch.com] > >Sent: Wednesday, 12 December 2001 1:16 PM > >To: pptp-server at lists.schulte.org > >Subject: [pptp-server] problems with win2k client > > > > > >I'm running a redhat linux 6.2 installation with the 2.2.19 kernel > >(downloaded and compiled from source) > >i've installed pptpd-1.1.2 and pppd 2.3.11 (with the mppe and ms-chapv2 > >patches) > > > >i've got 3 ethernet cards installed in the machine, 1 setup on the DMZ, 1 > >on the local internal network (192.168.0.x), and 1 configured as a > >completely different (192.168.254.x) network for testing purposes. > > > >I've setup a PC running win2k pro on the 192.168.254.x network as a test > >connection machine. > > > >i have a couple of seperate problems, i think. > > > >Firstly, In all the documentation i've read, and the mail on this list, > >people keep making reference to setting "localip " and "remoteip " > >in the options.pptp file (or /etc/ppp/options file) ... whenever I do that, > >PPP barfs saying that it's an invalid option. i'm a little confused by > >that, but it's not my main problem. > > > > > >the main problem i'm having is this: > > > >I can connect via the test vpn from my win2k client. I can connect to my > >exchange server no problem. when I open the network neighborhood (or > >whatever it's called in w2k) i can see my domain(s) and all the computers > >in the domain show up when i double-click the domain name... (so far so > >good) ... however, when i double-click any of the computers I can't >connect. > > > >for the purpose of the testing, i have my password in the chap-secrets file > >set identically to my domain-login password, and my username set > >identically to my domain-username. also, for the time being, I have my > >firewall disabled on this machine (i can worry about firewalling once I've > >gotten the configuration working) > > > >this seems to be the case regardless of whether or not I've got samba > >running on the linux machine. (I've tried both ways) > > > >also note that I have added the following rules in my ipchains: > > > >ipchains -I forward 1 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT > >ipchains -I forward 2 -s 192.168.0.0/24 -j MASQ > > > > > >*EVERYTHING* (as far as i can tell) aside from the network browsing is > >working properly thru the vpn. > > > >any advice, assistance, ritual dance recommendation, etc. are greatly > >appreciated. > > > > > >thanks in advance > > > >alan premselaar > >---- > > there's nothing like the undying sense of reliability provided by modern > >technology. > >---- > >alan premselaar > >alien at 12inch.com > >www.12inch.com > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >--- To unsubscribe, go to the url just above this line. -- > >_______________________________________________ > >pptp-server maillist - pptp-server at lists.schulte.org > >http://lists.schulte.org/mailman/listinfo/pptp-server > >--- To unsubscribe, go to the url just above this line. -- > >---- > there's nothing like the undying sense of reliability provided by modern >technology. >---- >alan premselaar >alien at 12inch.com >www.12inch.com ---- there's nothing like the undying sense of reliability provided by modern technology. ---- alan premselaar alien at 12inch.com www.12inch.com From alien at 12inch.com Tue Dec 11 21:37:51 2001 From: alien at 12inch.com (alan premselaar) Date: Wed, 12 Dec 2001 12:37:51 +0900 Subject: [pptp-server] problems with win2k client In-Reply-To: <200FAA488DE0D41194F10010B597610D2B93A3@JUPITER> References: <200FAA488DE0D41194F10010B597610D2B93A3@JUPITER> Message-ID: ok, that'll take me some time to accomplish... assuming that *is* the case, is there a way to get it to authenticate to the domain username/passwd, etc.? thanks, alan At 2:33?? +1100 12.12.01, George Vieira wrote: >OK.. it's probably because your workstations don't have an account for you >locally on their machine and your not logged into the domain so your >authenticating on "username" and not "domain/username" which the >workstations are trusting you on... get it.. > > >test this: Get a workstation to add your username locally on their PC with >the same login and password as the username password your vpn client is >logged in... then try it to that workstation.. > >ANOTHER thing: try mapping a share on a workstation and click the "different >username" and selected Administrator and password.. > >Obviously you need administrator priveledges but this is JUST to test what's >going on.. > > >My guess is that the workstations are authenticating you on the machine >login which is not on the domain itself.. > > >thanks, >George Vieira >Systems Manager >Citadel Computer Systems P/L > > >-----Original Message----- >From: alan premselaar [mailto:alien at 12inch.com] >Sent: Wednesday, 12 December 2001 2:29 PM >To: George Vieira >Subject: RE: [pptp-server] problems with win2k client > > >I have a domain account (actually, i guess it's active directory) ... >they're all win2k machines > >i get error 5: access denied > >when i try "net view " or "net view \\" > >alan > > >Do you have an account on the server? Are all of these NT type machines or > >any of them Windows 98? > > > >OK, can you try by IP address? > > > >net view \\10.10.10.10 > > > >or something.. > > > > > >thanks, > >George Vieira > >Systems Manager > >Citadel Computer Systems P/L > > > > > >-----Original Message----- > >From: alan premselaar [mailto:alien at 12inch.com] > >Sent: Wednesday, 12 December 2001 1:41 PM > >To: George Vieira; pptp-server at lists.schulte.org > >Subject: RE: [pptp-server] problems with win2k client > > > > > >George, > > > > Thanks for the reply. I've double-checked and I'm resolving names > >properly. i'm able to ping the host(s) no problem, but i don't get any > >response from "net view \\hostname" or the network neighborhood... (and it > >takes its time to timeout) > > > >in explorer (network neighborhood) it times out and returns with "can't > >access \\. can't find network path" (this is a loose > >translation as i'm using a japanese operating system on the w2k machine) > > > >from "net view \\" i get: > > > >system error 1311: (a bunch of japanese i *can't* read) and "no login > >server" > > > > > >any other ideas? > > > >alan > > > >At 1:22?? +1100 12.12.01, George Vieira wrote: > > >firstly, localip and remoteip is for pptpd.conf not >/etc/ppp/options.pptpd > > >or whatever. > > > > > >You may be having a name resolution problem with the neighbourhood > >problem.. > > >you get the list but it doesn't know how to get there... > > >can you ping them or even net view \\machinename it at all?? > > > > > > > > >thanks, > > >George Vieira > > >Systems Manager > > >Citadel Computer Systems P/L > > > > > > > > >-----Original Message----- > > >From: alan premselaar [mailto:alien at 12inch.com] > > >Sent: Wednesday, 12 December 2001 1:16 PM > > >To: pptp-server at lists.schulte.org > > >Subject: [pptp-server] problems with win2k client > > > > > > > > >I'm running a redhat linux 6.2 installation with the 2.2.19 kernel > > >(downloaded and compiled from source) > > >i've installed pptpd-1.1.2 and pppd 2.3.11 (with the mppe and ms-chapv2 > > >patches) > > > > > >i've got 3 ethernet cards installed in the machine, 1 setup on the DMZ, 1 > > >on the local internal network (192.168.0.x), and 1 configured as a > > >completely different (192.168.254.x) network for testing purposes. > > > > > >I've setup a PC running win2k pro on the 192.168.254.x network as a test > > >connection machine. > > > > > >i have a couple of seperate problems, i think. > > > > > >Firstly, In all the documentation i've read, and the mail on this list, > > >people keep making reference to setting "localip " and "remoteip >" > > >in the options.pptp file (or /etc/ppp/options file) ... whenever I do >that, > > >PPP barfs saying that it's an invalid option. i'm a little confused by > > >that, but it's not my main problem. > > > > > > > > >the main problem i'm having is this: > > > > > >I can connect via the test vpn from my win2k client. I can connect to my > > >exchange server no problem. when I open the network neighborhood (or > > >whatever it's called in w2k) i can see my domain(s) and all the computers > > >in the domain show up when i double-click the domain name... (so far so > > >good) ... however, when i double-click any of the computers I can't > >connect. > > > > > >for the purpose of the testing, i have my password in the chap-secrets >file > > >set identically to my domain-login password, and my username set > > >identically to my domain-username. also, for the time being, I have my > > >firewall disabled on this machine (i can worry about firewalling once >I've > > >gotten the configuration working) > > > > > >this seems to be the case regardless of whether or not I've got samba > > >running on the linux machine. (I've tried both ways) > > > > > >also note that I have added the following rules in my ipchains: > > > > > >ipchains -I forward 1 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT > > >ipchains -I forward 2 -s 192.168.0.0/24 -j MASQ > > > > > > > > >*EVERYTHING* (as far as i can tell) aside from the network browsing is > > >working properly thru the vpn. > > > > > >any advice, assistance, ritual dance recommendation, etc. are greatly > > >appreciated. > > > > > > > > >thanks in advance > > > > > >alan premselaar > > >---- > > > there's nothing like the undying sense of reliability provided by >modern > > >technology. > > >---- > > >alan premselaar > > >alien at 12inch.com > > >www.12inch.com > > >_______________________________________________ > > >pptp-server maillist - pptp-server at lists.schulte.org > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > >--- To unsubscribe, go to the url just above this line. -- > > >_______________________________________________ > > >pptp-server maillist - pptp-server at lists.schulte.org > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > >--- To unsubscribe, go to the url just above this line. -- > > > >---- > > there's nothing like the undying sense of reliability provided by modern > >technology. > >---- > >alan premselaar > >alien at 12inch.com > >www.12inch.com > >---- > there's nothing like the undying sense of reliability provided by modern >technology. >---- >alan premselaar >alien at 12inch.com >www.12inch.com ---- there's nothing like the undying sense of reliability provided by modern technology. ---- alan premselaar alien at 12inch.com www.12inch.com From GeorgeV at citadelcomputer.com.au Tue Dec 11 21:44:03 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Dec 2001 14:44:03 +1100 Subject: [pptp-server] problems with win2k client Message-ID: <200FAA488DE0D41194F10010B597610D2B93A5@JUPITER> If your using Win98, the dial up networking has the option of Log onto Network which I don't know if this will work but could try... Winnt or 2K has a "include windows logon domain" , this also I haven't tested... But like I said, try if you can to create an account with the same vpn client account and it might work, then at least you know why it's not working and have to resolve it another way... I have my login at home the same as at work and it's fine... can't explain your problem though.. sorry if this is alot of typing for nothing... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: alan premselaar [mailto:alien at 12inch.com] Sent: Wednesday, 12 December 2001 2:38 PM To: George Vieira Cc: PPTP List (E-mail) Subject: RE: [pptp-server] problems with win2k client ok, that'll take me some time to accomplish... assuming that *is* the case, is there a way to get it to authenticate to the domain username/passwd, etc.? thanks, alan At 2:33?? +1100 12.12.01, George Vieira wrote: >OK.. it's probably because your workstations don't have an account for you >locally on their machine and your not logged into the domain so your >authenticating on "username" and not "domain/username" which the >workstations are trusting you on... get it.. > > >test this: Get a workstation to add your username locally on their PC with >the same login and password as the username password your vpn client is >logged in... then try it to that workstation.. > >ANOTHER thing: try mapping a share on a workstation and click the "different >username" and selected Administrator and password.. > >Obviously you need administrator priveledges but this is JUST to test what's >going on.. > > >My guess is that the workstations are authenticating you on the machine >login which is not on the domain itself.. > > >thanks, >George Vieira >Systems Manager >Citadel Computer Systems P/L > > >-----Original Message----- >From: alan premselaar [mailto:alien at 12inch.com] >Sent: Wednesday, 12 December 2001 2:29 PM >To: George Vieira >Subject: RE: [pptp-server] problems with win2k client > > >I have a domain account (actually, i guess it's active directory) ... >they're all win2k machines > >i get error 5: access denied > >when i try "net view " or "net view ??" > >alan > > >Do you have an account on the server? Are all of these NT type machines or > >any of them Windows 98? > > > >OK, can you try by IP address? > > > >net view ??10.10.10.10 > > > >or something.. > > > > > >thanks, > >George Vieira > >Systems Manager > >Citadel Computer Systems P/L > > > > > >-----Original Message----- > >From: alan premselaar [mailto:alien at 12inch.com] > >Sent: Wednesday, 12 December 2001 1:41 PM > >To: George Vieira; pptp-server at lists.schulte.org > >Subject: RE: [pptp-server] problems with win2k client > > > > > >George, > > > > Thanks for the reply. I've double-checked and I'm resolving names > >properly. i'm able to ping the host(s) no problem, but i don't get any > >response from "net view ??hostname" or the network neighborhood... (and it > >takes its time to timeout) > > > >in explorer (network neighborhood) it times out and returns with "can't > >access ??. can't find network path" (this is a loose > >translation as i'm using a japanese operating system on the w2k machine) > > > >from "net view ??" i get: > > > >system error 1311: (a bunch of japanese i *can't* read) and "no login > >server" > > > > > >any other ideas? > > > >alan > > > >At 1:22?? +1100 12.12.01, George Vieira wrote: > > >firstly, localip and remoteip is for pptpd.conf not >/etc/ppp/options.pptpd > > >or whatever. > > > > > >You may be having a name resolution problem with the neighbourhood > >problem.. > > >you get the list but it doesn't know how to get there... > > >can you ping them or even net view ??machinename it at all?? > > > > > > > > >thanks, > > >George Vieira > > >Systems Manager > > >Citadel Computer Systems P/L > > > > > > > > >-----Original Message----- > > >From: alan premselaar [mailto:alien at 12inch.com] > > >Sent: Wednesday, 12 December 2001 1:16 PM > > >To: pptp-server at lists.schulte.org > > >Subject: [pptp-server] problems with win2k client > > > > > > > > >I'm running a redhat linux 6.2 installation with the 2.2.19 kernel > > >(downloaded and compiled from source) > > >i've installed pptpd-1.1.2 and pppd 2.3.11 (with the mppe and ms-chapv2 > > >patches) > > > > > >i've got 3 ethernet cards installed in the machine, 1 setup on the DMZ, 1 > > >on the local internal network (192.168.0.x), and 1 configured as a > > >completely different (192.168.254.x) network for testing purposes. > > > > > >I've setup a PC running win2k pro on the 192.168.254.x network as a test > > >connection machine. > > > > > >i have a couple of seperate problems, i think. > > > > > >Firstly, In all the documentation i've read, and the mail on this list, > > >people keep making reference to setting "localip " and "remoteip >" > > >in the options.pptp file (or /etc/ppp/options file) ... whenever I do >that, > > >PPP barfs saying that it's an invalid option. i'm a little confused by > > >that, but it's not my main problem. > > > > > > > > >the main problem i'm having is this: > > > > > >I can connect via the test vpn from my win2k client. I can connect to my > > >exchange server no problem. when I open the network neighborhood (or > > >whatever it's called in w2k) i can see my domain(s) and all the computers > > >in the domain show up when i double-click the domain name... (so far so > > >good) ... however, when i double-click any of the computers I can't > >connect. > > > > > >for the purpose of the testing, i have my password in the chap-secrets >file > > >set identically to my domain-login password, and my username set > > >identically to my domain-username. also, for the time being, I have my > > >firewall disabled on this machine (i can worry about firewalling once >I've > > >gotten the configuration working) > > > > > >this seems to be the case regardless of whether or not I've got samba > > >running on the linux machine. (I've tried both ways) > > > > > >also note that I have added the following rules in my ipchains: > > > > > >ipchains -I forward 1 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT > > >ipchains -I forward 2 -s 192.168.0.0/24 -j MASQ > > > > > > > > >*EVERYTHING* (as far as i can tell) aside from the network browsing is > > >working properly thru the vpn. > > > > > >any advice, assistance, ritual dance recommendation, etc. are greatly > > >appreciated. > > > > > > > > >thanks in advance > > > > > >alan premselaar > > >---- > > > there's nothing like the undying sense of reliability provided by >modern > > >technology. > > >---- > > >alan premselaar > > >alien at 12inch.com > > >www.12inch.com > > >_______________________________________________ > > >pptp-server maillist - pptp-server at lists.schulte.org > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > >--- To unsubscribe, go to the url just above this line. -- > > >_______________________________________________ > > >pptp-server maillist - pptp-server at lists.schulte.org > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > >--- To unsubscribe, go to the url just above this line. -- > > > >---- > > there's nothing like the undying sense of reliability provided by modern > >technology. > >---- > >alan premselaar > >alien at 12inch.com > >www.12inch.com > >---- > there's nothing like the undying sense of reliability provided by modern >technology. >---- >alan premselaar >alien at 12inch.com >www.12inch.com ---- there's nothing like the undying sense of reliability provided by modern technology. ---- alan premselaar alien at 12inch.com www.12inch.com From alien at 12inch.com Tue Dec 11 21:46:54 2001 From: alien at 12inch.com (alan premselaar) Date: Wed, 12 Dec 2001 12:46:54 +0900 Subject: [pptp-server] problems with win2k client In-Reply-To: <200FAA488DE0D41194F10010B597610D2B93A5@JUPITER> References: <200FAA488DE0D41194F10010B597610D2B93A5@JUPITER> Message-ID: it's all good, i appreciate the feedback... i'll tinker with it some more (unless someone on the list has some other suggestions) thanks alan At 2:44?? +1100 12.12.01, George Vieira wrote: >If your using Win98, the dial up networking has the option of Log onto >Network which I don't know if this will work but could try... > >Winnt or 2K has a "include windows logon domain" , this also I haven't >tested... > >But like I said, try if you can to create an account with the same vpn >client account and it might work, then at least you know why it's not >working and have to resolve it another way... > >I have my login at home the same as at work and it's fine... can't explain >your problem though.. sorry if this is alot of typing for nothing... > > >thanks, >George Vieira >Systems Manager >Citadel Computer Systems P/L > > >-----Original Message----- >From: alan premselaar [mailto:alien at 12inch.com] >Sent: Wednesday, 12 December 2001 2:38 PM >To: George Vieira >Cc: PPTP List (E-mail) >Subject: RE: [pptp-server] problems with win2k client > > >ok, that'll take me some time to accomplish... > >assuming that *is* the case, is there a way to get it to authenticate to >the domain username/passwd, etc.? > >thanks, > >alan > >At 2:33?? +1100 12.12.01, George Vieira wrote: > >OK.. it's probably because your workstations don't have an account for you > >locally on their machine and your not logged into the domain so your > >authenticating on "username" and not "domain/username" which the > >workstations are trusting you on... get it.. > > > > > >test this: Get a workstation to add your username locally on their PC with > >the same login and password as the username password your vpn client is > >logged in... then try it to that workstation.. > > > >ANOTHER thing: try mapping a share on a workstation and click the >"different > >username" and selected Administrator and password.. > > > >Obviously you need administrator priveledges but this is JUST to test >what's > >going on.. > > > > > >My guess is that the workstations are authenticating you on the machine > >login which is not on the domain itself.. > > > > > >thanks, > >George Vieira > >Systems Manager > >Citadel Computer Systems P/L > > > > > >-----Original Message----- > >From: alan premselaar [mailto:alien at 12inch.com] > >Sent: Wednesday, 12 December 2001 2:29 PM > >To: George Vieira > >Subject: RE: [pptp-server] problems with win2k client > > > > > >I have a domain account (actually, i guess it's active directory) ... > >they're all win2k machines > > > >i get error 5: access denied > > > >when i try "net view " or "net view \\" > > > >alan > > > > >Do you have an account on the server? Are all of these NT type machines >or > > >any of them Windows 98? > > > > > >OK, can you try by IP address? > > > > > >net view \\10.10.10.10 > > > > > >or something.. > > > > > > > > >thanks, > > >George Vieira > > >Systems Manager > > >Citadel Computer Systems P/L > > > > > > > > >-----Original Message----- > > >From: alan premselaar [mailto:alien at 12inch.com] > > >Sent: Wednesday, 12 December 2001 1:41 PM > > >To: George Vieira; pptp-server at lists.schulte.org > > >Subject: RE: [pptp-server] problems with win2k client > > > > > > > > >George, > > > > > > Thanks for the reply. I've double-checked and I'm resolving names > > >properly. i'm able to ping the host(s) no problem, but i don't get any > > >response from "net view \\hostname" or the network neighborhood... (and >it > > >takes its time to timeout) > > > > > >in explorer (network neighborhood) it times out and returns with "can't > > >access \\. can't find network path" (this is a loose > > >translation as i'm using a japanese operating system on the w2k machine) > > > > > >from "net view \\" i get: > > > > > >system error 1311: (a bunch of japanese i *can't* read) and "no login > > >server" > > > > > > > > >any other ideas? > > > > > >alan > > > > > >At 1:22?? +1100 12.12.01, George Vieira wrote: > > > >firstly, localip and remoteip is for pptpd.conf not > >/etc/ppp/options.pptpd > > > >or whatever. > > > > > > > >You may be having a name resolution problem with the neighbourhood > > >problem.. > > > >you get the list but it doesn't know how to get there... > > > >can you ping them or even net view \\machinename it at all?? > > > > > > > > > > > >thanks, > > > >George Vieira > > > >Systems Manager > > > >Citadel Computer Systems P/L > > > > > > > > > > > >-----Original Message----- > > > >From: alan premselaar [mailto:alien at 12inch.com] > > > >Sent: Wednesday, 12 December 2001 1:16 PM > > > >To: pptp-server at lists.schulte.org > > > >Subject: [pptp-server] problems with win2k client > > > > > > > > > > > >I'm running a redhat linux 6.2 installation with the 2.2.19 kernel > > > >(downloaded and compiled from source) > > > >i've installed pptpd-1.1.2 and pppd 2.3.11 (with the mppe and ms-chapv2 > > > >patches) > > > > > > > >i've got 3 ethernet cards installed in the machine, 1 setup on the DMZ, >1 > > > >on the local internal network (192.168.0.x), and 1 configured as a > > > >completely different (192.168.254.x) network for testing purposes. > > > > > > > >I've setup a PC running win2k pro on the 192.168.254.x network as a >test > > > >connection machine. > > > > > > > >i have a couple of seperate problems, i think. > > > > > > > >Firstly, In all the documentation i've read, and the mail on this list, > > > >people keep making reference to setting "localip " and "remoteip > >" > > > >in the options.pptp file (or /etc/ppp/options file) ... whenever I do > >that, > > > >PPP barfs saying that it's an invalid option. i'm a little confused by > > > >that, but it's not my main problem. > > > > > > > > > > > >the main problem i'm having is this: > > > > > > > >I can connect via the test vpn from my win2k client. I can connect to >my > > > >exchange server no problem. when I open the network neighborhood (or > > > >whatever it's called in w2k) i can see my domain(s) and all the >computers > > > >in the domain show up when i double-click the domain name... (so far so > > > >good) ... however, when i double-click any of the computers I can't > > >connect. > > > > > > > >for the purpose of the testing, i have my password in the chap-secrets > >file > > > >set identically to my domain-login password, and my username set > > > >identically to my domain-username. also, for the time being, I have my > > > >firewall disabled on this machine (i can worry about firewalling once > >I've > > > >gotten the configuration working) > > > > > > > >this seems to be the case regardless of whether or not I've got samba > > > >running on the linux machine. (I've tried both ways) > > > > > > > >also note that I have added the following rules in my ipchains: > > > > > > > >ipchains -I forward 1 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT > > > >ipchains -I forward 2 -s 192.168.0.0/24 -j MASQ > > > > > > > > > > > >*EVERYTHING* (as far as i can tell) aside from the network browsing is > > > >working properly thru the vpn. > > > > > > > >any advice, assistance, ritual dance recommendation, etc. are greatly > > > >appreciated. > > > > > > > > > > > >thanks in advance > > > > > > > >alan premselaar > > > >---- > > > > there's nothing like the undying sense of reliability provided by > >modern > > > >technology. > > > >---- > > > >alan premselaar > > > >alien at 12inch.com > > > >www.12inch.com > > > >_______________________________________________ > > > >pptp-server maillist - pptp-server at lists.schulte.org > > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > > >--- To unsubscribe, go to the url just above this line. -- > > > >_______________________________________________ > > > >pptp-server maillist - pptp-server at lists.schulte.org > > > >http://lists.schulte.org/mailman/listinfo/pptp-server > > > >--- To unsubscribe, go to the url just above this line. -- > > > > > >---- > > > there's nothing like the undying sense of reliability provided by >modern > > >technology. > > >---- > > >alan premselaar > > >alien at 12inch.com > > >www.12inch.com > > > >---- > > there's nothing like the undying sense of reliability provided by modern > >technology. > >---- > >alan premselaar > >alien at 12inch.com > >www.12inch.com > >---- > there's nothing like the undying sense of reliability provided by modern >technology. >---- >alan premselaar >alien at 12inch.com >www.12inch.com ---- there's nothing like the undying sense of reliability provided by modern technology. ---- alan premselaar alien at 12inch.com www.12inch.com From muralivemuri at multitech.co.in Tue Dec 11 21:53:33 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Wed, 12 Dec 2001 09:23:33 +0530 Subject: [pptp-server] Re: client does not get any address References: <200FAA488DE0D41194F10010B597610D2B93A4@JUPITER> Message-ID: <3C16D4BD.5025AE27@multitech.co.in> i did........no use.......... still, neither the client nor the server are able to show the ip addresses. coming to the 2 trials for the link, it was tried twice ( so, there are two posts in the log) regds mruali George Vieira wrote: > I would remove the +pap in the /etc/ppp/options file and also the logs > appear that it used PAP to authenticate and didn't bring the link up > properly or something...also it appears it tried to bring the link up > twice, one after the other immediately...can you test it without the > +pap and make sure they use chap-secrets file to authenticate.. > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > Sent: Wednesday, 12 December 2001 2:38 PM > To: George Vieira > Subject: Re: client does not get any address > hey , > > i missed the /etc/ppp/options file in my earlier post > now i attached that file also > regds > murali > George Vieira wrote: > >> are you sure the client hasn't dropped off the link for any reason? >> can you >> provide a log when this happens as the previous logs you supplied >> were >> different problems/symptoms.. >> >> thanks, >> George Vieira >> Systems Manager >> Citadel Computer Systems P/L >> >> -----Original Message----- >> From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] >> Sent: Wednesday, 12 December 2001 2:29 PM >> To: pptplist; George Vieira >> Subject: client does not get any address >> >> hi , >> >> after a bit of struggle, i could make the win98 client login through >> the >> microsoft vpn adapter. >> but, after this, neither the client nor the server show up with any >> addresses which i configured in the >> /etc/pptpd.conf. >> my /etc/pptpd.conf' file is as follows: >> speed 19200 >> debug >> localip 192.168.1.230 >> remoteip 192.168.1.235-240 >> logfile /var/log/pptpd.log >> pidfile /var/run/pptpd.pid. >> >> and etc/ppp/options is attached here. >> >> the client shows that he is able to login and even >> /var/log/pptpd.log as >> well as /var/log/messages show that the client has logged in. but >> strangely enough, 'ifconfig' on the server does not show the above >> address and neither the "winipcfg' on the client. >> any ideas? >> regds >> murali krishna vemuri > > -- > with thanks for your time, > > Murali Krishna Vemuri > > off: Multitech Software Systems, > #95, 17th'B' Main Road, > V Block, Koramangala, BANGALORE 560 095 > tel: 080 5534471 xtn: 214 > > res: #12, 6th 'A' Cross, > Ramaswamy Palya, Vignana Nagara, > Martha Halli Post, Bangalore 560 037. > > -- with thanks for your time, Murali Krishna Vemuri off: Multitech Software Systems, #95, 17th'B' Main Road, V Block, Koramangala, BANGALORE 560 095 tel: 080 5534471 xtn: 214 res: #12, 6th 'A' Cross, Ramaswamy Palya, Vignana Nagara, Martha Halli Post, Bangalore 560 037. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Steve at SteveCowles.com Wed Dec 12 00:28:44 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 12 Dec 2001 00:28:44 -0600 Subject: [pptp-server] problems with win2k client Message-ID: <90769AF04F76D41186C700A0C90AFC3EE947@defiant.infohiiway.com> > -----Original Message----- > From: alan premselaar [mailto:alien at 12inch.com] > Sent: Tuesday, December 11, 2001 8:16 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] problems with win2k client > > > I'm running a redhat linux 6.2 installation with the 2.2.19 kernel > (downloaded and compiled from source) i've installed pptpd-1.1.2 > and pppd 2.3.11 (with the mppe and ms-chapv2 patches) > > i've got 3 ethernet cards installed in the machine, 1 setup on the > DMZ, 1 on the local internal network (192.168.0.x), and 1 configured > as a completely different (192.168.254.x) network for testing purposes. > > I've setup a PC running win2k pro on the 192.168.254.x network as a > test connection machine. For purposes of testing in your lab environment, I would make sure your W2K client on the .254 network does NOT have a default route set. This is just to ensure that your TCP/IP stack does not route packets to your .0 network through the default gateway. This very problem bit me when I setup a test lab environment similar to yours. I was misled into thinking that netbios resolution was going across the tunnel, when in fact it was using the ethernet interface prior to me establishing the tunnel. > > i have a couple of seperate problems, i think. > > Firstly, In all the documentation i've read, and the mail on > this list, people keep making reference to setting "localip " > and "remoteip " in the options.pptp file (or /etc/ppp/options > file) ... whenever I do that, PPP barfs saying that it's an invalid > option. i'm a little confused by that, but it's not my main problem. localip and remoteip are set in your pptp.conf file. I usually set the localip to the same ip address as the ethernet interface of the PPTP server on the local network. The remoteip needs to be set to an unused ip range within that local LAN. i.e. In your case -- your .0 network. The key here is to ensure that the ethernet interface of your PPTP server can act as a proxyarp for all PPTP clients. > > > the main problem i'm having is this: > > I can connect via the test vpn from my win2k client. I can > connect to my exchange server no problem. when I open the > network neighborhood (or whatever it's called in w2k) i can > see my domain(s) and all the computers in the domain show up > when i double-click the domain name... (so far so good) ... > however, when i double-click any of the computers I can't connect. Based on the above, your LAN must have a WINS server installed because you seem to be getting netbios name resolution across your VPN tunnel (which is good!), but based on your other post to george where you listed the error message in japanese when trying to access a host within the MS domain, the error message number translates to... C:\>net helpmsg 1311 There are currently no logon servers available to service the logon request. The above message can almost always be resolved by creating a workstation account for your W2K box on your domain controller. i.e. Using Server Manager -or- if you have admin privileges, you can join the domain from your W2K system. > > for the purpose of the testing, i have my password in the > chap-secrets file set identically to my domain-login password, > and my username set identically to my domain-username. Maybe your already aware of this, but don't confuse the username/password in chap-secrets as what is used for authenticating against an MS domain controller. The two have nothing to do with each other. The entries in chap-secrets are only used to authenticate the VPN tunnel. That's it!!! The username/password you entered when you turned on your PC is what is used by Microsoft Networking to authenticate with the PDC. Furthermore, if your W2K system has properly joined (has a workstation account) with your Domain Controller prior to establishing your PPTP tunnel, it is already trying to authenticate to your Domain Controller in the background. !!! Here in lies the typical problem with MS Networking and PPTP/PPP vs. IPSEC. Especially with laptops using dialup accounts and W9x. Example: 1) You turn on your Laptop 2) You log in with your username/password and domain 3) Because your laptop does not yet have a functional TCP/IP stack (just localhost) -and- you have not yet established your PPTP tunnel into your LAN where the domain controller exists, your laptop (really MS Networking) cannot authenticate with your domain controller and register with the WINS server. So it keeps trying in the background. 4) Now you dialup into your ISP account. 5) Now that you have a functional TCP/IP stack, you can finally establish your PPTP tunnel into your LAN. 6) Finally (after a few minutes) MS Networking can authenticate with the Domain Controller and register with the WINS server for Netbios Name Resolution. In your test lab environment where you already have a LAN and a functional TCP/IP stack (and when using DSL/Cable) the above process can be somewhat simplified. Especially if your using W2k or NT. 1) You turn on your PC 2) You enter your username/password and domain at the login prompt, but with W2K and NT, you can check the "use dialup networking" and select the PPTP tunnel profile before selecting the login screens "OK' button. 3) Now (if prompted) enter your username/password for authenticating the tunnel. 4) Now before your W2K/NT system tries to authenticate to your PDC, it will *first* establish the tunnel, then authenticate to your PDC using the credentials specified at the login prompt and eventually register with the WINS server. Much smoother process all together. FWIW: With Microsoft's implementation of IPSEC... the ipsec tunnel is brought up after the tcp/ip stack is initialized at bootup. i.e. Before you receive the login prompt. This is really nice if your on a LAN or using DSL/Cable from a remote location. > also, for the time being, I have my firewall disabled on this > machine (i can worry about firewalling once I've gotten the > configuration working) That's what I do. Eliminate the bottlenecks until you get the underlying network layers working first. > > this seems to be the case regardless of whether or not I've got samba > running on the linux machine. (I've tried both ways) Running Samba shouldn't matter unless your using it as 1) A domain controller 2) A WINS server 3) You are needing to access this server using netbios. > > also note that I have added the following rules in my ipchains: > > ipchains -I forward 1 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT > ipchains -I forward 2 -s 192.168.0.0/24 -j MASQ The above rule is fine for LAN-to-LAN tunnels such as your test environment, but not for your road warriors. That's a separate issue. > > > *EVERYTHING* (as far as i can tell) aside from the network > browsing is working properly thru the vpn. > > any advice, assistance, ritual dance recommendation, etc. are greatly > appreciated. Hopefully my ritual dance/pet peeve :-) stuff about Microsoft Networking with regards to VPN's was not an overkill and will help you achieve your goal. Based on your post, seems like your real close. Good Luck Steve Cowles From alien at 12inch.com Wed Dec 12 01:15:28 2001 From: alien at 12inch.com (alan premselaar) Date: Wed, 12 Dec 2001 16:15:28 +0900 Subject: [pptp-server] problems with win2k client In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE947@defiant.infohiiway.com> References: <90769AF04F76D41186C700A0C90AFC3EE947@defiant.infohiiway.com> Message-ID: Steve, Thanks for the reply. I guess my dis-advantage (hasn't been a problem until now) is that I'm not all that familiar with windows as i've been fairly successful in sheltering myself from it for all these years.. (heh) so, i'll intersperse my responses within your reply: At 12:28?? -0600 12.12.01, Cowles, Steve wrote: > > -----Original Message----- > > From: alan premselaar [mailto:alien at 12inch.com] > > Sent: Tuesday, December 11, 2001 8:16 PM > > To: pptp-server at lists.schulte.org > > Subject: [pptp-server] problems with win2k client > > > > > > I'm running a redhat linux 6.2 installation with the 2.2.19 kernel > > (downloaded and compiled from source) i've installed pptpd-1.1.2 > > and pppd 2.3.11 (with the mppe and ms-chapv2 patches) > > > > i've got 3 ethernet cards installed in the machine, 1 setup on the > > DMZ, 1 on the local internal network (192.168.0.x), and 1 configured > > as a completely different (192.168.254.x) network for testing purposes. > > > > I've setup a PC running win2k pro on the 192.168.254.x network as a > > test connection machine. > >For purposes of testing in your lab environment, I would make sure your W2K >client on the .254 network does NOT have a default route set. This is just >to ensure that your TCP/IP stack does not route packets to your .0 network >through the default gateway. > >This very problem bit me when I setup a test lab environment similar to >yours. I was misled into thinking that netbios resolution was going across >the tunnel, when in fact it was using the ethernet interface prior to me >establishing the tunnel. I've tried this and get the same results as before. Also, I was attatching from my 192.168.254.x network to my DMZ interface to try to simulate a remote ISP IP address connecting to the outside IP of the machine. Since your response, i've also changed it to connect to the 192.168.254.x interface in the linux machine. made sure i had no default route before bringing up the vpn and get the same results. > > > > i have a couple of seperate problems, i think. > > > > Firstly, In all the documentation i've read, and the mail on > > this list, people keep making reference to setting "localip " > > and "remoteip " in the options.pptp file (or /etc/ppp/options > > file) ... whenever I do that, PPP barfs saying that it's an invalid > > option. i'm a little confused by that, but it's not my main problem. > >localip and remoteip are set in your pptp.conf file. > >I usually set the localip to the same ip address as the ethernet interface >of the PPTP server on the local network. The remoteip needs to be set to an >unused ip range within that local LAN. i.e. In your case -- your .0 network. >The key here is to ensure that the ethernet interface of your PPTP server >can act as a proxyarp for all PPTP clients. apparently I was smoking something bad for breakfast... after getting the first response to this, i checked my files and realized that I had already resolved this problem. (heh) I don't seem to haven any problems with the connection/authentication between the client and the pptp server. > > > > > > the main problem i'm having is this: > > > > I can connect via the test vpn from my win2k client. I can > > connect to my exchange server no problem. when I open the > > network neighborhood (or whatever it's called in w2k) i can > > see my domain(s) and all the computers in the domain show up > > when i double-click the domain name... (so far so good) ... > > however, when i double-click any of the computers I can't connect. > >Based on the above, your LAN must have a WINS server installed because you >seem to be getting netbios name resolution across your VPN tunnel (which is >good!), but based on your other post to george where you listed the error >message in japanese when trying to access a host within the MS domain, the >error message number translates to... true, there is a WINS server (as far as i'm told) ... >C:\>net helpmsg 1311 > >There are currently no logon servers available to service the logon request. > >The above message can almost always be resolved by creating a workstation >account for your W2K box on your domain controller. i.e. Using Server >Manager -or- if you have admin privileges, you can join the domain from your >W2K system. we're running a w2k active directory setup here... i don't exactly know how that differs from having a PDC/BDC/WINS server setup from the NT4 era... so, honestly, i'm not entirely sure what it means to "create a workstation account on the domain controller" is that as opposed to a "domain account" or something? > > > > for the purpose of the testing, i have my password in the > > chap-secrets file set identically to my domain-login password, > > and my username set identically to my domain-username. > >Maybe your already aware of this, but don't confuse the username/password in >chap-secrets as what is used for authenticating against an MS domain >controller. The two have nothing to do with each other. The entries in >chap-secrets are only used to authenticate the VPN tunnel. That's it!!! The >username/password you entered when you turned on your PC is what is used by >Microsoft Networking to authenticate with the PDC. Furthermore, if your W2K >system has properly joined (has a workstation account) with your Domain >Controller prior to establishing your PPTP tunnel, it is already trying to >authenticate to your Domain Controller in the background. yeah, i'm already aware of the differences, I just made them the same in an attempt to keep things simple (to start with) having read a number of documents and howto's and what-not... I've found the information to be more confusing and contradicting than actually helpful, so i decided keeping things simple to start would keep me from losing any more hair (unintentionally) >!!! > >Here in lies the typical problem with MS Networking and PPTP/PPP vs. IPSEC. >Especially with laptops using dialup accounts and W9x. Example: > >1) You turn on your Laptop >2) You log in with your username/password and domain >3) Because your laptop does not yet have a functional TCP/IP stack (just >localhost) -and- you have not yet established your PPTP tunnel into your LAN >where the domain controller exists, your laptop (really MS Networking) >cannot authenticate with your domain controller and register with the WINS >server. So it keeps trying in the background. >4) Now you dialup into your ISP account. >5) Now that you have a functional TCP/IP stack, you can finally establish >your PPTP tunnel into your LAN. >6) Finally (after a few minutes) MS Networking can authenticate with the >Domain Controller and register with the WINS server for Netbios Name >Resolution. > >In your test lab environment where you already have a LAN and a functional >TCP/IP stack (and when using DSL/Cable) the above process can be somewhat >simplified. Especially if your using W2k or NT. > >1) You turn on your PC >2) You enter your username/password and domain at the login prompt, but with >W2K and NT, you can check the "use dialup networking" and select the PPTP >tunnel profile before selecting the login screens "OK' button. >3) Now (if prompted) enter your username/password for authenticating the >tunnel. >4) Now before your W2K/NT system tries to authenticate to your PDC, it will >*first* establish the tunnel, then authenticate to your PDC using the >credentials specified at the login prompt and eventually register with the >WINS server. > >Much smoother process all together. yeah, i noticed this option and played with it a few times... what happens is, it establishes the vpn link, and then it says "loading user settings" (or whatever the appropriate english translation is) and just kinda chatters on the network for a *REALLY REALLY LONG TIME* (this current pass has been over 3 minutes already) > > >FWIW: With Microsoft's implementation of IPSEC... the ipsec tunnel is >brought up after the tcp/ip stack is initialized at bootup. i.e. Before you >receive the login prompt. This is really nice if your on a LAN or using >DSL/Cable from a remote location. > > > also, for the time being, I have my firewall disabled on this > > machine (i can worry about firewalling once I've gotten the > > configuration working) > >That's what I do. Eliminate the bottlenecks until you get the underlying >network layers working first. > > > > > this seems to be the case regardless of whether or not I've got samba > > running on the linux machine. (I've tried both ways) > >Running Samba shouldn't matter unless your using it as > >1) A domain controller >2) A WINS server >3) You are needing to access this server using netbios. again, i had gotten conflicting information with regards to this... i'd ultimately prefer NOT to have to run samba on the VPN gateway. > > > > also note that I have added the following rules in my ipchains: > > > > ipchains -I forward 1 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT > > ipchains -I forward 2 -s 192.168.0.0/24 -j MASQ > >The above rule is fine for LAN-to-LAN tunnels such as your test environment, >but not for your road warriors. That's a separate issue. hmm, any of our "road warriors" are going to have access thru an ISP, not direct dialup, so assuming that once this thing is working, it'll have 2 ethernet adapters in it. 1 on the local net and 1 in the DMZ, i would think this would still be applicable. > > > > > > *EVERYTHING* (as far as i can tell) aside from the network > > browsing is working properly thru the vpn. > > > > any advice, assistance, ritual dance recommendation, etc. are greatly > > appreciated. > >Hopefully my ritual dance/pet peeve :-) stuff about Microsoft Networking >with regards to VPN's was not an overkill and will help you achieve your >goal. Based on your post, seems like your real close. it was definitely informative (which can only help at this point) ... but unfortunately hasn't gotten me any closer to solving my problem =( i do appreciate the effort however >Good Luck >Steve Cowles >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- alan ---- there's nothing like the undying sense of reliability provided by modern technology. ---- alan premselaar alien at 12inch.com www.12inch.com From g.insolvibile at cpr.it Wed Dec 12 03:06:22 2001 From: g.insolvibile at cpr.it (Gianluca Insolvibile) Date: Wed, 12 Dec 2001 10:06:22 +0100 Subject: [pptp-server] Severe performance problems Message-ID: <3C171E0E.93753034@cpr.it> Hi to everyone, I am fresh new to the pptp-server list, so please forgive me if I am missing some obvious points or asking an FAQ. I already tried digging into this mailing list archives with no success. Briefly, my problem is this: I set up pptpd on a Linux box and had a Windows 98 machine connect to it via an (unloaded) Ethernet LAN. Control-plane works fine (MS-CHAPv2, MPPE 128 bit, and the like), but the data-plane performance (roughly measured via iterated ftp's of a 51.2 MB file) is quite disappointing. On the server side I tried a Pentium III 800 Mhz, a K6-II 400 Mhz and an Athlon 945 Mhz, whereas on the client side I had a Pentium 166 Mhz, a Pentium 233 Mhz and a K6-II 400 Mhz. Network cards were 10 Mbps in some tests and 100 Mbps in the others. In all cases, with any combination of the above, I measured a 1.5 Mbps maximum throughput (transfers from the Linux server to a single Windows client), that seems to me embarassingly low. I haven't even tried with more precise measurement tools (like netperf) since I believe the results would not change that much. Software versions I am using are as follows: Linux kernel 2.4.16 + openssl-0.9.6b-mppe patch ppp-2.4.1 + MSCHAPv2-fix and openssl-0.9.6-mppe patch pptpd 1.0.1 and 1.1.2 Windows 98 clients with various patches (DUN 1.4 upgraded) As far as I can understand them, no strange messages are reported by either pptp, ppp or the kernel. Negotiated PCKT_RECV_WINDOW_SIZE, as reported by syslog, is 32. I tried changing that in ctrlpacket.c to 2, 4 and 8 (hoping at least to see performance decrease) with no evident changes in throughput. I collected a packet trace with tcpdump and am going to analyze that; at a first glance, it seems that a lot of TCP segments are being transmitted with unusually high inter-packet times (in the order of 10 msec, IIRC). I still do not know if this depends on the Linux side or on the Windows side. Now, before getting mad with the TCP trace, the PPTP RFC and the kernel code, does anyone have any ideas that may help ? Any hints would be really appreciated. Thanks for the patience of reading my long mail! ;-) Best Regards, Gianluca Insolvibile From GeorgeV at citadelcomputer.com.au Wed Dec 12 03:19:43 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 12 Dec 2001 20:19:43 +1100 Subject: [pptp-server] Severe performance problems Message-ID: <200FAA488DE0D41194F10010B597610D2B93B0@JUPITER> Well that was a bible and a half ;-) kiddin', but very in depth... What does you /etc/ppp/options.* say.... Your not using the speed option are you? -----Original Message----- From: Gianluca Insolvibile [mailto:g.insolvibile at cpr.it] Sent: Wednesday, 12 December, 2001 8:06 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Severe performance problems Hi to everyone, I am fresh new to the pptp-server list, so please forgive me if I am missing some obvious points or asking an FAQ. I already tried digging into this mailing list archives with no success. Briefly, my problem is this: I set up pptpd on a Linux box and had a Windows 98 machine connect to it via an (unloaded) Ethernet LAN. Control-plane works fine (MS-CHAPv2, MPPE 128 bit, and the like), but the data-plane performance (roughly measured via iterated ftp's of a 51.2 MB file) is quite disappointing. On the server side I tried a Pentium III 800 Mhz, a K6-II 400 Mhz and an Athlon 945 Mhz, whereas on the client side I had a Pentium 166 Mhz, a Pentium 233 Mhz and a K6-II 400 Mhz. Network cards were 10 Mbps in some tests and 100 Mbps in the others. In all cases, with any combination of the above, I measured a 1.5 Mbps maximum throughput (transfers from the Linux server to a single Windows client), that seems to me embarassingly low. I haven't even tried with more precise measurement tools (like netperf) since I believe the results would not change that much. Software versions I am using are as follows: Linux kernel 2.4.16 + openssl-0.9.6b-mppe patch ppp-2.4.1 + MSCHAPv2-fix and openssl-0.9.6-mppe patch pptpd 1.0.1 and 1.1.2 Windows 98 clients with various patches (DUN 1.4 upgraded) As far as I can understand them, no strange messages are reported by either pptp, ppp or the kernel. Negotiated PCKT_RECV_WINDOW_SIZE, as reported by syslog, is 32. I tried changing that in ctrlpacket.c to 2, 4 and 8 (hoping at least to see performance decrease) with no evident changes in throughput. I collected a packet trace with tcpdump and am going to analyze that; at a first glance, it seems that a lot of TCP segments are being transmitted with unusually high inter-packet times (in the order of 10 msec, IIRC). I still do not know if this depends on the Linux side or on the Windows side. Now, before getting mad with the TCP trace, the PPTP RFC and the kernel code, does anyone have any ideas that may help ? Any hints would be really appreciated. Thanks for the patience of reading my long mail! ;-) Best Regards, Gianluca Insolvibile _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From khrys at transart.ro Wed Dec 12 04:28:10 2001 From: khrys at transart.ro (Cristian Gabor) Date: Wed, 12 Dec 2001 12:28:10 +0200 Subject: [pptp-server] Packages Message-ID: <000101c182f7$b3800890$7867a8c0@corporate.transart.ro> Can someone tell me where I can find pptp packages (server & client & encryption) for kernel 2.4.16 (RedHat 7.1), and maybe a howto. Thanks From muralivemuri at multitech.co.in Wed Dec 12 04:43:22 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Wed, 12 Dec 2001 16:13:22 +0530 Subject: [pptp-server] Re: client does not get any address References: <200FAA488DE0D41194F10010B597610D2B93A4@JUPITER> <3C16D4BD.5025AE27@multitech.co.in> Message-ID: <3C1734C9.4995CC87@multitech.co.in> hey george! i am still stuck there. i tried a number of ways .........like invoking the pptp from inittab itself blah blah blah no use. but "/usr/sbin/pptpd --debug" gives me a strange ( not totally) post in "/var/log/pptpd.log" i am attaching that. regds murali "Murali K. Vemuri" wrote: > i did........no use.......... > still, neither the client nor the server are able to show the ip > addresses. > coming to the 2 trials for the link, it was tried twice ( so, there > are two posts in the log) > regds > mruali > > George Vieira wrote: > >> I would remove the +pap in the /etc/ppp/options file and also the >> logs appear that it used PAP to authenticate and didn't bring the >> link up properly or something...also it appears it tried to bring >> the link up twice, one after the other immediately...can you test it >> without the +pap and make sure they use chap-secrets file to >> authenticate.. >> >> thanks, >> George Vieira >> Systems Manager >> Citadel Computer Systems P/L >> -----Original Message----- >> From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] >> Sent: Wednesday, 12 December 2001 2:38 PM >> To: George Vieira >> Subject: Re: client does not get any address >> hey , >> >> i missed the /etc/ppp/options file in my earlier post >> now i attached that file also >> regds >> murali >> George Vieira wrote: >> >> > are you sure the client hasn't dropped off the link for any reason? >> > can you >> > provide a log when this happens as the previous logs you supplied >> > were >> > different problems/symptoms.. >> > >> > thanks, >> > George Vieira >> > Systems Manager >> > Citadel Computer Systems P/L >> > >> > -----Original Message----- >> > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] >> > Sent: Wednesday, 12 December 2001 2:29 PM >> > To: pptplist; George Vieira >> > Subject: client does not get any address >> > >> > hi , >> > >> > after a bit of struggle, i could make the win98 client login >> > through the >> > microsoft vpn adapter. >> > but, after this, neither the client nor the server show up with any >> > >> > addresses which i configured in the >> > /etc/pptpd.conf. >> > my /etc/pptpd.conf' file is as follows: >> > speed 19200 >> > debug >> > localip 192.168.1.230 >> > remoteip 192.168.1.235-240 >> > logfile /var/log/pptpd.log >> > pidfile /var/run/pptpd.pid. >> > >> > and etc/ppp/options is attached here. >> > >> > the client shows that he is able to login and even >> > /var/log/pptpd.log as >> > well as /var/log/messages show that the client has logged in. but >> > strangely enough, 'ifconfig' on the server does not show the above >> > address and neither the "winipcfg' on the client. >> > any ideas? >> > regds >> > murali krishna vemuri >> >> -- >> with thanks for your time, >> >> Murali Krishna Vemuri >> >> off: Multitech Software Systems, >> #95, 17th'B' Main Road, >> V Block, Koramangala, BANGALORE 560 095 >> tel: 080 5534471 xtn: 214 >> >> res: #12, 6th 'A' Cross, >> Ramaswamy Palya, Vignana Nagara, >> Martha Halli Post, Bangalore 560 037. >> >> > > -- > with thanks for your time, > > Murali Krishna Vemuri > > off: Multitech Software Systems, > #95, 17th'B' Main Road, > V Block, Koramangala, BANGALORE 560 095 > tel: 080 5534471 xtn: 214 > > res: #12, 6th 'A' Cross, > Ramaswamy Palya, Vignana Nagara, > Martha Halli Post, Bangalore 560 037. > > -- with thanks for your time, Murali Krishna Vemuri off: Multitech Software Systems, #95, 17th'B' Main Road, V Block, Koramangala, BANGALORE 560 095 tel: 080 5534471 xtn: 214 res: #12, 6th 'A' Cross, Ramaswamy Palya, Vignana Nagara, Martha Halli Post, Bangalore 560 037. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- Dec 12 15:47:24 yogi pptpd[9518]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 12 15:47:24 yogi pptpd[9518]: CTRL: local address = 192.168.1.230 Dec 12 15:47:24 yogi pptpd[9518]: CTRL: remote address = 192.168.1.235 Dec 12 15:47:24 yogi pptpd[9518]: CTRL: pppd speed = 19200 Dec 12 15:47:24 yogi pptpd[9518]: CTRL: Client 192.168.1.241 control connection started Dec 12 15:47:24 yogi pptpd[9518]: CTRL: Received PPTP Control Message (type: 1) Dec 12 15:47:24 yogi pptpd[9518]: CTRL: Made a START CTRL CONN RPLY packet Dec 12 15:47:24 yogi pptpd[9518]: CTRL: I wrote 156 bytes to the client. Dec 12 15:47:24 yogi pptpd[9518]: CTRL: Sent packet to client Dec 12 15:47:25 yogi pptpd[9518]: CTRL: Received PPTP Control Message (type: 7) Dec 12 15:47:25 yogi pptpd[9518]: CTRL: Set parameters to 0 maxbps, 16 window size Dec 12 15:47:25 yogi pptpd[9518]: CTRL: Made a OUT CALL RPLY packet Dec 12 15:47:25 yogi pptpd[9518]: CTRL: Starting call (launching pppd, opening GRE) Dec 12 15:47:25 yogi pptpd[9518]: CTRL: pty_fd = 4 Dec 12 15:47:25 yogi pptpd[9518]: CTRL: tty_fd = 5 Dec 12 15:47:25 yogi pptpd[9518]: CTRL: I wrote 32 bytes to the client. Dec 12 15:47:25 yogi pptpd[9518]: CTRL: Sent packet to client Dec 12 15:47:25 yogi pptpd[9529]: CTRL (PPPD Launcher): Connection speed = 19200 Dec 12 15:47:25 yogi pptpd[9529]: CTRL (PPPD Launcher): local address = 192.168.1.230 Dec 12 15:47:25 yogi pptpd[9529]: CTRL (PPPD Launcher): remote address = 192.168.1.235 Dec 12 15:47:25 yogi pppd[9529]: pppd 2.4.1 started by root, uid 0 Dec 12 15:47:25 yogi pppd[9529]: using channel 15 Dec 12 15:47:25 yogi pppd[9529]: Using interface ppp0 Dec 12 15:47:25 yogi pppd[9529]: Connect: ppp0 <--> /dev/pts/7 Dec 12 15:47:26 yogi pppd[9529]: sent [LCP ConfReq id=0x1 ] Dec 12 15:47:26 yogi pppd[9529]: rcvd [LCP ConfReq id=0x1 ] Dec 12 15:47:26 yogi pppd[9529]: sent [LCP ConfAck id=0x1 ] Dec 12 15:47:26 yogi pppd[9529]: rcvd [LCP ConfAck id=0x1 ] Dec 12 15:47:26 yogi pppd[9529]: rcvd [PAP AuthReq id=0x1 user="user1" password=] Dec 12 15:47:26 yogi pppd[9529]: user user1 logged in Dec 12 15:47:26 yogi pppd[9529]: sent [PAP AuthAck id=0x1 "Login ok"] Dec 12 15:47:26 yogi pppd[9529]: sent [IPCP ConfReq id=0x1 ] Dec 12 15:47:27 yogi pppd[9529]: sent [CCP ConfReq id=0x1 ] Dec 12 15:47:27 yogi pppd[9529]: rcvd [LCP ProtRej id=0x2 80 21 01 01 00 10 03 06 c0 a8 01 e6 02 06 00 2d 0f 01] Dec 12 15:47:27 yogi pppd[9529]: rcvd [LCP ProtRej id=0x3 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f] Dec 12 15:48:25 yogi pptpd[9518]: CTRL: Received PPTP Control Message (type: 5) From g.insolvibile at cpr.it Wed Dec 12 07:06:43 2001 From: g.insolvibile at cpr.it (Gianluca Insolvibile) Date: Wed, 12 Dec 2001 14:06:43 +0100 Subject: [pptp-server] Severe performance problems References: <200FAA488DE0D41194F10010B597610D2B93B0@JUPITER> Message-ID: <3C175663.B58B67F7@cpr.it> And that's a prompt answer! ;-) pptpd.conf has 'option /etc/ppp/options.pptp'. This is /etc/ppp/options.pptp: lock debug auth +chap +chapms +chapms-v2 proxyarp mppe-40 mppe-128 mppe-stateless I have seen the recent thread on the 'speed' option, but I am not using that. In my case, I suspect something strange is happening with TCP flow control over the PPTP channel, but just can't imagine what. Gianluca George Vieira wrote: > > Well that was a bible and a half ;-) kiddin', but very in depth... > > What does you /etc/ppp/options.* say.... > > Your not using the speed option are you? > > -----Original Message----- > From: Gianluca Insolvibile [mailto:g.insolvibile at cpr.it] > Sent: Wednesday, 12 December, 2001 8:06 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Severe performance problems > > Hi to everyone, > > I am fresh new to the pptp-server list, so please forgive me if I am missing > some obvious points or asking an FAQ. I already tried digging into this > mailing > list archives with no success. > > Briefly, my problem is this: I set up pptpd on a Linux box and had a Windows > 98 > machine connect to it via an (unloaded) Ethernet LAN. Control-plane works > fine > (MS-CHAPv2, MPPE 128 bit, and the like), but the data-plane performance > (roughly > measured via iterated ftp's of a 51.2 MB file) is quite disappointing. > > On the server side I tried a Pentium III 800 Mhz, a K6-II 400 Mhz and an > Athlon > 945 Mhz, whereas on the client side I had a Pentium 166 Mhz, a Pentium 233 > Mhz > and a K6-II 400 Mhz. Network cards were 10 Mbps in some tests and 100 Mbps > in > the others. In all cases, with any combination of the above, I measured a > 1.5 > Mbps maximum throughput (transfers from the Linux server to a single Windows > client), that seems to me embarassingly low. I haven't even tried with more > precise measurement tools (like netperf) since I believe the results would > not > change that much. > > Software versions I am using are as follows: > Linux kernel 2.4.16 + openssl-0.9.6b-mppe patch > ppp-2.4.1 + MSCHAPv2-fix and openssl-0.9.6-mppe patch > pptpd 1.0.1 and 1.1.2 > Windows 98 clients with various patches (DUN 1.4 upgraded) > > As far as I can understand them, no strange messages are reported by either > pptp, ppp or the kernel. Negotiated PCKT_RECV_WINDOW_SIZE, as reported by > syslog, is 32. I tried changing that in ctrlpacket.c to 2, 4 and 8 (hoping > at > least to see performance decrease) with no evident changes in throughput. > > I collected a packet trace with tcpdump and am going to analyze that; at a > first > glance, it seems that a lot of TCP segments are being transmitted with > unusually > high inter-packet times (in the order of 10 msec, IIRC). I still do not know > if > this depends on the Linux side or on the Windows side. > > Now, before getting mad with the TCP trace, the PPTP RFC and the kernel > code, > does anyone have any ideas that may help ? Any hints would be really > appreciated. > > Thanks for the patience of reading my long mail! ;-) > > Best Regards, > Gianluca Insolvibile From charlieb at e-smith.com Wed Dec 12 10:00:11 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 12 Dec 2001 11:00:11 -0500 (EST) Subject: [pptp-server] Severe performance problems In-Reply-To: <3C175663.B58B67F7@cpr.it> Message-ID: On Wed, 12 Dec 2001, Gianluca Insolvibile wrote: > I have seen the recent thread on the 'speed' option, but I am not > using that. In my case, I suspect something strange is happening with > TCP flow control over the PPTP channel, but just can't imagine what. An interesting theory indeed. A google search for "nagle tcp" reveals a number of possibilities, including: http://www.icase.edu/coral/LinuxTCP.html http://support.microsoft.com/default.aspx?scid=kb;EN-US;q235624 The key negotiation for MPPE might introduce significant latency, and that could affect the TCP transmission and retransmission timers. Remember too that PPTP packets must come in off the wire, go through the kernel, then into pptpd, then through the kernel and into pppd, then back through the kernel and into the application on the server. And vice versa on the way back out to the client. All this adds up to quite a lot of processing. Add to that 3DES encryption/decryption for each packet. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From g.insolvibile at cpr.it Wed Dec 12 11:38:48 2001 From: g.insolvibile at cpr.it (Gianluca Insolvibile) Date: Wed, 12 Dec 2001 18:38:48 +0100 Subject: [pptp-server] Severe performance problems References: Message-ID: <3C179628.D34B8019@cpr.it> Charlie Brady wrote: > > On Wed, 12 Dec 2001, Gianluca Insolvibile wrote: > > > I have seen the recent thread on the 'speed' option, but I am not > > using that. In my case, I suspect something strange is happening with > > TCP flow control over the PPTP channel, but just can't imagine what. > > An interesting theory indeed. > > A google search for "nagle tcp" reveals a number of possibilities, > including: > > http://www.icase.edu/coral/LinuxTCP.html > http://support.microsoft.com/default.aspx?scid=kb;EN-US;q235624 Thanks. I'll check them out. > The key negotiation for MPPE might introduce significant latency, and that > could affect the TCP transmission and retransmission timers. > How often does the key negotiation happen ? I guess it's something in the order of minutes, which should not disrupt TCP performance so much. Anyway, I'll give it a try with netperf (in UDP mode). > Remember too that PPTP packets must come in off the wire, go through the > kernel, then into pptpd, then through the kernel and into pppd, then back > through the kernel and into the application on the server. And vice versa > on the way back out to the client. This is true, but IMHO it's not enough to justify this poor performance (1.5 Mbps). Also, CPU load should not be the bottleneck in this case since I have the same throughput with different combinations of client/server CPUs (see my original post for the specs). > All this adds up to quite a lot of processing. Add to that 3DES > encryption/decryption for each packet. Does MPPE use 3DES ? I thought it used RC-4 ... to me it's a great difference, since the reason why I am trying PPTP instead of IPsec (w/ 3DES) is that I hoped to get better performance (I don't know the details of the two algorithms, but 3DES has 168 bits keys, while for MPPE I can choose between 40 and 128 bits - as you can guess, in my scenario performance is more important than security ;-). This leads me to an important question, which I will ask in a separate thread for the sake of clarity. Incidentally, when I played with IPsec tunnels (FreeS/WAN and PGPnet) using 3DES, performance was around 16 Mbps (client and server were two P-III 800 Mhz). That's about ten times the one I'm getting with PPTP, and that's the reason why I am looking for causes inside TCP/PPTP. Gianluca > > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From g.insolvibile at cpr.it Wed Dec 12 11:42:25 2001 From: g.insolvibile at cpr.it (Gianluca Insolvibile) Date: Wed, 12 Dec 2001 18:42:25 +0100 Subject: [pptp-server] PPTP performance data ? Message-ID: <3C179701.446D2DE5@cpr.it> Hello again, this time my question will be quick & short: does anybody have any data on the performance of pptpd ? More specifically, which is the highest reported throughput (say, over an Ethernet LAN) ? Thanks, Gianluca From GeorgeV at citadelcomputer.com.au Wed Dec 12 15:09:23 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 13 Dec 2001 08:09:23 +1100 Subject: [pptp-server] Severe performance problems Message-ID: <200FAA488DE0D41194F10010B597610D2B93B5@jupiter.citadelcomputer.com.au> Yes this sounds true but rememeber alot of people having speed problems have switched off encryption and it still made no difference so that can't be the problem. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Charlie Brady [mailto:charlieb at e-smith.com] Sent: Thursday, 13 December 2001 3:00 AM To: Gianluca Insolvibile Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Severe performance problems On Wed, 12 Dec 2001, Gianluca Insolvibile wrote: > I have seen the recent thread on the 'speed' option, but I am not > using that. In my case, I suspect something strange is happening with > TCP flow control over the PPTP channel, but just can't imagine what. An interesting theory indeed. A google search for "nagle tcp" reveals a number of possibilities, including: http://www.icase.edu/coral/LinuxTCP.html http://support.microsoft.com/default.aspx?scid=kb;EN-US;q235624 The key negotiation for MPPE might introduce significant latency, and that could affect the TCP transmission and retransmission timers. Remember too that PPTP packets must come in off the wire, go through the kernel, then into pptpd, then through the kernel and into pppd, then back through the kernel and into the application on the server. And vice versa on the way back out to the client. All this adds up to quite a lot of processing. Add to that 3DES encryption/decryption for each packet. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From charlieb at e-smith.com Wed Dec 12 15:18:37 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 12 Dec 2001 16:18:37 -0500 (EST) Subject: [pptp-server] Severe performance problems In-Reply-To: <200FAA488DE0D41194F10010B597610D2B93B5@jupiter.citadelcomputer.com.au> Message-ID: On Thu, 13 Dec 2001, George Vieira wrote: > Yes this sounds true but rememeber alot of people having speed problems have > switched off encryption and it still made no difference so that can't be the > problem. Encryption was only one component of the issues I mentioned. From what you say, it is a negligable component. And as someone noted, the encryption alrogith is RC4, not triple DES. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From GeorgeV at citadelcomputer.com.au Wed Dec 12 15:22:27 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 13 Dec 2001 08:22:27 +1100 Subject: [pptp-server] Severe performance problems Message-ID: <200FAA488DE0D41194F10010B597610D2B93B7@jupiter.citadelcomputer.com.au> I'm just saying that the speed problems people are experiencing isn't to do with the multiple passes through the kernel to encrypt/decrypt the information. Alot of people here are using PIII 800Mhz and up and I'm sure it would suffice the 500Kb/s people are at least expecting from their large link... I'm only running a Celeron 400Mhz and 128MB ram and it's handling fine without encryption. (Haven't been able to compile MPPE yet, damn Kernel Panics....)... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Charlie Brady [mailto:charlieb at e-smith.com] Sent: Thursday, 13 December 2001 8:19 AM To: George Vieira Cc: Gianluca Insolvibile; pptp-server at lists.schulte.org Subject: RE: [pptp-server] Severe performance problems On Thu, 13 Dec 2001, George Vieira wrote: > Yes this sounds true but rememeber alot of people having speed problems have > switched off encryption and it still made no difference so that can't be the > problem. Encryption was only one component of the issues I mentioned. From what you say, it is a negligable component. And as someone noted, the encryption alrogith is RC4, not triple DES. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From muralivemuri at multitech.co.in Wed Dec 12 19:30:44 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 13 Dec 2001 07:00:44 +0530 Subject: [pptp-server] Severe performance problems References: <200FAA488DE0D41194F10010B597610D2B93B7@jupiter.citadelcomputer.com.au> Message-ID: <3C1804C3.B6DFE11C@multitech.co.in> hey george! i know where could be the problem with compilation of mppe. as i also faced the same problem, i digged around and finally made it work for me. i made a small change in the kernel makefile and it started working. i wanted to notify the maintainers and could not do it as i don't know who they are. the patch you can download from http://www.advancevpn.com and apply the patch to the kernel. now go to /usr/src/linux/drivers/net/ vi Makefile. now you should have a few rows like this: obj-$(CONFIG_PPP) += ppp_generic.o slhc.o ppp_mppe.o obj-$(CONFIG_PPP_ASYNC) += ppp_async.o obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctty.o obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o obj-$(CONFIG_PPPOE) += pppox.o pppoe.o modify it as : obj-$(CONFIG_PPP) += ppp_generic.o slhc.o obj-$(CONFIG_PPP_ASYNC) += ppp_async.o obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctty.o obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o ppp_mppe.o obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o obj-$(CONFIG_PPPOE) += pppox.o pppoe.o and now, go to kernel menuconfig. in the network device options, you have ppp support --> make it inbuilt to kernel not module. and you have 4 options : 1. async serial ports 2. sync tty ports 3. deflate compression 4. bsd-comression make all 4 of them as modules.( they should not be in built) and now you proceed with the kernel compilation with make bzImage make modules make modules_install and make sure that you have things proper in the /etc/modules.conf and it will work!!! it worked for me on 2.4.2 , 2.4.6 , and 2.4.4 kernels. i am attaching the /etc/modules.conf what i have . you can use it. good luck regds murali George Vieira wrote: > I'm just saying that the speed problems people are experiencing isn't to do > with the multiple passes through the kernel to encrypt/decrypt the > information. Alot of people here are using PIII 800Mhz and up and I'm sure > it would suffice the 500Kb/s people are at least expecting from their large > link... > > I'm only running a Celeron 400Mhz and 128MB ram and it's handling fine > without encryption. (Haven't been able to compile MPPE yet, damn Kernel > Panics....)... > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > > -----Original Message----- > From: Charlie Brady [mailto:charlieb at e-smith.com] > Sent: Thursday, 13 December 2001 8:19 AM > To: George Vieira > Cc: Gianluca Insolvibile; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Severe performance problems > > On Thu, 13 Dec 2001, George Vieira wrote: > > > Yes this sounds true but rememeber alot of people having speed problems > have > > switched off encryption and it still made no difference so that can't be > the > > problem. > > Encryption was only one component of the issues I mentioned. From what you > say, it is a negligable component. > > And as someone noted, the encryption alrogith is RC4, not triple DES. > > -- > > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- alias eth0 ne2k-pci alias parport_lowlevel parport_pc alias usb-controller usb-uhci # Added by i810 install alias char-major-10-175 agpgart alias char-major-107 3dfx alias ppp-compress-18 ppp_mppe alias char-major-108 ppp_generic alias /dev/ppp ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias net-pf-3 off alias net-pf-4 off alias net-pf-5 off alias char-major-18 off From muralivemuri at multitech.co.in Wed Dec 12 19:40:28 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 13 Dec 2001 07:10:28 +0530 Subject: [pptp-server] Re: client does not get any address References: <200FAA488DE0D41194F10010B597610D2B93B6@jupiter.citadelcomputer.com.au> Message-ID: <3C18070C.2C9AA84B@multitech.co.in> hey thanks a lot for the help you offered. but, strangely enough, i hit upon the solution y'day late night. it was the problem of win98 client. the network dial up adapters were screwing the scenario. i uninstalled and installed all damn adapters on the win98 machine and it started working perfectly. stupid windows98!!!!!!!!!!!!!!!!!!!!!!!!!!! may be i will take your help if i should need it .............some time down the line. everybody in the list! please note one thing .......... if win98 or win2k is giving problems, first you uninstall and install all the damn adapters on them and then go to control panel, add/remove programs/windows setup. and install whatever is needed. if you install them from control panel/network, let the almighty help you in your problems i was digging around this for more than two weeks and y'day i hit upon the solution. thank god and shun Bill Gates regds murali George Vieira wrote: > Can I connect to you machine via pptp and see what I get as a linux > client.. my end may give me enough log info to see what happens.. just > give an IP and a test account to try.. > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > Sent: Wednesday, 12 December 2001 9:43 PM > To: George Vieira; pptplist > Subject: Re: [pptp-server] Re: client does not get any address > hey george! > > i am still stuck there. > i tried a number of ways .........like invoking the pptp from inittab > itself blah blah blah > no use. > but "/usr/sbin/pptpd --debug" gives me a strange ( not totally) post > in "/var/log/pptpd.log" > i am attaching that. > regds > murali > "Murali K. Vemuri" wrote: > >> i did........no use.......... >> still, neither the client nor the server are able to show the ip >> addresses. >> coming to the 2 trials for the link, it was tried twice ( so, there >> are two posts in the log) >> regds >> mruali >> >> George Vieira wrote: >> >> > I would remove the +pap in the /etc/ppp/options file and also the >> > logs appear that it used PAP to authenticate and didn't bring the >> > link up properly or something...also it appears it tried to bring >> > the link up twice, one after the other immediately...can you test >> > it without the +pap and make sure they use chap-secrets file to >> > authenticate.. >> > >> > thanks, >> > George Vieira >> > Systems Manager >> > Citadel Computer Systems P/L >> > -----Original Message----- >> > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] >> > Sent: Wednesday, 12 December 2001 2:38 PM >> > To: George Vieira >> > Subject: Re: client does not get any address >> > hey , >> > >> > i missed the /etc/ppp/options file in my earlier post >> > now i attached that file also >> > regds >> > murali >> > George Vieira wrote: >> > >> >> are you sure the client hasn't dropped off the link for any >> >> reason? can you >> >> provide a log when this happens as the previous logs you supplied >> >> were >> >> different problems/symptoms.. >> >> >> >> thanks, >> >> George Vieira >> >> Systems Manager >> >> Citadel Computer Systems P/L >> >> >> >> -----Original Message----- >> >> From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] >> >> Sent: Wednesday, 12 December 2001 2:29 PM >> >> To: pptplist; George Vieira >> >> Subject: client does not get any address >> >> >> >> hi , >> >> >> >> after a bit of struggle, i could make the win98 client login >> >> through the >> >> microsoft vpn adapter. >> >> but, after this, neither the client nor the server show up with >> >> any >> >> addresses which i configured in the >> >> /etc/pptpd.conf. >> >> my /etc/pptpd.conf' file is as follows: >> >> speed 19200 >> >> debug >> >> localip 192.168.1.230 >> >> remoteip 192.168.1.235-240 >> >> logfile /var/log/pptpd.log >> >> pidfile /var/run/pptpd.pid. >> >> >> >> and etc/ppp/options is attached here. >> >> >> >> the client shows that he is able to login and even >> >> /var/log/pptpd.log as >> >> well as /var/log/messages show that the client has logged in. but >> >> >> >> strangely enough, 'ifconfig' on the server does not show the >> >> above >> >> address and neither the "winipcfg' on the client. >> >> any ideas? >> >> regds >> >> murali krishna vemuri >> > >> > -- >> > with thanks for your time, >> > >> > Murali Krishna Vemuri >> > >> > off: Multitech Software Systems, >> > #95, 17th'B' Main Road, >> > V Block, Koramangala, BANGALORE 560 095 >> > tel: 080 5534471 xtn: 214 >> > >> > res: #12, 6th 'A' Cross, >> > Ramaswamy Palya, Vignana Nagara, >> > Martha Halli Post, Bangalore 560 037. >> > >> > >> >> -- >> with thanks for your time, >> >> Murali Krishna Vemuri >> >> off: Multitech Software Systems, >> #95, 17th'B' Main Road, >> V Block, Koramangala, BANGALORE 560 095 >> tel: 080 5534471 xtn: 214 >> >> res: #12, 6th 'A' Cross, >> Ramaswamy Palya, Vignana Nagara, >> Martha Halli Post, Bangalore 560 037. >> >> > > -- > with thanks for your time, > > Murali Krishna Vemuri > > off: Multitech Software Systems, > #95, 17th'B' Main Road, > V Block, Koramangala, BANGALORE 560 095 > tel: 080 5534471 xtn: 214 > > res: #12, 6th 'A' Cross, > Ramaswamy Palya, Vignana Nagara, > Martha Halli Post, Bangalore 560 037. > > -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Wed Dec 12 19:57:57 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 13 Dec 2001 12:57:57 +1100 Subject: [pptp-server] Re: client does not get any address Message-ID: <200FAA488DE0D41194F10010B597610D2B93C0@jupiter.citadelcomputer.com.au> I have seen this problem before where the adapters are screwed... Never like this though, it usually just won't start at all.. I've never heard that problem with Win2K though... I guess this is the first thing to do from now on... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Thursday, 13 December 2001 12:40 PM To: George Vieira Cc: pptplist Subject: Re: [pptp-server] Re: client does not get any address hey thanks a lot for the help you offered. but, strangely enough, i hit upon the solution y'day late night. it was the problem of win98 client. the network dial up adapters were screwing the scenario. i uninstalled and installed all damn adapters on the win98 machine and it started working perfectly. stupid windows98!!!!!!!!!!!!!!!!!!!!!!!!!!! may be i will take your help if i should need it .............some time down the line. everybody in the list! please note one thing .......... if win98 or win2k is giving problems, first you uninstall and install all the damn adapters on them and then go to control panel, add/remove programs/windows setup. and install whatever is needed. if you install them from control panel/network, let the almighty help you in your problems i was digging around this for more than two weeks and y'day i hit upon the solution. thank god and shun Bill Gates regds murali George Vieira wrote: Can I connect to you machine via pptp and see what I get as a linux client.. my end may give me enough log info to see what happens.. just give an IP and a test account to try.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [ mailto:muralivemuri at multitech.co.in ] Sent: Wednesday, 12 December 2001 9:43 PM To: George Vieira; pptplist Subject: Re: [pptp-server] Re: client does not get any address hey george! i am still stuck there. i tried a number of ways .........like invoking the pptp from inittab itself blah blah blah no use. but "/usr/sbin/pptpd --debug" gives me a strange ( not totally) post in "/var/log/pptpd.log" i am attaching that. regds murali "Murali K. Vemuri" wrote: i did........no use.......... still, neither the client nor the server are able to show the ip addresses. coming to the 2 trials for the link, it was tried twice ( so, there are two posts in the log) regds mruali George Vieira wrote: I would remove the +pap in the /etc/ppp/options file and also the logs appear that it used PAP to authenticate and didn't bring the link up properly or something...also it appears it tried to bring the link up twice, one after the other immediately...can you test it without the +pap and make sure they use chap-secrets file to authenticate.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [ mailto:muralivemuri at multitech.co.in ] Sent: Wednesday, 12 December 2001 2:38 PM To: George Vieira Subject: Re: client does not get any address hey , i missed the /etc/ppp/options file in my earlier post now i attached that file also regds murali George Vieira wrote: are you sure the client hasn't dropped off the link for any reason? can you provide a log when this happens as the previous logs you supplied were different problems/symptoms.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [ mailto:muralivemuri at multitech.co.in ] Sent: Wednesday, 12 December 2001 2:29 PM To: pptplist; George Vieira Subject: client does not get any address hi , after a bit of struggle, i could make the win98 client login through the microsoft vpn adapter. but, after this, neither the client nor the server show up with any addresses which i configured in the /etc/pptpd.conf. my /etc/pptpd.conf' file is as follows: speed 19200 debug localip 192.168.1.230 remoteip 192.168.1.235-240 logfile /var/log/pptpd.log pidfile /var/run/pptpd.pid. and etc/ppp/options is attached here. the client shows that he is able to login and even /var/log/pptpd.log as well as /var/log/messages show that the client has logged in. but strangely enough, 'ifconfig' on the server does not show the above address and neither the "winipcfg' on the client. any ideas? regds murali krishna vemuri -- with thanks for your time, Murali Krishna Vemuri off: Multitech Software Systems, #95, 17th'B' Main Road, V Block, Koramangala, BANGALORE 560 095 tel: 080 5534471 xtn: 214 res: #12, 6th 'A' Cross, Ramaswamy Palya, Vignana Nagara, Martha Halli Post, Bangalore 560 037. -- with thanks for your time, Murali Krishna Vemuri off: Multitech Software Systems, #95, 17th'B' Main Road, V Block, Koramangala, BANGALORE 560 095 tel: 080 5534471 xtn: 214 res: #12, 6th 'A' Cross, Ramaswamy Palya, Vignana Nagara, Martha Halli Post, Bangalore 560 037. -- with thanks for your time, Murali Krishna Vemuri off: Multitech Software Systems, #95, 17th'B' Main Road, V Block, Koramangala, BANGALORE 560 095 tel: 080 5534471 xtn: 214 res: #12, 6th 'A' Cross, Ramaswamy Palya, Vignana Nagara, Martha Halli Post, Bangalore 560 037. -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Wed Dec 12 20:54:57 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 13 Dec 2001 08:24:57 +0530 Subject: [pptp-server] Re: client does not get any address References: <200FAA488DE0D41194F10010B597610D2B93B6@jupiter.citadelcomputer.com.au> <3C18070C.2C9AA84B@multitech.co.in> Message-ID: <3C181880.ABEA18F7@multitech.co.in> hey everybody well i had been a bit harsh at my language please ignore all and any personal comments. sorry for the inconvenience regds murali "Murali K. Vemuri" wrote: > hey > thanks a lot for the help you offered. > but, strangely enough, i hit upon the solution y'day late night. > it was the problem of win98 client. > the network dial up adapters were screwing the scenario. > i uninstalled and installed all damn adapters on the win98 machine and > it started working perfectly. > stupid windows98!!!!!!!!!!!!!!!!!!!!!!!!!!! > may be i will take your help if i should need it .............some > time down the line. > everybody in the list! please note one thing .......... > if win98 or win2k is giving problems, first you uninstall and install > all the damn adapters on them > and then go to control panel, add/remove programs/windows setup. > and install whatever is needed. > if you install them from control panel/network, let the almighty help > you in your problems > i was digging around this for more than two weeks and y'day i hit upon > the solution. > thank god and shun Bill Gates > > regds > murali > George Vieira wrote: > >> Can I connect to you machine via pptp and see what I get as a linux >> client.. my end may give me enough log info to see what happens.. >> just give an IP and a test account to try.. >> >> thanks, >> George Vieira >> Systems Manager >> Citadel Computer Systems P/L >> -----Original Message----- >> From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] >> Sent: Wednesday, 12 December 2001 9:43 PM >> To: George Vieira; pptplist >> Subject: Re: [pptp-server] Re: client does not get any address >> hey george! >> >> i am still stuck there. >> i tried a number of ways .........like invoking the pptp from >> inittab itself blah blah blah >> no use. >> but "/usr/sbin/pptpd --debug" gives me a strange ( not totally) post >> in "/var/log/pptpd.log" >> i am attaching that. >> regds >> murali >> "Murali K. Vemuri" wrote: >> >> > i did........no use.......... >> > still, neither the client nor the server are able to show the ip >> > addresses. >> > coming to the 2 trials for the link, it was tried twice ( so, there >> > are two posts in the log) >> > regds >> > mruali >> > >> > George Vieira wrote: >> > >> >> I would remove the +pap in the /etc/ppp/options file and also the >> >> logs appear that it used PAP to authenticate and didn't bring the >> >> link up properly or something...also it appears it tried to bring >> >> the link up twice, one after the other immediately...can you test >> >> it without the +pap and make sure they use chap-secrets file to >> >> authenticate.. >> >> >> >> thanks, >> >> George Vieira >> >> Systems Manager >> >> Citadel Computer Systems P/L >> >> -----Original Message----- >> >> From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] >> >> Sent: Wednesday, 12 December 2001 2:38 PM >> >> To: George Vieira >> >> Subject: Re: client does not get any address >> >> hey , >> >> >> >> i missed the /etc/ppp/options file in my earlier post >> >> now i attached that file also >> >> regds >> >> murali >> >> George Vieira wrote: >> >> >> >> > are you sure the client hasn't dropped off the link for any >> >> > reason? can you >> >> > provide a log when this happens as the previous logs you >> >> > supplied were >> >> > different problems/symptoms.. >> >> > >> >> > thanks, >> >> > George Vieira >> >> > Systems Manager >> >> > Citadel Computer Systems P/L >> >> > >> >> > -----Original Message----- >> >> > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] >> >> > Sent: Wednesday, 12 December 2001 2:29 PM >> >> > To: pptplist; George Vieira >> >> > Subject: client does not get any address >> >> > >> >> > hi , >> >> > >> >> > after a bit of struggle, i could make the win98 client login >> >> > through the >> >> > microsoft vpn adapter. >> >> > but, after this, neither the client nor the server show up with >> >> > any >> >> > addresses which i configured in the >> >> > /etc/pptpd.conf. >> >> > my /etc/pptpd.conf' file is as follows: >> >> > speed 19200 >> >> > debug >> >> > localip 192.168.1.230 >> >> > remoteip 192.168.1.235-240 >> >> > logfile /var/log/pptpd.log >> >> > pidfile /var/run/pptpd.pid. >> >> > >> >> > and etc/ppp/options is attached here. >> >> > >> >> > the client shows that he is able to login and even >> >> > /var/log/pptpd.log as >> >> > well as /var/log/messages show that the client has logged in. >> >> > but >> >> > strangely enough, 'ifconfig' on the server does not show the >> >> > above >> >> > address and neither the "winipcfg' on the client. >> >> > any ideas? >> >> > regds >> >> > murali krishna vemuri >> >> >> >> -- >> >> with thanks for your time, >> >> >> >> Murali Krishna Vemuri >> >> >> >> off: Multitech Software Systems, >> >> #95, 17th'B' Main Road, >> >> V Block, Koramangala, BANGALORE 560 095 >> >> tel: 080 5534471 xtn: 214 >> >> >> >> res: #12, 6th 'A' Cross, >> >> Ramaswamy Palya, Vignana Nagara, >> >> Martha Halli Post, Bangalore 560 037. >> >> >> >> >> > >> > -- >> > with thanks for your time, >> > >> > Murali Krishna Vemuri >> > >> > off: Multitech Software Systems, >> > #95, 17th'B' Main Road, >> > V Block, Koramangala, BANGALORE 560 095 >> > tel: 080 5534471 xtn: 214 >> > >> > res: #12, 6th 'A' Cross, >> > Ramaswamy Palya, Vignana Nagara, >> > Martha Halli Post, Bangalore 560 037. >> > >> > >> >> -- >> with thanks for your time, >> >> Murali Krishna Vemuri >> >> off: Multitech Software Systems, >> #95, 17th'B' Main Road, >> V Block, Koramangala, BANGALORE 560 095 >> tel: 080 5534471 xtn: 214 >> >> res: #12, 6th 'A' Cross, >> Ramaswamy Palya, Vignana Nagara, >> Martha Halli Post, Bangalore 560 037. >> >> > > -- > regards & thanks for your time, > > Murali Krishna Vemuri > > -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From g.insolvibile at cpr.it Thu Dec 13 02:51:12 2001 From: g.insolvibile at cpr.it (Gianluca Insolvibile) Date: Thu, 13 Dec 2001 09:51:12 +0100 Subject: [pptp-server] Severe performance problems References: <200FAA488DE0D41194F10010B597610D2B93B5@jupiter.citadelcomputer.com.au> Message-ID: <3C186C00.A0C38B51@cpr.it> Yes, actually I forgot to mention that performance in my case is not at all influenced when I switch off encryption. The same even when passing from MPPE 128 to MPPE 40. Gianluca George Vieira wrote: > > Yes this sounds true but rememeber alot of people having speed problems have > switched off encryption and it still made no difference so that can't be the > problem. > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > > -----Original Message----- > From: Charlie Brady [mailto:charlieb at e-smith.com] > Sent: Thursday, 13 December 2001 3:00 AM > To: Gianluca Insolvibile > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Severe performance problems > > On Wed, 12 Dec 2001, Gianluca Insolvibile wrote: > > > I have seen the recent thread on the 'speed' option, but I am not > > using that. In my case, I suspect something strange is happening with > > TCP flow control over the PPTP channel, but just can't imagine what. > > An interesting theory indeed. > > A google search for "nagle tcp" reveals a number of possibilities, > including: > > http://www.icase.edu/coral/LinuxTCP.html > http://support.microsoft.com/default.aspx?scid=kb;EN-US;q235624 > > The key negotiation for MPPE might introduce significant latency, and that > could affect the TCP transmission and retransmission timers. > > Remember too that PPTP packets must come in off the wire, go through the > kernel, then into pptpd, then through the kernel and into pppd, then back > through the kernel and into the application on the server. And vice versa > on the way back out to the client. > > All this adds up to quite a lot of processing. Add to that 3DES > encryption/decryption for each packet. > > Charlie Brady charlieb at e-smith.com > Lead Product Developer > Network Server Solutions Group http://www.e-smith.com/ > Mitel Networks Corporation http://www.mitel.com/ > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > From rcd at amherst.com Thu Dec 13 08:37:05 2001 From: rcd at amherst.com (Robert Dege) Date: 13 Dec 2001 09:37:05 -0500 Subject: [pptp-server] Severe performance problems In-Reply-To: <3C186C00.A0C38B51@cpr.it> References: <200FAA488DE0D41194F10010B597610D2B93B5@jupiter.citadelcomputer.com.au> <3C186C00.A0C38B51@cpr.it> Message-ID: <1008254229.7573.6.camel@homer.amherst.com> I'm just curious, but would performance have to do with the version of ppp/kernel that users are using? I don't remember people posting the versions of the PPP software that they were using, I remember more of their config files instead. I'm using ppp-2.3.11 with Kernel 2.2.19, and I believe that I have a decent throughput. Of course, despite transferring data via smb, I haven't really tested the total possible capabilities. But I think I might test it today, just to see :) -Rob > Yes, actually I forgot to mention that performance in my case is not at all > influenced when I switch off encryption. The same even when passing from MPPE > 128 to MPPE 40. > > Gianluca > > George Vieira wrote: > > > > Yes this sounds true but rememeber alot of people having speed problems have > > switched off encryption and it still made no difference so that can't be the > > problem. > > > > thanks, > > George Vieira > > Systems Manager > > Citadel Computer Systems P/L > > > > -----Original Message----- > > From: Charlie Brady [mailto:charlieb at e-smith.com] > > Sent: Thursday, 13 December 2001 3:00 AM > > To: Gianluca Insolvibile > > Cc: pptp-server at lists.schulte.org > > Subject: Re: [pptp-server] Severe performance problems > > > > On Wed, 12 Dec 2001, Gianluca Insolvibile wrote: > > > > > I have seen the recent thread on the 'speed' option, but I am not > > > using that. In my case, I suspect something strange is happening with > > > TCP flow control over the PPTP channel, but just can't imagine what. > > > > An interesting theory indeed. > > > > A google search for "nagle tcp" reveals a number of possibilities, > > including: > > > > http://www.icase.edu/coral/LinuxTCP.html > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;q235624 > > > > The key negotiation for MPPE might introduce significant latency, and that > > could affect the TCP transmission and retransmission timers. > > > > Remember too that PPTP packets must come in off the wire, go through the > > kernel, then into pptpd, then through the kernel and into pppd, then back > > through the kernel and into the application on the server. And vice versa > > on the way back out to the client. > > > > All this adds up to quite a lot of processing. Add to that 3DES > > encryption/decryption for each packet. > > > > Charlie Brady charlieb at e-smith.com > > Lead Product Developer > > Network Server Solutions Group http://www.e-smith.com/ > > Mitel Networks Corporation http://www.mitel.com/ > > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > -- -Rob From scottt at soccer.com Thu Dec 13 09:23:25 2001 From: scottt at soccer.com (Scott Taylor) Date: Thu, 13 Dec 2001 07:23:25 -0800 Subject: [pptp-server] Packages Message-ID: <3ABBD8BB738BED74788E46F888A3E1D9@scottt.soccer.com> An HTML attachment was scrubbed... URL: From scottt at soccer.com Thu Dec 13 09:26:51 2001 From: scottt at soccer.com (Scott Taylor) Date: Thu, 13 Dec 2001 07:26:51 -0800 Subject: [pptp-server] Multi VPN Message-ID: An HTML attachment was scrubbed... URL: From g.insolvibile at cpr.it Thu Dec 13 09:45:13 2001 From: g.insolvibile at cpr.it (Gianluca Insolvibile) Date: Thu, 13 Dec 2001 16:45:13 +0100 Subject: [pptp-server] Severe performance problems References: <200FAA488DE0D41194F10010B597610D2B93B5@jupiter.citadelcomputer.com.au> <3C186C00.A0C38B51@cpr.it> <1008254229.7573.6.camel@homer.amherst.com> Message-ID: <3C18CD09.29396407@cpr.it> I posted that kind of data since I think it's not unlikely that different versions/patches of kernel and pppd behave slightly differently (e.g. out-of-sequence packet reordering, stateless MPPE, and so on). Hence, performance may actually be affected by their version. On the other side, my config files contain no parameters related to data-plane handling of packets (except for 'speed', which I did not use anyway) and are mostly related to authentication mechanisms, encryption, etc. Gianluca Robert Dege wrote: > > I'm just curious, but would performance have to do with the version of > ppp/kernel that users are using? I don't remember people posting the > versions of the PPP software that they were using, I remember more of > their config files instead. > > I'm using ppp-2.3.11 with Kernel 2.2.19, and I believe that I have a > decent throughput. Of course, despite transferring data via smb, I > haven't really tested the total possible capabilities. But I think I > might test it today, just to see :) > > -Rob > > > Yes, actually I forgot to mention that performance in my case is not at all > > influenced when I switch off encryption. The same even when passing from MPPE > > 128 to MPPE 40. > > > > Gianluca > > > > George Vieira wrote: > > > > > > Yes this sounds true but rememeber alot of people having speed problems have > > > switched off encryption and it still made no difference so that can't be the > > > problem. > > > > > > thanks, > > > George Vieira > > > Systems Manager > > > Citadel Computer Systems P/L > > > > > > -----Original Message----- > > > From: Charlie Brady [mailto:charlieb at e-smith.com] > > > Sent: Thursday, 13 December 2001 3:00 AM > > > To: Gianluca Insolvibile > > > Cc: pptp-server at lists.schulte.org > > > Subject: Re: [pptp-server] Severe performance problems > > > > > > On Wed, 12 Dec 2001, Gianluca Insolvibile wrote: > > > > > > > I have seen the recent thread on the 'speed' option, but I am not > > > > using that. In my case, I suspect something strange is happening with > > > > TCP flow control over the PPTP channel, but just can't imagine what. > > > > > > An interesting theory indeed. > > > > > > A google search for "nagle tcp" reveals a number of possibilities, > > > including: > > > > > > http://www.icase.edu/coral/LinuxTCP.html > > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;q235624 > > > > > > The key negotiation for MPPE might introduce significant latency, and that > > > could affect the TCP transmission and retransmission timers. > > > > > > Remember too that PPTP packets must come in off the wire, go through the > > > kernel, then into pptpd, then through the kernel and into pppd, then back > > > through the kernel and into the application on the server. And vice versa > > > on the way back out to the client. > > > > > > All this adds up to quite a lot of processing. Add to that 3DES > > > encryption/decryption for each packet. > > > > > > Charlie Brady charlieb at e-smith.com > > > Lead Product Developer > > > Network Server Solutions Group http://www.e-smith.com/ > > > Mitel Networks Corporation http://www.mitel.com/ > > > Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 > > > From scottt at soccer.com Thu Dec 13 10:33:55 2001 From: scottt at soccer.com (Scott Taylor) Date: Thu, 13 Dec 2001 08:33:55 -0800 Subject: [pptp-server] Multi VPN Message-ID: Thanks Steve, It is as I thought. What software/solution are you using? My current setup is I have network "A" which is the main domain. "B" is a remote office. Plus I have a couple of remote users. I need to let two nodes from network "B" connect to "A" at the same time. I need to allow multiple VPN connections out of "A" to a VENDOR network. I have two or three remote users that need to be able to VPN to "A" "A" and "B" are currently behind 2.4 based firewalls. I've been racking my brain to make this work....I may have to go back to the 2.2 based kernel. If I created a "gateway" connection from "A" to "B" would that still allow multi VPN conections out from "A" to VENDOR? Thanks for your time. Regards, Scully ---- Begin Original Message ---- From: Steve Jorgensen Sent: Thu, 13 Dec 2001 08:31:09 -0800 To: 'Scott Taylor' Subject: RE: [pptp-server] Multi VPN That was a specific feeature of newer versions of the vpn-masq module of the 2.2 kernel series that utilized an undocumented and non-standard mechanism of Microsoft's. ?2.4 kernels follow the standard which cannot support multiple simultaneous connections from one specific IP to another. Based on a prior message I saw in this list, poptop on the back end will not support this even if you are using a 2.2 kernel that does. Note that if you are trying to do this, it's likely that you would be better off setting up a LAN-to-LAN PPTP connection and routing traffic using the single PPTP connection as a gateway. ?I have that set up for my employer and another closely affiliated associate company. ?We have NT/RRAS on our end talking PPTP to a Netopia DSL router at their end. ?One connection lets all 4 of them access our LAN, and it doesn't use up CPU resources on their workstations. On Thursday, December 13, 2001 7:27 AM, Scott Taylor [SMTP:scottt at soccer.com] wrote: > ?Does anyone know of a way to allow multiple VPN connections from one > ?network to the same VPN server, using a 2.4 kernel? > > ?I have it working on a 2.2.17 kernel with patches from the VPN masq > ?how to. Anyone got it working on 2.4? > > ?Cheers, > > ?Scully ---- End Original Message ---- THERE IS ONLY ONE... SOCCER.COM, The Center of the Soccer Universe http://www.soccer.com From Steve at SteveCowles.com Thu Dec 13 11:04:44 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 13 Dec 2001 11:04:44 -0600 Subject: [pptp-server] Multi VPN Message-ID: <90769AF04F76D41186C700A0C90AFC3EE949@defiant.infohiiway.com> As the other post states... what you are trying to accomplish cannot be done with the 2.4.x kernels. Although.... it looks like John Hardin has updated his website recently. If I understand the addition correctly, it looks like someone (Brian Kuschak) has developed a patch for netfilter with regards to pptp. What I'm uncertain of is whether it addresses your problem. i.e. multiple ip's connecting to a single server. Anyway, checkout: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html Specifically, the 2.4.x section. I'd would be interested in knowing if this patch addresses this problem. Good luck! Steve Cowles -----Original Message----- From: Scott Taylor [mailto:scottt at soccer.com] Sent: Thursday, December 13, 2001 9:27 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Multi VPN Does anyone know of a way to allow multiple VPN connections from one network to the same VPN server, using a 2.4 kernel? I have it working on a 2.2.17 kernel with patches from the VPN masq how to. Anyone got it working on 2.4? Cheers, Scully THERE IS ONLY ONE... SOCCER.COM, The Center of the Soccer Universe http://www.soccer.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From jorgens at coho.net Thu Dec 13 11:57:18 2001 From: jorgens at coho.net (Steve Jorgensen) Date: Thu, 13 Dec 2001 09:57:18 -0800 Subject: [pptp-server] Multi VPN Message-ID: <01C183BC.95129D80.jorgens@coho.net> On Thursday, December 13, 2001 9:05 AM, Cowles, Steve [SMTP:Steve at SteveCowles.com] wrote: > As the other post states... what you are trying to accomplish cannot be done > with the 2.4.x kernels. Although.... it looks like John Hardin has updated > his website recently. If I understand the addition correctly, it looks like > someone (Brian Kuschak) has developed a patch for netfilter with regards to > pptp. What I'm uncertain of is whether it addresses your problem. i.e. > multiple ip's connecting to a single server. > > Anyway, checkout: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html > > > Specifically, the 2.4.x section. I'd would be interested in knowing if this > patch addresses this problem. I imagine it must - otherwise, a PPTP patch would have no purpose with 2.4, would it? 2.4 handles GRE just fine if you don't need multiple clients from the same masqd LAN connecting to a single server, right? From scottt at soccer.com Thu Dec 13 12:44:05 2001 From: scottt at soccer.com (Scott Taylor) Date: Thu, 13 Dec 2001 10:44:05 -0800 Subject: [pptp-server] Multi VPN Message-ID: <61DE59E40F1D90947BAD865699520886@scottt.soccer.com> An HTML attachment was scrubbed... URL: From scottt at soccer.com Thu Dec 13 12:54:48 2001 From: scottt at soccer.com (Scott Taylor) Date: Thu, 13 Dec 2001 10:54:48 -0800 Subject: [pptp-server] Multi VPN Message-ID: <3E96FE75BF2B6AF4ABF2C6B6FED59197@scottt.soccer.com> An HTML attachment was scrubbed... URL: From Steve at SteveCowles.com Thu Dec 13 13:07:07 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 13 Dec 2001 13:07:07 -0600 Subject: [pptp-server] Multi VPN Message-ID: <90769AF04F76D41186C700A0C90AFC3EE94C@defiant.infohiiway.com> > -----Original Message----- > From: Steve Jorgensen [mailto:jorgens at coho.net] > Sent: Thursday, December 13, 2001 11:57 AM > To: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Multi VPN > > > On Thursday, December 13, 2001 9:05 AM, Cowles, Steve > > [SMTP:Steve at SteveCowles.com] wrote: > > > > As the other post states... what you are trying to > > accomplish cannot be done with the 2.4.x kernels. > > Although.... it looks like John Hardin has updated > > his website recently. If I understand the addition > > correctly, it looks like someone (Brian Kuschak) has > > developed a patch for netfilter with regards to > > pptp. What I'm uncertain of is whether it addresses > > your problem. i.e. multiple ip's connecting to a > > single server. > > > > Anyway, checkout: > > http://www.impsec.org/linux/masquerade/ip_masq_vpn.html > > > > Specifically, the 2.4.x section. I'd would be interested in > > knowing if this patch addresses this problem. > > I imagine it must - otherwise, a PPTP patch would have no > purpose with 2.4, would it? 2.4 handles GRE just fine if > you don't need multiple clients from the same masqd LAN > connecting to a single server, right? Thats my understanding of the current 2.4.x kernel/netfilter capabilites. A single GRE tunnel (client) per ip. Not multiple clients. I did have a chance to take a look at the referenced patch and it specifically patches the ip_conntrack module among others. Makes sense. Unfortunately, I will probably never be able to test this patch in a real world environment. So for future reference, I would be interested in knowing if this patch does address the multiple ip -> single capability on linux firewalls and whether or not its ready for a production environment. Steve Cowles From Steve at SteveCowles.com Thu Dec 13 13:15:13 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 13 Dec 2001 13:15:13 -0600 Subject: [pptp-server] Multi VPN Message-ID: <90769AF04F76D41186C700A0C90AFC3EE94D@defiant.infohiiway.com> > -----Original Message----- > From: Scott Taylor [mailto:scottt at soccer.com] > Sent: Thursday, December 13, 2001 12:55 PM > To: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Multi VPN > > > Right, but after the compile which files do I move too the slower > system....besides the bzImage? You would also want to install the modules. Be careful when compiling a kernel/modules on another system. The key to success is to insure your libraries/compiler revisions are the same on both system. I have personally had trouble when there was a mis-match. Good Luck Steve Cowles From scottt at soccer.com Thu Dec 13 13:10:04 2001 From: scottt at soccer.com (Scott Taylor) Date: Thu, 13 Dec 2001 11:10:04 -0800 Subject: [pptp-server] Multi VPN Message-ID: An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Thu Dec 13 15:47:46 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 14 Dec 2001 08:47:46 +1100 Subject: [pptp-server] Multi VPN Message-ID: <200FAA488DE0D41194F10010B597610D2B93CB@jupiter.citadelcomputer.com.au> What I don;t understand is why would you have multiple connections from the same network? Why doesn't the firewall at Network B connect to Network A and route all traffic through so both networks can access each other.. I do that at home with work.. 10.10.10.x network | 10.10.10.254 (route add -net 192.168.1.0/24 gw 10.0.0.1 10.0.0.2 | | net | | 10.0.0.1 (route add -net 10.10.10.0/24 10.0.0.2 192.168.1.254 | 192.168.1.X network You can firewall people you don't want access... Or am I missing something here...??? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Scott Taylor [mailto:scottt at soccer.com] Sent: Friday, 14 December 2001 2:27 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Multi VPN Does anyone know of a way to allow multiple VPN connections from one network to the same VPN server, using a 2.4 kernel? I have it working on a 2.2.17 kernel with patches from the VPN masq how to. Anyone got it working on 2.4? Cheers, Scully THERE IS ONLY ONE... SOCCER.COM, The Center of the Soccer Universe http://www.soccer.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From jorgens at coho.net Thu Dec 13 16:17:18 2001 From: jorgens at coho.net (Steve Jorgensen) Date: Thu, 13 Dec 2001 14:17:18 -0800 Subject: [pptp-server] Multi VPN Message-ID: <01C183E0.E006CEA0.jorgens@coho.net> [ sorry - I forgot to change the recipient on the try of this reply ] I do that too, but it took me weeks to debug WINS, etc. In retrospect, it might have been less hassle to have each machine make its own connection, then it maps into the remote subnet, and uses SMB like everyone else. I never would have had to learn what a WINS server was, much less that you should never install it on your RRAS machine unless you are a hard core masochist. I guess that's a possible reason - that, and there are fewer machines on the remote LAN that could be used as bridges to hack the host LAN. On the other side of the coin, Windows 9x and Me suffer from memory fragmentation issues that can require rebooting in order to make PPP or PPTP work again. That's not an issue when you use a router to handle the PPTP link. I've often thought it might be interesting to have a server that accepts PPPoE connections from inside the LAN and connects them to the PPTP connection to the other LAN. The PPTP connection would be up whenever one or more PPPoE connections was up and go down when the PPPoE count reaches zero, and only PPPoE links would get routed. One neat thing about this scenario is that the host could assign you a subnet, and you can use it successfully without renumbering your LAN IP addresses. On Thursday, December 13, 2001 1:48 PM, George Vieira [SMTP:GeorgeV at citadelcomputer.com.au] wrote: > What I don;t understand is why would you have multiple connections from the > same network? > Why doesn't the firewall at Network B connect to Network A and route all > traffic through so both networks can access each other.. I do that at home > with work.. > > > 10.10.10.x network > | > 10.10.10.254 (route add -net 192.168.1.0/24 gw 10.0.0.1 > 10.0.0.2 > | > | > net > | > | > 10.0.0.1 (route add -net 10.10.10.0/24 10.0.0.2 > 192.168.1.254 > | > 192.168.1.X network > > You can firewall people you don't want access... > > Or am I missing something here...??? > > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > > -----Original Message----- > From: Scott Taylor [mailto:scottt at soccer.com] > Sent: Friday, 14 December 2001 2:27 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Multi VPN > > > > Does anyone know of a way to allow multiple VPN connections from one > network to the same VPN server, using a 2.4 kernel? > > I have it working on a 2.2.17 kernel with patches from the VPN masq > how to. Anyone got it working on 2.4? > > Cheers, > > Scully > > > > > > > > > > THERE IS ONLY ONE... > SOCCER.COM, The Center of the Soccer Universe > http://www.soccer.com > > _______________________________________________ pptp-server maillist - > pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go > to the url just above this line. -- > << File: ATT00009.htm >> From Joe at Polcari.com Thu Dec 13 21:42:35 2001 From: Joe at Polcari.com (Joe Polcari) Date: Thu, 13 Dec 2001 22:42:35 -0500 Subject: [pptp-server] Multi VPN References: <61DE59E40F1D90947BAD865699520886@scottt.soccer.com> Message-ID: <3C19752B.513FD4B3@Polcari.com> Just config it for a 386 cpu and it should run on any x86 Scott Taylor wrote: > I let you know....the kernels cooking right now! > > Anyone know how to compile a kernel for a slower > machine on a faster > one? What files need to be moved to the slower > system after compiling > it? > > Scott > > ---- Begin Original Message ---- > > From: Steve Jorgensen > Sent: Thu, 13 Dec 2001 09:57:18 -0800 > To: "pptp-server at lists.schulte.org" > > Subject: RE: [pptp-server] Multi VPN > > > > > On Thursday, December 13, 2001 9:05 AM, Cowles, > Steve > [SMTP:Steve at SteveCowles.com] wrote: > > As the other post states... what you are trying > to accomplish > cannot be > done > > with the 2.4.x kernels. Although.... it looks > like John Hardin has > updated > > his website recently. If I understand the > addition correctly, it > looks > like > > someone (Brian Kuschak) has developed a patch > for netfilter with > regards > to > > pptp. What I'm uncertain of is whether it > addresses your problem. > i.e. > > multiple ip's connecting to a single server. > > > > Anyway, checkout: > > ttp://www.impsec.org/linux/masquerade/ip_masq_vpn.html > > > > > > > > > Specifically, the 2.4.x section. I'd would be > interested in knowing > if > this > > patch addresses this problem. > > I imagine it must - otherwise, a PPTP patch would > have no purpose > with 2.4, > would it? 2.4 handles GRE just fine if you don't > need multiple > clients > from the same masqd LAN connecting to a single > server, right? > _______________________________________________ > pptp-server maillist - > pptp-server at lists.schulte.org > > ttp://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this > line. -- > > > ---- End Original Message ---- > > > > > > > > > > > > THERE IS ONLY ONE... > SOCCER.COM, The Center of the Soccer Universe > http://www.soccer.com > > _______________________________________________ pptp-server maillist - > pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server --- To > unsubscribe, go to the url just above this line. -- From Joe at Polcari.com Thu Dec 13 21:46:48 2001 From: Joe at Polcari.com (Joe Polcari) Date: Thu, 13 Dec 2001 22:46:48 -0500 Subject: [pptp-server] Multi VPN References: <3E96FE75BF2B6AF4ABF2C6B6FED59197@scottt.soccer.com> Message-ID: <3C197628.64745462@Polcari.com> I do this for my 486/66 firewall laptop. I build it on a P2, configured as 486. It's been awhile but as I remember it, copy the /boot, /lib/modules and /usr/src/linux just because. on the 486 I redo /etc/modules.conf if it's needed, run depmod -a and lilo. I think that's it. Scott Taylor wrote: > Right, but after the compile which files do I move > too the slower > system....besides the bzImage? > > > Cheers, > Scott > > > > > > > > > > THERE IS ONLY ONE... > SOCCER.COM, The Center of the Soccer Universe > http://www.soccer.com > > _______________________________________________ pptp-server maillist - > pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server --- To > unsubscribe, go to the url just above this line. -- From Joe at Polcari.com Thu Dec 13 21:53:15 2001 From: Joe at Polcari.com (Joe Polcari) Date: Thu, 13 Dec 2001 22:53:15 -0500 Subject: [pptp-server] Multi VPN References: <200FAA488DE0D41194F10010B597610D2B93CB@jupiter.citadelcomputer.com.au> Message-ID: <3C1977AA.7C80C742@Polcari.com> This is a great idea IF you are one of a few who are doing it. If you have a few thousand people in your company (on the 10.10.10.x network) that want to connect their home network (and they may have different ips other than the 192.168.1.x example you give) then an automatic solution is desirable, hence VPNs. George Vieira wrote: > What I don;t understand is why would you have multiple connections > from the same network?Why doesn't the firewall at Network B connect to > Network A and route all traffic through so both networks can access > each other.. I do that at home with work..10.10.10.x > network|10.10.10.254 (route add -net 192.168.1.0/24 gw 10.0.0.1 > 10.0.0.2 | | net | | 10.0.0.1 (route add -net 10.10.10.0/24 > 10.0.0.2192.168.1.254|192.168.1.X networkYou can firewall people you > don't want access...Or am I missing something here...??? > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > -----Original Message----- > From: Scott Taylor [mailto:scottt at soccer.com] > Sent: Friday, 14 December 2001 2:27 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] Multi VPN > > > Does anyone know of a way to allow multiple VPN > connections from one > network to the same VPN server, using a 2.4 > kernel? > > I have it working on a 2.2.17 kernel with patches > from the VPN masq > how to. Anyone got it working on 2.4? > > Cheers, > > Scully > > > > > > > > > THERE IS ONLY ONE... > SOCCER.COM, The Center of the Soccer Universe > http://www.soccer.com > > _______________________________________________ pptp-server maillist - > pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server --- To > unsubscribe, go to the url just above this line. -- From basha at icsoft-us.com Fri Dec 14 01:16:38 2001 From: basha at icsoft-us.com (Basha ) Date: 14 Dec 2001 07:16:38 -0000 Subject: [pptp-server] Is it possible to allow all linux users with password to access PoPToP vpn with out adding chap-secret? Message-ID: <20011214071638.11343.qmail@icsoft-us.com> I installed pptpd rpm in Redhat linux 7.2 machine. I want set linux usernames and passwords authentication for connecting vpn. But i don't want to enter username and password in chap-secrets file. Is it possible? From muralivemuri at multitech.co.in Fri Dec 14 01:57:24 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Fri, 14 Dec 2001 13:27:24 +0530 Subject: [pptp-server] chap and pam Message-ID: <3C19B0E4.55C399A4@multitech.co.in> hi guys! well......... after i did a lot of circus with ppp and pptp and win98, well......i am left with only one question. can CHAP and PAM be interconnected? i.e., just like how i can authenticate the user with PAM when i manipulate the PAP secrets file, can some thing be done for CHAP? -- regards & thanks for your time, Murali Krishna Vemuri From muralivemuri at multitech.co.in Fri Dec 14 02:04:33 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Fri, 14 Dec 2001 13:34:33 +0530 Subject: [pptp-server] GRE: read error: Protocol not available References: <200FAA488DE0D41194F10010B597610D2B9338@JUPITER> Message-ID: <3C19B291.306AEDE@multitech.co.in> hey george! i went through this mail (yours) a bit more carefully and i observed that this is the same kinda problem i got. why don't you try to uninstall all the damn adapters on win client then you should add them only from add remove programs (in control panel) in win you should not do the same from network in control panel. and by the way, is your mppe working? regds George Vieira wrote: > Hey peeps,Rebuilding my firewall and reinstalling all the patches etc > for Kernel 2.4.16 and pppd 2.4.1 but I got errors when connecting > about a protocol not avialable.. I assume it's GRE as below.Which > options could this be in the kernel? Should it be a module or built > into the kernel? It's been a while since I've built kernels and done > anything with pptp.....argh! Dec 10 07:51:48 firewall pptpd[1201]: > CTRL: Starting call (launching pppd, opening GRE) > Dec 10 07:51:48 firewall kernel: CSLIP: code copyright 1989 Regents of > the University of California > Dec 10 07:51:48 firewall kernel: PPP generic driver version 2.4.1 > Dec 10 07:51:48 firewall pppd[1202]: pppd 2.4.1 started by root, uid 0 > > Dec 10 07:51:49 firewall pppd[1202]: Using interface ppp0 > Dec 10 07:51:49 firewall pppd[1202]: Connect: ppp0 <--> /dev/pts/0 > Dec 10 07:51:49 firewall pptpd[1201]: GRE: read error: Protocol not > available > Dec 10 07:51:49 firewall pptpd[1201]: CTRL: PTY read or GRE write > failed (pty,gre)=(5,6) > Dec 10 07:51:49 firewall pptpd[1201]: CTRL: Client x.x.x.x control > connection finished > Dec 10 07:51:49 firewall pppd[1202]: Modem hangup > Dec 10 07:51:49 firewall pppd[1202]: Connection terminated. > Dec 10 07:51:49 firewall pppd[1202]: Exit. > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From adam.brett at mail.internetseer.com Thu Dec 13 12:27:28 2001 From: adam.brett at mail.internetseer.com (adam.brett at mail.internetseer.com) Date: Thu, 13 Dec 2001 13:27:28 -0500 (EST) Subject: [pptp-server] Broken link on your website Message-ID: <1844633.1008268048257.JavaMail.promon@pm68> I noticed that your page: http://lists.schulte.org/pipermail/pptp-server/2000-April/002193.html contains a link to: http://lists.schulte.org/pipermail/pptp-server/2000-April/002190.html. The page at http://lists.schulte.org/pipermail/pptp-server/2000-April/002190.html cannot currently be accessed because of the following error: Time Out.? No one likes broken links on their website so we thought you?d like to be the first to know. WHO ARE WE? We?re Internetseer.com, the worlds largest FREE website monitoring service. One recent subscriber wrote the following; ?You did an awesome job identifying to me that our site went down and tracking it until it came back up again?. HOW CAN OUR SERVICE BE FREE? Our service is supported by advertisers and subscribers who purchase additional services, but our basic service is FREE. WHAT DO YOU GET FOR FREE? We?ll monitor your site once every hour, 24 hours a day, seven days a week for free. You can even have multiple people notified when we detect an error. In addition, you?ll receive a website performance report every week showing uptime percentages, average connect times, helpful links to others sites and of course promotions from our advertisers. You can cancel your free subscription at any time. This message is not spam because we are not trying to sell you a service. We are simply advising you that a link on your website is currently broken due to the error listed above. If you would like to subscribe to our free website monitoring service, please click on the following link: http://scclick.internetseer.com/sitecheck/clickthrough.jsp?I5s57l5i5j5f5d5k52R5sNyTA8fc5aWVzJVz5vSLWxx5dz_QPCTV5bwwM55P5qQxPz5m5c5eSLWxx5dz_QPCTV5bwwM5eNLzVzN6tLI5byzxy5czRPWRP5b5f5f5c5d5c5tyPXC5e5c5d5h5d5m5i5aXTCC55x5q5g=e3 If you do not wish to receive any further email messages from us, please respond to this message with the word ?cancel? in the subject line. You must leave the entire body of this message in your reply so we can accurately determine whom we originally notified about the broken link. We sincerely hope that you?ll become one of InternetSeer's 850,000 satisfied subscribers. Adam Brett? Web Site Analyst cs-adam.brett at mail.internetseer.com InternetSeer.com "Free Website Monitoring" http://www.internetseer.com ##pptp-server at lists.schulte.org## -------------- next part -------------- An HTML attachment was scrubbed... URL: From hif721941079 at geckomail.org Fri Dec 14 07:36:00 2001 From: hif721941079 at geckomail.org (Geckomail User) Date: Sat, 15 Dec 2001 00:36:00 +1100 Subject: [pptp-server] Problems with iPAQ clients? In-Reply-To: <01C183E0.E006CEA0.jorgens@coho.net> Message-ID: G'day everyone! I've been lurking on the list for a while now, but this is my first post. I was wondering if anyone else has tried to set up a VPN server for the Compaq iPAQ and PocketPC 2002. I'm running PoPToP on a box with the 2.2.19 kernel and all the patches suggested on the PoPToP web site, and everything works perfectly with Win98, Win2K and WinXP Pro clients. When I try to connect with the iPAQ, the VPN client can establish a connection (it uses 128-bit stateless MPPE) and all seems to be well. It obtains an IP address, default gateway, DNS servers etc and becomes addressable on the network. I can ping it from other hosts on my home LAN - for hours without fail. The problem is that as soon as I transmit any reasonable amount of data (eg. a web page) over the link, the VPN falls over and the iPAQ crashes (needs a hard reset). I'm thinking maybe it could be the iPAQ isn't handling a full IP packet - it handles all the small ICMP packets, but when I send large (full) packets in downloading files (or even ping -s 1500
) it crashes. I've tried reducing the max MTU, thinking that perhaps it has buffer troubles, but to no avail. Tried settings of 1500, 1412 (same as PPPoE); 1000, 500 and 412. No luck - same problem. Has anyone else experienced this kind of problem? Is there a known bug in PocketPC 2002's PPTP implementation? Does anyone have it working? Regards, Andrew From alien at alienworld.org Fri Dec 14 07:52:17 2001 From: alien at alienworld.org (Alen Salamun) Date: Fri, 14 Dec 2001 14:52:17 +0100 Subject: [pptp-server] Problems with iPAQ clients? References: Message-ID: <004b01c184a6$8b0199a0$6400a8c0@widelabs.net> Hi! You can be lucky. My iPAQ won't even connect to our LiNUX pptp server. No way....I have tried it over cradle, over GSM...Nothing...It halts on point where PC is sending ppp config req to iPAQ but then it seems like it doesn't get any reply and it fails. All other clients work OK (Win98, Win2000...). Did you have to change anything particular in configuration of PPP or PPTP server on LiNUX?? Regards, Alen Salamun ----- Original Message ----- From: "Geckomail User" To: Sent: Friday, December 14, 2001 2:36 PM Subject: [pptp-server] Problems with iPAQ clients? > G'day everyone! > > I've been lurking on the list for a while now, but this is my first post. I > was wondering if anyone else has tried to set up a VPN server for the Compaq > iPAQ and PocketPC 2002. > > I'm running PoPToP on a box with the 2.2.19 kernel and all the patches > suggested on the PoPToP web site, and everything works perfectly with Win98, > Win2K and WinXP Pro clients. > > When I try to connect with the iPAQ, the VPN client can establish a > connection (it uses 128-bit stateless MPPE) and all seems to be well. It > obtains an IP address, default gateway, DNS servers etc and becomes > addressable on the network. I can ping it from other hosts on my home LAN - > for hours without fail. > > The problem is that as soon as I transmit any reasonable amount of data (eg. > a web page) over the link, the VPN falls over and the iPAQ crashes (needs a > hard reset). > > I'm thinking maybe it could be the iPAQ isn't handling a full IP packet - it > handles all the small ICMP packets, but when I send large (full) packets in > downloading files (or even ping -s 1500
) it crashes. > > I've tried reducing the max MTU, thinking that perhaps it has buffer > troubles, but to no avail. Tried settings of 1500, 1412 (same as PPPoE); > 1000, 500 and 412. No luck - same problem. > > Has anyone else experienced this kind of problem? Is there a known bug in > PocketPC 2002's PPTP implementation? Does anyone have it working? > > > Regards, > Andrew > > > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > From hif721941079 at geckomail.org Fri Dec 14 07:58:52 2001 From: hif721941079 at geckomail.org (Geckomail User) Date: Sat, 15 Dec 2001 00:58:52 +1100 Subject: [pptp-server] Problems with iPAQ clients? Message-ID: G'day! > You can be lucky. My iPAQ won't even connect to our LiNUX pptp > server. No way....I have tried it over cradle, over GSM.. > Nothing...It halts on point where PC is sending ppp config req > to iPAQ but then it seems like it doesn't get any reply and it > fails. That might be your problem; see below... > All other clients work OK (Win98, Win2000...). Did you have to > change anything particular in configuration of PPP or PPTP server > on LiNUX?? The iPAQ doesn't appear to like 40-bit encryption (or none, for that matter) so I had to make sure I had the mppe-128 setting in my pppd options file; other than that it was pretty straight-forward. Remember that the cradle only has pseudo-IP connectivity - ActiveSync and the iPAQ talk to each other over a 192.168.115.0/30 network or something dodgy like that - IIRC it's a 2 bit subnet (2 hosts, one broadcast and one subnet address) and the Windows host that's running ActiveSync doesn't forward packets. If you want any IP connectivity for the iPAQ using the cradle, you're out of luck :( This is the offical word from Compaq, unfortunately. Using GSM, you might be encountering the problem of the PPP implementation not being reentrant (i.e. only one instance of the PPP code can run on the iPAQ at any one time). With a GSM circuit-switched data connection you already have one instance of PPP code just to provide you with IP connectivity to your ISP; using it again for PPTP probably won't work. I'm using the iPAQ over a wireless (802.11b) LAN. I've tried three different wireless cards now (Cisco Aironet, Lucent Orinoco Gold and Nokia C020), in addition to using a standard NE2000-compatible Ethernet (wireline) card connected to the same Ethernet segment as the wireless base station. Regards, Andrew From charlieb at e-smith.com Fri Dec 14 10:05:02 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 14 Dec 2001 11:05:02 -0500 (EST) Subject: [pptp-server] Problems with iPAQ clients? In-Reply-To: Message-ID: On Sat, 15 Dec 2001, Geckomail User wrote: > The problem is that as soon as I transmit any reasonable amount of data (eg. > a web page) over the link, the VPN falls over and the iPAQ crashes (needs a > hard reset). If the iPAQ crashes, there's a bug in the iPAQ software. That much is easy. Perhaps some of the folk from Compaq on this list can let you know who might be interested in the details or be able to help. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From luismi at adpsoft.com Fri Dec 14 12:04:45 2001 From: luismi at adpsoft.com (LuisMi) Date: Fri, 14 Dec 2001 19:04:45 +0100 (CET) Subject: [pptp-server] PPTP & IPX & FIFA98 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am trying to run with a friend this configuration: IPX over PPTP beacuse we want to play Fifa 98 (fifa 98 doesn?t support tcp/ip) The scheme is... Windows Me (my friend)---internet--> My linux server with PPTP <---LAN--My PC I added ipx support to options.pptp file but we can?t play. Any idea? - -- +---------------------- | Luis Miguel Cruz. | | Public Key: http://www.flcnet.es/tbe/luismi/nadie/luismi_adp.asc | ----------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjwaPz0ACgkQvQHLTzrFJlcABgCggEkTQuTBKWtUjUhet148r6js wicAn30u687E3QLG+rG/wETVMhhXTgrp =0Lfi -----END PGP SIGNATURE----- From bcollins at newnanutilities.org Fri Dec 14 13:59:04 2001 From: bcollins at newnanutilities.org (Brian Collins) Date: Fri, 14 Dec 2001 14:59:04 -0500 Subject: [pptp-server] Is it possible to allow all linux users with password to access PoPToP vpn with out adding chap-secret? In-Reply-To: <20011214071638.11343.qmail@icsoft-us.com> Message-ID: <4.3.2.7.2.20011214145813.00bc5a40@mail.nwl.org> >I installed pptpd rpm in Redhat linux 7.2 machine. I want set linux >usernames and passwords authentication for connecting vpn. But i don't >want to enter username and password in chap-secrets file. Is it >possible? If the username in chap-secrets and /etc/passwd match, you should be able to use * as the password in chap-secrets. Anyone verify this for me? --Brian Collins From vorlon at netexpress.net Fri Dec 14 14:15:56 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Fri, 14 Dec 2001 14:15:56 -0600 Subject: [pptp-server] Is it possible to allow all linux users with password to access PoPToP vpn with out adding chap-secret? In-Reply-To: <4.3.2.7.2.20011214145813.00bc5a40@mail.nwl.org> References: <20011214071638.11343.qmail@icsoft-us.com> <4.3.2.7.2.20011214145813.00bc5a40@mail.nwl.org> Message-ID: <20011214141556.I1000@netexpress.net> On Fri, Dec 14, 2001 at 02:59:04PM -0500, Brian Collins wrote: > >I installed pptpd rpm in Redhat linux 7.2 machine. I want set linux > >usernames and passwords authentication for connecting vpn. But i don't > >want to enter username and password in chap-secrets file. Is it > >possible? > If the username in chap-secrets and /etc/passwd match, you should be able > to use * as the password in chap-secrets. Incorrect. CHAP *requires* that the server be able to access the cleartext of the password being used. You can never use CHAP to authenticate against a Unix password file. Steve Langasek postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From bcollins at newnanutilities.org Fri Dec 14 14:18:05 2001 From: bcollins at newnanutilities.org (Brian Collins) Date: Fri, 14 Dec 2001 15:18:05 -0500 Subject: [pptp-server] Is it possible to allow all linux users with password to access PoPToP vpn with out adding chap-secret? In-Reply-To: <20011214141556.I1000@netexpress.net> References: <4.3.2.7.2.20011214145813.00bc5a40@mail.nwl.org> <20011214071638.11343.qmail@icsoft-us.com> <4.3.2.7.2.20011214145813.00bc5a40@mail.nwl.org> Message-ID: <4.3.2.7.2.20011214151738.00e54df0@mail.nwl.org> > > If the username in chap-secrets and /etc/passwd match, you should be able > > to use * as the password in chap-secrets. > >Incorrect. CHAP *requires* that the server be able to access the >cleartext of the password being used. You can never use CHAP to >authenticate against a Unix password file. Thanks for the correction. :-) --Brian C. From charlieb at e-smith.com Fri Dec 14 14:30:31 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Fri, 14 Dec 2001 15:30:31 -0500 (EST) Subject: [pptp-server] Is it possible to allow all linux users with password to access PoPToP vpn with out adding chap-secret? In-Reply-To: <4.3.2.7.2.20011214145813.00bc5a40@mail.nwl.org> Message-ID: On Fri, 14 Dec 2001, Brian Collins wrote: > >I installed pptpd rpm in Redhat linux 7.2 machine. I want set linux > >usernames and passwords authentication for connecting vpn. But i don't > >want to enter username and password in chap-secrets file. Is it > >possible? > > If the username in chap-secrets and /etc/passwd match, you should be able > to use * as the password in chap-secrets. > > Anyone verify this for me? No, you can't use /etc/passwd secrets for CHAP. You can, however, use /etc/smbpasswd passwords for MS-CHAP. There are patches for pppd to support that. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From scottt at soccer.com Fri Dec 14 15:34:21 2001 From: scottt at soccer.com (Scott Taylor) Date: Fri, 14 Dec 2001 13:34:21 -0800 Subject: [pptp-server] Multi VPN Message-ID: <1D1F2CEEA63D1434497307BDF9F25FB6@scottt.soccer.com> An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OriginalBody.htm Type: application/octet-stream Size: 3245 bytes Desc: OriginalBody.htm URL: From djm at wiz.net.au Fri Dec 14 18:38:25 2001 From: djm at wiz.net.au (David Moylan) Date: Sat, 15 Dec 2001 11:38:25 +1100 Subject: [pptp-server] Problems with iPAQ clients? In-Reply-To: Message-ID: <000701c18500$ce8ff680$1464a8c0@dmoylan> I use windows 2000 as the host with my ipaq and the pc "masquerades/proxies" my connection so I have pseudo live connectivity. Ie: with the ipaq in the cradle I can surf the net, run Microsoft messenger, use the terminal server client and send/receive e-mail with external POP3 mail servers. The same of course works when I use the infrared or serial port with my mobile phone or an external modem. I haven't tried any pptp action with the ipaq as yet, but I just wanted to state that live action from the ipaq in the cradle *does* work. Cheers, Wiz!! -----Original Message----- Remember that the cradle only has pseudo-IP connectivity - ActiveSync and the iPAQ talk to each other over a 192.168.115.0/30 network or something dodgy like that - IIRC it's a 2 bit subnet (2 hosts, one broadcast and one subnet address) and the Windows host that's running ActiveSync doesn't forward packets. If you want any IP connectivity for the iPAQ using the cradle, you're out of luck :( This is the offical word from Compaq, unfortunately. From faralla at gmx.de Fri Dec 14 18:46:47 2001 From: faralla at gmx.de (Faralla) Date: Sat, 15 Dec 2001 01:46:47 +0100 Subject: AW: [pptp-server] PPTP & IPX & FIFA98 In-Reply-To: Message-ID: > -----Urspr?ngliche Nachricht----- > Von: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]Im Auftrag von LuisMi > Gesendet: Freitag, 14. Dezember 2001 19:05 > An: pptp-server at lists.schulte.org > Betreff: [pptp-server] PPTP & IPX & FIFA98 > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am trying to run with a friend this configuration: IPX over > PPTP beacuse > we want to play Fifa 98 (fifa 98 doesn?t support tcp/ip) > > The scheme is... > Windows Me (my friend)---internet--> My linux server with PPTP > <---LAN--My PC > > I added ipx support to options.pptp file but we can?t play. > Any idea? Do you have IPX-support compiled into the kernel? Faralla From hif721941079 at geckomail.org Fri Dec 14 20:28:06 2001 From: hif721941079 at geckomail.org (Geckomail User) Date: Sat, 15 Dec 2001 13:28:06 +1100 Subject: [pptp-server] Problems with iPAQ clients? In-Reply-To: <000701c18500$ce8ff680$1464a8c0@dmoylan> Message-ID: G'day! > I use windows 2000 as the host with my ipaq and the pc > "masquerades/proxies" my connection so I have pseudo live > connectivity. The key here is proxies; more follows. > Ie: with the ipaq in the cradle I can surf the net, run > Microsoft messenger, use the terminal server client and > send/receive e-mail with external POP3 mail servers. All these services are proxied by ActiveSync. You can do all these things without access to a full TCP/IP protocol stack. > The same of course works when I use the infrared or serial > port with my mobile phone or an external modem. No arguments there - with a mobile or modem you'll have direct IP connectivity and all should work - except for the problems with running two instances of PPP, which we don't yet know is possible. > I haven't tried any pptp action with the ipaq as yet, but > I just wanted to state that live action from the ipaq in > the cradle *does* work. Unfortunately, that's not correct. I wish it were, believe me. ActiveSync will proxy connections for anything it knows about (POP3, IMAP4, SMTP, HTTP, Messenger, AvantGo and a few others) but it won't do any kind of IP forwarding. I have written sockets-based applications for PocketPC/iPAQ and this is the problem I ran into. With an external modem or network card everything was fine; with the iPAQ cradled, my code would fail on the open socket call. I spent many hours combing the web and Compaq's technical support site, only to be told that raw TCP/IP was not available in the cradle. As I said before, this is the official word from Compaq - the server-side (Windows) software just doesn't support it. The only way to make this happen is to have the host proxy a connection. Whether or not this is relevant to this list is uncertain - if ActiveSync understands PPTP and is willing to forward GRE packets as well as TCP, then woohoo! That would be part of the problem solved. Anyway, we're getting a bit off-topic here; if anyone has actually managed to get a PPTP connection working between an iPAQ and *anything*, please yell out. Regards, Andrew From hif721941079 at geckomail.org Fri Dec 14 20:39:26 2001 From: hif721941079 at geckomail.org (Geckomail User) Date: Sat, 15 Dec 2001 13:39:26 +1100 Subject: [pptp-server] Problems with iPAQ clients? In-Reply-To: Message-ID: G'day! > If the iPAQ crashes, there's a bug in the iPAQ software. > That much is easy. Yup. I'm having trouble believing the server's broken, given that it works with three other OSes. Has anyone managed to get one talking to anything? i.e. Windows 2k Server or Advanced Server? I've had to nuke my test machine at work so I don't have a working installation of either of these. Maybe there's a workaround that we can use until the bug is fixed... > Perhaps some of the folk from Compaq on this list can let > you know who might be interested in the details or be > able to help. Hope so - any takers? :) Regards, Andrew From charlieb at e-smith.com Sat Dec 15 00:14:52 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Sat, 15 Dec 2001 01:14:52 -0500 (EST) Subject: [pptp-server] Problems with iPAQ clients? In-Reply-To: Message-ID: On Sat, 15 Dec 2001, Geckomail User wrote: > > If the iPAQ crashes, there's a bug in the iPAQ software. > > That much is easy. > > Yup. I'm having trouble believing the server's broken, given that it works > with three other OSes. It doesn't matter whether the server works with zero, one or a thousand other clients, if the iPAQ crashes, there's a bug in the iPAQ software. Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From Josh.Howlett at bristol.ac.uk Sat Dec 15 05:43:58 2001 From: Josh.Howlett at bristol.ac.uk (Josh Howlett) Date: Sat, 15 Dec 2001 11:43:58 +0000 (GMT) Subject: [pptp-server] Problems with iPAQ clients? In-Reply-To: Message-ID: Andrew, What network medium (ethernet, 802.11b...) are you using? josh. On Sat, 15 Dec 2001, Geckomail User wrote: > G'day everyone! > > I've been lurking on the list for a while now, but this is my first post. I > was wondering if anyone else has tried to set up a VPN server for the Compaq > iPAQ and PocketPC 2002. > > I'm running PoPToP on a box with the 2.2.19 kernel and all the patches > suggested on the PoPToP web site, and everything works perfectly with Win98, > Win2K and WinXP Pro clients. > > When I try to connect with the iPAQ, the VPN client can establish a > connection (it uses 128-bit stateless MPPE) and all seems to be well. It > obtains an IP address, default gateway, DNS servers etc and becomes > addressable on the network. I can ping it from other hosts on my home LAN - > for hours without fail. > > The problem is that as soon as I transmit any reasonable amount of data (eg. > a web page) over the link, the VPN falls over and the iPAQ crashes (needs a > hard reset). > > I'm thinking maybe it could be the iPAQ isn't handling a full IP packet - it > handles all the small ICMP packets, but when I send large (full) packets in > downloading files (or even ping -s 1500
) it crashes. > > I've tried reducing the max MTU, thinking that perhaps it has buffer > troubles, but to no avail. Tried settings of 1500, 1412 (same as PPPoE); > 1000, 500 and 412. No luck - same problem. > > Has anyone else experienced this kind of problem? Is there a known bug in > PocketPC 2002's PPTP implementation? Does anyone have it working? > > > Regards, > Andrew > > > > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > > --------------------------------------- Josh Howlett, Network Support Officer, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 0117 928 7850 | josh.howlett at bris.ac.uk --------------------------------------- From Steve at SteveCowles.com Sat Dec 15 10:13:35 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sat, 15 Dec 2001 10:13:35 -0600 Subject: [pptp-server] Multi VPN Message-ID: <90769AF04F76D41186C700A0C90AFC3EE951@defiant.infohiiway.com> Scott, Thanks for reporting back your findings about this topic to the list. It's good to know that the multi-one patch capabilities now exist for the 2.4.x series kernels. Steve Cowles > -----Original Message----- > From: Scott Taylor [mailto:scottt at soccer.com] > Sent: Friday, December 14, 2001 3:34 PM > To: pptp-server at lists.schulte.org > Subject: RE: [pptp-server] Multi VPN > > > Yes, The patch from: > > http://www.impsec.org/linux/masquerade/ip_masq_vpn.html > > Allows Masquerading of multiple VPN connections > out of your firewall. Works like a charm thanks > Steve. > > Awesome, woooooohoooo! > > Scully From mrgermany at t-online.de Sat Dec 15 10:54:54 2001 From: mrgermany at t-online.de (Roland H) Date: Sat, 15 Dec 2001 17:54:54 +0100 Subject: [pptp-server] PPTP Connection Problems (not replacing default route to ppp0) Message-ID: <001c01c18589$38a92ef0$1400a8c0@roland> Hi, I installed the PopTop pptpd server and I have got a problem with it! I set every settings like the howto on their web page but the connection still won't work! Everytime I want to connect to my Suse Linux 7.2 Box I get the Error 721. Could someone please take a look at my /var/log/messages and pptpd.log to tell me what I did wrong!! Please give me some help! I have no further Ideas! My Linux Box is connected to the internet with the roaring pinguin pppoe, when I disconnect it (or delete the default route, then it works! Why? Thank you all! P.S. I'm new in Linux and very new in VPN, please try to give me simple answers! ;-) Thank you! (options-pptp:) name server lock mtu 1490 mru 1490 proxyarp noauth +chap +chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless debug (pptpd.conf:) speed 115200 option /etc/ppp/options-pptp debug localip 192.168.0.234-238,192.168.0.245 remoteip 192.168.1.234-238,192.168.1.245 (/var/log/pptpd.log:) Dec 9 20:56:41 Server pptpd[719]: MGR: Reaped child 2102 Dec 9 20:57:28 Server pptpd[2106]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 9 20:57:28 Server pptpd[2106]: CTRL: local address = 192.168.0.234 Dec 9 20:57:28 Server pptpd[2106]: CTRL: remote address = 192.168.1.234 Dec 9 20:57:28 Server pptpd[2106]: CTRL: pppd speed = 115200 Dec 9 20:57:28 Server pptpd[2106]: CTRL: pppd options file = /etc/ppp/options-pptp Dec 9 20:57:28 Server pptpd[2106]: CTRL: Client 192.168.0.20 control connection started Dec 9 20:57:28 Server pptpd[2106]: CTRL: Received PPTP Control Message (type: 1) Dec 9 20:57:28 Server pptpd[2106]: CTRL: Made a START CTRL CONN RPLY packet Dec 9 20:57:28 Server pptpd[2106]: CTRL: I wrote 156 bytes to the client. Dec 9 20:57:28 Server pptpd[2106]: CTRL: Sent packet to client Dec 9 20:57:28 Server pptpd[2106]: CTRL: Received PPTP Control Message (type: 7) Dec 9 20:57:28 Server pptpd[2106]: CTRL: Set parameters to 1525 maxbps, 64 window size Dec 9 20:57:28 Server pptpd[2106]: CTRL: Made a OUT CALL RPLY packet Dec 9 20:57:28 Server pptpd[2106]: CTRL: Starting call (launching pppd, opening GRE) Dec 9 20:57:28 Server pptpd[2106]: CTRL: pty_fd = 5 Dec 9 20:57:28 Server pptpd[2106]: CTRL: tty_fd = 6 Dec 9 20:57:28 Server pptpd[2106]: CTRL: I wrote 32 bytes to the client. Dec 9 20:57:28 Server pptpd[2107]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 9 20:57:28 Server pptpd[2106]: CTRL: Sent packet to client Dec 9 20:57:28 Server pptpd[2107]: CTRL (PPPD Launcher): local address = 192.168.0.234 Dec 9 20:57:28 Server pptpd[2106]: CTRL: Received PPTP Control Message (type: 15) Dec 9 20:57:28 Server pptpd[2107]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Dec 9 20:57:28 Server pptpd[2106]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 9 20:58:05 Server pptpd[2106]: CTRL: Received PPTP Control Message (type: 12) Dec 9 20:58:05 Server pptpd[2106]: CTRL: Made a CALL DISCONNECT RPLY packet Dec 9 20:58:05 Server pptpd[2106]: CTRL: Received CALL CLR request (closing call) Dec 9 20:58:05 Server pptpd[2106]: CTRL: I wrote 148 bytes to the client. Dec 9 20:58:05 Server pptpd[2106]: CTRL: Sent packet to client Dec 9 20:58:05 Server pptpd[2106]: CTRL: Error with select(), quitting Dec 9 20:58:05 Server pptpd[2106]: CTRL: Client 192.168.0.20 control connection finished Dec 9 20:58:05 Server pptpd[2106]: CTRL: Exiting now (/var/log/messages:) Dec 8 18:21:04 Server pptpd[1182]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 8 18:21:05 Server pptpd[1182]: CTRL: local address = 192.168.0.234 Dec 8 18:21:05 Server pptpd[1182]: CTRL: remote address = 192.168.1.234 Dec 8 18:21:05 Server pptpd[1182]: CTRL: pppd speed = 115200 Dec 8 18:21:05 Server pptpd[1182]: CTRL: pppd options file = /etc/ppp/options-pptp Dec 8 18:21:05 Server pptpd[1182]: CTRL: Client 192.168.0.20 control connection started Dec 8 18:21:05 Server pptpd[1182]: CTRL: Received PPTP Control Message (type: 1) Dec 8 18:21:05 Server pptpd[1182]: CTRL: Made a START CTRL CONN RPLY packet Dec 8 18:21:05 Server pptpd[1182]: CTRL: I wrote 156 bytes to the client. Dec 8 18:21:05 Server pptpd[1182]: CTRL: Sent packet to client Dec 8 18:21:05 Server pptpd[1182]: CTRL: Received PPTP Control Message (type: 7) Dec 8 18:21:05 Server pptpd[1182]: CTRL: Set parameters to 1525 maxbps, 64 window size Dec 8 18:21:05 Server pptpd[1182]: CTRL: Made a OUT CALL RPLY packet Dec 8 18:21:05 Server pptpd[1182]: CTRL: Starting call (launching pppd, opening GRE) Dec 8 18:21:05 Server pptpd[1182]: CTRL: pty_fd = 9 Dec 8 18:21:05 Server pptpd[1182]: CTRL: tty_fd = 10 Dec 8 18:21:05 Server pptpd[1183]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 8 18:21:05 Server pptpd[1183]: CTRL (PPPD Launcher): local address = 192.168.0.234 Dec 8 18:21:05 Server pptpd[1182]: CTRL: I wrote 32 bytes to the client. Dec 8 18:21:05 Server pptpd[1183]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Dec 8 18:21:05 Server pptpd[1182]: CTRL: Sent packet to client Dec 8 18:21:05 Server pptpd[1182]: CTRL: Received PPTP Control Message (type: 15) Dec 8 18:21:05 Server pptpd[1182]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 8 18:21:05 Server pppd[1183]: pppd 2.4.0 started by root, uid 0 Dec 8 18:21:05 Server pppd[1183]: Using interface ppp3 Dec 8 18:21:05 Server pppd[1183]: not replacing default route to ppp0 [212.185.255.141] Dec 8 18:21:05 Server pppd[1183]: local IP address 192.168.0.234 Dec 8 18:21:05 Server pppd[1183]: remote IP address 192.168.1.234 Dec 8 18:21:12 Server pptpd[1182]: CTRL: Received PPTP Control Message (type: 15) Dec 8 18:21:12 Server pptpd[1182]: CTRL: Got a SET LINK INFO packet with standard ACCMs -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Sat Dec 15 23:31:09 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Sun, 16 Dec 2001 11:01:09 +0530 Subject: [pptp-server] PPTP Connection Problems (not replacing default route to ppp0) References: <001c01c18589$38a92ef0$1400a8c0@roland> Message-ID: <3C1C319D.D9DD180A@multitech.co.in> in the /etc/pptpd.conf file, first put only one ip in the local ip . then for the remote ip, put a range of the same subnet as of the local ip. this should solve your problem. regds murali Roland H wrote: > Hi, > > I installed the PopTop pptpd server and I have got a problem with it! > I set every settings like the howto on their web page but the > connection > still won't work! > Everytime I want to connect to my Suse Linux 7.2 Box I get the Error > 721. > Could someone please take a look at my /var/log/messages and pptpd.log > to > tell me what I did wrong!! > Please give me some help! I have no further Ideas! > My Linux Box is connected to the internet with the roaring pinguin > pppoe, > when I disconnect it (or delete the default route, then it works! Why? > > > > Thank you all! > P.S. I'm new in Linux and very new in VPN, please try to give me > simple > answers! ;-) Thank you! > > (options-pptp:) > > name server > lock > mtu 1490 > mru 1490 > proxyarp > noauth > +chap > +chapms > +chapms-v2 > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > mppe-128 > mppe-40 > mppe-stateless > debug > > (pptpd.conf:) > speed 115200 > option /etc/ppp/options-pptp > debug > localip 192.168.0.234-238,192.168.0.245 > remoteip 192.168.1.234-238,192.168.1.245 > > > (/var/log/pptpd.log:) > > Dec 9 20:56:41 Server pptpd[719]: MGR: Reaped child 2102 > Dec 9 20:57:28 Server pptpd[2106]: MGR: Launching /usr/sbin/pptpctrl > to > handle client > Dec 9 20:57:28 Server pptpd[2106]: CTRL: local address = 192.168.0.234 > > Dec 9 20:57:28 Server pptpd[2106]: CTRL: remote address = > 192.168.1.234 > Dec 9 20:57:28 Server pptpd[2106]: CTRL: pppd speed = 115200 > Dec 9 20:57:28 Server pptpd[2106]: CTRL: pppd options file = > /etc/ppp/options-pptp > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Client 192.168.0.20 control > connection started > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Received PPTP Control Message > > (type: 1) > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Made a START CTRL CONN RPLY > packet > Dec 9 20:57:28 Server pptpd[2106]: CTRL: I wrote 156 bytes to the > client. > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Sent packet to client > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Received PPTP Control Message > > (type: 7) > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Set parameters to 1525 > maxbps, 64 > window size > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Made a OUT CALL RPLY packet > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Starting call (launching > pppd, > opening GRE) > Dec 9 20:57:28 Server pptpd[2106]: CTRL: pty_fd = 5 > Dec 9 20:57:28 Server pptpd[2106]: CTRL: tty_fd = 6 > Dec 9 20:57:28 Server pptpd[2106]: CTRL: I wrote 32 bytes to the > client. > Dec 9 20:57:28 Server pptpd[2107]: CTRL (PPPD Launcher): Connection > speed = > 115200 > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Sent packet to client > Dec 9 20:57:28 Server pptpd[2107]: CTRL (PPPD Launcher): local address > = > 192.168.0.234 > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Received PPTP Control Message > > (type: 15) > Dec 9 20:57:28 Server pptpd[2107]: CTRL (PPPD Launcher): remote > address = > 192.168.1.234 > Dec 9 20:57:28 Server pptpd[2106]: CTRL: Got a SET LINK INFO packet > with > standard ACCMs > Dec 9 20:58:05 Server pptpd[2106]: CTRL: Received PPTP Control Message > > (type: 12) > Dec 9 20:58:05 Server pptpd[2106]: CTRL: Made a CALL DISCONNECT RPLY > packet > Dec 9 20:58:05 Server pptpd[2106]: CTRL: Received CALL CLR request > (closing > call) > Dec 9 20:58:05 Server pptpd[2106]: CTRL: I wrote 148 bytes to the > client. > Dec 9 20:58:05 Server pptpd[2106]: CTRL: Sent packet to client > Dec 9 20:58:05 Server pptpd[2106]: CTRL: Error with select(), quitting > > Dec 9 20:58:05 Server pptpd[2106]: CTRL: Client 192.168.0.20 control > connection finished > Dec 9 20:58:05 Server pptpd[2106]: CTRL: Exiting now > > (/var/log/messages:) > Dec 8 18:21:04 Server pptpd[1182]: MGR: Launching /usr/sbin/pptpctrl > to > handle client > Dec 8 18:21:05 Server pptpd[1182]: CTRL: local address = 192.168.0.234 > > Dec 8 18:21:05 Server pptpd[1182]: CTRL: remote address = > 192.168.1.234 > Dec 8 18:21:05 Server pptpd[1182]: CTRL: pppd speed = 115200 > Dec 8 18:21:05 Server pptpd[1182]: CTRL: pppd options file = > /etc/ppp/options-pptp > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Client 192.168.0.20 control > connection started > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Received PPTP Control Message > > (type: 1) > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Made a START CTRL CONN RPLY > packet > Dec 8 18:21:05 Server pptpd[1182]: CTRL: I wrote 156 bytes to the > client. > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Sent packet to client > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Received PPTP Control Message > > (type: 7) > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Set parameters to 1525 > maxbps, 64 > window size > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Made a OUT CALL RPLY packet > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Starting call (launching > pppd, > opening GRE) > Dec 8 18:21:05 Server pptpd[1182]: CTRL: pty_fd = 9 > Dec 8 18:21:05 Server pptpd[1182]: CTRL: tty_fd = 10 > Dec 8 18:21:05 Server pptpd[1183]: CTRL (PPPD Launcher): Connection > speed = > 115200 > Dec 8 18:21:05 Server pptpd[1183]: CTRL (PPPD Launcher): local address > = > 192.168.0.234 > Dec 8 18:21:05 Server pptpd[1182]: CTRL: I wrote 32 bytes to the > client. > Dec 8 18:21:05 Server pptpd[1183]: CTRL (PPPD Launcher): remote > address = > 192.168.1.234 > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Sent packet to client > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Received PPTP Control Message > > (type: 15) > Dec 8 18:21:05 Server pptpd[1182]: CTRL: Got a SET LINK INFO packet > with > standard ACCMs > Dec 8 18:21:05 Server pppd[1183]: pppd 2.4.0 started by root, uid 0 > Dec 8 18:21:05 Server pppd[1183]: Using interface ppp3 > Dec 8 18:21:05 Server pppd[1183]: not replacing default route to ppp0 > [212.185.255.141] > Dec 8 18:21:05 Server pppd[1183]: local IP address 192.168.0.234 > Dec 8 18:21:05 Server pppd[1183]: remote IP address 192.168.1.234 > Dec 8 18:21:12 Server pptpd[1182]: CTRL: Received PPTP Control Message > > (type: 15) > Dec 8 18:21:12 Server pptpd[1182]: CTRL: Got a SET LINK INFO packet > with > standard ACCMs > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hif721941079 at geckomail.org Sun Dec 16 02:55:09 2001 From: hif721941079 at geckomail.org (Geckomail User) Date: Sun, 16 Dec 2001 19:55:09 +1100 Subject: [pptp-server] Problems with iPAQ clients? In-Reply-To: Message-ID: > It doesn't matter whether the server works with zero, one or > a thousand other clients, if the iPAQ crashes, there's a bug > in the iPAQ software. Agreed, but there are always bugs in software. The point is, however, that maybe PoPToP is using some interesting features that aren't being offered by Windows PPTP servers. I doubt MS would ship a product that *completely* doesn't work. If this is the case, then perhaps there is a workaround that doesn't involve M$ fixing their broken software before 2003 :) Regards, Andrew From hif721941079 at geckomail.org Sun Dec 16 02:59:16 2001 From: hif721941079 at geckomail.org (Geckomail User) Date: Sun, 16 Dec 2001 19:59:16 +1100 Subject: [pptp-server] Problems with iPAQ clients? In-Reply-To: Message-ID: > What network medium (ethernet, 802.11b...) are you using? > josh. I've tried 802.11 (Nokia C020 card), 802.11b (Lucent Orinoco Gold and Cisco Aironet), 802.3 (10Mbps ethernet - KingMax NE2000 compatible) and 802.3u (100Mbps ethernet - 3Com Megahertz). That's 5 cards, using four different standards across two different media :( I experience the same problem no matter which card or network medium I try. Most of my testing has been with the Cisco and KingMax cards. Regards, Andrew From GeorgeV at citadelcomputer.com.au Sun Dec 16 14:38:40 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 17 Dec 2001 07:38:40 +1100 Subject: [pptp-server] Is it possible to allow all linux users with pa ssword to access PoPToP vpn with out adding chap-secret? Message-ID: <200FAA488DE0D41194F10010B597610D2B93E5@jupiter.citadelcomputer.com.au> WHy not use the SMB authentication and use Samba's example to convert the /etc/passwd file to /etc/smbpasswd. Something like mksmbpasswd /etc/passwd > /etc/smbpasswd totally forgot the command but I think it was something like that.. Then use the buggy libsmb file to authenticate them... Problem is that buggy * &/etc/smbpasswd * "Guest" bug.. so patch it/fix it before doing it. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Basha [mailto:basha at icsoft-us.com] Sent: Friday, 14 December 2001 6:17 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Is it possible to allow all linux users with password to access PoPToP vpn with out adding chap-secret? I installed pptpd rpm in Redhat linux 7.2 machine. I want set linux usernames and passwords authentication for connecting vpn. But i don't want to enter username and password in chap-secrets file. Is it possible? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Sun Dec 16 14:42:43 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 17 Dec 2001 07:42:43 +1100 Subject: [pptp-server] PPTP Connection Problems (not replacing default route to ppp0) Message-ID: <200FAA488DE0D41194F10010B597610D2B93E6@jupiter.citadelcomputer.com.au> You should use the `nodefaultroute` option for pppd to tell pppd that when the vpn link comes up NOT to change the default route... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: mrgermany at t-online.de [mailto:mrgermany at t-online.de] Sent: Sunday, 16 December 2001 3:55 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] PPTP Connection Problems (not replacing default route to ppp0) Hi, I installed the PopTop pptpd server and I have got a problem with it! I set every settings like the howto on their web page but the connection still won't work! Everytime I want to connect to my Suse Linux 7.2 Box I get the Error 721. Could someone please take a look at my /var/log/messages and pptpd.log to tell me what I did wrong!! Please give me some help! I have no further Ideas! My Linux Box is connected to the internet with the roaring pinguin pppoe, when I disconnect it (or delete the default route, then it works! Why? Thank you all! P.S. I'm new in Linux and very new in VPN, please try to give me simple answers! ;-) Thank you! (options-pptp:) name server lock mtu 1490 mru 1490 proxyarp noauth +chap +chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless debug (pptpd.conf:) speed 115200 option /etc/ppp/options-pptp debug localip 192.168.0.234-238,192.168.0.245 remoteip 192.168.1.234-238,192.168.1.245 (/var/log/pptpd.log:) Dec 9 20:56:41 Server pptpd[719]: MGR: Reaped child 2102 Dec 9 20:57:28 Server pptpd[2106]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 9 20:57:28 Server pptpd[2106]: CTRL: local address = 192.168.0.234 Dec 9 20:57:28 Server pptpd[2106]: CTRL: remote address = 192.168.1.234 Dec 9 20:57:28 Server pptpd[2106]: CTRL: pppd speed = 115200 Dec 9 20:57:28 Server pptpd[2106]: CTRL: pppd options file = /etc/ppp/options-pptp Dec 9 20:57:28 Server pptpd[2106]: CTRL: Client 192.168.0.20 control connection started Dec 9 20:57:28 Server pptpd[2106]: CTRL: Received PPTP Control Message (type: 1) Dec 9 20:57:28 Server pptpd[2106]: CTRL: Made a START CTRL CONN RPLY packet Dec 9 20:57:28 Server pptpd[2106]: CTRL: I wrote 156 bytes to the client. Dec 9 20:57:28 Server pptpd[2106]: CTRL: Sent packet to client Dec 9 20:57:28 Server pptpd[2106]: CTRL: Received PPTP Control Message (type: 7) Dec 9 20:57:28 Server pptpd[2106]: CTRL: Set parameters to 1525 maxbps, 64 window size Dec 9 20:57:28 Server pptpd[2106]: CTRL: Made a OUT CALL RPLY packet Dec 9 20:57:28 Server pptpd[2106]: CTRL: Starting call (launching pppd, opening GRE) Dec 9 20:57:28 Server pptpd[2106]: CTRL: pty_fd = 5 Dec 9 20:57:28 Server pptpd[2106]: CTRL: tty_fd = 6 Dec 9 20:57:28 Server pptpd[2106]: CTRL: I wrote 32 bytes to the client. Dec 9 20:57:28 Server pptpd[2107]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 9 20:57:28 Server pptpd[2106]: CTRL: Sent packet to client Dec 9 20:57:28 Server pptpd[2107]: CTRL (PPPD Launcher): local address = 192.168.0.234 Dec 9 20:57:28 Server pptpd[2106]: CTRL: Received PPTP Control Message (type: 15) Dec 9 20:57:28 Server pptpd[2107]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Dec 9 20:57:28 Server pptpd[2106]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 9 20:58:05 Server pptpd[2106]: CTRL: Received PPTP Control Message (type: 12) Dec 9 20:58:05 Server pptpd[2106]: CTRL: Made a CALL DISCONNECT RPLY packet Dec 9 20:58:05 Server pptpd[2106]: CTRL: Received CALL CLR request (closing call) Dec 9 20:58:05 Server pptpd[2106]: CTRL: I wrote 148 bytes to the client. Dec 9 20:58:05 Server pptpd[2106]: CTRL: Sent packet to client Dec 9 20:58:05 Server pptpd[2106]: CTRL: Error with select(), quitting Dec 9 20:58:05 Server pptpd[2106]: CTRL: Client 192.168.0.20 control connection finished Dec 9 20:58:05 Server pptpd[2106]: CTRL: Exiting now (/var/log/messages:) Dec 8 18:21:04 Server pptpd[1182]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 8 18:21:05 Server pptpd[1182]: CTRL: local address = 192.168.0.234 Dec 8 18:21:05 Server pptpd[1182]: CTRL: remote address = 192.168.1.234 Dec 8 18:21:05 Server pptpd[1182]: CTRL: pppd speed = 115200 Dec 8 18:21:05 Server pptpd[1182]: CTRL: pppd options file = /etc/ppp/options-pptp Dec 8 18:21:05 Server pptpd[1182]: CTRL: Client 192.168.0.20 control connection started Dec 8 18:21:05 Server pptpd[1182]: CTRL: Received PPTP Control Message (type: 1) Dec 8 18:21:05 Server pptpd[1182]: CTRL: Made a START CTRL CONN RPLY packet Dec 8 18:21:05 Server pptpd[1182]: CTRL: I wrote 156 bytes to the client. Dec 8 18:21:05 Server pptpd[1182]: CTRL: Sent packet to client Dec 8 18:21:05 Server pptpd[1182]: CTRL: Received PPTP Control Message (type: 7) Dec 8 18:21:05 Server pptpd[1182]: CTRL: Set parameters to 1525 maxbps, 64 window size Dec 8 18:21:05 Server pptpd[1182]: CTRL: Made a OUT CALL RPLY packet Dec 8 18:21:05 Server pptpd[1182]: CTRL: Starting call (launching pppd, opening GRE) Dec 8 18:21:05 Server pptpd[1182]: CTRL: pty_fd = 9 Dec 8 18:21:05 Server pptpd[1182]: CTRL: tty_fd = 10 Dec 8 18:21:05 Server pptpd[1183]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 8 18:21:05 Server pptpd[1183]: CTRL (PPPD Launcher): local address = 192.168.0.234 Dec 8 18:21:05 Server pptpd[1182]: CTRL: I wrote 32 bytes to the client. Dec 8 18:21:05 Server pptpd[1183]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Dec 8 18:21:05 Server pptpd[1182]: CTRL: Sent packet to client Dec 8 18:21:05 Server pptpd[1182]: CTRL: Received PPTP Control Message (type: 15) Dec 8 18:21:05 Server pptpd[1182]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 8 18:21:05 Server pppd[1183]: pppd 2.4.0 started by root, uid 0 Dec 8 18:21:05 Server pppd[1183]: Using interface ppp3 Dec 8 18:21:05 Server pppd[1183]: not replacing default route to ppp0 [212.185.255.141] Dec 8 18:21:05 Server pppd[1183]: local IP address 192.168.0.234 Dec 8 18:21:05 Server pppd[1183]: remote IP address 192.168.1.234 Dec 8 18:21:12 Server pptpd[1182]: CTRL: Received PPTP Control Message (type: 15) Dec 8 18:21:12 Server pptpd[1182]: CTRL: Got a SET LINK INFO packet with standard ACCMs -------------- next part -------------- An HTML attachment was scrubbed... URL: From vorlon at netexpress.net Sun Dec 16 16:45:49 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Sun, 16 Dec 2001 16:45:49 -0600 Subject: [pptp-server] Is it possible to allow all linux users with pa ssword to access PoPToP vpn with out adding chap-secret? In-Reply-To: <200FAA488DE0D41194F10010B597610D2B93E5@jupiter.citadelcomputer.com.au> References: <200FAA488DE0D41194F10010B597610D2B93E5@jupiter.citadelcomputer.com.au> Message-ID: <20011216224549.GA24169@netexpress.net> On Mon, Dec 17, 2001 at 07:38:40AM +1100, George Vieira wrote: > WHy not use the SMB authentication and use Samba's example to convert the > /etc/passwd file to /etc/smbpasswd. Something like > mksmbpasswd /etc/passwd > /etc/smbpasswd > totally forgot the command but I think it was something like that.. Noting, of course, that mksmbpasswd will convert password file /entries/, it will not convert the actual /passwords/. So you would still need to populate the file with NTLM-encrypted passwords. Steve Langasek postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From GeorgeV at citadelcomputer.com.au Sun Dec 16 16:50:24 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 17 Dec 2001 09:50:24 +1100 Subject: [pptp-server] Is it possible to allow all linux users with pa ssword to access PoPToP vpn with out adding chap-secret? Message-ID: <200FAA488DE0D41194F10010B597610D2B93E9@jupiter.citadelcomputer.com.au> Hmm yes your right... just tried it now.. obviously it's due to a security risk involved if the passwords were convertable, then the password could be extracted and printed.... oops sorry. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Steve Langasek [mailto:vorlon at netexpress.net] Sent: Monday, 17 December 2001 9:46 AM To: George Vieira Cc: 'Basha '; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Is it possible to allow all linux users with pa ssword to access PoPToP vpn with out adding chap-secret? On Mon, Dec 17, 2001 at 07:38:40AM +1100, George Vieira wrote: > WHy not use the SMB authentication and use Samba's example to convert the > /etc/passwd file to /etc/smbpasswd. Something like > mksmbpasswd /etc/passwd > /etc/smbpasswd > totally forgot the command but I think it was something like that.. Noting, of course, that mksmbpasswd will convert password file /entries/, it will not convert the actual /passwords/. So you would still need to populate the file with NTLM-encrypted passwords. Steve Langasek postmodern programmer From jorgesantos at valnetsado.pt Sun Dec 16 18:52:03 2001 From: jorgesantos at valnetsado.pt (Jorge Santos) Date: Mon, 17 Dec 2001 00:52:03 -0000 Subject: [pptp-server] Masquerading clients Message-ID: I folks How can i masquerade pptp clients behind aa red hat 7.2 with a stock 2.4.7? These are win2k798 clients Thanks in advance -- \_/ Jorge Alexandre Santos 'v' jorgesantos at valnetsado.pt // \\ Tel : 212327300 /( )\ Fax : 212327301 ^`~?^ Valnet Sado S.A. From ufuk.altinkaynak at wibo-werk.com Mon Dec 17 03:29:17 2001 From: ufuk.altinkaynak at wibo-werk.com (Ufuk Altinkaynak) Date: Mon, 17 Dec 2001 10:29:17 +0100 Subject: [pptp-server] Connect Problems! Message-ID: <000701c186dd$4ca969b0$9b010a0a@AltinkaynakA9> Hi I am new to the list and also new to poptop. I am running a SUSE7.2 Server with poptop ver. 1.1.2-42 my config files look like this. pptpd.conf: speed 115200 option /etc/ppp/options.ppp0 debug localip 192.168.1.1 remoteip 192.168.1.2-200 pidfile /var/run/pptpd.pid options.ppp0: lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name poseidon proxyarp When i am trying to connect the server over the internet from an win98 station the connect fails and i get following logfile: Dec 17 10:05:54 mail pptpd[16862]: MGR: Max connections reached, extra IP addresses ignored Dec 17 10:05:54 mail pptpd[16863]: MGR: Manager process started Dec 17 10:07:53 mail pptpd[16870]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 17 10:07:53 mail pptpd[16870]: CTRL: local address = 192.168.1.1 Dec 17 10:07:53 mail pptpd[16870]: CTRL: remote address = 192.168.1.2 Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd speed = 115200 Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd options file = /etc/ppp/options.ppp0 Dec 17 10:07:53 mail pptpd[16870]: CTRL: Client 195.64.97.11 control connection started Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message (type: 1) Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a START CTRL CONN RPLY packet Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 156 bytes to the client. Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message (type: 7) Dec 17 10:07:53 mail pptpd[16870]: CTRL: 0 min_bps, 0 max_bps, 32 window size Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a OUT CALL RPLY packet Dec 17 10:07:53 mail pptpd[16870]: CTRL: Starting call (launching pppd, opening GRE) Dec 17 10:07:53 mail pptpd[16870]: CTRL: pty_fd = 5 Dec 17 10:07:53 mail pptpd[16870]: CTRL: tty_fd = 6 Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 32 bytes to the client. Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): local address = 192.168.1.1 Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): remote address = 192.168.1.2 Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client Dec 17 10:07:54 mail pppd[16871]: pppd 2.4.0 started by root, uid 0 Dec 17 10:07:54 mail pppd[16871]: Using interface ppp0 Dec 17 10:07:54 mail pppd[16871]: Connect: ppp0 <--> /dev/pts/3 Dec 17 10:07:54 mail pppd[16871]: sent [LCP ConfReq id=0x1 ] Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received PPTP Control Message (type: 12) Dec 17 10:07:54 mail pptpd[16870]: CTRL: Made a CALL DISCONNECT RPLY packet Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received CALL CLR request (closing call) Dec 17 10:07:54 mail pptpd[16870]: CTRL: I wrote 148 bytes to the client. Dec 17 10:07:54 mail pptpd[16870]: CTRL: Sent packet to client Dec 17 10:07:54 mail pppd[16871]: Modem hangup Dec 17 10:07:54 mail pppd[16871]: Connection terminated. Dec 17 10:07:54 mail pppd[16871]: Exit. Dec 17 10:07:59 mail pptpd[16870]: GRE: read error: Bad file descriptor Dec 17 10:07:59 mail pptpd[16870]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Dec 17 10:07:59 mail pptpd[16870]: CTRL: Client 195.64.97.11 control connection finished Dec 17 10:07:59 mail pptpd[16870]: CTRL: Exiting now Dec 17 10:07:59 mail pptpd[16863]: MGR: Reaped child 16870 When i make an inbound connection to the server i can connect from any kind of client (win2k, win9x) without any problems with the same config files. Maybe anyone here has a good suggestion for my problem. Thanks Ufuk Altinkaynak From GeorgeV at citadelcomputer.com.au Mon Dec 17 05:09:52 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Mon, 17 Dec 2001 22:09:52 +1100 Subject: [pptp-server] Connect Problems! Message-ID: <200FAA488DE0D41194F10010B597610D2B93FE@jupiter.citadelcomputer.com.au> Try upgrading your DUN to 1.4... I think your DUN is possibly fubar... Uninstall it and reinstall it and if that fails, then use DUN 1.4 as above from Microsoft.. -----Original Message----- From: Ufuk Altinkaynak [mailto:ufuk.altinkaynak at wibo-werk.com] Sent: Monday, 17 December, 2001 8:29 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] Connect Problems! Hi I am new to the list and also new to poptop. I am running a SUSE7.2 Server with poptop ver. 1.1.2-42 my config files look like this. pptpd.conf: speed 115200 option /etc/ppp/options.ppp0 debug localip 192.168.1.1 remoteip 192.168.1.2-200 pidfile /var/run/pptpd.pid options.ppp0: lock debug auth +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless name poseidon proxyarp When i am trying to connect the server over the internet from an win98 station the connect fails and i get following logfile: Dec 17 10:05:54 mail pptpd[16862]: MGR: Max connections reached, extra IP addresses ignored Dec 17 10:05:54 mail pptpd[16863]: MGR: Manager process started Dec 17 10:07:53 mail pptpd[16870]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 17 10:07:53 mail pptpd[16870]: CTRL: local address = 192.168.1.1 Dec 17 10:07:53 mail pptpd[16870]: CTRL: remote address = 192.168.1.2 Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd speed = 115200 Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd options file = /etc/ppp/options.ppp0 Dec 17 10:07:53 mail pptpd[16870]: CTRL: Client 195.64.97.11 control connection started Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message (type: 1) Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a START CTRL CONN RPLY packet Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 156 bytes to the client. Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message (type: 7) Dec 17 10:07:53 mail pptpd[16870]: CTRL: 0 min_bps, 0 max_bps, 32 window size Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a OUT CALL RPLY packet Dec 17 10:07:53 mail pptpd[16870]: CTRL: Starting call (launching pppd, opening GRE) Dec 17 10:07:53 mail pptpd[16870]: CTRL: pty_fd = 5 Dec 17 10:07:53 mail pptpd[16870]: CTRL: tty_fd = 6 Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 32 bytes to the client. Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): local address = 192.168.1.1 Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): remote address = 192.168.1.2 Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client Dec 17 10:07:54 mail pppd[16871]: pppd 2.4.0 started by root, uid 0 Dec 17 10:07:54 mail pppd[16871]: Using interface ppp0 Dec 17 10:07:54 mail pppd[16871]: Connect: ppp0 <--> /dev/pts/3 Dec 17 10:07:54 mail pppd[16871]: sent [LCP ConfReq id=0x1 ] Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received PPTP Control Message (type: 12) Dec 17 10:07:54 mail pptpd[16870]: CTRL: Made a CALL DISCONNECT RPLY packet Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received CALL CLR request (closing call) Dec 17 10:07:54 mail pptpd[16870]: CTRL: I wrote 148 bytes to the client. Dec 17 10:07:54 mail pptpd[16870]: CTRL: Sent packet to client Dec 17 10:07:54 mail pppd[16871]: Modem hangup Dec 17 10:07:54 mail pppd[16871]: Connection terminated. Dec 17 10:07:54 mail pppd[16871]: Exit. Dec 17 10:07:59 mail pptpd[16870]: GRE: read error: Bad file descriptor Dec 17 10:07:59 mail pptpd[16870]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Dec 17 10:07:59 mail pptpd[16870]: CTRL: Client 195.64.97.11 control connection finished Dec 17 10:07:59 mail pptpd[16870]: CTRL: Exiting now Dec 17 10:07:59 mail pptpd[16863]: MGR: Reaped child 16870 When i make an inbound connection to the server i can connect from any kind of client (win2k, win9x) without any problems with the same config files. Maybe anyone here has a good suggestion for my problem. Thanks Ufuk Altinkaynak _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From g.insolvibile at cpr.it Mon Dec 17 05:44:40 2001 From: g.insolvibile at cpr.it (Gianluca Insolvibile) Date: Mon, 17 Dec 2001 12:44:40 +0100 Subject: [pptp-server] PPTP performance again: malfunction singled out Message-ID: <3C1DDAA8.BEFEFE2E@cpr.it> Hi, to whom it may concern: I finally located the problem with the sloppy performance I am experiencing. Unfortunately, this does not mean that I succeeded in fixing it. The facts: - any Windows 98/98SE client connects to pptpd but has very low performance (exactly 1.5 Mbps server->client, exactly 0.75 Mbps client->server); - the same 98/98SE client performs reasonably when using the LAN (Ethernet) connection; - any Windows 2000 client connects to pptpd and has a throughput around 25-30 Mbps. This leads me to the unimaginable ;-) conclusion that 98/98SE PPTP support is severely bugged (I already tried all the patches available from micro$oft, of course). Further investigation on tcpdump traces revealed that ACKs sent by the 98 client are being sent with a 10 msec granularity (that is, no more than 1 ACK is sent in 10 msec, and ACKs are evenly spaced by 10 msec); furthermore, each TCP segment is ACKed with a 40 msec delay. This behaviour fools the TCP congestion algorithm on the server and causes the drop in throughput (1500 bytes per packets at 100 packets per second roughly gives 1.2 Mbps, which is near the value I measured). Lacking source code for the client side ;-), I tried to set up some countermeasures on the server: I modified the Linux kernel to expose via /proc/sys/net/ipv4 the most sensible parameters of TCP congestion control (i.e. min and max retransmit timeouts, min and max delayed ACKs, and so on) and tried to tweak them, with no result. I tried to have a look at the pptpd source code, and it seems to me that it implements no window flow control at all; anyway, I can't imagine why this could be the cause of client side malfunction. I just wonder how does a Windows 98 client perform with a Windows PPTP server, in order to assess whether the real cause is something in pptpd or the braindead implementation in Windows. I have strong suspects on the latter, anyway... In conclusion, I'm really stuck now. Any ideas, hints or comments will be appreciated. In any case, I hope my experience will be of help if somebody ever falls into this problem again. Best regards, Gianluca From ufuk.altinkaynak at wibo-werk.com Mon Dec 17 06:00:19 2001 From: ufuk.altinkaynak at wibo-werk.com (Ufuk Altinkaynak) Date: Mon, 17 Dec 2001 13:00:19 +0100 Subject: [pptp-server] Connect Problems! References: <200FAA488DE0D41194F10010B597610D2B93FE@jupiter.citadelcomputer.com.au> Message-ID: <000901c186f2$65fcf9d0$9b010a0a@AltinkaynakA9> Hi George First Thanks for your advice. > Try upgrading your DUN to 1.4... I think your DUN is possibly fubar... > > Uninstall it and reinstall it and if that fails, then use DUN 1.4 as above > from Microsoft.. Well i did so. When i know start to connect, i receive the DUN error 645. The Errror comes up a little moment after verifying the username and password. My NEW logfile looks now like this. Dec 17 12:44:08 mail pptpd[18749]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 17 12:44:08 mail pptpd[18749]: CTRL: local address = 192.168.1.1 Dec 17 12:44:08 mail pptpd[18749]: CTRL: remote address = 192.168.1.2 Dec 17 12:44:08 mail pptpd[18749]: CTRL: pppd speed = 115200 Dec 17 12:44:08 mail pptpd[18749]: CTRL: pppd options file = /etc/ppp/options.ppp0 Dec 17 12:44:08 mail pptpd[18749]: CTRL: Client 195.64.97.37 control connection started Dec 17 12:44:08 mail pptpd[18749]: CTRL: Received PPTP Control Message (type: 1) Dec 17 12:44:08 mail pptpd[18749]: CTRL: Made a START CTRL CONN RPLY packet Dec 17 12:44:08 mail pptpd[18749]: CTRL: I wrote 156 bytes to the client. Dec 17 12:44:08 mail pptpd[18749]: CTRL: Sent packet to client Dec 17 12:44:08 mail pptpd[18749]: CTRL: Received PPTP Control Message (type: 7) Dec 17 12:44:08 mail pptpd[18749]: CTRL: 0 min_bps, 0 max_bps, 32 window size Dec 17 12:44:08 mail pptpd[18749]: CTRL: Made a OUT CALL RPLY packet Dec 17 12:44:08 mail pptpd[18749]: CTRL: Starting call (launching pppd, opening GRE) Dec 17 12:44:08 mail pptpd[18749]: CTRL: pty_fd = 5 Dec 17 12:44:08 mail pptpd[18749]: CTRL: tty_fd = 6 Dec 17 12:44:08 mail pptpd[18749]: CTRL: I wrote 32 bytes to the client. Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): local address = 192.168.1.1 Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): remote address = 192.168.1.2 Dec 17 12:44:08 mail pptpd[18749]: CTRL: Sent packet to client Dec 17 12:44:08 mail pppd[18750]: pppd 2.4.0 started by root, uid 0 Dec 17 12:44:08 mail pppd[18750]: Using interface ppp0 Dec 17 12:44:08 mail pppd[18750]: Connect: ppp0 <--> /dev/pts/2 Dec 17 12:44:08 mail pppd[18750]: sent [LCP ConfReq id=0x1 ] Dec 17 12:44:35 mail last message repeated 9 times Dec 17 12:44:38 mail pppd[18750]: LCP: timeout sending Config-Requests Dec 17 12:44:38 mail pppd[18750]: Connection terminated. Dec 17 12:44:38 mail pppd[18750]: Exit. Dec 17 12:44:38 mail pptpd[18749]: Error reading from pppd: Input/output error Dec 17 12:44:38 mail pptpd[18749]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Dec 17 12:44:38 mail pptpd[18749]: CTRL: Client 195.64.97.37 control connection finished Dec 17 12:44:38 mail pptpd[18749]: CTRL: Exiting now Dec 17 12:44:38 mail pptpd[18696]: MGR: Reaped child 18749 And again any kind of tips are welcome :-) Thanks Ufuk Altinkaynak > Hi > I am new to the list and also new to poptop. > I am running a SUSE7.2 Server with poptop ver. 1.1.2-42 > my config files look like this. > > pptpd.conf: > speed 115200 > option /etc/ppp/options.ppp0 > debug > localip 192.168.1.1 > remoteip 192.168.1.2-200 > pidfile /var/run/pptpd.pid > > options.ppp0: > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > name poseidon > proxyarp > > When i am trying to connect the server over the internet from an win98 > station > the connect fails and i get following logfile: > > Dec 17 10:05:54 mail pptpd[16862]: MGR: Max connections reached, extra IP > addresses ignored > Dec 17 10:05:54 mail pptpd[16863]: MGR: Manager process started > Dec 17 10:07:53 mail pptpd[16870]: MGR: Launching /usr/sbin/pptpctrl to > handle client > Dec 17 10:07:53 mail pptpd[16870]: CTRL: local address = 192.168.1.1 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: remote address = 192.168.1.2 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd speed = 115200 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd options file = > /etc/ppp/options.ppp0 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Client 195.64.97.11 control > connection started > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message > (type: 1) > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a START CTRL CONN RPLY packet > Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 156 bytes to the client. > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message > (type: 7) > Dec 17 10:07:53 mail pptpd[16870]: CTRL: 0 min_bps, 0 max_bps, 32 window > size > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a OUT CALL RPLY packet > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pty_fd = 5 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: tty_fd = 6 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 32 bytes to the client. > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): Connection speed = > 115200 > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): local address = > 192.168.1.1 > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): remote address = > 192.168.1.2 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client > Dec 17 10:07:54 mail pppd[16871]: pppd 2.4.0 started by root, uid 0 > Dec 17 10:07:54 mail pppd[16871]: Using interface ppp0 > Dec 17 10:07:54 mail pppd[16871]: Connect: ppp0 <--> /dev/pts/3 > Dec 17 10:07:54 mail pppd[16871]: sent [LCP ConfReq id=0x1 > ] > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received PPTP Control Message > (type: 12) > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Made a CALL DISCONNECT RPLY packet > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received CALL CLR request (closing > call) > Dec 17 10:07:54 mail pptpd[16870]: CTRL: I wrote 148 bytes to the client. > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Sent packet to client > Dec 17 10:07:54 mail pppd[16871]: Modem hangup > Dec 17 10:07:54 mail pppd[16871]: Connection terminated. > Dec 17 10:07:54 mail pppd[16871]: Exit. > Dec 17 10:07:59 mail pptpd[16870]: GRE: read error: Bad file descriptor > Dec 17 10:07:59 mail pptpd[16870]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Dec 17 10:07:59 mail pptpd[16870]: CTRL: Client 195.64.97.11 control > connection finished > Dec 17 10:07:59 mail pptpd[16870]: CTRL: Exiting now > Dec 17 10:07:59 mail pptpd[16863]: MGR: Reaped child 16870 > > When i make an inbound connection to the server i can connect from any kind > of client (win2k, win9x) without any problems with the same config files. > > Maybe anyone here has a good suggestion for my problem. > > Thanks > Ufuk Altinkaynak > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From sean at therileys.org Mon Dec 17 10:53:00 2001 From: sean at therileys.org (Sean Riley) Date: Mon, 17 Dec 2001 11:53:00 -0500 Subject: [pptp-server] Problems with iPAQ clients? In-Reply-To: References: Message-ID: <01121711530003.02223@yellowdog.dogriley.com> I also have seen the same problem (no assistance there, but a least you won't think it is just you), but have not had any time to troubleshoot. Hope to look into it more over holidays, let me know if you find anything out between now and the end of the year, and I'll report back anything I find in this forum as well. SR On Sunday 16 December 2001 03:59, Geckomail User wrote: > > What network medium (ethernet, 802.11b...) are you using? > > josh. > > I've tried 802.11 (Nokia C020 card), 802.11b (Lucent Orinoco Gold and Cisco > Aironet), 802.3 (10Mbps ethernet - KingMax NE2000 compatible) and 802.3u > (100Mbps ethernet - 3Com Megahertz). That's 5 cards, using four different > standards across two different media :( > > I experience the same problem no matter which card or network medium I try. > Most of my testing has been with the Cisco and KingMax cards. > > > Regards, > Andrew > > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From bnegrao at engepel.com.br Mon Dec 17 11:12:42 2001 From: bnegrao at engepel.com.br (=?iso-8859-1?Q?Bruno_Negr=E3o?=) Date: Mon, 17 Dec 2001 15:12:42 -0200 Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptpd+mppe? Message-ID: <001d01c1871e$0a42c080$0927c3c8@plugway.com.br> Hy all, Had someone already successfully configured the redhat linux 7.2 with the new kernel 2.4.9-13 and the pptpd + mppe pacht? I can't get it working... (more specifically, I can't compile the ppp_mppe.c with the "make modules" command.) Thank you, ------------------------------------------------- -- Bruno Negr?o -- Suporte -- Plugway Acesso Internet Ltda. -- (31)34812311 -- bnegrao at plugway.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: From mrgermany at t-online.de Mon Dec 17 12:06:25 2001 From: mrgermany at t-online.de (Roland H) Date: Mon, 17 Dec 2001 19:06:25 +0100 Subject: [pptp-server] Again connection Problems to my PPTP Server Message-ID: <001101c18725$8b61d9b0$1400a8c0@roland> Hi all, for (now) two weeks I try to set my server to allow incoming vpn connection, but what have I realised? nearly nothing! Anyway, at first thanx for your great help here in the mailinglist! Perhaps you can help me again! Please take a look at my settings and my log! Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 12) It took 36 seconds until that message came! What does that mean? Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) And whats that? I searched the hole web, but I could find nothing! IMPORTANT: when I cut my dsl line (with /etc/rc.d/adsl stop) it works, but not over the internet ;-)! Any help would be very nice! bye Roland (options.pptp:) debug name server mru 1450 mtu 1450 nodefaultroute auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless (pptpd.conf:) option /etc/ppp/options.pptp debug localip 192.168.0.234 remoteip 192.168.1.234-238,192.168.1.245 (var/log/messages) Hec 16 17:06:29 Server pptpd[962]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 16 17:06:29 Server pptpd[962]: CTRL: local address = 192.168.0.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: remote address = 192.168.1.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: pppd options file = /etc/ppp/options.pptp Dec 16 17:06:29 Server pptpd[962]: CTRL: Client 192.168.0.20 control connectionstarted Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 1) Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a START CTRL CONN RPLY packet Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 156 bytes to the client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 7) Dec 16 17:06:29 Server pptpd[962]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a OUT CALL RPLY packet Dec 16 17:06:29 Server pptpd[962]: CTRL: Starting call (launching pppd, opening GRE) Dec 16 17:06:29 Server pptpd[962]: CTRL: pty_fd = 5 Dec 16 17:06:29 Server pptpd[962]: CTRL: tty_fd = 6 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): local address = 192.168.0.234 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 32 bytes to the client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 15) Dec 16 17:06:29 Server pptpd[962]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 16 17:06:30 Server pppd[963]: pppd 2.4.0 started by root, uid 0 Dec 16 17:06:30 Server pppd[963]: Using interface ppp1 Dec 16 17:06:30 Server pppd[963]: found interface eth0 for proxy arp Dec 16 17:06:30 Server pppd[963]: local IP address 192.168.0.234 Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 12) Dec 16 17:07:06 Server pptpd[962]: CTRL: Made a CALL DISCONNECT RPLY packet Dec 16 17:07:06 Server pptpd[962]: CTRL: Received CALL CLR request (closing call) Dec 16 17:07:06 Server pptpd[962]: CTRL: I wrote 148 bytes to the client. Dec 16 17:07:06 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Dec 16 17:07:06 Server pptpd[962]: CTRL: Client 192.168.0.20 control connectionfinished Dec 16 17:07:06 Server pptpd[962]: CTRL: Exiting now Dec 16 17:07:06 Server pptpd[775]: MGR: Reaped child 962 From Steve at SteveCowles.com Mon Dec 17 14:09:37 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 17 Dec 2001 14:09:37 -0600 Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptp d+mppe? Message-ID: <90769AF04F76D41186C700A0C90AFC3EE96B@defiant.infohiiway.com> > -----Original Message----- > From: Bruno Negr?o [mailto:bnegrao at engepel.com.br] > Sent: Monday, December 17, 2001 11:13 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptpd+mppe? > > Hy all, > > Had someone already successfully configured the redhat linux 7.2 > with the new kernel 2.4.9-13 and the pptpd + mppe pacht? > I can't get it working... (more specifically, I can't compile the > ppp_mppe.c with the "make modules" command.) > > Thank you, I just went through this process last week using RH7.2 with the 2.4.9-13 kernel RPM. Surprisingly, the patches worked without a problem. Steve Cowles From bnegrao at engepel.com.br Mon Dec 17 14:19:21 2001 From: bnegrao at engepel.com.br (=?iso-8859-1?Q?Bruno_Negr=E3o?=) Date: Mon, 17 Dec 2001 18:19:21 -0200 Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptpd+mppe? References: <90769AF04F76D41186C700A0C90AFC3EE96B@defiant.infohiiway.com> Message-ID: <001001c18738$1d4eb3e0$0927c3c8@plugway.com.br> OH! Can you tell me the complete file names you used in your configuration? Also, when you make the modules, did you use the "make modules SUBDIRS=drivers/net" or the "make modules" command? Thank you, bruno ----- Original Message ----- From: "Cowles, Steve" To: Sent: Monday, December 17, 2001 6:09 PM Subject: RE: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptpd+mppe? > -----Original Message----- > From: Bruno Negr?o [mailto:bnegrao at engepel.com.br] > Sent: Monday, December 17, 2001 11:13 AM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptpd+mppe? > > Hy all, > > Had someone already successfully configured the redhat linux 7.2 > with the new kernel 2.4.9-13 and the pptpd + mppe pacht? > I can't get it working... (more specifically, I can't compile the > ppp_mppe.c with the "make modules" command.) > > Thank you, I just went through this process last week using RH7.2 with the 2.4.9-13 kernel RPM. Surprisingly, the patches worked without a problem. Steve Cowles _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From Steve at SteveCowles.com Mon Dec 17 14:43:08 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 17 Dec 2001 14:43:08 -0600 Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptp d+mppe? Message-ID: <90769AF04F76D41186C700A0C90AFC3EE96C@defiant.infohiiway.com> > -----Original Message----- > From: Bruno Negr?o [mailto:bnegrao at engepel.com.br] > Sent: Monday, December 17, 2001 2:19 PM > To: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with > pptpd+mppe? > > > OH! Can you tell me the complete file names you used in your > configuration? > > Also, when you make the modules, did you use the "make modules > SUBDIRS=drivers/net" or the "make modules" command? > > Thank you, > bruno I recompiled the entire kernel along with pppd-2.4.1. So, to answer your question, I used: make clean dep bzImage modules (take a lunch break) make modules_install I manually copied bzImage to /boot/vmlinuz-2.4.9-13 If it helps, I have placed the patches I used on-line at: http://www.infohiiway.com/pptp/patches Good Luck Steve Cowles From GeorgeV at citadelcomputer.com.au Mon Dec 17 14:59:49 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 18 Dec 2001 07:59:49 +1100 Subject: [pptp-server] Connect Problems! Message-ID: <200FAA488DE0D41194F10010B597610D2B9400@jupiter.citadelcomputer.com.au> Oh OK, your problem is that your Win98 is authenticating using MS-CHAP v2. Below is extracted from M$ web site... ---- The use of MS-CHAP v2 is negotiated during LCP negotiation by specifying the authentication protocol LCP option (type 3), the authentication protocol 0xC2-23, and the algorithm 0x81. Once LCP negotiation is complete, MS-CHAP messages use the PPP protocol ID of 0xC2-23. ---- And your logs show Dec 17 12:44:08 mail pppd[18750]: sent [LCP ConfReq id=0x1 ] Guess what this means.... Your client is definately asking to authenticate using MS-Chap v2 This is actually a good thing but you need to patch/upgrade your PPPD to support it if it's not done already... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Ufuk Altinkaynak [mailto:ufuk.altinkaynak at wibo-werk.com] Sent: Monday, 17 December 2001 11:00 PM To: George Vieira; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Connect Problems! Hi George First Thanks for your advice. > Try upgrading your DUN to 1.4... I think your DUN is possibly fubar... > > Uninstall it and reinstall it and if that fails, then use DUN 1.4 as above > from Microsoft.. Well i did so. When i know start to connect, i receive the DUN error 645. The Errror comes up a little moment after verifying the username and password. My NEW logfile looks now like this. Dec 17 12:44:08 mail pptpd[18749]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 17 12:44:08 mail pptpd[18749]: CTRL: local address = 192.168.1.1 Dec 17 12:44:08 mail pptpd[18749]: CTRL: remote address = 192.168.1.2 Dec 17 12:44:08 mail pptpd[18749]: CTRL: pppd speed = 115200 Dec 17 12:44:08 mail pptpd[18749]: CTRL: pppd options file = /etc/ppp/options.ppp0 Dec 17 12:44:08 mail pptpd[18749]: CTRL: Client 195.64.97.37 control connection started Dec 17 12:44:08 mail pptpd[18749]: CTRL: Received PPTP Control Message (type: 1) Dec 17 12:44:08 mail pptpd[18749]: CTRL: Made a START CTRL CONN RPLY packet Dec 17 12:44:08 mail pptpd[18749]: CTRL: I wrote 156 bytes to the client. Dec 17 12:44:08 mail pptpd[18749]: CTRL: Sent packet to client Dec 17 12:44:08 mail pptpd[18749]: CTRL: Received PPTP Control Message (type: 7) Dec 17 12:44:08 mail pptpd[18749]: CTRL: 0 min_bps, 0 max_bps, 32 window size Dec 17 12:44:08 mail pptpd[18749]: CTRL: Made a OUT CALL RPLY packet Dec 17 12:44:08 mail pptpd[18749]: CTRL: Starting call (launching pppd, opening GRE) Dec 17 12:44:08 mail pptpd[18749]: CTRL: pty_fd = 5 Dec 17 12:44:08 mail pptpd[18749]: CTRL: tty_fd = 6 Dec 17 12:44:08 mail pptpd[18749]: CTRL: I wrote 32 bytes to the client. Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): local address = 192.168.1.1 Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): remote address = 192.168.1.2 Dec 17 12:44:08 mail pptpd[18749]: CTRL: Sent packet to client Dec 17 12:44:08 mail pppd[18750]: pppd 2.4.0 started by root, uid 0 Dec 17 12:44:08 mail pppd[18750]: Using interface ppp0 Dec 17 12:44:08 mail pppd[18750]: Connect: ppp0 <--> /dev/pts/2 Dec 17 12:44:08 mail pppd[18750]: sent [LCP ConfReq id=0x1 ] Dec 17 12:44:35 mail last message repeated 9 times Dec 17 12:44:38 mail pppd[18750]: LCP: timeout sending Config-Requests Dec 17 12:44:38 mail pppd[18750]: Connection terminated. Dec 17 12:44:38 mail pppd[18750]: Exit. Dec 17 12:44:38 mail pptpd[18749]: Error reading from pppd: Input/output error Dec 17 12:44:38 mail pptpd[18749]: CTRL: GRE read or PTY write failed (gre,pty)=(6,5) Dec 17 12:44:38 mail pptpd[18749]: CTRL: Client 195.64.97.37 control connection finished Dec 17 12:44:38 mail pptpd[18749]: CTRL: Exiting now Dec 17 12:44:38 mail pptpd[18696]: MGR: Reaped child 18749 And again any kind of tips are welcome :-) Thanks Ufuk Altinkaynak > Hi > I am new to the list and also new to poptop. > I am running a SUSE7.2 Server with poptop ver. 1.1.2-42 > my config files look like this. > > pptpd.conf: > speed 115200 > option /etc/ppp/options.ppp0 > debug > localip 192.168.1.1 > remoteip 192.168.1.2-200 > pidfile /var/run/pptpd.pid > > options.ppp0: > lock > debug > auth > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > name poseidon > proxyarp > > When i am trying to connect the server over the internet from an win98 > station > the connect fails and i get following logfile: > > Dec 17 10:05:54 mail pptpd[16862]: MGR: Max connections reached, extra IP > addresses ignored > Dec 17 10:05:54 mail pptpd[16863]: MGR: Manager process started > Dec 17 10:07:53 mail pptpd[16870]: MGR: Launching /usr/sbin/pptpctrl to > handle client > Dec 17 10:07:53 mail pptpd[16870]: CTRL: local address = 192.168.1.1 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: remote address = 192.168.1.2 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd speed = 115200 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd options file = > /etc/ppp/options.ppp0 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Client 195.64.97.11 control > connection started > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message > (type: 1) > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a START CTRL CONN RPLY packet > Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 156 bytes to the client. > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message > (type: 7) > Dec 17 10:07:53 mail pptpd[16870]: CTRL: 0 min_bps, 0 max_bps, 32 window > size > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a OUT CALL RPLY packet > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pty_fd = 5 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: tty_fd = 6 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 32 bytes to the client. > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): Connection speed = > 115200 > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): local address = > 192.168.1.1 > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): remote address = > 192.168.1.2 > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client > Dec 17 10:07:54 mail pppd[16871]: pppd 2.4.0 started by root, uid 0 > Dec 17 10:07:54 mail pppd[16871]: Using interface ppp0 > Dec 17 10:07:54 mail pppd[16871]: Connect: ppp0 <--> /dev/pts/3 > Dec 17 10:07:54 mail pppd[16871]: sent [LCP ConfReq id=0x1 > ] > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received PPTP Control Message > (type: 12) > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Made a CALL DISCONNECT RPLY packet > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received CALL CLR request (closing > call) > Dec 17 10:07:54 mail pptpd[16870]: CTRL: I wrote 148 bytes to the client. > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Sent packet to client > Dec 17 10:07:54 mail pppd[16871]: Modem hangup > Dec 17 10:07:54 mail pppd[16871]: Connection terminated. > Dec 17 10:07:54 mail pppd[16871]: Exit. > Dec 17 10:07:59 mail pptpd[16870]: GRE: read error: Bad file descriptor > Dec 17 10:07:59 mail pptpd[16870]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Dec 17 10:07:59 mail pptpd[16870]: CTRL: Client 195.64.97.11 control > connection finished > Dec 17 10:07:59 mail pptpd[16870]: CTRL: Exiting now > Dec 17 10:07:59 mail pptpd[16863]: MGR: Reaped child 16870 > > When i make an inbound connection to the server i can connect from any kind > of client (win2k, win9x) without any problems with the same config files. > > Maybe anyone here has a good suggestion for my problem. > > Thanks > Ufuk Altinkaynak > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Mon Dec 17 15:36:53 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 18 Dec 2001 08:36:53 +1100 Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptp d+mppe? Message-ID: <200FAA488DE0D41194F10010B597610D2B9404@jupiter.citadelcomputer.com.au> My advice, start with a fully new/clean kernel and pppd source code.. it'll then patch in OK.. I also followed the instructions on http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt and it's very good.. though I still get these "Protocol" errors but that's probably something to do with 2.4.16 kernel. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Bruno Negr?o [mailto:bnegrao at engepel.com.br] Sent: Tuesday, 18 December 2001 4:13 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptpd+mppe? Hy all, Had someone already successfully configured the redhat linux 7.2 with the new kernel 2.4.9-13 and the pptpd + mppe pacht? I can't get it working... (more specifically, I can't compile the ppp_mppe.c with the "make modules" command.) Thank you, ------------------------------------------------- -- Bruno Negr?o -- Suporte -- Plugway Acesso Internet Ltda. -- (31)34812311 -- bnegrao at plugway.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Mon Dec 17 15:39:19 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 18 Dec 2001 08:39:19 +1100 Subject: [pptp-server] Again connection Problems to my PPTP Server Message-ID: <200FAA488DE0D41194F10010B597610D2B9406@jupiter.citadelcomputer.com.au> When it does work I guess you mean over the LAN and not over the internet... Could this be something to do with your firewall/rules? Or possibly the default route on the server is possibly trying to change....???? Is it passing through GRE protocol 47? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: mrgermany at t-online.de [mailto:mrgermany at t-online.de] Sent: Tuesday, 18 December 2001 5:06 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Again connection Problems to my PPTP Server Hi all, for (now) two weeks I try to set my server to allow incoming vpn connection, but what have I realised? nearly nothing! Anyway, at first thanx for your great help here in the mailinglist! Perhaps you can help me again! Please take a look at my settings and my log! Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 12) It took 36 seconds until that message came! What does that mean? Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) And whats that? I searched the hole web, but I could find nothing! IMPORTANT: when I cut my dsl line (with /etc/rc.d/adsl stop) it works, but not over the internet ;-)! Any help would be very nice! bye Roland (options.pptp:) debug name server mru 1450 mtu 1450 nodefaultroute auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless (pptpd.conf:) option /etc/ppp/options.pptp debug localip 192.168.0.234 remoteip 192.168.1.234-238,192.168.1.245 (var/log/messages) Hec 16 17:06:29 Server pptpd[962]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 16 17:06:29 Server pptpd[962]: CTRL: local address = 192.168.0.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: remote address = 192.168.1.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: pppd options file = /etc/ppp/options.pptp Dec 16 17:06:29 Server pptpd[962]: CTRL: Client 192.168.0.20 control connectionstarted Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 1) Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a START CTRL CONN RPLY packet Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 156 bytes to the client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 7) Dec 16 17:06:29 Server pptpd[962]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a OUT CALL RPLY packet Dec 16 17:06:29 Server pptpd[962]: CTRL: Starting call (launching pppd, opening GRE) Dec 16 17:06:29 Server pptpd[962]: CTRL: pty_fd = 5 Dec 16 17:06:29 Server pptpd[962]: CTRL: tty_fd = 6 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): local address = 192.168.0.234 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 32 bytes to the client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 15) Dec 16 17:06:29 Server pptpd[962]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 16 17:06:30 Server pppd[963]: pppd 2.4.0 started by root, uid 0 Dec 16 17:06:30 Server pppd[963]: Using interface ppp1 Dec 16 17:06:30 Server pppd[963]: found interface eth0 for proxy arp Dec 16 17:06:30 Server pppd[963]: local IP address 192.168.0.234 Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 12) Dec 16 17:07:06 Server pptpd[962]: CTRL: Made a CALL DISCONNECT RPLY packet Dec 16 17:07:06 Server pptpd[962]: CTRL: Received CALL CLR request (closing call) Dec 16 17:07:06 Server pptpd[962]: CTRL: I wrote 148 bytes to the client. Dec 16 17:07:06 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Dec 16 17:07:06 Server pptpd[962]: CTRL: Client 192.168.0.20 control connectionfinished Dec 16 17:07:06 Server pptpd[962]: CTRL: Exiting now Dec 16 17:07:06 Server pptpd[775]: MGR: Reaped child 962 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From berzerke at swbell.net Mon Dec 17 16:55:03 2001 From: berzerke at swbell.net (robert) Date: Mon, 17 Dec 2001 16:55:03 -0600 Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptpd+mppe? In-Reply-To: <001d01c1871e$0a42c080$0927c3c8@plugway.com.br> References: <001d01c1871e$0a42c080$0927c3c8@plugway.com.br> Message-ID: <0GOI00EW1FMVCS@mta4.rcsntx.swbell.net> There is a howto at http://home.swbell.net/berzerke . It doesn't cover rpms, but it does work if you follow the instructions. On Monday 17 December 2001 11:12 am, Bruno Negr?o wrote: > Hy all, > > Had someone already successfully configured the redhat linux 7.2 with the > new kernel 2.4.9-13 and the pptpd + mppe pacht? I can't get it working... > (more specifically, I can't compile the ppp_mppe.c with the "make modules" > command.) > > Thank you, > ------------------------------------------------- > -- Bruno Negr?o -- Suporte > -- Plugway Acesso Internet Ltda. > -- (31)34812311 > -- bnegrao at plugway.com.br From GeorgeV at citadelcomputer.com.au Mon Dec 17 16:56:50 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 18 Dec 2001 09:56:50 +1100 Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptp d+mppe? Message-ID: <200FAA488DE0D41194F10010B597610D2B9407@jupiter.citadelcomputer.com.au> RPMs are definately not reccomended.. RedHat RPMS won't patch properly.... USE the TAR.GZ as a rule of thumb... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: robert [mailto:berzerke at swbell.net] Sent: Tuesday, 18 December 2001 9:55 AM To: Bruno Negr?o; pptp-server at lists.schulte.org Subject: Re: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptpd+mppe? There is a howto at http://home.swbell.net/berzerke . It doesn't cover rpms, but it does work if you follow the instructions. On Monday 17 December 2001 11:12 am, Bruno Negr?o wrote: > Hy all, > > Had someone already successfully configured the redhat linux 7.2 with the > new kernel 2.4.9-13 and the pptpd + mppe pacht? I can't get it working... > (more specifically, I can't compile the ppp_mppe.c with the "make modules" > command.) > > Thank you, > ------------------------------------------------- > -- Bruno Negr?o -- Suporte > -- Plugway Acesso Internet Ltda. > -- (31)34812311 > -- bnegrao at plugway.com.br _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From berzerke at swbell.net Mon Dec 17 16:58:46 2001 From: berzerke at swbell.net (robert) Date: Mon, 17 Dec 2001 16:58:46 -0600 Subject: [pptp-server] Again connection Problems to my PPTP Server In-Reply-To: <001101c18725$8b61d9b0$1400a8c0@roland> References: <001101c18725$8b61d9b0$1400a8c0@roland> Message-ID: <0GOI00EYXFT2DF@mta4.rcsntx.swbell.net> The first thing that jumps out at me is your localip and remote ip ranges are not in the same subnet. Fix that and try again. Also, be sure the ip ranges (local and remote) do not overlap. On Monday 17 December 2001 12:06 pm, Roland H wrote: > Hi all, > > for (now) two weeks I try to set my server to allow incoming vpn > connection, but what have I realised? nearly nothing! Anyway, at first > thanx for your great help here in the mailinglist! > Perhaps you can help me again! > Please take a look at my settings and my log! > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 12) > It took 36 seconds until that message came! What does that mean? > Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor > Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > And whats that? > I searched the hole web, but I could find nothing! > > IMPORTANT: when I cut my dsl line (with /etc/rc.d/adsl stop) it works, but > not over the internet ;-)! > > Any help would be very nice! > > bye > Roland > > > (options.pptp:) > > debug > name server > mru 1450 > mtu 1450 > nodefaultroute > auth > require-chap > proxyarp > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > > (pptpd.conf:) > option /etc/ppp/options.pptp > debug > localip 192.168.0.234 > remoteip 192.168.1.234-238,192.168.1.245 > > > (var/log/messages) > Hec 16 17:06:29 Server pptpd[962]: MGR: Launching /usr/sbin/pptpctrl to > handle client > Dec 16 17:06:29 Server pptpd[962]: CTRL: local address = 192.168.0.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: remote address = 192.168.1.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: pppd options file = > /etc/ppp/options.pptp > Dec 16 17:06:29 Server pptpd[962]: CTRL: Client 192.168.0.20 control > connectionstarted > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 1) > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a START CTRL CONN RPLY packet > Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 156 bytes to the client. > Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 7) > Dec 16 17:06:29 Server pptpd[962]: CTRL: 0 min_bps, 1525 max_bps, 32 window > size > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a OUT CALL RPLY packet > Dec 16 17:06:29 Server pptpd[962]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 16 17:06:29 Server pptpd[962]: CTRL: pty_fd = 5 > Dec 16 17:06:29 Server pptpd[962]: CTRL: tty_fd = 6 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): Connection speed = > 115200 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): local address = > 192.168.0.234 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): remote address = > 192.168.1.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 32 bytes to the client. > Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 15) > Dec 16 17:06:29 Server pptpd[962]: CTRL: Got a SET LINK INFO packet with > standard ACCMs > Dec 16 17:06:30 Server pppd[963]: pppd 2.4.0 started by root, uid 0 > Dec 16 17:06:30 Server pppd[963]: Using interface ppp1 > Dec 16 17:06:30 Server pppd[963]: found interface eth0 for proxy arp > Dec 16 17:06:30 Server pppd[963]: local IP address 192.168.0.234 > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 12) > Dec 16 17:07:06 Server pptpd[962]: CTRL: Made a CALL DISCONNECT RPLY packet > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received CALL CLR request (closing > call) > Dec 16 17:07:06 Server pptpd[962]: CTRL: I wrote 148 bytes to the client. > Dec 16 17:07:06 Server pptpd[962]: CTRL: Sent packet to client > Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor > Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Dec 16 17:07:06 Server pptpd[962]: CTRL: Client 192.168.0.20 control > connectionfinished > Dec 16 17:07:06 Server pptpd[962]: CTRL: Exiting now > Dec 16 17:07:06 Server pptpd[775]: MGR: Reaped child 962 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From Steve at SteveCowles.com Mon Dec 17 17:44:30 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 17 Dec 2001 17:44:30 -0600 Subject: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with pptp d+mppe? Message-ID: <90769AF04F76D41186C700A0C90AFC3EE96F@defiant.infohiiway.com> > -----Original Message----- > From: George Vieira [mailto:GeorgeV at citadelcomputer.com.au] > Sent: Monday, December 17, 2001 4:57 PM > To: 'robert'; Bruno Negr?o; pptp-server at lists.schulte.org > Subject: RE: [pptp-server] How to set the RedHat 7.2, k-2.4.9-13 with > pptp d+mppe? > > > RPMs are definately not reccomended.. > RedHat RPMS won't patch properly.... > > USE the TAR.GZ as a rule of thumb... As a rule of thumb, I agree. I have had problems patching the Redhat kernel source RPM's in the past. But I applied the mppe patch to the Redhat 2.4.9-13 kernel source RPM without a problem last week. In fact, I even got freeswan/ipsec to patch against this kernel without a problem. Steve Cowles From muralivemuri at multitech.co.in Mon Dec 17 23:08:39 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Tue, 18 Dec 2001 10:38:39 +0530 Subject: [pptp-server] Again connection Problems to my PPTP Server References: <001101c18725$8b61d9b0$1400a8c0@roland> Message-ID: <3C1ECF56.2D064868@multitech.co.in> i guess you are using win98 client. uninstall all the damn adapters on that and then go to control panel, add remove programs/ windows startup menu/ communications, add vpn support. and don't do the same from control panel, network, properties add vpn adapter. regds Roland H wrote: > Hi all, > > for (now) two weeks I try to set my server to allow incoming vpn connection, > but what have I realised? nearly nothing! Anyway, at first thanx for your > great help here in the mailinglist! > Perhaps you can help me again! > Please take a look at my settings and my log! > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 12) > It took 36 seconds until that message came! What does that mean? > Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor > Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > And whats that? > I searched the hole web, but I could find nothing! > > IMPORTANT: when I cut my dsl line (with /etc/rc.d/adsl stop) it works, but > not over the internet ;-)! > > Any help would be very nice! > > bye > Roland > > (options.pptp:) > > debug > name server > mru 1450 > mtu 1450 > nodefaultroute > auth > require-chap > proxyarp > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > (pptpd.conf:) > option /etc/ppp/options.pptp > debug > localip 192.168.0.234 > remoteip 192.168.1.234-238,192.168.1.245 > > (var/log/messages) > Hec 16 17:06:29 Server pptpd[962]: MGR: Launching /usr/sbin/pptpctrl to > handle client > Dec 16 17:06:29 Server pptpd[962]: CTRL: local address = 192.168.0.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: remote address = 192.168.1.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: pppd options file = > /etc/ppp/options.pptp > Dec 16 17:06:29 Server pptpd[962]: CTRL: Client 192.168.0.20 control > connectionstarted > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 1) > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a START CTRL CONN RPLY packet > Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 156 bytes to the client. > Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 7) > Dec 16 17:06:29 Server pptpd[962]: CTRL: 0 min_bps, 1525 max_bps, 32 window > size > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a OUT CALL RPLY packet > Dec 16 17:06:29 Server pptpd[962]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 16 17:06:29 Server pptpd[962]: CTRL: pty_fd = 5 > Dec 16 17:06:29 Server pptpd[962]: CTRL: tty_fd = 6 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): Connection speed = > 115200 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): local address = > 192.168.0.234 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): remote address = > 192.168.1.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 32 bytes to the client. > Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 15) > Dec 16 17:06:29 Server pptpd[962]: CTRL: Got a SET LINK INFO packet with > standard ACCMs > Dec 16 17:06:30 Server pppd[963]: pppd 2.4.0 started by root, uid 0 > Dec 16 17:06:30 Server pppd[963]: Using interface ppp1 > Dec 16 17:06:30 Server pppd[963]: found interface eth0 for proxy arp > Dec 16 17:06:30 Server pppd[963]: local IP address 192.168.0.234 > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 12) > Dec 16 17:07:06 Server pptpd[962]: CTRL: Made a CALL DISCONNECT RPLY packet > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received CALL CLR request (closing > call) > Dec 16 17:07:06 Server pptpd[962]: CTRL: I wrote 148 bytes to the client. > Dec 16 17:07:06 Server pptpd[962]: CTRL: Sent packet to client > Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor > Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Dec 16 17:07:06 Server pptpd[962]: CTRL: Client 192.168.0.20 control > connectionfinished > Dec 16 17:07:06 Server pptpd[962]: CTRL: Exiting now > Dec 16 17:07:06 Server pptpd[775]: MGR: Reaped child 962 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Mon Dec 17 23:11:34 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Tue, 18 Dec 2001 16:11:34 +1100 Subject: [pptp-server] Again connection Problems to my PPTP Server Message-ID: <200FAA488DE0D41194F10010B597610D2B9411@jupiter.citadelcomputer.com.au> Though he says that when he brings down the ADSL link the vpn works fine which means the DUN on his windows is fine.. read the IMPORTANT NOTE at the bottom of his message.... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Tuesday, 18 December 2001 4:09 PM To: Roland H Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] Again connection Problems to my PPTP Server i guess you are using win98 client. uninstall all the damn adapters on that and then go to control panel, add remove programs/ windows startup menu/ communications, add vpn support. and don't do the same from control panel, network, properties add vpn adapter. regds Roland H wrote: Hi all, for (now) two weeks I try to set my server to allow incoming vpn connection, but what have I realised? nearly nothing! Anyway, at first thanx for your great help here in the mailinglist! Perhaps you can help me again! Please take a look at my settings and my log! Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 12) It took 36 seconds until that message came! What does that mean? Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) And whats that? I searched the hole web, but I could find nothing! IMPORTANT: when I cut my dsl line (with /etc/rc.d/adsl stop) it works, but not over the internet ;-)! Any help would be very nice! bye Roland (options.pptp:) debug name server mru 1450 mtu 1450 nodefaultroute auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless (pptpd.conf:) option /etc/ppp/options.pptp debug localip 192.168.0.234 remoteip 192.168.1.234-238,192.168.1.245 (var/log/messages) Hec 16 17:06:29 Server pptpd[962]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 16 17:06:29 Server pptpd[962]: CTRL: local address = 192.168.0.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: remote address = 192.168.1.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: pppd options file = /etc/ppp/options.pptp Dec 16 17:06:29 Server pptpd[962]: CTRL: Client 192.168.0.20 control connectionstarted Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 1) Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a START CTRL CONN RPLY packet Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 156 bytes to the client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 7) Dec 16 17:06:29 Server pptpd[962]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a OUT CALL RPLY packet Dec 16 17:06:29 Server pptpd[962]: CTRL: Starting call (launching pppd, opening GRE) Dec 16 17:06:29 Server pptpd[962]: CTRL: pty_fd = 5 Dec 16 17:06:29 Server pptpd[962]: CTRL: tty_fd = 6 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): local address = 192.168.0.234 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 32 bytes to the client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 15) Dec 16 17:06:29 Server pptpd[962]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 16 17:06:30 Server pppd[963]: pppd 2.4.0 started by root, uid 0 Dec 16 17:06:30 Server pppd[963]: Using interface ppp1 Dec 16 17:06:30 Server pppd[963]: found interface eth0 for proxy arp Dec 16 17:06:30 Server pppd[963]: local IP address 192.168.0.234 Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 12) Dec 16 17:07:06 Server pptpd[962]: CTRL: Made a CALL DISCONNECT RPLY packet Dec 16 17:07:06 Server pptpd[962]: CTRL: Received CALL CLR request (closing call) Dec 16 17:07:06 Server pptpd[962]: CTRL: I wrote 148 bytes to the client. Dec 16 17:07:06 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Dec 16 17:07:06 Server pptpd[962]: CTRL: Client 192.168.0.20 control connectionfinished Dec 16 17:07:06 Server pptpd[962]: CTRL: Exiting now Dec 16 17:07:06 Server pptpd[775]: MGR: Reaped child 962 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From ufuk.altinkaynak at wibo-werk.com Tue Dec 18 07:26:20 2001 From: ufuk.altinkaynak at wibo-werk.com (Ufuk Altinkaynak) Date: Tue, 18 Dec 2001 14:26:20 +0100 Subject: [pptp-server] Connect Problems! References: <200FAA488DE0D41194F10010B597610D2B9400@jupiter.citadelcomputer.com.au> Message-ID: <000f01c187c7$956aa340$9b010a0a@AltinkaynakA9> Hi George ! First off all again thank for your great support. I am very sad cause it still is not working > This is actually a good thing but you need to patch/upgrade your PPPD to > support it if it's not done already... After i received your mail, i checked my pppd and the ppd provided from SUSE already is patched. As i wrote in my first mail. when i am doing an LAN VPN connection from any kind of client everything works funtastic. So i made another LAN VPN connection form an Win2k client, and again it worked, so i looked at the connection propperties on the win2k client and they show me, that the vpn connection is using MS Chap V2 and MPPE 128 So my question is, when i can make a LAN VPN connection with MS Chap V2 and MPPE 128, is it still a missing patch related Problem. Cause when i do the same over the internet and get the errors written before. Hopfully you a solution for my problem. Therfore thanks for your support Ufuk Altinkaynak btw: i noticed, that i used in my first mail the word INBOUND, wich was false translated from me, i wanted to say that it was a LAN connection sorry for that. > -----Original Message----- > From: Ufuk Altinkaynak [mailto:ufuk.altinkaynak at wibo-werk.com] > Sent: Monday, 17 December 2001 11:00 PM > To: George Vieira; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Connect Problems! > > > Hi George > First Thanks for your advice. > > > Try upgrading your DUN to 1.4... I think your DUN is possibly fubar... > > > > Uninstall it and reinstall it and if that fails, then use DUN 1.4 as above > > from Microsoft.. > Well i did so. > When i know start to connect, i receive the DUN error 645. > The Errror comes up a little moment after verifying the username and > password. > > My NEW logfile looks now like this. > > Dec 17 12:44:08 mail pptpd[18749]: MGR: Launching /usr/sbin/pptpctrl to > handle client > Dec 17 12:44:08 mail pptpd[18749]: CTRL: local address = 192.168.1.1 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: remote address = 192.168.1.2 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: pppd speed = 115200 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: pppd options file = > /etc/ppp/options.ppp0 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Client 195.64.97.37 control > connection started > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Received PPTP Control Message > (type: 1) > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Made a START CTRL CONN RPLY packet > Dec 17 12:44:08 mail pptpd[18749]: CTRL: I wrote 156 bytes to the client. > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Sent packet to client > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Received PPTP Control Message > (type: 7) > Dec 17 12:44:08 mail pptpd[18749]: CTRL: 0 min_bps, 0 max_bps, 32 window > size > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Made a OUT CALL RPLY packet > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 17 12:44:08 mail pptpd[18749]: CTRL: pty_fd = 5 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: tty_fd = 6 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: I wrote 32 bytes to the client. > Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): Connection speed = > 115200 > Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): local address = > 192.168.1.1 > Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): remote address = > 192.168.1.2 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Sent packet to client > Dec 17 12:44:08 mail pppd[18750]: pppd 2.4.0 started by root, uid 0 > Dec 17 12:44:08 mail pppd[18750]: Using interface ppp0 > Dec 17 12:44:08 mail pppd[18750]: Connect: ppp0 <--> /dev/pts/2 > Dec 17 12:44:08 mail pppd[18750]: sent [LCP ConfReq id=0x1 > ] > Dec 17 12:44:35 mail last message repeated 9 times > Dec 17 12:44:38 mail pppd[18750]: LCP: timeout sending Config-Requests > Dec 17 12:44:38 mail pppd[18750]: Connection terminated. > Dec 17 12:44:38 mail pppd[18750]: Exit. > Dec 17 12:44:38 mail pptpd[18749]: Error reading from pppd: Input/output > error > Dec 17 12:44:38 mail pptpd[18749]: CTRL: GRE read or PTY write failed > (gre,pty)=(6,5) > Dec 17 12:44:38 mail pptpd[18749]: CTRL: Client 195.64.97.37 control > connection finished > Dec 17 12:44:38 mail pptpd[18749]: CTRL: Exiting now > Dec 17 12:44:38 mail pptpd[18696]: MGR: Reaped child 18749 > > And again any kind of tips are welcome :-) > > Thanks > > Ufuk Altinkaynak > > > > Hi > > I am new to the list and also new to poptop. > > I am running a SUSE7.2 Server with poptop ver. 1.1.2-42 > > my config files look like this. > > > > pptpd.conf: > > speed 115200 > > option /etc/ppp/options.ppp0 > > debug > > localip 192.168.1.1 > > remoteip 192.168.1.2-200 > > pidfile /var/run/pptpd.pid > > > > options.ppp0: > > lock > > debug > > auth > > +chap > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > name poseidon > > proxyarp > > > > When i am trying to connect the server over the internet from an win98 > > station > > the connect fails and i get following logfile: > > > > Dec 17 10:05:54 mail pptpd[16862]: MGR: Max connections reached, extra IP > > addresses ignored > > Dec 17 10:05:54 mail pptpd[16863]: MGR: Manager process started > > Dec 17 10:07:53 mail pptpd[16870]: MGR: Launching /usr/sbin/pptpctrl to > > handle client > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: local address = 192.168.1.1 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: remote address = 192.168.1.2 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd speed = 115200 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd options file = > > /etc/ppp/options.ppp0 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Client 195.64.97.11 control > > connection started > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message > > (type: 1) > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a START CTRL CONN RPLY > packet > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 156 bytes to the client. > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message > > (type: 7) > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: 0 min_bps, 0 max_bps, 32 window > > size > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a OUT CALL RPLY packet > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Starting call (launching pppd, > > opening GRE) > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pty_fd = 5 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: tty_fd = 6 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 32 bytes to the client. > > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): Connection speed > = > > 115200 > > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): local address = > > 192.168.1.1 > > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): remote address = > > 192.168.1.2 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client > > Dec 17 10:07:54 mail pppd[16871]: pppd 2.4.0 started by root, uid 0 > > Dec 17 10:07:54 mail pppd[16871]: Using interface ppp0 > > Dec 17 10:07:54 mail pppd[16871]: Connect: ppp0 <--> /dev/pts/3 > > Dec 17 10:07:54 mail pppd[16871]: sent [LCP ConfReq id=0x1 > > ] > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received PPTP Control Message > > (type: 12) > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Made a CALL DISCONNECT RPLY > packet > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received CALL CLR request > (closing > > call) > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: I wrote 148 bytes to the client. > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Sent packet to client > > Dec 17 10:07:54 mail pppd[16871]: Modem hangup > > Dec 17 10:07:54 mail pppd[16871]: Connection terminated. > > Dec 17 10:07:54 mail pppd[16871]: Exit. > > Dec 17 10:07:59 mail pptpd[16870]: GRE: read error: Bad file descriptor > > Dec 17 10:07:59 mail pptpd[16870]: CTRL: PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > Dec 17 10:07:59 mail pptpd[16870]: CTRL: Client 195.64.97.11 control > > connection finished > > Dec 17 10:07:59 mail pptpd[16870]: CTRL: Exiting now > > Dec 17 10:07:59 mail pptpd[16863]: MGR: Reaped child 16870 > > > > When i make an inbound connection to the server i can connect from any > kind > > of client (win2k, win9x) without any problems with the same config files. > > > > Maybe anyone here has a good suggestion for my problem. > > > > Thanks > > Ufuk Altinkaynak From goran at dmv.co.yu Tue Dec 18 07:52:52 2001 From: goran at dmv.co.yu (Goran Petrovic) Date: Tue, 18 Dec 2001 14:52:52 +0100 (Central Europe Standard Time) Subject: [pptp-server] Client-NAT-Server problem. Message-ID: <3C1F4A34.00001A.02456@prima.dmv.co.yu> Hi everyone! Actually, my problem is NAT (on the Cisco) between client and server. I can?t establish connection between W2k client and Linux SuSE Professional 7 0 pptpd PoPToP v1.0.0 server, via NAT. That means: After Config Req Packet from a client I don't receive Config Ack Packet from the server. What I should do to solve this problem. Thanks in Advance! Goran. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mrgermany at t-online.de Tue Dec 18 07:55:19 2001 From: mrgermany at t-online.de (Roland H) Date: Tue, 18 Dec 2001 14:55:19 +0100 Subject: [pptp-server] Again connection Problems to my PPTP Server References: <001101c18725$8b61d9b0$1400a8c0@roland> <3C1ECF56.2D064868@multitech.co.in> Message-ID: <007701c187cb$a162c480$1400a8c0@roland> Hi all, thanx for your great help, but I have still that error! Now I changed the IP adresses: localip 192.168.0.50 remoteip 192.168.0.60-80 but nothing changed, still the same error! What can I try now? Thanx, Roland Roland H wrote: Hi all, for (now) two weeks I try to set my server to allow incoming vpn connection, but what have I realised? nearly nothing! Anyway, at first thanx for your great help here in the mailinglist! Perhaps you can help me again! Please take a look at my settings and my log! Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 12) It took 36 seconds until that message came! What does that mean? Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) And whats that? I searched the hole web, but I could find nothing! IMPORTANT: when I cut my dsl line (with /etc/rc.d/adsl stop) it works, but not over the internet ;-)! Any help would be very nice! bye Roland (options.pptp:) debug name server mru 1450 mtu 1450 nodefaultroute auth require-chap proxyarp +chap +chapms +chapms-v2 mppe-40 mppe-128 mppe-stateless (pptpd.conf:) option /etc/ppp/options.pptp debug localip 192.168.0.234 remoteip 192.168.1.234-238,192.168.1.245 (var/log/messages) Hec 16 17:06:29 Server pptpd[962]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 16 17:06:29 Server pptpd[962]: CTRL: local address = 192.168.0.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: remote address = 192.168.1.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: pppd options file = /etc/ppp/options.pptp Dec 16 17:06:29 Server pptpd[962]: CTRL: Client 192.168.0.20 control connectionstarted Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 1) Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a START CTRL CONN RPLY packet Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 156 bytes to the client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 7) Dec 16 17:06:29 Server pptpd[962]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a OUT CALL RPLY packet Dec 16 17:06:29 Server pptpd[962]: CTRL: Starting call (launching pppd, opening GRE) Dec 16 17:06:29 Server pptpd[962]: CTRL: pty_fd = 5 Dec 16 17:06:29 Server pptpd[962]: CTRL: tty_fd = 6 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): local address = 192.168.0.234 Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): remote address = 192.168.1.234 Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 32 bytes to the client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 15) Dec 16 17:06:29 Server pptpd[962]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 16 17:06:30 Server pppd[963]: pppd 2.4.0 started by root, uid 0 Dec 16 17:06:30 Server pppd[963]: Using interface ppp1 Dec 16 17:06:30 Server pppd[963]: found interface eth0 for proxy arp Dec 16 17:06:30 Server pppd[963]: local IP address 192.168.0.234 Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message (type: 12) Dec 16 17:07:06 Server pptpd[962]: CTRL: Made a CALL DISCONNECT RPLY packet Dec 16 17:07:06 Server pptpd[962]: CTRL: Received CALL CLR request (closing call) Dec 16 17:07:06 Server pptpd[962]: CTRL: I wrote 148 bytes to the client. Dec 16 17:07:06 Server pptpd[962]: CTRL: Sent packet to client Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed (pty,gre)=(-1,-1) Dec 16 17:07:06 Server pptpd[962]: CTRL: Client 192.168.0.20 control connectionfinished Dec 16 17:07:06 Server pptpd[962]: CTRL: Exiting now Dec 16 17:07:06 Server pptpd[775]: MGR: Reaped child 962 _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From Administrator at josims.com Tue Dec 18 08:06:49 2001 From: Administrator at josims.com (Andrew Lyon) Date: Tue, 18 Dec 2001 14:06:49 -0000 Subject: [pptp-server] Connect Problems! Message-ID: Sounds like your isp, try doing a traceroute from client to server port 1723, if that works try the patched traceroute which can use GRE packets. If it works internally but not over the internet is must be your isp or other config problem. andy -----Original Message----- From: Ufuk Altinkaynak [mailto:ufuk.altinkaynak at wibo-werk.com] Sent: 18 December 2001 13:26 To: George Vieira; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Connect Problems! Hi George ! First off all again thank for your great support. I am very sad cause it still is not working > This is actually a good thing but you need to patch/upgrade your PPPD > to support it if it's not done already... After i received your mail, i checked my pppd and the ppd provided from SUSE already is patched. As i wrote in my first mail. when i am doing an LAN VPN connection from any kind of client everything works funtastic. So i made another LAN VPN connection form an Win2k client, and again it worked, so i looked at the connection propperties on the win2k client and they show me, that the vpn connection is using MS Chap V2 and MPPE 128 So my question is, when i can make a LAN VPN connection with MS Chap V2 and MPPE 128, is it still a missing patch related Problem. Cause when i do the same over the internet and get the errors written before. Hopfully you a solution for my problem. Therfore thanks for your support Ufuk Altinkaynak btw: i noticed, that i used in my first mail the word INBOUND, wich was false translated from me, i wanted to say that it was a LAN connection sorry for that. > -----Original Message----- > From: Ufuk Altinkaynak [mailto:ufuk.altinkaynak at wibo-werk.com] > Sent: Monday, 17 December 2001 11:00 PM > To: George Vieira; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Connect Problems! > > > Hi George > First Thanks for your advice. > > > Try upgrading your DUN to 1.4... I think your DUN is possibly > > fubar... > > > > Uninstall it and reinstall it and if that fails, then use DUN 1.4 as above > > from Microsoft.. > Well i did so. > When i know start to connect, i receive the DUN error 645. The Errror > comes up a little moment after verifying the username and password. > > My NEW logfile looks now like this. > > Dec 17 12:44:08 mail pptpd[18749]: MGR: Launching /usr/sbin/pptpctrl > to handle client Dec 17 12:44:08 mail pptpd[18749]: CTRL: local > address = 192.168.1.1 Dec 17 12:44:08 mail pptpd[18749]: CTRL: remote > address = 192.168.1.2 Dec 17 12:44:08 mail pptpd[18749]: CTRL: pppd > speed = 115200 Dec 17 12:44:08 mail pptpd[18749]: CTRL: pppd options > file = /etc/ppp/options.ppp0 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Client 195.64.97.37 control > connection started > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Received PPTP Control Message > (type: 1) > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Made a START CTRL CONN RPLY packet > Dec 17 12:44:08 mail pptpd[18749]: CTRL: I wrote 156 bytes to the > client. Dec 17 12:44:08 mail pptpd[18749]: CTRL: Sent packet to client > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Received PPTP Control Message > (type: 7) > Dec 17 12:44:08 mail pptpd[18749]: CTRL: 0 min_bps, 0 max_bps, 32 > window size Dec 17 12:44:08 mail pptpd[18749]: CTRL: Made a OUT CALL > RPLY packet Dec 17 12:44:08 mail pptpd[18749]: CTRL: Starting call > (launching pppd, opening GRE) > Dec 17 12:44:08 mail pptpd[18749]: CTRL: pty_fd = 5 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: tty_fd = 6 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: I wrote 32 bytes to the client. > Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): Connection speed = > 115200 > Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): local address > = 192.168.1.1 Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): > remote address = 192.168.1.2 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Sent packet to client > Dec 17 12:44:08 mail pppd[18750]: pppd 2.4.0 started by root, uid 0 > Dec 17 12:44:08 mail pppd[18750]: Using interface ppp0 > Dec 17 12:44:08 mail pppd[18750]: Connect: ppp0 <--> /dev/pts/2 > Dec 17 12:44:08 mail pppd[18750]: sent [LCP ConfReq id=0x1 > ] > Dec 17 12:44:35 mail last message repeated 9 times > Dec 17 12:44:38 mail pppd[18750]: LCP: timeout sending Config-Requests > Dec 17 12:44:38 mail pppd[18750]: Connection terminated. > Dec 17 12:44:38 mail pppd[18750]: Exit. > Dec 17 12:44:38 mail pptpd[18749]: Error reading from pppd: Input/output > error > Dec 17 12:44:38 mail pptpd[18749]: CTRL: GRE read or PTY write failed > (gre,pty)=(6,5) > Dec 17 12:44:38 mail pptpd[18749]: CTRL: Client 195.64.97.37 control > connection finished > Dec 17 12:44:38 mail pptpd[18749]: CTRL: Exiting now > Dec 17 12:44:38 mail pptpd[18696]: MGR: Reaped child 18749 > > And again any kind of tips are welcome :-) > > Thanks > > Ufuk Altinkaynak > > > > Hi > > I am new to the list and also new to poptop. > > I am running a SUSE7.2 Server with poptop ver. 1.1.2-42 > > my config files look like this. > > > > pptpd.conf: > > speed 115200 > > option /etc/ppp/options.ppp0 > > debug > > localip 192.168.1.1 > > remoteip 192.168.1.2-200 > > pidfile /var/run/pptpd.pid > > > > options.ppp0: > > lock > > debug > > auth > > +chap > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > name poseidon > > proxyarp > > > > When i am trying to connect the server over the internet from an > > win98 station the connect fails and i get following logfile: > > > > Dec 17 10:05:54 mail pptpd[16862]: MGR: Max connections reached, > > extra IP > > addresses ignored > > Dec 17 10:05:54 mail pptpd[16863]: MGR: Manager process started Dec > > 17 10:07:53 mail pptpd[16870]: MGR: Launching /usr/sbin/pptpctrl to > > handle client Dec 17 10:07:53 mail pptpd[16870]: CTRL: local address > > = 192.168.1.1 Dec 17 10:07:53 mail pptpd[16870]: CTRL: remote > > address = 192.168.1.2 Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd > > speed = 115200 Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd options > > file = /etc/ppp/options.ppp0 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Client 195.64.97.11 control > > connection started > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message > > (type: 1) > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a START CTRL CONN RPLY > packet > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 156 bytes to the client. > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client Dec > > 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message > > (type: 7) > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: 0 min_bps, 0 max_bps, 32 > > window size Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a OUT CALL > > RPLY packet Dec 17 10:07:53 mail pptpd[16870]: CTRL: Starting call > > (launching pppd, opening GRE) > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pty_fd = 5 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: tty_fd = 6 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 32 bytes to the client. > > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): Connection speed > = > > 115200 > > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): local > > address = 192.168.1.1 Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD > > Launcher): remote address = > > 192.168.1.2 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client Dec > > 17 10:07:54 mail pppd[16871]: pppd 2.4.0 started by root, uid 0 Dec > > 17 10:07:54 mail pppd[16871]: Using interface ppp0 Dec 17 10:07:54 > > mail pppd[16871]: Connect: ppp0 <--> /dev/pts/3 Dec 17 10:07:54 mail > > pppd[16871]: sent [LCP ConfReq id=0x1 > > ] > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received PPTP Control > > Message > > (type: 12) > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Made a CALL DISCONNECT RPLY > packet > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received CALL CLR request > (closing > > call) > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: I wrote 148 bytes to the client. > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Sent packet to client Dec > > 17 10:07:54 mail pppd[16871]: Modem hangup Dec 17 10:07:54 mail > > pppd[16871]: Connection terminated. Dec 17 10:07:54 mail > > pppd[16871]: Exit. Dec 17 10:07:59 mail pptpd[16870]: GRE: read > > error: Bad file descriptor Dec 17 10:07:59 mail pptpd[16870]: CTRL: > > PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > Dec 17 10:07:59 mail pptpd[16870]: CTRL: Client 195.64.97.11 control > > connection finished Dec 17 10:07:59 mail pptpd[16870]: CTRL: Exiting > > now Dec 17 10:07:59 mail pptpd[16863]: MGR: Reaped child 16870 > > > > When i make an inbound connection to the server i can connect from > > any > kind > > of client (win2k, win9x) without any problems with the same config files. > > > > Maybe anyone here has a good suggestion for my problem. > > > > Thanks > > Ufuk Altinkaynak _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Registered Office: J.O. Sims Ltd, Pudding Lane, Pinchbeck, Spalding, Lincs. PE11 3TJ Company reg No: 2084187 Vat reg No: GB 437 4621 47 Tel: +44 (0) 1775 842100 Fax: +44 (0) 1775 842101 Web: www.josims.com Email: enquiries at josims.com The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. From berzerke at swbell.net Tue Dec 18 09:01:08 2001 From: berzerke at swbell.net (robert) Date: Tue, 18 Dec 2001 09:01:08 -0600 Subject: [pptp-server] Again connection Problems to my PPTP Server In-Reply-To: <007701c187cb$a162c480$1400a8c0@roland> References: <001101c18725$8b61d9b0$1400a8c0@roland> <3C1ECF56.2D064868@multitech.co.in> <007701c187cb$a162c480$1400a8c0@roland> Message-ID: <0GOJ00MH2OCYE0@mta4.rcsntx.swbell.net> Are you sure the 192.168.0.0/24 subnet is the correct one? Also, try this options.pptpd file name * lock mtu 1490 mru 1490 proxyarp auth +chap #+chapms #This one is optional and my be omitted. +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless nodeflate nobsdcomp On Tuesday 18 December 2001 07:55 am, Roland H wrote: > Hi all, > > thanx for your great help, but I have still that error! Now I changed the > IP adresses: localip 192.168.0.50 > remoteip 192.168.0.60-80 > but nothing changed, still the same error! > What can I try now? > > Thanx, Roland > > > > > Roland H wrote: > > Hi all, > for (now) two weeks I try to set my server to allow incoming vpn > connection, but what have I realised? nearly nothing! Anyway, at first > thanx for your great help here in the mailinglist! > Perhaps you can help me again! > Please take a look at my settings and my log! > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 12) > It took 36 seconds until that message came! What does that mean? > Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor > Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > And whats that? > I searched the hole web, but I could find nothing! > > IMPORTANT: when I cut my dsl line (with /etc/rc.d/adsl stop) it works, > but not over the internet ;-)! > > Any help would be very nice! > > bye > Roland > > (options.pptp:) > > debug > name server > mru 1450 > mtu 1450 > nodefaultroute > auth > require-chap > proxyarp > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > (pptpd.conf:) > option /etc/ppp/options.pptp > debug > localip 192.168.0.234 > remoteip 192.168.1.234-238,192.168.1.245 > > (var/log/messages) > Hec 16 17:06:29 Server pptpd[962]: MGR: Launching /usr/sbin/pptpctrl to > handle client > Dec 16 17:06:29 Server pptpd[962]: CTRL: local address = 192.168.0.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: remote address = 192.168.1.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: pppd options file = > /etc/ppp/options.pptp > Dec 16 17:06:29 Server pptpd[962]: CTRL: Client 192.168.0.20 control > connectionstarted > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 1) > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a START CTRL CONN RPLY > packet Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 156 bytes to the > client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec > 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: > 7) > Dec 16 17:06:29 Server pptpd[962]: CTRL: 0 min_bps, 1525 max_bps, 32 > window size > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a OUT CALL RPLY packet > Dec 16 17:06:29 Server pptpd[962]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 16 17:06:29 Server pptpd[962]: CTRL: pty_fd = 5 > Dec 16 17:06:29 Server pptpd[962]: CTRL: tty_fd = 6 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): Connection > speed = 115200 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): local address > = 192.168.0.234 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): remote address > = 192.168.1.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 32 bytes to the > client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec > 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: > 15) > Dec 16 17:06:29 Server pptpd[962]: CTRL: Got a SET LINK INFO packet > with standard ACCMs > Dec 16 17:06:30 Server pppd[963]: pppd 2.4.0 started by root, uid 0 > Dec 16 17:06:30 Server pppd[963]: Using interface ppp1 > Dec 16 17:06:30 Server pppd[963]: found interface eth0 for proxy arp > Dec 16 17:06:30 Server pppd[963]: local IP address 192.168.0.234 > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 12) > Dec 16 17:07:06 Server pptpd[962]: CTRL: Made a CALL DISCONNECT RPLY > packet Dec 16 17:07:06 Server pptpd[962]: CTRL: Received CALL CLR request > (closing call) > Dec 16 17:07:06 Server pptpd[962]: CTRL: I wrote 148 bytes to the > client. Dec 16 17:07:06 Server pptpd[962]: CTRL: Sent packet to client Dec > 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec 16 > 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Dec 16 17:07:06 Server pptpd[962]: CTRL: Client 192.168.0.20 control > connectionfinished > Dec 16 17:07:06 Server pptpd[962]: CTRL: Exiting now > Dec 16 17:07:06 Server pptpd[775]: MGR: Reaped child 962 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From mrgermany at t-online.de Tue Dec 18 09:35:46 2001 From: mrgermany at t-online.de (Roland H) Date: Tue, 18 Dec 2001 16:35:46 +0100 Subject: [pptp-server] Again connection Problems to my PPTP Server References: <001101c18725$8b61d9b0$1400a8c0@roland> <3C1ECF56.2D064868@multitech.co.in> <007701c187cb$a162c480$1400a8c0@roland> <0GOJ00MH2OCYE0@mta4.rcsntx.swbell.net> Message-ID: <001901c187d9$aa157330$1400a8c0@roland> what do you mean with correct one? In that subnet is the network of my server! i did that change in my options.pptpd file, but that didn't kook a change to my pptpd accesability! ;-( but there was another errormessage "couldn't replace default route to ppp0" or something like that, but thats why i forgot the "nodefaultroute" in the options.pptpd. Thank you for your homepage, thats one which did realy helped me setting up my pptpd! Any other idea? Bye Roland ----- Original Message ----- From: "robert" To: "Roland H" ; Sent: Tuesday, December 18, 2001 4:01 PM Subject: Re: [pptp-server] Again connection Problems to my PPTP Server > Are you sure the 192.168.0.0/24 subnet is the correct one? > > Also, try this options.pptpd file > > name * > lock > mtu 1490 > mru 1490 > proxyarp > auth > +chap > #+chapms #This one is optional and my be omitted. > +chapms-v2 > ipcp-accept-local > ipcp-accept-remote > lcp-echo-failure 3 > lcp-echo-interval 5 > deflate 0 > mppe-128 > mppe-40 > mppe-stateless > nodeflate > nobsdcomp > > > On Tuesday 18 December 2001 07:55 am, Roland H wrote: > > Hi all, > > > > thanx for your great help, but I have still that error! Now I changed the > > IP adresses: localip 192.168.0.50 > > remoteip 192.168.0.60-80 > > but nothing changed, still the same error! > > What can I try now? > > > > Thanx, Roland > > > > > > > > > > Roland H wrote: > > > > Hi all, > > for (now) two weeks I try to set my server to allow incoming vpn > > connection, but what have I realised? nearly nothing! Anyway, at first > > thanx for your great help here in the mailinglist! > > Perhaps you can help me again! > > Please take a look at my settings and my log! > > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message > > (type: 12) > > It took 36 seconds until that message came! What does that mean? > > Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor > > Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > And whats that? > > I searched the hole web, but I could find nothing! > > > > IMPORTANT: when I cut my dsl line (with /etc/rc.d/adsl stop) it works, > > but not over the internet ;-)! > > > > Any help would be very nice! > > > > bye > > Roland > > > > (options.pptp:) > > > > debug > > name server > > mru 1450 > > mtu 1450 > > nodefaultroute > > auth > > require-chap > > proxyarp > > +chap > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > > > (pptpd.conf:) > > option /etc/ppp/options.pptp > > debug > > localip 192.168.0.234 > > remoteip 192.168.1.234-238,192.168.1.245 > > > > (var/log/messages) > > Hec 16 17:06:29 Server pptpd[962]: MGR: Launching /usr/sbin/pptpctrl to > > handle client > > Dec 16 17:06:29 Server pptpd[962]: CTRL: local address = 192.168.0.234 > > Dec 16 17:06:29 Server pptpd[962]: CTRL: remote address = 192.168.1.234 > > Dec 16 17:06:29 Server pptpd[962]: CTRL: pppd options file = > > /etc/ppp/options.pptp > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Client 192.168.0.20 control > > connectionstarted > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > > (type: 1) > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a START CTRL CONN RPLY > > packet Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 156 bytes to the > > client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec > > 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: > > 7) > > Dec 16 17:06:29 Server pptpd[962]: CTRL: 0 min_bps, 1525 max_bps, 32 > > window size > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a OUT CALL RPLY packet > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Starting call (launching pppd, > > opening GRE) > > Dec 16 17:06:29 Server pptpd[962]: CTRL: pty_fd = 5 > > Dec 16 17:06:29 Server pptpd[962]: CTRL: tty_fd = 6 > > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): Connection > > speed = 115200 > > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): local address > > = 192.168.0.234 > > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): remote address > > = 192.168.1.234 > > Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 32 bytes to the > > client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client Dec > > 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message (type: > > 15) > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Got a SET LINK INFO packet > > with standard ACCMs > > Dec 16 17:06:30 Server pppd[963]: pppd 2.4.0 started by root, uid 0 > > Dec 16 17:06:30 Server pppd[963]: Using interface ppp1 > > Dec 16 17:06:30 Server pppd[963]: found interface eth0 for proxy arp > > Dec 16 17:06:30 Server pppd[963]: local IP address 192.168.0.234 > > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message > > (type: 12) > > Dec 16 17:07:06 Server pptpd[962]: CTRL: Made a CALL DISCONNECT RPLY > > packet Dec 16 17:07:06 Server pptpd[962]: CTRL: Received CALL CLR request > > (closing call) > > Dec 16 17:07:06 Server pptpd[962]: CTRL: I wrote 148 bytes to the > > client. Dec 16 17:07:06 Server pptpd[962]: CTRL: Sent packet to client Dec > > 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec 16 > > 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > Dec 16 17:07:06 Server pptpd[962]: CTRL: Client 192.168.0.20 control > > connectionfinished > > Dec 16 17:07:06 Server pptpd[962]: CTRL: Exiting now > > Dec 16 17:07:06 Server pptpd[775]: MGR: Reaped child 962 > > > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- From berzerke at swbell.net Tue Dec 18 13:07:56 2001 From: berzerke at swbell.net (robert) Date: Tue, 18 Dec 2001 13:07:56 -0600 Subject: [pptp-server] Again connection Problems to my PPTP Server In-Reply-To: <001901c187d9$aa157330$1400a8c0@roland> References: <001101c18725$8b61d9b0$1400a8c0@roland> <0GOJ00MH2OCYE0@mta4.rcsntx.swbell.net> <001901c187d9$aa157330$1400a8c0@roland> Message-ID: <0GOJ00N86ZS92X@mta4.rcsntx.swbell.net> On Tuesday 18 December 2001 09:35 am, Roland H wrote: > what do you mean with correct one? In that subnet is the network of my > server! I'm not sure if your subnet is 192.168.1.0/24 or 192.168.0.0/24. Either one could be correct, but only one is. I have no way to tell from here which one is. > i did that change in my options.pptpd file, but that didn't kook a change > to my pptpd accesability! ;-( Did you restart pptpd? > but there was another errormessage "couldn't replace default route to ppp0" > or something like that, but thats why i forgot the "nodefaultroute" in the > options.pptpd. Try adding "nodefaultroute" to the options file I sent you. Does that get rid of the error (after restarting)? If not, try commenting out the line "deflate 0", but do that only as a last resort. > Thank you for your homepage, thats one which did realy helped me setting up > my pptpd! > Any other idea? > > Bye Roland > > ----- Original Message ----- > From: "robert" > To: "Roland H" ; > Sent: Tuesday, December 18, 2001 4:01 PM > Subject: Re: [pptp-server] Again connection Problems to my PPTP Server > > > Are you sure the 192.168.0.0/24 subnet is the correct one? > > > > Also, try this options.pptpd file > > > > name * > > lock > > mtu 1490 > > mru 1490 > > proxyarp > > auth > > +chap > > #+chapms #This one is optional and my be omitted. > > +chapms-v2 > > ipcp-accept-local > > ipcp-accept-remote > > lcp-echo-failure 3 > > lcp-echo-interval 5 > > deflate 0 > > mppe-128 > > mppe-40 > > mppe-stateless > > nodeflate > > nobsdcomp > > > > On Tuesday 18 December 2001 07:55 am, Roland H wrote: > > > Hi all, > > > > > > thanx for your great help, but I have still that error! Now I changed > > the > > > > IP adresses: localip 192.168.0.50 > > > remoteip 192.168.0.60-80 > > > but nothing changed, still the same error! > > > What can I try now? > > > > > > Thanx, Roland > > > > > > > > > > > > > > > Roland H wrote: > > > > > > Hi all, > > > for (now) two weeks I try to set my server to allow incoming vpn > > > connection, but what have I realised? nearly nothing! Anyway, at first > > > thanx for your great help here in the mailinglist! > > > Perhaps you can help me again! > > > Please take a look at my settings and my log! > > > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > > > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control > > Message > > > > (type: 12) > > > It took 36 seconds until that message came! What does that mean? > > > Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file > > descriptor > > > > Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write > > failed > > > > (pty,gre)=(-1,-1) > > > And whats that? > > > I searched the hole web, but I could find nothing! > > > > > > IMPORTANT: when I cut my dsl line (with /etc/rc.d/adsl stop) it > > works, > > > > but not over the internet ;-)! > > > > > > Any help would be very nice! > > > > > > bye > > > Roland > > > > > > (options.pptp:) > > > > > > debug > > > name server > > > mru 1450 > > > mtu 1450 > > > nodefaultroute > > > auth > > > require-chap > > > proxyarp > > > +chap > > > +chapms > > > +chapms-v2 > > > mppe-40 > > > mppe-128 > > > mppe-stateless > > > > > > (pptpd.conf:) > > > option /etc/ppp/options.pptp > > > debug > > > localip 192.168.0.234 > > > remoteip 192.168.1.234-238,192.168.1.245 > > > > > > (var/log/messages) > > > Hec 16 17:06:29 Server pptpd[962]: MGR: Launching > > > /usr/sbin/pptpctrl > > to > > > > handle client > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: local address = > > 192.168.0.234 > > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: remote address = > > 192.168.1.234 > > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: pppd options file = > > > /etc/ppp/options.pptp > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Client 192.168.0.20 > > > control connectionstarted > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control > > Message > > > > (type: 1) > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a START CTRL CONN > > > RPLY packet Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 156 bytes > > > to the client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to > > > client > > Dec > > > > 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > > (type: > > > 7) > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: 0 min_bps, 1525 max_bps, > > > 32 window size > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a OUT CALL RPLY > > > packet Dec 16 17:06:29 Server pptpd[962]: CTRL: Starting call > > > (launching > > pppd, > > > > opening GRE) > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: pty_fd = 5 > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: tty_fd = 6 > > > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): Connection > > > speed = 115200 > > > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): local > > address > > > > = 192.168.0.234 > > > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): remote > > address > > > > = 192.168.1.234 > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 32 bytes to the > > > client. Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client > > Dec > > > > 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > > (type: > > > 15) > > > Dec 16 17:06:29 Server pptpd[962]: CTRL: Got a SET LINK INFO packet > > > with standard ACCMs > > > Dec 16 17:06:30 Server pppd[963]: pppd 2.4.0 started by root, uid 0 > > > Dec 16 17:06:30 Server pppd[963]: Using interface ppp1 > > > Dec 16 17:06:30 Server pppd[963]: found interface eth0 for proxy > > > arp Dec 16 17:06:30 Server pppd[963]: local IP address 192.168.0.234 > > > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 Dec > > > 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control > > Message > > > > (type: 12) > > > Dec 16 17:07:06 Server pptpd[962]: CTRL: Made a CALL DISCONNECT > > > RPLY packet Dec 16 17:07:06 Server pptpd[962]: CTRL: Received CALL CLR > > request > > > > (closing call) > > > Dec 16 17:07:06 Server pptpd[962]: CTRL: I wrote 148 bytes to the > > > client. Dec 16 17:07:06 Server pptpd[962]: CTRL: Sent packet to client > > Dec > > > > 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor Dec > > 16 > > > > 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > > > (pty,gre)=(-1,-1) > > > Dec 16 17:07:06 Server pptpd[962]: CTRL: Client 192.168.0.20 > > > control connectionfinished > > > Dec 16 17:07:06 Server pptpd[962]: CTRL: Exiting now > > > Dec 16 17:07:06 Server pptpd[775]: MGR: Reaped child 962 > > > > > > _______________________________________________ > > > pptp-server maillist - pptp-server at lists.schulte.org > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Tue Dec 18 14:43:11 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 19 Dec 2001 07:43:11 +1100 Subject: [pptp-server] Connect Problems! Message-ID: <200FAA488DE0D41194F10010B597610D2B9419@jupiter.citadelcomputer.com.au> Have you removed the "default gateway" option for the internet user. this MUST be removed for the VPN to work otherwise the internet connection for the vpn user may totally stop and possibly without you even knowing.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Ufuk Altinkaynak [mailto:ufuk.altinkaynak at wibo-werk.com] Sent: Wednesday, 19 December 2001 12:26 AM To: George Vieira; pptp-server at lists.schulte.org Subject: Re: [pptp-server] Connect Problems! Hi George ! First off all again thank for your great support. I am very sad cause it still is not working > This is actually a good thing but you need to patch/upgrade your PPPD to > support it if it's not done already... After i received your mail, i checked my pppd and the ppd provided from SUSE already is patched. As i wrote in my first mail. when i am doing an LAN VPN connection from any kind of client everything works funtastic. So i made another LAN VPN connection form an Win2k client, and again it worked, so i looked at the connection propperties on the win2k client and they show me, that the vpn connection is using MS Chap V2 and MPPE 128 So my question is, when i can make a LAN VPN connection with MS Chap V2 and MPPE 128, is it still a missing patch related Problem. Cause when i do the same over the internet and get the errors written before. Hopfully you a solution for my problem. Therfore thanks for your support Ufuk Altinkaynak btw: i noticed, that i used in my first mail the word INBOUND, wich was false translated from me, i wanted to say that it was a LAN connection sorry for that. > -----Original Message----- > From: Ufuk Altinkaynak [mailto:ufuk.altinkaynak at wibo-werk.com] > Sent: Monday, 17 December 2001 11:00 PM > To: George Vieira; pptp-server at lists.schulte.org > Subject: Re: [pptp-server] Connect Problems! > > > Hi George > First Thanks for your advice. > > > Try upgrading your DUN to 1.4... I think your DUN is possibly fubar... > > > > Uninstall it and reinstall it and if that fails, then use DUN 1.4 as above > > from Microsoft.. > Well i did so. > When i know start to connect, i receive the DUN error 645. > The Errror comes up a little moment after verifying the username and > password. > > My NEW logfile looks now like this. > > Dec 17 12:44:08 mail pptpd[18749]: MGR: Launching /usr/sbin/pptpctrl to > handle client > Dec 17 12:44:08 mail pptpd[18749]: CTRL: local address = 192.168.1.1 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: remote address = 192.168.1.2 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: pppd speed = 115200 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: pppd options file = > /etc/ppp/options.ppp0 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Client 195.64.97.37 control > connection started > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Received PPTP Control Message > (type: 1) > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Made a START CTRL CONN RPLY packet > Dec 17 12:44:08 mail pptpd[18749]: CTRL: I wrote 156 bytes to the client. > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Sent packet to client > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Received PPTP Control Message > (type: 7) > Dec 17 12:44:08 mail pptpd[18749]: CTRL: 0 min_bps, 0 max_bps, 32 window > size > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Made a OUT CALL RPLY packet > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 17 12:44:08 mail pptpd[18749]: CTRL: pty_fd = 5 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: tty_fd = 6 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: I wrote 32 bytes to the client. > Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): Connection speed = > 115200 > Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): local address = > 192.168.1.1 > Dec 17 12:44:08 mail pptpd[18750]: CTRL (PPPD Launcher): remote address = > 192.168.1.2 > Dec 17 12:44:08 mail pptpd[18749]: CTRL: Sent packet to client > Dec 17 12:44:08 mail pppd[18750]: pppd 2.4.0 started by root, uid 0 > Dec 17 12:44:08 mail pppd[18750]: Using interface ppp0 > Dec 17 12:44:08 mail pppd[18750]: Connect: ppp0 <--> /dev/pts/2 > Dec 17 12:44:08 mail pppd[18750]: sent [LCP ConfReq id=0x1 > ] > Dec 17 12:44:35 mail last message repeated 9 times > Dec 17 12:44:38 mail pppd[18750]: LCP: timeout sending Config-Requests > Dec 17 12:44:38 mail pppd[18750]: Connection terminated. > Dec 17 12:44:38 mail pppd[18750]: Exit. > Dec 17 12:44:38 mail pptpd[18749]: Error reading from pppd: Input/output > error > Dec 17 12:44:38 mail pptpd[18749]: CTRL: GRE read or PTY write failed > (gre,pty)=(6,5) > Dec 17 12:44:38 mail pptpd[18749]: CTRL: Client 195.64.97.37 control > connection finished > Dec 17 12:44:38 mail pptpd[18749]: CTRL: Exiting now > Dec 17 12:44:38 mail pptpd[18696]: MGR: Reaped child 18749 > > And again any kind of tips are welcome :-) > > Thanks > > Ufuk Altinkaynak > > > > Hi > > I am new to the list and also new to poptop. > > I am running a SUSE7.2 Server with poptop ver. 1.1.2-42 > > my config files look like this. > > > > pptpd.conf: > > speed 115200 > > option /etc/ppp/options.ppp0 > > debug > > localip 192.168.1.1 > > remoteip 192.168.1.2-200 > > pidfile /var/run/pptpd.pid > > > > options.ppp0: > > lock > > debug > > auth > > +chap > > +chapms > > +chapms-v2 > > mppe-40 > > mppe-128 > > mppe-stateless > > name poseidon > > proxyarp > > > > When i am trying to connect the server over the internet from an win98 > > station > > the connect fails and i get following logfile: > > > > Dec 17 10:05:54 mail pptpd[16862]: MGR: Max connections reached, extra IP > > addresses ignored > > Dec 17 10:05:54 mail pptpd[16863]: MGR: Manager process started > > Dec 17 10:07:53 mail pptpd[16870]: MGR: Launching /usr/sbin/pptpctrl to > > handle client > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: local address = 192.168.1.1 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: remote address = 192.168.1.2 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd speed = 115200 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pppd options file = > > /etc/ppp/options.ppp0 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Client 195.64.97.11 control > > connection started > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message > > (type: 1) > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a START CTRL CONN RPLY > packet > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 156 bytes to the client. > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Received PPTP Control Message > > (type: 7) > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: 0 min_bps, 0 max_bps, 32 window > > size > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Made a OUT CALL RPLY packet > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Starting call (launching pppd, > > opening GRE) > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: pty_fd = 5 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: tty_fd = 6 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: I wrote 32 bytes to the client. > > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): Connection speed > = > > 115200 > > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): local address = > > 192.168.1.1 > > Dec 17 10:07:53 mail pptpd[16871]: CTRL (PPPD Launcher): remote address = > > 192.168.1.2 > > Dec 17 10:07:53 mail pptpd[16870]: CTRL: Sent packet to client > > Dec 17 10:07:54 mail pppd[16871]: pppd 2.4.0 started by root, uid 0 > > Dec 17 10:07:54 mail pppd[16871]: Using interface ppp0 > > Dec 17 10:07:54 mail pppd[16871]: Connect: ppp0 <--> /dev/pts/3 > > Dec 17 10:07:54 mail pppd[16871]: sent [LCP ConfReq id=0x1 > > ] > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received PPTP Control Message > > (type: 12) > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Made a CALL DISCONNECT RPLY > packet > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Received CALL CLR request > (closing > > call) > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: I wrote 148 bytes to the client. > > Dec 17 10:07:54 mail pptpd[16870]: CTRL: Sent packet to client > > Dec 17 10:07:54 mail pppd[16871]: Modem hangup > > Dec 17 10:07:54 mail pppd[16871]: Connection terminated. > > Dec 17 10:07:54 mail pppd[16871]: Exit. > > Dec 17 10:07:59 mail pptpd[16870]: GRE: read error: Bad file descriptor > > Dec 17 10:07:59 mail pptpd[16870]: CTRL: PTY read or GRE write failed > > (pty,gre)=(-1,-1) > > Dec 17 10:07:59 mail pptpd[16870]: CTRL: Client 195.64.97.11 control > > connection finished > > Dec 17 10:07:59 mail pptpd[16870]: CTRL: Exiting now > > Dec 17 10:07:59 mail pptpd[16863]: MGR: Reaped child 16870 > > > > When i make an inbound connection to the server i can connect from any > kind > > of client (win2k, win9x) without any problems with the same config files. > > > > Maybe anyone here has a good suggestion for my problem. > > > > Thanks > > Ufuk Altinkaynak From GeorgeV at citadelcomputer.com.au Tue Dec 18 15:21:18 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 19 Dec 2001 08:21:18 +1100 Subject: [pptp-server] kernel > 2.4.10 Message-ID: <200FAA488DE0D41194F10010B597610D2B941B@jupiter.citadelcomputer.com.au> Has anybody gotten a working version of 2.4.16 or anything over 2.4.10? I still can't find what's causing these damn errors. I'm not dure if it's a PPPD, GRE or a kernel problem. It's starting to annoy me.... aargh!!! ;-) I heard that people are having problems with newer kernels but it would be good to know whats causing it...... Dec 19 08:10:40 firewall pptpd[1225]: CTRL: Client 144.137.121.107 control connection started Dec 19 08:10:41 firewall pptpd[1225]: CTRL: Starting call (launching pppd, opening GRE) Dec 19 08:10:41 firewall pppd[1226]: pppd 2.4.1 started by root, uid 0 Dec 19 08:10:41 firewall pppd[1226]: Using interface ppp0 Dec 19 08:10:41 firewall pppd[1226]: Connect: ppp0 <--> /dev/pts/1 Dec 19 08:10:41 firewall pptpd[1225]: GRE: read error: Protocol not available Dec 19 08:10:41 firewall pptpd[1225]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Dec 19 08:10:41 firewall pppd[1226]: Modem hangup Dec 19 08:10:41 firewall pppd[1226]: Connection terminated. Dec 19 08:10:41 firewall pptpd[1225]: CTRL: Client 144.137.121.107 control connection finished Dec 19 08:10:41 firewall pppd[1226]: Exit. Dec 19 08:10:41 firewall modprobe: modprobe: Can't locate module ppp0 thanks, George Vieira Systems Manager Citadel Computer Systems P/L From lorentzm1 at home.com Tue Dec 18 17:25:05 2001 From: lorentzm1 at home.com (Lorentz Morrow) Date: Tue, 18 Dec 2001 17:25:05 -0600 Subject: [pptp-server] Interface problems Message-ID: <200112182325.fBINP5g13598@c1984186-a.clmba1.mo.home.com> If this is a simple or obvious problem I will apologise in advance. I am fairly new to the Linux world. I've got a box at home that is the gateway to my internal network which runs pptpd. Eth0 is the outside interface eth1 is the internal interface. It works great. I'm trying to set up pptpd at work and it's not going so great. I've got a D-Link router that is the gateway there. It is also a dhcp server. It always assigns the pptp server's eth0 192.168.1.4 and directs all traffic for ports 1723 there. At first I thought that I could just have a single interface and not mess with iptables. With a single interface I could connect with encryption but could not ping any other IPs on the network. My first question would be... can I use pptpd with a single interface box? and if so how? So, I didn't get the single interface setup working, so, I figured I'd just add a second interface and mimic my settings at home. So, I dropped in eth1 and set it static to 192.168.1.6 and took my same iptables script I use at home (got it from home.swbell.net/bezerke/) and plugged in the internal and external interface variables and the internal subnet. It didn't work I get iptables v1.2.3 : log-level "info" ambigious try iptables -h or --help several times in a row. My second question would be what would I need to change to make this work? If you get the urge to reply with RTFM please specify which one. Thank you, Lorentz Morrow From GeorgeV at citadelcomputer.com.au Tue Dec 18 17:21:36 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Wed, 19 Dec 2001 10:21:36 +1100 Subject: [pptp-server] Interface problems Message-ID: <200FAA488DE0D41194F10010B597610D2B941F@jupiter.citadelcomputer.com.au> Manual,..... what manual..? ;-) Um, I'm a little lost but you say that you can connect to your pptp server but can't access the rest of your network internally right? First thing you must understand is that your PPTPD server is forwardin packets between eth0 and eth1 so you MUST enabled ip_forwarding. This is disabled by default on alot of Linux servers (you didn't mention which distro so we can help). Second, did you assign an IP on your VPN so the server has the same IP as the it's eth1 IP? Did you also specify `proxyarp` in your VPNs options file? This is possibly what you need if I didn't read your email wrongly.. 192.168.0.X network | | 192.168.0.1 PPTP server (ETH1) 203.x.x.x PPTP server (ETH0) (VPNIP 192.168.0.1 = same as eth1) | | / / | | X.X.X.X PPTP client (VPNIP 192.168.0.XX = valid IP on ETH1 network which doesn't clash with any other machine).. I hope this is what you want to achieve... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Lorentz Morrow [mailto:lorentzm1 at home.com] Sent: Wednesday, 19 December 2001 10:25 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] Interface problems If this is a simple or obvious problem I will apologise in advance. I am fairly new to the Linux world. I've got a box at home that is the gateway to my internal network which runs pptpd. Eth0 is the outside interface eth1 is the internal interface. It works great. I'm trying to set up pptpd at work and it's not going so great. I've got a D-Link router that is the gateway there. It is also a dhcp server. It always assigns the pptp server's eth0 192.168.1.4 and directs all traffic for ports 1723 there. At first I thought that I could just have a single interface and not mess with iptables. With a single interface I could connect with encryption but could not ping any other IPs on the network. My first question would be... can I use pptpd with a single interface box? and if so how? So, I didn't get the single interface setup working, so, I figured I'd just add a second interface and mimic my settings at home. So, I dropped in eth1 and set it static to 192.168.1.6 and took my same iptables script I use at home (got it from home.swbell.net/bezerke/) and plugged in the internal and external interface variables and the internal subnet. It didn't work I get iptables v1.2.3 : log-level "info" ambigious try iptables -h or --help several times in a row. My second question would be what would I need to change to make this work? If you get the urge to reply with RTFM please specify which one. Thank you, Lorentz Morrow _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From dejanj at jaspur.com Tue Dec 18 17:27:26 2001 From: dejanj at jaspur.com (Dejan Jovanovic) Date: Tue, 18 Dec 2001 17:27:26 -0600 Subject: [pptp-server] kernel > 2.4.10 References: <200FAA488DE0D41194F10010B597610D2B941B@jupiter.citadelcomputer.com.au> Message-ID: <014701c1881b$8d876600$db00000a@dejanj> Hi George, I am somewhat new to the PPTP configuration and therefore I have been passive listener to this list. Therefore, this is more like some observation rather then explanation, since that I got while trying to configure PPTP. I am using kernel 2.4.10 with PoPTop 1.0.1 and for the pptp client I am using 2.4.10 kernel with pptp linux client 1.0.2. PPP on both machines is 2.4.0. I am testing connection between machines simply on the Ethernet (where machines are directly connected - in the same subnet). My options files look like this (both machines) lock debug noauth proxyarp +chap If I have such options files I get the same error as you did on my PPTPD (or more precise PPPD). However if I remove +chap line from both options files (both machines) I do not get the error. Regards Dejan ----- Original Message ----- From: "George Vieira" To: "PPTP List (E-mail)" Sent: Tuesday, December 18, 2001 3:21 PM Subject: [pptp-server] kernel > 2.4.10 > Has anybody gotten a working version of 2.4.16 or anything over 2.4.10? > I still can't find what's causing these damn errors. I'm not dure if it's a > PPPD, GRE or a kernel problem. It's starting to annoy me.... aargh!!! ;-) > I heard that people are having problems with newer kernels but it would be > good to know whats causing it...... > > Dec 19 08:10:40 firewall pptpd[1225]: CTRL: Client 144.137.121.107 control > connection started > Dec 19 08:10:41 firewall pptpd[1225]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 19 08:10:41 firewall pppd[1226]: pppd 2.4.1 started by root, uid 0 > Dec 19 08:10:41 firewall pppd[1226]: Using interface ppp0 > Dec 19 08:10:41 firewall pppd[1226]: Connect: ppp0 <--> /dev/pts/1 > Dec 19 08:10:41 firewall pptpd[1225]: GRE: read error: Protocol not > available > Dec 19 08:10:41 firewall pptpd[1225]: CTRL: PTY read or GRE write failed > (pty,gre)=(5,6) > Dec 19 08:10:41 firewall pppd[1226]: Modem hangup > Dec 19 08:10:41 firewall pppd[1226]: Connection terminated. > Dec 19 08:10:41 firewall pptpd[1225]: CTRL: Client 144.137.121.107 control > connection finished > Dec 19 08:10:41 firewall pppd[1226]: Exit. > Dec 19 08:10:41 firewall modprobe: modprobe: Can't locate module ppp0 > > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From dejanj at jaspur.com Tue Dec 18 17:34:21 2001 From: dejanj at jaspur.com (Dejan Jovanovic) Date: Tue, 18 Dec 2001 17:34:21 -0600 Subject: [pptp-server] kernel > 2.4.10 References: <200FAA488DE0D41194F10010B597610D2B941B@jupiter.citadelcomputer.com.au> <014701c1881b$8d876600$db00000a@dejanj> Message-ID: <017001c1881c$84f3b330$db00000a@dejanj> Oh, BTW, in both cases (with +chap or without) PPTP connection from Windows 2000 machine is succesfull. ----- Original Message ----- From: "Dejan Jovanovic" To: "George Vieira" ; "PPTP List (E-mail)" Sent: Tuesday, December 18, 2001 5:27 PM Subject: Re: [pptp-server] kernel > 2.4.10 > Hi George, > > I am somewhat new to the PPTP configuration and therefore I have been > passive listener to this list. > Therefore, this is more like some observation rather then explanation, since > that I got while trying to configure PPTP. > > I am using kernel 2.4.10 with PoPTop 1.0.1 and for the pptp client I am > using 2.4.10 kernel with pptp linux client 1.0.2. > PPP on both machines is 2.4.0. > I am testing connection between machines simply on the Ethernet (where > machines are directly connected - in the same subnet). > > My options files look like this (both machines) > lock > debug > noauth > proxyarp > +chap > > If I have such options files I get the same error as you did on my PPTPD (or > more precise PPPD). > > However if I remove +chap line from both options files (both machines) I do > not get the error. > > Regards > Dejan > > ----- Original Message ----- > From: "George Vieira" > To: "PPTP List (E-mail)" > Sent: Tuesday, December 18, 2001 3:21 PM > Subject: [pptp-server] kernel > 2.4.10 > > > > Has anybody gotten a working version of 2.4.16 or anything over 2.4.10? > > I still can't find what's causing these damn errors. I'm not dure if it's > a > > PPPD, GRE or a kernel problem. It's starting to annoy me.... aargh!!! ;-) > > I heard that people are having problems with newer kernels but it would be > > good to know whats causing it...... > > > > Dec 19 08:10:40 firewall pptpd[1225]: CTRL: Client 144.137.121.107 control > > connection started > > Dec 19 08:10:41 firewall pptpd[1225]: CTRL: Starting call (launching pppd, > > opening GRE) > > Dec 19 08:10:41 firewall pppd[1226]: pppd 2.4.1 started by root, uid 0 > > Dec 19 08:10:41 firewall pppd[1226]: Using interface ppp0 > > Dec 19 08:10:41 firewall pppd[1226]: Connect: ppp0 <--> /dev/pts/1 > > Dec 19 08:10:41 firewall pptpd[1225]: GRE: read error: Protocol not > > available > > Dec 19 08:10:41 firewall pptpd[1225]: CTRL: PTY read or GRE write failed > > (pty,gre)=(5,6) > > Dec 19 08:10:41 firewall pppd[1226]: Modem hangup > > Dec 19 08:10:41 firewall pppd[1226]: Connection terminated. > > Dec 19 08:10:41 firewall pptpd[1225]: CTRL: Client 144.137.121.107 control > > connection finished > > Dec 19 08:10:41 firewall pppd[1226]: Exit. > > Dec 19 08:10:41 firewall modprobe: modprobe: Can't locate module ppp0 > > > > > > thanks, > > George Vieira > > Systems Manager > > Citadel Computer Systems P/L > > _______________________________________________ > > pptp-server maillist - pptp-server at lists.schulte.org > > http://lists.schulte.org/mailman/listinfo/pptp-server > > --- To unsubscribe, go to the url just above this line. -- > > > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From jvonau at home.com Tue Dec 18 17:50:18 2001 From: jvonau at home.com (Jerry Vonau) Date: Tue, 18 Dec 2001 17:50:18 -0600 Subject: [pptp-server] Again connection Problems to my PPTP Server References: <001101c18725$8b61d9b0$1400a8c0@roland> Message-ID: <3C1FD63A.A32D03BB@home.com> Roland: Have a look at: http://lists.schulte.org/pipermail/pptp-server/2001-January/004411.html When you're posting pppd config files you need to post all of them, including /etc/ppp/options as it has a global impact on all ppp connections. Jerry Vonau Roland H wrote: > > Hi all, > > for (now) two weeks I try to set my server to allow incoming vpn connection, > but what have I realised? nearly nothing! Anyway, at first thanx for your > great help here in the mailinglist! > Perhaps you can help me again! > Please take a look at my settings and my log! > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 12) > It took 36 seconds until that message came! What does that mean? > Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor > Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > And whats that? > I searched the hole web, but I could find nothing! > > IMPORTANT: when I cut my dsl line (with /etc/rc.d/adsl stop) it works, but > not over the internet ;-)! > > Any help would be very nice! > > bye > Roland > > (options.pptp:) > > debug > name server > mru 1450 > mtu 1450 > nodefaultroute > auth > require-chap > proxyarp > +chap > +chapms > +chapms-v2 > mppe-40 > mppe-128 > mppe-stateless > > (pptpd.conf:) > option /etc/ppp/options.pptp > debug > localip 192.168.0.234 > remoteip 192.168.1.234-238,192.168.1.245 > > (var/log/messages) > Hec 16 17:06:29 Server pptpd[962]: MGR: Launching /usr/sbin/pptpctrl to > handle client > Dec 16 17:06:29 Server pptpd[962]: CTRL: local address = 192.168.0.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: remote address = 192.168.1.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: pppd options file = > /etc/ppp/options.pptp > Dec 16 17:06:29 Server pptpd[962]: CTRL: Client 192.168.0.20 control > connectionstarted > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 1) > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a START CTRL CONN RPLY packet > Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 156 bytes to the client. > Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 7) > Dec 16 17:06:29 Server pptpd[962]: CTRL: 0 min_bps, 1525 max_bps, 32 window > size > Dec 16 17:06:29 Server pptpd[962]: CTRL: Made a OUT CALL RPLY packet > Dec 16 17:06:29 Server pptpd[962]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 16 17:06:29 Server pptpd[962]: CTRL: pty_fd = 5 > Dec 16 17:06:29 Server pptpd[962]: CTRL: tty_fd = 6 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): Connection speed = > 115200 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): local address = > 192.168.0.234 > Dec 16 17:06:29 Server pptpd[963]: CTRL (PPPD Launcher): remote address = > 192.168.1.234 > Dec 16 17:06:29 Server pptpd[962]: CTRL: I wrote 32 bytes to the client. > Dec 16 17:06:29 Server pptpd[962]: CTRL: Sent packet to client > Dec 16 17:06:29 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 15) > Dec 16 17:06:29 Server pptpd[962]: CTRL: Got a SET LINK INFO packet with > standard ACCMs > Dec 16 17:06:30 Server pppd[963]: pppd 2.4.0 started by root, uid 0 > Dec 16 17:06:30 Server pppd[963]: Using interface ppp1 > Dec 16 17:06:30 Server pppd[963]: found interface eth0 for proxy arp > Dec 16 17:06:30 Server pppd[963]: local IP address 192.168.0.234 > Dec 16 17:06:30 Server pppd[963]: remote IP address 192.168.1.234 > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received PPTP Control Message > (type: 12) > Dec 16 17:07:06 Server pptpd[962]: CTRL: Made a CALL DISCONNECT RPLY packet > Dec 16 17:07:06 Server pptpd[962]: CTRL: Received CALL CLR request (closing > call) > Dec 16 17:07:06 Server pptpd[962]: CTRL: I wrote 148 bytes to the client. > Dec 16 17:07:06 Server pptpd[962]: CTRL: Sent packet to client > Dec 16 17:07:06 Server pptpd[962]: GRE: read error: Bad file descriptor > Dec 16 17:07:06 Server pptpd[962]: CTRL: PTY read or GRE write failed > (pty,gre)=(-1,-1) > Dec 16 17:07:06 Server pptpd[962]: CTRL: Client 192.168.0.20 control > connectionfinished > Dec 16 17:07:06 Server pptpd[962]: CTRL: Exiting now > Dec 16 17:07:06 Server pptpd[775]: MGR: Reaped child 962 > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From scottt at soccer.com Tue Dec 18 19:43:37 2001 From: scottt at soccer.com (Scott Taylor) Date: Tue, 18 Dec 2001 17:43:37 -0800 Subject: [pptp-server] kernel > 2.4.10 Message-ID: An HTML attachment was scrubbed... URL: From g.insolvibile at cpr.it Wed Dec 19 02:22:29 2001 From: g.insolvibile at cpr.it (Gianluca Insolvibile) Date: Wed, 19 Dec 2001 09:22:29 +0100 Subject: [pptp-server] PPTP performance again: malfunction singled out References: <01C1871B.DB47D830.jorgens@coho.net> Message-ID: <3C204E45.237BEE28@cpr.it> Thanks Steve. I tried changing the DefaultRcv-Window (tried 32768 and 65536 - which is the default on Linux), with no changes in throughput. I admit I did not collect new tcpdump traces to analyze, but I do not think they would have changed. Enough is enough. With great disappointment (and shame on the Windows 98 PPTP client), I will abandon PPTP in favor of other solutions (e.g. FreeSWAN). Many thanks to all who tried to help me and to those who endured my lengthy mails. ;-) Gianluca Steve Jorgensen wrote: > > Yes, it's a registry key. Here's a pretty good article - > http://www.smartcomputing.com/editorial/article.asp?article=articles%2F2 > 000%2Fs1107%2F31s07%2F31s07%2Easp > > On Monday, December 17, 2001 10:58 AM, Gianluca Insolvibile > [SMTP:g.insolvibile at cpr.it] wrote: > > I would be glad to try it. Where can I find that parameter? Is it a > registry > > key? > > > > Thanks, > > Gianluca > > > > Steve Jorgensen wrote: > > > > > > Doh! Try mucking with the Receive Window settings in Windows 98. > Windows 2000 is supposed to tune settings in real time, but W9x does not. > > > > > > On Monday, December 17, 2001 3:45 AM, Gianluca Insolvibile > [SMTP:g.insolvibile at cpr.it] wrote: > > > > Hi, > > > > > > > > to whom it may concern: I finally located the problem with the sloppy > > > > performance I am experiencing. Unfortunately, this does not mean that > I > > > > succeeded in fixing it. > > > > > > > > The facts: > > > > - any Windows 98/98SE client connects to pptpd but has very low > performance > > > > (exactly 1.5 Mbps server->client, exactly 0.75 Mbps client->server); > > > > - the same 98/98SE client performs reasonably when using the LAN > (Ethernet) > > > > connection; > > > > - any Windows 2000 client connects to pptpd and has a throughput > around 25-30 > > > > Mbps. > > > > > > > > This leads me to the unimaginable ;-) conclusion that 98/98SE PPTP > support is > > > > severely bugged (I already tried all the patches available from > micro$oft, of > > > > course). Further investigation on tcpdump traces revealed that ACKs > sent by the > > > > 98 client are being sent with a 10 msec granularity (that is, no more > than 1 ACK > > > > is sent in 10 msec, and ACKs are evenly spaced by 10 msec); > furthermore, each > > > > TCP segment is ACKed with a 40 msec delay. This behaviour fools the > TCP > > > > congestion algorithm on the server and causes the drop in throughput > (1500 bytes > > > > per packets at 100 packets per second roughly gives 1.2 Mbps, which > is near the > > > > value I measured). > > > > > > > > Lacking source code for the client side ;-), I tried to set up some > > > > countermeasures on the server: I modified the Linux kernel to expose > via > > > > /proc/sys/net/ipv4 the most sensible parameters of TCP congestion > control (i.e. > > > > min and max retransmit timeouts, min and max delayed ACKs, and so on) > and tried > > > > to tweak them, with no result. I tried to have a look at the pptpd > source code, > > > > and it seems to me that it implements no window flow control at all; > anyway, I > > > > can't imagine why this could be the cause of client side malfunction. > > > > > > > > I just wonder how does a Windows 98 client perform with a Windows > PPTP server, > > > > in order to assess whether the real cause is something in pptpd or > the braindead > > > > implementation in Windows. I have strong suspects on the latter, > anyway... > > > > > > > > In conclusion, I'm really stuck now. Any ideas, hints or comments > will be > > > > appreciated. In any case, I hope my experience will be of help if > somebody ever > > > > falls into this problem again. > > > > > > > > > > > > Best regards, > > > > Gianluca > > > > _______________________________________________ > > > > pptp-server maillist - pptp-server at lists.schulte.org > > > > http://lists.schulte.org/mailman/listinfo/pptp-server > > > > --- To unsubscribe, go to the url just above this line. -- From kharada at ballade.plala.or.jp Wed Dec 19 04:35:09 2001 From: kharada at ballade.plala.or.jp (kharada at ballade.plala.or.jp) Date: Wed, 19 Dec 2001 19:35:09 +0900 (JST) Subject: [pptp-server] =?ISO-2022-JP?B?SXNzdWUgZXJyb3IgNzQxIHdoZW4gY29ubmVjdCB0byBQUFRQ?= Message-ID: <200112191035.fBJAZ8Y62187@smtp.OpenBit.NET> Dear all I have been installed PoPToP on RedHat 7.2.(Kernel 2.4.7-10) When I connect to pptpd using W2K Client, But issue error message 741 required encryption not supported(Maybe different real English message). Could you tell me What is problem is. Attach configuration and log message bellow. (/var/log/messages) Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Client 192.168.1.67 control connection started Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Starting call (launching pppd, opening GRE) Dec 19 19:10:20 gshost01 pppd[1772]: pppd 2.4.1 started by root, uid 0 Dec 19 19:10:20 gshost01 pppd[1772]: Using interface ppp0 Dec 19 19:10:20 gshost01 pppd[1772]: Connect: ppp0 <--> /dev/pts/2 Dec 19 19:10:20 gshost01 pptpd[1771]: GRE: Discarding duplicate packet Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Error with select(), quitting Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Client 192.168.1.67 control connection finished Dec 19 19:10:22 gshost01 pppd[1772]: Modem hangup Dec 19 19:10:22 gshost01 pppd[1772]: Connection terminated. Dec 19 19:10:22 gshost01 pppd[1772]: Exit. (/var/log/pptpd.log) Dec 19 19:10:20 gshost01 pptpd[1771]: MGR: Launching /usr/local/sbin/pptpctrl to handle client Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: local address = 192.168.1.51 Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: remote address = 192.168.1.61 Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Client 192.168.1.67 control connection started Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Received PPTP Control Message (type: 1) Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Made a START CTRL CONN RPLY packet Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: I wrote 156 bytes to the client. Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Sent packet to client Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Received PPTP Control Message (type: 7) Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Set parameters to 1525 maxbps, 64 window size Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Made a OUT CALL RPLY packet Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Starting call (launching pppd, opening GRE) Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: pty_fd = 4 Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: tty_fd = 5 Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: I wrote 32 bytes to the client. Dec 19 19:10:20 gshost01 pptpd[1772]: CTRL (PPPD Launcher): Connection speed = 115200 Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Sent packet to client Dec 19 19:10:20 gshost01 pptpd[1772]: CTRL (PPPD Launcher): local address = 192.168.1.51 Dec 19 19:10:20 gshost01 pptpd[1772]: CTRL (PPPD Launcher): remote address = 192.168.1.61 Dec 19 19:10:20 gshost01 pppd[1772]: pppd 2.4.1 started by root, uid 0 Dec 19 19:10:20 gshost01 pppd[1772]: Using interface ppp0 Dec 19 19:10:20 gshost01 pppd[1772]: Connect: ppp0 <--> /dev/pts/2 Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Received PPTP Control Message (type: 15) Dec 19 19:10:20 gshost01 pptpd[1771]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 19 19:10:20 gshost01 pptpd[1771]: GRE: Discarding duplicate packet Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Received PPTP Control Message (type: 15) Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Received PPTP Control Message (type: 15) Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Received PPTP Control Message (type: 12) Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Made a CALL DISCONNECT RPLY packet Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Received CALL CLR request (closing call) Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: I wrote 148 bytes to the client. Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Sent packet to client Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Error with select(), quitting Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Client 192.168.1.67 control connection finished Dec 19 19:10:22 gshost01 pptpd[1771]: CTRL: Exiting now Dec 19 19:10:22 gshost01 pptpd[1072]: MGR: Reaped child 1771 Dec 19 19:10:22 gshost01 pppd[1772]: Modem hangup Dec 19 19:10:22 gshost01 pppd[1772]: Connection terminated. Dec 19 19:10:22 gshost01 pppd[1772]: Exit. (/etc/pptpd.conf) option /etc/ppp/options.pptp debug localip 192.168.1.51 remoteip 192.168.1.60-80 (/etc/ppp/options.pptp) lock mtu 1490 mru 1490 proxyarp auth nodefaultroute -pap -chap +chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 30 lcp-echo-interval 5 #mppe-40 mppe-128 mppe-stateless I expected your help! Keizo From magnus at vonkoeller.de Wed Dec 19 05:19:18 2001 From: magnus at vonkoeller.de (Magnus von Koeller) Date: Wed, 19 Dec 2001 12:19:18 +0100 Subject: [pptp-server] kernel > 2.4.10 In-Reply-To: References: Message-ID: <200112191219.04143@vonkoeller.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 19 December 2001 02:43, you wrote: > I've got 2.4.15 working Are you sure? Did you test with Linux clients? - -- - -M - ------- Magnus von Koeller ------ Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany Phone: +49-531-2094886 Mobile: +49-179-4562940 lp1 on fire (One of the more obfuscated kernel messages) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8IHe4UIvM6e6BgFARAldLAJ9O/GV1iZYPHePRvs/WJL4tQmyQOwCgxBdO dTPtYW/a9GOWPqKZUJEkqHc= =/MAe -----END PGP SIGNATURE----- From mvazquez at foton.es Wed Dec 19 05:28:42 2001 From: mvazquez at foton.es (Miki Vazquez) Date: Wed, 19 Dec 2001 11:28:42 -0000 Subject: [pptp-server] Is Segure?? Message-ID: <200112191128.fBJBShG01753@mail.idecnet.com> Hello I want to install this service in computer that it' running inside internet. This machine have a database and this is the money of this enterprise. Is secure this service? .. very very secure?? someone can exploit it to got the shell? .. pppd is root and ...?? (RedHat 7.2) Thank you!! From ufuk.altinkaynak at wibo-werk.com Wed Dec 19 05:35:31 2001 From: ufuk.altinkaynak at wibo-werk.com (Ufuk Altinkaynak) Date: Wed, 19 Dec 2001 12:35:31 +0100 Subject: [pptp-server] Connect Problems! Finaly solved ;-) References: <200FAA488DE0D41194F10010B597610D2B9419@jupiter.citadelcomputer.com.au> Message-ID: <003801c18881$44e01760$9b010a0a@AltinkaynakA9> Hi Geroge and Andrew !! Finaly i solved my connect Problems it was our firewall that was not passing the GRE packets ;-). Sorry for that, i thought i had checked it up. So again thanks for great support. But i have still have a litte Problem ;-) i can't ping/acces the winnt4.0 host. I can connect to the vpn server but i can't ping/acces any machine behind the vpn server. So i think it is a routing Problem. The Dialup to my isp sets the defualt gw and at the vpn connection is the defualt gw not enabled. Win98Client ISP/Internet VPN-Linuxserver WINNT4.0HOST 10.10.1.22 --VPN-TUNNEL----10.10.1.20----------10.10.1.12 So what do i have to do, to ping/acces the server. I hope you have a good idea. Thanks therfore Ufuk Altinkaynak > Have you removed the "default gateway" option for the internet user. this > MUST be removed for the VPN to work otherwise the internet connection for > the vpn user may totally stop and possibly without you even knowing.. > Sounds like your isp, try doing a traceroute from client to server port > 1723, if that works try the patched traceroute which can use GRE packets. From bnegrao at engepel.com.br Wed Dec 19 10:29:00 2001 From: bnegrao at engepel.com.br (=?iso-8859-1?Q?Bruno_Negr=E3o?=) Date: Wed, 19 Dec 2001 14:29:00 -0200 Subject: [pptp-server] How to set iptables to doesn't masquerade the VPN traffic? Message-ID: <002801c188aa$439d88a0$020da8c0@plugway.com.br> Hy, since everyone here works with pptp somebody should have solved this problem: My pptpd server is a linux 2.4.x kernel with two interfaces (external and internal). I set it to masquerade the outgoing traffic, but I don't want to masquerade the outgoing vpn traffic passing through the ppp0 interface. It has got to be, instead, forwarded with its original source addresses. Could someone show me the iptables rules to make it work? (tips in routing would be appreciated too). thank you, ------------------------------------------------- -- Bruno Negr?o -- Suporte -- Plugway Acesso Internet Ltda. -- (31)34812311 -- bnegrao at plugway.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Wed Dec 19 10:28:22 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Wed, 19 Dec 2001 11:28:22 -0500 (EST) Subject: [pptp-server] kernel > 2.4.10 In-Reply-To: <200112191219.04143@vonkoeller.de> Message-ID: On Wed, 19 Dec 2001, Magnus von Koeller wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wednesday 19 December 2001 02:43, you wrote: > > I've got 2.4.15 working > > Are you sure? Did you test with Linux clients? If it's working with any client, it's working. If it's not working with a linux client, doesn't that point to a problem with the linux client, rather than the server? -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From magnus at vonkoeller.de Wed Dec 19 10:42:29 2001 From: magnus at vonkoeller.de (Magnus von Koeller) Date: Wed, 19 Dec 2001 17:42:29 +0100 Subject: [pptp-server] kernel > 2.4.10 In-Reply-To: References: Message-ID: <200112191740.51651@vonkoeller.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 19 December 2001 17:28, you wrote: > If it's working with any client, it's working. If it's not working > with a linux client, doesn't that point to a problem with the linux > client, rather than the server? So did you try if it actually works with a Linux client?? I don't think it's a problem with the client because everything works fine with Kernel 2.4.2 on the server but when I tried to upgrade to 2.4.12-ac5 all Linux clients stopped working. This quite clearly points to a problem with the kernel on the server ... - -- - -M - ------- Magnus von Koeller ------ Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany Phone: +49-531-2094886 Mobile: +49-179-4562940 lp1 on fire (One of the more obfuscated kernel messages) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8IMN3UIvM6e6BgFARAjYJAKC6uCyGyN3Kif6QdoZyvGcL0BTivwCg1RDI xUHvEiA/hlU7yGzRgILkhyU= =QXD7 -----END PGP SIGNATURE----- From scottt at soccer.com Wed Dec 19 10:59:44 2001 From: scottt at soccer.com (Scott Taylor) Date: Wed, 19 Dec 2001 08:59:44 -0800 Subject: [pptp-server] Issue error 741 when connect to PPTP Message-ID: Did you install the Microsoft encryption patches? http://poptop.lineo.com/download_pptp.html You need to do this. Then follow the RH poptop howto http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt THERE IS ONLY ONE... SOCCER.COM, The Center of the Soccer Universe http://www.soccer.com From scottt at soccer.com Wed Dec 19 11:01:24 2001 From: scottt at soccer.com (Scott Taylor) Date: Wed, 19 Dec 2001 09:01:24 -0800 Subject: [pptp-server] kernel > 2.4.10 Message-ID: <77850F650B8365F47A119A808B24FDF5@scottt.soccer.com> An HTML attachment was scrubbed... URL: From scottt at soccer.com Wed Dec 19 11:13:58 2001 From: scottt at soccer.com (Scott Taylor) Date: Wed, 19 Dec 2001 09:13:58 -0800 Subject: [pptp-server] How to set iptables to doesn't masquerade the VPN traffic? Message-ID: An HTML attachment was scrubbed... URL: From scottt at soccer.com Wed Dec 19 11:15:39 2001 From: scottt at soccer.com (Scott Taylor) Date: Wed, 19 Dec 2001 09:15:39 -0800 Subject: [pptp-server] kernel > 2.4.10 Message-ID: <3173D8DD7933C9D4B998FB7A128A491D@scottt.soccer.com> An HTML attachment was scrubbed... URL: From bnegrao at engepel.com.br Wed Dec 19 12:53:02 2001 From: bnegrao at engepel.com.br (=?iso-8859-1?Q?Bruno_Negr=E3o?=) Date: Wed, 19 Dec 2001 16:53:02 -0200 Subject: [pptp-server] How to set iptables to doesn't masquerade the VPN traffic? References: Message-ID: <000b01c188be$62b24aa0$020da8c0@plugway.com.br> Thank you in answering. Why wouldn't you want them Masq'd? In my understanding about VPNs, once you establish a vpn link between two remote private networks you'll deal with them as if those are normal private LAN's - thus I wouldn't like to mask one internal lan when connecting with the other lan, instead I want to enable routing between these lans (routing through the pptp link) Are your client's behind the interface routeable Address's? Yes. I think by default It won't Masq them..I believe you need to tell it to with the -t nat SNAT command. Yes too. I found a rule that selectively masq all outbound traffic except that destined to the 192.168.0.0/24 network. iptables -t nat -A POSTROUTING -o $EXTIF -s 192.168.50.0/24 -d ! 192.168.0.0/24 -j MASQUERADE Someone tell us if I'm wrong...... Scott THERE IS ONLY ONE... SOCCER.COM, The Center of the Soccer Universe http://www.soccer.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From scottt at soccer.com Wed Dec 19 12:55:59 2001 From: scottt at soccer.com (Scott Taylor) Date: Wed, 19 Dec 2001 10:55:59 -0800 Subject: [pptp-server] kernel > 2.4.10 Message-ID: An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: modules.conf.txt Type: application/octet-stream Size: 263 bytes Desc: modules.conf.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: ppp-options.txt Type: application/octet-stream Size: 198 bytes Desc: ppp-options.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: pptpd.conf.txt Type: application/octet-stream Size: 434 bytes Desc: pptpd.conf.txt URL: From lorentzm1 at home.com Wed Dec 19 15:13:39 2001 From: lorentzm1 at home.com (Lorentz Morrow) Date: Wed, 19 Dec 2001 15:13:39 -0600 Subject: [pptp-server] Issue error 741 when connect to PPTP Message-ID: <200112192113.fBJLDdg19307@c1984186-a.clmba1.mo.home.com> Type the command: cp /etc/ppp/options.pptp /etc/ppp/options or adding the line: option /etc/ppp/options.pptp to you /etc/pptpd.conf file should work also. Hope this fixes your problem. Lorentz From mikael.lonnroth at advancevpn.com Thu Dec 20 01:15:41 2001 From: mikael.lonnroth at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=) Date: Wed, 19 Dec 2001 23:15:41 -0800 Subject: [pptp-server] How to set iptables to doesn't masquerade the VPN traffic? Message-ID: <011c01c18926$22615050$121b7d0a@advancehome> I think the problem arises then you have - a private network - a VPN server inside that network, and - PPTP clients that are mapped to a third private address space inside the VPN server Let's say the private network is 10.0.0.0/24 and the PPTP clients get addresses from a network 10.1.0.0/24. The VPN server knows how to route packets from 10.1.0.10 (assigned to one VPN client) to 10.0.0.4 (some internal server), but the internal server (10.0.0.4) does not know how to route packets to 10.1.0.10, instead it routes them to the default gateway... Regards, Mikael L?nnroth AdvanceVPN Oy www.advancevpn.com ----- Original Message ----- From: Bruno Negr?o To: pptp-server at lists.schulte.org Sent: Wednesday, December 19, 2001 10:53 AM Subject: Re: [pptp-server] How to set iptables to doesn't masquerade the VPN traffic? Thank you in answering. Why wouldn't you want them Masq'd? In my understanding about VPNs, once you establish a vpn link between two remote private networks you'll deal with them as if those are normal private LAN's - thus I wouldn't like to mask one internal lan when connecting with the other lan, instead I want to enable routing between these lans (routing through the pptp link) -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Wed Dec 19 15:50:00 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 20 Dec 2001 08:50:00 +1100 Subject: [pptp-server] Connect Problems! Finaly solved ;-) Message-ID: <200FAA488DE0D41194F10010B597610D2B9443@jupiter.citadelcomputer.com.au> Make sure you have `proxyarp` in your options files and ip_forward enabled in your network setup. when the VPN comes up you should get a message like this: pppd[5829]: found interface eth0 for proxy arp if you don't then it will not work. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Ufuk Altinkaynak [mailto:ufuk.altinkaynak at wibo-werk.com] Sent: Wednesday, 19 December 2001 10:36 PM To: Andrew Lyon; pptp-server at lists.schulte.org; George Vieira Subject: Re: [pptp-server] Connect Problems! Finaly solved ;-) Hi Geroge and Andrew !! Finaly i solved my connect Problems it was our firewall that was not passing the GRE packets ;-). Sorry for that, i thought i had checked it up. So again thanks for great support. But i have still have a litte Problem ;-) i can't ping/acces the winnt4.0 host. I can connect to the vpn server but i can't ping/acces any machine behind the vpn server. So i think it is a routing Problem. The Dialup to my isp sets the defualt gw and at the vpn connection is the defualt gw not enabled. Win98Client ISP/Internet VPN-Linuxserver WINNT4.0HOST 10.10.1.22 --VPN-TUNNEL----10.10.1.20----------10.10.1.12 So what do i have to do, to ping/acces the server. I hope you have a good idea. Thanks therfore Ufuk Altinkaynak > Have you removed the "default gateway" option for the internet user. this > MUST be removed for the VPN to work otherwise the internet connection for > the vpn user may totally stop and possibly without you even knowing.. > Sounds like your isp, try doing a traceroute from client to server port > 1723, if that works try the patched traceroute which can use GRE packets. From GeorgeV at citadelcomputer.com.au Wed Dec 19 16:31:00 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 20 Dec 2001 09:31:00 +1100 Subject: [pptp-server] How to set iptables to doesn't masquerade the V PN traffic? Message-ID: <200FAA488DE0D41194F10010B597610D2B9449@jupiter.citadelcomputer.com.au> Make sure your vpn users are on the same IP range (subnet) as the local users otherwise this will fail... you need to put a rule which ACCEPTS anything from subnet to subnet on interface ppp+ eg. INTSN="10.10.10.0/24" VPNDEV="ppp+" EXTDEV="eth1" /sbin/ipchains -A input -i $VPNDEV -s $INTSN -d $INTSN -j ACCEPT /sbin/ipchains -A forward -i $EXTDEV -s $INTSN -d $INTSN -j MASQ these rules are what I use.. the input is only there because I bloke everything coming in... otherwise not needed as I'm using the "-i $EXTDEV" option to masq only the packets going to the internet, NOT the vpn.... should be right.. if this doesn't work I'll need your iptables rules or ipchains rules to see what your doing.... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Bruno Negr?o [mailto:bnegrao at engepel.com.br] Sent: Thursday, 20 December 2001 3:29 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] How to set iptables to doesn't masquerade the VPN traffic? Hy, since everyone here works with pptp somebody should have solved this problem: My pptpd server is a linux 2.4.x kernel with two interfaces (external and internal). I set it to masquerade the outgoing traffic, but I don't want to masquerade the outgoing vpn traffic passing through the ppp0 interface. It has got to be, instead, forwarded with its original source addresses. Could someone show me the iptables rules to make it work? (tips in routing would be appreciated too). thank you, ------------------------------------------------- -- Bruno Negr?o -- Suporte -- Plugway Acesso Internet Ltda. -- (31)34812311 -- bnegrao at plugway.com.br -------------- next part -------------- An HTML attachment was scrubbed... URL: From jhiggs at bigpond.net.au Wed Dec 19 16:46:58 2001 From: jhiggs at bigpond.net.au (Jeremy Higgs) Date: Thu, 20 Dec 2001 09:46:58 +1100 Subject: [pptp-server] Problems connecting with PoPToP and pptp-client Message-ID: Hi everyone! I've had some time as of late to try and fix the problems I was having before, and I now get the following when connecting between two gateway machines (i.e. Both have public addresses): Dec 19 19:48:07 bluey pptpd[18801]: MGR: Manager process started Dec 19 19:48:15 bluey pptpd[18802]: CTRL: Client 144.132.140.185 control connection started Dec 19 19:48:16 bluey pptpd[18802]: CTRL: Starting call (launching pppd, opening GRE) Dec 19 19:48:16 bluey modprobe: modprobe: Invalid line 83 in /etc/modules.conf ^I/lib/modules/2.2.20 Dec 19 19:48:19 bluey pptpd[18802]: CTRL: Error with select(), quitting Dec 19 19:48:19 bluey pptpd[18802]: CTRL: Client 144.132.140.185 control connection finished Dec 19 19:48:19 bluey pptpd[18802]: CTRL: Asked to free call when no call open, not handled well Dec 19 19:48:19 bluey pptpd[18802]: CTRL: Asked to free call when no call open, not handled well Dec 19 19:48:19 bluey pptpd[18802]: CTRL: Got call clear request after call manually shutdown - buggy client After the "control connection finished" message comes up, the pptp-client on the client machine returns the the command prompt and 'says' nothing, and then the message after that pop up... I have this in my /etc/pptpd.conf file: localip 203.17.40.97 remoteip 203.17.40.109,203.17.40.106 (plus the defaults) /etc/ppp/pptpd-options: bluey:/etc/ppp# cat pptpd-options ## SAMPLE ONLY ## CHANGE TO SUIT YOUR SYSTEM ## turn pppd syslog debugging on #debug ## change 'servername' to whatever you specify as your server name in chap-secrets name bluey ## change the domainname to your local domain domain mydomain.net ## these are reasonable defaults for WinXXXX clients ## for the security related settings auth require-chap #require-chapms #require-chapms-v2 +chap #+chapms #+chapms-v2 #mppe-40 #mppe-128 #mppe-stateless #require-mppe #require-mppe-stateless ## Fill in your addresses #ms-dns 10.0.0.1 #ms-wins 10.0.0.1 ## Fill in your netmask netmask 255.255.255.240 ## some defaults nodefaultroute proxyarp Lock (One thing to note is that the netmask of the internal subnet (the one I assign Ips in) is 255.255.255.240, but the netmask of the client machine is 255.255.240.0 ... Could that be the problem?) /etc/ppp/chap-secrets: # Secrets for authentication using CHAP # client server secret IP addresses "paulnet at bigpond" * "*****" piglet bluey "*****" * bluey piglet "*****" * Can anyone see anything wrong? I'm not sure how to fix this... Thanks! [Reposted via another account, sorry if this is duplicated sometime in the future!] From jsantos at k1.knet.cxm Wed Dec 19 19:51:25 2001 From: jsantos at k1.knet.cxm (Jorge Santos) Date: Thu, 20 Dec 2001 01:51:25 -0000 Subject: [pptp-server] kernel > 2.4.10 References: Message-ID: <001c01c188f8$d55ec7b0$0200a8c0@knet.cxm> me to ----- Original Message ----- From: Scott Taylor To: pptp-server at lists.schulte.org Sent: Wednesday, December 19, 2001 1:43 AM Subject: Re: [pptp-server] kernel > 2.4.10 I've got 2.4.15 working THERE IS ONLY ONE... SOCCER.COM, The Center of the Soccer Universe http://www.soccer.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: From Joe at Polcari.com Wed Dec 19 22:58:44 2001 From: Joe at Polcari.com (Joe Polcari) Date: Wed, 19 Dec 2001 23:58:44 -0500 Subject: [pptp-server] How to set iptables to doesn't masquerade the VPN traffic? References: <002801c188aa$439d88a0$020da8c0@plugway.com.br> Message-ID: <3C217004.6ADB00CD@Polcari.com> What are the ip addresses, interfaces and are you using ipchains or iptables or what? Bruno Negr?o wrote: > Hy, since everyone here works with pptp somebody should have solved > this problem: My pptpd server is a linux 2.4.x kernel with two > interfaces (external and internal). I set it to masquerade the > outgoing traffic, but I don't want to masquerade the outgoing vpn > traffic passing through the ppp0 interface. It has got to be, instead, > forwarded with its original source addresses. Could someone show me > the iptables rules to make it work? (tips in routing would be > appreciated too). thank > you,------------------------------------------------- > -- Bruno Negr?o -- Suporte > -- Plugway Acesso Internet Ltda. > -- (31)34812311 > -- bnegrao at plugway.com.br From magnus at vonkoeller.de Thu Dec 20 01:52:21 2001 From: magnus at vonkoeller.de (Magnus von Koeller) Date: Thu, 20 Dec 2001 08:52:21 +0100 Subject: [pptp-server] kernel > 2.4.10 In-Reply-To: <3173D8DD7933C9D4B998FB7A128A491D@scottt.soccer.com> References: <3173D8DD7933C9D4B998FB7A128A491D@scottt.soccer.com> Message-ID: <200112200851.25284@vonkoeller.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 19 December 2001 18:15, you wrote: > I'm not using the "ac" version. That shouldn't make a difference. Other people on this list have reported problems with the Vanilla kernel, too. And it's the same behaviour I experienced. - -- - -M - ------- Magnus von Koeller ------ Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany Phone: +49-531-2094886 Mobile: +49-179-4562940 lp1 on fire (One of the more obfuscated kernel messages) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8IZi4UIvM6e6BgFARAoswAJ44pNCEWcH3IPw5cnD8gJV+X5eM+gCeMjY1 c/f792a0F0kuKreie3hZFvY= =8lxt -----END PGP SIGNATURE----- From kharada at ballade.plala.or.jp Thu Dec 20 01:53:58 2001 From: kharada at ballade.plala.or.jp (kharada at ballade.plala.or.jp) Date: Thu, 20 Dec 2001 16:53:58 +0900 (JST) Subject: [pptp-server] =?ISO-2022-JP?B?UmU6UmU6IFtwcHRwLXNlcnZlcl0gSXNzdWUgZXJyb3IgNzQxIHdoZW4=?= =?ISO-2022-JP?B?IGNvbm5lY3QgdG8gUFBUUA==?= Message-ID: <200112200753.fBK7rwY96451@smtp.OpenBit.NET> Hi Lorentz Thank you for your reply. I defined /etc/pptpd.conf TAG options to use /etc/ppp/options instead of /etc/ppp/options.pptp. Then Error message 741 disappear, but I am so sad, still not working. I saw files pptpd.log and messages, following message issue in it. "in file /etc/ppp/options "+chapms" unrecognized" I have already applied patch MSCHAP and mppe patch to kernel and ppp. But I don't know how to do to resolv it. Please your help. Keizo >Type the command: > >cp /etc/ppp/options.pptp /etc/ppp/options > >or adding the line: > >option /etc/ppp/options.pptp > >to you /etc/pptpd.conf file should work also. >Hope this fixes your problem. > >Lorentz >_______________________________________________ >pptp-server maillist - pptp-server at lists.schulte.org >http://lists.schulte.org/mailman/listinfo/pptp-server >--- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Thu Dec 20 05:21:33 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Thu, 20 Dec 2001 22:21:33 +1100 Subject: [pptp-server] 2.4.16 Whoohoo!!! yeehaa!!! Success Message-ID: <200FAA488DE0D41194F10010B597610D2B9460@jupiter.citadelcomputer.com.au> Aahhh finally... Thanks to Cristian Bagor and someone else (i've losst the email now, DoH!)... I got their .config files and repatched my kernel 2.4.16 and it now works.. Something was obviously a miss in the kernel... ( i knew something was missing!!!!! ).. it totally stuffed my ADSL link but that just took a little tweak somewhere and now works.... thanks peeps. PS: Now to apply this to my live work machine...... DOOOOooH!!! George Vieira.. From bnegrao at engepel.com.br Thu Dec 20 05:32:48 2001 From: bnegrao at engepel.com.br (=?iso-8859-1?Q?Bruno_Negr=E3o?=) Date: Thu, 20 Dec 2001 09:32:48 -0200 Subject: [pptp-server] How to set iptables to doesn't masquerade the VPN traffic? References: <002801c188aa$439d88a0$020da8c0@plugway.com.br> <3C217004.6ADB00CD@Polcari.com> Message-ID: <001901c1894a$0d344880$020da8c0@plugway.com.br> > > What are the ip addresses, interfaces and are you using ipchains or > iptables or what? I'm sorry. I'm using iptables. My network is: 192.168.50.1| PPTPD server |200.251.30.1 --------------------- 200.230.2.2 | PPTPd client (NT)|192.168.0.1 \-----------------------------------------------------------------/ pptp tunnel on net 192.168.14.0 My clients in network 192.168.50/24 must be masqueraded when connecting the internet but must be just forwarded when connecting with the 192.168.0.0/24 network. > > > Bruno Negr?o wrote: > > > Hy, since everyone here works with pptp somebody should have solved > > this problem: My pptpd server is a linux 2.4.x kernel with two > > interfaces (external and internal). I set it to masquerade the > > outgoing traffic, but I don't want to masquerade the outgoing vpn > > traffic passing through the ppp0 interface. It has got to be, instead, > > forwarded with its original source addresses. Could someone show me > > the iptables rules to make it work? (tips in routing would be > > appreciated too). thank > > you,------------------------------------------------- > > -- Bruno Negr?o -- Suporte > > -- Plugway Acesso Internet Ltda. > > -- (31)34812311 > > -- bnegrao at plugway.com.br > ?>i???z?sSYb??i?> ???-+-??!?[^??!???X??? ??mzS??f?-f??X??)???i?> ???Nz > -??^??c??Zn Message-ID: <003a01c1895c$99156fc0$9b010a0a@AltinkaynakA9> Hi George, Robert Again i found with your help a solution for this problem. IP_foward was activated, but it was ristricted in the firewall, so i found a posting regrading my problem, and i changed my firewall settings to the new one, and what can i say IT FINALY WORKS. THANKS to all who helped my through. Ufuk Altinkaynak > Make sure you have `proxyarp` in your options files and ip_forward enabled > in your network setup. > when the VPN comes up you should get a message like this: > > pppd[5829]: found interface eth0 for proxy arp > From berzerke at swbell.net Thu Dec 20 08:03:24 2001 From: berzerke at swbell.net (robert) Date: Thu, 20 Dec 2001 08:03:24 -0600 Subject: [pptp-server] kernel > 2.4.10 In-Reply-To: <001c01c188f8$d55ec7b0$0200a8c0@knet.cxm> References: <001c01c188f8$d55ec7b0$0200a8c0@knet.cxm> Message-ID: <0GON0059KB0F90@mta5.rcsntx.swbell.net> This is slightly off-topic, but I hope those of you running 2.4.15 know about the corrupt your filesystems on unmount bug. On Wednesday 19 December 2001 07:51 pm, Jorge Santos wrote: > me to > ----- Original Message ----- > From: Scott Taylor > To: pptp-server at lists.schulte.org > Sent: Wednesday, December 19, 2001 1:43 AM > Subject: Re: [pptp-server] kernel > 2.4.10 > > > I've got 2.4.15 working > > > > > > > > > THERE IS ONLY ONE... > SOCCER.COM, The Center of the Soccer Universe > http://www.soccer.com > > _______________________________________________ pptp-server maillist - > pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, > go to the url just above this line. -- From magnus at vonkoeller.de Thu Dec 20 08:11:46 2001 From: magnus at vonkoeller.de (Magnus von Koeller) Date: Thu, 20 Dec 2001 15:11:46 +0100 Subject: [pptp-server] 2.4.16 Whoohoo!!! yeehaa!!! Success In-Reply-To: <200FAA488DE0D41194F10010B597610D2B9460@jupiter.citadelcomputer.com.au> References: <200FAA488DE0D41194F10010B597610D2B9460@jupiter.citadelcomputer.com.au> Message-ID: <200112201511.27519@vonkoeller.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 20 December 2001 12:21, you wrote: > Thanks to Cristian Bagor and someone else (i've losst the email > now, DoH!)... I got their .config files and repatched my kernel > 2.4.16 and it now works.. Something was obviously a miss in the > kernel... ( i knew something was missing!!!!! ).. Well, again, did you try this with linux clients?? Or was this some other problem? - -- - -M - ------- Magnus von Koeller ------ Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany Phone: +49-531-2094886 Mobile: +49-179-4562940 lp1 on fire (One of the more obfuscated kernel messages) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8IfGkUIvM6e6BgFARAs3cAJ4sXDAJCqag1WRd48HjRaykPxiM2wCgkqEg v7WQpfL1fD3tTaeLVkhcfvg= =PR+z -----END PGP SIGNATURE----- From muralivemuri at multitech.co.in Thu Dec 20 08:21:49 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 20 Dec 2001 19:51:49 +0530 Subject: [pptp-server] pinging problem Message-ID: <3C21F3FC.5FF2EC61@multitech.co.in> well......... to start with, i have a win98 client. he connects to a RAS over PPP RAS gives him 192.168.4.2 and himself has the address 192.168.4.10 and beyond him, i have a pptp server with eth1 address 192.168.1.4.6 he assigns 192.168.1.246 to the client and himself gets 192.168.1.241. i find the message "found eth0 for proxy arp" in /var/log/messages. and the eth0 address is 192.168.1.149 but still the win98 client is not able to ping any ip address beyond 149. any ideas........? -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From jasons at NJAQUARIUM.ORG Thu Dec 20 09:54:02 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Thu, 20 Dec 2001 10:54:02 -0500 Subject: [pptp-server] NEW INFO!! Message-ID: this might help some people. If you VPN clients have AOL as an ISP and you would like them to access network resources on a domain. Don't set the domain login under network properties. Hack the Reg. and change the default network user name to the username needed. HK_L_M\network\logon just set the user name to the right one needed to access shares on the samba or NT servers From andersjk at sol-invictus.org Thu Dec 20 10:12:12 2001 From: andersjk at sol-invictus.org (andersjk at sol-invictus.org) Date: Thu, 20 Dec 2001 17:12:12 +0100 (CET) Subject: [pptp-server] poptop and default gateway... Message-ID: i have a quick question that i can't seem to find a response to, i got the poptop server running without a problem, its just that i see all the computers on the local network but when i try to get out over the default gateway it just doesn't know where to go...! i have ipforwarding enabled... my question is what am i missing? do i have to have have ipchains running or masquerading?? i also used the tip in the howto about proxyarp failing cause it can't find the mac address for the server... i hard coded that for a test and it still didn't work.... thanks, kevin anderson From scottt at soccer.com Thu Dec 20 10:47:25 2001 From: scottt at soccer.com (Scott Taylor) Date: Thu, 20 Dec 2001 08:47:25 -0800 Subject: [pptp-server] 2.4.16 =?iso-8859-1?B?oFdob29ob28hISE=?= yeehaa!!! Success Message-ID: <07B179EAC86292442B108DEC0FEB61A3@scottt.soccer.com> An HTML attachment was scrubbed... URL: From jrmann1999 at yahoo.com Thu Dec 20 11:07:14 2001 From: jrmann1999 at yahoo.com (Jeremy Mann) Date: Thu, 20 Dec 2001 09:07:14 -0800 (PST) Subject: [pptp-server] WAN->WAN question Message-ID: <20011220170714.5884.qmail@web14104.mail.yahoo.com> I'm about to implement a solution to link up 4-5 remote offices to a corporate office. I'm wondering what sort of documentation someone could point me to on how to do this via VPN. My idea is as follows: I will run a VPN server at our corporate office, have all of the remote locations then "dial-in" to that server. Each office will be on it's own subnet on the 192.168.x.x mask and then sort of pseudo-linked via VPN. My goal is to make this as seamless to the end user as possible(when the good ol win98 folk open network neighborhood they can see every share from every other computer on the network). If I'm totally off base here just point me where I need to look. Jeremy Mann ===== Jeremy Mann "To learn cobol is an injustice, therefore it should be a crime to teach it." __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com From mikes at hartwellcorp.com Thu Dec 20 11:24:45 2001 From: mikes at hartwellcorp.com (Michael St. Laurent) Date: Thu, 20 Dec 2001 09:24:45 -0800 Subject: [pptp-server] New kernel RPMs for ipsec+pptp? Message-ID: <91A5926EFF44D3118B1200104B7276EB01084FDB@hart-exchange.hartwellcorp.com> The site http://www.opensource-security.org/RPMS/VPN/ contains all the RPMS needed to install and use both FreeSWAN and PPTP including the patched kernel. Does anyone know if there are plans to add the 2.4.9-13 kernel to the list? -------------------- Michael St. Laurent Hartwell Corporation [root at earth] root# rm -rf /bin/laden From wilcox at CSZINC.COM Thu Dec 20 11:33:33 2001 From: wilcox at CSZINC.COM (James Wilcox) Date: Thu, 20 Dec 2001 12:33:33 -0500 Subject: [pptp-server] DHCP Message-ID: I was wondering under what file and what syntax is need to set up VPN's DHCP to hand out a Microsoft DNS and WINS server address for name resolution? Thanks, James -------------- next part -------------- An HTML attachment was scrubbed... URL: From jasons at NJAQUARIUM.ORG Thu Dec 20 11:35:59 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Thu, 20 Dec 2001 12:35:59 -0500 Subject: [pptp-server] DHCP Message-ID: I use options.pptp for the file in /etc/ppp and ms-dns xxx.xxx.xxx.xxx ms-wins xxx.xxx.xxx.xxx -----Original Message----- From: James Wilcox [mailto:wilcox at CSZINC.COM] Sent: Thursday, December 20, 2001 12:34 PM To: Linux PPTP (pptp-server at lists.schulte.org) Subject: [pptp-server] DHCP I was wondering under what file and what syntax is need to set up VPN's DHCP to hand out a Microsoft DNS and WINS server address for name resolution? Thanks, James From muralivemuri at multitech.co.in Thu Dec 20 11:47:15 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Thu, 20 Dec 2001 23:17:15 +0530 Subject: [pptp-server] routing Message-ID: <3C222423.3538C258@multitech.co.in> hi can someone give me a nice tutorial on iptables or ipchains. i am newbie for those ... please keep in mind. -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From jasons at NJAQUARIUM.ORG Thu Dec 20 11:46:47 2001 From: jasons at NJAQUARIUM.ORG (Jason Staudenmayer) Date: Thu, 20 Dec 2001 12:46:47 -0500 Subject: [pptp-server] routing Message-ID: linuxdoc.org -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Thursday, December 20, 2001 12:47 PM To: pptplist Subject: [pptp-server] routing hi can someone give me a nice tutorial on iptables or ipchains. i am newbie for those ... please keep in mind. -- regards & thanks for your time, Murali Krishna Vemuri From grj at lincom.no Thu Dec 20 11:53:34 2001 From: grj at lincom.no (Gustav Jansen) Date: Thu, 20 Dec 2001 18:53:34 +0100 (CET) Subject: [pptp-server] routing In-Reply-To: <3C222423.3538C258@multitech.co.in> Message-ID: On Thu, 20 Dec 2001, Murali K. Vemuri wrote: > hi > > can someone give me a nice tutorial on iptables or ipchains. > > i am newbie for those ... please keep in mind. Try Rusty's guides at http://netfilter.samba.org/unreliable-guides/. -- Gustav 1AB5 1DD3 4412 9F03 1A4D 9C64 4763 DD26 62DA 54BF From wilcox at CSZINC.COM Thu Dec 20 11:58:40 2001 From: wilcox at CSZINC.COM (James Wilcox) Date: Thu, 20 Dec 2001 12:58:40 -0500 Subject: [pptp-server] Logging On Message-ID: We used to be able to use our domain server to logon to our Linux box but something crashed and now we have to use chap-secrets file to be able to logon the Linux server. Does anyone know where and what needs to be changed so that you can use your NT domain to authenticate? Thanks in advance, James -------------- next part -------------- An HTML attachment was scrubbed... URL: From prunkard at CSZINC.COM Thu Dec 20 12:05:07 2001 From: prunkard at CSZINC.COM (Jason Prunkard) Date: Thu, 20 Dec 2001 13:05:07 -0500 Subject: [pptp-server] prunkard@cszinc.com Message-ID: mailto:prunkard at cszinc.com From shughes at arn.net Thu Dec 20 14:16:05 2001 From: shughes at arn.net (Shawn Hughes) Date: Thu, 20 Dec 2001 12:16:05 -0800 Subject: [pptp-server] network problems Message-ID: <007801c18993$2a7c1fa0$1204a8c0@shawn> Can anyone help. I can log onto my network through a vpn connection to a Linux server running pptpd, but the problem that I'm having is that sometimes I cannot connect to the server on the local network. The server on the local network requires a telnet session. After I'm connected through VPN I telnet to the address 192.168.4.2 but it will return me to the telnet session on the Linux server (192.168.4.10). What do I need to try? Thanks, Shawn -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlieb at e-smith.com Thu Dec 20 12:11:13 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 20 Dec 2001 13:11:13 -0500 (EST) Subject: [pptp-server] WAN->WAN question In-Reply-To: <20011220170714.5884.qmail@web14104.mail.yahoo.com> Message-ID: On Thu, 20 Dec 2001, Jeremy Mann wrote: > My goal is to make this as seamless to the end user as > possible(when the good ol win98 folk open network > neighborhood they can see every share from every other > computer on the network). Far from trivial. > If I'm totally off base here just point me where I > need to look. http://www.freeswan.org/ (IOW, use IPSEC, don't even think of using PPTP). -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From charlieb at e-smith.com Thu Dec 20 12:20:12 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 20 Dec 2001 13:20:12 -0500 (EST) Subject: [pptp-server] New kernel RPMs for ipsec+pptp? In-Reply-To: <91A5926EFF44D3118B1200104B7276EB01084FDB@hart-exchange.hartwellcorp.com> Message-ID: On Thu, 20 Dec 2001, Michael St. Laurent wrote: > The site http://www.opensource-security.org/RPMS/VPN/ contains all the RPMS > needed to install and use both FreeSWAN and PPTP including the patched > kernel. But this is the important URl to bookmark: http://www.opensource-security.org/RPMS/SRPMS/ This is security software. It's pretty important to have the source code. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From charlieb at e-smith.com Thu Dec 20 12:28:52 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 20 Dec 2001 13:28:52 -0500 (EST) Subject: [pptp-server] routing In-Reply-To: <3C222423.3538C258@multitech.co.in> Message-ID: On Thu, 20 Dec 2001, Murali K. Vemuri wrote: > can someone give me a nice tutorial on iptables or ipchains. http://www.google.com/search?q=iptables+ipchains+tutorial > i am newbie for those ... please keep in mind. Google is your friend. -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From mattgav at tempo.com.au Thu Dec 20 13:12:06 2001 From: mattgav at tempo.com.au (- Matt Gavin -) Date: Fri, 21 Dec 2001 06:12:06 +1100 Subject: [pptp-server] New kernel RPMs for ipsec+pptp? In-Reply-To: <91A5926EFF44D3118B1200104B7276EB01084FDB@hart-exchange.hartwellcorp.com> Message-ID: I'd question the "security" in using pre-built RPMS for PoPToP. Matt. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Michael St. Laurent Sent: Friday, 21 December 2001 4:25 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] New kernel RPMs for ipsec+pptp? The site http://www.opensource-security.org/RPMS/VPN/ contains all the RPMS needed to install and use both FreeSWAN and PPTP including the patched kernel. Does anyone know if there are plans to add the 2.4.9-13 kernel to the list? -------------------- Michael St. Laurent Hartwell Corporation [root at earth] root# rm -rf /bin/laden _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From mattgav at tempo.com.au Thu Dec 20 13:13:48 2001 From: mattgav at tempo.com.au (- Matt Gavin -) Date: Fri, 21 Dec 2001 06:13:48 +1100 Subject: [pptp-server] routing In-Reply-To: <3C222423.3538C258@multitech.co.in> Message-ID: www.google.com Matt. -----Original Message----- From: pptp-server-admin at lists.schulte.org [mailto:pptp-server-admin at lists.schulte.org]On Behalf Of Murali K. Vemuri Sent: Friday, 21 December 2001 4:47 AM To: pptplist Subject: [pptp-server] routing hi can someone give me a nice tutorial on iptables or ipchains. i am newbie for those ... please keep in mind. -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikael.lonnroth at advancevpn.com Thu Dec 20 23:41:00 2001 From: mikael.lonnroth at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=) Date: Thu, 20 Dec 2001 21:41:00 -0800 Subject: [pptp-server] New kernel RPMs for ipsec+pptp? References: Message-ID: <00c301c189e2$130a4960$121b7d0a@advancehome> What will you do with the source code if you don't read C? Why is it important to have the source code when it is security software? Regards, Mikael ----- Original Message ----- From: "Charlie Brady" To: "Michael St. Laurent" Cc: Sent: Thursday, December 20, 2001 10:20 AM Subject: Re: [pptp-server] New kernel RPMs for ipsec+pptp? [snip] > But this is the important URl to bookmark: > > http://www.opensource-security.org/RPMS/SRPMS/ > > This is security software. It's pretty important to have the source code. [snip] From GeorgeV at citadelcomputer.com.au Thu Dec 20 14:43:30 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 21 Dec 2001 07:43:30 +1100 Subject: [pptp-server] 2.4.16 Whoohoo!!! yeehaa!!! Success Message-ID: <200FAA488DE0D41194F10010B597610D2B9464@jupiter.citadelcomputer.com.au> No problem was never to do with the linux clients. It should never be if it ever worked on the older kernels... PS: It was thanks to "Cristian Gabor" NOT "Cristian Bagor" ;-) (There you go Cristian, don't worry they even get a simple well know name like George spelt wrongly, eg. "Geroge" etc....) thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Magnus von Koeller [mailto:magnus at vonkoeller.de] Sent: Friday, 21 December 2001 1:12 AM To: George Vieira Cc: pptp-server at lists.schulte.org Subject: Re: [pptp-server] 2.4.16 Whoohoo!!! yeehaa!!! Success -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 20 December 2001 12:21, you wrote: > Thanks to Cristian Bagor and someone else (i've losst the email > now, DoH!)... I got their .config files and repatched my kernel > 2.4.16 and it now works.. Something was obviously a miss in the > kernel... ( i knew something was missing!!!!! ).. Well, again, did you try this with linux clients?? Or was this some other problem? - -- - -M - ------- Magnus von Koeller ------ Georg-Westermann-Allee 76 / 38104 Braunschweig / Germany Phone: +49-531-2094886 Mobile: +49-179-4562940 lp1 on fire (One of the more obfuscated kernel messages) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8IfGkUIvM6e6BgFARAs3cAJ4sXDAJCqag1WRd48HjRaykPxiM2wCgkqEg v7WQpfL1fD3tTaeLVkhcfvg= =PR+z -----END PGP SIGNATURE----- From GeorgeV at citadelcomputer.com.au Thu Dec 20 15:00:31 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 21 Dec 2001 08:00:31 +1100 Subject: [pptp-server] How to set iptables to doesn't masquerade the V PN traffic? Message-ID: <200FAA488DE0D41194F10010B597610D2B9465@jupiter.citadelcomputer.com.au> So many posts I can't remember them all... Also make graphics go down the mail, wrapping can be a real pain... 1) Does your firewall rules on Linux log ALL your DENY messages? You should turn this on to see if the routes are denied or not. 2) The MASQ rule your using, did you specify the EXTERNAL ETHERNET card to forward on? Eg. ipchains -A forward -i eth1 -s 192.168.50.0/24 -j MASQ # MUST insert "-i EXTDEV" then your server should NOT MASQ internal users to the VPN user as that user in on a PPP0/PPP1 device not ETH1.. so it's routed. (This all depends on how your external connection is done ie. PPPoE etc..etc..) Your VPN user will not know how to get back to the internal users because of your IP you giving them (192.168.0.1), it's not on the same network as the internal users so it'll assume to send out via the internet and not the VPN. This will mean you MUST supply a static/permanent route for that network onto the VPN.. (what a pain).. For this reason most people assign an internal IP for the VPN user so they are part of the internal network and everything is sweet. In your case: 192.168.50.1| PPTPD server |200.251.30.1 --------------------- 200.230.2.2 | PPTPd client (NT)|192.168.50.250!!!! This way, no routing is needed.. just use proxyarp in your servers options file. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Bruno Negr?o [mailto:bnegrao at engepel.com.br] Sent: Thursday, 20 December 2001 10:33 PM To: pptp-server at lists.schulte.org Subject: Re: [pptp-server] How to set iptables to doesn't masquerade the VPN traffic? > > What are the ip addresses, interfaces and are you using ipchains or > iptables or what? I'm sorry. I'm using iptables. My network is: 192.168.50.1| PPTPD server |200.251.30.1 --------------------- 200.230.2.2 | PPTPd client (NT)|192.168.0.1 \-----------------------------------------------------------------/ pptp tunnel on net 192.168.14.0 My clients in network 192.168.50/24 must be masqueraded when connecting the internet but must be just forwarded when connecting with the 192.168.0.0/24 network. > > > Bruno Negr?o wrote: > > > Hy, since everyone here works with pptp somebody should have solved > > this problem: My pptpd server is a linux 2.4.x kernel with two > > interfaces (external and internal). I set it to masquerade the > > outgoing traffic, but I don't want to masquerade the outgoing vpn > > traffic passing through the ppp0 interface. It has got to be, instead, > > forwarded with its original source addresses. Could someone show me > > the iptables rules to make it work? (tips in routing would be > > appreciated too). thank > > you,------------------------------------------------- > > -- Bruno Negr?o -- Suporte > > -- Plugway Acesso Internet Ltda. > > -- (31)34812311 > > -- bnegrao at plugway.com.br > ?>i???z?sSYb??i?> ???-+-??!?[^??!???X??? ??mzS??f?-f??X??)???i?> ???Nz > -??^??c??Zn Um, If I'm reading this right you have 2 ethernet cards ETH0 and ETH1 and BOTH are on the same subnet (192.168.1.149 , 192.168.1.46?) Isn't this going to complicate things a bit? How it the client reaching the PPTP server.. I'm confused... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Friday, 21 December 2001 1:22 AM To: Steve at SteveCowles.com Cc: pptplist Subject: [pptp-server] pinging problem well......... to start with, i have a win98 client. he connects to a RAS over PPP RAS gives him 192.168.4.2 and himself has the address 192.168.4.10 and beyond him, i have a pptp server with eth1 address 192.168.1.4.6 he assigns 192.168.1.246 to the client and himself gets 192.168.1.241. i find the message "found eth0 for proxy arp" in /var/log/messages. and the eth0 address is 192.168.1.149 but still the win98 client is not able to ping any ip address beyond 149. any ideas........? -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From wilcox at CSZINC.COM Thu Dec 20 15:17:59 2001 From: wilcox at CSZINC.COM (James Wilcox) Date: Thu, 20 Dec 2001 16:17:59 -0500 Subject: [pptp-server] NT Authentication Message-ID: Is there a Option you can turn on in Linux that will allow you when coming thru PPTP to authenticate with the NT PDC and not have to have an account under chap-secrets? Thanks, James -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Thu Dec 20 15:29:20 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 21 Dec 2001 08:29:20 +1100 Subject: [pptp-server] WAN->WAN question Message-ID: <200FAA488DE0D41194F10010B597610D2B946B@jupiter.citadelcomputer.com.au> OK first things first. Why run a VPN when the offices are dialling directly into the Corporate office? Seeing all the machines on all networks will be difficult because network broadcasts don't route so they won't go over the dial up link.. There are a number of ways to try this (and I mean try): 1) Setup a WINS server on the dial up server machine 2) each dialin machine is linux and sets the "remote announce = dialupserverip" in samba (smb.conf) 3) each dialin machine sets the "wins server = dialupserverip" in samba (smb.conf) 4) each site should use a different workgroup name "Sydney, Melbourne, Perth, etc"... Now the problem I can see with this one is that each linux dialup client should have samba installed and act as a master browser to collect all workstation broadcasts. They will remotely send this info to the WINS server too but the server (I don't think) will not send that data to the other servers and this is the problem I'm seeing. Unless it's samba and possibly set to remote announce to each sites dialup machine...????? THOUGH, if ALL of the workstations use the corporate server as a WINS server in their TCP/IP setup then they can map to the other sits as the WINS server should resolve all their IPs on the other subnets... But network neighbourhood will probably only show the local workgroup.. Bummer!! Others on this list could possibly make a better setup.. thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Jeremy Mann [mailto:jrmann1999 at yahoo.com] Sent: Friday, 21 December 2001 4:07 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] WAN->WAN question I'm about to implement a solution to link up 4-5 remote offices to a corporate office. I'm wondering what sort of documentation someone could point me to on how to do this via VPN. My idea is as follows: I will run a VPN server at our corporate office, have all of the remote locations then "dial-in" to that server. Each office will be on it's own subnet on the 192.168.x.x mask and then sort of pseudo-linked via VPN. My goal is to make this as seamless to the end user as possible(when the good ol win98 folk open network neighborhood they can see every share from every other computer on the network). If I'm totally off base here just point me where I need to look. Jeremy Mann ===== Jeremy Mann "To learn cobol is an injustice, therefore it should be a crime to teach it." __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Thu Dec 20 15:33:35 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 21 Dec 2001 08:33:35 +1100 Subject: [pptp-server] Logging On Message-ID: <200FAA488DE0D41194F10010B597610D2B946C@jupiter.citadelcomputer.com.au> what were you using instead of chap-secrets? were you using libsmb with the &/etc/smbpasswd or something? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: James Wilcox [mailto:wilcox at CSZINC.COM] Sent: Friday, 21 December 2001 4:59 AM To: Linux PPTP (pptp-server at lists.schulte.org) Subject: [pptp-server] Logging On We used to be able to use our domain server to logon to our Linux box but something crashed and now we have to use chap-secrets file to be able to logon the Linux server. Does anyone know where and what needs to be changed so that you can use your NT domain to authenticate? Thanks in advance, James -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Thu Dec 20 15:36:29 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 21 Dec 2001 08:36:29 +1100 Subject: [pptp-server] NT Authentication Message-ID: <200FAA488DE0D41194F10010B597610D2B946D@jupiter.citadelcomputer.com.au> No, do you want to write the code for it.... You can't setup PPPD to be the man in the middle between authentication, I think for security reasons.. Best you can do is use the libsmb and authenticate the users on samba locally. I've heard of some Radius authentication a while back but not sure the outcome of it.... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: James Wilcox [mailto:wilcox at CSZINC.COM] Sent: Friday, 21 December 2001 8:18 AM To: Linux PPTP (pptp-server at lists.schulte.org) Subject: [pptp-server] NT Authentication Is there a Option you can turn on in Linux that will allow you when coming thru PPTP to authenticate with the NT PDC and not have to have an account under chap-secrets? Thanks, James -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Thu Dec 20 15:50:26 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 21 Dec 2001 08:50:26 +1100 Subject: [pptp-server] network problems Message-ID: <200FAA488DE0D41194F10010B597610D2B9470@jupiter.citadelcomputer.com.au> Are you sure your telnetting on the 4.10 address? Have you checked with tcpdump where it's coming from/to? thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Shawn Hughes [mailto:shughes at arn.net] Sent: Friday, 21 December 2001 7:16 AM To: pptp-server at lists.schulte.org Subject: [pptp-server] network problems Can anyone help. I can log onto my network through a vpn connection to a Linux server running pptpd, but the problem that I'm having is that sometimes I cannot connect to the server on the local network. The server on the local network requires a telnet session. After I'm connected through VPN I telnet to the address 192.168.4.2 but it will return me to the telnet session on the Linux server (192.168.4.10). What do I need to try? Thanks, Shawn -------------- next part -------------- An HTML attachment was scrubbed... URL: From mstockda at dti.net Thu Dec 20 15:58:16 2001 From: mstockda at dti.net (mstockda at dti.net) Date: Thu, 20 Dec 2001 16:58:16 -0500 Subject: [pptp-server] PPP 2.3.11 & linux 2.2.19, compile errors Message-ID: <20011220165816.Q7703@dti.net> I've recently been asked to install poptop on a trustix machine running the 2.2.19 kernel patched w/ FreeS/WAN. I got ppp-2.3.11.tar.gz, patched it w/ ppp-2.3.11-openssl-norc4-mppe.patch, copied the files suggested by README.MPPE from SSLeay 0.6.6, did configure, make, make install, and make kernel, and tried to rebuild my kernel w/ modular PPP support. I get the following when doing make modules # make modules make -C kernel CFLAGS="-Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -D__SMP__ -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=586 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h" MAKING_MODULES=1 modules make[1]: Entering directory `/usr/src/linux-2.2.19/kernel' make[1]: Nothing to be done for `modules'. make[1]: Leaving directory `/usr/src/linux-2.2.19/kernel' make -C drivers CFLAGS="-Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -D__SMP__ -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=586 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h" MAKING_MODULES=1 modules make[1]: Entering directory `/usr/src/linux-2.2.19/drivers' make -C block modules make[2]: Entering directory `/usr/src/linux-2.2.19/drivers/block' rm -f $TOPDIR/modules/BLOCK_MODULES make[2]: Leaving directory `/usr/src/linux-2.2.19/drivers/block' make -C char modules make[2]: Entering directory `/usr/src/linux-2.2.19/drivers/char' make[2]: Nothing to be done for `modules'. make[2]: Leaving directory `/usr/src/linux-2.2.19/drivers/char' make -C net modules make[2]: Entering directory `/usr/src/linux-2.2.19/drivers/net' /usr/bin/kgcc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-strict-aliasing -D__SMP__ -pipe -fno-strength-reduce -m486 -malign-loops=2 -malign-jumps=2 -malign-functions=2 -DCPU=586 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -DEXPORT_SYMTAB -c ppp.c ppp.c:100: warning: static declaration for `ppp_unregister_compressor_Rsmp2gig_a1b928df' follows non-static ppp.c: In function `xmit_trylock': ppp.c:189: structure has no member named `state' ppp.c: In function `xmit_unlock': ppp.c:197: structure has no member named `state' ppp.c: In function `ppp_async_init': ppp.c:356: structure has no member named `state' ppp.c: In function `ppp_sync_send': ppp.c:871: structure has no member named `state' ppp.c: In function `ppp_tty_sync_push': ppp.c:924: structure has no member named `state' ppp.c:929: structure has no member named `state' ppp.c:935: structure has no member named `state' ppp.c:935: structure has no member named `state' ppp.c:952: structure has no member named `state' ppp.c:957: structure has no member named `state' ppp.c:960: structure has no member named `state' ppp.c: In function `ppp_async_send': ppp.c:982: structure has no member named `state' ppp.c: In function `ppp_tty_push': ppp.c:1006: structure has no member named `state' ppp.c:1011: structure has no member named `state' ppp.c:1017: structure has no member named `state' ppp.c:1017: structure has no member named `state' ppp.c:1031: structure has no member named `state' ppp.c:1046: structure has no member named `state' ppp.c:1051: structure has no member named `state' ppp.c: In function `ppp_async_encode': ppp.c:1156: structure has no member named `state' ppp.c: In function `ppp_tty_flush_output': ppp.c:1178: structure has no member named `state' {standard input}: Assembler messages: {standard input}:9: Warning: Ignoring changed section attributes for .modinfo make[2]: *** [ppp.o] Error 1 make[2]: Leaving directory `/usr/src/linux-2.2.19/drivers/net' make[1]: *** [_modsubdir_net] Error 2 make[1]: Leaving directory `/usr/src/linux-2.2.19/drivers' make: *** [_mod_drivers] Error 2 Anyone seen anything like this before? any suggestions? -- Matt Stockdale Sr. NOC Engineer Digital Telemedia From scottt at soccer.com Thu Dec 20 17:55:04 2001 From: scottt at soccer.com (Scott Taylor) Date: Thu, 20 Dec 2001 15:55:04 -0800 Subject: [pptp-server] NT Authentication Message-ID: An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Thu Dec 20 20:23:59 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Fri, 21 Dec 2001 07:53:59 +0530 Subject: [pptp-server] pinging problem References: <200FAA488DE0D41194F10010B597610D2B9468@jupiter.citadelcomputer.com.au> Message-ID: <3C229D3F.6C63848A@multitech.co.in> NO............. i have two ethernet cards and eth0 has the ip address 192.168.1.149 and the eth1 has 192.168.4.6 192.168.1.246 is PPP local ip murali George Vieira wrote: > Um, If I'm reading this right you have 2 ethernet cards ETH0 and ETH1 > and BOTH are on the same subnet (192.168.1.149 , 192.168.1.46?)Isn't > this going to complicate things a bit? How it the client reaching the > PPTP server.. I'm confused... > > thanks, > George Vieira > Systems Manager > Citadel Computer Systems P/L > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > Sent: Friday, 21 December 2001 1:22 AM > To: Steve at SteveCowles.com > Cc: pptplist > Subject: [pptp-server] pinging problem > well......... > > to start with, i have a win98 client. > > he connects to a RAS over PPP > > RAS gives him 192.168.4.2 and himself has the address 192.168.4.10 > > and beyond him, i have a pptp server with eth1 address 192.168.1.4.6 > > he assigns 192.168.1.246 to the client and himself gets 192.168.1.241. > > i find the message "found eth0 for proxy arp" in /var/log/messages. > > and the eth0 address is 192.168.1.149 > > but still the win98 client is not able to ping any ip address beyond 149. > > any ideas........? > > -- > regards & thanks for your time, > > Murali Krishna Vemuri > > -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From GeorgeV at citadelcomputer.com.au Thu Dec 20 21:25:41 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Fri, 21 Dec 2001 14:25:41 +1100 Subject: [pptp-server] pinging problem Message-ID: <200FAA488DE0D41194F10010B597610D2B9482@jupiter.citadelcomputer.com.au> Oh I get it.. the typo in your first post confused me (192.168.1.4.6 etc...) This is what you need to check... The pptp client, type netstat -rn (that's R N and not M) and check if the client has a route for the whole network... probably not.. this is your main problem.. If your not sure type this in MSDOS: route add -p 192.168.1.0 netmask 255.255.255.0 192.168.1.241 this will tell the client VPN that to get to the whole network of 192.168.1.X to go via 192.168.1.241 (VPN server).. try that... -----Original Message----- From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] Sent: Friday, 21 December, 2001 1:24 PM To: George Vieira Cc: Steve at SteveCowles.com; pptplist Subject: Re: [pptp-server] pinging problem NO............. i have two ethernet cards and eth0 has the ip address 192.168.1.149 and the eth1 has 192.168.4.6 192.168.1.246 is PPP local ip murali George Vieira wrote: Um, If I'm reading this right you have 2 ethernet cards ETH0 and ETH1 and BOTH are on the same subnet (192.168.1.149 , 192.168.1.46?)Isn't this going to complicate things a bit? How it the client reaching the PPTP server.. I'm confused... thanks, George Vieira Systems Manager Citadel Computer Systems P/L -----Original Message----- From: Murali K. Vemuri [ mailto:muralivemuri at multitech.co.in ] Sent: Friday, 21 December 2001 1:22 AM To: Steve at SteveCowles.com Cc: pptplist Subject: [pptp-server] pinging problem well......... to start with, i have a win98 client. he connects to a RAS over PPP RAS gives him 192.168.4.2 and himself has the address 192.168.4.10 and beyond him, i have a pptp server with eth1 address 192.168.1.4.6 he assigns 192.168.1.246 to the client and himself gets 192.168.1.241. i find the message "found eth0 for proxy arp" in /var/log/messages. and the eth0 address is 192.168.1.149 but still the win98 client is not able to ping any ip address beyond 149. any ideas........? -- regards & thanks for your time, Murali Krishna Vemuri -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From muralivemuri at multitech.co.in Thu Dec 20 22:24:58 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Fri, 21 Dec 2001 09:54:58 +0530 Subject: [pptp-server] pinging problem References: <200FAA488DE0D41194F10010B597610D2B9482@jupiter.citadelcomputer.com.au> Message-ID: <3C22B999.9535FA21@multitech.co.in> Not this george! i have put 1 in the place of 0 in the file /proc/sys/net/ipv4/ip_forward. and ...........YAHOOOOOOOOOOOOOOOOOO! REGD murali George Vieira wrote: > Oh I get it.. the typo in your first post confused me (192.168.1.4.6 > etc...)This is what you need to check...The pptp client, type netstat > -rn (that's R N and not M) and check if the client has a route for the > whole network... probably not.. this is your main problem..If your not > sure type this in MSDOS:route add -p 192.168.1.0 netmask 255.255.255.0 > 192.168.1.241this will tell the client VPN that to get to the whole > network of 192.168.1.X to go via 192.168.1.241 (VPN server)..try > that... > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > Sent: Friday, 21 December, 2001 1:24 PM > To: George Vieira > Cc: Steve at SteveCowles.com; pptplist > Subject: Re: [pptp-server] pinging problem > NO............. > i have two ethernet cards and eth0 has the ip address 192.168.1.149 > and the eth1 has 192.168.4.6 > 192.168.1.246 is PPP local ip > murali > George Vieira wrote: > >> Um, If I'm reading this right you have 2 ethernet cards ETH0 and >> ETH1 and BOTH are on the same subnet (192.168.1.149 , >> 192.168.1.46?)Isn't this going to complicate things a bit? How it >> the client reaching the PPTP server.. I'm confused... >> >> thanks, >> George Vieira >> Systems Manager >> Citadel Computer Systems P/L >> -----Original Message----- >> From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] >> Sent: Friday, 21 December 2001 1:22 AM >> To: Steve at SteveCowles.com >> Cc: pptplist >> Subject: [pptp-server] pinging problem >> well......... >> >> to start with, i have a win98 client. >> >> he connects to a RAS over PPP >> >> RAS gives him 192.168.4.2 and himself has the address 192.168.4.10 >> >> and beyond him, i have a pptp server with eth1 address 192.168.1.4.6 >> >> he assigns 192.168.1.246 to the client and himself gets 192.168.1.241. >> >> i find the message "found eth0 for proxy arp" in /var/log/messages. >> >> and the eth0 address is 192.168.1.149 >> >> but still the win98 client is not able to ping any ip address beyond 149. >> >> any ideas........? >> >> -- >> regards & thanks for your time, >> >> Murali Krishna Vemuri >> >> > > -- > regards & thanks for your time, > > Murali Krishna Vemuri > > -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From Steve at SteveCowles.com Thu Dec 20 22:29:01 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Thu, 20 Dec 2001 22:29:01 -0600 Subject: [pptp-server] NT Authentication Message-ID: <90769AF04F76D41186C700A0C90AFC3EE984@defiant.infohiiway.com> > -----Original Message----- > From: Scott Taylor [mailto:scottt at soccer.com] > Sent: Thursday, December 20, 2001 5:55 PM > To: wilcox at CSZINC.COM > Cc: pptp-server at lists.schulte.org > Subject: Re: [pptp-server] NT Authentication > > > You can set up your firewall/linux box to forward the ports to your > NT server acting as the VPN server. > Thats what I do... I run a masq'd NT based PPTP server behind my linux based firewall. I hate to admit it (I'd prefer a linux solution) but until PoPToP (really pppd) can authenticate against an NT PDC, it makes no sense to maintain and synchronize separate user/password data in chap-secrets. That would be an administration nightmare. My two bits... Steve Cowles From charlieb at e-smith.com Thu Dec 20 22:56:37 2001 From: charlieb at e-smith.com (Charlie Brady) Date: Thu, 20 Dec 2001 23:56:37 -0500 (EST) Subject: [pptp-server] NT Authentication In-Reply-To: <90769AF04F76D41186C700A0C90AFC3EE984@defiant.infohiiway.com> Message-ID: On Thu, 20 Dec 2001, Cowles, Steve wrote: > Thats what I do... I run a masq'd NT based PPTP server behind my linux based > firewall. I hate to admit it (I'd prefer a linux solution) but until PoPToP > (really pppd) can authenticate against an NT PDC, it makes no sense to > maintain and synchronize separate user/password data in chap-secrets. Then you are SOL. Here's microsoft's description of M$CHAPv2: http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_RASS_MSCHAPv2.htm You are a PoPToP server. Consider yourself an active relay agent between the RAS (PDC) and the client. You don't know the plaintext password or the NT hash of the password of the client. You need that hash to set up encryption for the PPTP link. You also need that hash to authenticate the client against the PDC. What are you to do? -- Charlie Brady charlieb at e-smith.com Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 From Joe at Polcari.com Fri Dec 21 00:22:27 2001 From: Joe at Polcari.com (Joe Polcari) Date: Fri, 21 Dec 2001 01:22:27 -0500 Subject: [pptp-server] How to set iptables to doesn't masquerade the VPN traffic? References: <002801c188aa$439d88a0$020da8c0@plugway.com.br> <3C217004.6ADB00CD@Polcari.com> <001901c1894a$0d344880$020da8c0@plugway.com.br> Message-ID: <3C22D523.AFE41985@Polcari.com> Bruno, I,m sorry, I can't follow your diagram, but from what you said after it, maybe this will work: You need to put the acceptance rule before the masquerade rule in the nat table, like so: iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -d 192.168.14.0/24 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -j MASQUERADE let me know if this doesn't work. Joe Bruno Negr?o wrote: > > > > What are the ip addresses, interfaces and are you using ipchains or > > iptables or what? > I'm sorry. I'm using iptables. > > My network is: > > 192.168.50.1| PPTPD server |200.251.30.1 --------------------- 200.230.2.2 | > PPTPd client (NT)|192.168.0.1 > > \-----------------------------------------------------------------/ > pptp tunnel on net > 192.168.14.0 > My clients in network 192.168.50/24 must be masqueraded when connecting the > internet but must be just forwarded when connecting with the 192.168.0.0/24 > network. > > > > > > > Bruno Negr?o wrote: > > > > > Hy, since everyone here works with pptp somebody should have solved > > > this problem: My pptpd server is a linux 2.4.x kernel with two > > > interfaces (external and internal). I set it to masquerade the > > > outgoing traffic, but I don't want to masquerade the outgoing vpn > > > traffic passing through the ppp0 interface. It has got to be, instead, > > > forwarded with its original source addresses. Could someone show me > > > the iptables rules to make it work? (tips in routing would be > > > appreciated too). thank > > > you,------------------------------------------------- > > > -- Bruno Negr?o -- Suporte > > > -- Plugway Acesso Internet Ltda. > > > -- (31)34812311 > > > -- bnegrao at plugway.com.br > > > ?>i???z?sSYb??i?> ???-+-??!?[^??!???X??? ??mzS??f?-f??X??)???i?> ???N ?>z > > -??^??c??Zn > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From faralla at gmx.de Fri Dec 21 04:27:36 2001 From: faralla at gmx.de (Faralla) Date: Fri, 21 Dec 2001 11:27:36 +0100 Subject: [pptp-server] using other port Message-ID: Hi, is there a way to change the port pptp uses to bypass a Firewall? I think the minor problem is the linux-pptpd-server, but waht about W2k-clients? Thanks, Faralla From muralivemuri at multitech.co.in Fri Dec 21 05:00:44 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Fri, 21 Dec 2001 16:30:44 +0530 Subject: [pptp-server] pptp-chroot Message-ID: <3C23165C.408892EA@multitech.co.in> hi, In my pptp server box, i want to keep pptp under chroot so that i will be less prone to attack on important files and data. well.............the files i copied are : 1. /etc/ppp/options 2./etc/ptpd.conf 3 /var/log/pptpd.log 4./ lib/li686/libc.so.6 5./lib/ld-linux.so.2 but, pptpd is not coming up at all.........any ideas? -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From RLDITTO at BRIGHT.NET Fri Dec 21 07:52:19 2001 From: RLDITTO at BRIGHT.NET (JOE) Date: Fri, 21 Dec 2001 08:52:19 -0500 Subject: [pptp-server] PPTP performance again: malfunction singled out Message-ID: <003b01c18a26$b60ed420$0b00a8c0@backdog> in a prior post i laid out a situation in comparing the two linux vs. windows. for the test i ran a pentium 4 processor with winblow 2000 wantstobeaprofessional that i used as a vpn server, and opened up a program called goldmine which is a contact management program. i took 23 seconds from double clicking the program icon located on the server to get the prompt to log on to the program. i then ran the same test with my piii 1ghz linux vpn server, it took over 2 minutes. opening basic documents like word, and excel takes less than 10 seconds with winblows and over a minute with linux. joe -------------- next part -------------- An HTML attachment was scrubbed... URL: From arussell at siumed.edu Fri Dec 21 11:14:53 2001 From: arussell at siumed.edu (Amy Monahan) Date: Fri, 21 Dec 2001 11:14:53 -0600 Subject: [pptp-server] ppp 2.4.0 patch to require mppe?? Message-ID: <3C236E0D.DBC641FD@siumed.edu> Does anyone know where I can find a patch for ppp 2.4.0 to require mppe? I found a link in an earlier message but I am unable to connect to that site. TIA From berzerke at swbell.net Fri Dec 21 16:07:59 2001 From: berzerke at swbell.net (robert) Date: Fri, 21 Dec 2001 16:07:59 -0600 Subject: [pptp-server] ppp 2.4.0 patch to require mppe?? In-Reply-To: <3C236E0D.DBC641FD@siumed.edu> References: <3C236E0D.DBC641FD@siumed.edu> Message-ID: <0GOP002PHS3W1S@mta4.rcsntx.swbell.net> The howto at http://home.swbell.net/berzerke has the locations. On Friday 21 December 2001 11:14 am, Amy Monahan wrote: > Does anyone know where I can find a patch for ppp 2.4.0 to require > mppe? I found a link in an earlier message but I am unable to connect > to that site. TIA > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From GeorgeV at citadelcomputer.com.au Fri Dec 21 19:40:57 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sat, 22 Dec 2001 12:40:57 +1100 Subject: [pptp-server] PoPToP Forums Message-ID: <200FAA488DE0D41194F10010B597610D2B948B@jupiter.citadelcomputer.com.au> There is a new PoPTop forum just created at http://forum.lancentre.com.au/forums.cgi?forum=9 You can make your posts there. There is also a http://poptop.lancentre.com.au in construction.... thanks, George Vieira. PoPToP Forum Moderator. From GeorgeV at citadelcomputer.com.au Fri Dec 21 19:43:04 2001 From: GeorgeV at citadelcomputer.com.au (George Vieira) Date: Sat, 22 Dec 2001 12:43:04 +1100 Subject: [pptp-server] using other port Message-ID: <200FAA488DE0D41194F10010B597610D2B948C@jupiter.citadelcomputer.com.au> It could be done but then you would not only have hassles with Microsoft client but also you might have a GRE problem with the firewall.. -----Original Message----- From: Faralla [mailto:faralla at gmx.de] Sent: Friday, 21 December, 2001 9:28 PM To: pptp-server at lists.schulte.org Subject: [pptp-server] using other port Hi, is there a way to change the port pptp uses to bypass a Firewall? I think the minor problem is the linux-pptpd-server, but waht about W2k-clients? Thanks, Faralla _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- From arturo at descom.es Mon Dec 24 07:26:59 2001 From: arturo at descom.es (Arturo Pina) Date: Mon, 24 Dec 2001 14:26:59 +0100 Subject: [pptp-server] PPTPD configuration problem - none output in the logfile Message-ID: Hi, I'm trying to setup PPTPD on Solaris 7. I'm totally desperate, as for some strange reason there's no output in the logfile and I can't understand why. 1) I've setup /etc/pptpd.log with debug 2) I've setup /etc/syslog.conf with daemon.* /var/log/pptpd.log When I open a PPTP connection to the box I see the traffic coming and going, and I get the 619 error from Windows (port not connected). Whenever the server is not running I get 678 (non answer). I've also seen via truss command that the server forks a child and does several things whenever I fire up the connection but that's it. Is there anything I'm doing wrong? Please any help would be much appreciated. P.S. I don't even talk about ppp problems as I don't get to that stage yet. Kind regards, Arturo --------------------------------------- From thies at thieso.net Mon Dec 24 14:15:14 2001 From: thies at thieso.net (Thies C. Arntzen) Date: Mon, 24 Dec 2001 21:15:14 +0100 Subject: [pptp-server] howto access PPTP server behind a NAT server? Message-ID: <20011224201514.GB18697@schnuffel.thieso.net> hi, (please cc:thies at thieso.net) i really hopt this is not a stupid question, i did do a quick google on my problem and haven't found a real answer - so, maybe somebody can help me my "dream" setup: pptp-server <-> gateway <-> *internet* <-> me at home eth0:10.0.0.100) eth1:10.0.0.1 eth0:x.y.z.w eth0:a.b.c.d the gateway runs linux 2.4.9 and does NAT the internal networt to the internet: iptables -t nat -s 10.0.0.0/24 -A POSTROUTING -o eth0 -j MASQUERADE i now want to forward all incoming pptp traffic from gateway to pptp-server so that me at home is on our internal network after login. i know that i have to forward port 1723 and protocol 43 somehow from gateway to pptp-server but i don't know how? i believe i need something like a reverse NAT from garteway to pptp-server - but i'm kinda clueless where to start. does somebody have an easy-enough solution that he/shw could share with me? regards, tc From Steve at SteveCowles.com Mon Dec 24 14:43:58 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Mon, 24 Dec 2001 14:43:58 -0600 Subject: [pptp-server] howto access PPTP server behind a NAT server? Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9AA@defiant.infohiiway.com> > -----Original Message----- > From: Thies C. Arntzen [mailto:thies at thieso.net] > Sent: Monday, December 24, 2001 2:15 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] howto access PPTP server behind a NAT server? > > > > hi, > (please cc:thies at thieso.net) > > i really hopt this is not a stupid question, i did do a quick > google on my problem and haven't found a real answer - so, > maybe somebody can help me > > my "dream" setup: > > > pptp-server <-> gateway <-> *internet* <-> me at home > eth0:10.0.0.100) eth1:10.0.0.1 eth0:x.y.z.w > eth0:a.b.c.d > > the gateway runs linux 2.4.9 and does NAT the internal > networt to the internet: > > iptables -t nat -s 10.0.0.0/24 -A POSTROUTING -o eth0 -j > MASQUERADE > > i now want to forward all incoming pptp traffic from gateway > to pptp-server so that me at home is on our internal network > after login. i know that i have to forward port 1723 and > protocol 43 somehow from gateway to pptp-server but i don't > know how? i believe i need something like a reverse NAT from > garteway to pptp-server - but i'm kinda clueless where to > start. > > does somebody have an easy-enough solution that he/shw could > share with me? > > regards, > tc Checkout: http://www.impsec.org/linux/masquerade/ip_masq_vpn.html Specifically, the 2.4.x series kernel section. The iptable commands you are seeking are listed there. Steve Cowles From muralivemuri at multitech.co.in Wed Dec 26 04:08:14 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Wed, 26 Dec 2001 15:38:14 +0530 Subject: [pptp-server] proxyarp and network neighbour hood Message-ID: <3C29A18E.704182C@multitech.co.in> hi, when i say proxyarp in /etc/ppp/options, i am able to get the network through eth0 but, i want to do the same through eth1. how can i do it? second, my windows 98 client is not able to show up any body on the otherside lan in its network neighbour hood. of course! i am not running samba on my pptp server. attached are the configuration files . any ideas? -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- debug #/dev/ttyS0 name yogi lock auth login proxyarp #+pap 10.110.2.1:10.110.2.3 +chap +chapms +chapms-v2 +mppe-40 +mppe-128 +mppe-stateless noccp #logfile /var/log/ppp.log -------------- next part -------------- speed 19200 debug localip 192.168.1.240 remoteip 192.168.1.245-250 From Steve at SteveCowles.com Wed Dec 26 08:43:38 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Wed, 26 Dec 2001 08:43:38 -0600 Subject: [pptp-server] RE: proxyarp and network neighbour hood Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9AC@defiant.infohiiway.com> > -----Original Message----- > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > Sent: Wednesday, December 26, 2001 4:08 AM > To: pptplist > Subject: proxyarp and network neighbour hood > > > hi, > when i say proxyarp in /etc/ppp/options, i am able to get > the network through eth0 but, i want to do the same > through eth1. how can i do it? Exactly what is eth1 used for? Another private LAN -or- is this a connection to your ISP? Maybe a diagram or a better description of your network might help all of us understand your goal here. > second, my windows 98 client is not able to show up any > body on the otherside lan in its network neighbour hood. > of course! i am not running samba on my pptp server. > attached are the configuration files . any ideas? First, why are you assigning a 10.x.x.x remote/local ip address in your options file when you are assigning a 192.168.x.x local/remote in your pptp.conf file? Second, have you configured your win98 PPTP client to properly register its domain/workgroup association with a WINS server on your local LAN? I did not see a "ms-wins" directive in your options file. In fact, are you running a WINS server on your local LAN? Also, are all windows clients on your local LAN configured to register with a WINS server instead of broadcasting there domain/workgroup affiliation? Steve Cowles From muralivemuri at multitech.co.in Wed Dec 26 09:54:18 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Wed, 26 Dec 2001 21:24:18 +0530 Subject: [pptp-server] RE: proxyarp and network neighbour hood References: <90769AF04F76D41186C700A0C90AFC3EE9AC@defiant.infohiiway.com> Message-ID: <3C29F2AA.CFA7B307@multitech.co.in> problem 1 : yes......you are right ! eth1 is used to connect to ISP. problem 2 : well the /etc/ppp/options and /etc/pptpd.conf are from two different machines. win98 will make a ppp connection to a server1 and from there gets the address 10.x.x.x then he will connect to another server2, which is the pptp server. he will assign a 192.168.x.x address . basically , the server1 has two ethernet interfaces, eth0 and eth1. our network does not have any WINS server. all win clients go for broadcasting only........:-( so, my setup typically looks like this: (serial line) dial up (eth0) Intra net win98 ---------> server --------> Server-----------> LAN | (eth1) | ----------> Internet "Cowles, Steve" wrote: > > -----Original Message----- > > From: Murali K. Vemuri [mailto:muralivemuri at multitech.co.in] > > Sent: Wednesday, December 26, 2001 4:08 AM > > To: pptplist > > Subject: proxyarp and network neighbour hood > > > > > > hi, > > when i say proxyarp in /etc/ppp/options, i am able to get > > the network through eth0 but, i want to do the same > > through eth1. how can i do it? > > Exactly what is eth1 used for? Another private LAN -or- is this a connection > to your ISP? Maybe a diagram or a better description of your network might > help all of us understand your goal here. > > > second, my windows 98 client is not able to show up any > > body on the otherside lan in its network neighbour hood. > > of course! i am not running samba on my pptp server. > > attached are the configuration files . any ideas? > > First, why are you assigning a 10.x.x.x remote/local ip address in your > options file when you are assigning a 192.168.x.x local/remote in your > pptp.conf file? > > Second, have you configured your win98 PPTP client to properly register its > domain/workgroup association with a WINS server on your local LAN? I did not > see a "ms-wins" directive in your options file. In fact, are you running a > WINS server on your local LAN? Also, are all windows clients on your local > LAN configured to register with a WINS server instead of broadcasting there > domain/workgroup affiliation? > > Steve Cowles > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: From arturo at descom.es Wed Dec 26 13:18:28 2001 From: arturo at descom.es (Arturo Pina) Date: Wed, 26 Dec 2001 20:18:28 +0100 Subject: [pptp-server] PPTPD configuration problem - none output in the logfile In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, For those interested I found out what happened. It was a *silly* misreading of syslog conf. It's logging output ok now. Thanks a lot. Now I'm fighting to locate a 64 bit compiled pppd, as asppp doesn't seem to work with pptpd... Any help would be much appreciated :-) Arturo. > -----Mensaje original----- > De: pptp-server-admin at lists.schulte.org > [mailto:pptp-server-admin at lists.schulte.org]En nombre de Arturo > Pina Enviado el: lunes, 24 de diciembre de 2001 14:27 > Para: pptp-server at lists.schulte.org > Asunto: [pptp-server] PPTPD configuration problem - none output in > the logfile > > > Hi, > I'm trying to setup PPTPD on Solaris 7. I'm totally desperate, as > for some strange reason there's no output in the logfile and I > can't > understand why. > 1) I've setup /etc/pptpd.log with > debug > 2) I've setup /etc/syslog.conf with > daemon.* /var/log/pptpd.log > When I open a PPTP connection to the box I see the traffic coming > and going, > and I get the 619 error from Windows (port not connected). Whenever > the server is not running I get 678 (non answer). > I've also seen via truss command that the server forks a child and > does several things whenever I fire up the connection but that's > it. > Is there anything I'm doing wrong? Please any help would be much > appreciated. > > P.S. I don't even talk about ppp problems as I don't get to that > stage yet. > Kind regards, > > Arturo > --------------------------------------- > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server - --- To unsubscribe, go to the url just above this line. -- -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPCoihCO0e6Dz02TyEQK8WACeM+DAKvHK3IyviOQNdHjG8kJ4YyMAoIX2 aGJPdkmD2w+W2s307x12OoPI =q9RO -----END PGP SIGNATURE----- From jorgesantos at valnetsado.pt Thu Dec 27 06:42:51 2001 From: jorgesantos at valnetsado.pt (Jorge Santos) Date: Thu, 27 Dec 2001 12:42:51 -0000 Subject: [pptp-server] Logging fills my disks up Message-ID: Hi I have a poptop 1.0.1 server running on red hat 7.2 with kernel 2.4.15 with netfilter_pptp_2_4_15 patch. The problem is, it fiils up my /var/log/messages. I tried taking out "debug" from /etc/pptpd.conf but it keeps logging. This is the kind of logs I get: grey kernel: ip_outbound_pptp_tcp(): OUT_CALL_REQUEST, CT=cc60f560, CID=3365 Dec 23 04:31:26 grey pptpd[8006]: CTRL: Starting call (launching pppd, opening GRE) Dec 23 04:31:26 grey kernel: pptp_help: bad csum: cf52a8bc 18412 212.54.136.4 212.113.180.244 Dec 23 04:31:26 grey kernel: inbound_pptp_tcp(): CT=cc60f560, xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx LEN=32 TY=1 MC=1A2B3C4D CID=0 PCID=3365 CTL=OUT_CALL_REPLY Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple c91a4548: 47 xxx.xxx.xxx.xxx:0 -> xxx.xxx.xxx.xxx:3365 Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple c91a45a8: 47 xxx.xxx.xxx.xxx:3365 -> xxx.xxx.xxx.xxx:0 Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple c91a44e8: 47 xxx.xxx.xxx.xxx:3365 -> xxx.xxx.xxx.xxx:0 Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple c91a4508: 47 xxx.xxx.xxx.xxx:0 -> xxx.xxx.xxx.xxx:3365 Dec 23 04:31:26 grey kernel: pptp: failed to register conntrack protocol GRE! Dec 23 04:31:26 grey pppd[8007]: pppd 2.4.1 started by root, uid 0 Dec 23 04:31:26 grey kernel: pptp_help: bad csum: c8eb2c14 16364 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx Dec 23 04:31:26 grey kernel: outbound_pptp_tcp(): CT=cc60f560, xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx LEN=24 TY=1 MC=1A2B3C4D PCID=0 CTL=SET_LINK_INFO How can I prevent syslog from logging this? Thanks in advance -- \_/ Jorge Alexandre Santos 'v' jorgesantos at valnetsado.pt // \\ Tel : 212327300 /( )\ Fax : 212327301 ^`~?^ Valnet Sado S.A. From jvonau at home.com Thu Dec 27 08:16:43 2001 From: jvonau at home.com (Jerry Vonau) Date: Thu, 27 Dec 2001 08:16:43 -0600 Subject: [pptp-server] Logging fills my disks up References: Message-ID: <3C2B2D4B.C21C115B@home.com> Jorge: The patch, I believe is to allow multiple pptp client to be masq'ed. I don't think it is required for a pptp server, only on a masq-ing gateway. Try not loading the masq_pptp module and see what happends. If I'm wrong someone please correct me. Jerry Vonau Jorge Santos wrote: > > Hi > I have a poptop 1.0.1 server running on red hat 7.2 with kernel 2.4.15 with > netfilter_pptp_2_4_15 patch. The problem is, it fiils up my > /var/log/messages. I tried taking out "debug" from /etc/pptpd.conf but it > keeps logging. > > This is the kind of logs I get: > > grey kernel: ip_outbound_pptp_tcp(): OUT_CALL_REQUEST, CT=cc60f560, CID=3365 > Dec 23 04:31:26 grey pptpd[8006]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 23 04:31:26 grey kernel: pptp_help: bad csum: cf52a8bc 18412 > 212.54.136.4 212.113.180.244 > Dec 23 04:31:26 grey kernel: inbound_pptp_tcp(): CT=cc60f560, > xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx LEN=32 TY=1 MC=1A2B3C4D CID=0 PCID=3365 > CTL=OUT_CALL_REPLY > Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple > c91a4548: 47 xxx.xxx.xxx.xxx:0 -> xxx.xxx.xxx.xxx:3365 > Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple > c91a45a8: 47 xxx.xxx.xxx.xxx:3365 -> xxx.xxx.xxx.xxx:0 > Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple > c91a44e8: 47 xxx.xxx.xxx.xxx:3365 -> xxx.xxx.xxx.xxx:0 > Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple > c91a4508: 47 xxx.xxx.xxx.xxx:0 -> xxx.xxx.xxx.xxx:3365 > Dec 23 04:31:26 grey kernel: pptp: failed to register conntrack protocol > GRE! > Dec 23 04:31:26 grey pppd[8007]: pppd 2.4.1 started by root, uid 0 > Dec 23 04:31:26 grey kernel: pptp_help: bad csum: c8eb2c14 16364 > xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx > Dec 23 04:31:26 grey kernel: outbound_pptp_tcp(): CT=cc60f560, > xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx LEN=24 TY=1 MC=1A2B3C4D PCID=0 > CTL=SET_LINK_INFO > > How can I prevent syslog from logging this? > > Thanks in advance > > -- > \_/ Jorge Alexandre Santos > 'v' jorgesantos at valnetsado.pt > // \\ Tel : 212327300 > /( )\ Fax : 212327301 > ^`~?^ Valnet Sado S.A. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From jorgesantos at valnetsado.pt Thu Dec 27 13:22:44 2001 From: jorgesantos at valnetsado.pt (Jorge Santos) Date: Thu, 27 Dec 2001 19:22:44 -0000 Subject: [pptp-server] Logging fills my disks up In-Reply-To: <3C2B2D4B.C21C115B@home.com> Message-ID: Hi The trouble is that the firewall must also masq pptp clients :) By the way, where did i get the patch? i can?t seem to find the url. Can you point it for me please? Thanx in advance -- \_/ Jorge Alexandre Santos 'v' jorgesantos at valnetsado.pt // \\ Tel : 212327300 /( )\ Fax : 212327301 ^`~?^ Valnet Sado S.A. -----Original Message----- From: Jerry Vonau [mailto:jvonau at home.com] Sent: quinta-feira, 27 de Dezembro de 2001 14:17 To: Jorge Santos Cc: Pptp-Server Subject: Re: [pptp-server] Logging fills my disks up Jorge: The patch, I believe is to allow multiple pptp client to be masq'ed. I don't think it is required for a pptp server, only on a masq-ing gateway. Try not loading the masq_pptp module and see what happends. If I'm wrong someone please correct me. Jerry Vonau Jorge Santos wrote: > > Hi > I have a poptop 1.0.1 server running on red hat 7.2 with kernel 2.4.15 with > netfilter_pptp_2_4_15 patch. The problem is, it fiils up my > /var/log/messages. I tried taking out "debug" from /etc/pptpd.conf but it > keeps logging. > > This is the kind of logs I get: > > grey kernel: ip_outbound_pptp_tcp(): OUT_CALL_REQUEST, CT=cc60f560, CID=3365 > Dec 23 04:31:26 grey pptpd[8006]: CTRL: Starting call (launching pppd, > opening GRE) > Dec 23 04:31:26 grey kernel: pptp_help: bad csum: cf52a8bc 18412 > 212.54.136.4 212.113.180.244 > Dec 23 04:31:26 grey kernel: inbound_pptp_tcp(): CT=cc60f560, > xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx LEN=32 TY=1 MC=1A2B3C4D CID=0 PCID=3365 > CTL=OUT_CALL_REPLY > Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple > c91a4548: 47 xxx.xxx.xxx.xxx:0 -> xxx.xxx.xxx.xxx:3365 > Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple > c91a45a8: 47 xxx.xxx.xxx.xxx:3365 -> xxx.xxx.xxx.xxx:0 > Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple > c91a44e8: 47 xxx.xxx.xxx.xxx:3365 -> xxx.xxx.xxx.xxx:0 > Dec 23 04:31:26 grey kernel: put_gre_tuple(): Master=cc60f560 tuple > c91a4508: 47 xxx.xxx.xxx.xxx:0 -> xxx.xxx.xxx.xxx:3365 > Dec 23 04:31:26 grey kernel: pptp: failed to register conntrack protocol > GRE! > Dec 23 04:31:26 grey pppd[8007]: pppd 2.4.1 started by root, uid 0 > Dec 23 04:31:26 grey kernel: pptp_help: bad csum: c8eb2c14 16364 > xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx > Dec 23 04:31:26 grey kernel: outbound_pptp_tcp(): CT=cc60f560, > xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx LEN=24 TY=1 MC=1A2B3C4D PCID=0 > CTL=SET_LINK_INFO > > How can I prevent syslog from logging this? > > Thanks in advance > > -- > \_/ Jorge Alexandre Santos > 'v' jorgesantos at valnetsado.pt > // \\ Tel : 212327300 > /( )\ Fax : 212327301 > ^`~?^ Valnet Sado S.A. > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From scottt at soccer.com Thu Dec 27 14:15:07 2001 From: scottt at soccer.com (Scott Taylor) Date: Thu, 27 Dec 2001 12:15:07 -0800 Subject: [pptp-server] NT Authentication Message-ID: An HTML attachment was scrubbed... URL: From lwi at teleplan.no Fri Dec 28 06:44:48 2001 From: lwi at teleplan.no (Wilhelmsen, Lars) Date: Fri, 28 Dec 2001 13:44:48 +0100 Subject: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) Message-ID: Hi list. I've tried to configure a linux box, as a pptp server, using this HOWTO: http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt -- snip from /var/log/messages -- Dec 28 14:12:35 gateway pptpd[1011]: CTRL: Client 213.88.x.x control connectio n started Dec 28 14:12:35 gateway pptpd[1011]: CTRL: Starting call (launching pppd, openin g GRE) Dec 28 14:12:35 gateway pppd[1012]: pppd 2.4.1 started by root, uid 0 Dec 28 14:12:35 gateway pppd[1012]: Using interface ppp0 Dec 28 14:12:35 gateway pppd[1012]: Connect: ppp0 <--> /dev/pts/1 Dec 28 14:12:35 gateway pptpd[1011]: GRE: Discarding duplicate packet Dec 28 14:13:05 gateway pppd[1012]: LCP: timeout sending Config-Requests Dec 28 14:13:05 gateway pppd[1012]: Connection terminated. Dec 28 14:13:05 gateway pppd[1012]: Exit. Dec 28 14:13:05 gateway pptpd[1011]: GRE: read(fd=5,buffer=804d8c0,len=8196) fro m PTY failed: status = -1 error = Input/output error Dec 28 14:13:05 gateway pptpd[1011]: CTRL: PTY read or GRE write failed (pty,gre )=(5,6) Dec 28 14:13:05 gateway pptpd[1011]: CTRL: Client 213.88.x.x control connectio n finished -- snip from /var/log/messages -- When I try to connect (from the w2k prof. box), it stops at the stage "Verifying username and password..." And as you can see from the log; LCP: timeout sending Config-Requests. Anyone who have a clue of what I am doing wrong? best regards, ,---------------------------------. ,-------------------|Votis subscribunt fata secundis. | | Lars Wilhelmsen | Destiny makes wishes come true. | | Software Engineer `------------------+--------------? | Email: lwi at teleplan.no | | | Office: +47 67 12 72 36 | | | Fax: +47 67 12 72 70 | ,------^------. | Mobile: +47 93 06 72 36 | | Teleplan AS | | MobFax: +47 93 17 05 53 | `-------------? | Web: www.teleplan.no | `-----------,---------------^---[winamp playing]------. | MJ Cole - Radio Interlude | `-----------------------------------------? From mikael.lonnroth at advancevpn.com Fri Dec 28 17:15:20 2001 From: mikael.lonnroth at advancevpn.com (=?iso-8859-1?Q?Mikael_L=F6nnroth?=) Date: Fri, 28 Dec 2001 15:15:20 -0800 Subject: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) References: Message-ID: <001301c18ff5$85d14b10$121b7d0a@advancehome> Usually this happens when the GRE protocol is blocked by a router or firewall between your PC and the VPN server. Regards, Mikael L?nnroth www.advancevpn.com ----- Original Message ----- From: "Wilhelmsen, Lars" To: Sent: Friday, December 28, 2001 4:44 AM Subject: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) > Hi list. > > I've tried to configure a linux box, as a pptp server, > using this HOWTO: > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt > > -- snip from /var/log/messages -- > Dec 28 14:12:35 gateway pptpd[1011]: CTRL: Client 213.88.x.x control > connectio > n started > Dec 28 14:12:35 gateway pptpd[1011]: CTRL: Starting call (launching > pppd, openin > g GRE) > Dec 28 14:12:35 gateway pppd[1012]: pppd 2.4.1 started by root, uid 0 > Dec 28 14:12:35 gateway pppd[1012]: Using interface ppp0 > Dec 28 14:12:35 gateway pppd[1012]: Connect: ppp0 <--> /dev/pts/1 > Dec 28 14:12:35 gateway pptpd[1011]: GRE: Discarding duplicate packet > Dec 28 14:13:05 gateway pppd[1012]: LCP: timeout sending Config-Requests > Dec 28 14:13:05 gateway pppd[1012]: Connection terminated. > Dec 28 14:13:05 gateway pppd[1012]: Exit. > Dec 28 14:13:05 gateway pptpd[1011]: GRE: > read(fd=5,buffer=804d8c0,len=8196) fro > m PTY failed: status = -1 error = Input/output error > Dec 28 14:13:05 gateway pptpd[1011]: CTRL: PTY read or GRE write failed > (pty,gre > )=(5,6) > Dec 28 14:13:05 gateway pptpd[1011]: CTRL: Client 213.88.x.x control > connectio > n finished > -- snip from /var/log/messages -- > > When I try to connect (from the w2k prof. box), it stops at the stage > "Verifying username and password..." > > And as you can see from the log; LCP: timeout sending Config-Requests. > > Anyone who have a clue of what I am doing wrong? > > best regards, > ,---------------------------------. > ,-------------------|Votis subscribunt fata secundis. | > | Lars Wilhelmsen | Destiny makes wishes come true. | > | Software Engineer `------------------+--------------? > | Email: lwi at teleplan.no | | > | Office: +47 67 12 72 36 | | > | Fax: +47 67 12 72 70 | ,------^------. > | Mobile: +47 93 06 72 36 | | Teleplan AS | > | MobFax: +47 93 17 05 53 | `-------------? > | Web: www.teleplan.no | > `-----------,---------------^---[winamp playing]------. > | MJ Cole - Radio Interlude | > `-----------------------------------------? > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > From lwi at teleplan.no Fri Dec 28 07:15:48 2001 From: lwi at teleplan.no (Wilhelmsen, Lars) Date: Fri, 28 Dec 2001 14:15:48 +0100 Subject: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) Message-ID: That *could* be the problem. How can I check if it is true? regards, --lars wilhelmsen -----Original Message----- From: Mikael L?nnroth [mailto:mikael.lonnroth at advancevpn.com] Sent: 29. desember 2001 00:15 To: Wilhelmsen, Lars; pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) Usually this happens when the GRE protocol is blocked by a router or firewall between your PC and the VPN server. Regards, Mikael L?nnroth www.advancevpn.com ----- Original Message ----- From: "Wilhelmsen, Lars" To: Sent: Friday, December 28, 2001 4:44 AM Subject: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) > Hi list. > > I've tried to configure a linux box, as a pptp server, > using this HOWTO: > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt > > -- snip from /var/log/messages -- > Dec 28 14:12:35 gateway pptpd[1011]: CTRL: Client 213.88.x.x control > connectio > n started > Dec 28 14:12:35 gateway pptpd[1011]: CTRL: Starting call (launching > pppd, openin > g GRE) > Dec 28 14:12:35 gateway pppd[1012]: pppd 2.4.1 started by root, uid 0 > Dec 28 14:12:35 gateway pppd[1012]: Using interface ppp0 > Dec 28 14:12:35 gateway pppd[1012]: Connect: ppp0 <--> /dev/pts/1 > Dec 28 14:12:35 gateway pptpd[1011]: GRE: Discarding duplicate packet > Dec 28 14:13:05 gateway pppd[1012]: LCP: timeout sending Config-Requests > Dec 28 14:13:05 gateway pppd[1012]: Connection terminated. > Dec 28 14:13:05 gateway pppd[1012]: Exit. > Dec 28 14:13:05 gateway pptpd[1011]: GRE: > read(fd=5,buffer=804d8c0,len=8196) fro > m PTY failed: status = -1 error = Input/output error > Dec 28 14:13:05 gateway pptpd[1011]: CTRL: PTY read or GRE write failed > (pty,gre > )=(5,6) > Dec 28 14:13:05 gateway pptpd[1011]: CTRL: Client 213.88.x.x control > connectio > n finished > -- snip from /var/log/messages -- > > When I try to connect (from the w2k prof. box), it stops at the stage > "Verifying username and password..." > > And as you can see from the log; LCP: timeout sending Config-Requests. > > Anyone who have a clue of what I am doing wrong? > > best regards, > ,---------------------------------. > ,-------------------|Votis subscribunt fata secundis. | > | Lars Wilhelmsen | Destiny makes wishes come true. | > | Software Engineer `------------------+--------------? > | Email: lwi at teleplan.no | | > | Office: +47 67 12 72 36 | | > | Fax: +47 67 12 72 70 | ,------^------. > | Mobile: +47 93 06 72 36 | | Teleplan AS | > | MobFax: +47 93 17 05 53 | `-------------? > | Web: www.teleplan.no | > `-----------,---------------^---[winamp playing]------. > | MJ Cole - Radio Interlude | > `-----------------------------------------? > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > `-----------,---------------^---[winamp playing]------. | Deep Dish - Fluke - Slid | `-----------------------------------------? From Administrator at josims.com Fri Dec 28 07:13:20 2001 From: Administrator at josims.com (Andrew Lyon) Date: Fri, 28 Dec 2001 13:13:20 -0000 Subject: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) Message-ID: There is a patched traceroute on the website that uses gre packets. Andy -----Original Message----- From: Wilhelmsen, Lars [mailto:lwi at teleplan.no] Sent: 28 December 2001 13:16 To: Subject: RE: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) That *could* be the problem. How can I check if it is true? regards, --lars wilhelmsen -----Original Message----- From: Mikael L?nnroth [mailto:mikael.lonnroth at advancevpn.com] Sent: 29. desember 2001 00:15 To: Wilhelmsen, Lars; pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) Usually this happens when the GRE protocol is blocked by a router or firewall between your PC and the VPN server. Regards, Mikael L?nnroth www.advancevpn.com ----- Original Message ----- From: "Wilhelmsen, Lars" To: Sent: Friday, December 28, 2001 4:44 AM Subject: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) > Hi list. > > I've tried to configure a linux box, as a pptp server, > using this HOWTO: > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt > > -- snip from /var/log/messages -- > Dec 28 14:12:35 gateway pptpd[1011]: CTRL: Client 213.88.x.x control > connectio n started > Dec 28 14:12:35 gateway pptpd[1011]: CTRL: Starting call (launching > pppd, openin > g GRE) > Dec 28 14:12:35 gateway pppd[1012]: pppd 2.4.1 started by root, uid 0 > Dec 28 14:12:35 gateway pppd[1012]: Using interface ppp0 > Dec 28 14:12:35 gateway pppd[1012]: Connect: ppp0 <--> /dev/pts/1 > Dec 28 14:12:35 gateway pptpd[1011]: GRE: Discarding duplicate packet > Dec 28 14:13:05 gateway pppd[1012]: LCP: timeout sending Config-Requests > Dec 28 14:13:05 gateway pppd[1012]: Connection terminated. Dec 28 > 14:13:05 gateway pppd[1012]: Exit. Dec 28 14:13:05 gateway > pptpd[1011]: GRE: > read(fd=5,buffer=804d8c0,len=8196) fro > m PTY failed: status = -1 error = Input/output error > Dec 28 14:13:05 gateway pptpd[1011]: CTRL: PTY read or GRE write failed > (pty,gre > )=(5,6) > Dec 28 14:13:05 gateway pptpd[1011]: CTRL: Client 213.88.x.x control > connectio n finished > -- snip from /var/log/messages -- > > When I try to connect (from the w2k prof. box), it stops at the stage > "Verifying username and password..." > > And as you can see from the log; LCP: timeout sending Config-Requests. > > Anyone who have a clue of what I am doing wrong? > > best regards, > ,---------------------------------. > ,-------------------|Votis subscribunt fata secundis. | > | Lars Wilhelmsen | Destiny makes wishes come true. | > | Software Engineer `------------------+--------------? > | Email: lwi at teleplan.no | | > | Office: +47 67 12 72 36 | | > | Fax: +47 67 12 72 70 | ,------^------. > | Mobile: +47 93 06 72 36 | | Teleplan AS | > | MobFax: +47 93 17 05 53 | `-------------? > | Web: www.teleplan.no | > `-----------,---------------^---[winamp playing]------. > | MJ Cole - Radio Interlude | > `-----------------------------------------? > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > `-----------,---------------^---[winamp playing]------. | Deep Dish - Fluke - Slid | `-----------------------------------------? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Registered Office: J.O. Sims Ltd, Pudding Lane, Pinchbeck, Spalding, Lincs. PE11 3TJ Company reg No: 2084187 Vat reg No: GB 437 4621 47 Tel: +44 (0) 1775 842100 Fax: +44 (0) 1775 842101 Web: www.josims.com Email: enquiries at josims.com The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. From Administrator at josims.com Fri Dec 28 07:22:18 2001 From: Administrator at josims.com (Andrew Lyon) Date: Fri, 28 Dec 2001 13:22:18 -0000 Subject: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) Message-ID: Its on http://home.swbell.net/berzerke/ Andy -----Original Message----- From: Wilhelmsen, Lars [mailto:lwi at teleplan.no] Sent: 28 December 2001 13:26 To: Andrew Lyon Subject: RE: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) Hmm.. Do you have the URL to the website? --larsw -----Original Message----- From: Andrew Lyon [mailto:Administrator at josims.com] Sent: 28. desember 2001 14:13 To: 'pptp-server at lists.schulte.org' Cc: Wilhelmsen, Lars Subject: RE: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) There is a patched traceroute on the website that uses gre packets. Andy -----Original Message----- From: Wilhelmsen, Lars [mailto:lwi at teleplan.no] Sent: 28 December 2001 13:16 To: Subject: RE: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) That *could* be the problem. How can I check if it is true? regards, --lars wilhelmsen -----Original Message----- From: Mikael L?nnroth [mailto:mikael.lonnroth at advancevpn.com] Sent: 29. desember 2001 00:15 To: Wilhelmsen, Lars; pptp-server at lists.schulte.org Subject: Re: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) Usually this happens when the GRE protocol is blocked by a router or firewall between your PC and the VPN server. Regards, Mikael L?nnroth www.advancevpn.com ----- Original Message ----- From: "Wilhelmsen, Lars" To: Sent: Friday, December 28, 2001 4:44 AM Subject: [pptp-server] PPTP problems ( w2k -> linux 2.4.17 - ppp-2.4.1 + patches, pptpd-1.0.1) > Hi list. > > I've tried to configure a linux box, as a pptp server, > using this HOWTO: > http://home.swbell.net/berzerke/2.4_Kernel_PPTPD-HOWTO.txt > > -- snip from /var/log/messages -- > Dec 28 14:12:35 gateway pptpd[1011]: CTRL: Client 213.88.x.x control > connectio n started > Dec 28 14:12:35 gateway pptpd[1011]: CTRL: Starting call (launching > pppd, openin > g GRE) > Dec 28 14:12:35 gateway pppd[1012]: pppd 2.4.1 started by root, uid 0 > Dec 28 14:12:35 gateway pppd[1012]: Using interface ppp0 > Dec 28 14:12:35 gateway pppd[1012]: Connect: ppp0 <--> /dev/pts/1 > Dec 28 14:12:35 gateway pptpd[1011]: GRE: Discarding duplicate packet > Dec 28 14:13:05 gateway pppd[1012]: LCP: timeout sending Config-Requests > Dec 28 14:13:05 gateway pppd[1012]: Connection terminated. Dec 28 > 14:13:05 gateway pppd[1012]: Exit. Dec 28 14:13:05 gateway > pptpd[1011]: GRE: > read(fd=5,buffer=804d8c0,len=8196) fro > m PTY failed: status = -1 error = Input/output error > Dec 28 14:13:05 gateway pptpd[1011]: CTRL: PTY read or GRE write failed > (pty,gre > )=(5,6) > Dec 28 14:13:05 gateway pptpd[1011]: CTRL: Client 213.88.x.x control > connectio n finished > -- snip from /var/log/messages -- > > When I try to connect (from the w2k prof. box), it stops at the stage > "Verifying username and password..." > > And as you can see from the log; LCP: timeout sending Config-Requests. > > Anyone who have a clue of what I am doing wrong? > > best regards, > ,---------------------------------. > ,-------------------|Votis subscribunt fata secundis. | > | Lars Wilhelmsen | Destiny makes wishes come true. | > | Software Engineer `------------------+--------------? > | Email: lwi at teleplan.no | | > | Office: +47 67 12 72 36 | | > | Fax: +47 67 12 72 70 | ,------^------. > | Mobile: +47 93 06 72 36 | | Teleplan AS | > | MobFax: +47 93 17 05 53 | `-------------? > | Web: www.teleplan.no | > `-----------,---------------^---[winamp playing]------. > | MJ Cole - Radio Interlude | > `-----------------------------------------? > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- > `-----------,---------------^---[winamp playing]------. | Deep Dish - Fluke - Slid | `-----------------------------------------? _______________________________________________ pptp-server maillist - pptp-server at lists.schulte.org http://lists.schulte.org/mailman/listinfo/pptp-server --- To unsubscribe, go to the url just above this line. -- Registered Office: J.O. Sims Ltd, Pudding Lane, Pinchbeck, Spalding, Lincs. PE11 3TJ Company reg No: 2084187 Vat reg No: GB 437 4621 47 Tel: +44 (0) 1775 842100 Fax: +44 (0) 1775 842101 Web: www.josims.com Email: enquiries at josims.com The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. `-----------,---------------^---[winamp playing]------. | Deep Dish - Smoked - Metro | `-----------------------------------------? Registered Office: J.O. Sims Ltd, Pudding Lane, Pinchbeck, Spalding, Lincs. PE11 3TJ Company reg No: 2084187 Vat reg No: GB 437 4621 47 Tel: +44 (0) 1775 842100 Fax: +44 (0) 1775 842101 Web: www.josims.com Email: enquiries at josims.com The information contained in this e-mail is confidential and is intended for the addressee only. The contents of this e-mail must not be disclosed or copied without the sender's consent. If you are not the intended recipient of the message, please notify the sender immediately, and delete the message. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. No commitment may be inferred from the contents unless explicitly stated. The company does not take any responsibility for the personal views of the author. This message has been scanned for viruses before sending, but the company does not accept any responsibility for infection and recommends that you scan any attachments. From cxwood2 at qwest.com Fri Dec 28 10:46:43 2001 From: cxwood2 at qwest.com (Chris Woods) Date: Fri, 28 Dec 2001 10:46:43 -0600 Subject: [pptp-server] PPTP with NAT Message-ID: I have a DSL line at my home with static public IP's and I am trying to PPTP into a Linux (samba) PoPToP server that is behind a router doing NAT. I can connect just fine and I get assigned an address for the private LAN. My problem is that I can't see the server. Oh ya my Linux (samba) is running as a NT PDC and is working fine on the LAN. Any ideas? Here is my OPTIONS : debug name (is this a FQDN or browse master name or a workgroup name) auth require-chap proxyarp ms-wins 10.0.0.2 netmask 255.255.255.0 (winipcfg reports the mask as 255.0.0.0?) Here is my PPTPD.conf: debug speed 115200 option /etc/ppp/options localip 10.0.0.200-250 remoteip 10.0.0.200-250 Chris. -------------- next part -------------- An HTML attachment was scrubbed... URL: From prunkard at CSZINC.COM Fri Dec 28 10:54:45 2001 From: prunkard at CSZINC.COM (Jason Prunkard) Date: Fri, 28 Dec 2001 11:54:45 -0500 Subject: [pptp-server] PPTP with NAT Message-ID: Chris, Your problem sounds like it is DNS....do you have a DNS address specified in your scope on the LINUX box? Hope this helps, Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From Steve at SteveCowles.com Fri Dec 28 11:19:41 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Fri, 28 Dec 2001 11:19:41 -0600 Subject: [pptp-server] PPTP with NAT Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9B3@defiant.infohiiway.com> > -----Original Message----- > From: Chris Woods [mailto:cxwood2 at qwest.com] > Sent: Friday, December 28, 2001 10:47 AM > To: PPTP > Subject: [pptp-server] PPTP with NAT > > > I have a DSL line at my home with static public IP's and I am trying to PPTP > into a Linux (samba) PoPToP server that is behind a router doing NAT. I can > connect just fine and I get assigned an address for the private LAN. My > problem is that I can't see the server. Oh ya my Linux (samba) is running as > a NT PDC and is working fine on the LAN. > > Any ideas? > > Here is my OPTIONS : > > debug > name (is this a FQDN or browse master name or a workgroup name) FWIW: PPTP is a transport protocol. It has nothing to do with Microsoft NetBios, Browsing, Workgroup/Domain names, etc... Use the FQDN. > auth > require-chap > proxyarp > ms-wins 10.0.0.2 > netmask 255.255.255.0 (winipcfg reports the mask as 255.0.0.0?) The netmask statement above is useless when using a Windows based PPTP client. Your PPTP client is going to assign the class a based netmask as you have shown above. This has been a source of irritation for me too. > Here is my PPTPD.conf: > > debug > speed 115200 > option /etc/ppp/options > localip 10.0.0.200-250 > remoteip 10.0.0.200-250 Uh!!! Why are you assigning the same IP's to both the remoteip and localip. That will never work. Try the following: localip 10.0.0.200 remoteip 10.0.0.201-250 From cxwood2 at qwest.com Fri Dec 28 14:36:37 2001 From: cxwood2 at qwest.com (Chris Woods) Date: Fri, 28 Dec 2001 14:36:37 -0600 Subject: [pptp-server] PPTP authentication Message-ID: My samba server is configured to be a NT PDC. How can I have the vpn users authenticate against the PDC instead of the chap-secrets file? Chris. -------------- next part -------------- An HTML attachment was scrubbed... URL: From return at trafficmagnet.net Fri Dec 28 16:55:52 2001 From: return at trafficmagnet.net (Christine Hall) Date: Sat, 29 Dec 2001 6:55:52 +0800 Subject: [pptp-server] POPTOP.LINEO.COM Message-ID: <200112282257.fBSMvex19292@ns4.trafficnet.net> An HTML attachment was scrubbed... URL: From berzerke at swbell.net Fri Dec 28 16:59:50 2001 From: berzerke at swbell.net (robert) Date: Fri, 28 Dec 2001 16:59:50 -0600 Subject: [pptp-server] PPTP authentication In-Reply-To: References: Message-ID: <0GP200LIUT5CVR@mta5.rcsntx.swbell.net> Try the smb patch. Links and instructions are in the howto at http://home.swbell.net/berzerke On Friday 28 December 2001 02:36 pm, Chris Woods wrote: > My samba server is configured to be a NT PDC. How can I have the vpn users > authenticate against the PDC instead of the chap-secrets file? > > Chris. From muralivemuri at multitech.co.in Sat Dec 29 08:14:12 2001 From: muralivemuri at multitech.co.in (Murali K. Vemuri) Date: Sat, 29 Dec 2001 19:44:12 +0530 Subject: [pptp-server] log messages Message-ID: <3C2DCFB4.4FC0EA70@multitech.co.in> hey there! i am having a crazy problem. my machine is a pptp server. to my surprise, whenever i reboot the machine, i could find the booting messages in /var/log/pptpd.log also. they are put in /var/log/messages as well as here. i am enclosing the /etc/syslog.conf file. i f there is any mistake, help me. -- regards & thanks for your time, Murali Krishna Vemuri -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages, plus log them on another # machine. *.emerg * # Save mail and news errors of level err and higher in a # special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log # # INN # news.=crit /var/log/news/news.crit news.=err /var/log/news/news.err news.notice /var/log/news/news.notice daemon.debug /var/log/pptpd.log From cwoods at oss.uswest.net Sat Dec 29 16:01:40 2001 From: cwoods at oss.uswest.net (Chris Woods) Date: Sat, 29 Dec 2001 16:01:40 -0600 Subject: [pptp-server] PPTP options Message-ID: <20011229160140.A88031@mail.oss.uswest.net> Is there a 'master' list for all the possible options you can have in the /etc/ppp/options file. Chris. From mmullis at charter.net Sat Dec 29 16:07:41 2001 From: mmullis at charter.net (Mike Mullis) Date: Sat, 29 Dec 2001 17:07:41 -0500 Subject: [pptp-server] VPN clients, authentication, and samba Message-ID: Hi, this is my first try and sending to a list, so bear with me please. After about 2 days of fiddling with PoPToP I was able to get it working. Until I can get back to the office, I cant do much testing though. Well to get my client to authenticate, I had to use DOMAIN\\username in my chap-secrets. Will I need to have my users chap-secrets password the same as the samba password if i want them to be able to access the files? Will the fact that they'll be in a diffrent workgroup ot nt domain cause me problems? Thanks. From Steve at SteveCowles.com Sat Dec 29 16:16:41 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sat, 29 Dec 2001 16:16:41 -0600 Subject: [pptp-server] PPTP options Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9B5@defiant.infohiiway.com> > -----Original Message----- > From: Chris Woods [mailto:cwoods at oss.uswest.net] > Sent: Saturday, December 29, 2001 4:02 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] PPTP options > > > Is there a 'master' list for all the possible options you can > have in the /etc/ppp/options file. > I have always used "man pppd" to list all of the available ppp options. From sysop at netvision.net.il Sat Dec 29 12:35:58 2001 From: sysop at netvision.net.il (Moti) Date: Sat, 29 Dec 2001 10:35:58 -0800 Subject: [pptp-server] help with ppp_mppe and kernel 2.4.16 ? Message-ID: <00d101c190d2$76049bf0$6f00a8c0@motil> Hi , I have followed the faq in the poptop site and have tried in vain to configure pptpd on redhat 7.2 . one problem i have is the ppp_mppe module . I have downloded the ppp.2.4.1 and pathces and the kernel patches as well . if i look in /usr/src/linux/drivers/net/ i see the ppp_mppe.c but if i run make modules make modules _install it will not compile the module and i cant see it in /lib/modules/.... u got the pptpd going and i am succesfully authenticating using mcchap-v2 from win98 and win2k . any help will do !!! thanks barazani From cwoods at oss.uswest.net Sat Dec 29 16:42:24 2001 From: cwoods at oss.uswest.net (Chris Woods) Date: Sat, 29 Dec 2001 16:42:24 -0600 Subject: [pptp-server] PPTP connection Message-ID: <20011229164224.A28618@mail.oss.uswest.net> I asked to wrong question yesterday and I apologize for that. My real question is this. My PPTP session authenticates fine but what I would like to know is how do I then log into the network, my samba server is configure to be NT PDC. If I check the 'Log into Network' box in Win98 shouldn't I get the login screen for that? Chris. From Steve at SteveCowles.com Sat Dec 29 18:57:11 2001 From: Steve at SteveCowles.com (Cowles, Steve) Date: Sat, 29 Dec 2001 18:57:11 -0600 Subject: [pptp-server] PPTP connection Message-ID: <90769AF04F76D41186C700A0C90AFC3EE9B6@defiant.infohiiway.com> > -----Original Message----- > From: Chris Woods [mailto:cwoods at oss.uswest.net] > Sent: Saturday, December 29, 2001 4:42 PM > To: pptp-server at lists.schulte.org > Subject: [pptp-server] PPTP connection > > > I asked to wrong question yesterday and I apologize for that. > My real question is this. My PPTP session authenticates > fine but what I would like to know is how do I then log into > the network, my samba server is configure to be NT PDC. If I > check the 'Log into Network' box in Win98 shouldn't I get the > login screen for that? With brain dead Win9x systems... Under Network Properties, Select service "Client for Microsoft Networks" then select "Logon to Windows NT Domain" and specify the Domain Name that your NT PDC is configured to answer authentication requests for. Also, under Network Properties->Identification TAB, you will need to set Win9x workgroup affiliation to be the same as your domain name. Unless you have multiple workgroups. Then, as with anything else on Win9x... you will need to re-boot. Once you re-boot, you will be prompted for username/password/domain. Here's the brain dead part of Win9x -- Once you enter your login credentials, you will then get the "Cannot find Domain Controller" error message. This is actually normal because with brain dead Win9x systems, you cannot establish a PPTP tunnel until after you login. Grrr!!! In contrast, with NT/W2K systems, you can select the "Use Dialup Networking" box on the login screen so that a PPTP tunnel can be established prior to when your system tries to authenticate. OK, enough of my ranting about my disgust with Win9x. To answer your question, once you have properly configured your Win9x system to authenticate against a domain controller -and- you then bring up your PPTP tunnel, your Win9x system will eventually authenticate against your PDC. Just ignore the "Cannot find Domain Controller" message. Win9x will keep trying to authenticate in the background. Should take a couple of minutes after you establish your PPTP tunnel. Of course, the above will only work if your PDC has registered with a WINS server as type "Domain Controller" for your Domain Name. I believe the netbios node type for a PDC is either 0x1b or 0x1c. Don't have the book in front of me. Good Luck Steve Cowles From berzerke at swbell.net Sat Dec 29 19:02:19 2001 From: berzerke at swbell.net (robert) Date: Sat, 29 Dec 2001 19:02:19 -0600 Subject: [pptp-server] help with ppp_mppe and kernel 2.4.16 ? In-Reply-To: <00d101c190d2$76049bf0$6f00a8c0@motil> References: <00d101c190d2$76049bf0$6f00a8c0@motil> Message-ID: <0GP40072CTHIMA@mta4.rcsntx.swbell.net> The poptop site is somewhat out of date. See the 2.4 kernel howto at http://home.swbell.net/berzerke On Saturday 29 December 2001 12:35 pm, Moti wrote: > Hi , > I have followed the faq in the poptop site and have tried in vain to > configure pptpd on redhat 7.2 . > one problem i have is the ppp_mppe module . > I have downloded the ppp.2.4.1 and pathces and the kernel patches as well . > if i look in /usr/src/linux/drivers/net/ i see the ppp_mppe.c but if i run > make modules make modules _install it will not compile the > module and i cant see it in /lib/modules/.... > u got the pptpd going and i am succesfully authenticating using mcchap-v2 > from win98 and win2k . > any help will do !!! > thanks > barazani > > _______________________________________________ > pptp-server maillist - pptp-server at lists.schulte.org > http://lists.schulte.org/mailman/listinfo/pptp-server > --- To unsubscribe, go to the url just above this line. -- From lists at earthling.2y.net Sun Dec 30 14:09:12 2001 From: lists at earthling.2y.net (lists at earthling.2y.net) Date: Sun, 30 Dec 2001 15:09:12 -0500 (EST) Subject: [pptp-server] (no subject) Message-ID: Dang its been a while since I posted to this list, or even opened up the email account that gets the email for it. Anyway, I had a server crash about a month ago, and earthling.2y.net/LinkingNets.html was lost. I have recreated it, but It would be nice If I had some examples for it. I have lost access to all my possible examples, and everything now on that page is comming from memory. Though I do recommend use of routing protocols on the page now. -Justin -- Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net From lists at earthling.2y.net Sun Dec 30 14:15:53 2001 From: lists at earthling.2y.net (lists at earthling.2y.net) Date: Sun, 30 Dec 2001 15:15:53 -0500 (EST) Subject: [pptp-server] PPTP authentication In-Reply-To: Message-ID: There is a patch out there to authenitcate via the smbpasswd file. On the subject of authenication to a real live NT (running NT) pdc, authentication would have to be, passed along strait from the ppp stream to the NT server. After several discussions with the samba-tng folks, it seems MSCHAPv2 is really NTLMv2, so if anybody wants to write the code, it wouldn't be too hard to get the inital hash from the NT server, and then just proxy the information between the client to the server and back till authenitcation is granted. -Justin On Fri, 28 Dec 2001, Chris Woods wrote: > My samba server is configured to be a NT PDC. How can I have the vpn users > authenticate against the PDC instead of the chap-secrets file? > > Chris. > -- Justin Kreger, MCP MCSE CCNA jkreger at earthling.2y.net jwkreger at uncg.edu justin at wss.net